Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.909144] ================================================================== [ 21.909608] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 21.909938] Write of size 1 at addr fff00000c3ebae78 by task kunit_try_catch/146 [ 21.910283] [ 21.910391] CPU: 1 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 21.911104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.911176] Hardware name: linux,dummy-virt (DT) [ 21.911255] Call trace: [ 21.911316] show_stack+0x20/0x38 (C) [ 21.911836] dump_stack_lvl+0x8c/0xd0 [ 21.912750] print_report+0x118/0x608 [ 21.912953] kasan_report+0xdc/0x128 [ 21.913090] __asan_report_store1_noabort+0x20/0x30 [ 21.913747] kmalloc_track_caller_oob_right+0x418/0x488 [ 21.913913] kunit_try_run_case+0x170/0x3f0 [ 21.914046] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.914490] kthread+0x328/0x630 [ 21.914981] ret_from_fork+0x10/0x20 [ 21.915127] [ 21.915163] Allocated by task 146: [ 21.915447] kasan_save_stack+0x3c/0x68 [ 21.915941] kasan_save_track+0x20/0x40 [ 21.916069] kasan_save_alloc_info+0x40/0x58 [ 21.916219] __kasan_kmalloc+0xd4/0xd8 [ 21.916385] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 21.916569] kmalloc_track_caller_oob_right+0x184/0x488 [ 21.916690] kunit_try_run_case+0x170/0x3f0 [ 21.916849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.917002] kthread+0x328/0x630 [ 21.917311] ret_from_fork+0x10/0x20 [ 21.917432] [ 21.917482] The buggy address belongs to the object at fff00000c3ebae00 [ 21.917482] which belongs to the cache kmalloc-128 of size 128 [ 21.917884] The buggy address is located 0 bytes to the right of [ 21.917884] allocated 120-byte region [fff00000c3ebae00, fff00000c3ebae78) [ 21.918257] [ 21.918420] The buggy address belongs to the physical page: [ 21.918554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eba [ 21.918709] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.918890] page_type: f5(slab) [ 21.919055] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.919430] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.919548] page dumped because: kasan: bad access detected [ 21.919621] [ 21.919663] Memory state around the buggy address: [ 21.919925] fff00000c3ebad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.920045] fff00000c3ebad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.920226] >fff00000c3ebae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.920426] ^ [ 21.920779] fff00000c3ebae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.921049] fff00000c3ebaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.921205] ================================================================== [ 21.889112] ================================================================== [ 21.889228] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 21.889335] Write of size 1 at addr fff00000c3ebad78 by task kunit_try_catch/146 [ 21.889395] [ 21.889499] CPU: 1 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT [ 21.889682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.889740] Hardware name: linux,dummy-virt (DT) [ 21.889813] Call trace: [ 21.889864] show_stack+0x20/0x38 (C) [ 21.889993] dump_stack_lvl+0x8c/0xd0 [ 21.890112] print_report+0x118/0x608 [ 21.890229] kasan_report+0xdc/0x128 [ 21.890352] __asan_report_store1_noabort+0x20/0x30 [ 21.890833] kmalloc_track_caller_oob_right+0x40c/0x488 [ 21.890996] kunit_try_run_case+0x170/0x3f0 [ 21.891988] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.892202] kthread+0x328/0x630 [ 21.892463] ret_from_fork+0x10/0x20 [ 21.892767] [ 21.892895] Allocated by task 146: [ 21.893057] kasan_save_stack+0x3c/0x68 [ 21.893182] kasan_save_track+0x20/0x40 [ 21.893803] kasan_save_alloc_info+0x40/0x58 [ 21.894626] __kasan_kmalloc+0xd4/0xd8 [ 21.894723] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 21.895321] kmalloc_track_caller_oob_right+0xa8/0x488 [ 21.895438] kunit_try_run_case+0x170/0x3f0 [ 21.895516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.895611] kthread+0x328/0x630 [ 21.895696] ret_from_fork+0x10/0x20 [ 21.896667] [ 21.896850] The buggy address belongs to the object at fff00000c3ebad00 [ 21.896850] which belongs to the cache kmalloc-128 of size 128 [ 21.897284] The buggy address is located 0 bytes to the right of [ 21.897284] allocated 120-byte region [fff00000c3ebad00, fff00000c3ebad78) [ 21.897671] [ 21.897805] The buggy address belongs to the physical page: [ 21.897895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eba [ 21.898093] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.898254] page_type: f5(slab) [ 21.898372] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.899179] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.899311] page dumped because: kasan: bad access detected [ 21.899394] [ 21.899452] Memory state around the buggy address: [ 21.899848] fff00000c3ebac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.900151] fff00000c3ebac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.900252] >fff00000c3ebad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.900338] ^ [ 21.900501] fff00000c3ebad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.900721] fff00000c3ebae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.900841] ==================================================================
[ 12.895891] ================================================================== [ 12.896671] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.897227] Write of size 1 at addr ffff888102d90b78 by task kunit_try_catch/162 [ 12.897921] [ 12.898072] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 12.898163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.898189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.898229] Call Trace: [ 12.898255] <TASK> [ 12.898290] dump_stack_lvl+0x73/0xb0 [ 12.898350] print_report+0xd1/0x650 [ 12.898379] ? __virt_addr_valid+0x1db/0x2d0 [ 12.898402] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.898422] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.898443] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.898462] kasan_report+0x141/0x180 [ 12.898483] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.898519] __asan_report_store1_noabort+0x1b/0x30 [ 12.898548] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.898592] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.899020] ? __schedule+0x10cc/0x2b30 [ 12.899045] ? __pfx_read_tsc+0x10/0x10 [ 12.899065] ? ktime_get_ts64+0x86/0x230 [ 12.899092] kunit_try_run_case+0x1a5/0x480 [ 12.899119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.899153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.899180] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.899203] ? __kthread_parkme+0x82/0x180 [ 12.899225] ? preempt_count_sub+0x50/0x80 [ 12.899251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.899273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.899295] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.899315] kthread+0x337/0x6f0 [ 12.899331] ? trace_preempt_on+0x20/0xc0 [ 12.899354] ? __pfx_kthread+0x10/0x10 [ 12.899371] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.899391] ? calculate_sigpending+0x7b/0xa0 [ 12.899412] ? __pfx_kthread+0x10/0x10 [ 12.899429] ret_from_fork+0x41/0x80 [ 12.899448] ? __pfx_kthread+0x10/0x10 [ 12.899465] ret_from_fork_asm+0x1a/0x30 [ 12.899494] </TASK> [ 12.899508] [ 12.911820] Allocated by task 162: [ 12.912133] kasan_save_stack+0x45/0x70 [ 12.912383] kasan_save_track+0x18/0x40 [ 12.912608] kasan_save_alloc_info+0x3b/0x50 [ 12.912851] __kasan_kmalloc+0xb7/0xc0 [ 12.913092] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.913353] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.914491] kunit_try_run_case+0x1a5/0x480 [ 12.914664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.914779] kthread+0x337/0x6f0 [ 12.914860] ret_from_fork+0x41/0x80 [ 12.914947] ret_from_fork_asm+0x1a/0x30 [ 12.915038] [ 12.915094] The buggy address belongs to the object at ffff888102d90b00 [ 12.915094] which belongs to the cache kmalloc-128 of size 128 [ 12.915324] The buggy address is located 0 bytes to the right of [ 12.915324] allocated 120-byte region [ffff888102d90b00, ffff888102d90b78) [ 12.915541] [ 12.915690] The buggy address belongs to the physical page: [ 12.916094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d90 [ 12.916566] flags: 0x200000000000000(node=0|zone=2) [ 12.916775] page_type: f5(slab) [ 12.917096] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.917625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.918188] page dumped because: kasan: bad access detected [ 12.918721] [ 12.918947] Memory state around the buggy address: [ 12.919334] ffff888102d90a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.919629] ffff888102d90a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.920306] >ffff888102d90b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.920928] ^ [ 12.921604] ffff888102d90b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.922301] ffff888102d90c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.922917] ================================================================== [ 12.861207] ================================================================== [ 12.861756] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.862339] Write of size 1 at addr ffff888102d90a78 by task kunit_try_catch/162 [ 12.863187] [ 12.863435] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 12.863577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.863745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.863793] Call Trace: [ 12.863817] <TASK> [ 12.863849] dump_stack_lvl+0x73/0xb0 [ 12.863913] print_report+0xd1/0x650 [ 12.864355] ? __virt_addr_valid+0x1db/0x2d0 [ 12.864401] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.864424] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.864447] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.864468] kasan_report+0x141/0x180 [ 12.864490] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.864515] __asan_report_store1_noabort+0x1b/0x30 [ 12.864536] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.864556] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.864616] ? __schedule+0x10cc/0x2b30 [ 12.864676] ? __pfx_read_tsc+0x10/0x10 [ 12.864706] ? ktime_get_ts64+0x86/0x230 [ 12.864743] kunit_try_run_case+0x1a5/0x480 [ 12.864784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.864809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.864832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.864854] ? __kthread_parkme+0x82/0x180 [ 12.864876] ? preempt_count_sub+0x50/0x80 [ 12.864902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.864925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.864948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.864969] kthread+0x337/0x6f0 [ 12.864986] ? trace_preempt_on+0x20/0xc0 [ 12.865010] ? __pfx_kthread+0x10/0x10 [ 12.865027] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.865047] ? calculate_sigpending+0x7b/0xa0 [ 12.865067] ? __pfx_kthread+0x10/0x10 [ 12.865085] ret_from_fork+0x41/0x80 [ 12.865104] ? __pfx_kthread+0x10/0x10 [ 12.865122] ret_from_fork_asm+0x1a/0x30 [ 12.865150] </TASK> [ 12.865164] [ 12.878353] Allocated by task 162: [ 12.878635] kasan_save_stack+0x45/0x70 [ 12.878923] kasan_save_track+0x18/0x40 [ 12.879250] kasan_save_alloc_info+0x3b/0x50 [ 12.879531] __kasan_kmalloc+0xb7/0xc0 [ 12.880024] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.880471] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.880949] kunit_try_run_case+0x1a5/0x480 [ 12.881488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.882080] kthread+0x337/0x6f0 [ 12.882411] ret_from_fork+0x41/0x80 [ 12.882902] ret_from_fork_asm+0x1a/0x30 [ 12.883083] [ 12.883186] The buggy address belongs to the object at ffff888102d90a00 [ 12.883186] which belongs to the cache kmalloc-128 of size 128 [ 12.883532] The buggy address is located 0 bytes to the right of [ 12.883532] allocated 120-byte region [ffff888102d90a00, ffff888102d90a78) [ 12.884904] [ 12.885791] The buggy address belongs to the physical page: [ 12.886010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d90 [ 12.886823] flags: 0x200000000000000(node=0|zone=2) [ 12.887211] page_type: f5(slab) [ 12.887443] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.888462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.889236] page dumped because: kasan: bad access detected [ 12.889541] [ 12.889685] Memory state around the buggy address: [ 12.890538] ffff888102d90900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.890953] ffff888102d90980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.891423] >ffff888102d90a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.892283] ^ [ 12.893043] ffff888102d90a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.893289] ffff888102d90b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.893509] ==================================================================