Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.227138] ================================================================== [ 23.227394] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 23.229407] Write of size 1 at addr fff00000c3fb3d78 by task kunit_try_catch/144 [ 23.229551] [ 23.229645] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 23.229866] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.229941] Hardware name: linux,dummy-virt (DT) [ 23.230028] Call trace: [ 23.230095] show_stack+0x20/0x38 (C) [ 23.230238] dump_stack_lvl+0x8c/0xd0 [ 23.230399] print_report+0x118/0x608 [ 23.230692] kasan_report+0xdc/0x128 [ 23.230815] __asan_report_store1_noabort+0x20/0x30 [ 23.230952] kmalloc_track_caller_oob_right+0x40c/0x488 [ 23.231081] kunit_try_run_case+0x170/0x3f0 [ 23.231212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.231347] kthread+0x328/0x630 [ 23.231482] ret_from_fork+0x10/0x20 [ 23.231599] [ 23.231641] Allocated by task 144: [ 23.232135] kasan_save_stack+0x3c/0x68 [ 23.232324] kasan_save_track+0x20/0x40 [ 23.232778] kasan_save_alloc_info+0x40/0x58 [ 23.233269] __kasan_kmalloc+0xd4/0xd8 [ 23.233856] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 23.234397] kmalloc_track_caller_oob_right+0xa8/0x488 [ 23.234519] kunit_try_run_case+0x170/0x3f0 [ 23.234630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.234756] kthread+0x328/0x630 [ 23.234857] ret_from_fork+0x10/0x20 [ 23.234946] [ 23.235294] The buggy address belongs to the object at fff00000c3fb3d00 [ 23.235294] which belongs to the cache kmalloc-128 of size 128 [ 23.235595] The buggy address is located 0 bytes to the right of [ 23.235595] allocated 120-byte region [fff00000c3fb3d00, fff00000c3fb3d78) [ 23.236486] [ 23.236549] The buggy address belongs to the physical page: [ 23.236647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fb3 [ 23.236779] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.237452] page_type: f5(slab) [ 23.237724] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.238033] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.238331] page dumped because: kasan: bad access detected [ 23.238685] [ 23.238743] Memory state around the buggy address: [ 23.238829] fff00000c3fb3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.239467] fff00000c3fb3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.239603] >fff00000c3fb3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.239704] ^ [ 23.240197] fff00000c3fb3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.240845] fff00000c3fb3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.240973] ================================================================== [ 23.243088] ================================================================== [ 23.243354] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 23.243568] Write of size 1 at addr fff00000c3fb3e78 by task kunit_try_catch/144 [ 23.243708] [ 23.243790] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 23.244003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.244081] Hardware name: linux,dummy-virt (DT) [ 23.244262] Call trace: [ 23.244320] show_stack+0x20/0x38 (C) [ 23.244476] dump_stack_lvl+0x8c/0xd0 [ 23.244590] print_report+0x118/0x608 [ 23.244698] kasan_report+0xdc/0x128 [ 23.244884] __asan_report_store1_noabort+0x20/0x30 [ 23.245236] kmalloc_track_caller_oob_right+0x418/0x488 [ 23.245425] kunit_try_run_case+0x170/0x3f0 [ 23.245550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.245692] kthread+0x328/0x630 [ 23.245986] ret_from_fork+0x10/0x20 [ 23.246107] [ 23.246151] Allocated by task 144: [ 23.246271] kasan_save_stack+0x3c/0x68 [ 23.246367] kasan_save_track+0x20/0x40 [ 23.246489] kasan_save_alloc_info+0x40/0x58 [ 23.246599] __kasan_kmalloc+0xd4/0xd8 [ 23.246705] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 23.246844] kmalloc_track_caller_oob_right+0x184/0x488 [ 23.246990] kunit_try_run_case+0x170/0x3f0 [ 23.247101] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.247224] kthread+0x328/0x630 [ 23.247393] ret_from_fork+0x10/0x20 [ 23.247512] [ 23.247562] The buggy address belongs to the object at fff00000c3fb3e00 [ 23.247562] which belongs to the cache kmalloc-128 of size 128 [ 23.247815] The buggy address is located 0 bytes to the right of [ 23.247815] allocated 120-byte region [fff00000c3fb3e00, fff00000c3fb3e78) [ 23.248013] [ 23.248061] The buggy address belongs to the physical page: [ 23.248151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fb3 [ 23.248290] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.248476] page_type: f5(slab) [ 23.248574] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.248860] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.249001] page dumped because: kasan: bad access detected [ 23.249126] [ 23.249183] Memory state around the buggy address: [ 23.249524] fff00000c3fb3d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.249697] fff00000c3fb3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.249809] >fff00000c3fb3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.249930] ^ [ 23.250037] fff00000c3fb3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.250211] fff00000c3fb3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.250948] ==================================================================
[ 10.971702] ================================================================== [ 10.972158] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.973106] Write of size 1 at addr ffff8881029d0f78 by task kunit_try_catch/162 [ 10.973990] [ 10.974156] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 10.974240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.974259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.974295] Call Trace: [ 10.974316] <TASK> [ 10.974347] dump_stack_lvl+0x73/0xb0 [ 10.974407] print_report+0xd1/0x650 [ 10.974448] ? __virt_addr_valid+0x1db/0x2d0 [ 10.975066] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.975111] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.975133] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.975152] kasan_report+0x141/0x180 [ 10.975175] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.975198] __asan_report_store1_noabort+0x1b/0x30 [ 10.975217] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.975236] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.975256] ? __schedule+0x10cc/0x2b60 [ 10.975280] ? __pfx_read_tsc+0x10/0x10 [ 10.975311] ? ktime_get_ts64+0x86/0x230 [ 10.975350] kunit_try_run_case+0x1a5/0x480 [ 10.975387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.975416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.975448] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.975480] ? __kthread_parkme+0x82/0x180 [ 10.975513] ? preempt_count_sub+0x50/0x80 [ 10.975546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.975578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.975611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.975658] kthread+0x337/0x6f0 [ 10.975685] ? trace_preempt_on+0x20/0xc0 [ 10.975718] ? __pfx_kthread+0x10/0x10 [ 10.975735] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.975756] ? calculate_sigpending+0x7b/0xa0 [ 10.975777] ? __pfx_kthread+0x10/0x10 [ 10.975794] ret_from_fork+0x41/0x80 [ 10.975814] ? __pfx_kthread+0x10/0x10 [ 10.975831] ret_from_fork_asm+0x1a/0x30 [ 10.975861] </TASK> [ 10.975875] [ 10.986794] Allocated by task 162: [ 10.987049] kasan_save_stack+0x45/0x70 [ 10.987399] kasan_save_track+0x18/0x40 [ 10.987733] kasan_save_alloc_info+0x3b/0x50 [ 10.988692] __kasan_kmalloc+0xb7/0xc0 [ 10.988898] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.989110] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.989301] kunit_try_run_case+0x1a5/0x480 [ 10.989479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.989805] kthread+0x337/0x6f0 [ 10.990141] ret_from_fork+0x41/0x80 [ 10.990424] ret_from_fork_asm+0x1a/0x30 [ 10.990744] [ 10.990905] The buggy address belongs to the object at ffff8881029d0f00 [ 10.990905] which belongs to the cache kmalloc-128 of size 128 [ 10.991717] The buggy address is located 0 bytes to the right of [ 10.991717] allocated 120-byte region [ffff8881029d0f00, ffff8881029d0f78) [ 10.993149] [ 10.993660] The buggy address belongs to the physical page: [ 10.994487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d0 [ 10.994778] flags: 0x200000000000000(node=0|zone=2) [ 10.995418] page_type: f5(slab) [ 10.995802] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.996045] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.996540] page dumped because: kasan: bad access detected [ 10.997557] [ 10.997717] Memory state around the buggy address: [ 10.998124] ffff8881029d0e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.998750] ffff8881029d0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.999047] >ffff8881029d0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.999497] ^ [ 10.999856] ffff8881029d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.000249] ffff8881029d1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.000618] ================================================================== [ 11.002991] ================================================================== [ 11.003943] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.004684] Write of size 1 at addr ffff8881029da078 by task kunit_try_catch/162 [ 11.004830] [ 11.004910] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 11.004964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.004975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.004998] Call Trace: [ 11.005013] <TASK> [ 11.005034] dump_stack_lvl+0x73/0xb0 [ 11.005066] print_report+0xd1/0x650 [ 11.005090] ? __virt_addr_valid+0x1db/0x2d0 [ 11.005111] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.005130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.005150] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.005169] kasan_report+0x141/0x180 [ 11.005189] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.005212] __asan_report_store1_noabort+0x1b/0x30 [ 11.005231] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.005250] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.005270] ? __schedule+0x10cc/0x2b60 [ 11.005311] ? __pfx_read_tsc+0x10/0x10 [ 11.005340] ? ktime_get_ts64+0x86/0x230 [ 11.005379] kunit_try_run_case+0x1a5/0x480 [ 11.005415] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.005446] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.005484] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.005523] ? __kthread_parkme+0x82/0x180 [ 11.006005] ? preempt_count_sub+0x50/0x80 [ 11.006106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.006159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.006203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.006238] kthread+0x337/0x6f0 [ 11.006256] ? trace_preempt_on+0x20/0xc0 [ 11.006312] ? __pfx_kthread+0x10/0x10 [ 11.006348] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.006381] ? calculate_sigpending+0x7b/0xa0 [ 11.006411] ? __pfx_kthread+0x10/0x10 [ 11.006438] ret_from_fork+0x41/0x80 [ 11.006466] ? __pfx_kthread+0x10/0x10 [ 11.006491] ret_from_fork_asm+0x1a/0x30 [ 11.006534] </TASK> [ 11.006565] [ 11.019243] Allocated by task 162: [ 11.019582] kasan_save_stack+0x45/0x70 [ 11.019812] kasan_save_track+0x18/0x40 [ 11.020095] kasan_save_alloc_info+0x3b/0x50 [ 11.020317] __kasan_kmalloc+0xb7/0xc0 [ 11.020600] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.020885] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.021132] kunit_try_run_case+0x1a5/0x480 [ 11.021375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.021687] kthread+0x337/0x6f0 [ 11.022102] ret_from_fork+0x41/0x80 [ 11.022814] ret_from_fork_asm+0x1a/0x30 [ 11.023337] [ 11.023682] The buggy address belongs to the object at ffff8881029da000 [ 11.023682] which belongs to the cache kmalloc-128 of size 128 [ 11.024711] The buggy address is located 0 bytes to the right of [ 11.024711] allocated 120-byte region [ffff8881029da000, ffff8881029da078) [ 11.025273] [ 11.025469] The buggy address belongs to the physical page: [ 11.026205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029da [ 11.026711] flags: 0x200000000000000(node=0|zone=2) [ 11.026976] page_type: f5(slab) [ 11.027732] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.028786] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.028979] page dumped because: kasan: bad access detected [ 11.029079] [ 11.029127] Memory state around the buggy address: [ 11.029219] ffff8881029d9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.029334] ffff8881029d9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.029447] >ffff8881029da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.029558] ^ [ 11.030085] ffff8881029da080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.030888] ffff8881029da100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.031335] ==================================================================