Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.444211] ================================================================== [ 20.453842] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.461911] Write of size 1 at addr ffff000801ed6278 by task kunit_try_catch/191 [ 20.469289] [ 20.470775] CPU: 7 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 20.470829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.470846] Hardware name: WinLink E850-96 board (DT) [ 20.470866] Call trace: [ 20.470879] show_stack+0x20/0x38 (C) [ 20.470915] dump_stack_lvl+0x8c/0xd0 [ 20.470953] print_report+0x118/0x608 [ 20.470985] kasan_report+0xdc/0x128 [ 20.471016] __asan_report_store1_noabort+0x20/0x30 [ 20.471053] kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.471085] kunit_try_run_case+0x170/0x3f0 [ 20.471123] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.471160] kthread+0x328/0x630 [ 20.471196] ret_from_fork+0x10/0x20 [ 20.471231] [ 20.534741] Allocated by task 191: [ 20.538127] kasan_save_stack+0x3c/0x68 [ 20.541944] kasan_save_track+0x20/0x40 [ 20.545764] kasan_save_alloc_info+0x40/0x58 [ 20.550017] __kasan_kmalloc+0xd4/0xd8 [ 20.553750] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 20.559305] kmalloc_track_caller_oob_right+0xa8/0x488 [ 20.564426] kunit_try_run_case+0x170/0x3f0 [ 20.568593] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.574062] kthread+0x328/0x630 [ 20.577273] ret_from_fork+0x10/0x20 [ 20.580833] [ 20.582309] The buggy address belongs to the object at ffff000801ed6200 [ 20.582309] which belongs to the cache kmalloc-128 of size 128 [ 20.594811] The buggy address is located 0 bytes to the right of [ 20.594811] allocated 120-byte region [ffff000801ed6200, ffff000801ed6278) [ 20.607742] [ 20.609222] The buggy address belongs to the physical page: [ 20.614777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ed6 [ 20.622762] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.630400] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.637343] page_type: f5(slab) [ 20.640482] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 20.648199] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 20.655927] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 20.663737] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 20.671550] head: 0bfffe0000000001 fffffdffe007b581 00000000ffffffff 00000000ffffffff [ 20.679362] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.687167] page dumped because: kasan: bad access detected [ 20.692723] [ 20.694198] Memory state around the buggy address: [ 20.698979] ffff000801ed6100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.706182] ffff000801ed6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.713387] >ffff000801ed6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.720587] ^ [ 20.727709] ffff000801ed6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.734914] ffff000801ed6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.742116] ==================================================================
[ 17.648813] ================================================================== [ 17.648885] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.648938] Write of size 1 at addr fff00000c5bdc678 by task kunit_try_catch/144 [ 17.649039] [ 17.649069] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 17.649164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.649213] Hardware name: linux,dummy-virt (DT) [ 17.649245] Call trace: [ 17.649266] show_stack+0x20/0x38 (C) [ 17.649316] dump_stack_lvl+0x8c/0xd0 [ 17.649362] print_report+0x118/0x608 [ 17.649416] kasan_report+0xdc/0x128 [ 17.649460] __asan_report_store1_noabort+0x20/0x30 [ 17.649517] kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.649567] kunit_try_run_case+0x170/0x3f0 [ 17.649615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.649668] kthread+0x328/0x630 [ 17.649713] ret_from_fork+0x10/0x20 [ 17.649764] [ 17.649781] Allocated by task 144: [ 17.649808] kasan_save_stack+0x3c/0x68 [ 17.649846] kasan_save_track+0x20/0x40 [ 17.650107] kasan_save_alloc_info+0x40/0x58 [ 17.650353] __kasan_kmalloc+0xd4/0xd8 [ 17.650430] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.650483] kmalloc_track_caller_oob_right+0xa8/0x488 [ 17.650568] kunit_try_run_case+0x170/0x3f0 [ 17.650645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.650690] kthread+0x328/0x630 [ 17.650941] ret_from_fork+0x10/0x20 [ 17.651002] [ 17.651034] The buggy address belongs to the object at fff00000c5bdc600 [ 17.651034] which belongs to the cache kmalloc-128 of size 128 [ 17.651129] The buggy address is located 0 bytes to the right of [ 17.651129] allocated 120-byte region [fff00000c5bdc600, fff00000c5bdc678) [ 17.651200] [ 17.651219] The buggy address belongs to the physical page: [ 17.651373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 17.651461] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.651582] page_type: f5(slab) [ 17.651653] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.651707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.651793] page dumped because: kasan: bad access detected [ 17.651879] [ 17.652004] Memory state around the buggy address: [ 17.652039] fff00000c5bdc500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.652085] fff00000c5bdc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.652136] >fff00000c5bdc600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.652175] ^ [ 17.652214] fff00000c5bdc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.652257] fff00000c5bdc700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.652422] ==================================================================
[ 10.299077] ================================================================== [ 10.299585] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.300233] Write of size 1 at addr ffff888102f60478 by task kunit_try_catch/161 [ 10.300604] [ 10.300702] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.300775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.300787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.300820] Call Trace: [ 10.300834] <TASK> [ 10.300853] dump_stack_lvl+0x73/0xb0 [ 10.300996] print_report+0xd1/0x650 [ 10.301025] ? __virt_addr_valid+0x1db/0x2d0 [ 10.301049] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.301070] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.301092] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.301112] kasan_report+0x141/0x180 [ 10.301134] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.301159] __asan_report_store1_noabort+0x1b/0x30 [ 10.301180] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.301201] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.301249] ? __schedule+0x10cc/0x2b60 [ 10.301275] ? __pfx_read_tsc+0x10/0x10 [ 10.301309] ? ktime_get_ts64+0x86/0x230 [ 10.301336] kunit_try_run_case+0x1a5/0x480 [ 10.301362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.301384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.301408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.301431] ? __kthread_parkme+0x82/0x180 [ 10.301453] ? preempt_count_sub+0x50/0x80 [ 10.301480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.301503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.301525] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.301547] kthread+0x337/0x6f0 [ 10.301564] ? trace_preempt_on+0x20/0xc0 [ 10.301588] ? __pfx_kthread+0x10/0x10 [ 10.301606] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.301626] ? calculate_sigpending+0x7b/0xa0 [ 10.301648] ? __pfx_kthread+0x10/0x10 [ 10.301665] ret_from_fork+0x41/0x80 [ 10.301685] ? __pfx_kthread+0x10/0x10 [ 10.301702] ret_from_fork_asm+0x1a/0x30 [ 10.301775] </TASK> [ 10.301788] [ 10.310267] Allocated by task 161: [ 10.310441] kasan_save_stack+0x45/0x70 [ 10.310669] kasan_save_track+0x18/0x40 [ 10.310871] kasan_save_alloc_info+0x3b/0x50 [ 10.311124] __kasan_kmalloc+0xb7/0xc0 [ 10.311442] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.311947] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.312185] kunit_try_run_case+0x1a5/0x480 [ 10.312393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.312677] kthread+0x337/0x6f0 [ 10.312963] ret_from_fork+0x41/0x80 [ 10.313138] ret_from_fork_asm+0x1a/0x30 [ 10.313339] [ 10.313423] The buggy address belongs to the object at ffff888102f60400 [ 10.313423] which belongs to the cache kmalloc-128 of size 128 [ 10.314123] The buggy address is located 0 bytes to the right of [ 10.314123] allocated 120-byte region [ffff888102f60400, ffff888102f60478) [ 10.314518] [ 10.314629] The buggy address belongs to the physical page: [ 10.314943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 10.315253] flags: 0x200000000000000(node=0|zone=2) [ 10.315420] page_type: f5(slab) [ 10.315581] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.315930] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.316266] page dumped because: kasan: bad access detected [ 10.316495] [ 10.316813] Memory state around the buggy address: [ 10.317016] ffff888102f60300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.317324] ffff888102f60380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.317656] >ffff888102f60400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.318102] ^ [ 10.318415] ffff888102f60480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.318773] ffff888102f60500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.319102] ================================================================== [ 10.319825] ================================================================== [ 10.320175] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.320545] Write of size 1 at addr ffff888102f60578 by task kunit_try_catch/161 [ 10.320902] [ 10.321222] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.321287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.321344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.321366] Call Trace: [ 10.321379] <TASK> [ 10.321395] dump_stack_lvl+0x73/0xb0 [ 10.321431] print_report+0xd1/0x650 [ 10.321455] ? __virt_addr_valid+0x1db/0x2d0 [ 10.321476] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.321509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.321531] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.321552] kasan_report+0x141/0x180 [ 10.321584] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.321610] __asan_report_store1_noabort+0x1b/0x30 [ 10.321630] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.321651] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.321673] ? __schedule+0x10cc/0x2b60 [ 10.321695] ? __pfx_read_tsc+0x10/0x10 [ 10.321773] ? ktime_get_ts64+0x86/0x230 [ 10.321801] kunit_try_run_case+0x1a5/0x480 [ 10.321827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.321860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.321883] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.321906] ? __kthread_parkme+0x82/0x180 [ 10.321945] ? preempt_count_sub+0x50/0x80 [ 10.321970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.321992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.322014] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.322045] kthread+0x337/0x6f0 [ 10.322061] ? trace_preempt_on+0x20/0xc0 [ 10.322085] ? __pfx_kthread+0x10/0x10 [ 10.322112] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.322133] ? calculate_sigpending+0x7b/0xa0 [ 10.322155] ? __pfx_kthread+0x10/0x10 [ 10.322172] ret_from_fork+0x41/0x80 [ 10.322192] ? __pfx_kthread+0x10/0x10 [ 10.322209] ret_from_fork_asm+0x1a/0x30 [ 10.322239] </TASK> [ 10.322249] [ 10.330581] Allocated by task 161: [ 10.330771] kasan_save_stack+0x45/0x70 [ 10.330975] kasan_save_track+0x18/0x40 [ 10.331113] kasan_save_alloc_info+0x3b/0x50 [ 10.331256] __kasan_kmalloc+0xb7/0xc0 [ 10.331388] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.331717] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.331976] kunit_try_run_case+0x1a5/0x480 [ 10.332344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.332518] kthread+0x337/0x6f0 [ 10.332652] ret_from_fork+0x41/0x80 [ 10.333215] ret_from_fork_asm+0x1a/0x30 [ 10.333453] [ 10.333562] The buggy address belongs to the object at ffff888102f60500 [ 10.333562] which belongs to the cache kmalloc-128 of size 128 [ 10.334912] The buggy address is located 0 bytes to the right of [ 10.334912] allocated 120-byte region [ffff888102f60500, ffff888102f60578) [ 10.336042] [ 10.336151] The buggy address belongs to the physical page: [ 10.336525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 10.337290] flags: 0x200000000000000(node=0|zone=2) [ 10.337688] page_type: f5(slab) [ 10.337959] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.338379] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.338880] page dumped because: kasan: bad access detected [ 10.339222] [ 10.339325] Memory state around the buggy address: [ 10.339697] ffff888102f60400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.340037] ffff888102f60480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.340472] >ffff888102f60500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.341235] ^ [ 10.341535] ffff888102f60580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.342036] ffff888102f60600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.342364] ==================================================================