Date
July 3, 2025, 3:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.225895] ================================================================== [ 15.225965] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.226379] Write of size 1 at addr fff00000c3ec5f78 by task kunit_try_catch/145 [ 15.226455] [ 15.226577] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 15.226715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.226748] Hardware name: linux,dummy-virt (DT) [ 15.227104] Call trace: [ 15.227283] show_stack+0x20/0x38 (C) [ 15.227478] dump_stack_lvl+0x8c/0xd0 [ 15.227714] print_report+0x118/0x608 [ 15.227987] kasan_report+0xdc/0x128 [ 15.228499] __asan_report_store1_noabort+0x20/0x30 [ 15.228644] kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.229167] kunit_try_run_case+0x170/0x3f0 [ 15.229242] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.229753] kthread+0x328/0x630 [ 15.230012] ret_from_fork+0x10/0x20 [ 15.230076] [ 15.230472] Allocated by task 145: [ 15.230807] kasan_save_stack+0x3c/0x68 [ 15.230881] kasan_save_track+0x20/0x40 [ 15.231074] kasan_save_alloc_info+0x40/0x58 [ 15.231199] __kasan_kmalloc+0xd4/0xd8 [ 15.231263] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.231458] kmalloc_track_caller_oob_right+0xa8/0x488 [ 15.231591] kunit_try_run_case+0x170/0x3f0 [ 15.231671] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.231856] kthread+0x328/0x630 [ 15.232093] ret_from_fork+0x10/0x20 [ 15.232204] [ 15.232342] The buggy address belongs to the object at fff00000c3ec5f00 [ 15.232342] which belongs to the cache kmalloc-128 of size 128 [ 15.232573] The buggy address is located 0 bytes to the right of [ 15.232573] allocated 120-byte region [fff00000c3ec5f00, fff00000c3ec5f78) [ 15.232685] [ 15.232732] The buggy address belongs to the physical page: [ 15.232915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ec5 [ 15.233111] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.233165] page_type: f5(slab) [ 15.233249] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.233300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.233377] page dumped because: kasan: bad access detected [ 15.233408] [ 15.233425] Memory state around the buggy address: [ 15.233465] fff00000c3ec5e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.233507] fff00000c3ec5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.233557] >fff00000c3ec5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.233593] ^ [ 15.233641] fff00000c3ec5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.233688] fff00000c3ec6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.233723] ================================================================== [ 15.235376] ================================================================== [ 15.235433] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 15.235480] Write of size 1 at addr fff00000c7811078 by task kunit_try_catch/145 [ 15.235830] [ 15.235987] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 15.236284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.236327] Hardware name: linux,dummy-virt (DT) [ 15.236421] Call trace: [ 15.236446] show_stack+0x20/0x38 (C) [ 15.236533] dump_stack_lvl+0x8c/0xd0 [ 15.236703] print_report+0x118/0x608 [ 15.236764] kasan_report+0xdc/0x128 [ 15.237071] __asan_report_store1_noabort+0x20/0x30 [ 15.237311] kmalloc_track_caller_oob_right+0x418/0x488 [ 15.237383] kunit_try_run_case+0x170/0x3f0 [ 15.237470] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.237523] kthread+0x328/0x630 [ 15.237653] ret_from_fork+0x10/0x20 [ 15.237702] [ 15.237720] Allocated by task 145: [ 15.238046] kasan_save_stack+0x3c/0x68 [ 15.238110] kasan_save_track+0x20/0x40 [ 15.238146] kasan_save_alloc_info+0x40/0x58 [ 15.238311] __kasan_kmalloc+0xd4/0xd8 [ 15.238392] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.238464] kmalloc_track_caller_oob_right+0x184/0x488 [ 15.238519] kunit_try_run_case+0x170/0x3f0 [ 15.238556] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.238597] kthread+0x328/0x630 [ 15.238631] ret_from_fork+0x10/0x20 [ 15.238665] [ 15.238683] The buggy address belongs to the object at fff00000c7811000 [ 15.238683] which belongs to the cache kmalloc-128 of size 128 [ 15.238737] The buggy address is located 0 bytes to the right of [ 15.238737] allocated 120-byte region [fff00000c7811000, fff00000c7811078) [ 15.238797] [ 15.239304] The buggy address belongs to the physical page: [ 15.239459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107811 [ 15.239553] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.239679] page_type: f5(slab) [ 15.239718] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.240046] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.240182] page dumped because: kasan: bad access detected [ 15.240290] [ 15.240350] Memory state around the buggy address: [ 15.240483] fff00000c7810f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.240556] fff00000c7810f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.240607] >fff00000c7811000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.240644] ^ [ 15.240978] fff00000c7811080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.241134] fff00000c7811100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.241341] ==================================================================
[ 10.611836] ================================================================== [ 10.612251] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.613524] Write of size 1 at addr ffff888103138c78 by task kunit_try_catch/161 [ 10.614382] [ 10.614477] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 10.614522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.614534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.614553] Call Trace: [ 10.614565] <TASK> [ 10.614580] dump_stack_lvl+0x73/0xb0 [ 10.614606] print_report+0xd1/0x650 [ 10.614627] ? __virt_addr_valid+0x1db/0x2d0 [ 10.614649] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.614670] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.614692] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.614713] kasan_report+0x141/0x180 [ 10.614735] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.614761] __asan_report_store1_noabort+0x1b/0x30 [ 10.614782] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.614803] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.614825] ? __schedule+0x10cc/0x2b60 [ 10.614848] ? __pfx_read_tsc+0x10/0x10 [ 10.614868] ? ktime_get_ts64+0x86/0x230 [ 10.614893] kunit_try_run_case+0x1a5/0x480 [ 10.614917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.614938] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.614962] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.614985] ? __kthread_parkme+0x82/0x180 [ 10.615006] ? preempt_count_sub+0x50/0x80 [ 10.615031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.615054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.615076] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.615098] kthread+0x337/0x6f0 [ 10.615115] ? trace_preempt_on+0x20/0xc0 [ 10.615137] ? __pfx_kthread+0x10/0x10 [ 10.615155] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.615176] ? calculate_sigpending+0x7b/0xa0 [ 10.615197] ? __pfx_kthread+0x10/0x10 [ 10.615215] ret_from_fork+0x41/0x80 [ 10.615235] ? __pfx_kthread+0x10/0x10 [ 10.615275] ret_from_fork_asm+0x1a/0x30 [ 10.615305] </TASK> [ 10.615315] [ 10.629707] Allocated by task 161: [ 10.630037] kasan_save_stack+0x45/0x70 [ 10.630423] kasan_save_track+0x18/0x40 [ 10.630725] kasan_save_alloc_info+0x3b/0x50 [ 10.631061] __kasan_kmalloc+0xb7/0xc0 [ 10.631191] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.631421] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.631904] kunit_try_run_case+0x1a5/0x480 [ 10.632315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.632842] kthread+0x337/0x6f0 [ 10.633144] ret_from_fork+0x41/0x80 [ 10.633544] ret_from_fork_asm+0x1a/0x30 [ 10.633918] [ 10.633992] The buggy address belongs to the object at ffff888103138c00 [ 10.633992] which belongs to the cache kmalloc-128 of size 128 [ 10.634350] The buggy address is located 0 bytes to the right of [ 10.634350] allocated 120-byte region [ffff888103138c00, ffff888103138c78) [ 10.634991] [ 10.635159] The buggy address belongs to the physical page: [ 10.635783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103138 [ 10.636436] flags: 0x200000000000000(node=0|zone=2) [ 10.636662] page_type: f5(slab) [ 10.636796] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.637103] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.637414] page dumped because: kasan: bad access detected [ 10.637709] [ 10.637794] Memory state around the buggy address: [ 10.637981] ffff888103138b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.638312] ffff888103138b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.638537] >ffff888103138c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.638843] ^ [ 10.639290] ffff888103138c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.639701] ffff888103138d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.640168] ================================================================== [ 10.641045] ================================================================== [ 10.641551] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.641938] Write of size 1 at addr ffff888103138d78 by task kunit_try_catch/161 [ 10.642347] [ 10.642473] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 10.642517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.642529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.642549] Call Trace: [ 10.642561] <TASK> [ 10.642576] dump_stack_lvl+0x73/0xb0 [ 10.642601] print_report+0xd1/0x650 [ 10.642624] ? __virt_addr_valid+0x1db/0x2d0 [ 10.642645] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.642668] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.642690] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.642712] kasan_report+0x141/0x180 [ 10.642734] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.642760] __asan_report_store1_noabort+0x1b/0x30 [ 10.642781] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.642802] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.642825] ? __schedule+0x10cc/0x2b60 [ 10.642847] ? __pfx_read_tsc+0x10/0x10 [ 10.642867] ? ktime_get_ts64+0x86/0x230 [ 10.642891] kunit_try_run_case+0x1a5/0x480 [ 10.642916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.642938] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.642961] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.642998] ? __kthread_parkme+0x82/0x180 [ 10.643020] ? preempt_count_sub+0x50/0x80 [ 10.643045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.643080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.643103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.643125] kthread+0x337/0x6f0 [ 10.643142] ? trace_preempt_on+0x20/0xc0 [ 10.643164] ? __pfx_kthread+0x10/0x10 [ 10.643182] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.643204] ? calculate_sigpending+0x7b/0xa0 [ 10.643226] ? __pfx_kthread+0x10/0x10 [ 10.643254] ret_from_fork+0x41/0x80 [ 10.643274] ? __pfx_kthread+0x10/0x10 [ 10.643301] ret_from_fork_asm+0x1a/0x30 [ 10.643331] </TASK> [ 10.643341] [ 10.651464] Allocated by task 161: [ 10.651633] kasan_save_stack+0x45/0x70 [ 10.651777] kasan_save_track+0x18/0x40 [ 10.651959] kasan_save_alloc_info+0x3b/0x50 [ 10.652178] __kasan_kmalloc+0xb7/0xc0 [ 10.652428] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.652827] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.653081] kunit_try_run_case+0x1a5/0x480 [ 10.653256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.653571] kthread+0x337/0x6f0 [ 10.653821] ret_from_fork+0x41/0x80 [ 10.654006] ret_from_fork_asm+0x1a/0x30 [ 10.654193] [ 10.654331] The buggy address belongs to the object at ffff888103138d00 [ 10.654331] which belongs to the cache kmalloc-128 of size 128 [ 10.654904] The buggy address is located 0 bytes to the right of [ 10.654904] allocated 120-byte region [ffff888103138d00, ffff888103138d78) [ 10.655449] [ 10.655628] The buggy address belongs to the physical page: [ 10.655823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103138 [ 10.656066] flags: 0x200000000000000(node=0|zone=2) [ 10.656287] page_type: f5(slab) [ 10.656582] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.657113] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.657617] page dumped because: kasan: bad access detected [ 10.657906] [ 10.658014] Memory state around the buggy address: [ 10.658194] ffff888103138c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.658463] ffff888103138c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.658917] >ffff888103138d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.659255] ^ [ 10.659578] ffff888103138d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.659948] ffff888103138e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.660183] ==================================================================