Date
July 8, 2025, 4:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.602819] ================================================================== [ 17.602879] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 17.602930] Write of size 1 at addr fff00000c63d6078 by task kunit_try_catch/144 [ 17.602979] [ 17.603129] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 17.603298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.603326] Hardware name: linux,dummy-virt (DT) [ 17.603369] Call trace: [ 17.603399] show_stack+0x20/0x38 (C) [ 17.603595] dump_stack_lvl+0x8c/0xd0 [ 17.603649] print_report+0x118/0x608 [ 17.603705] kasan_report+0xdc/0x128 [ 17.603749] __asan_report_store1_noabort+0x20/0x30 [ 17.603804] kmalloc_track_caller_oob_right+0x418/0x488 [ 17.603909] kunit_try_run_case+0x170/0x3f0 [ 17.604091] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.604204] kthread+0x328/0x630 [ 17.604256] ret_from_fork+0x10/0x20 [ 17.604303] [ 17.604321] Allocated by task 144: [ 17.604739] kasan_save_stack+0x3c/0x68 [ 17.604847] kasan_save_track+0x20/0x40 [ 17.604892] kasan_save_alloc_info+0x40/0x58 [ 17.605096] __kasan_kmalloc+0xd4/0xd8 [ 17.605163] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.605205] kmalloc_track_caller_oob_right+0x184/0x488 [ 17.605243] kunit_try_run_case+0x170/0x3f0 [ 17.605281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.605324] kthread+0x328/0x630 [ 17.605378] ret_from_fork+0x10/0x20 [ 17.605413] [ 17.605432] The buggy address belongs to the object at fff00000c63d6000 [ 17.605432] which belongs to the cache kmalloc-128 of size 128 [ 17.605883] The buggy address is located 0 bytes to the right of [ 17.605883] allocated 120-byte region [fff00000c63d6000, fff00000c63d6078) [ 17.606291] [ 17.606501] The buggy address belongs to the physical page: [ 17.606547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063d6 [ 17.606679] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.606727] page_type: f5(slab) [ 17.607056] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.607109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.607148] page dumped because: kasan: bad access detected [ 17.607185] [ 17.607204] Memory state around the buggy address: [ 17.607235] fff00000c63d5f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.607397] fff00000c63d5f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.607647] >fff00000c63d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.607898] ^ [ 17.608123] fff00000c63d6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.608457] fff00000c63d6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.608502] ================================================================== [ 17.587130] ================================================================== [ 17.587183] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.587233] Write of size 1 at addr fff00000c5b9df78 by task kunit_try_catch/144 [ 17.587281] [ 17.587312] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT [ 17.589199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.589242] Hardware name: linux,dummy-virt (DT) [ 17.589410] Call trace: [ 17.589461] show_stack+0x20/0x38 (C) [ 17.590461] dump_stack_lvl+0x8c/0xd0 [ 17.590519] print_report+0x118/0x608 [ 17.590564] kasan_report+0xdc/0x128 [ 17.590687] __asan_report_store1_noabort+0x20/0x30 [ 17.590845] kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.590896] kunit_try_run_case+0x170/0x3f0 [ 17.591439] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.591921] kthread+0x328/0x630 [ 17.592286] ret_from_fork+0x10/0x20 [ 17.592502] [ 17.592591] Allocated by task 144: [ 17.592620] kasan_save_stack+0x3c/0x68 [ 17.592660] kasan_save_track+0x20/0x40 [ 17.592698] kasan_save_alloc_info+0x40/0x58 [ 17.592736] __kasan_kmalloc+0xd4/0xd8 [ 17.592770] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.592975] kmalloc_track_caller_oob_right+0xa8/0x488 [ 17.593046] kunit_try_run_case+0x170/0x3f0 [ 17.593736] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.594035] kthread+0x328/0x630 [ 17.594098] ret_from_fork+0x10/0x20 [ 17.594346] [ 17.594367] The buggy address belongs to the object at fff00000c5b9df00 [ 17.594367] which belongs to the cache kmalloc-128 of size 128 [ 17.594669] The buggy address is located 0 bytes to the right of [ 17.594669] allocated 120-byte region [fff00000c5b9df00, fff00000c5b9df78) [ 17.594932] [ 17.594955] The buggy address belongs to the physical page: [ 17.595150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b9d [ 17.595209] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.595260] page_type: f5(slab) [ 17.595509] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.595732] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.595948] page dumped because: kasan: bad access detected [ 17.595985] [ 17.596119] Memory state around the buggy address: [ 17.596317] fff00000c5b9de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.596391] fff00000c5b9de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.596627] >fff00000c5b9df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.596664] ^ [ 17.596703] fff00000c5b9df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.596994] fff00000c5b9e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.597242] ==================================================================
[ 10.611846] ================================================================== [ 10.612650] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.613510] Write of size 1 at addr ffff8881035ebc78 by task kunit_try_catch/162 [ 10.614117] [ 10.614215] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 10.614260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.614272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.614294] Call Trace: [ 10.614306] <TASK> [ 10.614321] dump_stack_lvl+0x73/0xb0 [ 10.614348] print_report+0xd1/0x650 [ 10.614372] ? __virt_addr_valid+0x1db/0x2d0 [ 10.614394] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.614416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.614439] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.614461] kasan_report+0x141/0x180 [ 10.614483] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.614520] __asan_report_store1_noabort+0x1b/0x30 [ 10.614541] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.614563] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.614587] ? __schedule+0x10cc/0x2b60 [ 10.614610] ? __pfx_read_tsc+0x10/0x10 [ 10.614631] ? ktime_get_ts64+0x86/0x230 [ 10.614683] kunit_try_run_case+0x1a5/0x480 [ 10.614705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.614724] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.614749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.614773] ? __kthread_parkme+0x82/0x180 [ 10.614795] ? preempt_count_sub+0x50/0x80 [ 10.614820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.614840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.614863] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.614914] kthread+0x337/0x6f0 [ 10.614932] ? trace_preempt_on+0x20/0xc0 [ 10.614957] ? __pfx_kthread+0x10/0x10 [ 10.614975] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.614997] ? calculate_sigpending+0x7b/0xa0 [ 10.615019] ? __pfx_kthread+0x10/0x10 [ 10.615037] ret_from_fork+0x41/0x80 [ 10.615059] ? __pfx_kthread+0x10/0x10 [ 10.615077] ret_from_fork_asm+0x1a/0x30 [ 10.615107] </TASK> [ 10.615118] [ 10.629105] Allocated by task 162: [ 10.629242] kasan_save_stack+0x45/0x70 [ 10.629393] kasan_save_track+0x18/0x40 [ 10.629656] kasan_save_alloc_info+0x3b/0x50 [ 10.630130] __kasan_kmalloc+0xb7/0xc0 [ 10.630648] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.631315] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.631965] kunit_try_run_case+0x1a5/0x480 [ 10.632363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.632889] kthread+0x337/0x6f0 [ 10.633082] ret_from_fork+0x41/0x80 [ 10.633219] ret_from_fork_asm+0x1a/0x30 [ 10.633357] [ 10.633430] The buggy address belongs to the object at ffff8881035ebc00 [ 10.633430] which belongs to the cache kmalloc-128 of size 128 [ 10.634639] The buggy address is located 0 bytes to the right of [ 10.634639] allocated 120-byte region [ffff8881035ebc00, ffff8881035ebc78) [ 10.635645] [ 10.635727] The buggy address belongs to the physical page: [ 10.635980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1035eb [ 10.636704] flags: 0x200000000000000(node=0|zone=2) [ 10.637243] page_type: f5(slab) [ 10.637538] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.638310] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.638582] page dumped because: kasan: bad access detected [ 10.639104] [ 10.639310] Memory state around the buggy address: [ 10.639949] ffff8881035ebb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.640542] ffff8881035ebb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.641116] >ffff8881035ebc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.641739] ^ [ 10.642090] ffff8881035ebc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.642704] ffff8881035ebd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.643357] ================================================================== [ 10.587689] ================================================================== [ 10.588338] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.588665] Write of size 1 at addr ffff8881035ebb78 by task kunit_try_catch/162 [ 10.589178] [ 10.589313] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.6-rc1 #1 PREEMPT(voluntary) [ 10.589369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.589390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.589410] Call Trace: [ 10.589421] <TASK> [ 10.589437] dump_stack_lvl+0x73/0xb0 [ 10.589474] print_report+0xd1/0x650 [ 10.589497] ? __virt_addr_valid+0x1db/0x2d0 [ 10.589529] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.589552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.589575] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.589597] kasan_report+0x141/0x180 [ 10.589621] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.589657] __asan_report_store1_noabort+0x1b/0x30 [ 10.589678] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.589700] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.589734] ? __schedule+0x10cc/0x2b60 [ 10.589759] ? __pfx_read_tsc+0x10/0x10 [ 10.589780] ? ktime_get_ts64+0x86/0x230 [ 10.589812] kunit_try_run_case+0x1a5/0x480 [ 10.589834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.589854] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.589895] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.589920] ? __kthread_parkme+0x82/0x180 [ 10.589942] ? preempt_count_sub+0x50/0x80 [ 10.589981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.590002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.590026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.590050] kthread+0x337/0x6f0 [ 10.590067] ? trace_preempt_on+0x20/0xc0 [ 10.590090] ? __pfx_kthread+0x10/0x10 [ 10.590109] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.590131] ? calculate_sigpending+0x7b/0xa0 [ 10.590153] ? __pfx_kthread+0x10/0x10 [ 10.590172] ret_from_fork+0x41/0x80 [ 10.590193] ? __pfx_kthread+0x10/0x10 [ 10.590211] ret_from_fork_asm+0x1a/0x30 [ 10.590242] </TASK> [ 10.590253] [ 10.598413] Allocated by task 162: [ 10.598614] kasan_save_stack+0x45/0x70 [ 10.598894] kasan_save_track+0x18/0x40 [ 10.599106] kasan_save_alloc_info+0x3b/0x50 [ 10.599351] __kasan_kmalloc+0xb7/0xc0 [ 10.599580] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.599809] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.599991] kunit_try_run_case+0x1a5/0x480 [ 10.600139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.600449] kthread+0x337/0x6f0 [ 10.600648] ret_from_fork+0x41/0x80 [ 10.600840] ret_from_fork_asm+0x1a/0x30 [ 10.601065] [ 10.601172] The buggy address belongs to the object at ffff8881035ebb00 [ 10.601172] which belongs to the cache kmalloc-128 of size 128 [ 10.601659] The buggy address is located 0 bytes to the right of [ 10.601659] allocated 120-byte region [ffff8881035ebb00, ffff8881035ebb78) [ 10.602831] [ 10.603209] The buggy address belongs to the physical page: [ 10.604017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1035eb [ 10.604376] flags: 0x200000000000000(node=0|zone=2) [ 10.604588] page_type: f5(slab) [ 10.604976] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.605715] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.606252] page dumped because: kasan: bad access detected [ 10.606430] [ 10.606503] Memory state around the buggy address: [ 10.607001] ffff8881035eba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.607695] ffff8881035eba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.608611] >ffff8881035ebb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.609338] ^ [ 10.609898] ffff8881035ebb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.610245] ffff8881035ebc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.610463] ==================================================================