Date
July 15, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.555782] ================================================================== [ 17.556293] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.556363] Write of size 1 at addr fff00000c47f9b78 by task kunit_try_catch/144 [ 17.556658] [ 17.556801] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 17.556890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.556916] Hardware name: linux,dummy-virt (DT) [ 17.556945] Call trace: [ 17.557097] show_stack+0x20/0x38 (C) [ 17.557278] dump_stack_lvl+0x8c/0xd0 [ 17.557636] print_report+0x118/0x5d0 [ 17.557767] kasan_report+0xdc/0x128 [ 17.557816] __asan_report_store1_noabort+0x20/0x30 [ 17.557867] kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.558294] kunit_try_run_case+0x170/0x3f0 [ 17.558402] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.558654] kthread+0x328/0x630 [ 17.558819] ret_from_fork+0x10/0x20 [ 17.558873] [ 17.558991] Allocated by task 144: [ 17.559123] kasan_save_stack+0x3c/0x68 [ 17.559307] kasan_save_track+0x20/0x40 [ 17.559349] kasan_save_alloc_info+0x40/0x58 [ 17.559749] __kasan_kmalloc+0xd4/0xd8 [ 17.559795] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.559841] kmalloc_track_caller_oob_right+0xa8/0x488 [ 17.559888] kunit_try_run_case+0x170/0x3f0 [ 17.559928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.559998] kthread+0x328/0x630 [ 17.560042] ret_from_fork+0x10/0x20 [ 17.560087] [ 17.560105] The buggy address belongs to the object at fff00000c47f9b00 [ 17.560105] which belongs to the cache kmalloc-128 of size 128 [ 17.560164] The buggy address is located 0 bytes to the right of [ 17.560164] allocated 120-byte region [fff00000c47f9b00, fff00000c47f9b78) [ 17.560251] [ 17.560270] The buggy address belongs to the physical page: [ 17.560300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047f9 [ 17.560354] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.560404] page_type: f5(slab) [ 17.560440] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.560501] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.560542] page dumped because: kasan: bad access detected [ 17.560582] [ 17.560599] Memory state around the buggy address: [ 17.560629] fff00000c47f9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.560681] fff00000c47f9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.560722] >fff00000c47f9b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.560760] ^ [ 17.560799] fff00000c47f9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.560843] fff00000c47f9c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.560881] ================================================================== [ 17.562834] ================================================================== [ 17.563465] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 17.563529] Write of size 1 at addr fff00000c47f9c78 by task kunit_try_catch/144 [ 17.563579] [ 17.563608] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT [ 17.563688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.563714] Hardware name: linux,dummy-virt (DT) [ 17.564026] Call trace: [ 17.564184] show_stack+0x20/0x38 (C) [ 17.564259] dump_stack_lvl+0x8c/0xd0 [ 17.564504] print_report+0x118/0x5d0 [ 17.564580] kasan_report+0xdc/0x128 [ 17.564919] __asan_report_store1_noabort+0x20/0x30 [ 17.564981] kmalloc_track_caller_oob_right+0x418/0x488 [ 17.565070] kunit_try_run_case+0x170/0x3f0 [ 17.565121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.565421] kthread+0x328/0x630 [ 17.565582] ret_from_fork+0x10/0x20 [ 17.565785] [ 17.566050] Allocated by task 144: [ 17.566129] kasan_save_stack+0x3c/0x68 [ 17.566311] kasan_save_track+0x20/0x40 [ 17.566377] kasan_save_alloc_info+0x40/0x58 [ 17.566415] __kasan_kmalloc+0xd4/0xd8 [ 17.566740] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.566826] kmalloc_track_caller_oob_right+0x184/0x488 [ 17.566956] kunit_try_run_case+0x170/0x3f0 [ 17.567039] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.567094] kthread+0x328/0x630 [ 17.567265] ret_from_fork+0x10/0x20 [ 17.567419] [ 17.567533] The buggy address belongs to the object at fff00000c47f9c00 [ 17.567533] which belongs to the cache kmalloc-128 of size 128 [ 17.567786] The buggy address is located 0 bytes to the right of [ 17.567786] allocated 120-byte region [fff00000c47f9c00, fff00000c47f9c78) [ 17.567976] [ 17.567999] The buggy address belongs to the physical page: [ 17.568177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047f9 [ 17.568249] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.568783] page_type: f5(slab) [ 17.568932] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.569004] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.569228] page dumped because: kasan: bad access detected [ 17.569393] [ 17.569488] Memory state around the buggy address: [ 17.569570] fff00000c47f9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.569734] fff00000c47f9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.569782] >fff00000c47f9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.569820] ^ [ 17.569868] fff00000c47f9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.569910] fff00000c47f9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.570199] ==================================================================
[ 10.438116] ================================================================== [ 10.438589] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.438953] Write of size 1 at addr ffff888102f2a978 by task kunit_try_catch/161 [ 10.439223] [ 10.439332] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.7-rc1 #1 PREEMPT(voluntary) [ 10.439374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.439384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.439402] Call Trace: [ 10.439412] <TASK> [ 10.439426] dump_stack_lvl+0x73/0xb0 [ 10.439449] print_report+0xd1/0x610 [ 10.439470] ? __virt_addr_valid+0x1db/0x2d0 [ 10.439491] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.439511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.439533] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.439553] kasan_report+0x141/0x180 [ 10.439575] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.439600] __asan_report_store1_noabort+0x1b/0x30 [ 10.439620] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.439640] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.439661] ? __schedule+0x10cc/0x2b60 [ 10.439683] ? __pfx_read_tsc+0x10/0x10 [ 10.439702] ? ktime_get_ts64+0x86/0x230 [ 10.439726] kunit_try_run_case+0x1a5/0x480 [ 10.439747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.439764] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.439786] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.439809] ? __kthread_parkme+0x82/0x180 [ 10.439829] ? preempt_count_sub+0x50/0x80 [ 10.439853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.439872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.439907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.439928] kthread+0x337/0x6f0 [ 10.439944] ? trace_preempt_on+0x20/0xc0 [ 10.439966] ? __pfx_kthread+0x10/0x10 [ 10.439983] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.440004] ? calculate_sigpending+0x7b/0xa0 [ 10.440023] ? __pfx_kthread+0x10/0x10 [ 10.440041] ret_from_fork+0x41/0x80 [ 10.440060] ? __pfx_kthread+0x10/0x10 [ 10.440077] ret_from_fork_asm+0x1a/0x30 [ 10.440106] </TASK> [ 10.440115] [ 10.448043] Allocated by task 161: [ 10.448202] kasan_save_stack+0x45/0x70 [ 10.448388] kasan_save_track+0x18/0x40 [ 10.448562] kasan_save_alloc_info+0x3b/0x50 [ 10.448813] __kasan_kmalloc+0xb7/0xc0 [ 10.448998] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.449193] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.449443] kunit_try_run_case+0x1a5/0x480 [ 10.449625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.449978] kthread+0x337/0x6f0 [ 10.450111] ret_from_fork+0x41/0x80 [ 10.450291] ret_from_fork_asm+0x1a/0x30 [ 10.450437] [ 10.450506] The buggy address belongs to the object at ffff888102f2a900 [ 10.450506] which belongs to the cache kmalloc-128 of size 128 [ 10.451227] The buggy address is located 0 bytes to the right of [ 10.451227] allocated 120-byte region [ffff888102f2a900, ffff888102f2a978) [ 10.451639] [ 10.451727] The buggy address belongs to the physical page: [ 10.451989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f2a [ 10.452340] flags: 0x200000000000000(node=0|zone=2) [ 10.452738] page_type: f5(slab) [ 10.452860] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.453099] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.453566] page dumped because: kasan: bad access detected [ 10.454006] [ 10.454090] Memory state around the buggy address: [ 10.454281] ffff888102f2a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.454491] ffff888102f2a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.454835] >ffff888102f2a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.455163] ^ [ 10.455474] ffff888102f2a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.455933] ffff888102f2aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.456150] ==================================================================