Date
July 1, 2025, 11:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.139062] ================================================================== [ 18.139207] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.139281] Write of size 1 at addr fff00000c5d57f78 by task kunit_try_catch/143 [ 18.139339] [ 18.139406] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.139497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.139526] Hardware name: linux,dummy-virt (DT) [ 18.139562] Call trace: [ 18.139586] show_stack+0x20/0x38 (C) [ 18.139640] dump_stack_lvl+0x8c/0xd0 [ 18.139693] print_report+0x118/0x608 [ 18.139743] kasan_report+0xdc/0x128 [ 18.139851] __asan_report_store1_noabort+0x20/0x30 [ 18.139959] kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.140044] kunit_try_run_case+0x170/0x3f0 [ 18.140168] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.140353] kthread+0x328/0x630 [ 18.140470] ret_from_fork+0x10/0x20 [ 18.140630] [ 18.140755] Allocated by task 143: [ 18.140815] kasan_save_stack+0x3c/0x68 [ 18.140916] kasan_save_track+0x20/0x40 [ 18.140960] kasan_save_alloc_info+0x40/0x58 [ 18.141019] __kasan_kmalloc+0xd4/0xd8 [ 18.141058] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.141105] kmalloc_track_caller_oob_right+0xa8/0x488 [ 18.141159] kunit_try_run_case+0x170/0x3f0 [ 18.141262] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.141556] kthread+0x328/0x630 [ 18.141722] ret_from_fork+0x10/0x20 [ 18.142304] [ 18.142392] The buggy address belongs to the object at fff00000c5d57f00 [ 18.142392] which belongs to the cache kmalloc-128 of size 128 [ 18.142520] The buggy address is located 0 bytes to the right of [ 18.142520] allocated 120-byte region [fff00000c5d57f00, fff00000c5d57f78) [ 18.142647] [ 18.142716] The buggy address belongs to the physical page: [ 18.142750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d57 [ 18.142809] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.142866] page_type: f5(slab) [ 18.142912] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.142968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.143012] page dumped because: kasan: bad access detected [ 18.143045] [ 18.143063] Memory state around the buggy address: [ 18.143109] fff00000c5d57e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.143166] fff00000c5d57e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.143212] >fff00000c5d57f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.143253] ^ [ 18.143296] fff00000c5d57f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.143712] fff00000c5d58000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.143806] ================================================================== [ 18.145449] ================================================================== [ 18.145531] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 18.145736] Write of size 1 at addr fff00000c7732078 by task kunit_try_catch/143 [ 18.145805] [ 18.145874] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.146005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.146069] Hardware name: linux,dummy-virt (DT) [ 18.146106] Call trace: [ 18.146161] show_stack+0x20/0x38 (C) [ 18.146267] dump_stack_lvl+0x8c/0xd0 [ 18.146339] print_report+0x118/0x608 [ 18.146409] kasan_report+0xdc/0x128 [ 18.146460] __asan_report_store1_noabort+0x20/0x30 [ 18.146512] kmalloc_track_caller_oob_right+0x418/0x488 [ 18.146594] kunit_try_run_case+0x170/0x3f0 [ 18.146660] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.146718] kthread+0x328/0x630 [ 18.146781] ret_from_fork+0x10/0x20 [ 18.146865] [ 18.146885] Allocated by task 143: [ 18.146916] kasan_save_stack+0x3c/0x68 [ 18.146978] kasan_save_track+0x20/0x40 [ 18.147599] kasan_save_alloc_info+0x40/0x58 [ 18.147664] __kasan_kmalloc+0xd4/0xd8 [ 18.147704] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.147751] kmalloc_track_caller_oob_right+0x184/0x488 [ 18.147795] kunit_try_run_case+0x170/0x3f0 [ 18.147835] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.147880] kthread+0x328/0x630 [ 18.147914] ret_from_fork+0x10/0x20 [ 18.147952] [ 18.147973] The buggy address belongs to the object at fff00000c7732000 [ 18.147973] which belongs to the cache kmalloc-128 of size 128 [ 18.148042] The buggy address is located 0 bytes to the right of [ 18.148042] allocated 120-byte region [fff00000c7732000, fff00000c7732078) [ 18.148111] [ 18.148151] The buggy address belongs to the physical page: [ 18.148248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 18.148327] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.148384] page_type: f5(slab) [ 18.148430] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.148484] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.148527] page dumped because: kasan: bad access detected [ 18.148560] [ 18.148580] Memory state around the buggy address: [ 18.148615] fff00000c7731f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.148972] fff00000c7731f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.149054] >fff00000c7732000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.149158] ^ [ 18.149281] fff00000c7732080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.149392] fff00000c7732100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.149434] ==================================================================
[ 10.970667] ================================================================== [ 10.971781] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.972462] Write of size 1 at addr ffff888102ef5778 by task kunit_try_catch/159 [ 10.972782] [ 10.973000] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.973045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.973057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.973077] Call Trace: [ 10.973090] <TASK> [ 10.973111] dump_stack_lvl+0x73/0xb0 [ 10.973139] print_report+0xd1/0x650 [ 10.973161] ? __virt_addr_valid+0x1db/0x2d0 [ 10.973183] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.973227] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973251] kasan_report+0x141/0x180 [ 10.973271] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973298] __asan_report_store1_noabort+0x1b/0x30 [ 10.973318] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.973340] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.973366] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.973407] kunit_try_run_case+0x1a5/0x480 [ 10.973430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.973451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.973473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.973494] ? __kthread_parkme+0x82/0x180 [ 10.973513] ? preempt_count_sub+0x50/0x80 [ 10.973537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.973558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.973579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.973601] kthread+0x337/0x6f0 [ 10.973620] ? trace_preempt_on+0x20/0xc0 [ 10.973645] ? __pfx_kthread+0x10/0x10 [ 10.973665] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.973685] ? calculate_sigpending+0x7b/0xa0 [ 10.973707] ? __pfx_kthread+0x10/0x10 [ 10.973730] ret_from_fork+0x116/0x1d0 [ 10.973748] ? __pfx_kthread+0x10/0x10 [ 10.973768] ret_from_fork_asm+0x1a/0x30 [ 10.973798] </TASK> [ 10.973808] [ 10.987048] Allocated by task 159: [ 10.987455] kasan_save_stack+0x45/0x70 [ 10.987868] kasan_save_track+0x18/0x40 [ 10.988332] kasan_save_alloc_info+0x3b/0x50 [ 10.988554] __kasan_kmalloc+0xb7/0xc0 [ 10.988689] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.988868] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.989317] kunit_try_run_case+0x1a5/0x480 [ 10.989710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.990274] kthread+0x337/0x6f0 [ 10.990597] ret_from_fork+0x116/0x1d0 [ 10.991235] ret_from_fork_asm+0x1a/0x30 [ 10.991657] [ 10.991830] The buggy address belongs to the object at ffff888102ef5700 [ 10.991830] which belongs to the cache kmalloc-128 of size 128 [ 10.992567] The buggy address is located 0 bytes to the right of [ 10.992567] allocated 120-byte region [ffff888102ef5700, ffff888102ef5778) [ 10.992949] [ 10.993155] The buggy address belongs to the physical page: [ 10.993646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 10.994398] flags: 0x200000000000000(node=0|zone=2) [ 10.994957] page_type: f5(slab) [ 10.995307] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.996044] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.996826] page dumped because: kasan: bad access detected [ 10.997208] [ 10.997280] Memory state around the buggy address: [ 10.997450] ffff888102ef5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.997783] ffff888102ef5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.998408] >ffff888102ef5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.999122] ^ [ 11.000188] ffff888102ef5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.000957] ffff888102ef5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.001394] ================================================================== [ 10.939238] ================================================================== [ 10.939943] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.940637] Write of size 1 at addr ffff888102ef5678 by task kunit_try_catch/159 [ 10.941326] [ 10.941516] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.941564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.941576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.941597] Call Trace: [ 10.941610] <TASK> [ 10.941627] dump_stack_lvl+0x73/0xb0 [ 10.941722] print_report+0xd1/0x650 [ 10.941747] ? __virt_addr_valid+0x1db/0x2d0 [ 10.941770] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.941813] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941837] kasan_report+0x141/0x180 [ 10.941857] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941885] __asan_report_store1_noabort+0x1b/0x30 [ 10.941904] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.941927] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.941953] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.942007] kunit_try_run_case+0x1a5/0x480 [ 10.942031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.942052] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.942075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.942096] ? __kthread_parkme+0x82/0x180 [ 10.942116] ? preempt_count_sub+0x50/0x80 [ 10.942140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.942161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.942183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.942204] kthread+0x337/0x6f0 [ 10.942223] ? trace_preempt_on+0x20/0xc0 [ 10.942245] ? __pfx_kthread+0x10/0x10 [ 10.942264] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.942284] ? calculate_sigpending+0x7b/0xa0 [ 10.942307] ? __pfx_kthread+0x10/0x10 [ 10.942326] ret_from_fork+0x116/0x1d0 [ 10.942345] ? __pfx_kthread+0x10/0x10 [ 10.942364] ret_from_fork_asm+0x1a/0x30 [ 10.942406] </TASK> [ 10.942417] [ 10.955436] Allocated by task 159: [ 10.955716] kasan_save_stack+0x45/0x70 [ 10.955876] kasan_save_track+0x18/0x40 [ 10.956172] kasan_save_alloc_info+0x3b/0x50 [ 10.956562] __kasan_kmalloc+0xb7/0xc0 [ 10.957017] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.957512] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.957927] kunit_try_run_case+0x1a5/0x480 [ 10.958229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.958416] kthread+0x337/0x6f0 [ 10.958538] ret_from_fork+0x116/0x1d0 [ 10.958818] ret_from_fork_asm+0x1a/0x30 [ 10.959220] [ 10.959395] The buggy address belongs to the object at ffff888102ef5600 [ 10.959395] which belongs to the cache kmalloc-128 of size 128 [ 10.960809] The buggy address is located 0 bytes to the right of [ 10.960809] allocated 120-byte region [ffff888102ef5600, ffff888102ef5678) [ 10.962039] [ 10.962122] The buggy address belongs to the physical page: [ 10.962296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ef5 [ 10.962969] flags: 0x200000000000000(node=0|zone=2) [ 10.963420] page_type: f5(slab) [ 10.963732] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.964475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.965516] page dumped because: kasan: bad access detected [ 10.966108] [ 10.966266] Memory state around the buggy address: [ 10.966627] ffff888102ef5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.967014] ffff888102ef5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.967714] >ffff888102ef5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.967962] ^ [ 10.968626] ffff888102ef5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.969341] ffff888102ef5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.969579] ==================================================================