Date
July 6, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.822371] ================================================================== [ 17.822417] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 17.822470] Write of size 1 at addr fff00000c1cf4978 by task kunit_try_catch/142 [ 17.822519] [ 17.822548] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.822628] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.822655] Hardware name: linux,dummy-virt (DT) [ 17.822753] Call trace: [ 17.822801] show_stack+0x20/0x38 (C) [ 17.822866] dump_stack_lvl+0x8c/0xd0 [ 17.822913] print_report+0x118/0x608 [ 17.822958] kasan_report+0xdc/0x128 [ 17.823003] __asan_report_store1_noabort+0x20/0x30 [ 17.823050] kmalloc_track_caller_oob_right+0x418/0x488 [ 17.823100] kunit_try_run_case+0x170/0x3f0 [ 17.823147] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.823211] kthread+0x328/0x630 [ 17.823252] ret_from_fork+0x10/0x20 [ 17.823298] [ 17.823460] Allocated by task 142: [ 17.823561] kasan_save_stack+0x3c/0x68 [ 17.823605] kasan_save_track+0x20/0x40 [ 17.823641] kasan_save_alloc_info+0x40/0x58 [ 17.823688] __kasan_kmalloc+0xd4/0xd8 [ 17.823739] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.823782] kmalloc_track_caller_oob_right+0x184/0x488 [ 17.823840] kunit_try_run_case+0x170/0x3f0 [ 17.823926] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.823971] kthread+0x328/0x630 [ 17.824005] ret_from_fork+0x10/0x20 [ 17.824093] [ 17.824162] The buggy address belongs to the object at fff00000c1cf4900 [ 17.824162] which belongs to the cache kmalloc-128 of size 128 [ 17.824232] The buggy address is located 0 bytes to the right of [ 17.824232] allocated 120-byte region [fff00000c1cf4900, fff00000c1cf4978) [ 17.824295] [ 17.824464] The buggy address belongs to the physical page: [ 17.824493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101cf4 [ 17.824711] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.824772] page_type: f5(slab) [ 17.824850] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.824917] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.824974] page dumped because: kasan: bad access detected [ 17.825020] [ 17.825074] Memory state around the buggy address: [ 17.825132] fff00000c1cf4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.825175] fff00000c1cf4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.825360] >fff00000c1cf4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.825398] ^ [ 17.825436] fff00000c1cf4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.825589] fff00000c1cf4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.825738] ================================================================== [ 17.818719] ================================================================== [ 17.818786] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.818839] Write of size 1 at addr fff00000c1cf4878 by task kunit_try_catch/142 [ 17.818887] [ 17.818925] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.819005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.819031] Hardware name: linux,dummy-virt (DT) [ 17.819061] Call trace: [ 17.819082] show_stack+0x20/0x38 (C) [ 17.819129] dump_stack_lvl+0x8c/0xd0 [ 17.819174] print_report+0x118/0x608 [ 17.819235] kasan_report+0xdc/0x128 [ 17.819280] __asan_report_store1_noabort+0x20/0x30 [ 17.819339] kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.819392] kunit_try_run_case+0x170/0x3f0 [ 17.819439] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.819501] kthread+0x328/0x630 [ 17.819544] ret_from_fork+0x10/0x20 [ 17.819592] [ 17.819609] Allocated by task 142: [ 17.819637] kasan_save_stack+0x3c/0x68 [ 17.819685] kasan_save_track+0x20/0x40 [ 17.819722] kasan_save_alloc_info+0x40/0x58 [ 17.819769] __kasan_kmalloc+0xd4/0xd8 [ 17.819805] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.819848] kmalloc_track_caller_oob_right+0xa8/0x488 [ 17.819888] kunit_try_run_case+0x170/0x3f0 [ 17.819926] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.819968] kthread+0x328/0x630 [ 17.819999] ret_from_fork+0x10/0x20 [ 17.820042] [ 17.820061] The buggy address belongs to the object at fff00000c1cf4800 [ 17.820061] which belongs to the cache kmalloc-128 of size 128 [ 17.820115] The buggy address is located 0 bytes to the right of [ 17.820115] allocated 120-byte region [fff00000c1cf4800, fff00000c1cf4878) [ 17.820176] [ 17.820205] The buggy address belongs to the physical page: [ 17.820234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101cf4 [ 17.820284] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.820328] page_type: f5(slab) [ 17.820365] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.820413] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.820452] page dumped because: kasan: bad access detected [ 17.820481] [ 17.820498] Memory state around the buggy address: [ 17.820528] fff00000c1cf4700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.820649] fff00000c1cf4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.821017] >fff00000c1cf4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.821075] ^ [ 17.821214] fff00000c1cf4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.821307] fff00000c1cf4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.821346] ==================================================================
[ 10.990118] ================================================================== [ 10.991238] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.991758] Write of size 1 at addr ffff888102b0e678 by task kunit_try_catch/159 [ 10.992459] [ 10.992794] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.992849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.992862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.992885] Call Trace: [ 10.992899] <TASK> [ 10.992920] dump_stack_lvl+0x73/0xb0 [ 10.992968] print_report+0xd1/0x650 [ 10.992991] ? __virt_addr_valid+0x1db/0x2d0 [ 10.993016] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.993062] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993086] kasan_report+0x141/0x180 [ 10.993107] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993136] __asan_report_store1_noabort+0x1b/0x30 [ 10.993155] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.993179] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.993204] ? __schedule+0x10cc/0x2b60 [ 10.993227] ? __pfx_read_tsc+0x10/0x10 [ 10.993248] ? ktime_get_ts64+0x86/0x230 [ 10.993273] kunit_try_run_case+0x1a5/0x480 [ 10.993298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.993320] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.993344] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.993366] ? __kthread_parkme+0x82/0x180 [ 10.993387] ? preempt_count_sub+0x50/0x80 [ 10.993411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.993434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.993456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.993477] kthread+0x337/0x6f0 [ 10.993496] ? trace_preempt_on+0x20/0xc0 [ 10.993520] ? __pfx_kthread+0x10/0x10 [ 10.993540] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.993560] ? calculate_sigpending+0x7b/0xa0 [ 10.993584] ? __pfx_kthread+0x10/0x10 [ 10.993604] ret_from_fork+0x116/0x1d0 [ 10.993622] ? __pfx_kthread+0x10/0x10 [ 10.993641] ret_from_fork_asm+0x1a/0x30 [ 10.993672] </TASK> [ 10.993695] [ 11.006352] Allocated by task 159: [ 11.006721] kasan_save_stack+0x45/0x70 [ 11.007139] kasan_save_track+0x18/0x40 [ 11.007348] kasan_save_alloc_info+0x3b/0x50 [ 11.007597] __kasan_kmalloc+0xb7/0xc0 [ 11.008003] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.008673] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.009206] kunit_try_run_case+0x1a5/0x480 [ 11.009572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.009748] kthread+0x337/0x6f0 [ 11.009868] ret_from_fork+0x116/0x1d0 [ 11.010009] ret_from_fork_asm+0x1a/0x30 [ 11.010188] [ 11.010282] The buggy address belongs to the object at ffff888102b0e600 [ 11.010282] which belongs to the cache kmalloc-128 of size 128 [ 11.010855] The buggy address is located 0 bytes to the right of [ 11.010855] allocated 120-byte region [ffff888102b0e600, ffff888102b0e678) [ 11.011334] [ 11.011412] The buggy address belongs to the physical page: [ 11.011666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 11.012009] flags: 0x200000000000000(node=0|zone=2) [ 11.012373] page_type: f5(slab) [ 11.012611] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.012856] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.013252] page dumped because: kasan: bad access detected [ 11.013534] [ 11.013665] Memory state around the buggy address: [ 11.013819] ffff888102b0e500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.014153] ffff888102b0e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.014435] >ffff888102b0e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.014884] ^ [ 11.015118] ffff888102b0e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.015452] ffff888102b0e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.015720] ================================================================== [ 11.016856] ================================================================== [ 11.017631] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.018247] Write of size 1 at addr ffff888102b0e778 by task kunit_try_catch/159 [ 11.018721] [ 11.018853] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.018896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.018907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.018938] Call Trace: [ 11.018951] <TASK> [ 11.018965] dump_stack_lvl+0x73/0xb0 [ 11.018993] print_report+0xd1/0x650 [ 11.019015] ? __virt_addr_valid+0x1db/0x2d0 [ 11.019036] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019060] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.019082] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019112] kasan_report+0x141/0x180 [ 11.019133] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019173] __asan_report_store1_noabort+0x1b/0x30 [ 11.019193] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.019217] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.019253] ? __schedule+0x10cc/0x2b60 [ 11.019275] ? __pfx_read_tsc+0x10/0x10 [ 11.019296] ? ktime_get_ts64+0x86/0x230 [ 11.019319] kunit_try_run_case+0x1a5/0x480 [ 11.019344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.019366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.019387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.019409] ? __kthread_parkme+0x82/0x180 [ 11.019428] ? preempt_count_sub+0x50/0x80 [ 11.019451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.019474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.019505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.019527] kthread+0x337/0x6f0 [ 11.019546] ? trace_preempt_on+0x20/0xc0 [ 11.019627] ? __pfx_kthread+0x10/0x10 [ 11.019647] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.019667] ? calculate_sigpending+0x7b/0xa0 [ 11.019690] ? __pfx_kthread+0x10/0x10 [ 11.019711] ret_from_fork+0x116/0x1d0 [ 11.019729] ? __pfx_kthread+0x10/0x10 [ 11.019748] ret_from_fork_asm+0x1a/0x30 [ 11.019778] </TASK> [ 11.019789] [ 11.028254] Allocated by task 159: [ 11.028434] kasan_save_stack+0x45/0x70 [ 11.028711] kasan_save_track+0x18/0x40 [ 11.028899] kasan_save_alloc_info+0x3b/0x50 [ 11.029163] __kasan_kmalloc+0xb7/0xc0 [ 11.029353] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.029702] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.029969] kunit_try_run_case+0x1a5/0x480 [ 11.030290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.030616] kthread+0x337/0x6f0 [ 11.030778] ret_from_fork+0x116/0x1d0 [ 11.031114] ret_from_fork_asm+0x1a/0x30 [ 11.031299] [ 11.031400] The buggy address belongs to the object at ffff888102b0e700 [ 11.031400] which belongs to the cache kmalloc-128 of size 128 [ 11.031861] The buggy address is located 0 bytes to the right of [ 11.031861] allocated 120-byte region [ffff888102b0e700, ffff888102b0e778) [ 11.032403] [ 11.032500] The buggy address belongs to the physical page: [ 11.032822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0e [ 11.033304] flags: 0x200000000000000(node=0|zone=2) [ 11.033627] page_type: f5(slab) [ 11.033825] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.034102] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.034396] page dumped because: kasan: bad access detected [ 11.034819] [ 11.034912] Memory state around the buggy address: [ 11.035099] ffff888102b0e600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.035442] ffff888102b0e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.035804] >ffff888102b0e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.036031] ^ [ 11.036385] ffff888102b0e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.036850] ffff888102b0e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.037298] ==================================================================