Date
July 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.049487] ================================================================== [ 19.049546] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 19.049599] Write of size 1 at addr fff00000c6343778 by task kunit_try_catch/142 [ 19.049646] [ 19.049676] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.049763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.049795] Hardware name: linux,dummy-virt (DT) [ 19.049825] Call trace: [ 19.049846] show_stack+0x20/0x38 (C) [ 19.049893] dump_stack_lvl+0x8c/0xd0 [ 19.049941] print_report+0x118/0x608 [ 19.049995] kasan_report+0xdc/0x128 [ 19.050041] __asan_report_store1_noabort+0x20/0x30 [ 19.050092] kmalloc_track_caller_oob_right+0x40c/0x488 [ 19.050150] kunit_try_run_case+0x170/0x3f0 [ 19.050674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.051112] kthread+0x328/0x630 [ 19.051503] ret_from_fork+0x10/0x20 [ 19.051579] [ 19.051599] Allocated by task 142: [ 19.051657] kasan_save_stack+0x3c/0x68 [ 19.051701] kasan_save_track+0x20/0x40 [ 19.051756] kasan_save_alloc_info+0x40/0x58 [ 19.052206] __kasan_kmalloc+0xd4/0xd8 [ 19.052368] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 19.052633] kmalloc_track_caller_oob_right+0xa8/0x488 [ 19.052763] kunit_try_run_case+0x170/0x3f0 [ 19.053026] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.053098] kthread+0x328/0x630 [ 19.053165] ret_from_fork+0x10/0x20 [ 19.053495] [ 19.053556] The buggy address belongs to the object at fff00000c6343700 [ 19.053556] which belongs to the cache kmalloc-128 of size 128 [ 19.053670] The buggy address is located 0 bytes to the right of [ 19.053670] allocated 120-byte region [fff00000c6343700, fff00000c6343778) [ 19.053791] [ 19.053870] The buggy address belongs to the physical page: [ 19.053983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106343 [ 19.054086] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.054242] page_type: f5(slab) [ 19.054325] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.054693] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.054768] page dumped because: kasan: bad access detected [ 19.054873] [ 19.054900] Memory state around the buggy address: [ 19.054932] fff00000c6343600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.055012] fff00000c6343680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.055233] >fff00000c6343700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.055312] ^ [ 19.055538] fff00000c6343780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.055891] fff00000c6343800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.055963] ================================================================== [ 19.057572] ================================================================== [ 19.058012] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 19.058077] Write of size 1 at addr fff00000c6343878 by task kunit_try_catch/142 [ 19.058342] [ 19.058510] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 19.058598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.058624] Hardware name: linux,dummy-virt (DT) [ 19.058847] Call trace: [ 19.058884] show_stack+0x20/0x38 (C) [ 19.058940] dump_stack_lvl+0x8c/0xd0 [ 19.058995] print_report+0x118/0x608 [ 19.059196] kasan_report+0xdc/0x128 [ 19.059526] __asan_report_store1_noabort+0x20/0x30 [ 19.059618] kmalloc_track_caller_oob_right+0x418/0x488 [ 19.059780] kunit_try_run_case+0x170/0x3f0 [ 19.059831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.059882] kthread+0x328/0x630 [ 19.060096] ret_from_fork+0x10/0x20 [ 19.060425] [ 19.060499] Allocated by task 142: [ 19.060601] kasan_save_stack+0x3c/0x68 [ 19.060681] kasan_save_track+0x20/0x40 [ 19.060886] kasan_save_alloc_info+0x40/0x58 [ 19.061051] __kasan_kmalloc+0xd4/0xd8 [ 19.061454] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 19.061790] kmalloc_track_caller_oob_right+0x184/0x488 [ 19.061847] kunit_try_run_case+0x170/0x3f0 [ 19.061988] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.062622] kthread+0x328/0x630 [ 19.062772] ret_from_fork+0x10/0x20 [ 19.062965] [ 19.063143] The buggy address belongs to the object at fff00000c6343800 [ 19.063143] which belongs to the cache kmalloc-128 of size 128 [ 19.063349] The buggy address is located 0 bytes to the right of [ 19.063349] allocated 120-byte region [fff00000c6343800, fff00000c6343878) [ 19.063418] [ 19.063647] The buggy address belongs to the physical page: [ 19.063841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106343 [ 19.063990] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.064040] page_type: f5(slab) [ 19.064097] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.064363] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.064514] page dumped because: kasan: bad access detected [ 19.064598] [ 19.064618] Memory state around the buggy address: [ 19.064649] fff00000c6343700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.064867] fff00000c6343780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.065035] >fff00000c6343800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.065099] ^ [ 19.065202] fff00000c6343880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.065269] fff00000c6343900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.065306] ==================================================================
[ 11.888372] ================================================================== [ 11.889036] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.889294] Write of size 1 at addr ffff888102662b78 by task kunit_try_catch/160 [ 11.889514] [ 11.889610] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.889650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.889661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.889680] Call Trace: [ 11.889691] <TASK> [ 11.889711] dump_stack_lvl+0x73/0xb0 [ 11.889739] print_report+0xd1/0x650 [ 11.889760] ? __virt_addr_valid+0x1db/0x2d0 [ 11.889781] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.889805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.889826] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.889849] kasan_report+0x141/0x180 [ 11.889870] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.889899] __asan_report_store1_noabort+0x1b/0x30 [ 11.889922] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.889946] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.889971] ? __schedule+0x10cc/0x2b60 [ 11.889991] ? __pfx_read_tsc+0x10/0x10 [ 11.890010] ? ktime_get_ts64+0x86/0x230 [ 11.890033] kunit_try_run_case+0x1a5/0x480 [ 11.890056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.890076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.890098] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.890120] ? __kthread_parkme+0x82/0x180 [ 11.890139] ? preempt_count_sub+0x50/0x80 [ 11.890162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.890184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.890206] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.890229] kthread+0x337/0x6f0 [ 11.890246] ? trace_preempt_on+0x20/0xc0 [ 11.890268] ? __pfx_kthread+0x10/0x10 [ 11.890287] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.890307] ? calculate_sigpending+0x7b/0xa0 [ 11.890330] ? __pfx_kthread+0x10/0x10 [ 11.890350] ret_from_fork+0x116/0x1d0 [ 11.890367] ? __pfx_kthread+0x10/0x10 [ 11.890386] ret_from_fork_asm+0x1a/0x30 [ 11.890416] </TASK> [ 11.890425] [ 11.906204] Allocated by task 160: [ 11.906382] kasan_save_stack+0x45/0x70 [ 11.906725] kasan_save_track+0x18/0x40 [ 11.907217] kasan_save_alloc_info+0x3b/0x50 [ 11.907428] __kasan_kmalloc+0xb7/0xc0 [ 11.907789] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.908408] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.908827] kunit_try_run_case+0x1a5/0x480 [ 11.909327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.909765] kthread+0x337/0x6f0 [ 11.910054] ret_from_fork+0x116/0x1d0 [ 11.910237] ret_from_fork_asm+0x1a/0x30 [ 11.910425] [ 11.910707] The buggy address belongs to the object at ffff888102662b00 [ 11.910707] which belongs to the cache kmalloc-128 of size 128 [ 11.911332] The buggy address is located 0 bytes to the right of [ 11.911332] allocated 120-byte region [ffff888102662b00, ffff888102662b78) [ 11.912236] [ 11.912352] The buggy address belongs to the physical page: [ 11.912849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102662 [ 11.913565] flags: 0x200000000000000(node=0|zone=2) [ 11.913810] page_type: f5(slab) [ 11.914149] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.914835] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.915325] page dumped because: kasan: bad access detected [ 11.915797] [ 11.915900] Memory state around the buggy address: [ 11.916256] ffff888102662a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.916693] ffff888102662a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.917127] >ffff888102662b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.917640] ^ [ 11.918092] ffff888102662b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.918633] ffff888102662c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.919063] ================================================================== [ 11.919775] ================================================================== [ 11.920024] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.920429] Write of size 1 at addr ffff888102662c78 by task kunit_try_catch/160 [ 11.920803] [ 11.920914] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.920954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.920965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.920983] Call Trace: [ 11.920994] <TASK> [ 11.921007] dump_stack_lvl+0x73/0xb0 [ 11.921034] print_report+0xd1/0x650 [ 11.921055] ? __virt_addr_valid+0x1db/0x2d0 [ 11.921077] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.921117] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.921140] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.921167] kasan_report+0x141/0x180 [ 11.921188] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.921218] __asan_report_store1_noabort+0x1b/0x30 [ 11.921245] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.921270] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.921297] ? __schedule+0x10cc/0x2b60 [ 11.921319] ? __pfx_read_tsc+0x10/0x10 [ 11.921338] ? ktime_get_ts64+0x86/0x230 [ 11.921363] kunit_try_run_case+0x1a5/0x480 [ 11.921387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.921409] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.921432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.921455] ? __kthread_parkme+0x82/0x180 [ 11.921475] ? preempt_count_sub+0x50/0x80 [ 11.921499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.921523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.921546] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.921570] kthread+0x337/0x6f0 [ 11.921589] ? trace_preempt_on+0x20/0xc0 [ 11.921621] ? __pfx_kthread+0x10/0x10 [ 11.921641] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.921662] ? calculate_sigpending+0x7b/0xa0 [ 11.921685] ? __pfx_kthread+0x10/0x10 [ 11.921712] ret_from_fork+0x116/0x1d0 [ 11.921730] ? __pfx_kthread+0x10/0x10 [ 11.921750] ret_from_fork_asm+0x1a/0x30 [ 11.921780] </TASK> [ 11.921790] [ 11.929539] Allocated by task 160: [ 11.929744] kasan_save_stack+0x45/0x70 [ 11.929969] kasan_save_track+0x18/0x40 [ 11.930317] kasan_save_alloc_info+0x3b/0x50 [ 11.930517] __kasan_kmalloc+0xb7/0xc0 [ 11.930693] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.930937] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.931162] kunit_try_run_case+0x1a5/0x480 [ 11.931415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.931590] kthread+0x337/0x6f0 [ 11.931717] ret_from_fork+0x116/0x1d0 [ 11.931847] ret_from_fork_asm+0x1a/0x30 [ 11.932033] [ 11.932126] The buggy address belongs to the object at ffff888102662c00 [ 11.932126] which belongs to the cache kmalloc-128 of size 128 [ 11.932736] The buggy address is located 0 bytes to the right of [ 11.932736] allocated 120-byte region [ffff888102662c00, ffff888102662c78) [ 11.933127] [ 11.933221] The buggy address belongs to the physical page: [ 11.933470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102662 [ 11.934014] flags: 0x200000000000000(node=0|zone=2) [ 11.934249] page_type: f5(slab) [ 11.934396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.934707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.935044] page dumped because: kasan: bad access detected [ 11.935273] [ 11.935341] Memory state around the buggy address: [ 11.935575] ffff888102662b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.935858] ffff888102662b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.936209] >ffff888102662c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.936428] ^ [ 11.936720] ffff888102662c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.937144] ffff888102662d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.937353] ==================================================================