Date
July 17, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.323695] ================================================================== [ 16.323929] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.324422] Write of size 1 at addr fff00000c6691278 by task kunit_try_catch/142 [ 16.324482] [ 16.324523] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.324897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.324961] Hardware name: linux,dummy-virt (DT) [ 16.325119] Call trace: [ 16.325208] show_stack+0x20/0x38 (C) [ 16.325330] dump_stack_lvl+0x8c/0xd0 [ 16.325437] print_report+0x118/0x5d0 [ 16.325516] kasan_report+0xdc/0x128 [ 16.325945] __asan_report_store1_noabort+0x20/0x30 [ 16.326060] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.326277] kunit_try_run_case+0x170/0x3f0 [ 16.326360] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.326587] kthread+0x328/0x630 [ 16.326795] ret_from_fork+0x10/0x20 [ 16.327226] [ 16.327371] Allocated by task 142: [ 16.327461] kasan_save_stack+0x3c/0x68 [ 16.327614] kasan_save_track+0x20/0x40 [ 16.327701] kasan_save_alloc_info+0x40/0x58 [ 16.327831] __kasan_kmalloc+0xd4/0xd8 [ 16.327882] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.327927] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.328207] kunit_try_run_case+0x170/0x3f0 [ 16.328378] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.328452] kthread+0x328/0x630 [ 16.328625] ret_from_fork+0x10/0x20 [ 16.328728] [ 16.328834] The buggy address belongs to the object at fff00000c6691200 [ 16.328834] which belongs to the cache kmalloc-128 of size 128 [ 16.328907] The buggy address is located 0 bytes to the right of [ 16.328907] allocated 120-byte region [fff00000c6691200, fff00000c6691278) [ 16.329147] [ 16.329351] The buggy address belongs to the physical page: [ 16.329649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106691 [ 16.329845] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.329934] page_type: f5(slab) [ 16.330046] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.330603] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.330674] page dumped because: kasan: bad access detected [ 16.330762] [ 16.331049] Memory state around the buggy address: [ 16.331297] fff00000c6691100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.331362] fff00000c6691180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.331421] >fff00000c6691200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.331536] ^ [ 16.331578] fff00000c6691280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.331962] fff00000c6691300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.332079] ================================================================== [ 16.333816] ================================================================== [ 16.333882] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.333934] Write of size 1 at addr fff00000c6691378 by task kunit_try_catch/142 [ 16.333981] [ 16.334012] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.334089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.334126] Hardware name: linux,dummy-virt (DT) [ 16.334156] Call trace: [ 16.334177] show_stack+0x20/0x38 (C) [ 16.334223] dump_stack_lvl+0x8c/0xd0 [ 16.334278] print_report+0x118/0x5d0 [ 16.334323] kasan_report+0xdc/0x128 [ 16.334367] __asan_report_store1_noabort+0x20/0x30 [ 16.334425] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.334483] kunit_try_run_case+0x170/0x3f0 [ 16.334530] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.334580] kthread+0x328/0x630 [ 16.334622] ret_from_fork+0x10/0x20 [ 16.334669] [ 16.334694] Allocated by task 142: [ 16.334722] kasan_save_stack+0x3c/0x68 [ 16.334761] kasan_save_track+0x20/0x40 [ 16.334804] kasan_save_alloc_info+0x40/0x58 [ 16.334843] __kasan_kmalloc+0xd4/0xd8 [ 16.334887] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.334929] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.334972] kunit_try_run_case+0x170/0x3f0 [ 16.335019] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.335061] kthread+0x328/0x630 [ 16.335092] ret_from_fork+0x10/0x20 [ 16.335126] [ 16.335145] The buggy address belongs to the object at fff00000c6691300 [ 16.335145] which belongs to the cache kmalloc-128 of size 128 [ 16.335199] The buggy address is located 0 bytes to the right of [ 16.335199] allocated 120-byte region [fff00000c6691300, fff00000c6691378) [ 16.335267] [ 16.335287] The buggy address belongs to the physical page: [ 16.335316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106691 [ 16.335366] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.335421] page_type: f5(slab) [ 16.335457] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.335506] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.335544] page dumped because: kasan: bad access detected [ 16.335579] [ 16.335597] Memory state around the buggy address: [ 16.335626] fff00000c6691200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.335666] fff00000c6691280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.335716] >fff00000c6691300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.336212] ^ [ 16.336261] fff00000c6691380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.336304] fff00000c6691400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.336340] ==================================================================
[ 11.643468] ================================================================== [ 11.644440] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.645032] Write of size 1 at addr ffff888102f33e78 by task kunit_try_catch/159 [ 11.645676] [ 11.645899] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.645947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.645958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.645980] Call Trace: [ 11.645993] <TASK> [ 11.646010] dump_stack_lvl+0x73/0xb0 [ 11.646041] print_report+0xd1/0x610 [ 11.646073] ? __virt_addr_valid+0x1db/0x2d0 [ 11.646097] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.646121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.646143] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.646168] kasan_report+0x141/0x180 [ 11.646189] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.646224] __asan_report_store1_noabort+0x1b/0x30 [ 11.646248] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.646274] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.646301] ? __schedule+0x10cc/0x2b60 [ 11.646325] ? __pfx_read_tsc+0x10/0x10 [ 11.646345] ? ktime_get_ts64+0x86/0x230 [ 11.646371] kunit_try_run_case+0x1a5/0x480 [ 11.646396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.646417] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.646441] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.646464] ? __kthread_parkme+0x82/0x180 [ 11.646485] ? preempt_count_sub+0x50/0x80 [ 11.646509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.646532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.646555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.646578] kthread+0x337/0x6f0 [ 11.646603] ? trace_preempt_on+0x20/0xc0 [ 11.646627] ? __pfx_kthread+0x10/0x10 [ 11.646647] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.646667] ? calculate_sigpending+0x7b/0xa0 [ 11.646691] ? __pfx_kthread+0x10/0x10 [ 11.646711] ret_from_fork+0x116/0x1d0 [ 11.646729] ? __pfx_kthread+0x10/0x10 [ 11.646748] ret_from_fork_asm+0x1a/0x30 [ 11.646780] </TASK> [ 11.646790] [ 11.656764] Allocated by task 159: [ 11.656934] kasan_save_stack+0x45/0x70 [ 11.657167] kasan_save_track+0x18/0x40 [ 11.657351] kasan_save_alloc_info+0x3b/0x50 [ 11.657574] __kasan_kmalloc+0xb7/0xc0 [ 11.658448] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.658802] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.659552] kunit_try_run_case+0x1a5/0x480 [ 11.659739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.660040] kthread+0x337/0x6f0 [ 11.660304] ret_from_fork+0x116/0x1d0 [ 11.660440] ret_from_fork_asm+0x1a/0x30 [ 11.660638] [ 11.661164] The buggy address belongs to the object at ffff888102f33e00 [ 11.661164] which belongs to the cache kmalloc-128 of size 128 [ 11.661755] The buggy address is located 0 bytes to the right of [ 11.661755] allocated 120-byte region [ffff888102f33e00, ffff888102f33e78) [ 11.662347] [ 11.662874] The buggy address belongs to the physical page: [ 11.663164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f33 [ 11.663577] flags: 0x200000000000000(node=0|zone=2) [ 11.664010] page_type: f5(slab) [ 11.664351] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.664688] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.665252] page dumped because: kasan: bad access detected [ 11.665784] [ 11.665887] Memory state around the buggy address: [ 11.666388] ffff888102f33d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.667164] ffff888102f33d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.667380] >ffff888102f33e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.667586] ^ [ 11.668118] ffff888102f33e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.668490] ffff888102f33f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.669029] ================================================================== [ 11.669990] ================================================================== [ 11.670449] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.670931] Write of size 1 at addr ffff888102f33f78 by task kunit_try_catch/159 [ 11.671340] [ 11.671651] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.671795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.671809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.671831] Call Trace: [ 11.671842] <TASK> [ 11.671859] dump_stack_lvl+0x73/0xb0 [ 11.671888] print_report+0xd1/0x610 [ 11.671911] ? __virt_addr_valid+0x1db/0x2d0 [ 11.671933] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.671957] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.671979] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.672004] kasan_report+0x141/0x180 [ 11.672025] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.672065] __asan_report_store1_noabort+0x1b/0x30 [ 11.672090] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.672114] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.672140] ? __schedule+0x10cc/0x2b60 [ 11.672162] ? __pfx_read_tsc+0x10/0x10 [ 11.672182] ? ktime_get_ts64+0x86/0x230 [ 11.672206] kunit_try_run_case+0x1a5/0x480 [ 11.672230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.672252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.672275] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.672298] ? __kthread_parkme+0x82/0x180 [ 11.672318] ? preempt_count_sub+0x50/0x80 [ 11.672342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.672365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.672388] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.672410] kthread+0x337/0x6f0 [ 11.672429] ? trace_preempt_on+0x20/0xc0 [ 11.672452] ? __pfx_kthread+0x10/0x10 [ 11.672471] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.672491] ? calculate_sigpending+0x7b/0xa0 [ 11.672515] ? __pfx_kthread+0x10/0x10 [ 11.672535] ret_from_fork+0x116/0x1d0 [ 11.672552] ? __pfx_kthread+0x10/0x10 [ 11.672571] ret_from_fork_asm+0x1a/0x30 [ 11.672603] </TASK> [ 11.672612] [ 11.682871] Allocated by task 159: [ 11.683249] kasan_save_stack+0x45/0x70 [ 11.683430] kasan_save_track+0x18/0x40 [ 11.683871] kasan_save_alloc_info+0x3b/0x50 [ 11.684083] __kasan_kmalloc+0xb7/0xc0 [ 11.684327] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.684673] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.685067] kunit_try_run_case+0x1a5/0x480 [ 11.685249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.685473] kthread+0x337/0x6f0 [ 11.685754] ret_from_fork+0x116/0x1d0 [ 11.686156] ret_from_fork_asm+0x1a/0x30 [ 11.686337] [ 11.686529] The buggy address belongs to the object at ffff888102f33f00 [ 11.686529] which belongs to the cache kmalloc-128 of size 128 [ 11.687316] The buggy address is located 0 bytes to the right of [ 11.687316] allocated 120-byte region [ffff888102f33f00, ffff888102f33f78) [ 11.687905] [ 11.688025] The buggy address belongs to the physical page: [ 11.688489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f33 [ 11.689066] flags: 0x200000000000000(node=0|zone=2) [ 11.689279] page_type: f5(slab) [ 11.689526] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.690063] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.690466] page dumped because: kasan: bad access detected [ 11.690705] [ 11.690966] Memory state around the buggy address: [ 11.691401] ffff888102f33e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.691701] ffff888102f33e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.692318] >ffff888102f33f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.692697] ^ [ 11.692996] ffff888102f33f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.693477] ffff888102f34000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.693756] ==================================================================