Date
June 23, 2025, 7:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.245869] ================================================================== [ 32.246699] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.246882] Write of size 1 at addr fff00000c56e8e78 by task kunit_try_catch/154 [ 32.246958] [ 32.247002] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 32.247175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.247209] Hardware name: linux,dummy-virt (DT) [ 32.247248] Call trace: [ 32.247275] show_stack+0x20/0x38 (C) [ 32.247340] dump_stack_lvl+0x8c/0xd0 [ 32.247398] print_report+0x118/0x608 [ 32.247456] kasan_report+0xdc/0x128 [ 32.247510] __asan_report_store1_noabort+0x20/0x30 [ 32.247566] kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.247625] kunit_try_run_case+0x170/0x3f0 [ 32.247683] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.247744] kthread+0x328/0x630 [ 32.247794] ret_from_fork+0x10/0x20 [ 32.247851] [ 32.247874] Allocated by task 154: [ 32.247908] kasan_save_stack+0x3c/0x68 [ 32.247959] kasan_save_track+0x20/0x40 [ 32.248005] kasan_save_alloc_info+0x40/0x58 [ 32.248077] __kasan_kmalloc+0xd4/0xd8 [ 32.248126] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.248181] kmalloc_track_caller_oob_right+0xa8/0x488 [ 32.248231] kunit_try_run_case+0x170/0x3f0 [ 32.248275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.248326] kthread+0x328/0x630 [ 32.248363] ret_from_fork+0x10/0x20 [ 32.248404] [ 32.248427] The buggy address belongs to the object at fff00000c56e8e00 [ 32.248427] which belongs to the cache kmalloc-128 of size 128 [ 32.248494] The buggy address is located 0 bytes to the right of [ 32.248494] allocated 120-byte region [fff00000c56e8e00, fff00000c56e8e78) [ 32.248566] [ 32.248589] The buggy address belongs to the physical page: [ 32.248625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 32.248686] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.248747] page_type: f5(slab) [ 32.248793] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 32.248849] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.248895] page dumped because: kasan: bad access detected [ 32.248929] [ 32.248949] Memory state around the buggy address: [ 32.248985] fff00000c56e8d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.249190] fff00000c56e8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.249341] >fff00000c56e8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.249435] ^ [ 32.250483] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.250655] fff00000c56e8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.250785] ================================================================== [ 32.252433] ================================================================== [ 32.252522] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 32.252647] Write of size 1 at addr fff00000c56e8f78 by task kunit_try_catch/154 [ 32.252780] [ 32.253335] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT [ 32.253962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.254090] Hardware name: linux,dummy-virt (DT) [ 32.254306] Call trace: [ 32.254362] show_stack+0x20/0x38 (C) [ 32.254476] dump_stack_lvl+0x8c/0xd0 [ 32.254644] print_report+0x118/0x608 [ 32.254799] kasan_report+0xdc/0x128 [ 32.255182] __asan_report_store1_noabort+0x20/0x30 [ 32.255319] kmalloc_track_caller_oob_right+0x418/0x488 [ 32.255465] kunit_try_run_case+0x170/0x3f0 [ 32.256455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.256597] kthread+0x328/0x630 [ 32.257003] ret_from_fork+0x10/0x20 [ 32.257672] [ 32.257731] Allocated by task 154: [ 32.257828] kasan_save_stack+0x3c/0x68 [ 32.257998] kasan_save_track+0x20/0x40 [ 32.258246] kasan_save_alloc_info+0x40/0x58 [ 32.258362] __kasan_kmalloc+0xd4/0xd8 [ 32.258677] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.258831] kmalloc_track_caller_oob_right+0x184/0x488 [ 32.258998] kunit_try_run_case+0x170/0x3f0 [ 32.259224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.259451] kthread+0x328/0x630 [ 32.259753] ret_from_fork+0x10/0x20 [ 32.259857] [ 32.260014] The buggy address belongs to the object at fff00000c56e8f00 [ 32.260014] which belongs to the cache kmalloc-128 of size 128 [ 32.260207] The buggy address is located 0 bytes to the right of [ 32.260207] allocated 120-byte region [fff00000c56e8f00, fff00000c56e8f78) [ 32.260443] [ 32.260496] The buggy address belongs to the physical page: [ 32.260760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e8 [ 32.261061] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.261351] page_type: f5(slab) [ 32.261718] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 32.261891] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.262061] page dumped because: kasan: bad access detected [ 32.262243] [ 32.262340] Memory state around the buggy address: [ 32.262705] fff00000c56e8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.262872] fff00000c56e8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.262979] >fff00000c56e8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.263084] ^ [ 32.263183] fff00000c56e8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.263285] fff00000c56e9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.263422] ==================================================================
[ 21.111456] ================================================================== [ 21.112490] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.113189] Write of size 1 at addr ffff8881023ac278 by task kunit_try_catch/171 [ 21.113843] [ 21.114206] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.114306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.114328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.114359] Call Trace: [ 21.114398] <TASK> [ 21.114433] dump_stack_lvl+0x73/0xb0 [ 21.114503] print_report+0xd1/0x650 [ 21.114545] ? __virt_addr_valid+0x1db/0x2d0 [ 21.114572] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114595] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.114619] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114642] kasan_report+0x141/0x180 [ 21.114663] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114690] __asan_report_store1_noabort+0x1b/0x30 [ 21.114712] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.114735] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.114759] ? __schedule+0x10cc/0x2b60 [ 21.114779] ? __pfx_read_tsc+0x10/0x10 [ 21.114798] ? ktime_get_ts64+0x86/0x230 [ 21.114821] kunit_try_run_case+0x1a5/0x480 [ 21.114864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.114885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.114906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.114926] ? __kthread_parkme+0x82/0x180 [ 21.114945] ? preempt_count_sub+0x50/0x80 [ 21.114967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.114987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.115007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.115026] kthread+0x337/0x6f0 [ 21.115043] ? trace_preempt_on+0x20/0xc0 [ 21.115063] ? __pfx_kthread+0x10/0x10 [ 21.115088] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.115115] ? calculate_sigpending+0x7b/0xa0 [ 21.115144] ? __pfx_kthread+0x10/0x10 [ 21.115172] ret_from_fork+0x116/0x1d0 [ 21.115198] ? __pfx_kthread+0x10/0x10 [ 21.115221] ret_from_fork_asm+0x1a/0x30 [ 21.115248] </TASK> [ 21.115259] [ 21.125773] Allocated by task 171: [ 21.126214] kasan_save_stack+0x45/0x70 [ 21.126591] kasan_save_track+0x18/0x40 [ 21.126963] kasan_save_alloc_info+0x3b/0x50 [ 21.127414] __kasan_kmalloc+0xb7/0xc0 [ 21.127793] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.128259] kmalloc_track_caller_oob_right+0x19a/0x520 [ 21.128730] kunit_try_run_case+0x1a5/0x480 [ 21.129421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.129787] kthread+0x337/0x6f0 [ 21.130223] ret_from_fork+0x116/0x1d0 [ 21.130643] ret_from_fork_asm+0x1a/0x30 [ 21.130864] [ 21.131105] The buggy address belongs to the object at ffff8881023ac200 [ 21.131105] which belongs to the cache kmalloc-128 of size 128 [ 21.131653] The buggy address is located 0 bytes to the right of [ 21.131653] allocated 120-byte region [ffff8881023ac200, ffff8881023ac278) [ 21.132200] [ 21.132298] The buggy address belongs to the physical page: [ 21.132661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.133084] flags: 0x200000000000000(node=0|zone=2) [ 21.133339] page_type: f5(slab) [ 21.133993] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.134742] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.135055] page dumped because: kasan: bad access detected [ 21.135587] [ 21.135736] Memory state around the buggy address: [ 21.135992] ffff8881023ac100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.136533] ffff8881023ac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.136887] >ffff8881023ac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.137563] ^ [ 21.138144] ffff8881023ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.138777] ffff8881023ac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.139373] ================================================================== [ 21.083735] ================================================================== [ 21.084141] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.084651] Write of size 1 at addr ffff8881023ac178 by task kunit_try_catch/171 [ 21.085558] [ 21.085790] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) [ 21.085873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.085896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.085931] Call Trace: [ 21.085950] <TASK> [ 21.085967] dump_stack_lvl+0x73/0xb0 [ 21.085998] print_report+0xd1/0x650 [ 21.086031] ? __virt_addr_valid+0x1db/0x2d0 [ 21.086055] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.086284] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086322] kasan_report+0x141/0x180 [ 21.086358] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086469] __asan_report_store1_noabort+0x1b/0x30 [ 21.086513] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.086558] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.086584] ? __schedule+0x10cc/0x2b60 [ 21.086605] ? __pfx_read_tsc+0x10/0x10 [ 21.086626] ? ktime_get_ts64+0x86/0x230 [ 21.086649] kunit_try_run_case+0x1a5/0x480 [ 21.086672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.086693] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.086714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.086735] ? __kthread_parkme+0x82/0x180 [ 21.086754] ? preempt_count_sub+0x50/0x80 [ 21.086776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.086799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.086820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.086859] kthread+0x337/0x6f0 [ 21.086880] ? trace_preempt_on+0x20/0xc0 [ 21.086902] ? __pfx_kthread+0x10/0x10 [ 21.086921] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.086941] ? calculate_sigpending+0x7b/0xa0 [ 21.086964] ? __pfx_kthread+0x10/0x10 [ 21.086984] ret_from_fork+0x116/0x1d0 [ 21.086999] ? __pfx_kthread+0x10/0x10 [ 21.087017] ret_from_fork_asm+0x1a/0x30 [ 21.087044] </TASK> [ 21.087056] [ 21.097417] Allocated by task 171: [ 21.097570] kasan_save_stack+0x45/0x70 [ 21.097720] kasan_save_track+0x18/0x40 [ 21.098188] kasan_save_alloc_info+0x3b/0x50 [ 21.098578] __kasan_kmalloc+0xb7/0xc0 [ 21.098968] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.099536] kmalloc_track_caller_oob_right+0x99/0x520 [ 21.099977] kunit_try_run_case+0x1a5/0x480 [ 21.100583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.100962] kthread+0x337/0x6f0 [ 21.101193] ret_from_fork+0x116/0x1d0 [ 21.101476] ret_from_fork_asm+0x1a/0x30 [ 21.101645] [ 21.101731] The buggy address belongs to the object at ffff8881023ac100 [ 21.101731] which belongs to the cache kmalloc-128 of size 128 [ 21.102882] The buggy address is located 0 bytes to the right of [ 21.102882] allocated 120-byte region [ffff8881023ac100, ffff8881023ac178) [ 21.103675] [ 21.103825] The buggy address belongs to the physical page: [ 21.104320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023ac [ 21.104861] flags: 0x200000000000000(node=0|zone=2) [ 21.105372] page_type: f5(slab) [ 21.105643] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.106293] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.106696] page dumped because: kasan: bad access detected [ 21.106981] [ 21.107336] Memory state around the buggy address: [ 21.107544] ffff8881023ac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.108009] ffff8881023ac080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.108630] >ffff8881023ac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.109012] ^ [ 21.109506] ffff8881023ac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.109916] ffff8881023ac200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.110461] ==================================================================