Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.553261] ================================================================== [ 105.554013] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf8/0x2a0 [ 105.554872] Write of size 16 at addr ffff0000c67f5600 by task kunit_try_catch/218 [ 105.555371] [ 105.555567] CPU: 1 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.556248] Hardware name: linux,dummy-virt (DT) [ 105.556691] Call trace: [ 105.557014] dump_backtrace+0xe0/0x134 [ 105.557695] show_stack+0x20/0x2c [ 105.558177] dump_stack_lvl+0x88/0xb4 [ 105.558670] print_report+0x158/0x44c [ 105.559258] kasan_report+0xc8/0x180 [ 105.559725] __asan_store16+0x68/0x94 [ 105.560125] kmalloc_oob_16+0xf8/0x2a0 [ 105.560552] kunit_try_run_case+0x8c/0x124 [ 105.561109] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.561703] kthread+0x15c/0x170 [ 105.562138] ret_from_fork+0x10/0x20 [ 105.562575] [ 105.562797] Allocated by task 218: [ 105.563158] kasan_save_stack+0x3c/0x70 [ 105.563597] kasan_set_track+0x2c/0x40 [ 105.564235] kasan_save_alloc_info+0x24/0x34 [ 105.564906] __kasan_kmalloc+0xd4/0xe0 [ 105.565346] kmalloc_trace+0x8c/0x150 [ 105.565791] kmalloc_oob_16+0xa4/0x2a0 [ 105.566227] kunit_try_run_case+0x8c/0x124 [ 105.566660] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.567225] kthread+0x15c/0x170 [ 105.567644] ret_from_fork+0x10/0x20 [ 105.568081] [ 105.568270] The buggy address belongs to the object at ffff0000c67f5600 [ 105.568270] which belongs to the cache kmalloc-128 of size 128 [ 105.569333] The buggy address is located 0 bytes inside of [ 105.569333] 128-byte region [ffff0000c67f5600, ffff0000c67f5680) [ 105.570258] [ 105.570455] The buggy address belongs to the physical page: [ 105.570916] page:00000000678f5464 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067f5 [ 105.571709] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.572408] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.573283] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.573887] page dumped because: kasan: bad access detected [ 105.574363] [ 105.574569] Memory state around the buggy address: [ 105.575048] ffff0000c67f5500: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.575649] ffff0000c67f5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.576278] >ffff0000c67f5600: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.576923] ^ [ 105.577280] ffff0000c67f5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.577911] ffff0000c67f5700: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.578490] ==================================================================
[ 75.306674] ================================================================== [ 75.307583] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xfc/0x1ac [ 75.308248] Write of size 16 at addr ffff0000c5a47900 by task kunit_try_catch/134 [ 75.309389] [ 75.309729] CPU: 1 PID: 134 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.311036] Hardware name: linux,dummy-virt (DT) [ 75.311831] Call trace: [ 75.312074] dump_backtrace+0xf8/0x118 [ 75.312507] show_stack+0x18/0x24 [ 75.313434] __dump_stack+0x28/0x38 [ 75.313868] dump_stack_lvl+0x54/0x6c [ 75.314292] print_address_description+0x7c/0x1ec [ 75.314840] print_report+0x50/0x68 [ 75.315285] kasan_report+0xac/0x100 [ 75.315762] kasan_check_range+0x260/0x2a0 [ 75.316257] memcpy+0x60/0x90 [ 75.316612] kmalloc_oob_16+0xfc/0x1ac [ 75.317232] kunit_try_run_case+0x80/0x184 [ 75.317738] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.318308] kthread+0x16c/0x21c [ 75.318741] ret_from_fork+0x10/0x20 [ 75.319189] [ 75.319374] Allocated by task 134: [ 75.319723] kasan_set_track+0x4c/0x80 [ 75.320173] kasan_save_alloc_info+0x28/0x34 [ 75.320807] __kasan_kmalloc+0x88/0xa0 [ 75.321279] kmalloc_trace+0x54/0x68 [ 75.321737] kmalloc_oob_16+0x48/0x1ac [ 75.322207] kunit_try_run_case+0x80/0x184 [ 75.322663] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.323228] kthread+0x16c/0x21c [ 75.323655] ret_from_fork+0x10/0x20 [ 75.324089] [ 75.324281] The buggy address belongs to the object at ffff0000c5a47900 [ 75.324281] which belongs to the cache kmalloc-128 of size 128 [ 75.325368] The buggy address is located 0 bytes inside of [ 75.325368] 128-byte region [ffff0000c5a47900, ffff0000c5a47980) [ 75.326246] [ 75.326472] The buggy address belongs to the physical page: [ 75.327418] page:000000003f689bbf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a47 [ 75.328234] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.329150] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.329814] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.330427] page dumped because: kasan: bad access detected [ 75.330901] [ 75.331082] Memory state around the buggy address: [ 75.331539] ffff0000c5a47800: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.332165] ffff0000c5a47880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.332963] >ffff0000c5a47900: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.333560] ^ [ 75.333942] ffff0000c5a47980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.334556] ffff0000c5a47a00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.335151] ==================================================================
[ 74.324555] ================================================================== [ 74.325410] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xfc/0x1ac [ 74.326046] Write of size 16 at addr ffff0000c5a07e00 by task kunit_try_catch/134 [ 74.326593] [ 74.326852] CPU: 0 PID: 134 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.327580] Hardware name: linux,dummy-virt (DT) [ 74.328365] Call trace: [ 74.328638] dump_backtrace+0xf4/0x114 [ 74.329168] show_stack+0x18/0x24 [ 74.329615] __dump_stack+0x28/0x38 [ 74.330059] dump_stack_lvl+0x50/0x68 [ 74.330507] print_address_description+0x7c/0x1ec [ 74.331059] print_report+0x50/0x68 [ 74.331493] kasan_report+0xac/0xfc [ 74.331978] kasan_check_range+0x258/0x290 [ 74.332456] memcpy+0x60/0x90 [ 74.332846] kmalloc_oob_16+0xfc/0x1ac [ 74.333269] kunit_try_run_case+0x80/0x184 [ 74.334009] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.334596] kthread+0x16c/0x21c [ 74.335027] ret_from_fork+0x10/0x20 [ 74.335473] [ 74.335668] Allocated by task 134: [ 74.336264] kasan_set_track+0x4c/0x80 [ 74.336711] kasan_save_alloc_info+0x28/0x34 [ 74.337208] __kasan_kmalloc+0x88/0xa0 [ 74.337656] kmalloc_trace+0x54/0x68 [ 74.338090] kmalloc_oob_16+0x48/0x1ac [ 74.338532] kunit_try_run_case+0x80/0x184 [ 74.339006] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.339563] kthread+0x16c/0x21c [ 74.340257] ret_from_fork+0x10/0x20 [ 74.340701] [ 74.340945] The buggy address belongs to the object at ffff0000c5a07e00 [ 74.340945] which belongs to the cache kmalloc-128 of size 128 [ 74.341925] The buggy address is located 0 bytes inside of [ 74.341925] 128-byte region [ffff0000c5a07e00, ffff0000c5a07e80) [ 74.342850] [ 74.343075] The buggy address belongs to the physical page: [ 74.343539] page:0000000022d5f3f2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a07 [ 74.344630] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.345345] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.346013] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.346595] page dumped because: kasan: bad access detected [ 74.347075] [ 74.347275] Memory state around the buggy address: [ 74.347710] ffff0000c5a07d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.348330] ffff0000c5a07d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.349217] >ffff0000c5a07e00: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.349848] ^ [ 74.350223] ffff0000c5a07e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.350872] ffff0000c5a07f00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.351458] ==================================================================
[ 72.932298] ================================================================== [ 72.933147] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf0/0x290 [ 72.933764] Write of size 16 at addr ffff0000c5952c00 by task kunit_try_catch/134 [ 72.934441] [ 72.934682] CPU: 0 PID: 134 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 72.935305] Hardware name: linux,dummy-virt (DT) [ 72.936510] Call trace: [ 72.936751] dump_backtrace.part.0+0xdc/0xf0 [ 72.937185] show_stack+0x18/0x30 [ 72.937558] dump_stack_lvl+0x64/0x80 [ 72.938643] print_report+0x158/0x438 [ 72.939331] kasan_report+0xb4/0xf4 [ 72.939922] __asan_store16+0x68/0x94 [ 72.940513] kmalloc_oob_16+0xf0/0x290 [ 72.941144] kunit_try_run_case+0x84/0x120 [ 72.941850] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.942738] kthread+0x180/0x190 [ 72.943283] ret_from_fork+0x10/0x20 [ 72.943897] [ 72.944171] Allocated by task 134: [ 72.944657] kasan_save_stack+0x3c/0x70 [ 72.945255] kasan_set_track+0x2c/0x40 [ 72.945878] kasan_save_alloc_info+0x24/0x34 [ 72.946594] __kasan_kmalloc+0xb8/0xc0 [ 72.947170] kmalloc_trace+0x58/0x6c [ 72.947759] kmalloc_oob_16+0x9c/0x290 [ 72.948368] kunit_try_run_case+0x84/0x120 [ 72.949014] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 72.949811] kthread+0x180/0x190 [ 72.950459] ret_from_fork+0x10/0x20 [ 72.951039] [ 72.951257] The buggy address belongs to the object at ffff0000c5952c00 [ 72.951257] which belongs to the cache kmalloc-128 of size 128 [ 72.952140] The buggy address is located 0 bytes inside of [ 72.952140] 128-byte region [ffff0000c5952c00, ffff0000c5952c80) [ 72.953345] [ 72.953624] The buggy address belongs to the physical page: [ 72.954448] page:000000000a751a16 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105952 [ 72.955678] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 72.956720] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 72.957666] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 72.958677] page dumped because: kasan: bad access detected [ 72.959383] [ 72.959637] Memory state around the buggy address: [ 72.960328] ffff0000c5952b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 72.960993] ffff0000c5952b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.961473] >ffff0000c5952c00: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.962373] ^ [ 72.962867] ffff0000c5952c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.963330] ffff0000c5952d00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.963867] ==================================================================
[ 64.530617] ================================================================== [ 64.531428] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x104/0x278 [ 64.532027] Write of size 16 at addr ffff0000c58b8200 by task kunit_try_catch/132 [ 64.532551] [ 64.532771] CPU: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.533424] Hardware name: linux,dummy-virt (DT) [ 64.533825] Call trace: [ 64.534064] dump_backtrace+0x110/0x120 [ 64.534521] show_stack+0x18/0x28 [ 64.534913] dump_stack_lvl+0x68/0x84 [ 64.535324] print_report+0x158/0x484 [ 64.535684] kasan_report+0x98/0xe0 [ 64.536043] __asan_store16+0x7c/0xa8 [ 64.536433] kmalloc_oob_16+0x104/0x278 [ 64.536830] kunit_try_run_case+0x7c/0x120 [ 64.537284] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.537853] kthread+0x1a4/0x1b8 [ 64.538224] ret_from_fork+0x10/0x20 [ 64.538609] [ 64.538828] Allocated by task 132: [ 64.539118] kasan_save_stack+0x2c/0x58 [ 64.539563] kasan_set_track+0x2c/0x40 [ 64.539932] kasan_save_alloc_info+0x24/0x38 [ 64.540425] __kasan_kmalloc+0xa0/0xb8 [ 64.540799] kmalloc_trace+0x50/0x68 [ 64.541174] kmalloc_oob_16+0xac/0x278 [ 64.541640] kunit_try_run_case+0x7c/0x120 [ 64.542063] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.542564] kthread+0x1a4/0x1b8 [ 64.542897] ret_from_fork+0x10/0x20 [ 64.543272] [ 64.543449] The buggy address belongs to the object at ffff0000c58b8200 [ 64.543449] which belongs to the cache kmalloc-128 of size 128 [ 64.544299] The buggy address is located 0 bytes inside of [ 64.544299] 128-byte region [ffff0000c58b8200, ffff0000c58b8280) [ 64.545089] [ 64.545261] The buggy address belongs to the physical page: [ 64.545707] page:0000000079d9b0ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058b8 [ 64.546367] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.547050] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.547648] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.548372] page dumped because: kasan: bad access detected [ 64.548805] [ 64.548998] Memory state around the buggy address: [ 64.549384] ffff0000c58b8100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.550099] ffff0000c58b8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.550792] >ffff0000c58b8200: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.551296] ^ [ 64.551676] ffff0000c58b8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.552180] ffff0000c58b8300: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.552744] ==================================================================
[ 30.814614] ================================================================== [ 30.815754] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xef/0x250 [ 30.816768] Write of size 16 at addr ffff888102f54ae0 by task kunit_try_catch/238 [ 30.817632] [ 30.817834] CPU: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.818831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.819981] Call Trace: [ 30.820409] <TASK> [ 30.820783] dump_stack_lvl+0x49/0x62 [ 30.821229] print_report+0x189/0x492 [ 30.821738] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.822294] ? kmalloc_oob_16+0xef/0x250 [ 30.822521] kasan_report+0x10c/0x190 [ 30.822956] ? kmalloc_oob_16+0xef/0x250 [ 30.823403] __asan_store16+0x68/0x90 [ 30.823900] kmalloc_oob_16+0xef/0x250 [ 30.824246] ? kmalloc_uaf_16+0x250/0x250 [ 30.824636] ? __kunit_add_resource+0xd1/0x100 [ 30.824860] ? kasan_test_init+0x13e/0x1b0 [ 30.825059] kunit_try_run_case+0x8f/0xd0 [ 30.825320] ? kunit_catch_run_case+0x80/0x80 [ 30.825646] ? kunit_try_catch_throw+0x40/0x40 [ 30.826138] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.826831] kthread+0x17b/0x1b0 [ 30.827011] ? kthread_complete_and_exit+0x30/0x30 [ 30.827237] ret_from_fork+0x22/0x30 [ 30.827660] </TASK> [ 30.827931] [ 30.828113] Allocated by task 238: [ 30.828574] kasan_save_stack+0x41/0x70 [ 30.829009] kasan_set_track+0x25/0x40 [ 30.829445] kasan_save_alloc_info+0x1e/0x30 [ 30.829966] __kasan_kmalloc+0xb6/0xc0 [ 30.830520] kmalloc_trace+0x48/0xb0 [ 30.831038] kmalloc_oob_16+0x8b/0x250 [ 30.831538] kunit_try_run_case+0x8f/0xd0 [ 30.831730] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.831951] kthread+0x17b/0x1b0 [ 30.832103] ret_from_fork+0x22/0x30 [ 30.832286] [ 30.832378] The buggy address belongs to the object at ffff888102f54ae0 [ 30.832378] which belongs to the cache kmalloc-16 of size 16 [ 30.832964] The buggy address is located 0 bytes inside of [ 30.832964] 16-byte region [ffff888102f54ae0, ffff888102f54af0) [ 30.833467] [ 30.833558] The buggy address belongs to the physical page: [ 30.833985] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 30.834730] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.835092] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 30.835590] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 30.835949] page dumped because: kasan: bad access detected [ 30.836794] [ 30.836917] Memory state around the buggy address: [ 30.837143] ffff888102f54980: 00 02 fc fc 00 05 fc fc 00 02 fc fc 00 02 fc fc [ 30.837785] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 30.838244] >ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 30.838893] ^ [ 30.839375] ffff888102f54b00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.839837] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.840271] ==================================================================