Date
July 1, 2025, 12:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.093471] ================================================================== [ 17.093586] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.093672] Write of size 1 at addr fff00000c7800078 by task kunit_try_catch/142 [ 17.093723] [ 17.093762] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.093843] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.093886] Hardware name: linux,dummy-virt (DT) [ 17.093919] Call trace: [ 17.093942] show_stack+0x20/0x38 (C) [ 17.094017] dump_stack_lvl+0x8c/0xd0 [ 17.094153] print_report+0x118/0x608 [ 17.094203] kasan_report+0xdc/0x128 [ 17.094247] __asan_report_store1_noabort+0x20/0x30 [ 17.094324] kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.094453] kunit_try_run_case+0x170/0x3f0 [ 17.094506] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.094623] kthread+0x328/0x630 [ 17.094694] ret_from_fork+0x10/0x20 [ 17.094767] [ 17.094785] Allocated by task 142: [ 17.094933] kasan_save_stack+0x3c/0x68 [ 17.094985] kasan_save_track+0x20/0x40 [ 17.095055] kasan_save_alloc_info+0x40/0x58 [ 17.095141] __kasan_kmalloc+0xd4/0xd8 [ 17.095300] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.095384] kmalloc_track_caller_oob_right+0xa8/0x488 [ 17.095425] kunit_try_run_case+0x170/0x3f0 [ 17.095486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.095528] kthread+0x328/0x630 [ 17.095879] ret_from_fork+0x10/0x20 [ 17.096365] [ 17.096423] The buggy address belongs to the object at fff00000c7800000 [ 17.096423] which belongs to the cache kmalloc-128 of size 128 [ 17.096728] The buggy address is located 0 bytes to the right of [ 17.096728] allocated 120-byte region [fff00000c7800000, fff00000c7800078) [ 17.096819] [ 17.096839] The buggy address belongs to the physical page: [ 17.096873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107800 [ 17.097117] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.097349] page_type: f5(slab) [ 17.097496] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.097779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.097820] page dumped because: kasan: bad access detected [ 17.097879] [ 17.098249] Memory state around the buggy address: [ 17.098455] fff00000c77fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.098570] fff00000c77fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.098763] >fff00000c7800000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.098966] ^ [ 17.099006] fff00000c7800080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.099049] fff00000c7800100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.099089] ================================================================== [ 17.100064] ================================================================== [ 17.100117] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 17.100166] Write of size 1 at addr fff00000c7800178 by task kunit_try_catch/142 [ 17.100387] [ 17.100421] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.100620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.100793] Hardware name: linux,dummy-virt (DT) [ 17.100904] Call trace: [ 17.100972] show_stack+0x20/0x38 (C) [ 17.101023] dump_stack_lvl+0x8c/0xd0 [ 17.101234] print_report+0x118/0x608 [ 17.101337] kasan_report+0xdc/0x128 [ 17.101496] __asan_report_store1_noabort+0x20/0x30 [ 17.101601] kmalloc_track_caller_oob_right+0x418/0x488 [ 17.101964] kunit_try_run_case+0x170/0x3f0 [ 17.102034] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.102088] kthread+0x328/0x630 [ 17.102130] ret_from_fork+0x10/0x20 [ 17.102254] [ 17.102331] Allocated by task 142: [ 17.102397] kasan_save_stack+0x3c/0x68 [ 17.102542] kasan_save_track+0x20/0x40 [ 17.102637] kasan_save_alloc_info+0x40/0x58 [ 17.102678] __kasan_kmalloc+0xd4/0xd8 [ 17.102754] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.102800] kmalloc_track_caller_oob_right+0x184/0x488 [ 17.102845] kunit_try_run_case+0x170/0x3f0 [ 17.102882] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.102996] kthread+0x328/0x630 [ 17.103136] ret_from_fork+0x10/0x20 [ 17.103470] [ 17.103600] The buggy address belongs to the object at fff00000c7800100 [ 17.103600] which belongs to the cache kmalloc-128 of size 128 [ 17.103893] The buggy address is located 0 bytes to the right of [ 17.103893] allocated 120-byte region [fff00000c7800100, fff00000c7800178) [ 17.104048] [ 17.104075] The buggy address belongs to the physical page: [ 17.104105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107800 [ 17.104159] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.104206] page_type: f5(slab) [ 17.104245] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.104465] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.104956] page dumped because: kasan: bad access detected [ 17.105055] [ 17.105242] Memory state around the buggy address: [ 17.105375] fff00000c7800000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.105420] fff00000c7800080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.105483] >fff00000c7800100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.105536] ^ [ 17.105577] fff00000c7800180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.105628] fff00000c7800200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.105666] ==================================================================
[ 10.909073] ================================================================== [ 10.909832] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.910692] Write of size 1 at addr ffff8881030fba78 by task kunit_try_catch/159 [ 10.910999] [ 10.911783] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.911831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.911843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.911863] Call Trace: [ 10.911874] <TASK> [ 10.911889] dump_stack_lvl+0x73/0xb0 [ 10.911917] print_report+0xd1/0x650 [ 10.911938] ? __virt_addr_valid+0x1db/0x2d0 [ 10.911959] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.911982] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.912002] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.912038] kasan_report+0x141/0x180 [ 10.912104] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.912134] __asan_report_store1_noabort+0x1b/0x30 [ 10.912153] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.912176] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.912200] ? __schedule+0x10cc/0x2b60 [ 10.912221] ? __pfx_read_tsc+0x10/0x10 [ 10.912241] ? ktime_get_ts64+0x86/0x230 [ 10.912263] kunit_try_run_case+0x1a5/0x480 [ 10.912286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.912306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.912328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.912349] ? __kthread_parkme+0x82/0x180 [ 10.912368] ? preempt_count_sub+0x50/0x80 [ 10.912389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.912411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.912432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.912453] kthread+0x337/0x6f0 [ 10.912471] ? trace_preempt_on+0x20/0xc0 [ 10.912493] ? __pfx_kthread+0x10/0x10 [ 10.912512] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.912532] ? calculate_sigpending+0x7b/0xa0 [ 10.912554] ? __pfx_kthread+0x10/0x10 [ 10.912574] ret_from_fork+0x116/0x1d0 [ 10.912590] ? __pfx_kthread+0x10/0x10 [ 10.912609] ret_from_fork_asm+0x1a/0x30 [ 10.912637] </TASK> [ 10.912648] [ 10.924826] Allocated by task 159: [ 10.925354] kasan_save_stack+0x45/0x70 [ 10.925719] kasan_save_track+0x18/0x40 [ 10.926016] kasan_save_alloc_info+0x3b/0x50 [ 10.926455] __kasan_kmalloc+0xb7/0xc0 [ 10.926753] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.927244] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.927490] kunit_try_run_case+0x1a5/0x480 [ 10.927907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.928384] kthread+0x337/0x6f0 [ 10.928547] ret_from_fork+0x116/0x1d0 [ 10.928723] ret_from_fork_asm+0x1a/0x30 [ 10.928911] [ 10.929007] The buggy address belongs to the object at ffff8881030fba00 [ 10.929007] which belongs to the cache kmalloc-128 of size 128 [ 10.930183] The buggy address is located 0 bytes to the right of [ 10.930183] allocated 120-byte region [ffff8881030fba00, ffff8881030fba78) [ 10.931001] [ 10.931284] The buggy address belongs to the physical page: [ 10.931764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030fb [ 10.932361] flags: 0x200000000000000(node=0|zone=2) [ 10.932584] page_type: f5(slab) [ 10.932829] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.933393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.933879] page dumped because: kasan: bad access detected [ 10.934400] [ 10.934489] Memory state around the buggy address: [ 10.934808] ffff8881030fb900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.935419] ffff8881030fb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.935813] >ffff8881030fba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.936316] ^ [ 10.936811] ffff8881030fba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.937439] ffff8881030fbb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.937870] ================================================================== [ 10.873979] ================================================================== [ 10.874872] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.875767] Write of size 1 at addr ffff8881030fb978 by task kunit_try_catch/159 [ 10.876873] [ 10.877254] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.877301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.877314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.877349] Call Trace: [ 10.877362] <TASK> [ 10.877377] dump_stack_lvl+0x73/0xb0 [ 10.877404] print_report+0xd1/0x650 [ 10.877426] ? __virt_addr_valid+0x1db/0x2d0 [ 10.877472] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.877496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.877517] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.877541] kasan_report+0x141/0x180 [ 10.877562] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.877590] __asan_report_store1_noabort+0x1b/0x30 [ 10.877609] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.877632] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.877656] ? __schedule+0x10cc/0x2b60 [ 10.877676] ? __pfx_read_tsc+0x10/0x10 [ 10.877696] ? ktime_get_ts64+0x86/0x230 [ 10.877718] kunit_try_run_case+0x1a5/0x480 [ 10.877741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.877761] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.877782] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.877803] ? __kthread_parkme+0x82/0x180 [ 10.877823] ? preempt_count_sub+0x50/0x80 [ 10.877844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.877866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.877887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.877908] kthread+0x337/0x6f0 [ 10.877926] ? trace_preempt_on+0x20/0xc0 [ 10.877948] ? __pfx_kthread+0x10/0x10 [ 10.877967] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.877986] ? calculate_sigpending+0x7b/0xa0 [ 10.878008] ? __pfx_kthread+0x10/0x10 [ 10.878040] ret_from_fork+0x116/0x1d0 [ 10.878057] ? __pfx_kthread+0x10/0x10 [ 10.878076] ret_from_fork_asm+0x1a/0x30 [ 10.878105] </TASK> [ 10.878115] [ 10.894162] Allocated by task 159: [ 10.894580] kasan_save_stack+0x45/0x70 [ 10.894935] kasan_save_track+0x18/0x40 [ 10.895331] kasan_save_alloc_info+0x3b/0x50 [ 10.895851] __kasan_kmalloc+0xb7/0xc0 [ 10.896379] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.896868] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.897072] kunit_try_run_case+0x1a5/0x480 [ 10.897677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.898331] kthread+0x337/0x6f0 [ 10.898823] ret_from_fork+0x116/0x1d0 [ 10.899202] ret_from_fork_asm+0x1a/0x30 [ 10.899572] [ 10.899870] The buggy address belongs to the object at ffff8881030fb900 [ 10.899870] which belongs to the cache kmalloc-128 of size 128 [ 10.900615] The buggy address is located 0 bytes to the right of [ 10.900615] allocated 120-byte region [ffff8881030fb900, ffff8881030fb978) [ 10.901428] [ 10.901527] The buggy address belongs to the physical page: [ 10.901741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030fb [ 10.902362] flags: 0x200000000000000(node=0|zone=2) [ 10.902713] page_type: f5(slab) [ 10.903016] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.903505] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.903954] page dumped because: kasan: bad access detected [ 10.904428] [ 10.904522] Memory state around the buggy address: [ 10.904905] ffff8881030fb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.905639] ffff8881030fb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.906218] >ffff8881030fb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.906634] ^ [ 10.907276] ffff8881030fb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.907629] ffff8881030fba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.908296] ==================================================================