Date
July 5, 2025, 5:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.035227] ================================================================== [ 18.035273] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 18.036415] Write of size 1 at addr fff00000c5cbb978 by task kunit_try_catch/142 [ 18.036486] [ 18.036578] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.036658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.036704] Hardware name: linux,dummy-virt (DT) [ 18.036774] Call trace: [ 18.036802] show_stack+0x20/0x38 (C) [ 18.036882] dump_stack_lvl+0x8c/0xd0 [ 18.036932] print_report+0x118/0x608 [ 18.037095] kasan_report+0xdc/0x128 [ 18.037170] __asan_report_store1_noabort+0x20/0x30 [ 18.037349] kmalloc_track_caller_oob_right+0x418/0x488 [ 18.037413] kunit_try_run_case+0x170/0x3f0 [ 18.037467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.037533] kthread+0x328/0x630 [ 18.037574] ret_from_fork+0x10/0x20 [ 18.037644] [ 18.037662] Allocated by task 142: [ 18.037689] kasan_save_stack+0x3c/0x68 [ 18.037735] kasan_save_track+0x20/0x40 [ 18.037772] kasan_save_alloc_info+0x40/0x58 [ 18.037813] __kasan_kmalloc+0xd4/0xd8 [ 18.037885] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.037928] kmalloc_track_caller_oob_right+0x184/0x488 [ 18.037968] kunit_try_run_case+0x170/0x3f0 [ 18.038017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.038058] kthread+0x328/0x630 [ 18.038369] ret_from_fork+0x10/0x20 [ 18.038444] [ 18.038464] The buggy address belongs to the object at fff00000c5cbb900 [ 18.038464] which belongs to the cache kmalloc-128 of size 128 [ 18.038518] The buggy address is located 0 bytes to the right of [ 18.038518] allocated 120-byte region [fff00000c5cbb900, fff00000c5cbb978) [ 18.038579] [ 18.038597] The buggy address belongs to the physical page: [ 18.038625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105cbb [ 18.038687] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.038739] page_type: f5(slab) [ 18.038776] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.038831] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.039308] page dumped because: kasan: bad access detected [ 18.039340] [ 18.039359] Memory state around the buggy address: [ 18.039393] fff00000c5cbb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.039440] fff00000c5cbb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.039480] >fff00000c5cbb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.039529] ^ [ 18.039581] fff00000c5cbb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.039621] fff00000c5cbba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.039665] ================================================================== [ 18.027742] ================================================================== [ 18.027813] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.027884] Write of size 1 at addr fff00000c5cbb878 by task kunit_try_catch/142 [ 18.027944] [ 18.027977] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 18.028260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.028404] Hardware name: linux,dummy-virt (DT) [ 18.028469] Call trace: [ 18.029335] show_stack+0x20/0x38 (C) [ 18.029399] dump_stack_lvl+0x8c/0xd0 [ 18.029464] print_report+0x118/0x608 [ 18.029511] kasan_report+0xdc/0x128 [ 18.029556] __asan_report_store1_noabort+0x20/0x30 [ 18.029607] kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.029657] kunit_try_run_case+0x170/0x3f0 [ 18.031177] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.031923] kthread+0x328/0x630 [ 18.031988] ret_from_fork+0x10/0x20 [ 18.032080] [ 18.032139] Allocated by task 142: [ 18.032199] kasan_save_stack+0x3c/0x68 [ 18.032265] kasan_save_track+0x20/0x40 [ 18.032320] kasan_save_alloc_info+0x40/0x58 [ 18.032399] __kasan_kmalloc+0xd4/0xd8 [ 18.032457] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.032519] kmalloc_track_caller_oob_right+0xa8/0x488 [ 18.032757] kunit_try_run_case+0x170/0x3f0 [ 18.032877] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.032982] kthread+0x328/0x630 [ 18.033039] ret_from_fork+0x10/0x20 [ 18.033104] [ 18.033184] The buggy address belongs to the object at fff00000c5cbb800 [ 18.033184] which belongs to the cache kmalloc-128 of size 128 [ 18.033281] The buggy address is located 0 bytes to the right of [ 18.033281] allocated 120-byte region [fff00000c5cbb800, fff00000c5cbb878) [ 18.033429] [ 18.033448] The buggy address belongs to the physical page: [ 18.033477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105cbb [ 18.033574] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.033809] page_type: f5(slab) [ 18.033873] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.034137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.034330] page dumped because: kasan: bad access detected [ 18.034369] [ 18.034387] Memory state around the buggy address: [ 18.034419] fff00000c5cbb700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.034464] fff00000c5cbb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.034504] >fff00000c5cbb800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.034546] ^ [ 18.034584] fff00000c5cbb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.034630] fff00000c5cbb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.034666] ==================================================================
[ 11.015375] ================================================================== [ 11.016015] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.016815] Write of size 1 at addr ffff8881031a0478 by task kunit_try_catch/160 [ 11.017585] [ 11.017759] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.017800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.017812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.017833] Call Trace: [ 11.017845] <TASK> [ 11.017860] dump_stack_lvl+0x73/0xb0 [ 11.017886] print_report+0xd1/0x650 [ 11.017907] ? __virt_addr_valid+0x1db/0x2d0 [ 11.017928] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.017951] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.017972] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.017996] kasan_report+0x141/0x180 [ 11.018017] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.018046] __asan_report_store1_noabort+0x1b/0x30 [ 11.018065] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.018089] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.018113] ? __schedule+0x10cc/0x2b60 [ 11.018134] ? __pfx_read_tsc+0x10/0x10 [ 11.018153] ? ktime_get_ts64+0x86/0x230 [ 11.018176] kunit_try_run_case+0x1a5/0x480 [ 11.018199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.018220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.018241] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.018262] ? __kthread_parkme+0x82/0x180 [ 11.018281] ? preempt_count_sub+0x50/0x80 [ 11.018303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.018338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.018359] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.018381] kthread+0x337/0x6f0 [ 11.018399] ? trace_preempt_on+0x20/0xc0 [ 11.018421] ? __pfx_kthread+0x10/0x10 [ 11.018441] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.018472] ? calculate_sigpending+0x7b/0xa0 [ 11.018494] ? __pfx_kthread+0x10/0x10 [ 11.018515] ret_from_fork+0x116/0x1d0 [ 11.018532] ? __pfx_kthread+0x10/0x10 [ 11.018552] ret_from_fork_asm+0x1a/0x30 [ 11.018581] </TASK> [ 11.018591] [ 11.029993] Allocated by task 160: [ 11.030133] kasan_save_stack+0x45/0x70 [ 11.030372] kasan_save_track+0x18/0x40 [ 11.030743] kasan_save_alloc_info+0x3b/0x50 [ 11.031128] __kasan_kmalloc+0xb7/0xc0 [ 11.031530] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.032099] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.032636] kunit_try_run_case+0x1a5/0x480 [ 11.033082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.033639] kthread+0x337/0x6f0 [ 11.034043] ret_from_fork+0x116/0x1d0 [ 11.034209] ret_from_fork_asm+0x1a/0x30 [ 11.034585] [ 11.034749] The buggy address belongs to the object at ffff8881031a0400 [ 11.034749] which belongs to the cache kmalloc-128 of size 128 [ 11.035697] The buggy address is located 0 bytes to the right of [ 11.035697] allocated 120-byte region [ffff8881031a0400, ffff8881031a0478) [ 11.036403] [ 11.036486] The buggy address belongs to the physical page: [ 11.037138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 11.037450] flags: 0x200000000000000(node=0|zone=2) [ 11.038130] page_type: f5(slab) [ 11.038521] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.039484] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.040290] page dumped because: kasan: bad access detected [ 11.040511] [ 11.040583] Memory state around the buggy address: [ 11.040742] ffff8881031a0300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.041415] ffff8881031a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.042069] >ffff8881031a0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.042769] ^ [ 11.043277] ffff8881031a0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.043501] ffff8881031a0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.043768] ================================================================== [ 10.984564] ================================================================== [ 10.985685] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.987151] Write of size 1 at addr ffff8881031a0378 by task kunit_try_catch/160 [ 10.987888] [ 10.988190] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.988240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.988252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.988273] Call Trace: [ 10.988288] <TASK> [ 10.988305] dump_stack_lvl+0x73/0xb0 [ 10.988335] print_report+0xd1/0x650 [ 10.988356] ? __virt_addr_valid+0x1db/0x2d0 [ 10.988379] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.988423] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988447] kasan_report+0x141/0x180 [ 10.988481] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988509] __asan_report_store1_noabort+0x1b/0x30 [ 10.988529] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988552] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.988576] ? __schedule+0x10cc/0x2b60 [ 10.988598] ? __pfx_read_tsc+0x10/0x10 [ 10.988618] ? ktime_get_ts64+0x86/0x230 [ 10.988643] kunit_try_run_case+0x1a5/0x480 [ 10.988668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.988689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.988711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.988734] ? __kthread_parkme+0x82/0x180 [ 10.988754] ? preempt_count_sub+0x50/0x80 [ 10.988777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.988800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.988821] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.988842] kthread+0x337/0x6f0 [ 10.988861] ? trace_preempt_on+0x20/0xc0 [ 10.988883] ? __pfx_kthread+0x10/0x10 [ 10.988902] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.988922] ? calculate_sigpending+0x7b/0xa0 [ 10.988945] ? __pfx_kthread+0x10/0x10 [ 10.988965] ret_from_fork+0x116/0x1d0 [ 10.988982] ? __pfx_kthread+0x10/0x10 [ 10.989001] ret_from_fork_asm+0x1a/0x30 [ 10.989031] </TASK> [ 10.989041] [ 11.001636] Allocated by task 160: [ 11.001903] kasan_save_stack+0x45/0x70 [ 11.002296] kasan_save_track+0x18/0x40 [ 11.002777] kasan_save_alloc_info+0x3b/0x50 [ 11.003032] __kasan_kmalloc+0xb7/0xc0 [ 11.003164] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.003741] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.004232] kunit_try_run_case+0x1a5/0x480 [ 11.004617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.004913] kthread+0x337/0x6f0 [ 11.005275] ret_from_fork+0x116/0x1d0 [ 11.005634] ret_from_fork_asm+0x1a/0x30 [ 11.005835] [ 11.005907] The buggy address belongs to the object at ffff8881031a0300 [ 11.005907] which belongs to the cache kmalloc-128 of size 128 [ 11.006311] The buggy address is located 0 bytes to the right of [ 11.006311] allocated 120-byte region [ffff8881031a0300, ffff8881031a0378) [ 11.007555] [ 11.007719] The buggy address belongs to the physical page: [ 11.008244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 11.009032] flags: 0x200000000000000(node=0|zone=2) [ 11.009435] page_type: f5(slab) [ 11.009571] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.009872] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.010615] page dumped because: kasan: bad access detected [ 11.011108] [ 11.011297] Memory state around the buggy address: [ 11.011739] ffff8881031a0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.012446] ffff8881031a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.012673] >ffff8881031a0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.012879] ^ [ 11.013087] ffff8881031a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.013567] ffff8881031a0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.014249] ==================================================================