Date
July 9, 2025, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.703512] ================================================================== [ 16.703579] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.703645] Write of size 1 at addr fff00000c7767178 by task kunit_try_catch/142 [ 16.703695] [ 16.703734] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.703818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.703844] Hardware name: linux,dummy-virt (DT) [ 16.703876] Call trace: [ 16.703899] show_stack+0x20/0x38 (C) [ 16.703951] dump_stack_lvl+0x8c/0xd0 [ 16.704000] print_report+0x118/0x608 [ 16.704054] kasan_report+0xdc/0x128 [ 16.704145] __asan_report_store1_noabort+0x20/0x30 [ 16.704217] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.704269] kunit_try_run_case+0x170/0x3f0 [ 16.704436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.704503] kthread+0x328/0x630 [ 16.704559] ret_from_fork+0x10/0x20 [ 16.704661] [ 16.704691] Allocated by task 142: [ 16.704799] kasan_save_stack+0x3c/0x68 [ 16.704850] kasan_save_track+0x20/0x40 [ 16.704955] kasan_save_alloc_info+0x40/0x58 [ 16.704996] __kasan_kmalloc+0xd4/0xd8 [ 16.705041] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.705104] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.705145] kunit_try_run_case+0x170/0x3f0 [ 16.705182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.705225] kthread+0x328/0x630 [ 16.705257] ret_from_fork+0x10/0x20 [ 16.705292] [ 16.705310] The buggy address belongs to the object at fff00000c7767100 [ 16.705310] which belongs to the cache kmalloc-128 of size 128 [ 16.705376] The buggy address is located 0 bytes to the right of [ 16.705376] allocated 120-byte region [fff00000c7767100, fff00000c7767178) [ 16.705448] [ 16.705468] The buggy address belongs to the physical page: [ 16.705499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.705553] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.705604] page_type: f5(slab) [ 16.705645] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.705696] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.705736] page dumped because: kasan: bad access detected [ 16.705775] [ 16.705793] Memory state around the buggy address: [ 16.705824] fff00000c7767000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.705872] fff00000c7767080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.705922] >fff00000c7767100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.705959] ^ [ 16.706007] fff00000c7767180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.706048] fff00000c7767200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.706478] ================================================================== [ 16.707664] ================================================================== [ 16.707717] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.707833] Write of size 1 at addr fff00000c7767278 by task kunit_try_catch/142 [ 16.707885] [ 16.707914] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.708044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.708071] Hardware name: linux,dummy-virt (DT) [ 16.708140] Call trace: [ 16.708169] show_stack+0x20/0x38 (C) [ 16.708221] dump_stack_lvl+0x8c/0xd0 [ 16.708269] print_report+0x118/0x608 [ 16.708315] kasan_report+0xdc/0x128 [ 16.708360] __asan_report_store1_noabort+0x20/0x30 [ 16.708412] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.708610] kunit_try_run_case+0x170/0x3f0 [ 16.708690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.708793] kthread+0x328/0x630 [ 16.708878] ret_from_fork+0x10/0x20 [ 16.708928] [ 16.708946] Allocated by task 142: [ 16.708973] kasan_save_stack+0x3c/0x68 [ 16.709014] kasan_save_track+0x20/0x40 [ 16.709183] kasan_save_alloc_info+0x40/0x58 [ 16.709310] __kasan_kmalloc+0xd4/0xd8 [ 16.709357] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.709451] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.709495] kunit_try_run_case+0x170/0x3f0 [ 16.709532] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.709574] kthread+0x328/0x630 [ 16.709633] ret_from_fork+0x10/0x20 [ 16.709769] [ 16.709916] The buggy address belongs to the object at fff00000c7767200 [ 16.709916] which belongs to the cache kmalloc-128 of size 128 [ 16.710161] The buggy address is located 0 bytes to the right of [ 16.710161] allocated 120-byte region [fff00000c7767200, fff00000c7767278) [ 16.710248] [ 16.710276] The buggy address belongs to the physical page: [ 16.710305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.710374] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.710783] page_type: f5(slab) [ 16.710975] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.711115] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.711230] page dumped because: kasan: bad access detected [ 16.711413] [ 16.711450] Memory state around the buggy address: [ 16.711632] fff00000c7767100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.711705] fff00000c7767180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.711897] >fff00000c7767200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.712047] ^ [ 16.712103] fff00000c7767280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.712245] fff00000c7767300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.712326] ==================================================================
[ 12.140135] ================================================================== [ 12.141222] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.142080] Write of size 1 at addr ffff888102c29b78 by task kunit_try_catch/159 [ 12.142312] [ 12.142405] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.142451] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.142461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.142482] Call Trace: [ 12.142496] <TASK> [ 12.142513] dump_stack_lvl+0x73/0xb0 [ 12.142545] print_report+0xd1/0x650 [ 12.142568] ? __virt_addr_valid+0x1db/0x2d0 [ 12.142606] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.142632] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.142655] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.142680] kasan_report+0x141/0x180 [ 12.142979] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.143011] __asan_report_store1_noabort+0x1b/0x30 [ 12.143037] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.143063] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.143215] ? __schedule+0x10cc/0x2b60 [ 12.143239] ? __pfx_read_tsc+0x10/0x10 [ 12.143261] ? ktime_get_ts64+0x86/0x230 [ 12.143285] kunit_try_run_case+0x1a5/0x480 [ 12.143310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.143332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.143356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.143379] ? __kthread_parkme+0x82/0x180 [ 12.143401] ? preempt_count_sub+0x50/0x80 [ 12.143425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.143449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.143472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.143496] kthread+0x337/0x6f0 [ 12.143514] ? trace_preempt_on+0x20/0xc0 [ 12.143538] ? __pfx_kthread+0x10/0x10 [ 12.143558] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.143578] ? calculate_sigpending+0x7b/0xa0 [ 12.143616] ? __pfx_kthread+0x10/0x10 [ 12.143637] ret_from_fork+0x116/0x1d0 [ 12.143654] ? __pfx_kthread+0x10/0x10 [ 12.143674] ret_from_fork_asm+0x1a/0x30 [ 12.143705] </TASK> [ 12.143715] [ 12.156624] Allocated by task 159: [ 12.157220] kasan_save_stack+0x45/0x70 [ 12.157396] kasan_save_track+0x18/0x40 [ 12.157534] kasan_save_alloc_info+0x3b/0x50 [ 12.157697] __kasan_kmalloc+0xb7/0xc0 [ 12.157838] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.158021] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.158193] kunit_try_run_case+0x1a5/0x480 [ 12.158338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.158512] kthread+0x337/0x6f0 [ 12.158711] ret_from_fork+0x116/0x1d0 [ 12.159042] ret_from_fork_asm+0x1a/0x30 [ 12.159420] [ 12.159612] The buggy address belongs to the object at ffff888102c29b00 [ 12.159612] which belongs to the cache kmalloc-128 of size 128 [ 12.160813] The buggy address is located 0 bytes to the right of [ 12.160813] allocated 120-byte region [ffff888102c29b00, ffff888102c29b78) [ 12.162245] [ 12.162407] The buggy address belongs to the physical page: [ 12.163013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c29 [ 12.163850] flags: 0x200000000000000(node=0|zone=2) [ 12.164370] page_type: f5(slab) [ 12.164745] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.165542] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.166448] page dumped because: kasan: bad access detected [ 12.167030] [ 12.167217] Memory state around the buggy address: [ 12.167448] ffff888102c29a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.167852] ffff888102c29a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.168664] >ffff888102c29b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.169402] ^ [ 12.169803] ffff888102c29b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.170229] ffff888102c29c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.170912] ================================================================== [ 12.171909] ================================================================== [ 12.172155] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.172726] Write of size 1 at addr ffff888102c29c78 by task kunit_try_catch/159 [ 12.173222] [ 12.173402] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.173446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.173457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.173476] Call Trace: [ 12.173487] <TASK> [ 12.173504] dump_stack_lvl+0x73/0xb0 [ 12.173534] print_report+0xd1/0x650 [ 12.173556] ? __virt_addr_valid+0x1db/0x2d0 [ 12.173579] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.173616] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.173638] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.173674] kasan_report+0x141/0x180 [ 12.173696] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.173725] __asan_report_store1_noabort+0x1b/0x30 [ 12.173756] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.173781] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.173808] ? __schedule+0x10cc/0x2b60 [ 12.173830] ? __pfx_read_tsc+0x10/0x10 [ 12.173851] ? ktime_get_ts64+0x86/0x230 [ 12.173876] kunit_try_run_case+0x1a5/0x480 [ 12.173900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.173948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.173971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.173994] ? __kthread_parkme+0x82/0x180 [ 12.174015] ? preempt_count_sub+0x50/0x80 [ 12.174039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.174062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.174088] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.174112] kthread+0x337/0x6f0 [ 12.174130] ? trace_preempt_on+0x20/0xc0 [ 12.174154] ? __pfx_kthread+0x10/0x10 [ 12.174173] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.174194] ? calculate_sigpending+0x7b/0xa0 [ 12.174219] ? __pfx_kthread+0x10/0x10 [ 12.174239] ret_from_fork+0x116/0x1d0 [ 12.174257] ? __pfx_kthread+0x10/0x10 [ 12.174277] ret_from_fork_asm+0x1a/0x30 [ 12.174307] </TASK> [ 12.174317] [ 12.188456] Allocated by task 159: [ 12.188832] kasan_save_stack+0x45/0x70 [ 12.189234] kasan_save_track+0x18/0x40 [ 12.189711] kasan_save_alloc_info+0x3b/0x50 [ 12.190145] __kasan_kmalloc+0xb7/0xc0 [ 12.190472] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.191046] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.191230] kunit_try_run_case+0x1a5/0x480 [ 12.191752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.192343] kthread+0x337/0x6f0 [ 12.192528] ret_from_fork+0x116/0x1d0 [ 12.192754] ret_from_fork_asm+0x1a/0x30 [ 12.193181] [ 12.193364] The buggy address belongs to the object at ffff888102c29c00 [ 12.193364] which belongs to the cache kmalloc-128 of size 128 [ 12.194583] The buggy address is located 0 bytes to the right of [ 12.194583] allocated 120-byte region [ffff888102c29c00, ffff888102c29c78) [ 12.195624] [ 12.195760] The buggy address belongs to the physical page: [ 12.196223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c29 [ 12.196837] flags: 0x200000000000000(node=0|zone=2) [ 12.197315] page_type: f5(slab) [ 12.197586] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.198283] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.198510] page dumped because: kasan: bad access detected [ 12.198693] [ 12.198763] Memory state around the buggy address: [ 12.199290] ffff888102c29b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.200029] ffff888102c29b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.200841] >ffff888102c29c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.201664] ^ [ 12.202337] ffff888102c29c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.203049] ffff888102c29d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.203506] ==================================================================