Date
July 20, 2025, 8:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 14.909826] ================================================================== [ 14.910136] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 14.910298] Write of size 1 at addr fff00000c6094978 by task kunit_try_catch/143 [ 14.910353] [ 14.910401] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 14.910530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.910577] Hardware name: linux,dummy-virt (DT) [ 14.910609] Call trace: [ 14.910638] show_stack+0x20/0x38 (C) [ 14.910827] dump_stack_lvl+0x8c/0xd0 [ 14.910882] print_report+0x118/0x5d0 [ 14.910929] kasan_report+0xdc/0x128 [ 14.910982] __asan_report_store1_noabort+0x20/0x30 [ 14.911467] kmalloc_track_caller_oob_right+0x418/0x488 [ 14.911573] kunit_try_run_case+0x170/0x3f0 [ 14.911625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 14.911707] kthread+0x328/0x630 [ 14.911974] ret_from_fork+0x10/0x20 [ 14.912026] [ 14.912053] Allocated by task 143: [ 14.912080] kasan_save_stack+0x3c/0x68 [ 14.912300] kasan_save_track+0x20/0x40 [ 14.912352] kasan_save_alloc_info+0x40/0x58 [ 14.912392] __kasan_kmalloc+0xd4/0xd8 [ 14.912427] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 14.912726] kmalloc_track_caller_oob_right+0x184/0x488 [ 14.912811] kunit_try_run_case+0x170/0x3f0 [ 14.912915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 14.913292] kthread+0x328/0x630 [ 14.913383] ret_from_fork+0x10/0x20 [ 14.913595] [ 14.913622] The buggy address belongs to the object at fff00000c6094900 [ 14.913622] which belongs to the cache kmalloc-128 of size 128 [ 14.913679] The buggy address is located 0 bytes to the right of [ 14.913679] allocated 120-byte region [fff00000c6094900, fff00000c6094978) [ 14.913845] [ 14.913891] The buggy address belongs to the physical page: [ 14.913955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106094 [ 14.914044] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 14.914155] page_type: f5(slab) [ 14.914219] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 14.914269] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.914604] page dumped because: kasan: bad access detected [ 14.914747] [ 14.914824] Memory state around the buggy address: [ 14.914857] fff00000c6094800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.915183] fff00000c6094880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915306] >fff00000c6094900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.915397] ^ [ 14.915484] fff00000c6094980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915791] fff00000c6094a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915855] ================================================================== [ 14.903203] ================================================================== [ 14.903262] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 14.903312] Write of size 1 at addr fff00000c6094878 by task kunit_try_catch/143 [ 14.903380] [ 14.903412] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 14.903498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.903525] Hardware name: linux,dummy-virt (DT) [ 14.903884] Call trace: [ 14.903919] show_stack+0x20/0x38 (C) [ 14.904167] dump_stack_lvl+0x8c/0xd0 [ 14.904228] print_report+0x118/0x5d0 [ 14.904620] kasan_report+0xdc/0x128 [ 14.905012] __asan_report_store1_noabort+0x20/0x30 [ 14.905098] kmalloc_track_caller_oob_right+0x40c/0x488 [ 14.905150] kunit_try_run_case+0x170/0x3f0 [ 14.905207] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 14.905259] kthread+0x328/0x630 [ 14.905300] ret_from_fork+0x10/0x20 [ 14.905347] [ 14.905365] Allocated by task 143: [ 14.905393] kasan_save_stack+0x3c/0x68 [ 14.905433] kasan_save_track+0x20/0x40 [ 14.905470] kasan_save_alloc_info+0x40/0x58 [ 14.905639] __kasan_kmalloc+0xd4/0xd8 [ 14.906089] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 14.906157] kmalloc_track_caller_oob_right+0xa8/0x488 [ 14.906462] kunit_try_run_case+0x170/0x3f0 [ 14.906548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 14.906595] kthread+0x328/0x630 [ 14.906630] ret_from_fork+0x10/0x20 [ 14.906666] [ 14.906715] The buggy address belongs to the object at fff00000c6094800 [ 14.906715] which belongs to the cache kmalloc-128 of size 128 [ 14.906785] The buggy address is located 0 bytes to the right of [ 14.906785] allocated 120-byte region [fff00000c6094800, fff00000c6094878) [ 14.906848] [ 14.906891] The buggy address belongs to the physical page: [ 14.906930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106094 [ 14.906981] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 14.907026] page_type: f5(slab) [ 14.907078] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 14.907135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.907182] page dumped because: kasan: bad access detected [ 14.907225] [ 14.907243] Memory state around the buggy address: [ 14.907288] fff00000c6094700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.907334] fff00000c6094780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.907377] >fff00000c6094800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.907413] ^ [ 14.907458] fff00000c6094880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.907504] fff00000c6094900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.907540] ==================================================================
[ 12.374886] ================================================================== [ 12.375595] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.376104] Write of size 1 at addr ffff888103249478 by task kunit_try_catch/160 [ 12.376772] [ 12.376932] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.377117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.377163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.377184] Call Trace: [ 12.377196] <TASK> [ 12.377210] dump_stack_lvl+0x73/0xb0 [ 12.377240] print_report+0xd1/0x610 [ 12.377261] ? __virt_addr_valid+0x1db/0x2d0 [ 12.377283] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.377307] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.377328] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.377352] kasan_report+0x141/0x180 [ 12.377373] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.377401] __asan_report_store1_noabort+0x1b/0x30 [ 12.377425] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.377449] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.377486] ? __schedule+0x10c6/0x2b60 [ 12.377507] ? __pfx_read_tsc+0x10/0x10 [ 12.377527] ? ktime_get_ts64+0x86/0x230 [ 12.377553] kunit_try_run_case+0x1a5/0x480 [ 12.377581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.377604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.377625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.377648] ? __kthread_parkme+0x82/0x180 [ 12.377667] ? preempt_count_sub+0x50/0x80 [ 12.377691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.377714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.377736] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.377759] kthread+0x337/0x6f0 [ 12.377858] ? trace_preempt_on+0x20/0xc0 [ 12.377882] ? __pfx_kthread+0x10/0x10 [ 12.377902] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.377923] ? calculate_sigpending+0x7b/0xa0 [ 12.377945] ? __pfx_kthread+0x10/0x10 [ 12.377966] ret_from_fork+0x116/0x1d0 [ 12.377984] ? __pfx_kthread+0x10/0x10 [ 12.378003] ret_from_fork_asm+0x1a/0x30 [ 12.378032] </TASK> [ 12.378042] [ 12.390026] Allocated by task 160: [ 12.390240] kasan_save_stack+0x45/0x70 [ 12.390730] kasan_save_track+0x18/0x40 [ 12.391081] kasan_save_alloc_info+0x3b/0x50 [ 12.391313] __kasan_kmalloc+0xb7/0xc0 [ 12.391507] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.391944] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.392301] kunit_try_run_case+0x1a5/0x480 [ 12.392650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.392909] kthread+0x337/0x6f0 [ 12.393397] ret_from_fork+0x116/0x1d0 [ 12.393749] ret_from_fork_asm+0x1a/0x30 [ 12.393987] [ 12.394099] The buggy address belongs to the object at ffff888103249400 [ 12.394099] which belongs to the cache kmalloc-128 of size 128 [ 12.394589] The buggy address is located 0 bytes to the right of [ 12.394589] allocated 120-byte region [ffff888103249400, ffff888103249478) [ 12.395403] [ 12.395623] The buggy address belongs to the physical page: [ 12.395909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103249 [ 12.396419] flags: 0x200000000000000(node=0|zone=2) [ 12.396770] page_type: f5(slab) [ 12.396949] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.397484] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.397935] page dumped because: kasan: bad access detected [ 12.398291] [ 12.398394] Memory state around the buggy address: [ 12.398794] ffff888103249300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.399298] ffff888103249380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.399703] >ffff888103249400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.400051] ^ [ 12.400482] ffff888103249480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.401025] ffff888103249500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.401403] ================================================================== [ 12.347593] ================================================================== [ 12.348388] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.348778] Write of size 1 at addr ffff888103249378 by task kunit_try_catch/160 [ 12.349424] [ 12.349740] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.349787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.349798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.349819] Call Trace: [ 12.349831] <TASK> [ 12.349848] dump_stack_lvl+0x73/0xb0 [ 12.349879] print_report+0xd1/0x610 [ 12.349901] ? __virt_addr_valid+0x1db/0x2d0 [ 12.349925] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.349949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.349971] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.349995] kasan_report+0x141/0x180 [ 12.350016] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.350065] __asan_report_store1_noabort+0x1b/0x30 [ 12.350089] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.350120] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.350145] ? __schedule+0x10c6/0x2b60 [ 12.350168] ? __pfx_read_tsc+0x10/0x10 [ 12.350189] ? ktime_get_ts64+0x86/0x230 [ 12.350213] kunit_try_run_case+0x1a5/0x480 [ 12.350239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.350261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.350284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.350307] ? __kthread_parkme+0x82/0x180 [ 12.350327] ? preempt_count_sub+0x50/0x80 [ 12.350350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.350373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.350395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.350418] kthread+0x337/0x6f0 [ 12.350437] ? trace_preempt_on+0x20/0xc0 [ 12.350460] ? __pfx_kthread+0x10/0x10 [ 12.350490] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.350511] ? calculate_sigpending+0x7b/0xa0 [ 12.350534] ? __pfx_kthread+0x10/0x10 [ 12.350555] ret_from_fork+0x116/0x1d0 [ 12.350573] ? __pfx_kthread+0x10/0x10 [ 12.350592] ret_from_fork_asm+0x1a/0x30 [ 12.350622] </TASK> [ 12.350631] [ 12.361417] Allocated by task 160: [ 12.361966] kasan_save_stack+0x45/0x70 [ 12.362364] kasan_save_track+0x18/0x40 [ 12.362587] kasan_save_alloc_info+0x3b/0x50 [ 12.362971] __kasan_kmalloc+0xb7/0xc0 [ 12.363289] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.363656] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.364050] kunit_try_run_case+0x1a5/0x480 [ 12.364237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.364520] kthread+0x337/0x6f0 [ 12.364696] ret_from_fork+0x116/0x1d0 [ 12.365150] ret_from_fork_asm+0x1a/0x30 [ 12.365445] [ 12.365538] The buggy address belongs to the object at ffff888103249300 [ 12.365538] which belongs to the cache kmalloc-128 of size 128 [ 12.366365] The buggy address is located 0 bytes to the right of [ 12.366365] allocated 120-byte region [ffff888103249300, ffff888103249378) [ 12.367317] [ 12.367431] The buggy address belongs to the physical page: [ 12.367685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103249 [ 12.368328] flags: 0x200000000000000(node=0|zone=2) [ 12.368765] page_type: f5(slab) [ 12.368936] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.369522] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.370037] page dumped because: kasan: bad access detected [ 12.370445] [ 12.370566] Memory state around the buggy address: [ 12.371005] ffff888103249200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.371511] ffff888103249280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.371998] >ffff888103249300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.372444] ^ [ 12.372964] ffff888103249380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.373534] ffff888103249400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.373865] ==================================================================