Date
July 12, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.435094] ================================================================== [ 16.435142] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.435654] Write of size 1 at addr fff00000c585e978 by task kunit_try_catch/142 [ 16.435718] [ 16.436240] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.436620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.436676] Hardware name: linux,dummy-virt (DT) [ 16.436729] Call trace: [ 16.436749] show_stack+0x20/0x38 (C) [ 16.436799] dump_stack_lvl+0x8c/0xd0 [ 16.436844] print_report+0x118/0x5d0 [ 16.436889] kasan_report+0xdc/0x128 [ 16.436933] __asan_report_store1_noabort+0x20/0x30 [ 16.436984] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.437250] kunit_try_run_case+0x170/0x3f0 [ 16.437396] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.437453] kthread+0x328/0x630 [ 16.437506] ret_from_fork+0x10/0x20 [ 16.437670] [ 16.437687] Allocated by task 142: [ 16.437714] kasan_save_stack+0x3c/0x68 [ 16.437756] kasan_save_track+0x20/0x40 [ 16.438085] kasan_save_alloc_info+0x40/0x58 [ 16.438159] __kasan_kmalloc+0xd4/0xd8 [ 16.438227] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.438428] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.438490] kunit_try_run_case+0x170/0x3f0 [ 16.438620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.438662] kthread+0x328/0x630 [ 16.438732] ret_from_fork+0x10/0x20 [ 16.438791] [ 16.438809] The buggy address belongs to the object at fff00000c585e900 [ 16.438809] which belongs to the cache kmalloc-128 of size 128 [ 16.439048] The buggy address is located 0 bytes to the right of [ 16.439048] allocated 120-byte region [fff00000c585e900, fff00000c585e978) [ 16.439151] [ 16.439456] The buggy address belongs to the physical page: [ 16.439627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10585e [ 16.439684] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.439888] page_type: f5(slab) [ 16.439930] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.440148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.440252] page dumped because: kasan: bad access detected [ 16.440304] [ 16.440321] Memory state around the buggy address: [ 16.440351] fff00000c585e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.440515] fff00000c585e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.440558] >fff00000c585e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.440595] ^ [ 16.440634] fff00000c585e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.440676] fff00000c585ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.440714] ================================================================== [ 16.429036] ================================================================== [ 16.429219] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.429506] Write of size 1 at addr fff00000c585e878 by task kunit_try_catch/142 [ 16.429691] [ 16.429873] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.430367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.430396] Hardware name: linux,dummy-virt (DT) [ 16.430427] Call trace: [ 16.430455] show_stack+0x20/0x38 (C) [ 16.430555] dump_stack_lvl+0x8c/0xd0 [ 16.430728] print_report+0x118/0x5d0 [ 16.430790] kasan_report+0xdc/0x128 [ 16.430834] __asan_report_store1_noabort+0x20/0x30 [ 16.430884] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.430933] kunit_try_run_case+0x170/0x3f0 [ 16.430979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.431030] kthread+0x328/0x630 [ 16.431078] ret_from_fork+0x10/0x20 [ 16.431266] [ 16.431284] Allocated by task 142: [ 16.431328] kasan_save_stack+0x3c/0x68 [ 16.431369] kasan_save_track+0x20/0x40 [ 16.431405] kasan_save_alloc_info+0x40/0x58 [ 16.431443] __kasan_kmalloc+0xd4/0xd8 [ 16.431500] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.431543] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.431583] kunit_try_run_case+0x170/0x3f0 [ 16.431619] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.431661] kthread+0x328/0x630 [ 16.431694] ret_from_fork+0x10/0x20 [ 16.432259] [ 16.432293] The buggy address belongs to the object at fff00000c585e800 [ 16.432293] which belongs to the cache kmalloc-128 of size 128 [ 16.432528] The buggy address is located 0 bytes to the right of [ 16.432528] allocated 120-byte region [fff00000c585e800, fff00000c585e878) [ 16.432819] [ 16.432839] The buggy address belongs to the physical page: [ 16.432871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10585e [ 16.432992] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.433042] page_type: f5(slab) [ 16.433183] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.433337] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.433403] page dumped because: kasan: bad access detected [ 16.433505] [ 16.433522] Memory state around the buggy address: [ 16.433563] fff00000c585e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.433676] fff00000c585e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.433724] >fff00000c585e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.433761] ^ [ 16.433801] fff00000c585e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.433842] fff00000c585e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.433880] ==================================================================
[ 12.307618] ================================================================== [ 12.308462] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.309660] Write of size 1 at addr ffff8881027eb278 by task kunit_try_catch/159 [ 12.310716] [ 12.310819] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.310865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.310877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.310898] Call Trace: [ 12.310911] <TASK> [ 12.310930] dump_stack_lvl+0x73/0xb0 [ 12.310963] print_report+0xd1/0x610 [ 12.310996] ? __virt_addr_valid+0x1db/0x2d0 [ 12.311021] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.311046] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.311069] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.311094] kasan_report+0x141/0x180 [ 12.311170] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.311204] __asan_report_store1_noabort+0x1b/0x30 [ 12.311242] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.311278] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.311307] ? __schedule+0x10cc/0x2b60 [ 12.311331] ? __pfx_read_tsc+0x10/0x10 [ 12.311352] ? ktime_get_ts64+0x86/0x230 [ 12.311377] kunit_try_run_case+0x1a5/0x480 [ 12.311402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.311424] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.311448] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.311472] ? __kthread_parkme+0x82/0x180 [ 12.311492] ? preempt_count_sub+0x50/0x80 [ 12.311517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.311541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.311564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.311589] kthread+0x337/0x6f0 [ 12.311608] ? trace_preempt_on+0x20/0xc0 [ 12.311631] ? __pfx_kthread+0x10/0x10 [ 12.311651] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.311672] ? calculate_sigpending+0x7b/0xa0 [ 12.311696] ? __pfx_kthread+0x10/0x10 [ 12.311717] ret_from_fork+0x116/0x1d0 [ 12.311736] ? __pfx_kthread+0x10/0x10 [ 12.311756] ret_from_fork_asm+0x1a/0x30 [ 12.311787] </TASK> [ 12.311797] [ 12.325492] Allocated by task 159: [ 12.325945] kasan_save_stack+0x45/0x70 [ 12.326437] kasan_save_track+0x18/0x40 [ 12.326802] kasan_save_alloc_info+0x3b/0x50 [ 12.327279] __kasan_kmalloc+0xb7/0xc0 [ 12.327675] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.327885] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.328060] kunit_try_run_case+0x1a5/0x480 [ 12.328560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.329162] kthread+0x337/0x6f0 [ 12.329533] ret_from_fork+0x116/0x1d0 [ 12.329952] ret_from_fork_asm+0x1a/0x30 [ 12.330394] [ 12.330608] The buggy address belongs to the object at ffff8881027eb200 [ 12.330608] which belongs to the cache kmalloc-128 of size 128 [ 12.331395] The buggy address is located 0 bytes to the right of [ 12.331395] allocated 120-byte region [ffff8881027eb200, ffff8881027eb278) [ 12.332496] [ 12.332578] The buggy address belongs to the physical page: [ 12.332756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027eb [ 12.333020] flags: 0x200000000000000(node=0|zone=2) [ 12.333522] page_type: f5(slab) [ 12.333925] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.334740] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.335657] page dumped because: kasan: bad access detected [ 12.336323] [ 12.336558] Memory state around the buggy address: [ 12.337084] ffff8881027eb100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.337671] ffff8881027eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.338230] >ffff8881027eb200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.338998] ^ [ 12.339444] ffff8881027eb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.340212] ffff8881027eb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.340805] ================================================================== [ 12.341574] ================================================================== [ 12.342572] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.343093] Write of size 1 at addr ffff8881027eb378 by task kunit_try_catch/159 [ 12.343974] [ 12.344155] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.344199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.344209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.344229] Call Trace: [ 12.344240] <TASK> [ 12.344257] dump_stack_lvl+0x73/0xb0 [ 12.344301] print_report+0xd1/0x610 [ 12.344323] ? __virt_addr_valid+0x1db/0x2d0 [ 12.344346] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.344372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.344399] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.344426] kasan_report+0x141/0x180 [ 12.344448] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.344479] __asan_report_store1_noabort+0x1b/0x30 [ 12.344505] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.344565] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.344593] ? __schedule+0x10cc/0x2b60 [ 12.344616] ? __pfx_read_tsc+0x10/0x10 [ 12.344638] ? ktime_get_ts64+0x86/0x230 [ 12.344664] kunit_try_run_case+0x1a5/0x480 [ 12.344689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.344712] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.344736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.344759] ? __kthread_parkme+0x82/0x180 [ 12.344779] ? preempt_count_sub+0x50/0x80 [ 12.344803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.344827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.344851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.344876] kthread+0x337/0x6f0 [ 12.344895] ? trace_preempt_on+0x20/0xc0 [ 12.344918] ? __pfx_kthread+0x10/0x10 [ 12.344938] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.344959] ? calculate_sigpending+0x7b/0xa0 [ 12.345002] ? __pfx_kthread+0x10/0x10 [ 12.345032] ret_from_fork+0x116/0x1d0 [ 12.345062] ? __pfx_kthread+0x10/0x10 [ 12.345082] ret_from_fork_asm+0x1a/0x30 [ 12.345113] </TASK> [ 12.345123] [ 12.356512] Allocated by task 159: [ 12.356661] kasan_save_stack+0x45/0x70 [ 12.356818] kasan_save_track+0x18/0x40 [ 12.356954] kasan_save_alloc_info+0x3b/0x50 [ 12.357103] __kasan_kmalloc+0xb7/0xc0 [ 12.357238] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.357804] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.358351] kunit_try_run_case+0x1a5/0x480 [ 12.359890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.360880] kthread+0x337/0x6f0 [ 12.361290] ret_from_fork+0x116/0x1d0 [ 12.361636] ret_from_fork_asm+0x1a/0x30 [ 12.362063] [ 12.362224] The buggy address belongs to the object at ffff8881027eb300 [ 12.362224] which belongs to the cache kmalloc-128 of size 128 [ 12.362890] The buggy address is located 0 bytes to the right of [ 12.362890] allocated 120-byte region [ffff8881027eb300, ffff8881027eb378) [ 12.364122] [ 12.364318] The buggy address belongs to the physical page: [ 12.364583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027eb [ 12.364833] flags: 0x200000000000000(node=0|zone=2) [ 12.365155] page_type: f5(slab) [ 12.365470] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.366172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.366829] page dumped because: kasan: bad access detected [ 12.367370] [ 12.367527] Memory state around the buggy address: [ 12.367704] ffff8881027eb200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.367926] ffff8881027eb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.368705] >ffff8881027eb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.369430] ^ [ 12.370071] ffff8881027eb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.370401] ffff8881027eb400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.370960] ==================================================================