Date
July 18, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.087760] ================================================================== [ 15.087816] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.087891] Write of size 1 at addr fff00000c3f17978 by task kunit_try_catch/142 [ 15.087949] [ 15.087981] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.088066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.088092] Hardware name: linux,dummy-virt (DT) [ 15.088124] Call trace: [ 15.088155] show_stack+0x20/0x38 (C) [ 15.088205] dump_stack_lvl+0x8c/0xd0 [ 15.088253] print_report+0x118/0x5d0 [ 15.088299] kasan_report+0xdc/0x128 [ 15.088708] __asan_report_store1_noabort+0x20/0x30 [ 15.089079] kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.089167] kunit_try_run_case+0x170/0x3f0 [ 15.089234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.089287] kthread+0x328/0x630 [ 15.089347] ret_from_fork+0x10/0x20 [ 15.089428] [ 15.089952] Allocated by task 142: [ 15.090034] kasan_save_stack+0x3c/0x68 [ 15.090099] kasan_save_track+0x20/0x40 [ 15.090265] kasan_save_alloc_info+0x40/0x58 [ 15.090346] __kasan_kmalloc+0xd4/0xd8 [ 15.090402] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.090454] kmalloc_track_caller_oob_right+0xa8/0x488 [ 15.090495] kunit_try_run_case+0x170/0x3f0 [ 15.090863] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.090941] kthread+0x328/0x630 [ 15.091150] ret_from_fork+0x10/0x20 [ 15.091371] [ 15.091778] The buggy address belongs to the object at fff00000c3f17900 [ 15.091778] which belongs to the cache kmalloc-128 of size 128 [ 15.091955] The buggy address is located 0 bytes to the right of [ 15.091955] allocated 120-byte region [fff00000c3f17900, fff00000c3f17978) [ 15.092079] [ 15.092189] The buggy address belongs to the physical page: [ 15.092298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f17 [ 15.092414] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.092799] page_type: f5(slab) [ 15.093051] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.093149] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.093360] page dumped because: kasan: bad access detected [ 15.093396] [ 15.093414] Memory state around the buggy address: [ 15.093461] fff00000c3f17800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.093687] fff00000c3f17880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.093872] >fff00000c3f17900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.093946] ^ [ 15.094139] fff00000c3f17980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.094278] fff00000c3f17a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.094374] ================================================================== [ 15.096114] ================================================================== [ 15.096256] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 15.096478] Write of size 1 at addr fff00000c3f17a78 by task kunit_try_catch/142 [ 15.096572] [ 15.096606] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.096688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.096715] Hardware name: linux,dummy-virt (DT) [ 15.097034] Call trace: [ 15.097177] show_stack+0x20/0x38 (C) [ 15.097880] dump_stack_lvl+0x8c/0xd0 [ 15.097980] print_report+0x118/0x5d0 [ 15.098118] kasan_report+0xdc/0x128 [ 15.098167] __asan_report_store1_noabort+0x20/0x30 [ 15.098787] kmalloc_track_caller_oob_right+0x418/0x488 [ 15.098894] kunit_try_run_case+0x170/0x3f0 [ 15.099044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.099197] kthread+0x328/0x630 [ 15.099241] ret_from_fork+0x10/0x20 [ 15.099498] [ 15.099523] Allocated by task 142: [ 15.099672] kasan_save_stack+0x3c/0x68 [ 15.099742] kasan_save_track+0x20/0x40 [ 15.100081] kasan_save_alloc_info+0x40/0x58 [ 15.100207] __kasan_kmalloc+0xd4/0xd8 [ 15.100431] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.100587] kmalloc_track_caller_oob_right+0x184/0x488 [ 15.100918] kunit_try_run_case+0x170/0x3f0 [ 15.101206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.101386] kthread+0x328/0x630 [ 15.101423] ret_from_fork+0x10/0x20 [ 15.101457] [ 15.101478] The buggy address belongs to the object at fff00000c3f17a00 [ 15.101478] which belongs to the cache kmalloc-128 of size 128 [ 15.101800] The buggy address is located 0 bytes to the right of [ 15.101800] allocated 120-byte region [fff00000c3f17a00, fff00000c3f17a78) [ 15.101980] [ 15.102086] The buggy address belongs to the physical page: [ 15.102125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f17 [ 15.102473] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.102679] page_type: f5(slab) [ 15.102795] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.103013] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.103058] page dumped because: kasan: bad access detected [ 15.103431] [ 15.103482] Memory state around the buggy address: [ 15.103569] fff00000c3f17900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.103698] fff00000c3f17980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104196] >fff00000c3f17a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.104279] ^ [ 15.104477] fff00000c3f17a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104533] fff00000c3f17b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104581] ==================================================================
[ 11.509951] ================================================================== [ 11.510485] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.510979] Write of size 1 at addr ffff8881029ce078 by task kunit_try_catch/161 [ 11.511773] [ 11.512069] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.512118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.512130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.512150] Call Trace: [ 11.512162] <TASK> [ 11.512177] dump_stack_lvl+0x73/0xb0 [ 11.512240] print_report+0xd1/0x610 [ 11.512262] ? __virt_addr_valid+0x1db/0x2d0 [ 11.512295] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.512318] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.512340] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.512364] kasan_report+0x141/0x180 [ 11.512385] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.512414] __asan_report_store1_noabort+0x1b/0x30 [ 11.512457] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.512481] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.512506] ? __schedule+0x10cc/0x2b60 [ 11.512528] ? __pfx_read_tsc+0x10/0x10 [ 11.512547] ? ktime_get_ts64+0x86/0x230 [ 11.512571] kunit_try_run_case+0x1a5/0x480 [ 11.512594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.512616] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.512638] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.512661] ? __kthread_parkme+0x82/0x180 [ 11.512679] ? preempt_count_sub+0x50/0x80 [ 11.512702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.512725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.512747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.512770] kthread+0x337/0x6f0 [ 11.512788] ? trace_preempt_on+0x20/0xc0 [ 11.512810] ? __pfx_kthread+0x10/0x10 [ 11.512829] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.512849] ? calculate_sigpending+0x7b/0xa0 [ 11.512872] ? __pfx_kthread+0x10/0x10 [ 11.512892] ret_from_fork+0x116/0x1d0 [ 11.512910] ? __pfx_kthread+0x10/0x10 [ 11.512938] ret_from_fork_asm+0x1a/0x30 [ 11.512967] </TASK> [ 11.512976] [ 11.524579] Allocated by task 161: [ 11.524747] kasan_save_stack+0x45/0x70 [ 11.524940] kasan_save_track+0x18/0x40 [ 11.525387] kasan_save_alloc_info+0x3b/0x50 [ 11.525803] __kasan_kmalloc+0xb7/0xc0 [ 11.526098] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.526630] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.527028] kunit_try_run_case+0x1a5/0x480 [ 11.527240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.527738] kthread+0x337/0x6f0 [ 11.527952] ret_from_fork+0x116/0x1d0 [ 11.528286] ret_from_fork_asm+0x1a/0x30 [ 11.528680] [ 11.528780] The buggy address belongs to the object at ffff8881029ce000 [ 11.528780] which belongs to the cache kmalloc-128 of size 128 [ 11.529800] The buggy address is located 0 bytes to the right of [ 11.529800] allocated 120-byte region [ffff8881029ce000, ffff8881029ce078) [ 11.530730] [ 11.530847] The buggy address belongs to the physical page: [ 11.531363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 11.531866] flags: 0x200000000000000(node=0|zone=2) [ 11.532263] page_type: f5(slab) [ 11.532433] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.532752] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.533308] page dumped because: kasan: bad access detected [ 11.533736] [ 11.533832] Memory state around the buggy address: [ 11.534319] ffff8881029cdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.534775] ffff8881029cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.535332] >ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.535826] ^ [ 11.536424] ffff8881029ce080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.536722] ffff8881029ce100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.537011] ================================================================== [ 11.476797] ================================================================== [ 11.477630] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.477897] Write of size 1 at addr ffff8881029c3f78 by task kunit_try_catch/161 [ 11.478122] [ 11.478206] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.478247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.478257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.478287] Call Trace: [ 11.478300] <TASK> [ 11.478315] dump_stack_lvl+0x73/0xb0 [ 11.478344] print_report+0xd1/0x610 [ 11.478364] ? __virt_addr_valid+0x1db/0x2d0 [ 11.478387] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.478411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.478433] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.478460] kasan_report+0x141/0x180 [ 11.478483] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.478514] __asan_report_store1_noabort+0x1b/0x30 [ 11.478538] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.478562] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.478589] ? __schedule+0x10cc/0x2b60 [ 11.478610] ? __pfx_read_tsc+0x10/0x10 [ 11.478631] ? ktime_get_ts64+0x86/0x230 [ 11.478655] kunit_try_run_case+0x1a5/0x480 [ 11.478680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.478704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.478726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.478749] ? __kthread_parkme+0x82/0x180 [ 11.478769] ? preempt_count_sub+0x50/0x80 [ 11.478793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.478815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.478839] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.478862] kthread+0x337/0x6f0 [ 11.478880] ? trace_preempt_on+0x20/0xc0 [ 11.478902] ? __pfx_kthread+0x10/0x10 [ 11.478921] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.478941] ? calculate_sigpending+0x7b/0xa0 [ 11.478965] ? __pfx_kthread+0x10/0x10 [ 11.478985] ret_from_fork+0x116/0x1d0 [ 11.479004] ? __pfx_kthread+0x10/0x10 [ 11.479023] ret_from_fork_asm+0x1a/0x30 [ 11.479053] </TASK> [ 11.479062] [ 11.496353] Allocated by task 161: [ 11.496754] kasan_save_stack+0x45/0x70 [ 11.497106] kasan_save_track+0x18/0x40 [ 11.497556] kasan_save_alloc_info+0x3b/0x50 [ 11.497783] __kasan_kmalloc+0xb7/0xc0 [ 11.497956] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.498202] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.498800] kunit_try_run_case+0x1a5/0x480 [ 11.499139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.499380] kthread+0x337/0x6f0 [ 11.499526] ret_from_fork+0x116/0x1d0 [ 11.499695] ret_from_fork_asm+0x1a/0x30 [ 11.499869] [ 11.499958] The buggy address belongs to the object at ffff8881029c3f00 [ 11.499958] which belongs to the cache kmalloc-128 of size 128 [ 11.500421] The buggy address is located 0 bytes to the right of [ 11.500421] allocated 120-byte region [ffff8881029c3f00, ffff8881029c3f78) [ 11.500894] [ 11.500991] The buggy address belongs to the physical page: [ 11.501225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c3 [ 11.502143] flags: 0x200000000000000(node=0|zone=2) [ 11.502613] page_type: f5(slab) [ 11.503047] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.503718] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.504183] page dumped because: kasan: bad access detected [ 11.504647] [ 11.504911] Memory state around the buggy address: [ 11.505262] ffff8881029c3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.505851] ffff8881029c3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.506599] >ffff8881029c3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.506908] ^ [ 11.507419] ffff8881029c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.508090] ffff8881029c4000: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 11.508553] ==================================================================