Date
July 19, 2025, 11:11 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 14.988408] ================================================================== [ 14.988462] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 14.988513] Write of size 1 at addr fff00000c5f9d978 by task kunit_try_catch/143 [ 14.989726] [ 14.989925] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 14.990180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.990461] Hardware name: linux,dummy-virt (DT) [ 14.990516] Call trace: [ 14.990566] show_stack+0x20/0x38 (C) [ 14.990692] dump_stack_lvl+0x8c/0xd0 [ 14.990789] print_report+0x118/0x5d0 [ 14.990957] kasan_report+0xdc/0x128 [ 14.991045] __asan_report_store1_noabort+0x20/0x30 [ 14.991307] kmalloc_track_caller_oob_right+0x40c/0x488 [ 14.991551] kunit_try_run_case+0x170/0x3f0 [ 14.991625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 14.992416] kthread+0x328/0x630 [ 14.992498] ret_from_fork+0x10/0x20 [ 14.992634] [ 14.992718] Allocated by task 143: [ 14.992790] kasan_save_stack+0x3c/0x68 [ 14.993026] kasan_save_track+0x20/0x40 [ 14.993200] kasan_save_alloc_info+0x40/0x58 [ 14.993612] __kasan_kmalloc+0xd4/0xd8 [ 14.993689] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 14.993994] kmalloc_track_caller_oob_right+0xa8/0x488 [ 14.994180] kunit_try_run_case+0x170/0x3f0 [ 14.994227] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 14.994270] kthread+0x328/0x630 [ 14.994628] ret_from_fork+0x10/0x20 [ 14.994690] [ 14.994802] The buggy address belongs to the object at fff00000c5f9d900 [ 14.994802] which belongs to the cache kmalloc-128 of size 128 [ 14.994997] The buggy address is located 0 bytes to the right of [ 14.994997] allocated 120-byte region [fff00000c5f9d900, fff00000c5f9d978) [ 14.995165] [ 14.995226] The buggy address belongs to the physical page: [ 14.995324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f9d [ 14.995451] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 14.995511] page_type: f5(slab) [ 14.995689] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 14.995918] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.995999] page dumped because: kasan: bad access detected [ 14.996194] [ 14.996467] Memory state around the buggy address: [ 14.996637] fff00000c5f9d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.996712] fff00000c5f9d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.996771] >fff00000c5f9d900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.997055] ^ [ 14.997105] fff00000c5f9d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.997493] fff00000c5f9da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.997751] ================================================================== [ 15.000224] ================================================================== [ 15.000359] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 15.000441] Write of size 1 at addr fff00000c5f9da78 by task kunit_try_catch/143 [ 15.000718] [ 15.000891] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.000981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.001008] Hardware name: linux,dummy-virt (DT) [ 15.001046] Call trace: [ 15.001256] show_stack+0x20/0x38 (C) [ 15.001450] dump_stack_lvl+0x8c/0xd0 [ 15.001576] print_report+0x118/0x5d0 [ 15.001624] kasan_report+0xdc/0x128 [ 15.001677] __asan_report_store1_noabort+0x20/0x30 [ 15.001869] kmalloc_track_caller_oob_right+0x418/0x488 [ 15.002085] kunit_try_run_case+0x170/0x3f0 [ 15.002243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.002313] kthread+0x328/0x630 [ 15.002525] ret_from_fork+0x10/0x20 [ 15.002815] [ 15.002838] Allocated by task 143: [ 15.003050] kasan_save_stack+0x3c/0x68 [ 15.003296] kasan_save_track+0x20/0x40 [ 15.003682] kasan_save_alloc_info+0x40/0x58 [ 15.003903] __kasan_kmalloc+0xd4/0xd8 [ 15.004047] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.004113] kmalloc_track_caller_oob_right+0x184/0x488 [ 15.004476] kunit_try_run_case+0x170/0x3f0 [ 15.004584] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.004629] kthread+0x328/0x630 [ 15.004939] ret_from_fork+0x10/0x20 [ 15.005104] [ 15.005160] The buggy address belongs to the object at fff00000c5f9da00 [ 15.005160] which belongs to the cache kmalloc-128 of size 128 [ 15.005246] The buggy address is located 0 bytes to the right of [ 15.005246] allocated 120-byte region [fff00000c5f9da00, fff00000c5f9da78) [ 15.005309] [ 15.005329] The buggy address belongs to the physical page: [ 15.005372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f9d [ 15.005423] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.005470] page_type: f5(slab) [ 15.005523] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.005584] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.005631] page dumped because: kasan: bad access detected [ 15.005676] [ 15.005694] Memory state around the buggy address: [ 15.006069] fff00000c5f9d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.006395] fff00000c5f9d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.006467] >fff00000c5f9da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.006680] ^ [ 15.006922] fff00000c5f9da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.007049] fff00000c5f9db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.007089] ==================================================================
[ 11.484510] ================================================================== [ 11.485008] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.485602] Write of size 1 at addr ffff888102f59578 by task kunit_try_catch/160 [ 11.486009] [ 11.486122] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.486171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.486182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.486210] Call Trace: [ 11.486223] <TASK> [ 11.486241] dump_stack_lvl+0x73/0xb0 [ 11.486274] print_report+0xd1/0x610 [ 11.486296] ? __virt_addr_valid+0x1db/0x2d0 [ 11.486320] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.486345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.486366] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.486391] kasan_report+0x141/0x180 [ 11.486412] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.486478] __asan_report_store1_noabort+0x1b/0x30 [ 11.486531] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.486555] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.486581] ? __schedule+0x10cc/0x2b60 [ 11.486603] ? __pfx_read_tsc+0x10/0x10 [ 11.486624] ? ktime_get_ts64+0x86/0x230 [ 11.486650] kunit_try_run_case+0x1a5/0x480 [ 11.486675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.486697] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.486721] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.486743] ? __kthread_parkme+0x82/0x180 [ 11.486764] ? preempt_count_sub+0x50/0x80 [ 11.486788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.486810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.486833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.486856] kthread+0x337/0x6f0 [ 11.486875] ? trace_preempt_on+0x20/0xc0 [ 11.486898] ? __pfx_kthread+0x10/0x10 [ 11.486917] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.486937] ? calculate_sigpending+0x7b/0xa0 [ 11.486961] ? __pfx_kthread+0x10/0x10 [ 11.486982] ret_from_fork+0x116/0x1d0 [ 11.487000] ? __pfx_kthread+0x10/0x10 [ 11.487020] ret_from_fork_asm+0x1a/0x30 [ 11.487050] </TASK> [ 11.487061] [ 11.494810] Allocated by task 160: [ 11.494947] kasan_save_stack+0x45/0x70 [ 11.495219] kasan_save_track+0x18/0x40 [ 11.495582] kasan_save_alloc_info+0x3b/0x50 [ 11.495789] __kasan_kmalloc+0xb7/0xc0 [ 11.496054] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.496238] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.496408] kunit_try_run_case+0x1a5/0x480 [ 11.496626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.496887] kthread+0x337/0x6f0 [ 11.497175] ret_from_fork+0x116/0x1d0 [ 11.497505] ret_from_fork_asm+0x1a/0x30 [ 11.497716] [ 11.497827] The buggy address belongs to the object at ffff888102f59500 [ 11.497827] which belongs to the cache kmalloc-128 of size 128 [ 11.498371] The buggy address is located 0 bytes to the right of [ 11.498371] allocated 120-byte region [ffff888102f59500, ffff888102f59578) [ 11.499103] [ 11.499243] The buggy address belongs to the physical page: [ 11.499521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f59 [ 11.499765] flags: 0x200000000000000(node=0|zone=2) [ 11.500084] page_type: f5(slab) [ 11.500323] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.500721] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.501008] page dumped because: kasan: bad access detected [ 11.501183] [ 11.501251] Memory state around the buggy address: [ 11.501408] ffff888102f59400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.501730] ffff888102f59480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.502457] >ffff888102f59500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.502792] ^ [ 11.503005] ffff888102f59580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.503674] ffff888102f59600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.503983] ================================================================== [ 11.504900] ================================================================== [ 11.505297] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.505856] Write of size 1 at addr ffff888102f59678 by task kunit_try_catch/160 [ 11.506133] [ 11.506226] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.506269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.506280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.506300] Call Trace: [ 11.506311] <TASK> [ 11.506326] dump_stack_lvl+0x73/0xb0 [ 11.506353] print_report+0xd1/0x610 [ 11.506375] ? __virt_addr_valid+0x1db/0x2d0 [ 11.506397] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.506420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.506442] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.506467] kasan_report+0x141/0x180 [ 11.506488] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.506547] __asan_report_store1_noabort+0x1b/0x30 [ 11.506571] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.506595] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.506620] ? __schedule+0x10cc/0x2b60 [ 11.506642] ? __pfx_read_tsc+0x10/0x10 [ 11.506662] ? ktime_get_ts64+0x86/0x230 [ 11.506686] kunit_try_run_case+0x1a5/0x480 [ 11.506709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.506730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.506753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.506776] ? __kthread_parkme+0x82/0x180 [ 11.506796] ? preempt_count_sub+0x50/0x80 [ 11.506820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.506843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.506866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.506889] kthread+0x337/0x6f0 [ 11.506907] ? trace_preempt_on+0x20/0xc0 [ 11.506929] ? __pfx_kthread+0x10/0x10 [ 11.506949] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.506970] ? calculate_sigpending+0x7b/0xa0 [ 11.506994] ? __pfx_kthread+0x10/0x10 [ 11.507014] ret_from_fork+0x116/0x1d0 [ 11.507032] ? __pfx_kthread+0x10/0x10 [ 11.507080] ret_from_fork_asm+0x1a/0x30 [ 11.507110] </TASK> [ 11.507130] [ 11.516169] Allocated by task 160: [ 11.516318] kasan_save_stack+0x45/0x70 [ 11.516467] kasan_save_track+0x18/0x40 [ 11.516808] kasan_save_alloc_info+0x3b/0x50 [ 11.516983] __kasan_kmalloc+0xb7/0xc0 [ 11.517216] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.517601] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.517920] kunit_try_run_case+0x1a5/0x480 [ 11.518152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.518371] kthread+0x337/0x6f0 [ 11.518502] ret_from_fork+0x116/0x1d0 [ 11.518636] ret_from_fork_asm+0x1a/0x30 [ 11.518786] [ 11.518928] The buggy address belongs to the object at ffff888102f59600 [ 11.518928] which belongs to the cache kmalloc-128 of size 128 [ 11.519553] The buggy address is located 0 bytes to the right of [ 11.519553] allocated 120-byte region [ffff888102f59600, ffff888102f59678) [ 11.520234] [ 11.520346] The buggy address belongs to the physical page: [ 11.520671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f59 [ 11.521060] flags: 0x200000000000000(node=0|zone=2) [ 11.521278] page_type: f5(slab) [ 11.521489] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.521801] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.522158] page dumped because: kasan: bad access detected [ 11.522512] [ 11.522655] Memory state around the buggy address: [ 11.522936] ffff888102f59500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.523195] ffff888102f59580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.523632] >ffff888102f59600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.523991] ^ [ 11.524279] ffff888102f59680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.524621] ffff888102f59700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.524835] ==================================================================