Date
July 19, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.006047] ================================================================== [ 15.006113] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 15.006162] Write of size 1 at addr fff00000c6417678 by task kunit_try_catch/142 [ 15.006209] [ 15.006238] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.006446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.006566] Hardware name: linux,dummy-virt (DT) [ 15.006616] Call trace: [ 15.006672] show_stack+0x20/0x38 (C) [ 15.006769] dump_stack_lvl+0x8c/0xd0 [ 15.006850] print_report+0x118/0x5d0 [ 15.006897] kasan_report+0xdc/0x128 [ 15.006942] __asan_report_store1_noabort+0x20/0x30 [ 15.006997] kmalloc_track_caller_oob_right+0x418/0x488 [ 15.007088] kunit_try_run_case+0x170/0x3f0 [ 15.007154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.007206] kthread+0x328/0x630 [ 15.007247] ret_from_fork+0x10/0x20 [ 15.007369] [ 15.007415] Allocated by task 142: [ 15.007531] kasan_save_stack+0x3c/0x68 [ 15.007660] kasan_save_track+0x20/0x40 [ 15.007785] kasan_save_alloc_info+0x40/0x58 [ 15.007854] __kasan_kmalloc+0xd4/0xd8 [ 15.007925] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.007968] kmalloc_track_caller_oob_right+0x184/0x488 [ 15.008151] kunit_try_run_case+0x170/0x3f0 [ 15.008196] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.008238] kthread+0x328/0x630 [ 15.008413] ret_from_fork+0x10/0x20 [ 15.008493] [ 15.008579] The buggy address belongs to the object at fff00000c6417600 [ 15.008579] which belongs to the cache kmalloc-128 of size 128 [ 15.008701] The buggy address is located 0 bytes to the right of [ 15.008701] allocated 120-byte region [fff00000c6417600, fff00000c6417678) [ 15.008775] [ 15.008794] The buggy address belongs to the physical page: [ 15.008823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106417 [ 15.008874] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.008920] page_type: f5(slab) [ 15.008956] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.009067] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.009133] page dumped because: kasan: bad access detected [ 15.009260] [ 15.009278] Memory state around the buggy address: [ 15.009347] fff00000c6417500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.009390] fff00000c6417580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.009431] >fff00000c6417600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.009467] ^ [ 15.009562] fff00000c6417680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.009616] fff00000c6417700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.009792] ================================================================== [ 15.000906] ================================================================== [ 15.000982] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.001078] Write of size 1 at addr fff00000c6417578 by task kunit_try_catch/142 [ 15.001126] [ 15.001155] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.001252] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.001409] Hardware name: linux,dummy-virt (DT) [ 15.001444] Call trace: [ 15.001479] show_stack+0x20/0x38 (C) [ 15.001534] dump_stack_lvl+0x8c/0xd0 [ 15.001704] print_report+0x118/0x5d0 [ 15.001771] kasan_report+0xdc/0x128 [ 15.001817] __asan_report_store1_noabort+0x20/0x30 [ 15.001868] kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.001918] kunit_try_run_case+0x170/0x3f0 [ 15.002108] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.002234] kthread+0x328/0x630 [ 15.002313] ret_from_fork+0x10/0x20 [ 15.002389] [ 15.002427] Allocated by task 142: [ 15.002474] kasan_save_stack+0x3c/0x68 [ 15.002520] kasan_save_track+0x20/0x40 [ 15.002590] kasan_save_alloc_info+0x40/0x58 [ 15.002629] __kasan_kmalloc+0xd4/0xd8 [ 15.002778] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.002872] kmalloc_track_caller_oob_right+0xa8/0x488 [ 15.002987] kunit_try_run_case+0x170/0x3f0 [ 15.003055] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.003104] kthread+0x328/0x630 [ 15.003137] ret_from_fork+0x10/0x20 [ 15.003188] [ 15.003237] The buggy address belongs to the object at fff00000c6417500 [ 15.003237] which belongs to the cache kmalloc-128 of size 128 [ 15.003308] The buggy address is located 0 bytes to the right of [ 15.003308] allocated 120-byte region [fff00000c6417500, fff00000c6417578) [ 15.003371] [ 15.003392] The buggy address belongs to the physical page: [ 15.003421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106417 [ 15.003600] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.003695] page_type: f5(slab) [ 15.003734] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.003824] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.003935] page dumped because: kasan: bad access detected [ 15.004056] [ 15.004135] Memory state around the buggy address: [ 15.004236] fff00000c6417400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.004280] fff00000c6417480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.004322] >fff00000c6417500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.004510] ^ [ 15.004558] fff00000c6417580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.004600] fff00000c6417600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.004637] ==================================================================
[ 11.416337] ================================================================== [ 11.417081] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.417569] Write of size 1 at addr ffff8881027d6778 by task kunit_try_catch/159 [ 11.417971] [ 11.418083] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.418128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.418139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.418161] Call Trace: [ 11.418172] <TASK> [ 11.418190] dump_stack_lvl+0x73/0xb0 [ 11.418220] print_report+0xd1/0x610 [ 11.418241] ? __virt_addr_valid+0x1db/0x2d0 [ 11.418263] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.418286] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.418306] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.418330] kasan_report+0x141/0x180 [ 11.418358] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.418386] __asan_report_store1_noabort+0x1b/0x30 [ 11.418408] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.418431] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.418455] ? __schedule+0x10cc/0x2b60 [ 11.418476] ? __pfx_read_tsc+0x10/0x10 [ 11.418495] ? ktime_get_ts64+0x86/0x230 [ 11.418519] kunit_try_run_case+0x1a5/0x480 [ 11.418543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.418563] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.418585] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.418607] ? __kthread_parkme+0x82/0x180 [ 11.418626] ? preempt_count_sub+0x50/0x80 [ 11.418649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.418671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.418692] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.418714] kthread+0x337/0x6f0 [ 11.418732] ? trace_preempt_on+0x20/0xc0 [ 11.418753] ? __pfx_kthread+0x10/0x10 [ 11.418772] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.418792] ? calculate_sigpending+0x7b/0xa0 [ 11.418815] ? __pfx_kthread+0x10/0x10 [ 11.418835] ret_from_fork+0x116/0x1d0 [ 11.418852] ? __pfx_kthread+0x10/0x10 [ 11.418872] ret_from_fork_asm+0x1a/0x30 [ 11.418901] </TASK> [ 11.418911] [ 11.426731] Allocated by task 159: [ 11.426891] kasan_save_stack+0x45/0x70 [ 11.427160] kasan_save_track+0x18/0x40 [ 11.427355] kasan_save_alloc_info+0x3b/0x50 [ 11.427581] __kasan_kmalloc+0xb7/0xc0 [ 11.427720] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.427898] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.428109] kunit_try_run_case+0x1a5/0x480 [ 11.428316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.428647] kthread+0x337/0x6f0 [ 11.428846] ret_from_fork+0x116/0x1d0 [ 11.429049] ret_from_fork_asm+0x1a/0x30 [ 11.429188] [ 11.429258] The buggy address belongs to the object at ffff8881027d6700 [ 11.429258] which belongs to the cache kmalloc-128 of size 128 [ 11.429756] The buggy address is located 0 bytes to the right of [ 11.429756] allocated 120-byte region [ffff8881027d6700, ffff8881027d6778) [ 11.430356] [ 11.430504] The buggy address belongs to the physical page: [ 11.430693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d6 [ 11.430933] flags: 0x200000000000000(node=0|zone=2) [ 11.431155] page_type: f5(slab) [ 11.431322] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.431992] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.432327] page dumped because: kasan: bad access detected [ 11.433168] [ 11.433273] Memory state around the buggy address: [ 11.434194] ffff8881027d6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.434970] ffff8881027d6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.435316] >ffff8881027d6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.435885] ^ [ 11.436275] ffff8881027d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.436805] ffff8881027d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.437351] ================================================================== [ 11.437982] ================================================================== [ 11.438305] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.438853] Write of size 1 at addr ffff8881027d6878 by task kunit_try_catch/159 [ 11.439585] [ 11.439790] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.439834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.440001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.440033] Call Trace: [ 11.440044] <TASK> [ 11.440058] dump_stack_lvl+0x73/0xb0 [ 11.440086] print_report+0xd1/0x610 [ 11.440106] ? __virt_addr_valid+0x1db/0x2d0 [ 11.440127] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.440149] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.440170] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.440194] kasan_report+0x141/0x180 [ 11.440215] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.440243] __asan_report_store1_noabort+0x1b/0x30 [ 11.440265] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.440288] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.440312] ? __schedule+0x10cc/0x2b60 [ 11.440332] ? __pfx_read_tsc+0x10/0x10 [ 11.440352] ? ktime_get_ts64+0x86/0x230 [ 11.440535] kunit_try_run_case+0x1a5/0x480 [ 11.440561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.440582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.440603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.440625] ? __kthread_parkme+0x82/0x180 [ 11.440645] ? preempt_count_sub+0x50/0x80 [ 11.440667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.440689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.440711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.440733] kthread+0x337/0x6f0 [ 11.440751] ? trace_preempt_on+0x20/0xc0 [ 11.440772] ? __pfx_kthread+0x10/0x10 [ 11.440792] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.440811] ? calculate_sigpending+0x7b/0xa0 [ 11.440833] ? __pfx_kthread+0x10/0x10 [ 11.440853] ret_from_fork+0x116/0x1d0 [ 11.440870] ? __pfx_kthread+0x10/0x10 [ 11.440890] ret_from_fork_asm+0x1a/0x30 [ 11.440918] </TASK> [ 11.440927] [ 11.452534] Allocated by task 159: [ 11.452929] kasan_save_stack+0x45/0x70 [ 11.453424] kasan_save_track+0x18/0x40 [ 11.453791] kasan_save_alloc_info+0x3b/0x50 [ 11.453946] __kasan_kmalloc+0xb7/0xc0 [ 11.454091] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.454269] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.454767] kunit_try_run_case+0x1a5/0x480 [ 11.455152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.455663] kthread+0x337/0x6f0 [ 11.455849] ret_from_fork+0x116/0x1d0 [ 11.456037] ret_from_fork_asm+0x1a/0x30 [ 11.456220] [ 11.456309] The buggy address belongs to the object at ffff8881027d6800 [ 11.456309] which belongs to the cache kmalloc-128 of size 128 [ 11.457224] The buggy address is located 0 bytes to the right of [ 11.457224] allocated 120-byte region [ffff8881027d6800, ffff8881027d6878) [ 11.458099] [ 11.458193] The buggy address belongs to the physical page: [ 11.458695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d6 [ 11.459141] flags: 0x200000000000000(node=0|zone=2) [ 11.459613] page_type: f5(slab) [ 11.459797] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.460124] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.460672] page dumped because: kasan: bad access detected [ 11.460949] [ 11.461188] Memory state around the buggy address: [ 11.461690] ffff8881027d6700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.462063] ffff8881027d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.462530] >ffff8881027d6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.463037] ^ [ 11.463341] ffff8881027d6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.463823] ffff8881027d6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.464135] ==================================================================