Date
July 17, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.068114] ================================================================== [ 15.068161] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 15.068393] Write of size 1 at addr fff00000c786a178 by task kunit_try_catch/143 [ 15.068493] [ 15.068538] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.068653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.068680] Hardware name: linux,dummy-virt (DT) [ 15.068727] Call trace: [ 15.068794] show_stack+0x20/0x38 (C) [ 15.068877] dump_stack_lvl+0x8c/0xd0 [ 15.068925] print_report+0x118/0x5d0 [ 15.068971] kasan_report+0xdc/0x128 [ 15.069029] __asan_report_store1_noabort+0x20/0x30 [ 15.069104] kmalloc_track_caller_oob_right+0x418/0x488 [ 15.069155] kunit_try_run_case+0x170/0x3f0 [ 15.069200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.069353] kthread+0x328/0x630 [ 15.069460] ret_from_fork+0x10/0x20 [ 15.069508] [ 15.069525] Allocated by task 143: [ 15.069551] kasan_save_stack+0x3c/0x68 [ 15.069728] kasan_save_track+0x20/0x40 [ 15.069834] kasan_save_alloc_info+0x40/0x58 [ 15.069913] __kasan_kmalloc+0xd4/0xd8 [ 15.070068] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.070166] kmalloc_track_caller_oob_right+0x184/0x488 [ 15.070297] kunit_try_run_case+0x170/0x3f0 [ 15.070373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.070440] kthread+0x328/0x630 [ 15.070522] ret_from_fork+0x10/0x20 [ 15.070608] [ 15.070678] The buggy address belongs to the object at fff00000c786a100 [ 15.070678] which belongs to the cache kmalloc-128 of size 128 [ 15.070938] The buggy address is located 0 bytes to the right of [ 15.070938] allocated 120-byte region [fff00000c786a100, fff00000c786a178) [ 15.071054] [ 15.071126] The buggy address belongs to the physical page: [ 15.071178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786a [ 15.071287] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.071404] page_type: f5(slab) [ 15.071524] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.071620] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.071682] page dumped because: kasan: bad access detected [ 15.071712] [ 15.071728] Memory state around the buggy address: [ 15.072121] fff00000c786a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.072237] fff00000c786a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.072286] >fff00000c786a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.072331] ^ [ 15.072405] fff00000c786a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.072457] fff00000c786a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.072495] ================================================================== [ 15.063115] ================================================================== [ 15.063342] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.063404] Write of size 1 at addr fff00000c786a078 by task kunit_try_catch/143 [ 15.063478] [ 15.063520] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.063622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.063648] Hardware name: linux,dummy-virt (DT) [ 15.063698] Call trace: [ 15.063738] show_stack+0x20/0x38 (C) [ 15.063803] dump_stack_lvl+0x8c/0xd0 [ 15.063850] print_report+0x118/0x5d0 [ 15.064026] kasan_report+0xdc/0x128 [ 15.064227] __asan_report_store1_noabort+0x20/0x30 [ 15.064309] kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.064367] kunit_try_run_case+0x170/0x3f0 [ 15.064452] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.064524] kthread+0x328/0x630 [ 15.064565] ret_from_fork+0x10/0x20 [ 15.064613] [ 15.064630] Allocated by task 143: [ 15.064674] kasan_save_stack+0x3c/0x68 [ 15.064715] kasan_save_track+0x20/0x40 [ 15.064865] kasan_save_alloc_info+0x40/0x58 [ 15.065170] __kasan_kmalloc+0xd4/0xd8 [ 15.065260] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.065318] kmalloc_track_caller_oob_right+0xa8/0x488 [ 15.065359] kunit_try_run_case+0x170/0x3f0 [ 15.065395] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.065548] kthread+0x328/0x630 [ 15.065580] ret_from_fork+0x10/0x20 [ 15.065614] [ 15.065720] The buggy address belongs to the object at fff00000c786a000 [ 15.065720] which belongs to the cache kmalloc-128 of size 128 [ 15.065852] The buggy address is located 0 bytes to the right of [ 15.065852] allocated 120-byte region [fff00000c786a000, fff00000c786a078) [ 15.065966] [ 15.066028] The buggy address belongs to the physical page: [ 15.066117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786a [ 15.066220] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.066287] page_type: f5(slab) [ 15.066437] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.066573] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.066670] page dumped because: kasan: bad access detected [ 15.066761] [ 15.066862] Memory state around the buggy address: [ 15.066929] fff00000c7869f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.066989] fff00000c7869f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.067031] >fff00000c786a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.067077] ^ [ 15.067126] fff00000c786a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.067167] fff00000c786a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.067206] ==================================================================
[ 12.423152] ================================================================== [ 12.424045] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.424581] Write of size 1 at addr ffff8881025bde78 by task kunit_try_catch/159 [ 12.425057] [ 12.425174] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.425217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.425228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.425247] Call Trace: [ 12.425258] <TASK> [ 12.425297] dump_stack_lvl+0x73/0xb0 [ 12.425327] print_report+0xd1/0x610 [ 12.425349] ? __virt_addr_valid+0x1db/0x2d0 [ 12.425385] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.425422] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.425446] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.425472] kasan_report+0x141/0x180 [ 12.425493] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.425524] __asan_report_store1_noabort+0x1b/0x30 [ 12.425588] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.425615] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.425642] ? __schedule+0x10cc/0x2b60 [ 12.425665] ? __pfx_read_tsc+0x10/0x10 [ 12.425685] ? ktime_get_ts64+0x86/0x230 [ 12.425710] kunit_try_run_case+0x1a5/0x480 [ 12.425735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.425759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.425781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.425805] ? __kthread_parkme+0x82/0x180 [ 12.425826] ? preempt_count_sub+0x50/0x80 [ 12.425849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.425874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.425898] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.425923] kthread+0x337/0x6f0 [ 12.425942] ? trace_preempt_on+0x20/0xc0 [ 12.425965] ? __pfx_kthread+0x10/0x10 [ 12.425985] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.426006] ? calculate_sigpending+0x7b/0xa0 [ 12.426030] ? __pfx_kthread+0x10/0x10 [ 12.426051] ret_from_fork+0x116/0x1d0 [ 12.426069] ? __pfx_kthread+0x10/0x10 [ 12.426089] ret_from_fork_asm+0x1a/0x30 [ 12.426120] </TASK> [ 12.426130] [ 12.437172] Allocated by task 159: [ 12.437756] kasan_save_stack+0x45/0x70 [ 12.437968] kasan_save_track+0x18/0x40 [ 12.438107] kasan_save_alloc_info+0x3b/0x50 [ 12.438257] __kasan_kmalloc+0xb7/0xc0 [ 12.438389] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.438601] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.439107] kunit_try_run_case+0x1a5/0x480 [ 12.439580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.440209] kthread+0x337/0x6f0 [ 12.440646] ret_from_fork+0x116/0x1d0 [ 12.441014] ret_from_fork_asm+0x1a/0x30 [ 12.441399] [ 12.441650] The buggy address belongs to the object at ffff8881025bde00 [ 12.441650] which belongs to the cache kmalloc-128 of size 128 [ 12.442743] The buggy address is located 0 bytes to the right of [ 12.442743] allocated 120-byte region [ffff8881025bde00, ffff8881025bde78) [ 12.443123] [ 12.443195] The buggy address belongs to the physical page: [ 12.443697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025bd [ 12.444650] flags: 0x200000000000000(node=0|zone=2) [ 12.445175] page_type: f5(slab) [ 12.445569] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.446227] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.446954] page dumped because: kasan: bad access detected [ 12.447130] [ 12.447198] Memory state around the buggy address: [ 12.447570] ffff8881025bdd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.448212] ffff8881025bdd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.448965] >ffff8881025bde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.449772] ^ [ 12.449998] ffff8881025bde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.450218] ffff8881025bdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.450927] ================================================================== [ 12.451993] ================================================================== [ 12.452741] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.453752] Write of size 1 at addr ffff8881025bdf78 by task kunit_try_catch/159 [ 12.454223] [ 12.454358] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.454426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.454437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.454456] Call Trace: [ 12.454468] <TASK> [ 12.454483] dump_stack_lvl+0x73/0xb0 [ 12.454509] print_report+0xd1/0x610 [ 12.454531] ? __virt_addr_valid+0x1db/0x2d0 [ 12.454565] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.454591] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.454614] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.454660] kasan_report+0x141/0x180 [ 12.454682] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.454712] __asan_report_store1_noabort+0x1b/0x30 [ 12.454738] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.454763] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.454791] ? __schedule+0x10cc/0x2b60 [ 12.454812] ? __pfx_read_tsc+0x10/0x10 [ 12.454832] ? ktime_get_ts64+0x86/0x230 [ 12.454856] kunit_try_run_case+0x1a5/0x480 [ 12.454880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.454903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.454926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.454949] ? __kthread_parkme+0x82/0x180 [ 12.454969] ? preempt_count_sub+0x50/0x80 [ 12.454992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.455016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.455040] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.455065] kthread+0x337/0x6f0 [ 12.455084] ? trace_preempt_on+0x20/0xc0 [ 12.455107] ? __pfx_kthread+0x10/0x10 [ 12.455128] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.455149] ? calculate_sigpending+0x7b/0xa0 [ 12.455172] ? __pfx_kthread+0x10/0x10 [ 12.455194] ret_from_fork+0x116/0x1d0 [ 12.455212] ? __pfx_kthread+0x10/0x10 [ 12.455232] ret_from_fork_asm+0x1a/0x30 [ 12.455273] </TASK> [ 12.455282] [ 12.468464] Allocated by task 159: [ 12.468875] kasan_save_stack+0x45/0x70 [ 12.469240] kasan_save_track+0x18/0x40 [ 12.469724] kasan_save_alloc_info+0x3b/0x50 [ 12.470147] __kasan_kmalloc+0xb7/0xc0 [ 12.470493] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.470690] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.470859] kunit_try_run_case+0x1a5/0x480 [ 12.471000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.471170] kthread+0x337/0x6f0 [ 12.471306] ret_from_fork+0x116/0x1d0 [ 12.471440] ret_from_fork_asm+0x1a/0x30 [ 12.471792] [ 12.471898] The buggy address belongs to the object at ffff8881025bdf00 [ 12.471898] which belongs to the cache kmalloc-128 of size 128 [ 12.472678] The buggy address is located 0 bytes to the right of [ 12.472678] allocated 120-byte region [ffff8881025bdf00, ffff8881025bdf78) [ 12.473159] [ 12.473365] The buggy address belongs to the physical page: [ 12.473598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025bd [ 12.473958] flags: 0x200000000000000(node=0|zone=2) [ 12.474255] page_type: f5(slab) [ 12.474457] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.474820] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.475165] page dumped because: kasan: bad access detected [ 12.475462] [ 12.475546] Memory state around the buggy address: [ 12.475711] ffff8881025bde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.476048] ffff8881025bde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.476367] >ffff8881025bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.476728] ^ [ 12.477122] ffff8881025bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.477658] ffff8881025be000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.477994] ==================================================================