Date
June 16, 2025, 7:07 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.736091] ================================================================== [ 18.736228] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.736358] Write of size 1 at addr fff00000c6399b78 by task kunit_try_catch/151 [ 18.736477] [ 18.736565] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 18.736770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.737371] Hardware name: linux,dummy-virt (DT) [ 18.737518] Call trace: [ 18.737576] show_stack+0x20/0x38 (C) [ 18.737779] dump_stack_lvl+0x8c/0xd0 [ 18.738089] print_report+0x118/0x608 [ 18.738486] kasan_report+0xdc/0x128 [ 18.738930] __asan_report_store1_noabort+0x20/0x30 [ 18.739440] kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.739782] kunit_try_run_case+0x170/0x3f0 [ 18.739999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.740352] kthread+0x328/0x630 [ 18.740527] ret_from_fork+0x10/0x20 [ 18.740741] [ 18.740788] Allocated by task 151: [ 18.740866] kasan_save_stack+0x3c/0x68 [ 18.741181] kasan_save_track+0x20/0x40 [ 18.741310] kasan_save_alloc_info+0x40/0x58 [ 18.741419] __kasan_kmalloc+0xd4/0xd8 [ 18.741513] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.741625] kmalloc_track_caller_oob_right+0xa8/0x488 [ 18.741728] kunit_try_run_case+0x170/0x3f0 [ 18.741822] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.741931] kthread+0x328/0x630 [ 18.742004] ret_from_fork+0x10/0x20 [ 18.742087] [ 18.742136] The buggy address belongs to the object at fff00000c6399b00 [ 18.742136] which belongs to the cache kmalloc-128 of size 128 [ 18.742291] The buggy address is located 0 bytes to the right of [ 18.742291] allocated 120-byte region [fff00000c6399b00, fff00000c6399b78) [ 18.743015] [ 18.743098] The buggy address belongs to the physical page: [ 18.743248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106399 [ 18.743514] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.743710] page_type: f5(slab) [ 18.743888] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.744021] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.744320] page dumped because: kasan: bad access detected [ 18.744415] [ 18.744467] Memory state around the buggy address: [ 18.744553] fff00000c6399a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.744672] fff00000c6399a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.744893] >fff00000c6399b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.745189] ^ [ 18.745364] fff00000c6399b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.745492] fff00000c6399c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.745576] ================================================================== [ 18.750291] ================================================================== [ 18.750419] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 18.750973] Write of size 1 at addr fff00000c6399c78 by task kunit_try_catch/151 [ 18.751224] [ 18.751581] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT [ 18.752113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.752261] Hardware name: linux,dummy-virt (DT) [ 18.752421] Call trace: [ 18.752534] show_stack+0x20/0x38 (C) [ 18.752779] dump_stack_lvl+0x8c/0xd0 [ 18.752889] print_report+0x118/0x608 [ 18.753072] kasan_report+0xdc/0x128 [ 18.753250] __asan_report_store1_noabort+0x20/0x30 [ 18.753368] kmalloc_track_caller_oob_right+0x418/0x488 [ 18.753494] kunit_try_run_case+0x170/0x3f0 [ 18.753611] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.753738] kthread+0x328/0x630 [ 18.753864] ret_from_fork+0x10/0x20 [ 18.753988] [ 18.754036] Allocated by task 151: [ 18.754101] kasan_save_stack+0x3c/0x68 [ 18.754188] kasan_save_track+0x20/0x40 [ 18.754277] kasan_save_alloc_info+0x40/0x58 [ 18.754367] __kasan_kmalloc+0xd4/0xd8 [ 18.754458] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.754567] kmalloc_track_caller_oob_right+0x184/0x488 [ 18.754702] kunit_try_run_case+0x170/0x3f0 [ 18.754795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.755227] kthread+0x328/0x630 [ 18.755344] ret_from_fork+0x10/0x20 [ 18.755461] [ 18.755530] The buggy address belongs to the object at fff00000c6399c00 [ 18.755530] which belongs to the cache kmalloc-128 of size 128 [ 18.755722] The buggy address is located 0 bytes to the right of [ 18.755722] allocated 120-byte region [fff00000c6399c00, fff00000c6399c78) [ 18.755944] [ 18.756012] The buggy address belongs to the physical page: [ 18.756117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106399 [ 18.756299] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.756453] page_type: f5(slab) [ 18.756562] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.756675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.756772] page dumped because: kasan: bad access detected [ 18.756896] [ 18.757399] Memory state around the buggy address: [ 18.757494] fff00000c6399b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.757597] fff00000c6399b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.757908] >fff00000c6399c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.758036] ^ [ 18.758141] fff00000c6399c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.758261] fff00000c6399d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.758370] ==================================================================
[ 10.786698] ================================================================== [ 10.787213] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.788184] Write of size 1 at addr ffff8881028e2178 by task kunit_try_catch/167 [ 10.788884] [ 10.788989] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.789037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.789048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.789070] Call Trace: [ 10.789083] <TASK> [ 10.789104] dump_stack_lvl+0x73/0xb0 [ 10.789136] print_report+0xd1/0x650 [ 10.789158] ? __virt_addr_valid+0x1db/0x2d0 [ 10.789182] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789204] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.789225] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789248] kasan_report+0x141/0x180 [ 10.789268] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789296] __asan_report_store1_noabort+0x1b/0x30 [ 10.789319] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789342] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.789366] ? __schedule+0x10cc/0x2b60 [ 10.789387] ? __pfx_read_tsc+0x10/0x10 [ 10.789410] ? ktime_get_ts64+0x86/0x230 [ 10.789643] kunit_try_run_case+0x1a5/0x480 [ 10.789672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.789697] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.789719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.789739] ? __kthread_parkme+0x82/0x180 [ 10.789760] ? preempt_count_sub+0x50/0x80 [ 10.789782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.789804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.789826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.789847] kthread+0x337/0x6f0 [ 10.789865] ? trace_preempt_on+0x20/0xc0 [ 10.789889] ? __pfx_kthread+0x10/0x10 [ 10.789908] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.789927] ? calculate_sigpending+0x7b/0xa0 [ 10.789960] ? __pfx_kthread+0x10/0x10 [ 10.789980] ret_from_fork+0x116/0x1d0 [ 10.789997] ? __pfx_kthread+0x10/0x10 [ 10.790017] ret_from_fork_asm+0x1a/0x30 [ 10.790047] </TASK> [ 10.790059] [ 10.800561] Allocated by task 167: [ 10.800849] kasan_save_stack+0x45/0x70 [ 10.801060] kasan_save_track+0x18/0x40 [ 10.801230] kasan_save_alloc_info+0x3b/0x50 [ 10.801639] __kasan_kmalloc+0xb7/0xc0 [ 10.802015] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.802261] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.802702] kunit_try_run_case+0x1a5/0x480 [ 10.803106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.803489] kthread+0x337/0x6f0 [ 10.803649] ret_from_fork+0x116/0x1d0 [ 10.803812] ret_from_fork_asm+0x1a/0x30 [ 10.803986] [ 10.804068] The buggy address belongs to the object at ffff8881028e2100 [ 10.804068] which belongs to the cache kmalloc-128 of size 128 [ 10.804912] The buggy address is located 0 bytes to the right of [ 10.804912] allocated 120-byte region [ffff8881028e2100, ffff8881028e2178) [ 10.805757] [ 10.806041] The buggy address belongs to the physical page: [ 10.806346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 10.806951] flags: 0x200000000000000(node=0|zone=2) [ 10.807184] page_type: f5(slab) [ 10.807338] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.808039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.808350] page dumped because: kasan: bad access detected [ 10.809300] [ 10.809409] Memory state around the buggy address: [ 10.809927] ffff8881028e2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.810219] ffff8881028e2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.810998] >ffff8881028e2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.811603] ^ [ 10.811921] ffff8881028e2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.812218] ffff8881028e2200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.813012] ================================================================== [ 10.814709] ================================================================== [ 10.815245] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.815517] Write of size 1 at addr ffff8881028e2278 by task kunit_try_catch/167 [ 10.815735] [ 10.815816] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.815861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.815879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.815899] Call Trace: [ 10.815913] <TASK> [ 10.815940] dump_stack_lvl+0x73/0xb0 [ 10.815967] print_report+0xd1/0x650 [ 10.815988] ? __virt_addr_valid+0x1db/0x2d0 [ 10.816009] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816032] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.816052] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816075] kasan_report+0x141/0x180 [ 10.816096] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816123] __asan_report_store1_noabort+0x1b/0x30 [ 10.816145] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816168] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.816191] ? __schedule+0x10cc/0x2b60 [ 10.816212] ? __pfx_read_tsc+0x10/0x10 [ 10.816232] ? ktime_get_ts64+0x86/0x230 [ 10.816257] kunit_try_run_case+0x1a5/0x480 [ 10.816280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.816300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.816320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.816341] ? __kthread_parkme+0x82/0x180 [ 10.816360] ? preempt_count_sub+0x50/0x80 [ 10.816382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.816404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.816425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.816445] kthread+0x337/0x6f0 [ 10.816464] ? trace_preempt_on+0x20/0xc0 [ 10.816487] ? __pfx_kthread+0x10/0x10 [ 10.816507] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.816526] ? calculate_sigpending+0x7b/0xa0 [ 10.816549] ? __pfx_kthread+0x10/0x10 [ 10.816569] ret_from_fork+0x116/0x1d0 [ 10.816586] ? __pfx_kthread+0x10/0x10 [ 10.816605] ret_from_fork_asm+0x1a/0x30 [ 10.816634] </TASK> [ 10.816644] [ 10.831820] Allocated by task 167: [ 10.832019] kasan_save_stack+0x45/0x70 [ 10.832222] kasan_save_track+0x18/0x40 [ 10.832387] kasan_save_alloc_info+0x3b/0x50 [ 10.832923] __kasan_kmalloc+0xb7/0xc0 [ 10.833132] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.833353] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.833787] kunit_try_run_case+0x1a5/0x480 [ 10.834179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.834553] kthread+0x337/0x6f0 [ 10.834847] ret_from_fork+0x116/0x1d0 [ 10.835060] ret_from_fork_asm+0x1a/0x30 [ 10.835229] [ 10.835311] The buggy address belongs to the object at ffff8881028e2200 [ 10.835311] which belongs to the cache kmalloc-128 of size 128 [ 10.836420] The buggy address is located 0 bytes to the right of [ 10.836420] allocated 120-byte region [ffff8881028e2200, ffff8881028e2278) [ 10.837678] [ 10.837924] The buggy address belongs to the physical page: [ 10.838430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 10.838834] flags: 0x200000000000000(node=0|zone=2) [ 10.839056] page_type: f5(slab) [ 10.839211] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.839746] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.840348] page dumped because: kasan: bad access detected [ 10.840884] [ 10.841005] Memory state around the buggy address: [ 10.841369] ffff8881028e2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.841808] ffff8881028e2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.842104] >ffff8881028e2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.842380] ^ [ 10.843030] ffff8881028e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.843520] ffff8881028e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.843797] ==================================================================