Date
June 19, 2025, 12:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.843663] ================================================================== [ 29.843810] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 29.843953] Write of size 1 at addr fff00000c6466778 by task kunit_try_catch/153 [ 29.844076] [ 29.844164] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 29.844369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.844431] Hardware name: linux,dummy-virt (DT) [ 29.845691] Call trace: [ 29.845784] show_stack+0x20/0x38 (C) [ 29.846204] dump_stack_lvl+0x8c/0xd0 [ 29.846866] print_report+0x118/0x608 [ 29.847369] kasan_report+0xdc/0x128 [ 29.847501] __asan_report_store1_noabort+0x20/0x30 [ 29.847925] kmalloc_track_caller_oob_right+0x418/0x488 [ 29.848291] kunit_try_run_case+0x170/0x3f0 [ 29.848452] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.848592] kthread+0x328/0x630 [ 29.848758] ret_from_fork+0x10/0x20 [ 29.848997] [ 29.849046] Allocated by task 153: [ 29.849192] kasan_save_stack+0x3c/0x68 [ 29.849286] kasan_save_track+0x20/0x40 [ 29.849383] kasan_save_alloc_info+0x40/0x58 [ 29.849472] __kasan_kmalloc+0xd4/0xd8 [ 29.850159] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.850340] kmalloc_track_caller_oob_right+0x184/0x488 [ 29.850675] kunit_try_run_case+0x170/0x3f0 [ 29.850842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.850977] kthread+0x328/0x630 [ 29.851116] ret_from_fork+0x10/0x20 [ 29.851210] [ 29.851259] The buggy address belongs to the object at fff00000c6466700 [ 29.851259] which belongs to the cache kmalloc-128 of size 128 [ 29.851694] The buggy address is located 0 bytes to the right of [ 29.851694] allocated 120-byte region [fff00000c6466700, fff00000c6466778) [ 29.852542] [ 29.852604] The buggy address belongs to the physical page: [ 29.852802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106466 [ 29.852954] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.853342] page_type: f5(slab) [ 29.853686] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 29.853801] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.853896] page dumped because: kasan: bad access detected [ 29.853964] [ 29.854003] Memory state around the buggy address: [ 29.854075] fff00000c6466600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.854520] fff00000c6466680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.854632] >fff00000c6466700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.855304] ^ [ 29.855837] fff00000c6466780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.856030] fff00000c6466800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.856327] ================================================================== [ 29.829548] ================================================================== [ 29.830046] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.830443] Write of size 1 at addr fff00000c6466678 by task kunit_try_catch/153 [ 29.830634] [ 29.830765] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT [ 29.831469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.831671] Hardware name: linux,dummy-virt (DT) [ 29.832007] Call trace: [ 29.832078] show_stack+0x20/0x38 (C) [ 29.832318] dump_stack_lvl+0x8c/0xd0 [ 29.832513] print_report+0x118/0x608 [ 29.832816] kasan_report+0xdc/0x128 [ 29.833104] __asan_report_store1_noabort+0x20/0x30 [ 29.833245] kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.833593] kunit_try_run_case+0x170/0x3f0 [ 29.833761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.833971] kthread+0x328/0x630 [ 29.834125] ret_from_fork+0x10/0x20 [ 29.834366] [ 29.834416] Allocated by task 153: [ 29.834510] kasan_save_stack+0x3c/0x68 [ 29.834638] kasan_save_track+0x20/0x40 [ 29.834820] kasan_save_alloc_info+0x40/0x58 [ 29.835018] __kasan_kmalloc+0xd4/0xd8 [ 29.835766] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.836005] kmalloc_track_caller_oob_right+0xa8/0x488 [ 29.836113] kunit_try_run_case+0x170/0x3f0 [ 29.836263] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.836372] kthread+0x328/0x630 [ 29.836452] ret_from_fork+0x10/0x20 [ 29.836539] [ 29.836584] The buggy address belongs to the object at fff00000c6466600 [ 29.836584] which belongs to the cache kmalloc-128 of size 128 [ 29.836727] The buggy address is located 0 bytes to the right of [ 29.836727] allocated 120-byte region [fff00000c6466600, fff00000c6466678) [ 29.836899] [ 29.836952] The buggy address belongs to the physical page: [ 29.837040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106466 [ 29.837173] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.837302] page_type: f5(slab) [ 29.837402] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 29.837549] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.837642] page dumped because: kasan: bad access detected [ 29.837719] [ 29.838216] Memory state around the buggy address: [ 29.838311] fff00000c6466500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.838422] fff00000c6466580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.838632] >fff00000c6466600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.839202] ^ [ 29.839328] fff00000c6466680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.839468] fff00000c6466700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.839567] ==================================================================
[ 26.011094] ================================================================== [ 26.011479] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.012088] Write of size 1 at addr ffff88810324dd78 by task kunit_try_catch/171 [ 26.012682] [ 26.012843] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 26.012919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.012941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.012973] Call Trace: [ 26.012994] <TASK> [ 26.013022] dump_stack_lvl+0x73/0xb0 [ 26.013072] print_report+0xd1/0x650 [ 26.013116] ? __virt_addr_valid+0x1db/0x2d0 [ 26.013160] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013205] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.013255] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013298] kasan_report+0x141/0x180 [ 26.013615] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013784] __asan_report_store1_noabort+0x1b/0x30 [ 26.013823] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.013864] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 26.013908] ? __schedule+0x10cc/0x2b60 [ 26.013967] ? __pfx_read_tsc+0x10/0x10 [ 26.013992] ? ktime_get_ts64+0x86/0x230 [ 26.014023] kunit_try_run_case+0x1a5/0x480 [ 26.014052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.014076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.014120] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.014149] ? __kthread_parkme+0x82/0x180 [ 26.014173] ? preempt_count_sub+0x50/0x80 [ 26.014199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.014225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.014250] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.014275] kthread+0x337/0x6f0 [ 26.014297] ? trace_preempt_on+0x20/0xc0 [ 26.014323] ? __pfx_kthread+0x10/0x10 [ 26.014345] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.014370] ? calculate_sigpending+0x7b/0xa0 [ 26.014398] ? __pfx_kthread+0x10/0x10 [ 26.014421] ret_from_fork+0x116/0x1d0 [ 26.014441] ? __pfx_kthread+0x10/0x10 [ 26.014464] ret_from_fork_asm+0x1a/0x30 [ 26.014496] </TASK> [ 26.014510] [ 26.026432] Allocated by task 171: [ 26.026798] kasan_save_stack+0x45/0x70 [ 26.027180] kasan_save_track+0x18/0x40 [ 26.027373] kasan_save_alloc_info+0x3b/0x50 [ 26.027557] __kasan_kmalloc+0xb7/0xc0 [ 26.027727] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 26.027975] kmalloc_track_caller_oob_right+0x19a/0x520 [ 26.028381] kunit_try_run_case+0x1a5/0x480 [ 26.029022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.029528] kthread+0x337/0x6f0 [ 26.029833] ret_from_fork+0x116/0x1d0 [ 26.030069] ret_from_fork_asm+0x1a/0x30 [ 26.030269] [ 26.030441] The buggy address belongs to the object at ffff88810324dd00 [ 26.030441] which belongs to the cache kmalloc-128 of size 128 [ 26.031034] The buggy address is located 0 bytes to the right of [ 26.031034] allocated 120-byte region [ffff88810324dd00, ffff88810324dd78) [ 26.031848] [ 26.032616] The buggy address belongs to the physical page: [ 26.033303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10324d [ 26.033826] flags: 0x200000000000000(node=0|zone=2) [ 26.034529] page_type: f5(slab) [ 26.034727] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.035256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.035415] page dumped because: kasan: bad access detected [ 26.035523] [ 26.035570] Memory state around the buggy address: [ 26.035671] ffff88810324dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.035802] ffff88810324dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.036335] >ffff88810324dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.036732] ^ [ 26.038156] ffff88810324dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.038414] ffff88810324de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.038939] ================================================================== [ 25.977745] ================================================================== [ 25.978231] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.978835] Write of size 1 at addr ffff88810324dc78 by task kunit_try_catch/171 [ 25.979720] [ 25.979877] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) [ 25.980175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.980206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.980244] Call Trace: [ 25.980262] <TASK> [ 25.980288] dump_stack_lvl+0x73/0xb0 [ 25.980337] print_report+0xd1/0x650 [ 25.980364] ? __virt_addr_valid+0x1db/0x2d0 [ 25.980390] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980417] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.980446] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980473] kasan_report+0x141/0x180 [ 25.980496] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980527] __asan_report_store1_noabort+0x1b/0x30 [ 25.980553] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.980579] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.980607] ? __schedule+0x10cc/0x2b60 [ 25.980631] ? __pfx_read_tsc+0x10/0x10 [ 25.980654] ? ktime_get_ts64+0x86/0x230 [ 25.980682] kunit_try_run_case+0x1a5/0x480 [ 25.980709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.980732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.980757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.980781] ? __kthread_parkme+0x82/0x180 [ 25.980804] ? preempt_count_sub+0x50/0x80 [ 25.980830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.980855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.980880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.980929] kthread+0x337/0x6f0 [ 25.981247] ? trace_preempt_on+0x20/0xc0 [ 25.981277] ? __pfx_kthread+0x10/0x10 [ 25.981300] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.981324] ? calculate_sigpending+0x7b/0xa0 [ 25.981352] ? __pfx_kthread+0x10/0x10 [ 25.981379] ret_from_fork+0x116/0x1d0 [ 25.981400] ? __pfx_kthread+0x10/0x10 [ 25.981423] ret_from_fork_asm+0x1a/0x30 [ 25.981458] </TASK> [ 25.981471] [ 25.991806] Allocated by task 171: [ 25.992219] kasan_save_stack+0x45/0x70 [ 25.992607] kasan_save_track+0x18/0x40 [ 25.994155] kasan_save_alloc_info+0x3b/0x50 [ 25.994551] __kasan_kmalloc+0xb7/0xc0 [ 25.994719] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.995408] kmalloc_track_caller_oob_right+0x99/0x520 [ 25.996002] kunit_try_run_case+0x1a5/0x480 [ 25.996469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.996753] kthread+0x337/0x6f0 [ 25.997299] ret_from_fork+0x116/0x1d0 [ 25.997479] ret_from_fork_asm+0x1a/0x30 [ 25.998177] [ 25.998555] The buggy address belongs to the object at ffff88810324dc00 [ 25.998555] which belongs to the cache kmalloc-128 of size 128 [ 25.999494] The buggy address is located 0 bytes to the right of [ 25.999494] allocated 120-byte region [ffff88810324dc00, ffff88810324dc78) [ 26.000398] [ 26.000759] The buggy address belongs to the physical page: [ 26.001121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10324d [ 26.001647] flags: 0x200000000000000(node=0|zone=2) [ 26.002430] page_type: f5(slab) [ 26.002645] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.002882] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.003769] page dumped because: kasan: bad access detected [ 26.004227] [ 26.004679] Memory state around the buggy address: [ 26.005040] ffff88810324db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.005398] ffff88810324db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.005743] >ffff88810324dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.006738] ^ [ 26.006996] ffff88810324dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.007834] ffff88810324dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.008461] ==================================================================