Date
June 25, 2025, 8:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.322123] ================================================================== [ 26.322503] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 26.322791] Write of size 1 at addr fff00000c3fadc78 by task kunit_try_catch/154 [ 26.322985] [ 26.323015] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT [ 26.323326] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.323416] Hardware name: linux,dummy-virt (DT) [ 26.323445] Call trace: [ 26.323466] show_stack+0x20/0x38 (C) [ 26.323706] dump_stack_lvl+0x8c/0xd0 [ 26.323982] print_report+0x118/0x608 [ 26.324041] kasan_report+0xdc/0x128 [ 26.324086] __asan_report_store1_noabort+0x20/0x30 [ 26.324133] kmalloc_track_caller_oob_right+0x418/0x488 [ 26.324182] kunit_try_run_case+0x170/0x3f0 [ 26.324231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.324282] kthread+0x328/0x630 [ 26.324323] ret_from_fork+0x10/0x20 [ 26.324369] [ 26.324422] Allocated by task 154: [ 26.324451] kasan_save_stack+0x3c/0x68 [ 26.324758] kasan_save_track+0x20/0x40 [ 26.324824] kasan_save_alloc_info+0x40/0x58 [ 26.324860] __kasan_kmalloc+0xd4/0xd8 [ 26.324895] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 26.325108] kmalloc_track_caller_oob_right+0x184/0x488 [ 26.325209] kunit_try_run_case+0x170/0x3f0 [ 26.325253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.325295] kthread+0x328/0x630 [ 26.325325] ret_from_fork+0x10/0x20 [ 26.325370] [ 26.325470] The buggy address belongs to the object at fff00000c3fadc00 [ 26.325470] which belongs to the cache kmalloc-128 of size 128 [ 26.325527] The buggy address is located 0 bytes to the right of [ 26.325527] allocated 120-byte region [fff00000c3fadc00, fff00000c3fadc78) [ 26.325587] [ 26.325607] The buggy address belongs to the physical page: [ 26.325698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fad [ 26.325749] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.325794] page_type: f5(slab) [ 26.325830] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 26.325878] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.325917] page dumped because: kasan: bad access detected [ 26.325955] [ 26.325972] Memory state around the buggy address: [ 26.326001] fff00000c3fadb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.326441] fff00000c3fadb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.326558] >fff00000c3fadc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.326594] ^ [ 26.326632] fff00000c3fadc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.326852] fff00000c3fadd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.326929] ================================================================== [ 26.314764] ================================================================== [ 26.314940] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 26.315215] Write of size 1 at addr fff00000c3fadb78 by task kunit_try_catch/154 [ 26.315297] [ 26.315334] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT [ 26.315910] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.316119] Hardware name: linux,dummy-virt (DT) [ 26.316368] Call trace: [ 26.316405] show_stack+0x20/0x38 (C) [ 26.316460] dump_stack_lvl+0x8c/0xd0 [ 26.316674] print_report+0x118/0x608 [ 26.316781] kasan_report+0xdc/0x128 [ 26.316827] __asan_report_store1_noabort+0x20/0x30 [ 26.316940] kmalloc_track_caller_oob_right+0x40c/0x488 [ 26.317089] kunit_try_run_case+0x170/0x3f0 [ 26.317586] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.317676] kthread+0x328/0x630 [ 26.317746] ret_from_fork+0x10/0x20 [ 26.317944] [ 26.317963] Allocated by task 154: [ 26.317993] kasan_save_stack+0x3c/0x68 [ 26.318033] kasan_save_track+0x20/0x40 [ 26.318069] kasan_save_alloc_info+0x40/0x58 [ 26.318114] __kasan_kmalloc+0xd4/0xd8 [ 26.318160] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 26.318204] kmalloc_track_caller_oob_right+0xa8/0x488 [ 26.318602] kunit_try_run_case+0x170/0x3f0 [ 26.318737] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.318837] kthread+0x328/0x630 [ 26.318878] ret_from_fork+0x10/0x20 [ 26.318988] [ 26.319007] The buggy address belongs to the object at fff00000c3fadb00 [ 26.319007] which belongs to the cache kmalloc-128 of size 128 [ 26.319064] The buggy address is located 0 bytes to the right of [ 26.319064] allocated 120-byte region [fff00000c3fadb00, fff00000c3fadb78) [ 26.319124] [ 26.319144] The buggy address belongs to the physical page: [ 26.319175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fad [ 26.319235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.319282] page_type: f5(slab) [ 26.319574] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 26.319837] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.320014] page dumped because: kasan: bad access detected [ 26.320045] [ 26.320101] Memory state around the buggy address: [ 26.320161] fff00000c3fada00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.320202] fff00000c3fada80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.320243] >fff00000c3fadb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.320278] ^ [ 26.320500] fff00000c3fadb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.320565] fff00000c3fadc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.320601] ==================================================================
[ 21.307353] ================================================================== [ 21.307807] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.308464] Write of size 1 at addr ffff88810257e778 by task kunit_try_catch/171 [ 21.308743] [ 21.308847] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.308893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.308905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.308926] Call Trace: [ 21.308950] <TASK> [ 21.308967] dump_stack_lvl+0x73/0xb0 [ 21.308992] print_report+0xd1/0x650 [ 21.309012] ? __virt_addr_valid+0x1db/0x2d0 [ 21.309033] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.309079] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309102] kasan_report+0x141/0x180 [ 21.309122] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309148] __asan_report_store1_noabort+0x1b/0x30 [ 21.309170] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 21.309192] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.309265] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.309289] ? trace_hardirqs_on+0x37/0xe0 [ 21.309310] ? __pfx_read_tsc+0x10/0x10 [ 21.309331] ? ktime_get_ts64+0x86/0x230 [ 21.309353] kunit_try_run_case+0x1a5/0x480 [ 21.309378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.309410] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.309430] ? __kthread_parkme+0x82/0x180 [ 21.309448] ? preempt_count_sub+0x50/0x80 [ 21.309471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.309493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.309515] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.309537] kthread+0x337/0x6f0 [ 21.309555] ? trace_preempt_on+0x20/0xc0 [ 21.309575] ? __pfx_kthread+0x10/0x10 [ 21.309594] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.309617] ? calculate_sigpending+0x7b/0xa0 [ 21.309639] ? __pfx_kthread+0x10/0x10 [ 21.309658] ret_from_fork+0x116/0x1d0 [ 21.309676] ? __pfx_kthread+0x10/0x10 [ 21.309695] ret_from_fork_asm+0x1a/0x30 [ 21.309722] </TASK> [ 21.309733] [ 21.316757] Allocated by task 171: [ 21.316924] kasan_save_stack+0x45/0x70 [ 21.317185] kasan_save_track+0x18/0x40 [ 21.317366] kasan_save_alloc_info+0x3b/0x50 [ 21.317706] __kasan_kmalloc+0xb7/0xc0 [ 21.317827] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.318009] kmalloc_track_caller_oob_right+0x99/0x520 [ 21.318500] kunit_try_run_case+0x1a5/0x480 [ 21.318709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.319049] kthread+0x337/0x6f0 [ 21.319191] ret_from_fork+0x116/0x1d0 [ 21.319313] ret_from_fork_asm+0x1a/0x30 [ 21.319441] [ 21.319503] The buggy address belongs to the object at ffff88810257e700 [ 21.319503] which belongs to the cache kmalloc-128 of size 128 [ 21.320408] The buggy address is located 0 bytes to the right of [ 21.320408] allocated 120-byte region [ffff88810257e700, ffff88810257e778) [ 21.320766] [ 21.320873] The buggy address belongs to the physical page: [ 21.321285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 21.321657] flags: 0x200000000000000(node=0|zone=2) [ 21.322019] page_type: f5(slab) [ 21.322189] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.322442] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.322667] page dumped because: kasan: bad access detected [ 21.323082] [ 21.323205] Memory state around the buggy address: [ 21.323431] ffff88810257e600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.323711] ffff88810257e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.324041] >ffff88810257e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.324320] ^ [ 21.324611] ffff88810257e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.324972] ffff88810257e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.325253] ================================================================== [ 21.325807] ================================================================== [ 21.326277] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.326777] Write of size 1 at addr ffff88810257e878 by task kunit_try_catch/171 [ 21.327108] [ 21.327249] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) [ 21.327294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.327305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.327325] Call Trace: [ 21.327337] <TASK> [ 21.327350] dump_stack_lvl+0x73/0xb0 [ 21.327374] print_report+0xd1/0x650 [ 21.327393] ? __virt_addr_valid+0x1db/0x2d0 [ 21.327414] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327436] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.327460] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327482] kasan_report+0x141/0x180 [ 21.327503] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327530] __asan_report_store1_noabort+0x1b/0x30 [ 21.327552] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 21.327574] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.327597] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 21.327617] ? trace_hardirqs_on+0x37/0xe0 [ 21.327638] ? __pfx_read_tsc+0x10/0x10 [ 21.327657] ? ktime_get_ts64+0x86/0x230 [ 21.327679] kunit_try_run_case+0x1a5/0x480 [ 21.327702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.327725] ? queued_spin_lock_slowpath+0x116/0xb40 [ 21.327745] ? __kthread_parkme+0x82/0x180 [ 21.327763] ? preempt_count_sub+0x50/0x80 [ 21.327784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.327807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.327828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.327850] kthread+0x337/0x6f0 [ 21.327868] ? trace_preempt_on+0x20/0xc0 [ 21.327924] ? __pfx_kthread+0x10/0x10 [ 21.327959] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.327981] ? calculate_sigpending+0x7b/0xa0 [ 21.328002] ? __pfx_kthread+0x10/0x10 [ 21.328022] ret_from_fork+0x116/0x1d0 [ 21.328040] ? __pfx_kthread+0x10/0x10 [ 21.328058] ret_from_fork_asm+0x1a/0x30 [ 21.328086] </TASK> [ 21.328096] [ 21.335133] Allocated by task 171: [ 21.335312] kasan_save_stack+0x45/0x70 [ 21.335502] kasan_save_track+0x18/0x40 [ 21.335685] kasan_save_alloc_info+0x3b/0x50 [ 21.336023] __kasan_kmalloc+0xb7/0xc0 [ 21.336224] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 21.336433] kmalloc_track_caller_oob_right+0x19a/0x520 [ 21.336601] kunit_try_run_case+0x1a5/0x480 [ 21.336805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.337074] kthread+0x337/0x6f0 [ 21.337409] ret_from_fork+0x116/0x1d0 [ 21.337594] ret_from_fork_asm+0x1a/0x30 [ 21.337760] [ 21.337925] The buggy address belongs to the object at ffff88810257e800 [ 21.337925] which belongs to the cache kmalloc-128 of size 128 [ 21.338414] The buggy address is located 0 bytes to the right of [ 21.338414] allocated 120-byte region [ffff88810257e800, ffff88810257e878) [ 21.338953] [ 21.339022] The buggy address belongs to the physical page: [ 21.339411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10257e [ 21.339709] flags: 0x200000000000000(node=0|zone=2) [ 21.339974] page_type: f5(slab) [ 21.340125] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.340388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.340716] page dumped because: kasan: bad access detected [ 21.340977] [ 21.341060] Memory state around the buggy address: [ 21.341264] ffff88810257e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.341563] ffff88810257e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.341840] >ffff88810257e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.342110] ^ [ 21.342555] ffff88810257e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.342878] ffff88810257e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.343158] ==================================================================