Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.545131] ================================================================== [ 30.545179] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 30.545227] Write of size 1 at addr fff00000c404fb78 by task kunit_try_catch/175 [ 30.545275] [ 30.545315] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.545411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.545439] Hardware name: linux,dummy-virt (DT) [ 30.545469] Call trace: [ 30.545491] show_stack+0x20/0x38 (C) [ 30.545538] dump_stack_lvl+0x8c/0xd0 [ 30.545586] print_report+0x118/0x608 [ 30.545633] kasan_report+0xdc/0x128 [ 30.545681] __asan_report_store1_noabort+0x20/0x30 [ 30.545729] kmalloc_track_caller_oob_right+0x418/0x488 [ 30.545780] kunit_try_run_case+0x170/0x3f0 [ 30.545827] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.545880] kthread+0x328/0x630 [ 30.546229] ret_from_fork+0x10/0x20 [ 30.547027] [ 30.547076] Allocated by task 175: [ 30.547117] kasan_save_stack+0x3c/0x68 [ 30.547161] kasan_save_track+0x20/0x40 [ 30.547198] kasan_save_alloc_info+0x40/0x58 [ 30.547234] __kasan_kmalloc+0xd4/0xd8 [ 30.547271] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.547315] kmalloc_track_caller_oob_right+0x184/0x488 [ 30.547359] kunit_try_run_case+0x170/0x3f0 [ 30.547397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.547793] kthread+0x328/0x630 [ 30.547871] ret_from_fork+0x10/0x20 [ 30.548027] [ 30.548049] The buggy address belongs to the object at fff00000c404fb00 [ 30.548049] which belongs to the cache kmalloc-128 of size 128 [ 30.548106] The buggy address is located 0 bytes to the right of [ 30.548106] allocated 120-byte region [fff00000c404fb00, fff00000c404fb78) [ 30.548176] [ 30.548196] The buggy address belongs to the physical page: [ 30.548225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.549031] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.549138] page_type: f5(slab) [ 30.549216] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.549609] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.549782] page dumped because: kasan: bad access detected [ 30.549831] [ 30.549850] Memory state around the buggy address: [ 30.550025] fff00000c404fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.550246] fff00000c404fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.550328] >fff00000c404fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.550504] ^ [ 30.550701] fff00000c404fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.550806] fff00000c404fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.550896] ================================================================== [ 30.535171] ================================================================== [ 30.535224] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.535275] Write of size 1 at addr fff00000c404fa78 by task kunit_try_catch/175 [ 30.535325] [ 30.535356] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.535460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.535487] Hardware name: linux,dummy-virt (DT) [ 30.535517] Call trace: [ 30.535870] show_stack+0x20/0x38 (C) [ 30.536197] dump_stack_lvl+0x8c/0xd0 [ 30.536406] print_report+0x118/0x608 [ 30.536885] kasan_report+0xdc/0x128 [ 30.536992] __asan_report_store1_noabort+0x20/0x30 [ 30.537190] kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.537413] kunit_try_run_case+0x170/0x3f0 [ 30.537598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.537746] kthread+0x328/0x630 [ 30.537800] ret_from_fork+0x10/0x20 [ 30.538639] [ 30.538665] Allocated by task 175: [ 30.538696] kasan_save_stack+0x3c/0x68 [ 30.538757] kasan_save_track+0x20/0x40 [ 30.538819] kasan_save_alloc_info+0x40/0x58 [ 30.538899] __kasan_kmalloc+0xd4/0xd8 [ 30.538970] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.539208] kmalloc_track_caller_oob_right+0xa8/0x488 [ 30.539591] kunit_try_run_case+0x170/0x3f0 [ 30.539934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.540110] kthread+0x328/0x630 [ 30.540162] ret_from_fork+0x10/0x20 [ 30.540199] [ 30.540219] The buggy address belongs to the object at fff00000c404fa00 [ 30.540219] which belongs to the cache kmalloc-128 of size 128 [ 30.540540] The buggy address is located 0 bytes to the right of [ 30.540540] allocated 120-byte region [fff00000c404fa00, fff00000c404fa78) [ 30.541065] [ 30.541185] The buggy address belongs to the physical page: [ 30.541223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.541311] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.541420] page_type: f5(slab) [ 30.541499] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.541598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.541672] page dumped because: kasan: bad access detected [ 30.541773] [ 30.541823] Memory state around the buggy address: [ 30.541874] fff00000c404f900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.542046] fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.542327] >fff00000c404fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.542551] ^ [ 30.542682] fff00000c404fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.542900] fff00000c404fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.543024] ==================================================================
[ 32.375176] ================================================================== [ 32.375359] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 32.375591] Write of size 1 at addr fff00000c63fb678 by task kunit_try_catch/173 [ 32.375647] [ 32.375678] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.375762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.375788] Hardware name: linux,dummy-virt (DT) [ 32.375835] Call trace: [ 32.375956] show_stack+0x20/0x38 (C) [ 32.376010] dump_stack_lvl+0x8c/0xd0 [ 32.376248] print_report+0x118/0x608 [ 32.376302] kasan_report+0xdc/0x128 [ 32.376350] __asan_report_store1_noabort+0x20/0x30 [ 32.376399] kmalloc_track_caller_oob_right+0x418/0x488 [ 32.376450] kunit_try_run_case+0x170/0x3f0 [ 32.376511] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.376678] kthread+0x328/0x630 [ 32.376720] ret_from_fork+0x10/0x20 [ 32.376792] [ 32.377136] Allocated by task 173: [ 32.377398] kasan_save_stack+0x3c/0x68 [ 32.377444] kasan_save_track+0x20/0x40 [ 32.377537] kasan_save_alloc_info+0x40/0x58 [ 32.377574] __kasan_kmalloc+0xd4/0xd8 [ 32.377631] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.377818] kmalloc_track_caller_oob_right+0x184/0x488 [ 32.377932] kunit_try_run_case+0x170/0x3f0 [ 32.377997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.378046] kthread+0x328/0x630 [ 32.378079] ret_from_fork+0x10/0x20 [ 32.378425] [ 32.378665] The buggy address belongs to the object at fff00000c63fb600 [ 32.378665] which belongs to the cache kmalloc-128 of size 128 [ 32.378756] The buggy address is located 0 bytes to the right of [ 32.378756] allocated 120-byte region [fff00000c63fb600, fff00000c63fb678) [ 32.378818] [ 32.378837] The buggy address belongs to the physical page: [ 32.379128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.379408] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.379517] page_type: f5(slab) [ 32.379601] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.379840] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.379985] page dumped because: kasan: bad access detected [ 32.380018] [ 32.380035] Memory state around the buggy address: [ 32.380203] fff00000c63fb500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.380249] fff00000c63fb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.380365] >fff00000c63fb600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.380561] ^ [ 32.380664] fff00000c63fb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.380844] fff00000c63fb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.380913] ================================================================== [ 32.368620] ================================================================== [ 32.368677] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.368733] Write of size 1 at addr fff00000c63fb578 by task kunit_try_catch/173 [ 32.368783] [ 32.368815] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.368901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.368927] Hardware name: linux,dummy-virt (DT) [ 32.368958] Call trace: [ 32.369098] show_stack+0x20/0x38 (C) [ 32.369174] dump_stack_lvl+0x8c/0xd0 [ 32.369224] print_report+0x118/0x608 [ 32.369586] kasan_report+0xdc/0x128 [ 32.369856] __asan_report_store1_noabort+0x20/0x30 [ 32.369912] kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.369986] kunit_try_run_case+0x170/0x3f0 [ 32.370113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.370176] kthread+0x328/0x630 [ 32.370219] ret_from_fork+0x10/0x20 [ 32.370266] [ 32.370284] Allocated by task 173: [ 32.370312] kasan_save_stack+0x3c/0x68 [ 32.370354] kasan_save_track+0x20/0x40 [ 32.370392] kasan_save_alloc_info+0x40/0x58 [ 32.370429] __kasan_kmalloc+0xd4/0xd8 [ 32.370466] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.370509] kmalloc_track_caller_oob_right+0xa8/0x488 [ 32.370551] kunit_try_run_case+0x170/0x3f0 [ 32.370590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.371018] kthread+0x328/0x630 [ 32.371371] ret_from_fork+0x10/0x20 [ 32.371536] [ 32.371627] The buggy address belongs to the object at fff00000c63fb500 [ 32.371627] which belongs to the cache kmalloc-128 of size 128 [ 32.371804] The buggy address is located 0 bytes to the right of [ 32.371804] allocated 120-byte region [fff00000c63fb500, fff00000c63fb578) [ 32.372033] [ 32.372056] The buggy address belongs to the physical page: [ 32.372227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.372361] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.372411] page_type: f5(slab) [ 32.372450] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.372506] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.372546] page dumped because: kasan: bad access detected [ 32.372575] [ 32.372593] Memory state around the buggy address: [ 32.372786] fff00000c63fb400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.373026] fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.373117] >fff00000c63fb500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.373216] ^ [ 32.373295] fff00000c63fb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.373393] fff00000c63fb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.373464] ==================================================================
[ 22.530716] ================================================================== [ 22.531193] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.531465] Write of size 1 at addr ffff888104950178 by task kunit_try_catch/190 [ 22.532814] [ 22.533081] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.533137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.533151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.533173] Call Trace: [ 22.533186] <TASK> [ 22.533205] dump_stack_lvl+0x73/0xb0 [ 22.533238] print_report+0xd1/0x650 [ 22.533261] ? __virt_addr_valid+0x1db/0x2d0 [ 22.533284] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.533346] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533376] kasan_report+0x141/0x180 [ 22.533397] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533469] __asan_report_store1_noabort+0x1b/0x30 [ 22.533492] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533527] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.533551] ? __schedule+0x207f/0x2b60 [ 22.533572] ? __pfx_read_tsc+0x10/0x10 [ 22.533593] ? ktime_get_ts64+0x86/0x230 [ 22.533618] kunit_try_run_case+0x1a5/0x480 [ 22.533643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.533666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.533697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.533718] ? __kthread_parkme+0x82/0x180 [ 22.533742] ? preempt_count_sub+0x50/0x80 [ 22.533765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.533789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.533812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.533836] kthread+0x337/0x6f0 [ 22.533855] ? trace_preempt_on+0x20/0xc0 [ 22.533878] ? __pfx_kthread+0x10/0x10 [ 22.533898] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.533921] ? calculate_sigpending+0x7b/0xa0 [ 22.533944] ? __pfx_kthread+0x10/0x10 [ 22.533964] ret_from_fork+0x116/0x1d0 [ 22.533982] ? __pfx_kthread+0x10/0x10 [ 22.534002] ret_from_fork_asm+0x1a/0x30 [ 22.534033] </TASK> [ 22.534045] [ 22.547890] Allocated by task 190: [ 22.548299] kasan_save_stack+0x45/0x70 [ 22.548455] kasan_save_track+0x18/0x40 [ 22.548787] kasan_save_alloc_info+0x3b/0x50 [ 22.549384] __kasan_kmalloc+0xb7/0xc0 [ 22.549802] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.550225] kmalloc_track_caller_oob_right+0x99/0x520 [ 22.550402] kunit_try_run_case+0x1a5/0x480 [ 22.550560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.551074] kthread+0x337/0x6f0 [ 22.551196] ret_from_fork+0x116/0x1d0 [ 22.551331] ret_from_fork_asm+0x1a/0x30 [ 22.551463] [ 22.551630] The buggy address belongs to the object at ffff888104950100 [ 22.551630] which belongs to the cache kmalloc-128 of size 128 [ 22.552884] The buggy address is located 0 bytes to the right of [ 22.552884] allocated 120-byte region [ffff888104950100, ffff888104950178) [ 22.554336] [ 22.554414] The buggy address belongs to the physical page: [ 22.554805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 22.555505] flags: 0x200000000000000(node=0|zone=2) [ 22.555673] page_type: f5(slab) [ 22.555902] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.556781] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.557350] page dumped because: kasan: bad access detected [ 22.557911] [ 22.558065] Memory state around the buggy address: [ 22.558620] ffff888104950000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.558993] ffff888104950080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.559512] >ffff888104950100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.560008] ^ [ 22.560209] ffff888104950180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.560422] ffff888104950200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.560636] ================================================================== [ 22.561824] ================================================================== [ 22.563010] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.563616] Write of size 1 at addr ffff888104950278 by task kunit_try_catch/190 [ 22.564262] [ 22.564455] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.564504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.564517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.564538] Call Trace: [ 22.564551] <TASK> [ 22.564569] dump_stack_lvl+0x73/0xb0 [ 22.564598] print_report+0xd1/0x650 [ 22.564620] ? __virt_addr_valid+0x1db/0x2d0 [ 22.564644] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.564692] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564716] kasan_report+0x141/0x180 [ 22.564736] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564764] __asan_report_store1_noabort+0x1b/0x30 [ 22.564787] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564810] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.564835] ? __schedule+0x207f/0x2b60 [ 22.564856] ? __pfx_read_tsc+0x10/0x10 [ 22.564885] ? ktime_get_ts64+0x86/0x230 [ 22.564909] kunit_try_run_case+0x1a5/0x480 [ 22.564934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.564957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.564978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.564999] ? __kthread_parkme+0x82/0x180 [ 22.565019] ? preempt_count_sub+0x50/0x80 [ 22.565042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.565067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.565090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.565113] kthread+0x337/0x6f0 [ 22.565133] ? trace_preempt_on+0x20/0xc0 [ 22.565157] ? __pfx_kthread+0x10/0x10 [ 22.565177] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.565200] ? calculate_sigpending+0x7b/0xa0 [ 22.565224] ? __pfx_kthread+0x10/0x10 [ 22.565244] ret_from_fork+0x116/0x1d0 [ 22.565262] ? __pfx_kthread+0x10/0x10 [ 22.565282] ret_from_fork_asm+0x1a/0x30 [ 22.565324] </TASK> [ 22.565335] [ 22.574571] Allocated by task 190: [ 22.574764] kasan_save_stack+0x45/0x70 [ 22.575026] kasan_save_track+0x18/0x40 [ 22.575166] kasan_save_alloc_info+0x3b/0x50 [ 22.575320] __kasan_kmalloc+0xb7/0xc0 [ 22.575445] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.575633] kmalloc_track_caller_oob_right+0x19a/0x520 [ 22.576018] kunit_try_run_case+0x1a5/0x480 [ 22.576213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.576468] kthread+0x337/0x6f0 [ 22.576603] ret_from_fork+0x116/0x1d0 [ 22.576728] ret_from_fork_asm+0x1a/0x30 [ 22.576860] [ 22.576927] The buggy address belongs to the object at ffff888104950200 [ 22.576927] which belongs to the cache kmalloc-128 of size 128 [ 22.578167] The buggy address is located 0 bytes to the right of [ 22.578167] allocated 120-byte region [ffff888104950200, ffff888104950278) [ 22.578736] [ 22.578881] The buggy address belongs to the physical page: [ 22.579098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 22.579419] flags: 0x200000000000000(node=0|zone=2) [ 22.579577] page_type: f5(slab) [ 22.579745] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.580076] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.580413] page dumped because: kasan: bad access detected [ 22.580613] [ 22.580676] Memory state around the buggy address: [ 22.580821] ffff888104950100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.581225] ffff888104950180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.581688] >ffff888104950200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.581897] ^ [ 22.582295] ffff888104950280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.582891] ffff888104950300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.583205] ==================================================================
[ 22.747617] ================================================================== [ 22.747926] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.748358] Write of size 1 at addr ffff88810255e578 by task kunit_try_catch/191 [ 22.748671] [ 22.749082] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.749139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.749153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.749176] Call Trace: [ 22.749415] <TASK> [ 22.749438] dump_stack_lvl+0x73/0xb0 [ 22.749471] print_report+0xd1/0x650 [ 22.749494] ? __virt_addr_valid+0x1db/0x2d0 [ 22.749518] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.749570] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749594] kasan_report+0x141/0x180 [ 22.749615] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749645] __asan_report_store1_noabort+0x1b/0x30 [ 22.749669] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.749692] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.749717] ? __schedule+0x10cc/0x2b60 [ 22.749739] ? __pfx_read_tsc+0x10/0x10 [ 22.749761] ? ktime_get_ts64+0x86/0x230 [ 22.749786] kunit_try_run_case+0x1a5/0x480 [ 22.749812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.749843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.749865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.749886] ? __kthread_parkme+0x82/0x180 [ 22.749907] ? preempt_count_sub+0x50/0x80 [ 22.749940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.749964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.749988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.750012] kthread+0x337/0x6f0 [ 22.750032] ? trace_preempt_on+0x20/0xc0 [ 22.750054] ? __pfx_kthread+0x10/0x10 [ 22.750086] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.750110] ? calculate_sigpending+0x7b/0xa0 [ 22.750134] ? __pfx_kthread+0x10/0x10 [ 22.750155] ret_from_fork+0x116/0x1d0 [ 22.750174] ? __pfx_kthread+0x10/0x10 [ 22.750247] ret_from_fork_asm+0x1a/0x30 [ 22.750280] </TASK> [ 22.750292] [ 22.758979] Allocated by task 191: [ 22.759398] kasan_save_stack+0x45/0x70 [ 22.759594] kasan_save_track+0x18/0x40 [ 22.759755] kasan_save_alloc_info+0x3b/0x50 [ 22.759945] __kasan_kmalloc+0xb7/0xc0 [ 22.760526] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.760796] kmalloc_track_caller_oob_right+0x19a/0x520 [ 22.760988] kunit_try_run_case+0x1a5/0x480 [ 22.761282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.761491] kthread+0x337/0x6f0 [ 22.761641] ret_from_fork+0x116/0x1d0 [ 22.761811] ret_from_fork_asm+0x1a/0x30 [ 22.761960] [ 22.762057] The buggy address belongs to the object at ffff88810255e500 [ 22.762057] which belongs to the cache kmalloc-128 of size 128 [ 22.762708] The buggy address is located 0 bytes to the right of [ 22.762708] allocated 120-byte region [ffff88810255e500, ffff88810255e578) [ 22.763257] [ 22.763359] The buggy address belongs to the physical page: [ 22.763560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.763849] flags: 0x200000000000000(node=0|zone=2) [ 22.764091] page_type: f5(slab) [ 22.764465] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.764730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.765115] page dumped because: kasan: bad access detected [ 22.765370] [ 22.765438] Memory state around the buggy address: [ 22.765639] ffff88810255e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.765910] ffff88810255e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.766213] >ffff88810255e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.766477] ^ [ 22.766768] ffff88810255e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.767094] ffff88810255e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.767298] ================================================================== [ 22.721866] ================================================================== [ 22.722693] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.723634] Write of size 1 at addr ffff88810255e478 by task kunit_try_catch/191 [ 22.724764] [ 22.724950] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.725029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.725043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.725091] Call Trace: [ 22.725107] <TASK> [ 22.725127] dump_stack_lvl+0x73/0xb0 [ 22.725164] print_report+0xd1/0x650 [ 22.725203] ? __virt_addr_valid+0x1db/0x2d0 [ 22.725227] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725252] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.725277] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725301] kasan_report+0x141/0x180 [ 22.725322] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725350] __asan_report_store1_noabort+0x1b/0x30 [ 22.725374] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.725398] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.725422] ? __schedule+0x10cc/0x2b60 [ 22.725443] ? __pfx_read_tsc+0x10/0x10 [ 22.725465] ? ktime_get_ts64+0x86/0x230 [ 22.725489] kunit_try_run_case+0x1a5/0x480 [ 22.725516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.725538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.725559] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.725580] ? __kthread_parkme+0x82/0x180 [ 22.725600] ? preempt_count_sub+0x50/0x80 [ 22.725623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.725647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.725670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.725693] kthread+0x337/0x6f0 [ 22.725713] ? trace_preempt_on+0x20/0xc0 [ 22.725736] ? __pfx_kthread+0x10/0x10 [ 22.725755] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.725779] ? calculate_sigpending+0x7b/0xa0 [ 22.725803] ? __pfx_kthread+0x10/0x10 [ 22.725830] ret_from_fork+0x116/0x1d0 [ 22.725849] ? __pfx_kthread+0x10/0x10 [ 22.725869] ret_from_fork_asm+0x1a/0x30 [ 22.725900] </TASK> [ 22.725912] [ 22.736417] Allocated by task 191: [ 22.736647] kasan_save_stack+0x45/0x70 [ 22.736849] kasan_save_track+0x18/0x40 [ 22.736973] kasan_save_alloc_info+0x3b/0x50 [ 22.737147] __kasan_kmalloc+0xb7/0xc0 [ 22.737348] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.737659] kmalloc_track_caller_oob_right+0x99/0x520 [ 22.737922] kunit_try_run_case+0x1a5/0x480 [ 22.738152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.738372] kthread+0x337/0x6f0 [ 22.738563] ret_from_fork+0x116/0x1d0 [ 22.738744] ret_from_fork_asm+0x1a/0x30 [ 22.738951] [ 22.739039] The buggy address belongs to the object at ffff88810255e400 [ 22.739039] which belongs to the cache kmalloc-128 of size 128 [ 22.739384] The buggy address is located 0 bytes to the right of [ 22.739384] allocated 120-byte region [ffff88810255e400, ffff88810255e478) [ 22.739998] [ 22.740119] The buggy address belongs to the physical page: [ 22.740485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.740730] flags: 0x200000000000000(node=0|zone=2) [ 22.741512] page_type: f5(slab) [ 22.741720] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.742437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.742761] page dumped because: kasan: bad access detected [ 22.743288] [ 22.743377] Memory state around the buggy address: [ 22.743836] ffff88810255e300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.744288] ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.744590] >ffff88810255e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.744880] ^ [ 22.745578] ffff88810255e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.746029] ffff88810255e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.746493] ==================================================================