Date
July 4, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.310029] ================================================================== [ 29.310092] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.310146] Write of size 1 at addr fff00000c5a97878 by task kunit_try_catch/175 [ 29.310196] [ 29.310228] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.310311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.310337] Hardware name: linux,dummy-virt (DT) [ 29.310369] Call trace: [ 29.310482] show_stack+0x20/0x38 (C) [ 29.310532] dump_stack_lvl+0x8c/0xd0 [ 29.310577] print_report+0x118/0x608 [ 29.310632] kasan_report+0xdc/0x128 [ 29.310679] __asan_report_store1_noabort+0x20/0x30 [ 29.311106] kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.311550] kunit_try_run_case+0x170/0x3f0 [ 29.311630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.311684] kthread+0x328/0x630 [ 29.311726] ret_from_fork+0x10/0x20 [ 29.311784] [ 29.311804] Allocated by task 175: [ 29.311832] kasan_save_stack+0x3c/0x68 [ 29.312020] kasan_save_track+0x20/0x40 [ 29.312217] kasan_save_alloc_info+0x40/0x58 [ 29.312253] __kasan_kmalloc+0xd4/0xd8 [ 29.312704] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.312981] kmalloc_track_caller_oob_right+0xa8/0x488 [ 29.313141] kunit_try_run_case+0x170/0x3f0 [ 29.313283] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.313349] kthread+0x328/0x630 [ 29.313381] ret_from_fork+0x10/0x20 [ 29.313416] [ 29.313436] The buggy address belongs to the object at fff00000c5a97800 [ 29.313436] which belongs to the cache kmalloc-128 of size 128 [ 29.313627] The buggy address is located 0 bytes to the right of [ 29.313627] allocated 120-byte region [fff00000c5a97800, fff00000c5a97878) [ 29.313866] [ 29.313888] The buggy address belongs to the physical page: [ 29.313928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.313979] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.314286] page_type: f5(slab) [ 29.314393] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.314521] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.314561] page dumped because: kasan: bad access detected [ 29.314592] [ 29.314610] Memory state around the buggy address: [ 29.314650] fff00000c5a97700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.314692] fff00000c5a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.315119] >fff00000c5a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.315159] ^ [ 29.315199] fff00000c5a97880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.315881] fff00000c5a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.315953] ================================================================== [ 29.317012] ================================================================== [ 29.317063] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 29.317115] Write of size 1 at addr fff00000c5a97978 by task kunit_try_catch/175 [ 29.319529] [ 29.319632] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT [ 29.322422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.322506] Hardware name: linux,dummy-virt (DT) [ 29.322655] Call trace: [ 29.322681] show_stack+0x20/0x38 (C) [ 29.322741] dump_stack_lvl+0x8c/0xd0 [ 29.322849] print_report+0x118/0x608 [ 29.322974] kasan_report+0xdc/0x128 [ 29.323096] __asan_report_store1_noabort+0x20/0x30 [ 29.323213] kmalloc_track_caller_oob_right+0x418/0x488 [ 29.323264] kunit_try_run_case+0x170/0x3f0 [ 29.323316] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.323369] kthread+0x328/0x630 [ 29.323411] ret_from_fork+0x10/0x20 [ 29.323748] [ 29.323774] Allocated by task 175: [ 29.323804] kasan_save_stack+0x3c/0x68 [ 29.323848] kasan_save_track+0x20/0x40 [ 29.324542] kasan_save_alloc_info+0x40/0x58 [ 29.325156] __kasan_kmalloc+0xd4/0xd8 [ 29.326956] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.327021] kmalloc_track_caller_oob_right+0x184/0x488 [ 29.327063] kunit_try_run_case+0x170/0x3f0 [ 29.327101] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.327145] kthread+0x328/0x630 [ 29.327177] ret_from_fork+0x10/0x20 [ 29.327213] [ 29.327233] The buggy address belongs to the object at fff00000c5a97900 [ 29.327233] which belongs to the cache kmalloc-128 of size 128 [ 29.327294] The buggy address is located 0 bytes to the right of [ 29.327294] allocated 120-byte region [fff00000c5a97900, fff00000c5a97978) [ 29.327356] [ 29.327377] The buggy address belongs to the physical page: [ 29.327407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a97 [ 29.327457] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.327503] page_type: f5(slab) [ 29.327539] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.327588] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.327628] page dumped because: kasan: bad access detected [ 29.327658] [ 29.327676] Memory state around the buggy address: [ 29.327706] fff00000c5a97800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.327746] fff00000c5a97880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327787] >fff00000c5a97900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.327822] ^ [ 29.327860] fff00000c5a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327913] fff00000c5a97a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327950] ==================================================================
[ 24.268921] ================================================================== [ 24.269197] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.269524] Write of size 1 at addr ffff888103d62c78 by task kunit_try_catch/191 [ 24.269777] [ 24.269977] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.270031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.270045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.270069] Call Trace: [ 24.270084] <TASK> [ 24.270106] dump_stack_lvl+0x73/0xb0 [ 24.270136] print_report+0xd1/0x650 [ 24.270160] ? __virt_addr_valid+0x1db/0x2d0 [ 24.270186] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270212] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.270241] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270268] kasan_report+0x141/0x180 [ 24.270292] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270324] __asan_report_store1_noabort+0x1b/0x30 [ 24.270351] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270377] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.270419] ? __schedule+0x10cc/0x2b60 [ 24.270447] ? __pfx_read_tsc+0x10/0x10 [ 24.270471] ? ktime_get_ts64+0x86/0x230 [ 24.270499] kunit_try_run_case+0x1a5/0x480 [ 24.270527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.270553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.270579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.270606] ? __kthread_parkme+0x82/0x180 [ 24.270629] ? preempt_count_sub+0x50/0x80 [ 24.270655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.270682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.270709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.270736] kthread+0x337/0x6f0 [ 24.270757] ? trace_preempt_on+0x20/0xc0 [ 24.270784] ? __pfx_kthread+0x10/0x10 [ 24.270807] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.270832] ? calculate_sigpending+0x7b/0xa0 [ 24.270858] ? __pfx_kthread+0x10/0x10 [ 24.270882] ret_from_fork+0x116/0x1d0 [ 24.270911] ? __pfx_kthread+0x10/0x10 [ 24.270934] ret_from_fork_asm+0x1a/0x30 [ 24.270969] </TASK> [ 24.270982] [ 24.284540] Allocated by task 191: [ 24.284947] kasan_save_stack+0x45/0x70 [ 24.285104] kasan_save_track+0x18/0x40 [ 24.285268] kasan_save_alloc_info+0x3b/0x50 [ 24.285437] __kasan_kmalloc+0xb7/0xc0 [ 24.285731] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.286409] kmalloc_track_caller_oob_right+0x19a/0x520 [ 24.287027] kunit_try_run_case+0x1a5/0x480 [ 24.287553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.288185] kthread+0x337/0x6f0 [ 24.288635] ret_from_fork+0x116/0x1d0 [ 24.288860] ret_from_fork_asm+0x1a/0x30 [ 24.289322] [ 24.289539] The buggy address belongs to the object at ffff888103d62c00 [ 24.289539] which belongs to the cache kmalloc-128 of size 128 [ 24.290401] The buggy address is located 0 bytes to the right of [ 24.290401] allocated 120-byte region [ffff888103d62c00, ffff888103d62c78) [ 24.290807] [ 24.290893] The buggy address belongs to the physical page: [ 24.291488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.292418] flags: 0x200000000000000(node=0|zone=2) [ 24.293500] page_type: f5(slab) [ 24.293847] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.294713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.295732] page dumped because: kasan: bad access detected [ 24.296470] [ 24.296667] Memory state around the buggy address: [ 24.296837] ffff888103d62b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.297146] ffff888103d62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.298143] >ffff888103d62c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.298891] ^ [ 24.299617] ffff888103d62c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.300005] ffff888103d62d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.300304] ================================================================== [ 24.235154] ================================================================== [ 24.236475] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.237170] Write of size 1 at addr ffff888103d62b78 by task kunit_try_catch/191 [ 24.237895] [ 24.238147] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.238203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.238217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.238241] Call Trace: [ 24.238256] <TASK> [ 24.238276] dump_stack_lvl+0x73/0xb0 [ 24.238306] print_report+0xd1/0x650 [ 24.238330] ? __virt_addr_valid+0x1db/0x2d0 [ 24.238354] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238378] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.238416] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238441] kasan_report+0x141/0x180 [ 24.238463] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238492] __asan_report_store1_noabort+0x1b/0x30 [ 24.238516] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238541] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.238566] ? __schedule+0x10cc/0x2b60 [ 24.238591] ? __pfx_read_tsc+0x10/0x10 [ 24.238614] ? ktime_get_ts64+0x86/0x230 [ 24.238639] kunit_try_run_case+0x1a5/0x480 [ 24.238667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.238690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.238715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.238739] ? __kthread_parkme+0x82/0x180 [ 24.238761] ? preempt_count_sub+0x50/0x80 [ 24.238785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.238811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.238835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.238860] kthread+0x337/0x6f0 [ 24.238880] ? trace_preempt_on+0x20/0xc0 [ 24.238905] ? __pfx_kthread+0x10/0x10 [ 24.238926] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.238948] ? calculate_sigpending+0x7b/0xa0 [ 24.238972] ? __pfx_kthread+0x10/0x10 [ 24.238994] ret_from_fork+0x116/0x1d0 [ 24.239014] ? __pfx_kthread+0x10/0x10 [ 24.239035] ret_from_fork_asm+0x1a/0x30 [ 24.239067] </TASK> [ 24.239080] [ 24.251007] Allocated by task 191: [ 24.251156] kasan_save_stack+0x45/0x70 [ 24.251310] kasan_save_track+0x18/0x40 [ 24.251457] kasan_save_alloc_info+0x3b/0x50 [ 24.251604] __kasan_kmalloc+0xb7/0xc0 [ 24.251737] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.251919] kmalloc_track_caller_oob_right+0x99/0x520 [ 24.252086] kunit_try_run_case+0x1a5/0x480 [ 24.252234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.253059] kthread+0x337/0x6f0 [ 24.253715] ret_from_fork+0x116/0x1d0 [ 24.254544] ret_from_fork_asm+0x1a/0x30 [ 24.255065] [ 24.255452] The buggy address belongs to the object at ffff888103d62b00 [ 24.255452] which belongs to the cache kmalloc-128 of size 128 [ 24.257162] The buggy address is located 0 bytes to the right of [ 24.257162] allocated 120-byte region [ffff888103d62b00, ffff888103d62b78) [ 24.258848] [ 24.259167] The buggy address belongs to the physical page: [ 24.260038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.261095] flags: 0x200000000000000(node=0|zone=2) [ 24.261467] page_type: f5(slab) [ 24.261601] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.261844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.262537] page dumped because: kasan: bad access detected [ 24.263168] [ 24.263344] Memory state around the buggy address: [ 24.263952] ffff888103d62a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.264673] ffff888103d62a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.265431] >ffff888103d62b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.265874] ^ [ 24.266645] ffff888103d62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.266934] ffff888103d62c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.267610] ==================================================================