Date
July 17, 2025, 10:12 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.301859] ================================================================== [ 29.301927] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 29.301978] Write of size 1 at addr fff00000c59f9d78 by task kunit_try_catch/173 [ 29.302077] [ 29.302124] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.302228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.302284] Hardware name: linux,dummy-virt (DT) [ 29.302354] Call trace: [ 29.302381] show_stack+0x20/0x38 (C) [ 29.302462] dump_stack_lvl+0x8c/0xd0 [ 29.302510] print_report+0x118/0x5d0 [ 29.302553] kasan_report+0xdc/0x128 [ 29.302606] __asan_report_store1_noabort+0x20/0x30 [ 29.302671] kmalloc_track_caller_oob_right+0x418/0x488 [ 29.302723] kunit_try_run_case+0x170/0x3f0 [ 29.302781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.302832] kthread+0x328/0x630 [ 29.302875] ret_from_fork+0x10/0x20 [ 29.303133] [ 29.303172] Allocated by task 173: [ 29.303228] kasan_save_stack+0x3c/0x68 [ 29.303289] kasan_save_track+0x20/0x40 [ 29.303353] kasan_save_alloc_info+0x40/0x58 [ 29.303408] __kasan_kmalloc+0xd4/0xd8 [ 29.303461] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.303559] kmalloc_track_caller_oob_right+0x184/0x488 [ 29.303601] kunit_try_run_case+0x170/0x3f0 [ 29.303636] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.303693] kthread+0x328/0x630 [ 29.303744] ret_from_fork+0x10/0x20 [ 29.303805] [ 29.303843] The buggy address belongs to the object at fff00000c59f9d00 [ 29.303843] which belongs to the cache kmalloc-128 of size 128 [ 29.303925] The buggy address is located 0 bytes to the right of [ 29.303925] allocated 120-byte region [fff00000c59f9d00, fff00000c59f9d78) [ 29.304064] [ 29.304102] The buggy address belongs to the physical page: [ 29.304130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059f9 [ 29.304179] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.304242] page_type: f5(slab) [ 29.304993] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 29.305048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.305442] page dumped because: kasan: bad access detected [ 29.305472] [ 29.305489] Memory state around the buggy address: [ 29.305518] fff00000c59f9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.305559] fff00000c59f9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.305599] >fff00000c59f9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.305634] ^ [ 29.305671] fff00000c59f9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.305710] fff00000c59f9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.305745] ================================================================== [ 29.296600] ================================================================== [ 29.296727] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.296809] Write of size 1 at addr fff00000c59f9c78 by task kunit_try_catch/173 [ 29.296899] [ 29.296941] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT [ 29.297023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.297202] Hardware name: linux,dummy-virt (DT) [ 29.297300] Call trace: [ 29.297449] show_stack+0x20/0x38 (C) [ 29.297578] dump_stack_lvl+0x8c/0xd0 [ 29.297719] print_report+0x118/0x5d0 [ 29.297788] kasan_report+0xdc/0x128 [ 29.297874] __asan_report_store1_noabort+0x20/0x30 [ 29.297935] kmalloc_track_caller_oob_right+0x40c/0x488 [ 29.298010] kunit_try_run_case+0x170/0x3f0 [ 29.298171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.298332] kthread+0x328/0x630 [ 29.298412] ret_from_fork+0x10/0x20 [ 29.298459] [ 29.298477] Allocated by task 173: [ 29.298505] kasan_save_stack+0x3c/0x68 [ 29.298542] kasan_save_track+0x20/0x40 [ 29.298576] kasan_save_alloc_info+0x40/0x58 [ 29.298612] __kasan_kmalloc+0xd4/0xd8 [ 29.298644] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.298723] kmalloc_track_caller_oob_right+0xa8/0x488 [ 29.298778] kunit_try_run_case+0x170/0x3f0 [ 29.298812] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.298853] kthread+0x328/0x630 [ 29.298896] ret_from_fork+0x10/0x20 [ 29.299020] [ 29.299108] The buggy address belongs to the object at fff00000c59f9c00 [ 29.299108] which belongs to the cache kmalloc-128 of size 128 [ 29.299205] The buggy address is located 0 bytes to the right of [ 29.299205] allocated 120-byte region [fff00000c59f9c00, fff00000c59f9c78) [ 29.299310] [ 29.299346] The buggy address belongs to the physical page: [ 29.299394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059f9 [ 29.299497] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.299616] page_type: f5(slab) [ 29.299700] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 29.299840] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.299980] page dumped because: kasan: bad access detected [ 29.300010] [ 29.300028] Memory state around the buggy address: [ 29.300077] fff00000c59f9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.300118] fff00000c59f9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.300158] >fff00000c59f9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.300442] ^ [ 29.300546] fff00000c59f9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.300651] fff00000c59f9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.300736] ==================================================================
[ 25.104550] ================================================================== [ 25.104946] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.105212] Write of size 1 at addr ffff88810553d478 by task kunit_try_catch/191 [ 25.106415] [ 25.106772] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.106826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.106838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.106858] Call Trace: [ 25.106870] <TASK> [ 25.106885] dump_stack_lvl+0x73/0xb0 [ 25.106953] print_report+0xd1/0x610 [ 25.106975] ? __virt_addr_valid+0x1db/0x2d0 [ 25.106998] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107134] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.107165] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107189] kasan_report+0x141/0x180 [ 25.107210] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107239] __asan_report_store1_noabort+0x1b/0x30 [ 25.107262] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107285] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.107309] ? __schedule+0x10c6/0x2b60 [ 25.107331] ? __pfx_read_tsc+0x10/0x10 [ 25.107351] ? ktime_get_ts64+0x86/0x230 [ 25.107375] kunit_try_run_case+0x1a5/0x480 [ 25.107398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.107418] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.107440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.107462] ? __kthread_parkme+0x82/0x180 [ 25.107485] ? preempt_count_sub+0x50/0x80 [ 25.107507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.107530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.107551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.107573] kthread+0x337/0x6f0 [ 25.107591] ? trace_preempt_on+0x20/0xc0 [ 25.107614] ? __pfx_kthread+0x10/0x10 [ 25.107633] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.107654] ? calculate_sigpending+0x7b/0xa0 [ 25.107676] ? __pfx_kthread+0x10/0x10 [ 25.107696] ret_from_fork+0x116/0x1d0 [ 25.107714] ? __pfx_kthread+0x10/0x10 [ 25.107733] ret_from_fork_asm+0x1a/0x30 [ 25.107763] </TASK> [ 25.107773] [ 25.120446] Allocated by task 191: [ 25.120605] kasan_save_stack+0x45/0x70 [ 25.121039] kasan_save_track+0x18/0x40 [ 25.121299] kasan_save_alloc_info+0x3b/0x50 [ 25.121436] __kasan_kmalloc+0xb7/0xc0 [ 25.121555] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.121983] kmalloc_track_caller_oob_right+0x99/0x520 [ 25.122155] kunit_try_run_case+0x1a5/0x480 [ 25.122573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.122892] kthread+0x337/0x6f0 [ 25.123004] ret_from_fork+0x116/0x1d0 [ 25.123136] ret_from_fork_asm+0x1a/0x30 [ 25.123606] [ 25.123752] The buggy address belongs to the object at ffff88810553d400 [ 25.123752] which belongs to the cache kmalloc-128 of size 128 [ 25.124825] The buggy address is located 0 bytes to the right of [ 25.124825] allocated 120-byte region [ffff88810553d400, ffff88810553d478) [ 25.126100] [ 25.126286] The buggy address belongs to the physical page: [ 25.126686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.127469] flags: 0x200000000000000(node=0|zone=2) [ 25.127889] page_type: f5(slab) [ 25.128216] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.128846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.129445] page dumped because: kasan: bad access detected [ 25.129727] [ 25.129788] Memory state around the buggy address: [ 25.129940] ffff88810553d300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.130150] ffff88810553d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.130380] >ffff88810553d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.130781] ^ [ 25.131051] ffff88810553d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.131382] ffff88810553d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.131822] ================================================================== [ 25.132628] ================================================================== [ 25.132856] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.133251] Write of size 1 at addr ffff88810553d578 by task kunit_try_catch/191 [ 25.133637] [ 25.133743] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.133788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.133819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.133838] Call Trace: [ 25.133871] <TASK> [ 25.133884] dump_stack_lvl+0x73/0xb0 [ 25.133912] print_report+0xd1/0x610 [ 25.133937] ? __virt_addr_valid+0x1db/0x2d0 [ 25.133958] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.133981] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.134005] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134029] kasan_report+0x141/0x180 [ 25.134050] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134090] __asan_report_store1_noabort+0x1b/0x30 [ 25.134113] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134136] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.134161] ? __schedule+0x10c6/0x2b60 [ 25.134183] ? __pfx_read_tsc+0x10/0x10 [ 25.134203] ? ktime_get_ts64+0x86/0x230 [ 25.134227] kunit_try_run_case+0x1a5/0x480 [ 25.134263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.134285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.134405] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.134430] ? __kthread_parkme+0x82/0x180 [ 25.134453] ? preempt_count_sub+0x50/0x80 [ 25.134475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.134498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.134521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.134543] kthread+0x337/0x6f0 [ 25.134561] ? trace_preempt_on+0x20/0xc0 [ 25.134583] ? __pfx_kthread+0x10/0x10 [ 25.134602] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.134624] ? calculate_sigpending+0x7b/0xa0 [ 25.134646] ? __pfx_kthread+0x10/0x10 [ 25.134666] ret_from_fork+0x116/0x1d0 [ 25.134684] ? __pfx_kthread+0x10/0x10 [ 25.134703] ret_from_fork_asm+0x1a/0x30 [ 25.134733] </TASK> [ 25.134742] [ 25.142200] Allocated by task 191: [ 25.142458] kasan_save_stack+0x45/0x70 [ 25.142627] kasan_save_track+0x18/0x40 [ 25.142902] kasan_save_alloc_info+0x3b/0x50 [ 25.143089] __kasan_kmalloc+0xb7/0xc0 [ 25.143210] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.143379] kmalloc_track_caller_oob_right+0x19a/0x520 [ 25.143566] kunit_try_run_case+0x1a5/0x480 [ 25.143762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.144033] kthread+0x337/0x6f0 [ 25.144238] ret_from_fork+0x116/0x1d0 [ 25.144437] ret_from_fork_asm+0x1a/0x30 [ 25.144784] [ 25.144869] The buggy address belongs to the object at ffff88810553d500 [ 25.144869] which belongs to the cache kmalloc-128 of size 128 [ 25.145491] The buggy address is located 0 bytes to the right of [ 25.145491] allocated 120-byte region [ffff88810553d500, ffff88810553d578) [ 25.145846] [ 25.145938] The buggy address belongs to the physical page: [ 25.146187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.146589] flags: 0x200000000000000(node=0|zone=2) [ 25.146818] page_type: f5(slab) [ 25.147060] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.147314] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.147705] page dumped because: kasan: bad access detected [ 25.147978] [ 25.148076] Memory state around the buggy address: [ 25.148313] ffff88810553d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.148543] ffff88810553d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.148887] >ffff88810553d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.149258] ^ [ 25.149632] ffff88810553d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.149965] ffff88810553d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.150189] ==================================================================