Date
July 18, 2025, 1:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.268227] ================================================================== [ 31.268281] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 31.268331] Write of size 1 at addr fff00000c3efd678 by task kunit_try_catch/173 [ 31.268379] [ 31.268407] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 31.268485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.268510] Hardware name: linux,dummy-virt (DT) [ 31.268540] Call trace: [ 31.268560] show_stack+0x20/0x38 (C) [ 31.268607] dump_stack_lvl+0x8c/0xd0 [ 31.268663] print_report+0x118/0x5e8 [ 31.268706] kasan_report+0xdc/0x128 [ 31.268747] __asan_report_store1_noabort+0x20/0x30 [ 31.268795] kmalloc_track_caller_oob_right+0x40c/0x488 [ 31.268866] kunit_try_run_case+0x170/0x3f0 [ 31.268920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.268970] kthread+0x328/0x630 [ 31.269010] ret_from_fork+0x10/0x20 [ 31.269062] [ 31.269091] Allocated by task 173: [ 31.269117] kasan_save_stack+0x3c/0x68 [ 31.269153] kasan_save_track+0x20/0x40 [ 31.269186] kasan_save_alloc_info+0x40/0x58 [ 31.269221] __kasan_kmalloc+0xd4/0xd8 [ 31.269253] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 31.269296] kmalloc_track_caller_oob_right+0xa8/0x488 [ 31.269336] kunit_try_run_case+0x170/0x3f0 [ 31.269370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.269410] kthread+0x328/0x630 [ 31.269454] ret_from_fork+0x10/0x20 [ 31.269487] [ 31.269505] The buggy address belongs to the object at fff00000c3efd600 [ 31.269505] which belongs to the cache kmalloc-128 of size 128 [ 31.269558] The buggy address is located 0 bytes to the right of [ 31.269558] allocated 120-byte region [fff00000c3efd600, fff00000c3efd678) [ 31.269618] [ 31.269636] The buggy address belongs to the physical page: [ 31.269665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103efd [ 31.269713] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.269760] page_type: f5(slab) [ 31.269796] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 31.269880] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.269970] page dumped because: kasan: bad access detected [ 31.270103] [ 31.270165] Memory state around the buggy address: [ 31.270282] fff00000c3efd500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.270351] fff00000c3efd580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.270390] >fff00000c3efd600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.270478] ^ [ 31.270535] fff00000c3efd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.270658] fff00000c3efd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.270712] ================================================================== [ 31.272142] ================================================================== [ 31.272208] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 31.272274] Write of size 1 at addr fff00000c3efd778 by task kunit_try_catch/173 [ 31.272337] [ 31.272365] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT [ 31.272448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.272474] Hardware name: linux,dummy-virt (DT) [ 31.272502] Call trace: [ 31.272522] show_stack+0x20/0x38 (C) [ 31.272567] dump_stack_lvl+0x8c/0xd0 [ 31.272612] print_report+0x118/0x5e8 [ 31.272657] kasan_report+0xdc/0x128 [ 31.272716] __asan_report_store1_noabort+0x20/0x30 [ 31.272987] kmalloc_track_caller_oob_right+0x418/0x488 [ 31.273053] kunit_try_run_case+0x170/0x3f0 [ 31.273124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.273202] kthread+0x328/0x630 [ 31.273249] ret_from_fork+0x10/0x20 [ 31.273314] [ 31.273352] Allocated by task 173: [ 31.273624] kasan_save_stack+0x3c/0x68 [ 31.273670] kasan_save_track+0x20/0x40 [ 31.273704] kasan_save_alloc_info+0x40/0x58 [ 31.273749] __kasan_kmalloc+0xd4/0xd8 [ 31.273982] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 31.274032] kmalloc_track_caller_oob_right+0x184/0x488 [ 31.274096] kunit_try_run_case+0x170/0x3f0 [ 31.274311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.274352] kthread+0x328/0x630 [ 31.274769] ret_from_fork+0x10/0x20 [ 31.274826] [ 31.274898] The buggy address belongs to the object at fff00000c3efd700 [ 31.274898] which belongs to the cache kmalloc-128 of size 128 [ 31.274952] The buggy address is located 0 bytes to the right of [ 31.274952] allocated 120-byte region [fff00000c3efd700, fff00000c3efd778) [ 31.275072] [ 31.275105] The buggy address belongs to the physical page: [ 31.275143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103efd [ 31.275209] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.275273] page_type: f5(slab) [ 31.275343] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 31.275400] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.275465] page dumped because: kasan: bad access detected [ 31.275494] [ 31.275511] Memory state around the buggy address: [ 31.275540] fff00000c3efd600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.275797] fff00000c3efd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.275914] >fff00000c3efd700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.276024] ^ [ 31.276197] fff00000c3efd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.276270] fff00000c3efd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.276341] ==================================================================
[ 24.179148] ================================================================== [ 24.180330] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.181279] Write of size 1 at addr ffff888102b06178 by task kunit_try_catch/190 [ 24.182083] [ 24.182311] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 24.182363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.182375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.182407] Call Trace: [ 24.182420] <TASK> [ 24.182435] dump_stack_lvl+0x73/0xb0 [ 24.182479] print_report+0xd1/0x640 [ 24.182501] ? __virt_addr_valid+0x1db/0x2d0 [ 24.182524] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.182547] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.182572] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.182595] kasan_report+0x141/0x180 [ 24.182622] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.182650] __asan_report_store1_noabort+0x1b/0x30 [ 24.182673] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.182696] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.182719] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.182744] ? trace_hardirqs_on+0x37/0xe0 [ 24.182767] ? __pfx_read_tsc+0x10/0x10 [ 24.182787] ? ktime_get_ts64+0x86/0x230 [ 24.182826] kunit_try_run_case+0x1a5/0x480 [ 24.182850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.182873] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.182896] ? __kthread_parkme+0x82/0x180 [ 24.182915] ? preempt_count_sub+0x50/0x80 [ 24.182937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.182959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.182981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.183002] kthread+0x337/0x6f0 [ 24.183021] ? trace_preempt_on+0x20/0xc0 [ 24.183044] ? __pfx_kthread+0x10/0x10 [ 24.183064] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.183085] ? calculate_sigpending+0x7b/0xa0 [ 24.183108] ? __pfx_kthread+0x10/0x10 [ 24.183128] ret_from_fork+0x116/0x1d0 [ 24.183146] ? __pfx_kthread+0x10/0x10 [ 24.183166] ret_from_fork_asm+0x1a/0x30 [ 24.183210] </TASK> [ 24.183222] [ 24.194012] Allocated by task 190: [ 24.194218] kasan_save_stack+0x45/0x70 [ 24.194418] kasan_save_track+0x18/0x40 [ 24.194605] kasan_save_alloc_info+0x3b/0x50 [ 24.194796] __kasan_kmalloc+0xb7/0xc0 [ 24.195030] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.195295] kmalloc_track_caller_oob_right+0x99/0x520 [ 24.195534] kunit_try_run_case+0x1a5/0x480 [ 24.195675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.195841] kthread+0x337/0x6f0 [ 24.195954] ret_from_fork+0x116/0x1d0 [ 24.196134] ret_from_fork_asm+0x1a/0x30 [ 24.196330] [ 24.196617] The buggy address belongs to the object at ffff888102b06100 [ 24.196617] which belongs to the cache kmalloc-128 of size 128 [ 24.197383] The buggy address is located 0 bytes to the right of [ 24.197383] allocated 120-byte region [ffff888102b06100, ffff888102b06178) [ 24.197956] [ 24.198047] The buggy address belongs to the physical page: [ 24.198340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b06 [ 24.198652] flags: 0x200000000000000(node=0|zone=2) [ 24.198812] page_type: f5(slab) [ 24.198927] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.199252] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.199589] page dumped because: kasan: bad access detected [ 24.199938] [ 24.200040] Memory state around the buggy address: [ 24.200249] ffff888102b06000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.200460] ffff888102b06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.200717] >ffff888102b06100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.201027] ^ [ 24.201371] ffff888102b06180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.201710] ffff888102b06200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.202212] ================================================================== [ 24.203313] ================================================================== [ 24.203601] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.204251] Write of size 1 at addr ffff888102b06278 by task kunit_try_catch/190 [ 24.204791] [ 24.204946] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) [ 24.204990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.205002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.205022] Call Trace: [ 24.205032] <TASK> [ 24.205045] dump_stack_lvl+0x73/0xb0 [ 24.205074] print_report+0xd1/0x640 [ 24.205095] ? __virt_addr_valid+0x1db/0x2d0 [ 24.205117] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.205140] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.205184] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.205209] kasan_report+0x141/0x180 [ 24.205230] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.205269] __asan_report_store1_noabort+0x1b/0x30 [ 24.205293] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.205316] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.205339] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.205364] ? trace_hardirqs_on+0x37/0xe0 [ 24.205386] ? __pfx_read_tsc+0x10/0x10 [ 24.205406] ? ktime_get_ts64+0x86/0x230 [ 24.205430] kunit_try_run_case+0x1a5/0x480 [ 24.205453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.205476] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.205500] ? __kthread_parkme+0x82/0x180 [ 24.205519] ? preempt_count_sub+0x50/0x80 [ 24.205543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.205568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.205591] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.205623] kthread+0x337/0x6f0 [ 24.205642] ? trace_preempt_on+0x20/0xc0 [ 24.205663] ? __pfx_kthread+0x10/0x10 [ 24.205701] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.205723] ? calculate_sigpending+0x7b/0xa0 [ 24.205745] ? __pfx_kthread+0x10/0x10 [ 24.205776] ret_from_fork+0x116/0x1d0 [ 24.205847] ? __pfx_kthread+0x10/0x10 [ 24.205870] ret_from_fork_asm+0x1a/0x30 [ 24.205900] </TASK> [ 24.205909] [ 24.213427] Allocated by task 190: [ 24.213551] kasan_save_stack+0x45/0x70 [ 24.213687] kasan_save_track+0x18/0x40 [ 24.213815] kasan_save_alloc_info+0x3b/0x50 [ 24.214042] __kasan_kmalloc+0xb7/0xc0 [ 24.214228] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.214484] kmalloc_track_caller_oob_right+0x19a/0x520 [ 24.214725] kunit_try_run_case+0x1a5/0x480 [ 24.214923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.215338] kthread+0x337/0x6f0 [ 24.215467] ret_from_fork+0x116/0x1d0 [ 24.215597] ret_from_fork_asm+0x1a/0x30 [ 24.215787] [ 24.215888] The buggy address belongs to the object at ffff888102b06200 [ 24.215888] which belongs to the cache kmalloc-128 of size 128 [ 24.216474] The buggy address is located 0 bytes to the right of [ 24.216474] allocated 120-byte region [ffff888102b06200, ffff888102b06278) [ 24.217112] [ 24.217191] The buggy address belongs to the physical page: [ 24.217451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b06 [ 24.217774] flags: 0x200000000000000(node=0|zone=2) [ 24.218030] page_type: f5(slab) [ 24.218222] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.218536] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.218950] page dumped because: kasan: bad access detected [ 24.219186] [ 24.219297] Memory state around the buggy address: [ 24.219454] ffff888102b06100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.219662] ffff888102b06180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.219869] >ffff888102b06200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.220072] ^ [ 24.220341] ffff888102b06280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.220990] ffff888102b06300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.221358] ==================================================================