Date
July 22, 2025, 5:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.058762] ================================================================== [ 30.058847] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.058907] Write of size 1 at addr fff00000c3f71978 by task kunit_try_catch/173 [ 30.058955] [ 30.058988] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.059078] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.059107] Hardware name: linux,dummy-virt (DT) [ 30.059147] Call trace: [ 30.059170] show_stack+0x20/0x38 (C) [ 30.059217] dump_stack_lvl+0x8c/0xd0 [ 30.059271] print_report+0x118/0x5e8 [ 30.059315] kasan_report+0xdc/0x128 [ 30.059357] __asan_report_store1_noabort+0x20/0x30 [ 30.059405] kmalloc_track_caller_oob_right+0x40c/0x488 [ 30.059455] kunit_try_run_case+0x170/0x3f0 [ 30.059501] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.059552] kthread+0x328/0x630 [ 30.059595] ret_from_fork+0x10/0x20 [ 30.059641] [ 30.059664] Allocated by task 173: [ 30.059691] kasan_save_stack+0x3c/0x68 [ 30.059729] kasan_save_track+0x20/0x40 [ 30.059762] kasan_save_alloc_info+0x40/0x58 [ 30.059798] __kasan_kmalloc+0xd4/0xd8 [ 30.059841] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.059881] kmalloc_track_caller_oob_right+0xa8/0x488 [ 30.059921] kunit_try_run_case+0x170/0x3f0 [ 30.059956] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.060022] kthread+0x328/0x630 [ 30.060069] ret_from_fork+0x10/0x20 [ 30.060362] [ 30.060401] The buggy address belongs to the object at fff00000c3f71900 [ 30.060401] which belongs to the cache kmalloc-128 of size 128 [ 30.060466] The buggy address is located 0 bytes to the right of [ 30.060466] allocated 120-byte region [fff00000c3f71900, fff00000c3f71978) [ 30.060527] [ 30.060545] The buggy address belongs to the physical page: [ 30.060599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f71 [ 30.060654] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.060801] page_type: f5(slab) [ 30.060864] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 30.060945] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.060985] page dumped because: kasan: bad access detected [ 30.061014] [ 30.061031] Memory state around the buggy address: [ 30.061136] fff00000c3f71800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.061244] fff00000c3f71880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.061390] >fff00000c3f71900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.061428] ^ [ 30.061466] fff00000c3f71980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.061506] fff00000c3f71a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.061543] ================================================================== [ 30.063688] ================================================================== [ 30.063751] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 30.063803] Write of size 1 at addr fff00000c3f71a78 by task kunit_try_catch/173 [ 30.063960] [ 30.063991] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250722 #1 PREEMPT [ 30.064216] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.064306] Hardware name: linux,dummy-virt (DT) [ 30.064365] Call trace: [ 30.064409] show_stack+0x20/0x38 (C) [ 30.064615] dump_stack_lvl+0x8c/0xd0 [ 30.064741] print_report+0x118/0x5e8 [ 30.064789] kasan_report+0xdc/0x128 [ 30.065116] __asan_report_store1_noabort+0x20/0x30 [ 30.065172] kmalloc_track_caller_oob_right+0x418/0x488 [ 30.065223] kunit_try_run_case+0x170/0x3f0 [ 30.065269] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.065399] kthread+0x328/0x630 [ 30.066217] ret_from_fork+0x10/0x20 [ 30.066464] [ 30.066528] Allocated by task 173: [ 30.066629] kasan_save_stack+0x3c/0x68 [ 30.066791] kasan_save_track+0x20/0x40 [ 30.066958] kasan_save_alloc_info+0x40/0x58 [ 30.067125] __kasan_kmalloc+0xd4/0xd8 [ 30.067160] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 30.067241] kmalloc_track_caller_oob_right+0x184/0x488 [ 30.067500] kunit_try_run_case+0x170/0x3f0 [ 30.067620] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.067711] kthread+0x328/0x630 [ 30.067790] ret_from_fork+0x10/0x20 [ 30.067896] [ 30.067957] The buggy address belongs to the object at fff00000c3f71a00 [ 30.067957] which belongs to the cache kmalloc-128 of size 128 [ 30.068088] The buggy address is located 0 bytes to the right of [ 30.068088] allocated 120-byte region [fff00000c3f71a00, fff00000c3f71a78) [ 30.068184] [ 30.068278] The buggy address belongs to the physical page: [ 30.068357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f71 [ 30.068466] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.068576] page_type: f5(slab) [ 30.068655] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 30.068750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.068788] page dumped because: kasan: bad access detected [ 30.068826] [ 30.068970] Memory state around the buggy address: [ 30.069221] fff00000c3f71900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.069364] fff00000c3f71980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.069424] >fff00000c3f71a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.069495] ^ [ 30.069588] fff00000c3f71a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.069665] fff00000c3f71b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.069700] ==================================================================
[ 24.563115] ================================================================== [ 24.563404] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.563770] Write of size 1 at addr ffff8881058a9178 by task kunit_try_catch/190 [ 24.564104] [ 24.564208] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.564254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.564266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.564286] Call Trace: [ 24.564298] <TASK> [ 24.564313] dump_stack_lvl+0x73/0xb0 [ 24.564339] print_report+0xd1/0x640 [ 24.564361] ? __virt_addr_valid+0x1db/0x2d0 [ 24.564384] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.564433] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564458] kasan_report+0x141/0x180 [ 24.564480] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564509] __asan_report_store1_noabort+0x1b/0x30 [ 24.564533] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564583] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.564608] ? __schedule+0x10da/0x2b60 [ 24.564633] ? __pfx_read_tsc+0x10/0x10 [ 24.564654] ? ktime_get_ts64+0x86/0x230 [ 24.564678] kunit_try_run_case+0x1a5/0x480 [ 24.564702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.564725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.564749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.564774] ? __kthread_parkme+0x82/0x180 [ 24.564794] ? preempt_count_sub+0x50/0x80 [ 24.564817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.564852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.564879] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.564903] kthread+0x337/0x6f0 [ 24.564922] ? trace_preempt_on+0x20/0xc0 [ 24.564945] ? __pfx_kthread+0x10/0x10 [ 24.564966] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.564988] ? calculate_sigpending+0x7b/0xa0 [ 24.565011] ? __pfx_kthread+0x10/0x10 [ 24.565033] ret_from_fork+0x116/0x1d0 [ 24.565052] ? __pfx_kthread+0x10/0x10 [ 24.565072] ret_from_fork_asm+0x1a/0x30 [ 24.565103] </TASK> [ 24.565113] [ 24.578111] Allocated by task 190: [ 24.578265] kasan_save_stack+0x45/0x70 [ 24.578425] kasan_save_track+0x18/0x40 [ 24.578560] kasan_save_alloc_info+0x3b/0x50 [ 24.578707] __kasan_kmalloc+0xb7/0xc0 [ 24.578848] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.579107] kmalloc_track_caller_oob_right+0x19a/0x520 [ 24.579588] kunit_try_run_case+0x1a5/0x480 [ 24.580053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.580576] kthread+0x337/0x6f0 [ 24.580939] ret_from_fork+0x116/0x1d0 [ 24.581323] ret_from_fork_asm+0x1a/0x30 [ 24.581509] [ 24.581609] The buggy address belongs to the object at ffff8881058a9100 [ 24.581609] which belongs to the cache kmalloc-128 of size 128 [ 24.582497] The buggy address is located 0 bytes to the right of [ 24.582497] allocated 120-byte region [ffff8881058a9100, ffff8881058a9178) [ 24.583714] [ 24.583888] The buggy address belongs to the physical page: [ 24.584294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 24.584550] flags: 0x200000000000000(node=0|zone=2) [ 24.584839] page_type: f5(slab) [ 24.585160] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.585993] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.586688] page dumped because: kasan: bad access detected [ 24.587095] [ 24.587163] Memory state around the buggy address: [ 24.587605] ffff8881058a9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.588078] ffff8881058a9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.588309] >ffff8881058a9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.588605] ^ [ 24.588824] ffff8881058a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.589059] ffff8881058a9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.589613] ================================================================== [ 24.530680] ================================================================== [ 24.531135] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.532407] Write of size 1 at addr ffff8881058a9078 by task kunit_try_catch/190 [ 24.533324] [ 24.533604] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.533665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.533678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.533701] Call Trace: [ 24.533714] <TASK> [ 24.533729] dump_stack_lvl+0x73/0xb0 [ 24.533762] print_report+0xd1/0x640 [ 24.533786] ? __virt_addr_valid+0x1db/0x2d0 [ 24.533810] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533845] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.533871] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533896] kasan_report+0x141/0x180 [ 24.533918] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533947] __asan_report_store1_noabort+0x1b/0x30 [ 24.533972] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533996] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.534021] ? __schedule+0x10da/0x2b60 [ 24.534047] ? __pfx_read_tsc+0x10/0x10 [ 24.534069] ? ktime_get_ts64+0x86/0x230 [ 24.534094] kunit_try_run_case+0x1a5/0x480 [ 24.534120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.534142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.534210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.534237] ? __kthread_parkme+0x82/0x180 [ 24.534257] ? preempt_count_sub+0x50/0x80 [ 24.534292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.534316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.534339] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.534363] kthread+0x337/0x6f0 [ 24.534383] ? trace_preempt_on+0x20/0xc0 [ 24.534407] ? __pfx_kthread+0x10/0x10 [ 24.534428] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.534451] ? calculate_sigpending+0x7b/0xa0 [ 24.534491] ? __pfx_kthread+0x10/0x10 [ 24.534513] ret_from_fork+0x116/0x1d0 [ 24.534532] ? __pfx_kthread+0x10/0x10 [ 24.534552] ret_from_fork_asm+0x1a/0x30 [ 24.534583] </TASK> [ 24.534594] [ 24.548138] Allocated by task 190: [ 24.548551] kasan_save_stack+0x45/0x70 [ 24.549028] kasan_save_track+0x18/0x40 [ 24.549436] kasan_save_alloc_info+0x3b/0x50 [ 24.549935] __kasan_kmalloc+0xb7/0xc0 [ 24.550377] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.551000] kmalloc_track_caller_oob_right+0x99/0x520 [ 24.551530] kunit_try_run_case+0x1a5/0x480 [ 24.551944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.552486] kthread+0x337/0x6f0 [ 24.552811] ret_from_fork+0x116/0x1d0 [ 24.553204] ret_from_fork_asm+0x1a/0x30 [ 24.553601] [ 24.553816] The buggy address belongs to the object at ffff8881058a9000 [ 24.553816] which belongs to the cache kmalloc-128 of size 128 [ 24.554863] The buggy address is located 0 bytes to the right of [ 24.554863] allocated 120-byte region [ffff8881058a9000, ffff8881058a9078) [ 24.555366] [ 24.555435] The buggy address belongs to the physical page: [ 24.555606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 24.555964] flags: 0x200000000000000(node=0|zone=2) [ 24.556407] page_type: f5(slab) [ 24.556717] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.557530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.557755] page dumped because: kasan: bad access detected [ 24.558052] [ 24.558235] Memory state around the buggy address: [ 24.558810] ffff8881058a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.559499] ffff8881058a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.560219] >ffff8881058a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.560977] ^ [ 24.561302] ffff8881058a9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561542] ffff8881058a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.562115] ==================================================================