Date
July 25, 2025, 3:13 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.064271] ================================================================== [ 32.064330] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.064384] Write of size 1 at addr fff00000c9726278 by task kunit_try_catch/174 [ 32.064433] [ 32.064465] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.064550] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.064579] Hardware name: linux,dummy-virt (DT) [ 32.064608] Call trace: [ 32.064630] show_stack+0x20/0x38 (C) [ 32.064695] dump_stack_lvl+0x8c/0xd0 [ 32.065213] print_report+0x118/0x5e8 [ 32.067514] kasan_report+0xdc/0x128 [ 32.067673] __asan_report_store1_noabort+0x20/0x30 [ 32.067751] kmalloc_track_caller_oob_right+0x40c/0x488 [ 32.067805] kunit_try_run_case+0x170/0x3f0 [ 32.068334] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.068691] kthread+0x328/0x630 [ 32.068738] ret_from_fork+0x10/0x20 [ 32.069170] [ 32.069531] Allocated by task 174: [ 32.069748] kasan_save_stack+0x3c/0x68 [ 32.069793] kasan_save_track+0x20/0x40 [ 32.070223] kasan_save_alloc_info+0x40/0x58 [ 32.070265] __kasan_kmalloc+0xd4/0xd8 [ 32.070732] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.070792] kmalloc_track_caller_oob_right+0xa8/0x488 [ 32.071117] kunit_try_run_case+0x170/0x3f0 [ 32.071162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.071203] kthread+0x328/0x630 [ 32.071508] ret_from_fork+0x10/0x20 [ 32.071550] [ 32.071569] The buggy address belongs to the object at fff00000c9726200 [ 32.071569] which belongs to the cache kmalloc-128 of size 128 [ 32.071689] The buggy address is located 0 bytes to the right of [ 32.071689] allocated 120-byte region [fff00000c9726200, fff00000c9726278) [ 32.071754] [ 32.071774] The buggy address belongs to the physical page: [ 32.071992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109726 [ 32.072328] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.072507] page_type: f5(slab) [ 32.072605] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.072845] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.073065] page dumped because: kasan: bad access detected [ 32.073123] [ 32.073141] Memory state around the buggy address: [ 32.073174] fff00000c9726100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.073217] fff00000c9726180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.073258] >fff00000c9726200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.073294] ^ [ 32.073334] fff00000c9726280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.074042] fff00000c9726300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.074084] ================================================================== [ 32.076334] ================================================================== [ 32.076858] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 32.076928] Write of size 1 at addr fff00000c9726378 by task kunit_try_catch/174 [ 32.076985] [ 32.077359] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250725 #1 PREEMPT [ 32.077463] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.077685] Hardware name: linux,dummy-virt (DT) [ 32.077848] Call trace: [ 32.078050] show_stack+0x20/0x38 (C) [ 32.078125] dump_stack_lvl+0x8c/0xd0 [ 32.078171] print_report+0x118/0x5e8 [ 32.078215] kasan_report+0xdc/0x128 [ 32.078257] __asan_report_store1_noabort+0x20/0x30 [ 32.078305] kmalloc_track_caller_oob_right+0x418/0x488 [ 32.078355] kunit_try_run_case+0x170/0x3f0 [ 32.078401] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.078452] kthread+0x328/0x630 [ 32.078492] ret_from_fork+0x10/0x20 [ 32.078540] [ 32.078558] Allocated by task 174: [ 32.078585] kasan_save_stack+0x3c/0x68 [ 32.078622] kasan_save_track+0x20/0x40 [ 32.078668] kasan_save_alloc_info+0x40/0x58 [ 32.078704] __kasan_kmalloc+0xd4/0xd8 [ 32.078736] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.078781] kmalloc_track_caller_oob_right+0x184/0x488 [ 32.078823] kunit_try_run_case+0x170/0x3f0 [ 32.078859] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.078899] kthread+0x328/0x630 [ 32.078937] ret_from_fork+0x10/0x20 [ 32.078972] [ 32.078991] The buggy address belongs to the object at fff00000c9726300 [ 32.078991] which belongs to the cache kmalloc-128 of size 128 [ 32.079045] The buggy address is located 0 bytes to the right of [ 32.079045] allocated 120-byte region [fff00000c9726300, fff00000c9726378) [ 32.079105] [ 32.079124] The buggy address belongs to the physical page: [ 32.079156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109726 [ 32.079203] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.079247] page_type: f5(slab) [ 32.079283] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.079331] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.079369] page dumped because: kasan: bad access detected [ 32.079400] [ 32.079420] Memory state around the buggy address: [ 32.079451] fff00000c9726200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.079493] fff00000c9726280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.079534] >fff00000c9726300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.079569] ^ [ 32.079607] fff00000c9726380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.079812] fff00000c9726400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.079863] ==================================================================
[ 25.132969] ================================================================== [ 25.133311] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.133742] Write of size 1 at addr ffff8881046cae78 by task kunit_try_catch/191 [ 25.134263] [ 25.134374] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.134421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.134433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.134452] Call Trace: [ 25.134464] <TASK> [ 25.134478] dump_stack_lvl+0x73/0xb0 [ 25.134527] print_report+0xd1/0x640 [ 25.134550] ? __virt_addr_valid+0x1db/0x2d0 [ 25.134589] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.134667] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134705] kasan_report+0x141/0x180 [ 25.134728] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134772] __asan_report_store1_noabort+0x1b/0x30 [ 25.134798] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134883] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.134912] ? __schedule+0x10da/0x2b60 [ 25.134933] ? __pfx_read_tsc+0x10/0x10 [ 25.134968] ? ktime_get_ts64+0x86/0x230 [ 25.134992] kunit_try_run_case+0x1a5/0x480 [ 25.135017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.135041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.135069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.135119] ? __kthread_parkme+0x82/0x180 [ 25.135140] ? preempt_count_sub+0x50/0x80 [ 25.135164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.135188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.135213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.135238] kthread+0x337/0x6f0 [ 25.135257] ? trace_preempt_on+0x20/0xc0 [ 25.135297] ? __pfx_kthread+0x10/0x10 [ 25.135319] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.135344] ? calculate_sigpending+0x7b/0xa0 [ 25.135368] ? __pfx_kthread+0x10/0x10 [ 25.135390] ret_from_fork+0x116/0x1d0 [ 25.135409] ? __pfx_kthread+0x10/0x10 [ 25.135430] ret_from_fork_asm+0x1a/0x30 [ 25.135477] </TASK> [ 25.135488] [ 25.143652] Allocated by task 191: [ 25.143845] kasan_save_stack+0x45/0x70 [ 25.144083] kasan_save_track+0x18/0x40 [ 25.144365] kasan_save_alloc_info+0x3b/0x50 [ 25.144601] __kasan_kmalloc+0xb7/0xc0 [ 25.144771] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.145070] kmalloc_track_caller_oob_right+0x19a/0x520 [ 25.145401] kunit_try_run_case+0x1a5/0x480 [ 25.145574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.145750] kthread+0x337/0x6f0 [ 25.145916] ret_from_fork+0x116/0x1d0 [ 25.146295] ret_from_fork_asm+0x1a/0x30 [ 25.146515] [ 25.146607] The buggy address belongs to the object at ffff8881046cae00 [ 25.146607] which belongs to the cache kmalloc-128 of size 128 [ 25.147282] The buggy address is located 0 bytes to the right of [ 25.147282] allocated 120-byte region [ffff8881046cae00, ffff8881046cae78) [ 25.147821] [ 25.147967] The buggy address belongs to the physical page: [ 25.148249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046ca [ 25.148527] flags: 0x200000000000000(node=0|zone=2) [ 25.148776] page_type: f5(slab) [ 25.149002] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.149368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.149724] page dumped because: kasan: bad access detected [ 25.149986] [ 25.150076] Memory state around the buggy address: [ 25.150299] ffff8881046cad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.150614] ffff8881046cad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.150923] >ffff8881046cae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.151145] ^ [ 25.151361] ffff8881046cae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.152071] ffff8881046caf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.152394] ================================================================== [ 25.109098] ================================================================== [ 25.109743] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.110610] Write of size 1 at addr ffff8881046cad78 by task kunit_try_catch/191 [ 25.111348] [ 25.111554] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.111603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.111615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.111636] Call Trace: [ 25.111650] <TASK> [ 25.111667] dump_stack_lvl+0x73/0xb0 [ 25.111708] print_report+0xd1/0x640 [ 25.111731] ? __virt_addr_valid+0x1db/0x2d0 [ 25.111757] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111782] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.111809] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111846] kasan_report+0x141/0x180 [ 25.111869] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111899] __asan_report_store1_noabort+0x1b/0x30 [ 25.111925] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111960] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.112009] ? __schedule+0x10da/0x2b60 [ 25.112032] ? __pfx_read_tsc+0x10/0x10 [ 25.112055] ? ktime_get_ts64+0x86/0x230 [ 25.112092] kunit_try_run_case+0x1a5/0x480 [ 25.112119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.112143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.112165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.112201] ? __kthread_parkme+0x82/0x180 [ 25.112223] ? preempt_count_sub+0x50/0x80 [ 25.112247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.112298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.112322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.112347] kthread+0x337/0x6f0 [ 25.112368] ? trace_preempt_on+0x20/0xc0 [ 25.112392] ? __pfx_kthread+0x10/0x10 [ 25.112413] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.112438] ? calculate_sigpending+0x7b/0xa0 [ 25.112461] ? __pfx_kthread+0x10/0x10 [ 25.112484] ret_from_fork+0x116/0x1d0 [ 25.112504] ? __pfx_kthread+0x10/0x10 [ 25.112526] ret_from_fork_asm+0x1a/0x30 [ 25.112557] </TASK> [ 25.112569] [ 25.122918] Allocated by task 191: [ 25.123193] kasan_save_stack+0x45/0x70 [ 25.123448] kasan_save_track+0x18/0x40 [ 25.123632] kasan_save_alloc_info+0x3b/0x50 [ 25.123904] __kasan_kmalloc+0xb7/0xc0 [ 25.124167] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.124410] kmalloc_track_caller_oob_right+0x99/0x520 [ 25.124649] kunit_try_run_case+0x1a5/0x480 [ 25.124956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.125252] kthread+0x337/0x6f0 [ 25.125402] ret_from_fork+0x116/0x1d0 [ 25.125576] ret_from_fork_asm+0x1a/0x30 [ 25.125758] [ 25.125926] The buggy address belongs to the object at ffff8881046cad00 [ 25.125926] which belongs to the cache kmalloc-128 of size 128 [ 25.126565] The buggy address is located 0 bytes to the right of [ 25.126565] allocated 120-byte region [ffff8881046cad00, ffff8881046cad78) [ 25.127184] [ 25.127276] The buggy address belongs to the physical page: [ 25.127648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046ca [ 25.127922] flags: 0x200000000000000(node=0|zone=2) [ 25.128444] page_type: f5(slab) [ 25.128636] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.129025] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.129399] page dumped because: kasan: bad access detected [ 25.129654] [ 25.129742] Memory state around the buggy address: [ 25.130154] ffff8881046cac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.130424] ffff8881046cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.130764] >ffff8881046cad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.131176] ^ [ 25.131415] ffff8881046cad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.131750] ffff8881046cae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.132126] ==================================================================