Date
July 16, 2025, 3:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.402156] ================================================================== [ 16.402285] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.402347] Write of size 1 at addr fff00000c6554878 by task kunit_try_catch/142 [ 16.402416] [ 16.402609] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.402942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.402981] Hardware name: linux,dummy-virt (DT) [ 16.403028] Call trace: [ 16.403053] show_stack+0x20/0x38 (C) [ 16.403151] dump_stack_lvl+0x8c/0xd0 [ 16.403204] print_report+0x118/0x5d0 [ 16.403433] kasan_report+0xdc/0x128 [ 16.403482] __asan_report_store1_noabort+0x20/0x30 [ 16.403844] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.403935] kunit_try_run_case+0x170/0x3f0 [ 16.404078] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.404186] kthread+0x328/0x630 [ 16.404331] ret_from_fork+0x10/0x20 [ 16.404381] [ 16.404434] Allocated by task 142: [ 16.404636] kasan_save_stack+0x3c/0x68 [ 16.404782] kasan_save_track+0x20/0x40 [ 16.404932] kasan_save_alloc_info+0x40/0x58 [ 16.405002] __kasan_kmalloc+0xd4/0xd8 [ 16.405185] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.405351] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.405478] kunit_try_run_case+0x170/0x3f0 [ 16.405566] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.405633] kthread+0x328/0x630 [ 16.405869] ret_from_fork+0x10/0x20 [ 16.405999] [ 16.406037] The buggy address belongs to the object at fff00000c6554800 [ 16.406037] which belongs to the cache kmalloc-128 of size 128 [ 16.406163] The buggy address is located 0 bytes to the right of [ 16.406163] allocated 120-byte region [fff00000c6554800, fff00000c6554878) [ 16.406239] [ 16.406259] The buggy address belongs to the physical page: [ 16.406396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106554 [ 16.406486] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.406639] page_type: f5(slab) [ 16.406744] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.406832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.406873] page dumped because: kasan: bad access detected [ 16.406910] [ 16.407119] Memory state around the buggy address: [ 16.407285] fff00000c6554700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.407431] fff00000c6554780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.407502] >fff00000c6554800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.407547] ^ [ 16.407586] fff00000c6554880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.408300] fff00000c6554900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.408377] ================================================================== [ 16.409705] ================================================================== [ 16.409789] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.409962] Write of size 1 at addr fff00000c6554978 by task kunit_try_catch/142 [ 16.410026] [ 16.410113] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.410227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.410253] Hardware name: linux,dummy-virt (DT) [ 16.410289] Call trace: [ 16.410381] show_stack+0x20/0x38 (C) [ 16.410458] dump_stack_lvl+0x8c/0xd0 [ 16.410524] print_report+0x118/0x5d0 [ 16.410618] kasan_report+0xdc/0x128 [ 16.410665] __asan_report_store1_noabort+0x20/0x30 [ 16.410731] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.410785] kunit_try_run_case+0x170/0x3f0 [ 16.411003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.411157] kthread+0x328/0x630 [ 16.411202] ret_from_fork+0x10/0x20 [ 16.411257] [ 16.411465] Allocated by task 142: [ 16.411614] kasan_save_stack+0x3c/0x68 [ 16.411753] kasan_save_track+0x20/0x40 [ 16.411851] kasan_save_alloc_info+0x40/0x58 [ 16.411891] __kasan_kmalloc+0xd4/0xd8 [ 16.411960] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.412004] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.412044] kunit_try_run_case+0x170/0x3f0 [ 16.412081] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.412123] kthread+0x328/0x630 [ 16.412154] ret_from_fork+0x10/0x20 [ 16.412189] [ 16.412207] The buggy address belongs to the object at fff00000c6554900 [ 16.412207] which belongs to the cache kmalloc-128 of size 128 [ 16.412456] The buggy address is located 0 bytes to the right of [ 16.412456] allocated 120-byte region [fff00000c6554900, fff00000c6554978) [ 16.412623] [ 16.412646] The buggy address belongs to the physical page: [ 16.413101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106554 [ 16.413277] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.413373] page_type: f5(slab) [ 16.413487] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.413537] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.413822] page dumped because: kasan: bad access detected [ 16.413922] [ 16.413976] Memory state around the buggy address: [ 16.414054] fff00000c6554800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.414153] fff00000c6554880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.414195] >fff00000c6554900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.414243] ^ [ 16.414408] fff00000c6554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.414522] fff00000c6554a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.414635] ==================================================================
[ 12.004345] ================================================================== [ 12.004916] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.005287] Write of size 1 at addr ffff8881029cc878 by task kunit_try_catch/159 [ 12.005911] [ 12.006040] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.006082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.006093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.006114] Call Trace: [ 12.006124] <TASK> [ 12.006138] dump_stack_lvl+0x73/0xb0 [ 12.006186] print_report+0xd1/0x610 [ 12.006208] ? __virt_addr_valid+0x1db/0x2d0 [ 12.006243] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.006269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.006293] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.006319] kasan_report+0x141/0x180 [ 12.006341] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.006372] __asan_report_store1_noabort+0x1b/0x30 [ 12.006399] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.006425] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.006453] ? __schedule+0x10cc/0x2b60 [ 12.006476] ? __pfx_read_tsc+0x10/0x10 [ 12.006496] ? ktime_get_ts64+0x86/0x230 [ 12.006521] kunit_try_run_case+0x1a5/0x480 [ 12.006545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.006577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.006610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.006634] ? __kthread_parkme+0x82/0x180 [ 12.006667] ? preempt_count_sub+0x50/0x80 [ 12.006692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.006716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.006760] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.006785] kthread+0x337/0x6f0 [ 12.006804] ? trace_preempt_on+0x20/0xc0 [ 12.006828] ? __pfx_kthread+0x10/0x10 [ 12.006849] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.006871] ? calculate_sigpending+0x7b/0xa0 [ 12.006895] ? __pfx_kthread+0x10/0x10 [ 12.006917] ret_from_fork+0x116/0x1d0 [ 12.006935] ? __pfx_kthread+0x10/0x10 [ 12.006955] ret_from_fork_asm+0x1a/0x30 [ 12.006986] </TASK> [ 12.006995] [ 12.014112] Allocated by task 159: [ 12.014289] kasan_save_stack+0x45/0x70 [ 12.014484] kasan_save_track+0x18/0x40 [ 12.014678] kasan_save_alloc_info+0x3b/0x50 [ 12.014877] __kasan_kmalloc+0xb7/0xc0 [ 12.015012] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.015436] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.015699] kunit_try_run_case+0x1a5/0x480 [ 12.015901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.016122] kthread+0x337/0x6f0 [ 12.016304] ret_from_fork+0x116/0x1d0 [ 12.016494] ret_from_fork_asm+0x1a/0x30 [ 12.016739] [ 12.016856] The buggy address belongs to the object at ffff8881029cc800 [ 12.016856] which belongs to the cache kmalloc-128 of size 128 [ 12.017369] The buggy address is located 0 bytes to the right of [ 12.017369] allocated 120-byte region [ffff8881029cc800, ffff8881029cc878) [ 12.017932] [ 12.018007] The buggy address belongs to the physical page: [ 12.018180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc [ 12.018435] flags: 0x200000000000000(node=0|zone=2) [ 12.018690] page_type: f5(slab) [ 12.018867] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.019501] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.019809] page dumped because: kasan: bad access detected [ 12.019982] [ 12.020051] Memory state around the buggy address: [ 12.020220] ffff8881029cc700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.020671] ffff8881029cc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.020922] >ffff8881029cc800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.021252] ^ [ 12.023493] ffff8881029cc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.023832] ffff8881029cc900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.024050] ================================================================== [ 11.975709] ================================================================== [ 11.976332] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.976914] Write of size 1 at addr ffff8881029cc778 by task kunit_try_catch/159 [ 11.977781] [ 11.977876] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.977919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.977931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.977952] Call Trace: [ 11.977963] <TASK> [ 11.977978] dump_stack_lvl+0x73/0xb0 [ 11.978019] print_report+0xd1/0x610 [ 11.978041] ? __virt_addr_valid+0x1db/0x2d0 [ 11.978065] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.978092] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.978116] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.978144] kasan_report+0x141/0x180 [ 11.978167] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.978198] __asan_report_store1_noabort+0x1b/0x30 [ 11.978223] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.978261] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.978288] ? __schedule+0x10cc/0x2b60 [ 11.978311] ? __pfx_read_tsc+0x10/0x10 [ 11.978354] ? ktime_get_ts64+0x86/0x230 [ 11.978380] kunit_try_run_case+0x1a5/0x480 [ 11.978404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.978439] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.978464] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.978488] ? __kthread_parkme+0x82/0x180 [ 11.978520] ? preempt_count_sub+0x50/0x80 [ 11.978544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.978568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.978593] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.978618] kthread+0x337/0x6f0 [ 11.978637] ? trace_preempt_on+0x20/0xc0 [ 11.978660] ? __pfx_kthread+0x10/0x10 [ 11.978681] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.978702] ? calculate_sigpending+0x7b/0xa0 [ 11.978727] ? __pfx_kthread+0x10/0x10 [ 11.978748] ret_from_fork+0x116/0x1d0 [ 11.978775] ? __pfx_kthread+0x10/0x10 [ 11.978795] ret_from_fork_asm+0x1a/0x30 [ 11.978827] </TASK> [ 11.978837] [ 11.991698] Allocated by task 159: [ 11.992190] kasan_save_stack+0x45/0x70 [ 11.992345] kasan_save_track+0x18/0x40 [ 11.992604] kasan_save_alloc_info+0x3b/0x50 [ 11.993113] __kasan_kmalloc+0xb7/0xc0 [ 11.993492] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.994001] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.994527] kunit_try_run_case+0x1a5/0x480 [ 11.994878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.995295] kthread+0x337/0x6f0 [ 11.995656] ret_from_fork+0x116/0x1d0 [ 11.996010] ret_from_fork_asm+0x1a/0x30 [ 11.996376] [ 11.996455] The buggy address belongs to the object at ffff8881029cc700 [ 11.996455] which belongs to the cache kmalloc-128 of size 128 [ 11.997431] The buggy address is located 0 bytes to the right of [ 11.997431] allocated 120-byte region [ffff8881029cc700, ffff8881029cc778) [ 11.998255] [ 11.998557] The buggy address belongs to the physical page: [ 11.999128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc [ 11.999524] flags: 0x200000000000000(node=0|zone=2) [ 11.999691] page_type: f5(slab) [ 11.999824] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.000086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.000569] page dumped because: kasan: bad access detected [ 12.000771] [ 12.000870] Memory state around the buggy address: [ 12.001163] ffff8881029cc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.001421] ffff8881029cc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.001862] >ffff8881029cc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.002325] ^ [ 12.002622] ffff8881029cc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.003015] ffff8881029cc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.003364] ==================================================================