Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 16.656266] ================================================================== [ 16.656324] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.656372] Write of size 1 at addr fff00000c635a878 by task kunit_try_catch/143 [ 16.656791] [ 16.656836] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.656916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.656942] Hardware name: linux,dummy-virt (DT) [ 16.657068] Call trace: [ 16.657095] show_stack+0x20/0x38 (C) [ 16.657160] dump_stack_lvl+0x8c/0xd0 [ 16.657350] print_report+0x118/0x608 [ 16.657396] kasan_report+0xdc/0x128 [ 16.657442] __asan_report_store1_noabort+0x20/0x30 [ 16.657651] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.657716] kunit_try_run_case+0x170/0x3f0 [ 16.657761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.657811] kthread+0x328/0x630 [ 16.657850] ret_from_fork+0x10/0x20 [ 16.657895] [ 16.657913] Allocated by task 143: [ 16.657948] kasan_save_stack+0x3c/0x68 [ 16.658000] kasan_save_track+0x20/0x40 [ 16.658036] kasan_save_alloc_info+0x40/0x58 [ 16.658074] __kasan_kmalloc+0xd4/0xd8 [ 16.658113] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.658156] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.658195] kunit_try_run_case+0x170/0x3f0 [ 16.658241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.658282] kthread+0x328/0x630 [ 16.658313] ret_from_fork+0x10/0x20 [ 16.658346] [ 16.658371] The buggy address belongs to the object at fff00000c635a800 [ 16.658371] which belongs to the cache kmalloc-128 of size 128 [ 16.658434] The buggy address is located 0 bytes to the right of [ 16.658434] allocated 120-byte region [fff00000c635a800, fff00000c635a878) [ 16.658495] [ 16.658526] The buggy address belongs to the physical page: [ 16.658555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10635a [ 16.658605] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.658926] page_type: f5(slab) [ 16.659315] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.659504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.659592] page dumped because: kasan: bad access detected [ 16.659747] [ 16.659818] Memory state around the buggy address: [ 16.659895] fff00000c635a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.660056] fff00000c635a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.660099] >fff00000c635a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.660323] ^ [ 16.660503] fff00000c635a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.660570] fff00000c635a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.660699] ================================================================== [ 16.649195] ================================================================== [ 16.649378] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.649530] Write of size 1 at addr fff00000c635a778 by task kunit_try_catch/143 [ 16.649584] [ 16.649638] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.649725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.649751] Hardware name: linux,dummy-virt (DT) [ 16.649779] Call trace: [ 16.649800] show_stack+0x20/0x38 (C) [ 16.650106] dump_stack_lvl+0x8c/0xd0 [ 16.650439] print_report+0x118/0x608 [ 16.650499] kasan_report+0xdc/0x128 [ 16.650543] __asan_report_store1_noabort+0x20/0x30 [ 16.650659] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.650759] kunit_try_run_case+0x170/0x3f0 [ 16.650955] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.651033] kthread+0x328/0x630 [ 16.651183] ret_from_fork+0x10/0x20 [ 16.651346] [ 16.651395] Allocated by task 143: [ 16.651500] kasan_save_stack+0x3c/0x68 [ 16.651579] kasan_save_track+0x20/0x40 [ 16.651671] kasan_save_alloc_info+0x40/0x58 [ 16.651810] __kasan_kmalloc+0xd4/0xd8 [ 16.651886] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.652011] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.652052] kunit_try_run_case+0x170/0x3f0 [ 16.652104] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.652450] kthread+0x328/0x630 [ 16.652504] ret_from_fork+0x10/0x20 [ 16.652615] [ 16.652654] The buggy address belongs to the object at fff00000c635a700 [ 16.652654] which belongs to the cache kmalloc-128 of size 128 [ 16.652744] The buggy address is located 0 bytes to the right of [ 16.652744] allocated 120-byte region [fff00000c635a700, fff00000c635a778) [ 16.652894] [ 16.652915] The buggy address belongs to the physical page: [ 16.652962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10635a [ 16.653286] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.653380] page_type: f5(slab) [ 16.653419] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.653724] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.653843] page dumped because: kasan: bad access detected [ 16.653925] [ 16.653963] Memory state around the buggy address: [ 16.654079] fff00000c635a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.654145] fff00000c635a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.654223] >fff00000c635a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.654367] ^ [ 16.654419] fff00000c635a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.654466] fff00000c635a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.654716] ==================================================================
[ 16.592759] ================================================================== [ 16.592806] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.592860] Write of size 1 at addr fff00000c63cd878 by task kunit_try_catch/143 [ 16.592908] [ 16.592949] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.593025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.593055] Hardware name: linux,dummy-virt (DT) [ 16.593084] Call trace: [ 16.593104] show_stack+0x20/0x38 (C) [ 16.593150] dump_stack_lvl+0x8c/0xd0 [ 16.593195] print_report+0x118/0x608 [ 16.593249] kasan_report+0xdc/0x128 [ 16.593359] __asan_report_store1_noabort+0x20/0x30 [ 16.593527] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.593736] kunit_try_run_case+0x170/0x3f0 [ 16.593789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.593942] kthread+0x328/0x630 [ 16.593982] ret_from_fork+0x10/0x20 [ 16.594636] [ 16.594656] Allocated by task 143: [ 16.594684] kasan_save_stack+0x3c/0x68 [ 16.594872] kasan_save_track+0x20/0x40 [ 16.595103] kasan_save_alloc_info+0x40/0x58 [ 16.595147] __kasan_kmalloc+0xd4/0xd8 [ 16.595460] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.595671] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.595714] kunit_try_run_case+0x170/0x3f0 [ 16.595750] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.596127] kthread+0x328/0x630 [ 16.596187] ret_from_fork+0x10/0x20 [ 16.596222] [ 16.596240] The buggy address belongs to the object at fff00000c63cd800 [ 16.596240] which belongs to the cache kmalloc-128 of size 128 [ 16.596526] The buggy address is located 0 bytes to the right of [ 16.596526] allocated 120-byte region [fff00000c63cd800, fff00000c63cd878) [ 16.596663] [ 16.596684] The buggy address belongs to the physical page: [ 16.596713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063cd [ 16.596764] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.597074] page_type: f5(slab) [ 16.597130] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.597178] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.597217] page dumped because: kasan: bad access detected [ 16.597246] [ 16.597263] Memory state around the buggy address: [ 16.597304] fff00000c63cd700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.597346] fff00000c63cd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.597491] >fff00000c63cd800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.597668] ^ [ 16.597798] fff00000c63cd880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.598167] fff00000c63cd900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.598330] ================================================================== [ 16.585946] ================================================================== [ 16.586011] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.586066] Write of size 1 at addr fff00000c63cd778 by task kunit_try_catch/143 [ 16.586114] [ 16.586150] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.586229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.586283] Hardware name: linux,dummy-virt (DT) [ 16.586316] Call trace: [ 16.586361] show_stack+0x20/0x38 (C) [ 16.586564] dump_stack_lvl+0x8c/0xd0 [ 16.587001] print_report+0x118/0x608 [ 16.587085] kasan_report+0xdc/0x128 [ 16.587129] __asan_report_store1_noabort+0x20/0x30 [ 16.587179] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.587228] kunit_try_run_case+0x170/0x3f0 [ 16.587275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.587326] kthread+0x328/0x630 [ 16.587688] ret_from_fork+0x10/0x20 [ 16.587810] [ 16.587829] Allocated by task 143: [ 16.587857] kasan_save_stack+0x3c/0x68 [ 16.587927] kasan_save_track+0x20/0x40 [ 16.587972] kasan_save_alloc_info+0x40/0x58 [ 16.588118] __kasan_kmalloc+0xd4/0xd8 [ 16.588153] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.588229] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.588434] kunit_try_run_case+0x170/0x3f0 [ 16.588655] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.588705] kthread+0x328/0x630 [ 16.588821] ret_from_fork+0x10/0x20 [ 16.589021] [ 16.589092] The buggy address belongs to the object at fff00000c63cd700 [ 16.589092] which belongs to the cache kmalloc-128 of size 128 [ 16.589191] The buggy address is located 0 bytes to the right of [ 16.589191] allocated 120-byte region [fff00000c63cd700, fff00000c63cd778) [ 16.589263] [ 16.589363] The buggy address belongs to the physical page: [ 16.589399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063cd [ 16.589513] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.589564] page_type: f5(slab) [ 16.589607] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.589840] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.589945] page dumped because: kasan: bad access detected [ 16.589974] [ 16.590014] Memory state around the buggy address: [ 16.590068] fff00000c63cd600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.590280] fff00000c63cd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.590324] >fff00000c63cd700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.590361] ^ [ 16.590399] fff00000c63cd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.590438] fff00000c63cd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.590892] ==================================================================
[ 12.608281] ================================================================== [ 12.608964] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.609722] Write of size 1 at addr ffff888102aa0378 by task kunit_try_catch/160 [ 12.610475] [ 12.610831] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.610922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.610945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.611010] Call Trace: [ 12.611036] <TASK> [ 12.611079] dump_stack_lvl+0x73/0xb0 [ 12.611138] print_report+0xd1/0x650 [ 12.611170] ? __virt_addr_valid+0x1db/0x2d0 [ 12.611193] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.611216] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.611239] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.611262] kasan_report+0x141/0x180 [ 12.611281] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.611307] __asan_report_store1_noabort+0x1b/0x30 [ 12.611329] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.611351] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.611374] ? __schedule+0x10cc/0x2b60 [ 12.611394] ? __pfx_read_tsc+0x10/0x10 [ 12.611413] ? ktime_get_ts64+0x86/0x230 [ 12.611436] kunit_try_run_case+0x1a5/0x480 [ 12.611458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.611478] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.611501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.611531] ? __kthread_parkme+0x82/0x180 [ 12.611559] ? preempt_count_sub+0x50/0x80 [ 12.611590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.611636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.611663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.611684] kthread+0x337/0x6f0 [ 12.611702] ? trace_preempt_on+0x20/0xc0 [ 12.611724] ? __pfx_kthread+0x10/0x10 [ 12.611743] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.611761] ? calculate_sigpending+0x7b/0xa0 [ 12.611784] ? __pfx_kthread+0x10/0x10 [ 12.611804] ret_from_fork+0x116/0x1d0 [ 12.611821] ? __pfx_kthread+0x10/0x10 [ 12.611839] ret_from_fork_asm+0x1a/0x30 [ 12.611867] </TASK> [ 12.611880] [ 12.622014] Allocated by task 160: [ 12.622300] kasan_save_stack+0x45/0x70 [ 12.622682] kasan_save_track+0x18/0x40 [ 12.622980] kasan_save_alloc_info+0x3b/0x50 [ 12.623340] __kasan_kmalloc+0xb7/0xc0 [ 12.623557] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.624081] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.624320] kunit_try_run_case+0x1a5/0x480 [ 12.624742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.624910] kthread+0x337/0x6f0 [ 12.625055] ret_from_fork+0x116/0x1d0 [ 12.625359] ret_from_fork_asm+0x1a/0x30 [ 12.625709] [ 12.625819] The buggy address belongs to the object at ffff888102aa0300 [ 12.625819] which belongs to the cache kmalloc-128 of size 128 [ 12.626535] The buggy address is located 0 bytes to the right of [ 12.626535] allocated 120-byte region [ffff888102aa0300, ffff888102aa0378) [ 12.628906] [ 12.629025] The buggy address belongs to the physical page: [ 12.629184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0 [ 12.629808] flags: 0x200000000000000(node=0|zone=2) [ 12.630667] page_type: f5(slab) [ 12.630857] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.631074] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.631809] page dumped because: kasan: bad access detected [ 12.632030] [ 12.632178] Memory state around the buggy address: [ 12.632459] ffff888102aa0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.633654] ffff888102aa0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.633965] >ffff888102aa0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.634828] ^ [ 12.635150] ffff888102aa0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.635553] ffff888102aa0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.635830] ==================================================================
[ 12.863916] ================================================================== [ 12.864427] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.864870] Write of size 1 at addr ffff8881031acd78 by task kunit_try_catch/159 [ 12.865164] [ 12.865268] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.865312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.865324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.865345] Call Trace: [ 12.865357] <TASK> [ 12.865372] dump_stack_lvl+0x73/0xb0 [ 12.865400] print_report+0xd1/0x650 [ 12.865422] ? __virt_addr_valid+0x1db/0x2d0 [ 12.865444] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.865468] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.865493] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.865517] kasan_report+0x141/0x180 [ 12.865544] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.865614] __asan_report_store1_noabort+0x1b/0x30 [ 12.865639] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.865704] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.865757] ? __schedule+0x10cc/0x2b60 [ 12.865779] ? __pfx_read_tsc+0x10/0x10 [ 12.865799] ? ktime_get_ts64+0x86/0x230 [ 12.865825] kunit_try_run_case+0x1a5/0x480 [ 12.865850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.865871] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.865894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.865917] ? __kthread_parkme+0x82/0x180 [ 12.865938] ? preempt_count_sub+0x50/0x80 [ 12.865961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.866016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.866040] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.866079] kthread+0x337/0x6f0 [ 12.866099] ? trace_preempt_on+0x20/0xc0 [ 12.866123] ? __pfx_kthread+0x10/0x10 [ 12.866198] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.866219] ? calculate_sigpending+0x7b/0xa0 [ 12.866242] ? __pfx_kthread+0x10/0x10 [ 12.866263] ret_from_fork+0x116/0x1d0 [ 12.866281] ? __pfx_kthread+0x10/0x10 [ 12.866301] ret_from_fork_asm+0x1a/0x30 [ 12.866334] </TASK> [ 12.866345] [ 12.875308] Allocated by task 159: [ 12.875448] kasan_save_stack+0x45/0x70 [ 12.875717] kasan_save_track+0x18/0x40 [ 12.876106] kasan_save_alloc_info+0x3b/0x50 [ 12.876495] __kasan_kmalloc+0xb7/0xc0 [ 12.876783] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.877161] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.877385] kunit_try_run_case+0x1a5/0x480 [ 12.877627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.877853] kthread+0x337/0x6f0 [ 12.878078] ret_from_fork+0x116/0x1d0 [ 12.878967] ret_from_fork_asm+0x1a/0x30 [ 12.879132] [ 12.879211] The buggy address belongs to the object at ffff8881031acd00 [ 12.879211] which belongs to the cache kmalloc-128 of size 128 [ 12.879595] The buggy address is located 0 bytes to the right of [ 12.879595] allocated 120-byte region [ffff8881031acd00, ffff8881031acd78) [ 12.880897] [ 12.881001] The buggy address belongs to the physical page: [ 12.881332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031ac [ 12.881633] flags: 0x200000000000000(node=0|zone=2) [ 12.881889] page_type: f5(slab) [ 12.882090] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.882648] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.883127] page dumped because: kasan: bad access detected [ 12.883621] [ 12.883712] Memory state around the buggy address: [ 12.883880] ffff8881031acc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.884202] ffff8881031acc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.884679] >ffff8881031acd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.885341] ^ [ 12.885717] ffff8881031acd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.886013] ffff8881031ace00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.886337] ================================================================== [ 12.887292] ================================================================== [ 12.887695] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.888177] Write of size 1 at addr ffff8881031ace78 by task kunit_try_catch/159 [ 12.888420] [ 12.888509] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.888550] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.888562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.888619] Call Trace: [ 12.888631] <TASK> [ 12.888645] dump_stack_lvl+0x73/0xb0 [ 12.888683] print_report+0xd1/0x650 [ 12.888706] ? __virt_addr_valid+0x1db/0x2d0 [ 12.888727] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.888751] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.888777] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.888801] kasan_report+0x141/0x180 [ 12.888823] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.888852] __asan_report_store1_noabort+0x1b/0x30 [ 12.888907] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.888931] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.888957] ? __schedule+0x10cc/0x2b60 [ 12.888990] ? __pfx_read_tsc+0x10/0x10 [ 12.889010] ? ktime_get_ts64+0x86/0x230 [ 12.889034] kunit_try_run_case+0x1a5/0x480 [ 12.889068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.889089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.889111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.889133] ? __kthread_parkme+0x82/0x180 [ 12.889153] ? preempt_count_sub+0x50/0x80 [ 12.889176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.889199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.889221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.889243] kthread+0x337/0x6f0 [ 12.889262] ? trace_preempt_on+0x20/0xc0 [ 12.889284] ? __pfx_kthread+0x10/0x10 [ 12.889304] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.889340] ? calculate_sigpending+0x7b/0xa0 [ 12.889363] ? __pfx_kthread+0x10/0x10 [ 12.889384] ret_from_fork+0x116/0x1d0 [ 12.889401] ? __pfx_kthread+0x10/0x10 [ 12.889422] ret_from_fork_asm+0x1a/0x30 [ 12.889453] </TASK> [ 12.889463] [ 12.903689] Allocated by task 159: [ 12.903835] kasan_save_stack+0x45/0x70 [ 12.903989] kasan_save_track+0x18/0x40 [ 12.904142] kasan_save_alloc_info+0x3b/0x50 [ 12.904355] __kasan_kmalloc+0xb7/0xc0 [ 12.904491] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.904862] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.905822] kunit_try_run_case+0x1a5/0x480 [ 12.906108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.907871] kthread+0x337/0x6f0 [ 12.908028] ret_from_fork+0x116/0x1d0 [ 12.908182] ret_from_fork_asm+0x1a/0x30 [ 12.908328] [ 12.908405] The buggy address belongs to the object at ffff8881031ace00 [ 12.908405] which belongs to the cache kmalloc-128 of size 128 [ 12.908781] The buggy address is located 0 bytes to the right of [ 12.908781] allocated 120-byte region [ffff8881031ace00, ffff8881031ace78) [ 12.909172] [ 12.909248] The buggy address belongs to the physical page: [ 12.909428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031ac [ 12.909681] flags: 0x200000000000000(node=0|zone=2) [ 12.909851] page_type: f5(slab) [ 12.909978] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.912288] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.912633] page dumped because: kasan: bad access detected [ 12.913348] [ 12.913789] Memory state around the buggy address: [ 12.914160] ffff8881031acd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.914614] ffff8881031acd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.915186] >ffff8881031ace00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.915690] ^ [ 12.916037] ffff8881031ace80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.916650] ffff8881031acf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.917403] ==================================================================
[ 15.429146] ================================================================== [ 15.440597] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.448690] Write of size 1 at addr ffff888105bb0078 by task kunit_try_catch/183 [ 15.456090] [ 15.457593] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.457602] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 15.457604] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 15.457608] Call Trace: [ 15.457609] <TASK> [ 15.457611] dump_stack_lvl+0x73/0xb0 [ 15.457616] print_report+0xd1/0x650 [ 15.457620] ? __virt_addr_valid+0x1db/0x2d0 [ 15.457624] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.457629] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.457634] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.457638] kasan_report+0x141/0x180 [ 15.457642] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.457648] __asan_report_store1_noabort+0x1b/0x30 [ 15.457653] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.457657] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 15.457662] ? __schedule+0x10cc/0x2b60 [ 15.457666] ? ktime_get_ts64+0x83/0x230 [ 15.457670] kunit_try_run_case+0x1a2/0x480 [ 15.457675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.457679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.457683] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.457687] ? __kthread_parkme+0x82/0x180 [ 15.457691] ? preempt_count_sub+0x50/0x80 [ 15.457695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.457699] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 15.457703] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.457708] kthread+0x334/0x6f0 [ 15.457711] ? trace_preempt_on+0x20/0xc0 [ 15.457715] ? __pfx_kthread+0x10/0x10 [ 15.457719] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.457722] ? calculate_sigpending+0x7b/0xa0 [ 15.457727] ? __pfx_kthread+0x10/0x10 [ 15.457731] ret_from_fork+0x113/0x1d0 [ 15.457734] ? __pfx_kthread+0x10/0x10 [ 15.457738] ret_from_fork_asm+0x1a/0x30 [ 15.457743] </TASK> [ 15.457745] [ 15.628362] Allocated by task 183: [ 15.631815] kasan_save_stack+0x45/0x70 [ 15.635654] kasan_save_track+0x18/0x40 [ 15.639495] kasan_save_alloc_info+0x3b/0x50 [ 15.643766] __kasan_kmalloc+0xb7/0xc0 [ 15.647519] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 15.653092] kmalloc_track_caller_oob_right+0x99/0x520 [ 15.658232] kunit_try_run_case+0x1a2/0x480 [ 15.662423] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 15.667824] kthread+0x334/0x6f0 [ 15.671057] ret_from_fork+0x113/0x1d0 [ 15.674810] ret_from_fork_asm+0x1a/0x30 [ 15.678737] [ 15.680237] The buggy address belongs to the object at ffff888105bb0000 [ 15.680237] which belongs to the cache kmalloc-128 of size 128 [ 15.692750] The buggy address is located 0 bytes to the right of [ 15.692750] allocated 120-byte region [ffff888105bb0000, ffff888105bb0078) [ 15.705700] [ 15.707199] The buggy address belongs to the physical page: [ 15.712771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bb0 [ 15.720778] flags: 0x200000000000000(node=0|zone=2) [ 15.725658] page_type: f5(slab) [ 15.728804] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 15.736545] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.744282] page dumped because: kasan: bad access detected [ 15.749855] [ 15.751361] Memory state around the buggy address: [ 15.756200] ffff888105baff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.763418] ffff888105baff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.770639] >ffff888105bb0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.777858] ^ [ 15.784991] ffff888105bb0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.792211] ffff888105bb0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.799427] ==================================================================