Date
July 17, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.279177] ================================================================== [ 16.279287] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 16.279706] Read of size 1 at addr fff00000c3e550bf by task kunit_try_catch/138 [ 16.279825] [ 16.280061] CPU: 1 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.280289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.280320] Hardware name: linux,dummy-virt (DT) [ 16.280383] Call trace: [ 16.280414] show_stack+0x20/0x38 (C) [ 16.280468] dump_stack_lvl+0x8c/0xd0 [ 16.280517] print_report+0x118/0x5d0 [ 16.280882] kasan_report+0xdc/0x128 [ 16.281178] __asan_report_load1_noabort+0x20/0x30 [ 16.281467] kmalloc_oob_left+0x2ec/0x320 [ 16.281517] kunit_try_run_case+0x170/0x3f0 [ 16.282090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.282466] kthread+0x328/0x630 [ 16.282528] ret_from_fork+0x10/0x20 [ 16.282591] [ 16.282725] Allocated by task 26: [ 16.283001] kasan_save_stack+0x3c/0x68 [ 16.283238] kasan_save_track+0x20/0x40 [ 16.283546] kasan_save_alloc_info+0x40/0x58 [ 16.283606] __kasan_kmalloc+0xd4/0xd8 [ 16.283641] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.283683] kstrdup+0x54/0xc8 [ 16.283816] devtmpfs_work_loop+0x6f8/0xa58 [ 16.283885] devtmpfsd+0x50/0x58 [ 16.283920] kthread+0x328/0x630 [ 16.283992] ret_from_fork+0x10/0x20 [ 16.284030] [ 16.284155] Freed by task 26: [ 16.284205] kasan_save_stack+0x3c/0x68 [ 16.284388] kasan_save_track+0x20/0x40 [ 16.284434] kasan_save_free_info+0x4c/0x78 [ 16.284485] __kasan_slab_free+0x6c/0x98 [ 16.284602] kfree+0x214/0x3c8 [ 16.284750] devtmpfs_work_loop+0x804/0xa58 [ 16.284859] devtmpfsd+0x50/0x58 [ 16.284901] kthread+0x328/0x630 [ 16.284931] ret_from_fork+0x10/0x20 [ 16.285371] [ 16.285400] The buggy address belongs to the object at fff00000c3e550a0 [ 16.285400] which belongs to the cache kmalloc-16 of size 16 [ 16.285473] The buggy address is located 15 bytes to the right of [ 16.285473] allocated 16-byte region [fff00000c3e550a0, fff00000c3e550b0) [ 16.285604] [ 16.285752] The buggy address belongs to the physical page: [ 16.285894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e55 [ 16.285996] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.286310] page_type: f5(slab) [ 16.286564] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.286749] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.286884] page dumped because: kasan: bad access detected [ 16.286915] [ 16.286932] Memory state around the buggy address: [ 16.286967] fff00000c3e54f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.287008] fff00000c3e55000: 00 06 fc fc 00 06 fc fc 00 02 fc fc 00 06 fc fc [ 16.287048] >fff00000c3e55080: 00 05 fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 16.287659] ^ [ 16.287787] fff00000c3e55100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.287829] fff00000c3e55180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.288027] ==================================================================
[ 11.564366] ================================================================== [ 11.565304] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 11.566019] Read of size 1 at addr ffff8881025ee2df by task kunit_try_catch/155 [ 11.566693] [ 11.566869] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.566934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.566945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.566969] Call Trace: [ 11.566982] <TASK> [ 11.567003] dump_stack_lvl+0x73/0xb0 [ 11.567037] print_report+0xd1/0x610 [ 11.567070] ? __virt_addr_valid+0x1db/0x2d0 [ 11.567094] ? kmalloc_oob_left+0x361/0x3c0 [ 11.567114] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.567167] ? kmalloc_oob_left+0x361/0x3c0 [ 11.567189] kasan_report+0x141/0x180 [ 11.567210] ? kmalloc_oob_left+0x361/0x3c0 [ 11.567246] __asan_report_load1_noabort+0x18/0x20 [ 11.567270] kmalloc_oob_left+0x361/0x3c0 [ 11.567291] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 11.567313] ? __schedule+0x10cc/0x2b60 [ 11.567336] ? __pfx_read_tsc+0x10/0x10 [ 11.567357] ? ktime_get_ts64+0x86/0x230 [ 11.567383] kunit_try_run_case+0x1a5/0x480 [ 11.567410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.567432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.567460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.567483] ? __kthread_parkme+0x82/0x180 [ 11.567504] ? preempt_count_sub+0x50/0x80 [ 11.567529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.567552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.567574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.567608] kthread+0x337/0x6f0 [ 11.567626] ? trace_preempt_on+0x20/0xc0 [ 11.567650] ? __pfx_kthread+0x10/0x10 [ 11.567669] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.567690] ? calculate_sigpending+0x7b/0xa0 [ 11.567715] ? __pfx_kthread+0x10/0x10 [ 11.567736] ret_from_fork+0x116/0x1d0 [ 11.567754] ? __pfx_kthread+0x10/0x10 [ 11.567773] ret_from_fork_asm+0x1a/0x30 [ 11.567805] </TASK> [ 11.567816] [ 11.581338] Allocated by task 1: [ 11.581483] kasan_save_stack+0x45/0x70 [ 11.581721] kasan_save_track+0x18/0x40 [ 11.582164] kasan_save_alloc_info+0x3b/0x50 [ 11.582566] __kasan_kmalloc+0xb7/0xc0 [ 11.582965] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.583563] kvasprintf+0xc5/0x150 [ 11.583963] __kthread_create_on_node+0x18b/0x3a0 [ 11.584344] kthread_create_on_node+0xab/0xe0 [ 11.584765] cryptomgr_notify+0x704/0x9f0 [ 11.585135] notifier_call_chain+0xcb/0x250 [ 11.585355] blocking_notifier_call_chain+0x64/0x90 [ 11.585517] crypto_alg_mod_lookup+0x21f/0x440 [ 11.585667] crypto_alloc_tfm_node+0xc5/0x1f0 [ 11.585812] crypto_alloc_sig+0x23/0x30 [ 11.585948] public_key_verify_signature+0x208/0x9f0 [ 11.586241] x509_check_for_self_signed+0x2cb/0x480 [ 11.586806] x509_cert_parse+0x59c/0x830 [ 11.587174] x509_key_preparse+0x68/0x8a0 [ 11.587522] asymmetric_key_preparse+0xb1/0x160 [ 11.587906] __key_create_or_update+0x43d/0xcc0 [ 11.588326] key_create_or_update+0x17/0x20 [ 11.588750] x509_load_certificate_list+0x174/0x200 [ 11.589522] regulatory_init_db+0xee/0x3a0 [ 11.589951] do_one_initcall+0xd8/0x370 [ 11.590346] kernel_init_freeable+0x420/0x6f0 [ 11.592428] kernel_init+0x23/0x1e0 [ 11.592777] ret_from_fork+0x116/0x1d0 [ 11.593087] ret_from_fork_asm+0x1a/0x30 [ 11.593259] [ 11.593354] The buggy address belongs to the object at ffff8881025ee2c0 [ 11.593354] which belongs to the cache kmalloc-16 of size 16 [ 11.595172] The buggy address is located 15 bytes to the right of [ 11.595172] allocated 16-byte region [ffff8881025ee2c0, ffff8881025ee2d0) [ 11.596463] [ 11.596631] The buggy address belongs to the physical page: [ 11.597225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ee [ 11.597729] flags: 0x200000000000000(node=0|zone=2) [ 11.598150] page_type: f5(slab) [ 11.598456] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.598791] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.599450] page dumped because: kasan: bad access detected [ 11.600087] [ 11.600250] Memory state around the buggy address: [ 11.600409] ffff8881025ee180: 00 03 fc fc fa fb fc fc 00 02 fc fc 00 05 fc fc [ 11.600693] ffff8881025ee200: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.601386] >ffff8881025ee280: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 11.602072] ^ [ 11.602586] ffff8881025ee300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.602855] ffff8881025ee380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.603496] ==================================================================