Date
July 19, 2025, 11:11 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 14.956321] ================================================================== [ 14.956382] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 14.956435] Read of size 1 at addr fff00000c5f9c3ff by task kunit_try_catch/139 [ 14.956484] [ 14.956514] CPU: 1 UID: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 14.956610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.956637] Hardware name: linux,dummy-virt (DT) [ 14.956824] Call trace: [ 14.956865] show_stack+0x20/0x38 (C) [ 14.956915] dump_stack_lvl+0x8c/0xd0 [ 14.956961] print_report+0x118/0x5d0 [ 14.957146] kasan_report+0xdc/0x128 [ 14.957360] __asan_report_load1_noabort+0x20/0x30 [ 14.957430] kmalloc_oob_left+0x2ec/0x320 [ 14.957476] kunit_try_run_case+0x170/0x3f0 [ 14.957523] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 14.957596] kthread+0x328/0x630 [ 14.957857] ret_from_fork+0x10/0x20 [ 14.957994] [ 14.958217] Allocated by task 24: [ 14.958309] kasan_save_stack+0x3c/0x68 [ 14.958520] kasan_save_track+0x20/0x40 [ 14.958581] kasan_save_alloc_info+0x40/0x58 [ 14.958623] __kasan_kmalloc+0xd4/0xd8 [ 14.958664] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 14.958874] kvasprintf+0xe0/0x180 [ 14.959075] __kthread_create_on_node+0x16c/0x350 [ 14.959236] kthread_create_on_node+0xe4/0x130 [ 14.959366] create_worker+0x380/0x6b8 [ 14.959446] worker_thread+0x808/0xf38 [ 14.959716] kthread+0x328/0x630 [ 14.960005] ret_from_fork+0x10/0x20 [ 14.960080] [ 14.960129] The buggy address belongs to the object at fff00000c5f9c3e0 [ 14.960129] which belongs to the cache kmalloc-16 of size 16 [ 14.960671] The buggy address is located 19 bytes to the right of [ 14.960671] allocated 12-byte region [fff00000c5f9c3e0, fff00000c5f9c3ec) [ 14.960970] [ 14.961051] The buggy address belongs to the physical page: [ 14.961099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f9c [ 14.961299] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 14.961360] page_type: f5(slab) [ 14.961400] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 14.961496] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.961548] page dumped because: kasan: bad access detected [ 14.961587] [ 14.961605] Memory state around the buggy address: [ 14.961650] fff00000c5f9c280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.961692] fff00000c5f9c300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.962210] >fff00000c5f9c380: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 14.962320] ^ [ 14.962396] fff00000c5f9c400: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.962487] fff00000c5f9c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.962598] ==================================================================
[ 11.415307] ================================================================== [ 11.415817] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 11.416240] Read of size 1 at addr ffff8881016429bf by task kunit_try_catch/156 [ 11.416557] [ 11.416678] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.416724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.416745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.416768] Call Trace: [ 11.416780] <TASK> [ 11.416797] dump_stack_lvl+0x73/0xb0 [ 11.416842] print_report+0xd1/0x610 [ 11.416864] ? __virt_addr_valid+0x1db/0x2d0 [ 11.416887] ? kmalloc_oob_left+0x361/0x3c0 [ 11.416918] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.416940] ? kmalloc_oob_left+0x361/0x3c0 [ 11.416960] kasan_report+0x141/0x180 [ 11.416991] ? kmalloc_oob_left+0x361/0x3c0 [ 11.417016] __asan_report_load1_noabort+0x18/0x20 [ 11.417052] kmalloc_oob_left+0x361/0x3c0 [ 11.417073] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 11.417094] ? __schedule+0x10cc/0x2b60 [ 11.417116] ? __pfx_read_tsc+0x10/0x10 [ 11.417136] ? ktime_get_ts64+0x86/0x230 [ 11.417161] kunit_try_run_case+0x1a5/0x480 [ 11.417185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.417207] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.417230] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.417252] ? __kthread_parkme+0x82/0x180 [ 11.417297] ? preempt_count_sub+0x50/0x80 [ 11.417321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.417354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.417377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.417400] kthread+0x337/0x6f0 [ 11.417418] ? trace_preempt_on+0x20/0xc0 [ 11.417441] ? __pfx_kthread+0x10/0x10 [ 11.417468] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.417488] ? calculate_sigpending+0x7b/0xa0 [ 11.417527] ? __pfx_kthread+0x10/0x10 [ 11.417547] ret_from_fork+0x116/0x1d0 [ 11.417565] ? __pfx_kthread+0x10/0x10 [ 11.417584] ret_from_fork_asm+0x1a/0x30 [ 11.417614] </TASK> [ 11.417639] [ 11.429014] Allocated by task 1: [ 11.429345] kasan_save_stack+0x45/0x70 [ 11.429868] kasan_save_track+0x18/0x40 [ 11.430533] kasan_save_alloc_info+0x3b/0x50 [ 11.430732] __kasan_kmalloc+0xb7/0xc0 [ 11.430870] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.431060] kvasprintf+0xc5/0x150 [ 11.431185] __kthread_create_on_node+0x18b/0x3a0 [ 11.431341] kthread_create_on_node+0xab/0xe0 [ 11.431487] cryptomgr_notify+0x704/0x9f0 [ 11.431641] notifier_call_chain+0xcb/0x250 [ 11.431784] blocking_notifier_call_chain+0x64/0x90 [ 11.431943] crypto_alg_mod_lookup+0x21f/0x440 [ 11.432092] crypto_alloc_tfm_node+0xc5/0x1f0 [ 11.432241] crypto_alloc_sig+0x23/0x30 [ 11.432375] public_key_verify_signature+0x208/0x9f0 [ 11.432622] x509_check_for_self_signed+0x2cb/0x480 [ 11.433049] x509_cert_parse+0x59c/0x830 [ 11.433323] x509_key_preparse+0x68/0x8a0 [ 11.433469] asymmetric_key_preparse+0xb1/0x160 [ 11.433690] __key_create_or_update+0x43d/0xcc0 [ 11.434079] key_create_or_update+0x17/0x20 [ 11.434640] x509_load_certificate_list+0x174/0x200 [ 11.435395] regulatory_init_db+0xee/0x3a0 [ 11.435947] do_one_initcall+0xd8/0x370 [ 11.436235] kernel_init_freeable+0x420/0x6f0 [ 11.436683] kernel_init+0x23/0x1e0 [ 11.436814] ret_from_fork+0x116/0x1d0 [ 11.436946] ret_from_fork_asm+0x1a/0x30 [ 11.437152] [ 11.437434] Freed by task 0: [ 11.437873] kasan_save_stack+0x45/0x70 [ 11.438311] kasan_save_track+0x18/0x40 [ 11.438797] kasan_save_free_info+0x3f/0x60 [ 11.439335] __kasan_slab_free+0x56/0x70 [ 11.439951] kfree+0x222/0x3f0 [ 11.440372] free_kthread_struct+0xeb/0x150 [ 11.440536] free_task+0xf3/0x130 [ 11.440659] __put_task_struct+0x1c8/0x480 [ 11.440800] delayed_put_task_struct+0x10a/0x150 [ 11.440956] rcu_core+0x66f/0x1c40 [ 11.441163] rcu_core_si+0x12/0x20 [ 11.441380] handle_softirqs+0x209/0x730 [ 11.441528] __irq_exit_rcu+0xc9/0x110 [ 11.441904] irq_exit_rcu+0x12/0x20 [ 11.442034] sysvec_apic_timer_interrupt+0x81/0x90 [ 11.442266] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 11.442691] [ 11.443076] The buggy address belongs to the object at ffff8881016429a0 [ 11.443076] which belongs to the cache kmalloc-16 of size 16 [ 11.444655] The buggy address is located 15 bytes to the right of [ 11.444655] allocated 16-byte region [ffff8881016429a0, ffff8881016429b0) [ 11.446031] [ 11.446301] The buggy address belongs to the physical page: [ 11.446989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101642 [ 11.447641] flags: 0x200000000000000(node=0|zone=2) [ 11.447815] page_type: f5(slab) [ 11.447940] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.448205] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.448693] page dumped because: kasan: bad access detected [ 11.448906] [ 11.448998] Memory state around the buggy address: [ 11.449707] ffff888101642880: 00 02 fc fc 00 06 fc fc 00 06 fc fc 00 04 fc fc [ 11.449974] ffff888101642900: 00 04 fc fc 00 01 fc fc 00 01 fc fc 00 04 fc fc [ 11.450893] >ffff888101642980: 00 04 fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 11.451149] ^ [ 11.451557] ffff888101642a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.451832] ffff888101642a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.452234] ==================================================================