Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.576559] ================================================================== [ 15.576616] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.576687] Write of size 1 at addr fff00000c5866078 by task kunit_try_catch/143 [ 15.576737] [ 15.576770] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.576848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.576873] Hardware name: linux,dummy-virt (DT) [ 15.576905] Call trace: [ 15.576927] show_stack+0x20/0x38 (C) [ 15.576974] dump_stack_lvl+0x8c/0xd0 [ 15.577020] print_report+0x118/0x5d0 [ 15.577065] kasan_report+0xdc/0x128 [ 15.577109] __asan_report_store1_noabort+0x20/0x30 [ 15.577159] kmalloc_track_caller_oob_right+0x40c/0x488 [ 15.577226] kunit_try_run_case+0x170/0x3f0 [ 15.577274] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.577324] kthread+0x328/0x630 [ 15.577365] ret_from_fork+0x10/0x20 [ 15.577412] [ 15.577429] Allocated by task 143: [ 15.577456] kasan_save_stack+0x3c/0x68 [ 15.577494] kasan_save_track+0x20/0x40 [ 15.577530] kasan_save_alloc_info+0x40/0x58 [ 15.577676] __kasan_kmalloc+0xd4/0xd8 [ 15.577798] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.577928] kmalloc_track_caller_oob_right+0xa8/0x488 [ 15.578029] kunit_try_run_case+0x170/0x3f0 [ 15.578116] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.578219] kthread+0x328/0x630 [ 15.578284] ret_from_fork+0x10/0x20 [ 15.578358] [ 15.578377] The buggy address belongs to the object at fff00000c5866000 [ 15.578377] which belongs to the cache kmalloc-128 of size 128 [ 15.578433] The buggy address is located 0 bytes to the right of [ 15.578433] allocated 120-byte region [fff00000c5866000, fff00000c5866078) [ 15.578496] [ 15.578515] The buggy address belongs to the physical page: [ 15.578545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105866 [ 15.578597] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.578644] page_type: f5(slab) [ 15.578680] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.578730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.578848] page dumped because: kasan: bad access detected [ 15.578911] [ 15.578940] Memory state around the buggy address: [ 15.578970] fff00000c5865f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.579039] fff00000c5865f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.579132] >fff00000c5866000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.579232] ^ [ 15.579326] fff00000c5866080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579389] fff00000c5866100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579483] ================================================================== [ 15.579926] ================================================================== [ 15.579971] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 15.580017] Write of size 1 at addr fff00000c5866178 by task kunit_try_catch/143 [ 15.580101] [ 15.580150] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.580271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.580321] Hardware name: linux,dummy-virt (DT) [ 15.580389] Call trace: [ 15.580409] show_stack+0x20/0x38 (C) [ 15.580478] dump_stack_lvl+0x8c/0xd0 [ 15.580523] print_report+0x118/0x5d0 [ 15.580568] kasan_report+0xdc/0x128 [ 15.580612] __asan_report_store1_noabort+0x20/0x30 [ 15.580662] kmalloc_track_caller_oob_right+0x418/0x488 [ 15.580711] kunit_try_run_case+0x170/0x3f0 [ 15.580756] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.580807] kthread+0x328/0x630 [ 15.580870] ret_from_fork+0x10/0x20 [ 15.580916] [ 15.580933] Allocated by task 143: [ 15.580958] kasan_save_stack+0x3c/0x68 [ 15.580996] kasan_save_track+0x20/0x40 [ 15.581032] kasan_save_alloc_info+0x40/0x58 [ 15.581100] __kasan_kmalloc+0xd4/0xd8 [ 15.581159] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 15.581270] kmalloc_track_caller_oob_right+0x184/0x488 [ 15.581336] kunit_try_run_case+0x170/0x3f0 [ 15.581389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.581447] kthread+0x328/0x630 [ 15.581508] ret_from_fork+0x10/0x20 [ 15.581593] [ 15.581611] The buggy address belongs to the object at fff00000c5866100 [ 15.581611] which belongs to the cache kmalloc-128 of size 128 [ 15.581667] The buggy address is located 0 bytes to the right of [ 15.581667] allocated 120-byte region [fff00000c5866100, fff00000c5866178) [ 15.582008] [ 15.582086] The buggy address belongs to the physical page: [ 15.582131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105866 [ 15.582221] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.582290] page_type: f5(slab) [ 15.582359] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.582417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.582495] page dumped because: kasan: bad access detected [ 15.582541] [ 15.582558] Memory state around the buggy address: [ 15.582587] fff00000c5866000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.582635] fff00000c5866080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.582988] >fff00000c5866100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.583068] ^ [ 15.583125] fff00000c5866180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.583166] fff00000c5866200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.583212] ==================================================================
[ 16.449365] ================================================================== [ 16.449416] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.450975] Write of size 1 at addr fff00000c5aae078 by task kunit_try_catch/143 [ 16.451054] [ 16.451086] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.451360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.451616] Hardware name: linux,dummy-virt (DT) [ 16.451658] Call trace: [ 16.451971] show_stack+0x20/0x38 (C) [ 16.452083] dump_stack_lvl+0x8c/0xd0 [ 16.452308] print_report+0x118/0x5d0 [ 16.452496] kasan_report+0xdc/0x128 [ 16.452744] __asan_report_store1_noabort+0x20/0x30 [ 16.452871] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.453026] kunit_try_run_case+0x170/0x3f0 [ 16.453075] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.453127] kthread+0x328/0x630 [ 16.453167] ret_from_fork+0x10/0x20 [ 16.453943] [ 16.453969] Allocated by task 143: [ 16.454006] kasan_save_stack+0x3c/0x68 [ 16.454337] kasan_save_track+0x20/0x40 [ 16.454582] kasan_save_alloc_info+0x40/0x58 [ 16.454633] __kasan_kmalloc+0xd4/0xd8 [ 16.454869] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.455311] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.455504] kunit_try_run_case+0x170/0x3f0 [ 16.455568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.455801] kthread+0x328/0x630 [ 16.456020] ret_from_fork+0x10/0x20 [ 16.456123] [ 16.456154] The buggy address belongs to the object at fff00000c5aae000 [ 16.456154] which belongs to the cache kmalloc-128 of size 128 [ 16.456229] The buggy address is located 0 bytes to the right of [ 16.456229] allocated 120-byte region [fff00000c5aae000, fff00000c5aae078) [ 16.456293] [ 16.456311] The buggy address belongs to the physical page: [ 16.456341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aae [ 16.456392] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.456439] page_type: f5(slab) [ 16.457405] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.457477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.457548] page dumped because: kasan: bad access detected [ 16.457578] [ 16.457597] Memory state around the buggy address: [ 16.458120] fff00000c5aadf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.458501] fff00000c5aadf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.458613] >fff00000c5aae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.458808] ^ [ 16.459088] fff00000c5aae080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.459282] fff00000c5aae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.459324] ================================================================== [ 16.437926] ================================================================== [ 16.438772] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.438844] Write of size 1 at addr fff00000c46fff78 by task kunit_try_catch/143 [ 16.438905] [ 16.439097] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.439462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.439491] Hardware name: linux,dummy-virt (DT) [ 16.439716] Call trace: [ 16.439745] show_stack+0x20/0x38 (C) [ 16.439973] dump_stack_lvl+0x8c/0xd0 [ 16.440371] print_report+0x118/0x5d0 [ 16.440466] kasan_report+0xdc/0x128 [ 16.441021] __asan_report_store1_noabort+0x20/0x30 [ 16.441461] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.441729] kunit_try_run_case+0x170/0x3f0 [ 16.441801] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.441856] kthread+0x328/0x630 [ 16.441898] ret_from_fork+0x10/0x20 [ 16.441946] [ 16.442735] Allocated by task 143: [ 16.442781] kasan_save_stack+0x3c/0x68 [ 16.442824] kasan_save_track+0x20/0x40 [ 16.442861] kasan_save_alloc_info+0x40/0x58 [ 16.442899] __kasan_kmalloc+0xd4/0xd8 [ 16.442935] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.442978] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.443019] kunit_try_run_case+0x170/0x3f0 [ 16.443055] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.443097] kthread+0x328/0x630 [ 16.443807] ret_from_fork+0x10/0x20 [ 16.443853] [ 16.443931] The buggy address belongs to the object at fff00000c46fff00 [ 16.443931] which belongs to the cache kmalloc-128 of size 128 [ 16.443991] The buggy address is located 0 bytes to the right of [ 16.443991] allocated 120-byte region [fff00000c46fff00, fff00000c46fff78) [ 16.444261] [ 16.444283] The buggy address belongs to the physical page: [ 16.444315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046ff [ 16.444380] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.444819] page_type: f5(slab) [ 16.445221] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.445570] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.445701] page dumped because: kasan: bad access detected [ 16.446049] [ 16.446073] Memory state around the buggy address: [ 16.446390] fff00000c46ffe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.446724] fff00000c46ffe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.446770] >fff00000c46fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.446808] ^ [ 16.446849] fff00000c46fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.447415] fff00000c4700000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.447596] ==================================================================
[ 11.935854] ================================================================== [ 11.936289] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.936704] Write of size 1 at addr ffff888103427d78 by task kunit_try_catch/159 [ 11.937284] [ 11.937382] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.937468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.937482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.937502] Call Trace: [ 11.937514] <TASK> [ 11.937529] dump_stack_lvl+0x73/0xb0 [ 11.937657] print_report+0xd1/0x610 [ 11.937685] ? __virt_addr_valid+0x1db/0x2d0 [ 11.937723] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.937748] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.937772] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.937797] kasan_report+0x141/0x180 [ 11.937819] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.937849] __asan_report_store1_noabort+0x1b/0x30 [ 11.937874] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.937900] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.937927] ? __schedule+0x10cc/0x2b60 [ 11.937981] ? __pfx_read_tsc+0x10/0x10 [ 11.938002] ? ktime_get_ts64+0x86/0x230 [ 11.938037] kunit_try_run_case+0x1a5/0x480 [ 11.938063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.938086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.938110] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.938134] ? __kthread_parkme+0x82/0x180 [ 11.938155] ? preempt_count_sub+0x50/0x80 [ 11.938179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.938203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.938227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.938252] kthread+0x337/0x6f0 [ 11.938271] ? trace_preempt_on+0x20/0xc0 [ 11.938294] ? __pfx_kthread+0x10/0x10 [ 11.938314] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.938335] ? calculate_sigpending+0x7b/0xa0 [ 11.938360] ? __pfx_kthread+0x10/0x10 [ 11.938381] ret_from_fork+0x116/0x1d0 [ 11.938400] ? __pfx_kthread+0x10/0x10 [ 11.938430] ret_from_fork_asm+0x1a/0x30 [ 11.938471] </TASK> [ 11.938480] [ 11.946490] Allocated by task 159: [ 11.946784] kasan_save_stack+0x45/0x70 [ 11.946993] kasan_save_track+0x18/0x40 [ 11.947219] kasan_save_alloc_info+0x3b/0x50 [ 11.947371] __kasan_kmalloc+0xb7/0xc0 [ 11.947514] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.947928] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.948356] kunit_try_run_case+0x1a5/0x480 [ 11.948638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.948992] kthread+0x337/0x6f0 [ 11.949123] ret_from_fork+0x116/0x1d0 [ 11.949310] ret_from_fork_asm+0x1a/0x30 [ 11.949540] [ 11.949772] The buggy address belongs to the object at ffff888103427d00 [ 11.949772] which belongs to the cache kmalloc-128 of size 128 [ 11.950190] The buggy address is located 0 bytes to the right of [ 11.950190] allocated 120-byte region [ffff888103427d00, ffff888103427d78) [ 11.951087] [ 11.951237] The buggy address belongs to the physical page: [ 11.951420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103427 [ 11.952041] flags: 0x200000000000000(node=0|zone=2) [ 11.952224] page_type: f5(slab) [ 11.952353] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.952859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.953311] page dumped because: kasan: bad access detected [ 11.953708] [ 11.953828] Memory state around the buggy address: [ 11.954056] ffff888103427c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.954368] ffff888103427c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.954586] >ffff888103427d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.955012] ^ [ 11.955618] ffff888103427d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.956005] ffff888103427e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.956270] ================================================================== [ 11.957238] ================================================================== [ 11.957706] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.958023] Write of size 1 at addr ffff888103427e78 by task kunit_try_catch/159 [ 11.958408] [ 11.958511] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.958583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.958595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.958615] Call Trace: [ 11.958626] <TASK> [ 11.958650] dump_stack_lvl+0x73/0xb0 [ 11.958678] print_report+0xd1/0x610 [ 11.958760] ? __virt_addr_valid+0x1db/0x2d0 [ 11.958817] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.958844] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.958867] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.958905] kasan_report+0x141/0x180 [ 11.958927] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.958985] __asan_report_store1_noabort+0x1b/0x30 [ 11.959010] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.959046] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.959074] ? __schedule+0x10cc/0x2b60 [ 11.959095] ? __pfx_read_tsc+0x10/0x10 [ 11.959116] ? ktime_get_ts64+0x86/0x230 [ 11.959140] kunit_try_run_case+0x1a5/0x480 [ 11.959164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.959187] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.959210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.959234] ? __kthread_parkme+0x82/0x180 [ 11.959254] ? preempt_count_sub+0x50/0x80 [ 11.959277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.959301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.959325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.959350] kthread+0x337/0x6f0 [ 11.959369] ? trace_preempt_on+0x20/0xc0 [ 11.959391] ? __pfx_kthread+0x10/0x10 [ 11.959422] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.959454] ? calculate_sigpending+0x7b/0xa0 [ 11.959478] ? __pfx_kthread+0x10/0x10 [ 11.959499] ret_from_fork+0x116/0x1d0 [ 11.959517] ? __pfx_kthread+0x10/0x10 [ 11.959537] ret_from_fork_asm+0x1a/0x30 [ 11.959610] </TASK> [ 11.959621] [ 11.973146] Allocated by task 159: [ 11.973278] kasan_save_stack+0x45/0x70 [ 11.973481] kasan_save_track+0x18/0x40 [ 11.973864] kasan_save_alloc_info+0x3b/0x50 [ 11.974338] __kasan_kmalloc+0xb7/0xc0 [ 11.974927] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.975327] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.975630] kunit_try_run_case+0x1a5/0x480 [ 11.976098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.976684] kthread+0x337/0x6f0 [ 11.977028] ret_from_fork+0x116/0x1d0 [ 11.977262] ret_from_fork_asm+0x1a/0x30 [ 11.977682] [ 11.977876] The buggy address belongs to the object at ffff888103427e00 [ 11.977876] which belongs to the cache kmalloc-128 of size 128 [ 11.978731] The buggy address is located 0 bytes to the right of [ 11.978731] allocated 120-byte region [ffff888103427e00, ffff888103427e78) [ 11.979260] [ 11.979332] The buggy address belongs to the physical page: [ 11.979682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103427 [ 11.980684] flags: 0x200000000000000(node=0|zone=2) [ 11.981156] page_type: f5(slab) [ 11.981520] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.982351] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.982947] page dumped because: kasan: bad access detected [ 11.983219] [ 11.983291] Memory state around the buggy address: [ 11.983552] ffff888103427d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.984228] ffff888103427d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.985155] >ffff888103427e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.985376] ^ [ 11.985935] ffff888103427e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.986610] ffff888103427f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.987301] ==================================================================
[ 12.198752] ================================================================== [ 12.199394] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.199672] Write of size 1 at addr ffff888102594278 by task kunit_try_catch/160 [ 12.200064] [ 12.200275] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.200330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.200341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.200361] Call Trace: [ 12.200371] <TASK> [ 12.200386] dump_stack_lvl+0x73/0xb0 [ 12.200414] print_report+0xd1/0x610 [ 12.200437] ? __virt_addr_valid+0x1db/0x2d0 [ 12.200461] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.200486] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.200510] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.200536] kasan_report+0x141/0x180 [ 12.200557] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.200588] __asan_report_store1_noabort+0x1b/0x30 [ 12.200613] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.200639] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.200667] ? __schedule+0x10cc/0x2b60 [ 12.200689] ? __pfx_read_tsc+0x10/0x10 [ 12.200723] ? ktime_get_ts64+0x86/0x230 [ 12.200747] kunit_try_run_case+0x1a5/0x480 [ 12.200771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.200814] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.200837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.200872] ? __kthread_parkme+0x82/0x180 [ 12.200903] ? preempt_count_sub+0x50/0x80 [ 12.200927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.200951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.200975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.201001] kthread+0x337/0x6f0 [ 12.201019] ? trace_preempt_on+0x20/0xc0 [ 12.201042] ? __pfx_kthread+0x10/0x10 [ 12.201071] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.201093] ? calculate_sigpending+0x7b/0xa0 [ 12.201117] ? __pfx_kthread+0x10/0x10 [ 12.201138] ret_from_fork+0x116/0x1d0 [ 12.201158] ? __pfx_kthread+0x10/0x10 [ 12.201187] ret_from_fork_asm+0x1a/0x30 [ 12.201227] </TASK> [ 12.201236] [ 12.214189] Allocated by task 160: [ 12.214524] kasan_save_stack+0x45/0x70 [ 12.214952] kasan_save_track+0x18/0x40 [ 12.215385] kasan_save_alloc_info+0x3b/0x50 [ 12.215594] __kasan_kmalloc+0xb7/0xc0 [ 12.216004] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.216619] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.216860] kunit_try_run_case+0x1a5/0x480 [ 12.217007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.217202] kthread+0x337/0x6f0 [ 12.217323] ret_from_fork+0x116/0x1d0 [ 12.217455] ret_from_fork_asm+0x1a/0x30 [ 12.217594] [ 12.217665] The buggy address belongs to the object at ffff888102594200 [ 12.217665] which belongs to the cache kmalloc-128 of size 128 [ 12.218022] The buggy address is located 0 bytes to the right of [ 12.218022] allocated 120-byte region [ffff888102594200, ffff888102594278) [ 12.218398] [ 12.218469] The buggy address belongs to the physical page: [ 12.218642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102594 [ 12.218894] flags: 0x200000000000000(node=0|zone=2) [ 12.219099] page_type: f5(slab) [ 12.219387] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.220032] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.220759] page dumped because: kasan: bad access detected [ 12.221299] [ 12.221456] Memory state around the buggy address: [ 12.221997] ffff888102594100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.222728] ffff888102594180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.223511] >ffff888102594200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.224303] ^ [ 12.225022] ffff888102594280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.225780] ffff888102594300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.226531] ================================================================== [ 12.163759] ================================================================== [ 12.164321] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.164578] Write of size 1 at addr ffff888102594178 by task kunit_try_catch/160 [ 12.165778] [ 12.166164] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.166315] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.166327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.166346] Call Trace: [ 12.166359] <TASK> [ 12.166374] dump_stack_lvl+0x73/0xb0 [ 12.166403] print_report+0xd1/0x610 [ 12.166426] ? __virt_addr_valid+0x1db/0x2d0 [ 12.166449] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.166474] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.166497] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.166523] kasan_report+0x141/0x180 [ 12.166545] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.166576] __asan_report_store1_noabort+0x1b/0x30 [ 12.166601] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.166627] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.166656] ? __schedule+0x10cc/0x2b60 [ 12.166678] ? __pfx_read_tsc+0x10/0x10 [ 12.166699] ? ktime_get_ts64+0x86/0x230 [ 12.166730] kunit_try_run_case+0x1a5/0x480 [ 12.166755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.166778] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.166801] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.166825] ? __kthread_parkme+0x82/0x180 [ 12.166845] ? preempt_count_sub+0x50/0x80 [ 12.166868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.166893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.166917] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.166942] kthread+0x337/0x6f0 [ 12.166960] ? trace_preempt_on+0x20/0xc0 [ 12.166984] ? __pfx_kthread+0x10/0x10 [ 12.167004] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.167025] ? calculate_sigpending+0x7b/0xa0 [ 12.167061] ? __pfx_kthread+0x10/0x10 [ 12.167083] ret_from_fork+0x116/0x1d0 [ 12.167102] ? __pfx_kthread+0x10/0x10 [ 12.167134] ret_from_fork_asm+0x1a/0x30 [ 12.167165] </TASK> [ 12.167175] [ 12.182474] Allocated by task 160: [ 12.182855] kasan_save_stack+0x45/0x70 [ 12.183336] kasan_save_track+0x18/0x40 [ 12.183763] kasan_save_alloc_info+0x3b/0x50 [ 12.184270] __kasan_kmalloc+0xb7/0xc0 [ 12.184642] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.185141] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.185328] kunit_try_run_case+0x1a5/0x480 [ 12.185590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.185846] kthread+0x337/0x6f0 [ 12.186251] ret_from_fork+0x116/0x1d0 [ 12.186604] ret_from_fork_asm+0x1a/0x30 [ 12.187097] [ 12.187396] The buggy address belongs to the object at ffff888102594100 [ 12.187396] which belongs to the cache kmalloc-128 of size 128 [ 12.188531] The buggy address is located 0 bytes to the right of [ 12.188531] allocated 120-byte region [ffff888102594100, ffff888102594178) [ 12.189627] [ 12.189729] The buggy address belongs to the physical page: [ 12.190275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102594 [ 12.190791] flags: 0x200000000000000(node=0|zone=2) [ 12.191328] page_type: f5(slab) [ 12.191487] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.192408] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.192922] page dumped because: kasan: bad access detected [ 12.193425] [ 12.193494] Memory state around the buggy address: [ 12.193822] ffff888102594000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.194568] ffff888102594080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.195285] >ffff888102594100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.196002] ^ [ 12.196493] ffff888102594180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.197142] ffff888102594200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.197629] ==================================================================