Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.238752] ================================================================== [ 16.238810] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.238864] Write of size 1 at addr fff00000c3edd278 by task kunit_try_catch/142 [ 16.238928] [ 16.238958] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.239040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.239067] Hardware name: linux,dummy-virt (DT) [ 16.239097] Call trace: [ 16.239120] show_stack+0x20/0x38 (C) [ 16.239180] dump_stack_lvl+0x8c/0xd0 [ 16.239405] print_report+0x118/0x5d0 [ 16.239558] kasan_report+0xdc/0x128 [ 16.239666] __asan_report_store1_noabort+0x20/0x30 [ 16.239947] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.240191] kunit_try_run_case+0x170/0x3f0 [ 16.240253] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.240504] kthread+0x328/0x630 [ 16.240701] ret_from_fork+0x10/0x20 [ 16.240852] [ 16.240869] Allocated by task 142: [ 16.240969] kasan_save_stack+0x3c/0x68 [ 16.241011] kasan_save_track+0x20/0x40 [ 16.241048] kasan_save_alloc_info+0x40/0x58 [ 16.241087] __kasan_kmalloc+0xd4/0xd8 [ 16.241123] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.241166] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.241206] kunit_try_run_case+0x170/0x3f0 [ 16.241243] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.241285] kthread+0x328/0x630 [ 16.241317] ret_from_fork+0x10/0x20 [ 16.241352] [ 16.241371] The buggy address belongs to the object at fff00000c3edd200 [ 16.241371] which belongs to the cache kmalloc-128 of size 128 [ 16.241427] The buggy address is located 0 bytes to the right of [ 16.241427] allocated 120-byte region [fff00000c3edd200, fff00000c3edd278) [ 16.241491] [ 16.241510] The buggy address belongs to the physical page: [ 16.241540] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103edd [ 16.241590] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.241638] page_type: f5(slab) [ 16.241679] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.241728] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.241767] page dumped because: kasan: bad access detected [ 16.241827] [ 16.241849] Memory state around the buggy address: [ 16.241880] fff00000c3edd100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.241934] fff00000c3edd180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.241977] >fff00000c3edd200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.242015] ^ [ 16.242055] fff00000c3edd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.242097] fff00000c3edd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.242134] ================================================================== [ 16.243001] ================================================================== [ 16.243048] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.243095] Write of size 1 at addr fff00000c3edd378 by task kunit_try_catch/142 [ 16.243144] [ 16.243173] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.243277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.243373] Hardware name: linux,dummy-virt (DT) [ 16.243517] Call trace: [ 16.243540] show_stack+0x20/0x38 (C) [ 16.243639] dump_stack_lvl+0x8c/0xd0 [ 16.243734] print_report+0x118/0x5d0 [ 16.243877] kasan_report+0xdc/0x128 [ 16.243935] __asan_report_store1_noabort+0x20/0x30 [ 16.243989] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.244041] kunit_try_run_case+0x170/0x3f0 [ 16.244099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.244153] kthread+0x328/0x630 [ 16.244197] ret_from_fork+0x10/0x20 [ 16.244244] [ 16.244262] Allocated by task 142: [ 16.244291] kasan_save_stack+0x3c/0x68 [ 16.244331] kasan_save_track+0x20/0x40 [ 16.244417] kasan_save_alloc_info+0x40/0x58 [ 16.244518] __kasan_kmalloc+0xd4/0xd8 [ 16.244662] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.245181] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.245268] kunit_try_run_case+0x170/0x3f0 [ 16.245370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.245415] kthread+0x328/0x630 [ 16.245469] ret_from_fork+0x10/0x20 [ 16.245769] [ 16.245838] The buggy address belongs to the object at fff00000c3edd300 [ 16.245838] which belongs to the cache kmalloc-128 of size 128 [ 16.245996] The buggy address is located 0 bytes to the right of [ 16.245996] allocated 120-byte region [fff00000c3edd300, fff00000c3edd378) [ 16.246061] [ 16.246080] The buggy address belongs to the physical page: [ 16.246113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103edd [ 16.246174] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.246355] page_type: f5(slab) [ 16.246394] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.246444] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.246483] page dumped because: kasan: bad access detected [ 16.246538] [ 16.246555] Memory state around the buggy address: [ 16.246585] fff00000c3edd200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.246635] fff00000c3edd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.246676] >fff00000c3edd300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.246713] ^ [ 16.246752] fff00000c3edd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.246794] fff00000c3edd400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.246909] ==================================================================
[ 16.347170] ================================================================== [ 16.347281] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.347378] Write of size 1 at addr fff00000c58dc678 by task kunit_try_catch/142 [ 16.347497] [ 16.347531] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.347611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.347842] Hardware name: linux,dummy-virt (DT) [ 16.347998] Call trace: [ 16.348025] show_stack+0x20/0x38 (C) [ 16.348079] dump_stack_lvl+0x8c/0xd0 [ 16.348158] print_report+0x118/0x5d0 [ 16.348260] kasan_report+0xdc/0x128 [ 16.348318] __asan_report_store1_noabort+0x20/0x30 [ 16.348370] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.348547] kunit_try_run_case+0x170/0x3f0 [ 16.348746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.348883] kthread+0x328/0x630 [ 16.348944] ret_from_fork+0x10/0x20 [ 16.349061] [ 16.349106] Allocated by task 142: [ 16.349194] kasan_save_stack+0x3c/0x68 [ 16.349492] kasan_save_track+0x20/0x40 [ 16.349663] kasan_save_alloc_info+0x40/0x58 [ 16.349796] __kasan_kmalloc+0xd4/0xd8 [ 16.349972] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.350060] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.350232] kunit_try_run_case+0x170/0x3f0 [ 16.350291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.350340] kthread+0x328/0x630 [ 16.350373] ret_from_fork+0x10/0x20 [ 16.350408] [ 16.350426] The buggy address belongs to the object at fff00000c58dc600 [ 16.350426] which belongs to the cache kmalloc-128 of size 128 [ 16.350727] The buggy address is located 0 bytes to the right of [ 16.350727] allocated 120-byte region [fff00000c58dc600, fff00000c58dc678) [ 16.350802] [ 16.350822] The buggy address belongs to the physical page: [ 16.351082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058dc [ 16.351186] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.351355] page_type: f5(slab) [ 16.351450] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.351607] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.351658] page dumped because: kasan: bad access detected [ 16.351963] [ 16.352083] Memory state around the buggy address: [ 16.352214] fff00000c58dc500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.352341] fff00000c58dc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.352441] >fff00000c58dc600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.352584] ^ [ 16.352690] fff00000c58dc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.352758] fff00000c58dc700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.352996] ================================================================== [ 16.354199] ================================================================== [ 16.354376] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.354431] Write of size 1 at addr fff00000c58dc778 by task kunit_try_catch/142 [ 16.354691] [ 16.354778] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.354890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.354925] Hardware name: linux,dummy-virt (DT) [ 16.354997] Call trace: [ 16.355047] show_stack+0x20/0x38 (C) [ 16.355099] dump_stack_lvl+0x8c/0xd0 [ 16.355154] print_report+0x118/0x5d0 [ 16.355262] kasan_report+0xdc/0x128 [ 16.355329] __asan_report_store1_noabort+0x20/0x30 [ 16.355381] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.355438] kunit_try_run_case+0x170/0x3f0 [ 16.355670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.355852] kthread+0x328/0x630 [ 16.355905] ret_from_fork+0x10/0x20 [ 16.356022] [ 16.356070] Allocated by task 142: [ 16.356118] kasan_save_stack+0x3c/0x68 [ 16.356228] kasan_save_track+0x20/0x40 [ 16.356284] kasan_save_alloc_info+0x40/0x58 [ 16.356324] __kasan_kmalloc+0xd4/0xd8 [ 16.356366] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.356410] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.356489] kunit_try_run_case+0x170/0x3f0 [ 16.356528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.356570] kthread+0x328/0x630 [ 16.356602] ret_from_fork+0x10/0x20 [ 16.356648] [ 16.356667] The buggy address belongs to the object at fff00000c58dc700 [ 16.356667] which belongs to the cache kmalloc-128 of size 128 [ 16.356723] The buggy address is located 0 bytes to the right of [ 16.356723] allocated 120-byte region [fff00000c58dc700, fff00000c58dc778) [ 16.356785] [ 16.356803] The buggy address belongs to the physical page: [ 16.356843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058dc [ 16.356894] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.357247] page_type: f5(slab) [ 16.357582] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.357675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.357789] page dumped because: kasan: bad access detected [ 16.357820] [ 16.357838] Memory state around the buggy address: [ 16.357880] fff00000c58dc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.357936] fff00000c58dc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.358118] >fff00000c58dc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.358243] ^ [ 16.358308] fff00000c58dc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.358361] fff00000c58dc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.358514] ==================================================================
[ 12.092003] ================================================================== [ 12.092953] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.093229] Write of size 1 at addr ffff888101bc1378 by task kunit_try_catch/160 [ 12.094420] [ 12.094799] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.094850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.094862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.094893] Call Trace: [ 12.094905] <TASK> [ 12.094922] dump_stack_lvl+0x73/0xb0 [ 12.094952] print_report+0xd1/0x610 [ 12.094974] ? __virt_addr_valid+0x1db/0x2d0 [ 12.094997] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.095217] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095242] kasan_report+0x141/0x180 [ 12.095265] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095304] __asan_report_store1_noabort+0x1b/0x30 [ 12.095329] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095353] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.095379] ? __schedule+0x10c6/0x2b60 [ 12.095410] ? __pfx_read_tsc+0x10/0x10 [ 12.095430] ? ktime_get_ts64+0x86/0x230 [ 12.095456] kunit_try_run_case+0x1a5/0x480 [ 12.095480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.095501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.095523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.095546] ? __kthread_parkme+0x82/0x180 [ 12.095566] ? preempt_count_sub+0x50/0x80 [ 12.095637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.095661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.095683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.095706] kthread+0x337/0x6f0 [ 12.095725] ? trace_preempt_on+0x20/0xc0 [ 12.095749] ? __pfx_kthread+0x10/0x10 [ 12.095769] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.095790] ? calculate_sigpending+0x7b/0xa0 [ 12.095813] ? __pfx_kthread+0x10/0x10 [ 12.095834] ret_from_fork+0x116/0x1d0 [ 12.095852] ? __pfx_kthread+0x10/0x10 [ 12.095872] ret_from_fork_asm+0x1a/0x30 [ 12.095903] </TASK> [ 12.095914] [ 12.107828] Allocated by task 160: [ 12.108251] kasan_save_stack+0x45/0x70 [ 12.108727] kasan_save_track+0x18/0x40 [ 12.109183] kasan_save_alloc_info+0x3b/0x50 [ 12.109700] __kasan_kmalloc+0xb7/0xc0 [ 12.110070] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.110800] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.111490] kunit_try_run_case+0x1a5/0x480 [ 12.112208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.112852] kthread+0x337/0x6f0 [ 12.113192] ret_from_fork+0x116/0x1d0 [ 12.113702] ret_from_fork_asm+0x1a/0x30 [ 12.114129] [ 12.114213] The buggy address belongs to the object at ffff888101bc1300 [ 12.114213] which belongs to the cache kmalloc-128 of size 128 [ 12.114576] The buggy address is located 0 bytes to the right of [ 12.114576] allocated 120-byte region [ffff888101bc1300, ffff888101bc1378) [ 12.114937] [ 12.115010] The buggy address belongs to the physical page: [ 12.115179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 12.115485] flags: 0x200000000000000(node=0|zone=2) [ 12.115916] page_type: f5(slab) [ 12.116222] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.116919] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.117777] page dumped because: kasan: bad access detected [ 12.118347] [ 12.118523] Memory state around the buggy address: [ 12.118978] ffff888101bc1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.119871] ffff888101bc1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.120637] >ffff888101bc1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.121323] ^ [ 12.121989] ffff888101bc1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.122923] ffff888101bc1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.123631] ================================================================== [ 12.124210] ================================================================== [ 12.124467] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.124756] Write of size 1 at addr ffff888101bc1478 by task kunit_try_catch/160 [ 12.125044] [ 12.125130] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.125173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.125184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.125206] Call Trace: [ 12.125217] <TASK> [ 12.125378] dump_stack_lvl+0x73/0xb0 [ 12.125426] print_report+0xd1/0x610 [ 12.125449] ? __virt_addr_valid+0x1db/0x2d0 [ 12.125473] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125498] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.125519] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125544] kasan_report+0x141/0x180 [ 12.125566] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125597] __asan_report_store1_noabort+0x1b/0x30 [ 12.125621] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125645] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.125671] ? __schedule+0x10c6/0x2b60 [ 12.125693] ? __pfx_read_tsc+0x10/0x10 [ 12.125713] ? ktime_get_ts64+0x86/0x230 [ 12.125737] kunit_try_run_case+0x1a5/0x480 [ 12.125760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.125783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.125805] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.125828] ? __kthread_parkme+0x82/0x180 [ 12.125848] ? preempt_count_sub+0x50/0x80 [ 12.125872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.125895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.125918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.125941] kthread+0x337/0x6f0 [ 12.125960] ? trace_preempt_on+0x20/0xc0 [ 12.125983] ? __pfx_kthread+0x10/0x10 [ 12.126003] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.126024] ? calculate_sigpending+0x7b/0xa0 [ 12.126469] ? __pfx_kthread+0x10/0x10 [ 12.126493] ret_from_fork+0x116/0x1d0 [ 12.126512] ? __pfx_kthread+0x10/0x10 [ 12.126533] ret_from_fork_asm+0x1a/0x30 [ 12.126564] </TASK> [ 12.126575] [ 12.134138] Allocated by task 160: [ 12.134314] kasan_save_stack+0x45/0x70 [ 12.134526] kasan_save_track+0x18/0x40 [ 12.134861] kasan_save_alloc_info+0x3b/0x50 [ 12.135018] __kasan_kmalloc+0xb7/0xc0 [ 12.135252] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.135496] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.135762] kunit_try_run_case+0x1a5/0x480 [ 12.135954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.136233] kthread+0x337/0x6f0 [ 12.136392] ret_from_fork+0x116/0x1d0 [ 12.136579] ret_from_fork_asm+0x1a/0x30 [ 12.136767] [ 12.136849] The buggy address belongs to the object at ffff888101bc1400 [ 12.136849] which belongs to the cache kmalloc-128 of size 128 [ 12.137509] The buggy address is located 0 bytes to the right of [ 12.137509] allocated 120-byte region [ffff888101bc1400, ffff888101bc1478) [ 12.138102] [ 12.138208] The buggy address belongs to the physical page: [ 12.138424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 12.138834] flags: 0x200000000000000(node=0|zone=2) [ 12.139081] page_type: f5(slab) [ 12.139212] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.139551] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.139902] page dumped because: kasan: bad access detected [ 12.140189] [ 12.140283] Memory state around the buggy address: [ 12.140504] ffff888101bc1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.140862] ffff888101bc1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.141221] >ffff888101bc1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.141485] ^ [ 12.141763] ffff888101bc1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.142269] ffff888101bc1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.142596] ==================================================================
[ 12.208962] ================================================================== [ 12.209561] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.209972] Write of size 1 at addr ffff8881027a1a78 by task kunit_try_catch/159 [ 12.210248] [ 12.210450] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.210497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.210509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.210530] Call Trace: [ 12.210541] <TASK> [ 12.210556] dump_stack_lvl+0x73/0xb0 [ 12.210775] print_report+0xd1/0x610 [ 12.210799] ? __virt_addr_valid+0x1db/0x2d0 [ 12.210821] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.210910] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.210934] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.210958] kasan_report+0x141/0x180 [ 12.210980] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.211008] __asan_report_store1_noabort+0x1b/0x30 [ 12.211032] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.211055] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.211093] ? __schedule+0x10c6/0x2b60 [ 12.211116] ? __pfx_read_tsc+0x10/0x10 [ 12.211137] ? ktime_get_ts64+0x86/0x230 [ 12.211185] kunit_try_run_case+0x1a5/0x480 [ 12.211209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.211231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.211255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.211277] ? __kthread_parkme+0x82/0x180 [ 12.211297] ? preempt_count_sub+0x50/0x80 [ 12.211330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.211355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.211378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.211400] kthread+0x337/0x6f0 [ 12.211418] ? trace_preempt_on+0x20/0xc0 [ 12.211450] ? __pfx_kthread+0x10/0x10 [ 12.211470] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.211490] ? calculate_sigpending+0x7b/0xa0 [ 12.211524] ? __pfx_kthread+0x10/0x10 [ 12.211545] ret_from_fork+0x116/0x1d0 [ 12.211562] ? __pfx_kthread+0x10/0x10 [ 12.211582] ret_from_fork_asm+0x1a/0x30 [ 12.211611] </TASK> [ 12.211621] [ 12.220104] Allocated by task 159: [ 12.220299] kasan_save_stack+0x45/0x70 [ 12.220555] kasan_save_track+0x18/0x40 [ 12.220710] kasan_save_alloc_info+0x3b/0x50 [ 12.220861] __kasan_kmalloc+0xb7/0xc0 [ 12.220996] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.221400] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.221674] kunit_try_run_case+0x1a5/0x480 [ 12.221994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.222521] kthread+0x337/0x6f0 [ 12.222659] ret_from_fork+0x116/0x1d0 [ 12.222847] ret_from_fork_asm+0x1a/0x30 [ 12.223044] [ 12.223141] The buggy address belongs to the object at ffff8881027a1a00 [ 12.223141] which belongs to the cache kmalloc-128 of size 128 [ 12.223785] The buggy address is located 0 bytes to the right of [ 12.223785] allocated 120-byte region [ffff8881027a1a00, ffff8881027a1a78) [ 12.224409] [ 12.224511] The buggy address belongs to the physical page: [ 12.224755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a1 [ 12.225214] flags: 0x200000000000000(node=0|zone=2) [ 12.225461] page_type: f5(slab) [ 12.225629] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.226038] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.226287] page dumped because: kasan: bad access detected [ 12.226461] [ 12.226532] Memory state around the buggy address: [ 12.226690] ffff8881027a1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.227316] ffff8881027a1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.227666] >ffff8881027a1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.228230] ^ [ 12.228615] ffff8881027a1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.228837] ffff8881027a1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.229223] ================================================================== [ 12.187619] ================================================================== [ 12.188341] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.189020] Write of size 1 at addr ffff8881027a1978 by task kunit_try_catch/159 [ 12.189329] [ 12.189464] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.189511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.189523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.189545] Call Trace: [ 12.189559] <TASK> [ 12.189577] dump_stack_lvl+0x73/0xb0 [ 12.189620] print_report+0xd1/0x610 [ 12.189643] ? __virt_addr_valid+0x1db/0x2d0 [ 12.189678] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.189702] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.189723] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.189747] kasan_report+0x141/0x180 [ 12.189768] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.189805] __asan_report_store1_noabort+0x1b/0x30 [ 12.189829] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.189853] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.189888] ? __schedule+0x10c6/0x2b60 [ 12.189973] ? __pfx_read_tsc+0x10/0x10 [ 12.189995] ? ktime_get_ts64+0x86/0x230 [ 12.190020] kunit_try_run_case+0x1a5/0x480 [ 12.190046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.190079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.190103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.190125] ? __kthread_parkme+0x82/0x180 [ 12.190163] ? preempt_count_sub+0x50/0x80 [ 12.190187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.190210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.190232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.190255] kthread+0x337/0x6f0 [ 12.190274] ? trace_preempt_on+0x20/0xc0 [ 12.190297] ? __pfx_kthread+0x10/0x10 [ 12.190317] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.190337] ? calculate_sigpending+0x7b/0xa0 [ 12.190361] ? __pfx_kthread+0x10/0x10 [ 12.190382] ret_from_fork+0x116/0x1d0 [ 12.190400] ? __pfx_kthread+0x10/0x10 [ 12.190420] ret_from_fork_asm+0x1a/0x30 [ 12.190450] </TASK> [ 12.190460] [ 12.198356] Allocated by task 159: [ 12.198669] kasan_save_stack+0x45/0x70 [ 12.199065] kasan_save_track+0x18/0x40 [ 12.199351] kasan_save_alloc_info+0x3b/0x50 [ 12.199616] __kasan_kmalloc+0xb7/0xc0 [ 12.199790] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.200241] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.200546] kunit_try_run_case+0x1a5/0x480 [ 12.200775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.201173] kthread+0x337/0x6f0 [ 12.201357] ret_from_fork+0x116/0x1d0 [ 12.201553] ret_from_fork_asm+0x1a/0x30 [ 12.201759] [ 12.201907] The buggy address belongs to the object at ffff8881027a1900 [ 12.201907] which belongs to the cache kmalloc-128 of size 128 [ 12.202477] The buggy address is located 0 bytes to the right of [ 12.202477] allocated 120-byte region [ffff8881027a1900, ffff8881027a1978) [ 12.203205] [ 12.203310] The buggy address belongs to the physical page: [ 12.203541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a1 [ 12.203865] flags: 0x200000000000000(node=0|zone=2) [ 12.204034] page_type: f5(slab) [ 12.204168] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.204406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.205220] page dumped because: kasan: bad access detected [ 12.205430] [ 12.205501] Memory state around the buggy address: [ 12.205659] ffff8881027a1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.205878] ffff8881027a1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.206630] >ffff8881027a1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.207041] ^ [ 12.207597] ffff8881027a1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.207930] ffff8881027a1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.208297] ==================================================================