Date
July 24, 2025, 4:41 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.130324] ================================================================== [ 32.130417] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 32.130477] Read of size 1 at addr fff00000c868343f by task kunit_try_catch/169 [ 32.131372] [ 32.131424] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT [ 32.131512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.131539] Hardware name: linux,dummy-virt (DT) [ 32.131572] Call trace: [ 32.131596] show_stack+0x20/0x38 (C) [ 32.131646] dump_stack_lvl+0x8c/0xd0 [ 32.131693] print_report+0x118/0x5e8 [ 32.131736] kasan_report+0xdc/0x128 [ 32.131789] __asan_report_load1_noabort+0x20/0x30 [ 32.131837] kmalloc_oob_left+0x2ec/0x320 [ 32.131884] kunit_try_run_case+0x170/0x3f0 [ 32.131930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.131981] kthread+0x328/0x630 [ 32.132023] ret_from_fork+0x10/0x20 [ 32.132071] [ 32.132090] Allocated by task 110: [ 32.132121] kasan_save_stack+0x3c/0x68 [ 32.132158] kasan_save_track+0x20/0x40 [ 32.132191] kasan_save_alloc_info+0x40/0x58 [ 32.132227] __kasan_kmalloc+0xd4/0xd8 [ 32.132260] __kmalloc_noprof+0x198/0x4c8 [ 32.132298] kunit_kmalloc_array+0x34/0x88 [ 32.132333] test_readerwriter+0x3b0/0x948 [ 32.132373] kunit_try_run_case+0x170/0x3f0 [ 32.132409] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.132450] kthread+0x328/0x630 [ 32.132481] ret_from_fork+0x10/0x20 [ 32.132515] [ 32.132551] Freed by task 112: [ 32.132591] kasan_save_stack+0x3c/0x68 [ 32.132626] kasan_save_track+0x20/0x40 [ 32.132660] kasan_save_free_info+0x4c/0x78 [ 32.132696] __kasan_slab_free+0x6c/0x98 [ 32.132729] kfree+0x214/0x3c8 [ 32.132773] kfree_action_wrapper+0x18/0x30 [ 32.132810] __kunit_action_free+0x58/0x80 [ 32.132845] kunit_remove_resource+0x14c/0x1f8 [ 32.132882] kunit_cleanup+0x6c/0x108 [ 32.132915] kunit_try_run_case_cleanup+0xa4/0xe0 [ 32.132952] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.132992] kthread+0x328/0x630 [ 32.133024] ret_from_fork+0x10/0x20 [ 32.133065] [ 32.133087] The buggy address belongs to the object at fff00000c8683420 [ 32.133087] which belongs to the cache kmalloc-16 of size 16 [ 32.133142] The buggy address is located 15 bytes to the right of [ 32.133142] allocated 16-byte region [fff00000c8683420, fff00000c8683430) [ 32.133204] [ 32.133225] The buggy address belongs to the physical page: [ 32.133265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108683 [ 32.133317] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.133366] page_type: f5(slab) [ 32.133406] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 32.133454] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.133493] page dumped because: kasan: bad access detected [ 32.133523] [ 32.133541] Memory state around the buggy address: [ 32.133572] fff00000c8683300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.133614] fff00000c8683380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.133657] >fff00000c8683400: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 32.133694] ^ [ 32.133727] fff00000c8683480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.134492] fff00000c8683500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.134570] ==================================================================
[ 26.138698] ================================================================== [ 26.139444] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 26.139806] Read of size 1 at addr ffff8881046259bf by task kunit_try_catch/186 [ 26.140168] [ 26.140281] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.140338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.140351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.140374] Call Trace: [ 26.140388] <TASK> [ 26.140409] dump_stack_lvl+0x73/0xb0 [ 26.140443] print_report+0xd1/0x640 [ 26.140467] ? __virt_addr_valid+0x1db/0x2d0 [ 26.140493] ? kmalloc_oob_left+0x361/0x3c0 [ 26.140514] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.140539] ? kmalloc_oob_left+0x361/0x3c0 [ 26.140560] kasan_report+0x141/0x180 [ 26.140593] ? kmalloc_oob_left+0x361/0x3c0 [ 26.140618] __asan_report_load1_noabort+0x18/0x20 [ 26.140643] kmalloc_oob_left+0x361/0x3c0 [ 26.140664] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 26.140686] ? __schedule+0x10da/0x2b60 [ 26.140711] ? __pfx_read_tsc+0x10/0x10 [ 26.140732] ? ktime_get_ts64+0x86/0x230 [ 26.140758] kunit_try_run_case+0x1a5/0x480 [ 26.140783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.140831] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.140867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.140891] ? __kthread_parkme+0x82/0x180 [ 26.140912] ? preempt_count_sub+0x50/0x80 [ 26.140935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.140959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.140982] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.141005] kthread+0x337/0x6f0 [ 26.141024] ? trace_preempt_on+0x20/0xc0 [ 26.141048] ? __pfx_kthread+0x10/0x10 [ 26.141068] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.141090] ? calculate_sigpending+0x7b/0xa0 [ 26.141113] ? __pfx_kthread+0x10/0x10 [ 26.141134] ret_from_fork+0x116/0x1d0 [ 26.141153] ? __pfx_kthread+0x10/0x10 [ 26.141172] ret_from_fork_asm+0x1a/0x30 [ 26.141204] </TASK> [ 26.141215] [ 26.151177] Allocated by task 118: [ 26.151500] kasan_save_stack+0x45/0x70 [ 26.152017] kasan_save_track+0x18/0x40 [ 26.152557] kasan_save_alloc_info+0x3b/0x50 [ 26.153122] __kasan_kmalloc+0xb7/0xc0 [ 26.153500] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 26.154090] kvasprintf+0xc5/0x150 [ 26.154428] kasprintf+0xb6/0xf0 [ 26.154735] miscdev_test_can_open+0x9a/0x2e0 [ 26.155217] miscdev_test_collision_reverse+0x402/0x750 [ 26.155789] kunit_try_run_case+0x1a5/0x480 [ 26.156300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.156832] kthread+0x337/0x6f0 [ 26.157192] ret_from_fork+0x116/0x1d0 [ 26.157544] ret_from_fork_asm+0x1a/0x30 [ 26.158014] [ 26.158289] Freed by task 73554304: [ 26.158767] ------------[ cut here ]------------ [ 26.159280] pool index 100480 out of bounds (155) for stack id ffff8881 [ 26.160491] WARNING: lib/stackdepot.c:500 at depot_fetch_stack+0x68/0x80, CPU#1: kunit_try_catch/186 [ 26.161658] Modules linked in: [ 26.162151] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.163265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.163651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.164631] RIP: 0010:depot_fetch_stack+0x68/0x80 [ 26.165183] Code: d2 74 05 e9 4a f8 69 02 90 0f 0b 90 31 c0 e9 3f f8 69 02 55 48 89 e5 90 89 f9 44 89 c2 48 c7 c7 c0 7e ba a9 e8 29 1b b9 fe 90 <0f> 0b 90 90 31 c0 5d c3 cc cc cc cc 90 0f 0b 90 31 c0 e9 11 f8 69 [ 26.166601] RSP: 0000:ffff8881060a7b28 EFLAGS: 00010082 [ 26.167166] RAX: 0000000000000000 RBX: ffff8881060a7b50 RCX: 1ffffffff53e4aac [ 26.167428] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 26.167685] RBP: ffff8881060a7b28 R08: 0000000000000000 R09: fffffbfff53e4aac [ 26.167925] R10: 0000000000000003 R11: 0000000000000001 R12: ffff8881046259bf [ 26.168666] R13: ffff8881049a4000 R14: ffffea0004118940 R15: 0000000000000001 [ 26.169429] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 26.170198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.170825] CR2: 0000000000000000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 26.171555] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 26.172298] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 26.172953] Call Trace: [ 26.173240] <TASK> [ 26.173343] stack_depot_fetch+0x2c/0x60 [ 26.173523] stack_depot_print+0x23/0x50 [ 26.173687] print_report+0x61a/0x640 [ 26.173883] ? __virt_addr_valid+0x1db/0x2d0 [ 26.174193] ? kmalloc_oob_left+0x361/0x3c0 [ 26.174360] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.174710] ? kmalloc_oob_left+0x361/0x3c0 [ 26.175013] kasan_report+0x141/0x180 [ 26.175157] ? kmalloc_oob_left+0x361/0x3c0 [ 26.175308] __asan_report_load1_noabort+0x18/0x20 [ 26.175536] kmalloc_oob_left+0x361/0x3c0 [ 26.175728] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 26.175914] ? __schedule+0x10da/0x2b60 [ 26.176144] ? __pfx_read_tsc+0x10/0x10 [ 26.176341] ? ktime_get_ts64+0x86/0x230 [ 26.176544] kunit_try_run_case+0x1a5/0x480 [ 26.176715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.176936] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.177252] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.177465] ? __kthread_parkme+0x82/0x180 [ 26.177618] ? preempt_count_sub+0x50/0x80 [ 26.177760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.177956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.178329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.178533] kthread+0x337/0x6f0 [ 26.178866] ? trace_preempt_on+0x20/0xc0 [ 26.179113] ? __pfx_kthread+0x10/0x10 [ 26.179310] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.179477] ? calculate_sigpending+0x7b/0xa0 [ 26.179667] ? __pfx_kthread+0x10/0x10 [ 26.179926] ret_from_fork+0x116/0x1d0 [ 26.180115] ? __pfx_kthread+0x10/0x10 [ 26.180263] ret_from_fork_asm+0x1a/0x30 [ 26.180471] </TASK> [ 26.180669] ---[ end trace 0000000000000000 ]--- [ 26.181204] ------------[ cut here ]------------ [ 26.181435] corrupt handle or use after stack_depot_put() [ 26.181510] WARNING: lib/stackdepot.c:772 at stack_depot_fetch+0x53/0x60, CPU#1: kunit_try_catch/186 [ 26.182161] Modules linked in: [ 26.182356] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.182804] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.182957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.183300] RIP: 0010:stack_depot_fetch+0x53/0x60 [ 26.183540] Code: ff ff ff 48 85 c0 74 14 48 8d 50 20 48 89 13 8b 40 14 48 8b 5d f8 c9 c3 cc cc cc cc 90 48 c7 c7 f8 7e ba a9 e8 ae 1a b9 fe 90 <0f> 0b 90 90 31 c0 eb e0 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 [ 26.184494] RSP: 0000:ffff8881060a7b38 EFLAGS: 00010082 [ 26.184763] RAX: 0000000000000000 RBX: ffff8881060a7b50 RCX: 1ffffffff53e4aac [ 26.185341] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 26.185621] RBP: ffff8881060a7b40 R08: 0000000000000000 R09: fffffbfff53e4aac [ 26.185949] R10: 0000000000000003 R11: 0000000000000001 R12: ffff8881046259bf [ 26.186207] R13: ffff8881049a4000 R14: ffffea0004118940 R15: 0000000000000001 [ 26.186415] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 26.186753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.187007] CR2: 0000000000000000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 26.187348] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 26.187559] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 26.187849] Call Trace: [ 26.188053] <TASK> [ 26.188174] stack_depot_print+0x23/0x50 [ 26.188376] print_report+0x61a/0x640 [ 26.188560] ? __virt_addr_valid+0x1db/0x2d0 [ 26.188787] ? kmalloc_oob_left+0x361/0x3c0 [ 26.189041] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.189327] ? kmalloc_oob_left+0x361/0x3c0 [ 26.189469] kasan_report+0x141/0x180 [ 26.189623] ? kmalloc_oob_left+0x361/0x3c0 [ 26.189823] __asan_report_load1_noabort+0x18/0x20 [ 26.190047] kmalloc_oob_left+0x361/0x3c0 [ 26.190352] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 26.190742] ? __schedule+0x10da/0x2b60 [ 26.190887] ? __pfx_read_tsc+0x10/0x10 [ 26.191064] ? ktime_get_ts64+0x86/0x230 [ 26.191437] kunit_try_run_case+0x1a5/0x480 [ 26.191659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.191933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.192119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.192351] ? __kthread_parkme+0x82/0x180 [ 26.192507] ? preempt_count_sub+0x50/0x80 [ 26.192695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.193019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.193242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.193485] kthread+0x337/0x6f0 [ 26.193661] ? trace_preempt_on+0x20/0xc0 [ 26.193800] ? __pfx_kthread+0x10/0x10 [ 26.193929] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.194076] ? calculate_sigpending+0x7b/0xa0 [ 26.194221] ? __pfx_kthread+0x10/0x10 [ 26.194388] ret_from_fork+0x116/0x1d0 [ 26.194713] ? __pfx_kthread+0x10/0x10 [ 26.194897] ret_from_fork_asm+0x1a/0x30 [ 26.195317] </TASK> [ 26.195404] ---[ end trace 0000000000000000 ]--- [ 26.195606] [ 26.195681] The buggy address belongs to the object at ffff8881046259a0 [ 26.195681] which belongs to the cache kmalloc-16 of size 16 [ 26.196331] The buggy address is located 15 bytes to the right of [ 26.196331] allocated 16-byte region [ffff8881046259a0, ffff8881046259b0) [ 26.197219] [ 26.197370] The buggy address belongs to the physical page: [ 26.197638] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 26.198065] flags: 0x200000000000000(node=0|zone=2) [ 26.198282] page_type: f5(slab) [ 26.198450] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.198746] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.199081] page dumped because: kasan: bad access detected [ 26.199297] [ 26.199374] Memory state around the buggy address: [ 26.199594] ffff888104625880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.199853] ffff888104625900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.200185] >ffff888104625980: fa fb fc fc fa fb fc fc 00 07 fc fc fa fb fc fc [ 26.200386] ^ [ 26.200542] ffff888104625a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.201133] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.201426] ==================================================================