Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.524380] ================================================================== [ 16.524421] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 16.524475] Write of size 1 at addr fff00000c595ec78 by task kunit_try_catch/136 [ 16.524523] [ 16.524559] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.524638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.524707] Hardware name: linux,dummy-virt (DT) [ 16.524753] Call trace: [ 16.524794] show_stack+0x20/0x38 (C) [ 16.524878] dump_stack_lvl+0x8c/0xd0 [ 16.524955] print_report+0x118/0x5d0 [ 16.525011] kasan_report+0xdc/0x128 [ 16.525057] __asan_report_store1_noabort+0x20/0x30 [ 16.525133] kmalloc_oob_right+0x538/0x660 [ 16.525223] kunit_try_run_case+0x170/0x3f0 [ 16.525278] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.525330] kthread+0x328/0x630 [ 16.525372] ret_from_fork+0x10/0x20 [ 16.525419] [ 16.525437] Allocated by task 136: [ 16.525464] kasan_save_stack+0x3c/0x68 [ 16.525692] kasan_save_track+0x20/0x40 [ 16.525753] kasan_save_alloc_info+0x40/0x58 [ 16.525820] __kasan_kmalloc+0xd4/0xd8 [ 16.525885] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.525951] kmalloc_oob_right+0xb0/0x660 [ 16.525987] kunit_try_run_case+0x170/0x3f0 [ 16.526042] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.526101] kthread+0x328/0x630 [ 16.526135] ret_from_fork+0x10/0x20 [ 16.526176] [ 16.526196] The buggy address belongs to the object at fff00000c595ec00 [ 16.526196] which belongs to the cache kmalloc-128 of size 128 [ 16.526252] The buggy address is located 5 bytes to the right of [ 16.526252] allocated 115-byte region [fff00000c595ec00, fff00000c595ec73) [ 16.526504] [ 16.526530] The buggy address belongs to the physical page: [ 16.526579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595e [ 16.526671] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.526736] page_type: f5(slab) [ 16.527036] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.527119] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.527218] page dumped because: kasan: bad access detected [ 16.527333] [ 16.527413] Memory state around the buggy address: [ 16.527461] fff00000c595eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.527519] fff00000c595eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.527598] >fff00000c595ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.527683] ^ [ 16.527770] fff00000c595ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.527821] fff00000c595ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.527867] ================================================================== [ 16.528645] ================================================================== [ 16.528699] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 16.528746] Read of size 1 at addr fff00000c595ec80 by task kunit_try_catch/136 [ 16.528998] [ 16.529041] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.529152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.529241] Hardware name: linux,dummy-virt (DT) [ 16.529278] Call trace: [ 16.529335] show_stack+0x20/0x38 (C) [ 16.529387] dump_stack_lvl+0x8c/0xd0 [ 16.529533] print_report+0x118/0x5d0 [ 16.529583] kasan_report+0xdc/0x128 [ 16.529738] __asan_report_load1_noabort+0x20/0x30 [ 16.529947] kmalloc_oob_right+0x5d0/0x660 [ 16.529999] kunit_try_run_case+0x170/0x3f0 [ 16.530158] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.530229] kthread+0x328/0x630 [ 16.530282] ret_from_fork+0x10/0x20 [ 16.530329] [ 16.530359] Allocated by task 136: [ 16.530386] kasan_save_stack+0x3c/0x68 [ 16.530676] kasan_save_track+0x20/0x40 [ 16.530753] kasan_save_alloc_info+0x40/0x58 [ 16.530807] __kasan_kmalloc+0xd4/0xd8 [ 16.530855] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.530950] kmalloc_oob_right+0xb0/0x660 [ 16.530986] kunit_try_run_case+0x170/0x3f0 [ 16.531022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.531197] kthread+0x328/0x630 [ 16.531254] ret_from_fork+0x10/0x20 [ 16.531290] [ 16.531422] The buggy address belongs to the object at fff00000c595ec00 [ 16.531422] which belongs to the cache kmalloc-128 of size 128 [ 16.531530] The buggy address is located 13 bytes to the right of [ 16.531530] allocated 115-byte region [fff00000c595ec00, fff00000c595ec73) [ 16.531734] [ 16.531756] The buggy address belongs to the physical page: [ 16.531785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595e [ 16.532024] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.532158] page_type: f5(slab) [ 16.532198] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.532246] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.532370] page dumped because: kasan: bad access detected [ 16.532451] [ 16.532468] Memory state around the buggy address: [ 16.532542] fff00000c595eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.532634] fff00000c595ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.532698] >fff00000c595ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.532756] ^ [ 16.532811] fff00000c595ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.532880] fff00000c595ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.532916] ================================================================== [ 16.509556] ================================================================== [ 16.509977] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 16.510810] Write of size 1 at addr fff00000c595ec73 by task kunit_try_catch/136 [ 16.510933] [ 16.512084] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6 #1 PREEMPT [ 16.512265] Tainted: [N]=TEST [ 16.512297] Hardware name: linux,dummy-virt (DT) [ 16.512528] Call trace: [ 16.512708] show_stack+0x20/0x38 (C) [ 16.512922] dump_stack_lvl+0x8c/0xd0 [ 16.512989] print_report+0x118/0x5d0 [ 16.513038] kasan_report+0xdc/0x128 [ 16.513083] __asan_report_store1_noabort+0x20/0x30 [ 16.513275] kmalloc_oob_right+0x5a4/0x660 [ 16.513495] kunit_try_run_case+0x170/0x3f0 [ 16.513590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.513722] kthread+0x328/0x630 [ 16.513766] ret_from_fork+0x10/0x20 [ 16.514858] [ 16.515088] Allocated by task 136: [ 16.515588] kasan_save_stack+0x3c/0x68 [ 16.515666] kasan_save_track+0x20/0x40 [ 16.515981] kasan_save_alloc_info+0x40/0x58 [ 16.516034] __kasan_kmalloc+0xd4/0xd8 [ 16.516194] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.516324] kmalloc_oob_right+0xb0/0x660 [ 16.516461] kunit_try_run_case+0x170/0x3f0 [ 16.516564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.516776] kthread+0x328/0x630 [ 16.516869] ret_from_fork+0x10/0x20 [ 16.517519] [ 16.517677] The buggy address belongs to the object at fff00000c595ec00 [ 16.517677] which belongs to the cache kmalloc-128 of size 128 [ 16.518130] The buggy address is located 0 bytes to the right of [ 16.518130] allocated 115-byte region [fff00000c595ec00, fff00000c595ec73) [ 16.518454] [ 16.518675] The buggy address belongs to the physical page: [ 16.519630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595e [ 16.520464] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.521266] page_type: f5(slab) [ 16.521722] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.521825] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.521998] page dumped because: kasan: bad access detected [ 16.522053] [ 16.522088] Memory state around the buggy address: [ 16.522360] fff00000c595eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.522445] fff00000c595eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.522511] >fff00000c595ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.522580] ^ [ 16.522705] fff00000c595ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.522765] fff00000c595ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.522864] ==================================================================
[ 16.248134] ================================================================== [ 16.248185] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 16.248672] Write of size 1 at addr fff00000c5b7d578 by task kunit_try_catch/136 [ 16.248723] [ 16.248765] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.248850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.248876] Hardware name: linux,dummy-virt (DT) [ 16.248906] Call trace: [ 16.248928] show_stack+0x20/0x38 (C) [ 16.249054] dump_stack_lvl+0x8c/0xd0 [ 16.249102] print_report+0x118/0x5d0 [ 16.249148] kasan_report+0xdc/0x128 [ 16.249193] __asan_report_store1_noabort+0x20/0x30 [ 16.249243] kmalloc_oob_right+0x538/0x660 [ 16.249288] kunit_try_run_case+0x170/0x3f0 [ 16.249351] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.249403] kthread+0x328/0x630 [ 16.249445] ret_from_fork+0x10/0x20 [ 16.249491] [ 16.249509] Allocated by task 136: [ 16.249537] kasan_save_stack+0x3c/0x68 [ 16.249576] kasan_save_track+0x20/0x40 [ 16.249611] kasan_save_alloc_info+0x40/0x58 [ 16.249662] __kasan_kmalloc+0xd4/0xd8 [ 16.249698] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.249736] kmalloc_oob_right+0xb0/0x660 [ 16.249818] kunit_try_run_case+0x170/0x3f0 [ 16.249855] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.250003] kthread+0x328/0x630 [ 16.250035] ret_from_fork+0x10/0x20 [ 16.250069] [ 16.250087] The buggy address belongs to the object at fff00000c5b7d500 [ 16.250087] which belongs to the cache kmalloc-128 of size 128 [ 16.250142] The buggy address is located 5 bytes to the right of [ 16.250142] allocated 115-byte region [fff00000c5b7d500, fff00000c5b7d573) [ 16.250203] [ 16.250465] The buggy address belongs to the physical page: [ 16.250501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b7d [ 16.250599] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.250727] page_type: f5(slab) [ 16.250766] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.250816] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.250855] page dumped because: kasan: bad access detected [ 16.250885] [ 16.250903] Memory state around the buggy address: [ 16.250933] fff00000c5b7d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.251126] fff00000c5b7d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.251169] >fff00000c5b7d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.251205] ^ [ 16.251244] fff00000c5b7d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.251284] fff00000c5b7d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.251330] ================================================================== [ 16.252911] ================================================================== [ 16.252958] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 16.253006] Read of size 1 at addr fff00000c5b7d580 by task kunit_try_catch/136 [ 16.253061] [ 16.253090] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.253167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.253194] Hardware name: linux,dummy-virt (DT) [ 16.253223] Call trace: [ 16.253244] show_stack+0x20/0x38 (C) [ 16.253297] dump_stack_lvl+0x8c/0xd0 [ 16.253560] print_report+0x118/0x5d0 [ 16.253635] kasan_report+0xdc/0x128 [ 16.253787] __asan_report_load1_noabort+0x20/0x30 [ 16.253928] kmalloc_oob_right+0x5d0/0x660 [ 16.253974] kunit_try_run_case+0x170/0x3f0 [ 16.254020] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.254071] kthread+0x328/0x630 [ 16.254112] ret_from_fork+0x10/0x20 [ 16.254158] [ 16.254176] Allocated by task 136: [ 16.254209] kasan_save_stack+0x3c/0x68 [ 16.254720] kasan_save_track+0x20/0x40 [ 16.254784] kasan_save_alloc_info+0x40/0x58 [ 16.255219] __kasan_kmalloc+0xd4/0xd8 [ 16.255259] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.255478] kmalloc_oob_right+0xb0/0x660 [ 16.255548] kunit_try_run_case+0x170/0x3f0 [ 16.255795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.255847] kthread+0x328/0x630 [ 16.255889] ret_from_fork+0x10/0x20 [ 16.256034] [ 16.256065] The buggy address belongs to the object at fff00000c5b7d500 [ 16.256065] which belongs to the cache kmalloc-128 of size 128 [ 16.256121] The buggy address is located 13 bytes to the right of [ 16.256121] allocated 115-byte region [fff00000c5b7d500, fff00000c5b7d573) [ 16.256189] [ 16.256375] The buggy address belongs to the physical page: [ 16.256422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b7d [ 16.256475] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.256550] page_type: f5(slab) [ 16.256634] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.256700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.256831] page dumped because: kasan: bad access detected [ 16.256875] [ 16.256892] Memory state around the buggy address: [ 16.256922] fff00000c5b7d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.256963] fff00000c5b7d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.257003] >fff00000c5b7d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.257039] ^ [ 16.257066] fff00000c5b7d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.257176] fff00000c5b7d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.257213] ================================================================== [ 16.233656] ================================================================== [ 16.234205] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 16.235636] Write of size 1 at addr fff00000c5b7d573 by task kunit_try_catch/136 [ 16.235743] [ 16.237851] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6 #1 PREEMPT [ 16.238009] Tainted: [N]=TEST [ 16.238042] Hardware name: linux,dummy-virt (DT) [ 16.238392] Call trace: [ 16.238618] show_stack+0x20/0x38 (C) [ 16.239267] dump_stack_lvl+0x8c/0xd0 [ 16.239417] print_report+0x118/0x5d0 [ 16.239470] kasan_report+0xdc/0x128 [ 16.239650] __asan_report_store1_noabort+0x20/0x30 [ 16.239716] kmalloc_oob_right+0x5a4/0x660 [ 16.239769] kunit_try_run_case+0x170/0x3f0 [ 16.239866] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.240016] kthread+0x328/0x630 [ 16.240061] ret_from_fork+0x10/0x20 [ 16.240335] [ 16.240379] Allocated by task 136: [ 16.240523] kasan_save_stack+0x3c/0x68 [ 16.240611] kasan_save_track+0x20/0x40 [ 16.240651] kasan_save_alloc_info+0x40/0x58 [ 16.240690] __kasan_kmalloc+0xd4/0xd8 [ 16.240727] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.240767] kmalloc_oob_right+0xb0/0x660 [ 16.241059] kunit_try_run_case+0x170/0x3f0 [ 16.241209] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.241347] kthread+0x328/0x630 [ 16.241435] ret_from_fork+0x10/0x20 [ 16.241729] [ 16.242030] The buggy address belongs to the object at fff00000c5b7d500 [ 16.242030] which belongs to the cache kmalloc-128 of size 128 [ 16.242135] The buggy address is located 0 bytes to the right of [ 16.242135] allocated 115-byte region [fff00000c5b7d500, fff00000c5b7d573) [ 16.242201] [ 16.242611] The buggy address belongs to the physical page: [ 16.242840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b7d [ 16.243399] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.244252] page_type: f5(slab) [ 16.244888] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.244954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.245178] page dumped because: kasan: bad access detected [ 16.245257] [ 16.245297] Memory state around the buggy address: [ 16.245533] fff00000c5b7d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.245600] fff00000c5b7d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.245971] >fff00000c5b7d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.246044] ^ [ 16.246136] fff00000c5b7d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.246178] fff00000c5b7d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.246499] ==================================================================
[ 16.263865] ================================================================== [ 16.263958] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 16.264005] Read of size 1 at addr fff00000c576cc80 by task kunit_try_catch/136 [ 16.264051] [ 16.264079] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.264155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.264191] Hardware name: linux,dummy-virt (DT) [ 16.264219] Call trace: [ 16.264240] show_stack+0x20/0x38 (C) [ 16.264298] dump_stack_lvl+0x8c/0xd0 [ 16.264343] print_report+0x118/0x5d0 [ 16.264388] kasan_report+0xdc/0x128 [ 16.264432] __asan_report_load1_noabort+0x20/0x30 [ 16.264482] kmalloc_oob_right+0x5d0/0x660 [ 16.264526] kunit_try_run_case+0x170/0x3f0 [ 16.264572] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.264622] kthread+0x328/0x630 [ 16.264662] ret_from_fork+0x10/0x20 [ 16.264707] [ 16.264735] Allocated by task 136: [ 16.264761] kasan_save_stack+0x3c/0x68 [ 16.264799] kasan_save_track+0x20/0x40 [ 16.264835] kasan_save_alloc_info+0x40/0x58 [ 16.264873] __kasan_kmalloc+0xd4/0xd8 [ 16.264907] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.264944] kmalloc_oob_right+0xb0/0x660 [ 16.264994] kunit_try_run_case+0x170/0x3f0 [ 16.265048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.265089] kthread+0x328/0x630 [ 16.265119] ret_from_fork+0x10/0x20 [ 16.265153] [ 16.265170] The buggy address belongs to the object at fff00000c576cc00 [ 16.265170] which belongs to the cache kmalloc-128 of size 128 [ 16.265224] The buggy address is located 13 bytes to the right of [ 16.265224] allocated 115-byte region [fff00000c576cc00, fff00000c576cc73) [ 16.265284] [ 16.265302] The buggy address belongs to the physical page: [ 16.265344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10576c [ 16.265576] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.265790] page_type: f5(slab) [ 16.265937] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.266020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.266196] page dumped because: kasan: bad access detected [ 16.266253] [ 16.266270] Memory state around the buggy address: [ 16.266390] fff00000c576cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.266486] fff00000c576cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.266532] >fff00000c576cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.266644] ^ [ 16.266670] fff00000c576cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.267335] fff00000c576cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.267419] ================================================================== [ 16.260709] ================================================================== [ 16.260764] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 16.260812] Write of size 1 at addr fff00000c576cc78 by task kunit_try_catch/136 [ 16.260859] [ 16.260890] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.260979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.261005] Hardware name: linux,dummy-virt (DT) [ 16.261048] Call trace: [ 16.261069] show_stack+0x20/0x38 (C) [ 16.261127] dump_stack_lvl+0x8c/0xd0 [ 16.261173] print_report+0x118/0x5d0 [ 16.261270] kasan_report+0xdc/0x128 [ 16.261338] __asan_report_store1_noabort+0x20/0x30 [ 16.261454] kmalloc_oob_right+0x538/0x660 [ 16.261583] kunit_try_run_case+0x170/0x3f0 [ 16.261631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.261681] kthread+0x328/0x630 [ 16.261731] ret_from_fork+0x10/0x20 [ 16.261777] [ 16.261794] Allocated by task 136: [ 16.261834] kasan_save_stack+0x3c/0x68 [ 16.261874] kasan_save_track+0x20/0x40 [ 16.261922] kasan_save_alloc_info+0x40/0x58 [ 16.261960] __kasan_kmalloc+0xd4/0xd8 [ 16.262005] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.262051] kmalloc_oob_right+0xb0/0x660 [ 16.262085] kunit_try_run_case+0x170/0x3f0 [ 16.262146] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.262358] kthread+0x328/0x630 [ 16.262390] ret_from_fork+0x10/0x20 [ 16.262424] [ 16.262442] The buggy address belongs to the object at fff00000c576cc00 [ 16.262442] which belongs to the cache kmalloc-128 of size 128 [ 16.262496] The buggy address is located 5 bytes to the right of [ 16.262496] allocated 115-byte region [fff00000c576cc00, fff00000c576cc73) [ 16.262557] [ 16.262575] The buggy address belongs to the physical page: [ 16.262605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10576c [ 16.262654] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.262699] page_type: f5(slab) [ 16.262745] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.262792] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.263195] page dumped because: kasan: bad access detected [ 16.263236] [ 16.263254] Memory state around the buggy address: [ 16.263284] fff00000c576cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.263325] fff00000c576cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.263366] >fff00000c576cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.263402] ^ [ 16.263440] fff00000c576cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.263479] fff00000c576cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.263515] ================================================================== [ 16.253551] ================================================================== [ 16.253896] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 16.254751] Write of size 1 at addr fff00000c576cc73 by task kunit_try_catch/136 [ 16.254903] [ 16.255740] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6 #1 PREEMPT [ 16.255885] Tainted: [N]=TEST [ 16.255917] Hardware name: linux,dummy-virt (DT) [ 16.256140] Call trace: [ 16.256309] show_stack+0x20/0x38 (C) [ 16.256439] dump_stack_lvl+0x8c/0xd0 [ 16.256499] print_report+0x118/0x5d0 [ 16.256546] kasan_report+0xdc/0x128 [ 16.256591] __asan_report_store1_noabort+0x20/0x30 [ 16.256642] kmalloc_oob_right+0x5a4/0x660 [ 16.256686] kunit_try_run_case+0x170/0x3f0 [ 16.256753] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.256805] kthread+0x328/0x630 [ 16.256848] ret_from_fork+0x10/0x20 [ 16.257011] [ 16.257047] Allocated by task 136: [ 16.257178] kasan_save_stack+0x3c/0x68 [ 16.257245] kasan_save_track+0x20/0x40 [ 16.257282] kasan_save_alloc_info+0x40/0x58 [ 16.257327] __kasan_kmalloc+0xd4/0xd8 [ 16.257362] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.257401] kmalloc_oob_right+0xb0/0x660 [ 16.257436] kunit_try_run_case+0x170/0x3f0 [ 16.257472] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.257514] kthread+0x328/0x630 [ 16.257545] ret_from_fork+0x10/0x20 [ 16.257598] [ 16.257656] The buggy address belongs to the object at fff00000c576cc00 [ 16.257656] which belongs to the cache kmalloc-128 of size 128 [ 16.257759] The buggy address is located 0 bytes to the right of [ 16.257759] allocated 115-byte region [fff00000c576cc00, fff00000c576cc73) [ 16.257824] [ 16.257901] The buggy address belongs to the physical page: [ 16.258088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10576c [ 16.258349] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.258633] page_type: f5(slab) [ 16.258951] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.259015] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.259119] page dumped because: kasan: bad access detected [ 16.259157] [ 16.259186] Memory state around the buggy address: [ 16.259411] fff00000c576cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.259475] fff00000c576cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.259529] >fff00000c576cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.259581] ^ [ 16.259664] fff00000c576cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.259705] fff00000c576cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.259780] ==================================================================
[ 11.334605] ================================================================== [ 11.334945] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 11.335275] Read of size 1 at addr ffff888102ae1080 by task kunit_try_catch/154 [ 11.336007] [ 11.336124] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.336204] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.336215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.336361] Call Trace: [ 11.336374] <TASK> [ 11.336388] dump_stack_lvl+0x73/0xb0 [ 11.336415] print_report+0xd1/0x610 [ 11.336446] ? __virt_addr_valid+0x1db/0x2d0 [ 11.336468] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.336489] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.336511] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.336532] kasan_report+0x141/0x180 [ 11.336553] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.336579] __asan_report_load1_noabort+0x18/0x20 [ 11.336603] kmalloc_oob_right+0x68a/0x7f0 [ 11.336625] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.336646] ? __schedule+0x10cc/0x2b60 [ 11.336669] ? __pfx_read_tsc+0x10/0x10 [ 11.336688] ? ktime_get_ts64+0x86/0x230 [ 11.336712] kunit_try_run_case+0x1a5/0x480 [ 11.336735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.336756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.336779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.336802] ? __kthread_parkme+0x82/0x180 [ 11.336821] ? preempt_count_sub+0x50/0x80 [ 11.336844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.336867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.336890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.336913] kthread+0x337/0x6f0 [ 11.336930] ? trace_preempt_on+0x20/0xc0 [ 11.336952] ? __pfx_kthread+0x10/0x10 [ 11.336972] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.336992] ? calculate_sigpending+0x7b/0xa0 [ 11.337015] ? __pfx_kthread+0x10/0x10 [ 11.337035] ret_from_fork+0x116/0x1d0 [ 11.337052] ? __pfx_kthread+0x10/0x10 [ 11.337071] ret_from_fork_asm+0x1a/0x30 [ 11.337103] </TASK> [ 11.337112] [ 11.343870] Allocated by task 154: [ 11.344048] kasan_save_stack+0x45/0x70 [ 11.344198] kasan_save_track+0x18/0x40 [ 11.344329] kasan_save_alloc_info+0x3b/0x50 [ 11.344484] __kasan_kmalloc+0xb7/0xc0 [ 11.344613] __kmalloc_cache_noprof+0x189/0x420 [ 11.344761] kmalloc_oob_right+0xa9/0x7f0 [ 11.344950] kunit_try_run_case+0x1a5/0x480 [ 11.345154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.345397] kthread+0x337/0x6f0 [ 11.345588] ret_from_fork+0x116/0x1d0 [ 11.345768] ret_from_fork_asm+0x1a/0x30 [ 11.345927] [ 11.345993] The buggy address belongs to the object at ffff888102ae1000 [ 11.345993] which belongs to the cache kmalloc-128 of size 128 [ 11.346578] The buggy address is located 13 bytes to the right of [ 11.346578] allocated 115-byte region [ffff888102ae1000, ffff888102ae1073) [ 11.347138] [ 11.347221] The buggy address belongs to the physical page: [ 11.347386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 11.347868] flags: 0x200000000000000(node=0|zone=2) [ 11.348116] page_type: f5(slab) [ 11.348279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.348638] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.348866] page dumped because: kasan: bad access detected [ 11.349030] [ 11.349122] Memory state around the buggy address: [ 11.349377] ffff888102ae0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.349911] ffff888102ae1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.350256] >ffff888102ae1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.350547] ^ [ 11.350715] ffff888102ae1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.350953] ffff888102ae1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.351157] ================================================================== [ 11.306342] ================================================================== [ 11.306932] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 11.307387] Write of size 1 at addr ffff888102ae1078 by task kunit_try_catch/154 [ 11.308161] [ 11.308389] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.308479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.308491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.308512] Call Trace: [ 11.308526] <TASK> [ 11.308544] dump_stack_lvl+0x73/0xb0 [ 11.308574] print_report+0xd1/0x610 [ 11.308595] ? __virt_addr_valid+0x1db/0x2d0 [ 11.308618] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.308638] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.308660] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.308681] kasan_report+0x141/0x180 [ 11.308703] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.308729] __asan_report_store1_noabort+0x1b/0x30 [ 11.308753] kmalloc_oob_right+0x6bd/0x7f0 [ 11.308775] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.308796] ? __schedule+0x10cc/0x2b60 [ 11.308819] ? __pfx_read_tsc+0x10/0x10 [ 11.308839] ? ktime_get_ts64+0x86/0x230 [ 11.308864] kunit_try_run_case+0x1a5/0x480 [ 11.308888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.308909] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.308932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.308955] ? __kthread_parkme+0x82/0x180 [ 11.308974] ? preempt_count_sub+0x50/0x80 [ 11.308998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.309021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.309044] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.309067] kthread+0x337/0x6f0 [ 11.309085] ? trace_preempt_on+0x20/0xc0 [ 11.309108] ? __pfx_kthread+0x10/0x10 [ 11.310302] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.310332] ? calculate_sigpending+0x7b/0xa0 [ 11.310357] ? __pfx_kthread+0x10/0x10 [ 11.310379] ret_from_fork+0x116/0x1d0 [ 11.310398] ? __pfx_kthread+0x10/0x10 [ 11.310459] ret_from_fork_asm+0x1a/0x30 [ 11.310492] </TASK> [ 11.310502] [ 11.323089] Allocated by task 154: [ 11.323802] kasan_save_stack+0x45/0x70 [ 11.324015] kasan_save_track+0x18/0x40 [ 11.324197] kasan_save_alloc_info+0x3b/0x50 [ 11.324406] __kasan_kmalloc+0xb7/0xc0 [ 11.324642] __kmalloc_cache_noprof+0x189/0x420 [ 11.324841] kmalloc_oob_right+0xa9/0x7f0 [ 11.325140] kunit_try_run_case+0x1a5/0x480 [ 11.325318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.325721] kthread+0x337/0x6f0 [ 11.325862] ret_from_fork+0x116/0x1d0 [ 11.326054] ret_from_fork_asm+0x1a/0x30 [ 11.326254] [ 11.326327] The buggy address belongs to the object at ffff888102ae1000 [ 11.326327] which belongs to the cache kmalloc-128 of size 128 [ 11.326971] The buggy address is located 5 bytes to the right of [ 11.326971] allocated 115-byte region [ffff888102ae1000, ffff888102ae1073) [ 11.327837] [ 11.327970] The buggy address belongs to the physical page: [ 11.328218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 11.328717] flags: 0x200000000000000(node=0|zone=2) [ 11.328932] page_type: f5(slab) [ 11.329103] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.329349] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.329849] page dumped because: kasan: bad access detected [ 11.330065] [ 11.330158] Memory state around the buggy address: [ 11.330366] ffff888102ae0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.331378] ffff888102ae0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.331834] >ffff888102ae1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.332261] ^ [ 11.332881] ffff888102ae1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.333310] ffff888102ae1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.333848] ================================================================== [ 11.272604] ================================================================== [ 11.273163] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 11.275197] Write of size 1 at addr ffff888102ae1073 by task kunit_try_catch/154 [ 11.276178] [ 11.277384] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.277928] Tainted: [N]=TEST [ 11.277961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.278180] Call Trace: [ 11.278246] <TASK> [ 11.278386] dump_stack_lvl+0x73/0xb0 [ 11.278585] print_report+0xd1/0x610 [ 11.278614] ? __virt_addr_valid+0x1db/0x2d0 [ 11.278639] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.278659] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.278681] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.278703] kasan_report+0x141/0x180 [ 11.278724] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.278750] __asan_report_store1_noabort+0x1b/0x30 [ 11.278774] kmalloc_oob_right+0x6f0/0x7f0 [ 11.278795] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.278817] ? __schedule+0x10cc/0x2b60 [ 11.278840] ? __pfx_read_tsc+0x10/0x10 [ 11.278861] ? ktime_get_ts64+0x86/0x230 [ 11.278887] kunit_try_run_case+0x1a5/0x480 [ 11.278913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.278934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.278958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.278980] ? __kthread_parkme+0x82/0x180 [ 11.279001] ? preempt_count_sub+0x50/0x80 [ 11.279025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.279048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.279071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.279094] kthread+0x337/0x6f0 [ 11.279113] ? trace_preempt_on+0x20/0xc0 [ 11.279136] ? __pfx_kthread+0x10/0x10 [ 11.279155] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.279176] ? calculate_sigpending+0x7b/0xa0 [ 11.279201] ? __pfx_kthread+0x10/0x10 [ 11.279221] ret_from_fork+0x116/0x1d0 [ 11.279239] ? __pfx_kthread+0x10/0x10 [ 11.279258] ret_from_fork_asm+0x1a/0x30 [ 11.279315] </TASK> [ 11.279378] [ 11.288976] Allocated by task 154: [ 11.289613] kasan_save_stack+0x45/0x70 [ 11.289848] kasan_save_track+0x18/0x40 [ 11.290029] kasan_save_alloc_info+0x3b/0x50 [ 11.290223] __kasan_kmalloc+0xb7/0xc0 [ 11.290398] __kmalloc_cache_noprof+0x189/0x420 [ 11.290964] kmalloc_oob_right+0xa9/0x7f0 [ 11.291284] kunit_try_run_case+0x1a5/0x480 [ 11.291694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.292091] kthread+0x337/0x6f0 [ 11.292260] ret_from_fork+0x116/0x1d0 [ 11.292643] ret_from_fork_asm+0x1a/0x30 [ 11.293146] [ 11.293331] The buggy address belongs to the object at ffff888102ae1000 [ 11.293331] which belongs to the cache kmalloc-128 of size 128 [ 11.294060] The buggy address is located 0 bytes to the right of [ 11.294060] allocated 115-byte region [ffff888102ae1000, ffff888102ae1073) [ 11.294906] [ 11.295224] The buggy address belongs to the physical page: [ 11.295626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae1 [ 11.296106] flags: 0x200000000000000(node=0|zone=2) [ 11.297329] page_type: f5(slab) [ 11.298315] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.298939] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.299344] page dumped because: kasan: bad access detected [ 11.299891] [ 11.300163] Memory state around the buggy address: [ 11.300878] ffff888102ae0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.301164] ffff888102ae0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.301670] >ffff888102ae1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.302134] ^ [ 11.302883] ffff888102ae1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.303319] ffff888102ae1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.304175] ==================================================================
[ 11.396149] ================================================================== [ 11.397239] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 11.398089] Write of size 1 at addr ffff8881029a6373 by task kunit_try_catch/153 [ 11.398394] [ 11.399445] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.399963] Tainted: [N]=TEST [ 11.399998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.400229] Call Trace: [ 11.400298] <TASK> [ 11.400451] dump_stack_lvl+0x73/0xb0 [ 11.400542] print_report+0xd1/0x610 [ 11.400571] ? __virt_addr_valid+0x1db/0x2d0 [ 11.400596] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.400616] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.400638] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.400659] kasan_report+0x141/0x180 [ 11.400681] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.400706] __asan_report_store1_noabort+0x1b/0x30 [ 11.400731] kmalloc_oob_right+0x6f0/0x7f0 [ 11.400752] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.400774] ? __schedule+0x10cc/0x2b60 [ 11.400797] ? __pfx_read_tsc+0x10/0x10 [ 11.400819] ? ktime_get_ts64+0x86/0x230 [ 11.400845] kunit_try_run_case+0x1a5/0x480 [ 11.400878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.400900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.400924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.400947] ? __kthread_parkme+0x82/0x180 [ 11.400968] ? preempt_count_sub+0x50/0x80 [ 11.400992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.401027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.401050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.401074] kthread+0x337/0x6f0 [ 11.401092] ? trace_preempt_on+0x20/0xc0 [ 11.401116] ? __pfx_kthread+0x10/0x10 [ 11.401135] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.401156] ? calculate_sigpending+0x7b/0xa0 [ 11.401181] ? __pfx_kthread+0x10/0x10 [ 11.401201] ret_from_fork+0x116/0x1d0 [ 11.401220] ? __pfx_kthread+0x10/0x10 [ 11.401239] ret_from_fork_asm+0x1a/0x30 [ 11.401293] </TASK> [ 11.401356] [ 11.410427] Allocated by task 153: [ 11.410765] kasan_save_stack+0x45/0x70 [ 11.411031] kasan_save_track+0x18/0x40 [ 11.411251] kasan_save_alloc_info+0x3b/0x50 [ 11.411409] __kasan_kmalloc+0xb7/0xc0 [ 11.411629] __kmalloc_cache_noprof+0x189/0x420 [ 11.411859] kmalloc_oob_right+0xa9/0x7f0 [ 11.412046] kunit_try_run_case+0x1a5/0x480 [ 11.412253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.412547] kthread+0x337/0x6f0 [ 11.412719] ret_from_fork+0x116/0x1d0 [ 11.412885] ret_from_fork_asm+0x1a/0x30 [ 11.413073] [ 11.413209] The buggy address belongs to the object at ffff8881029a6300 [ 11.413209] which belongs to the cache kmalloc-128 of size 128 [ 11.413894] The buggy address is located 0 bytes to the right of [ 11.413894] allocated 115-byte region [ffff8881029a6300, ffff8881029a6373) [ 11.414481] [ 11.414657] The buggy address belongs to the physical page: [ 11.415087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a6 [ 11.415714] flags: 0x200000000000000(node=0|zone=2) [ 11.416357] page_type: f5(slab) [ 11.416963] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.417236] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.417821] page dumped because: kasan: bad access detected [ 11.418058] [ 11.418180] Memory state around the buggy address: [ 11.418581] ffff8881029a6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.419051] ffff8881029a6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.419392] >ffff8881029a6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.419747] ^ [ 11.420101] ffff8881029a6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.420404] ffff8881029a6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.420734] ================================================================== [ 11.421977] ================================================================== [ 11.422481] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 11.422816] Write of size 1 at addr ffff8881029a6378 by task kunit_try_catch/153 [ 11.423119] [ 11.423279] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.423324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.423335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.423359] Call Trace: [ 11.423378] <TASK> [ 11.423397] dump_stack_lvl+0x73/0xb0 [ 11.423427] print_report+0xd1/0x610 [ 11.423449] ? __virt_addr_valid+0x1db/0x2d0 [ 11.423472] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.423493] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.423516] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.423537] kasan_report+0x141/0x180 [ 11.423558] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.423584] __asan_report_store1_noabort+0x1b/0x30 [ 11.423608] kmalloc_oob_right+0x6bd/0x7f0 [ 11.423630] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.423651] ? __schedule+0x10cc/0x2b60 [ 11.423695] ? __pfx_read_tsc+0x10/0x10 [ 11.423716] ? ktime_get_ts64+0x86/0x230 [ 11.423740] kunit_try_run_case+0x1a5/0x480 [ 11.423775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.423797] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.423820] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.423843] ? __kthread_parkme+0x82/0x180 [ 11.423863] ? preempt_count_sub+0x50/0x80 [ 11.423886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.423909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.423932] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.423955] kthread+0x337/0x6f0 [ 11.423973] ? trace_preempt_on+0x20/0xc0 [ 11.423996] ? __pfx_kthread+0x10/0x10 [ 11.424023] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.424044] ? calculate_sigpending+0x7b/0xa0 [ 11.424067] ? __pfx_kthread+0x10/0x10 [ 11.424087] ret_from_fork+0x116/0x1d0 [ 11.424105] ? __pfx_kthread+0x10/0x10 [ 11.424124] ret_from_fork_asm+0x1a/0x30 [ 11.424163] </TASK> [ 11.424173] [ 11.431071] Allocated by task 153: [ 11.431210] kasan_save_stack+0x45/0x70 [ 11.431419] kasan_save_track+0x18/0x40 [ 11.431620] kasan_save_alloc_info+0x3b/0x50 [ 11.431859] __kasan_kmalloc+0xb7/0xc0 [ 11.432051] __kmalloc_cache_noprof+0x189/0x420 [ 11.432266] kmalloc_oob_right+0xa9/0x7f0 [ 11.432466] kunit_try_run_case+0x1a5/0x480 [ 11.432657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.432908] kthread+0x337/0x6f0 [ 11.433083] ret_from_fork+0x116/0x1d0 [ 11.433274] ret_from_fork_asm+0x1a/0x30 [ 11.433489] [ 11.433589] The buggy address belongs to the object at ffff8881029a6300 [ 11.433589] which belongs to the cache kmalloc-128 of size 128 [ 11.434096] The buggy address is located 5 bytes to the right of [ 11.434096] allocated 115-byte region [ffff8881029a6300, ffff8881029a6373) [ 11.434619] [ 11.434725] The buggy address belongs to the physical page: [ 11.434953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a6 [ 11.435293] flags: 0x200000000000000(node=0|zone=2) [ 11.435591] page_type: f5(slab) [ 11.435735] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.435970] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.436208] page dumped because: kasan: bad access detected [ 11.436378] [ 11.436446] Memory state around the buggy address: [ 11.436636] ffff8881029a6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.437021] ffff8881029a6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.437353] >ffff8881029a6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.437657] ^ [ 11.437882] ffff8881029a6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.438105] ffff8881029a6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.438318] ================================================================== [ 11.438924] ================================================================== [ 11.439515] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 11.439939] Read of size 1 at addr ffff8881029a6380 by task kunit_try_catch/153 [ 11.440282] [ 11.440394] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.440448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.440458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.440482] Call Trace: [ 11.440500] <TASK> [ 11.440530] dump_stack_lvl+0x73/0xb0 [ 11.440567] print_report+0xd1/0x610 [ 11.440589] ? __virt_addr_valid+0x1db/0x2d0 [ 11.440611] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.440642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.440664] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.440685] kasan_report+0x141/0x180 [ 11.440706] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.440731] __asan_report_load1_noabort+0x18/0x20 [ 11.440754] kmalloc_oob_right+0x68a/0x7f0 [ 11.440776] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.440797] ? __schedule+0x10cc/0x2b60 [ 11.440819] ? __pfx_read_tsc+0x10/0x10 [ 11.440839] ? ktime_get_ts64+0x86/0x230 [ 11.440867] kunit_try_run_case+0x1a5/0x480 [ 11.440891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.440912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.440935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.440958] ? __kthread_parkme+0x82/0x180 [ 11.440978] ? preempt_count_sub+0x50/0x80 [ 11.441002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.441033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.441056] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.441079] kthread+0x337/0x6f0 [ 11.441097] ? trace_preempt_on+0x20/0xc0 [ 11.441119] ? __pfx_kthread+0x10/0x10 [ 11.441138] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.441159] ? calculate_sigpending+0x7b/0xa0 [ 11.441182] ? __pfx_kthread+0x10/0x10 [ 11.441202] ret_from_fork+0x116/0x1d0 [ 11.441220] ? __pfx_kthread+0x10/0x10 [ 11.441239] ret_from_fork_asm+0x1a/0x30 [ 11.441269] </TASK> [ 11.441278] [ 11.448183] Allocated by task 153: [ 11.448311] kasan_save_stack+0x45/0x70 [ 11.448507] kasan_save_track+0x18/0x40 [ 11.448696] kasan_save_alloc_info+0x3b/0x50 [ 11.448929] __kasan_kmalloc+0xb7/0xc0 [ 11.449119] __kmalloc_cache_noprof+0x189/0x420 [ 11.449336] kmalloc_oob_right+0xa9/0x7f0 [ 11.449556] kunit_try_run_case+0x1a5/0x480 [ 11.449758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.449976] kthread+0x337/0x6f0 [ 11.450167] ret_from_fork+0x116/0x1d0 [ 11.450316] ret_from_fork_asm+0x1a/0x30 [ 11.450570] [ 11.450667] The buggy address belongs to the object at ffff8881029a6300 [ 11.450667] which belongs to the cache kmalloc-128 of size 128 [ 11.451132] The buggy address is located 13 bytes to the right of [ 11.451132] allocated 115-byte region [ffff8881029a6300, ffff8881029a6373) [ 11.451715] [ 11.451830] The buggy address belongs to the physical page: [ 11.452072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a6 [ 11.452403] flags: 0x200000000000000(node=0|zone=2) [ 11.452585] page_type: f5(slab) [ 11.452778] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.453055] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.453281] page dumped because: kasan: bad access detected [ 11.453450] [ 11.453518] Memory state around the buggy address: [ 11.453671] ffff8881029a6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.453885] ffff8881029a6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.454108] >ffff8881029a6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.454319] ^ [ 11.454433] ffff8881029a6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.454726] ffff8881029a6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.455379] ==================================================================
[ 11.441672] ================================================================== [ 11.442689] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 11.443803] Write of size 1 at addr ffff888102988573 by task kunit_try_catch/153 [ 11.444640] [ 11.445795] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.446176] Tainted: [N]=TEST [ 11.446208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.446424] Call Trace: [ 11.446489] <TASK> [ 11.446653] dump_stack_lvl+0x73/0xb0 [ 11.446744] print_report+0xd1/0x610 [ 11.446781] ? __virt_addr_valid+0x1db/0x2d0 [ 11.446806] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.446827] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.446849] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.446871] kasan_report+0x141/0x180 [ 11.446903] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.446930] __asan_report_store1_noabort+0x1b/0x30 [ 11.446954] kmalloc_oob_right+0x6f0/0x7f0 [ 11.446995] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.447018] ? __schedule+0x10cc/0x2b60 [ 11.447041] ? __pfx_read_tsc+0x10/0x10 [ 11.447062] ? ktime_get_ts64+0x86/0x230 [ 11.447088] kunit_try_run_case+0x1a5/0x480 [ 11.447115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.447136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.447161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.447184] ? __kthread_parkme+0x82/0x180 [ 11.447205] ? preempt_count_sub+0x50/0x80 [ 11.447231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.447255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.447280] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.447306] kthread+0x337/0x6f0 [ 11.447325] ? trace_preempt_on+0x20/0xc0 [ 11.447349] ? __pfx_kthread+0x10/0x10 [ 11.447368] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.447390] ? calculate_sigpending+0x7b/0xa0 [ 11.447415] ? __pfx_kthread+0x10/0x10 [ 11.447436] ret_from_fork+0x116/0x1d0 [ 11.447456] ? __pfx_kthread+0x10/0x10 [ 11.447476] ret_from_fork_asm+0x1a/0x30 [ 11.447555] </TASK> [ 11.447623] [ 11.456284] Allocated by task 153: [ 11.456543] kasan_save_stack+0x45/0x70 [ 11.456820] kasan_save_track+0x18/0x40 [ 11.457062] kasan_save_alloc_info+0x3b/0x50 [ 11.457275] __kasan_kmalloc+0xb7/0xc0 [ 11.457460] __kmalloc_cache_noprof+0x189/0x420 [ 11.457743] kmalloc_oob_right+0xa9/0x7f0 [ 11.457964] kunit_try_run_case+0x1a5/0x480 [ 11.458184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.458510] kthread+0x337/0x6f0 [ 11.458749] ret_from_fork+0x116/0x1d0 [ 11.458951] ret_from_fork_asm+0x1a/0x30 [ 11.459204] [ 11.459350] The buggy address belongs to the object at ffff888102988500 [ 11.459350] which belongs to the cache kmalloc-128 of size 128 [ 11.460293] The buggy address is located 0 bytes to the right of [ 11.460293] allocated 115-byte region [ffff888102988500, ffff888102988573) [ 11.460823] [ 11.461570] The buggy address belongs to the physical page: [ 11.462611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102988 [ 11.463358] flags: 0x200000000000000(node=0|zone=2) [ 11.464187] page_type: f5(slab) [ 11.464681] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.465064] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.465457] page dumped because: kasan: bad access detected [ 11.465688] [ 11.465829] Memory state around the buggy address: [ 11.466363] ffff888102988400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.466709] ffff888102988480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.467020] >ffff888102988500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.467307] ^ [ 11.467644] ffff888102988580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.467990] ffff888102988600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.468286] ================================================================== [ 11.489330] ================================================================== [ 11.490003] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 11.490664] Read of size 1 at addr ffff888102988580 by task kunit_try_catch/153 [ 11.491342] [ 11.491513] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.491554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.491564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.491585] Call Trace: [ 11.491598] <TASK> [ 11.491614] dump_stack_lvl+0x73/0xb0 [ 11.491641] print_report+0xd1/0x610 [ 11.491662] ? __virt_addr_valid+0x1db/0x2d0 [ 11.491685] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.491706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.491728] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.491750] kasan_report+0x141/0x180 [ 11.491771] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.491799] __asan_report_load1_noabort+0x18/0x20 [ 11.491822] kmalloc_oob_right+0x68a/0x7f0 [ 11.491844] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.491866] ? __schedule+0x10cc/0x2b60 [ 11.491889] ? __pfx_read_tsc+0x10/0x10 [ 11.491922] ? ktime_get_ts64+0x86/0x230 [ 11.491948] kunit_try_run_case+0x1a5/0x480 [ 11.491971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.491992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.492016] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.492039] ? __kthread_parkme+0x82/0x180 [ 11.492059] ? preempt_count_sub+0x50/0x80 [ 11.492083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.492106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.492129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.492153] kthread+0x337/0x6f0 [ 11.492171] ? trace_preempt_on+0x20/0xc0 [ 11.492194] ? __pfx_kthread+0x10/0x10 [ 11.492213] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.492234] ? calculate_sigpending+0x7b/0xa0 [ 11.492258] ? __pfx_kthread+0x10/0x10 [ 11.492279] ret_from_fork+0x116/0x1d0 [ 11.492296] ? __pfx_kthread+0x10/0x10 [ 11.492316] ret_from_fork_asm+0x1a/0x30 [ 11.492347] </TASK> [ 11.492357] [ 11.509719] Allocated by task 153: [ 11.510170] kasan_save_stack+0x45/0x70 [ 11.510333] kasan_save_track+0x18/0x40 [ 11.510919] kasan_save_alloc_info+0x3b/0x50 [ 11.511488] __kasan_kmalloc+0xb7/0xc0 [ 11.512002] __kmalloc_cache_noprof+0x189/0x420 [ 11.512439] kmalloc_oob_right+0xa9/0x7f0 [ 11.512931] kunit_try_run_case+0x1a5/0x480 [ 11.513289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.514007] kthread+0x337/0x6f0 [ 11.514167] ret_from_fork+0x116/0x1d0 [ 11.514755] ret_from_fork_asm+0x1a/0x30 [ 11.515204] [ 11.515290] The buggy address belongs to the object at ffff888102988500 [ 11.515290] which belongs to the cache kmalloc-128 of size 128 [ 11.516199] The buggy address is located 13 bytes to the right of [ 11.516199] allocated 115-byte region [ffff888102988500, ffff888102988573) [ 11.517382] [ 11.517462] The buggy address belongs to the physical page: [ 11.517996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102988 [ 11.518446] flags: 0x200000000000000(node=0|zone=2) [ 11.518963] page_type: f5(slab) [ 11.519403] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.520273] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.520875] page dumped because: kasan: bad access detected [ 11.521377] [ 11.521559] Memory state around the buggy address: [ 11.522173] ffff888102988480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.522802] ffff888102988500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.523518] >ffff888102988580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.523796] ^ [ 11.524343] ffff888102988600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.525180] ffff888102988680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.525994] ================================================================== [ 11.469432] ================================================================== [ 11.469791] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 11.470110] Write of size 1 at addr ffff888102988578 by task kunit_try_catch/153 [ 11.470456] [ 11.470587] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.470632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.470644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.470664] Call Trace: [ 11.470675] <TASK> [ 11.470691] dump_stack_lvl+0x73/0xb0 [ 11.470719] print_report+0xd1/0x610 [ 11.470741] ? __virt_addr_valid+0x1db/0x2d0 [ 11.470768] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.470789] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.470811] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.470832] kasan_report+0x141/0x180 [ 11.470854] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.470881] __asan_report_store1_noabort+0x1b/0x30 [ 11.470916] kmalloc_oob_right+0x6bd/0x7f0 [ 11.470938] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.470961] ? __schedule+0x10cc/0x2b60 [ 11.470983] ? __pfx_read_tsc+0x10/0x10 [ 11.471003] ? ktime_get_ts64+0x86/0x230 [ 11.471029] kunit_try_run_case+0x1a5/0x480 [ 11.471053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.471075] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.471099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.471122] ? __kthread_parkme+0x82/0x180 [ 11.471142] ? preempt_count_sub+0x50/0x80 [ 11.471167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.471190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.471213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.471236] kthread+0x337/0x6f0 [ 11.471255] ? trace_preempt_on+0x20/0xc0 [ 11.471279] ? __pfx_kthread+0x10/0x10 [ 11.471298] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.471319] ? calculate_sigpending+0x7b/0xa0 [ 11.471343] ? __pfx_kthread+0x10/0x10 [ 11.471363] ret_from_fork+0x116/0x1d0 [ 11.471381] ? __pfx_kthread+0x10/0x10 [ 11.471401] ret_from_fork_asm+0x1a/0x30 [ 11.471432] </TASK> [ 11.471442] [ 11.477922] Allocated by task 153: [ 11.478128] kasan_save_stack+0x45/0x70 [ 11.478343] kasan_save_track+0x18/0x40 [ 11.478685] kasan_save_alloc_info+0x3b/0x50 [ 11.479131] __kasan_kmalloc+0xb7/0xc0 [ 11.479267] __kmalloc_cache_noprof+0x189/0x420 [ 11.479422] kmalloc_oob_right+0xa9/0x7f0 [ 11.479851] kunit_try_run_case+0x1a5/0x480 [ 11.480279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.481007] kthread+0x337/0x6f0 [ 11.481343] ret_from_fork+0x116/0x1d0 [ 11.481726] ret_from_fork_asm+0x1a/0x30 [ 11.481877] [ 11.481957] The buggy address belongs to the object at ffff888102988500 [ 11.481957] which belongs to the cache kmalloc-128 of size 128 [ 11.482314] The buggy address is located 5 bytes to the right of [ 11.482314] allocated 115-byte region [ffff888102988500, ffff888102988573) [ 11.482681] [ 11.482751] The buggy address belongs to the physical page: [ 11.482942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102988 [ 11.483183] flags: 0x200000000000000(node=0|zone=2) [ 11.483345] page_type: f5(slab) [ 11.483464] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.483695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.484159] page dumped because: kasan: bad access detected [ 11.484612] [ 11.484765] Memory state around the buggy address: [ 11.485099] ffff888102988400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.485317] ffff888102988480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.485532] >ffff888102988500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.485929] ^ [ 11.486796] ffff888102988580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.487451] ffff888102988600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.488279] ==================================================================