Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.558252] ================================================================== [ 15.558314] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 15.558366] Read of size 1 at addr fff00000c5ed5000 by task kunit_try_catch/141 [ 15.558415] [ 15.558448] CPU: 0 UID: 0 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.558529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.558554] Hardware name: linux,dummy-virt (DT) [ 15.558584] Call trace: [ 15.558605] show_stack+0x20/0x38 (C) [ 15.558652] dump_stack_lvl+0x8c/0xd0 [ 15.558698] print_report+0x118/0x5d0 [ 15.558743] kasan_report+0xdc/0x128 [ 15.558786] __asan_report_load1_noabort+0x20/0x30 [ 15.558836] kmalloc_node_oob_right+0x2f4/0x330 [ 15.558882] kunit_try_run_case+0x170/0x3f0 [ 15.558928] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.558979] kthread+0x328/0x630 [ 15.559019] ret_from_fork+0x10/0x20 [ 15.559065] [ 15.559082] Allocated by task 141: [ 15.559109] kasan_save_stack+0x3c/0x68 [ 15.559147] kasan_save_track+0x20/0x40 [ 15.559182] kasan_save_alloc_info+0x40/0x58 [ 15.561265] __kasan_kmalloc+0xd4/0xd8 [ 15.561305] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 15.561346] kmalloc_node_oob_right+0xbc/0x330 [ 15.561446] kunit_try_run_case+0x170/0x3f0 [ 15.561483] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.561525] kthread+0x328/0x630 [ 15.561557] ret_from_fork+0x10/0x20 [ 15.562367] [ 15.562391] The buggy address belongs to the object at fff00000c5ed4000 [ 15.562391] which belongs to the cache kmalloc-4k of size 4096 [ 15.562450] The buggy address is located 0 bytes to the right of [ 15.562450] allocated 4096-byte region [fff00000c5ed4000, fff00000c5ed5000) [ 15.562716] [ 15.562738] The buggy address belongs to the physical page: [ 15.562813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ed0 [ 15.563610] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.563951] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.564037] page_type: f5(slab) [ 15.564975] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 15.565036] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 15.565111] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 15.565160] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 15.565227] head: 0bfffe0000000003 ffffc1ffc317b401 00000000ffffffff 00000000ffffffff [ 15.565278] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 15.565322] page dumped because: kasan: bad access detected [ 15.565352] [ 15.565370] Memory state around the buggy address: [ 15.565403] fff00000c5ed4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.565451] fff00000c5ed4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.565516] >fff00000c5ed5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.565556] ^ [ 15.565583] fff00000c5ed5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.565624] fff00000c5ed5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.565662] ==================================================================
[ 11.896424] ================================================================== [ 11.897671] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 11.898456] Read of size 1 at addr ffff888103a81000 by task kunit_try_catch/157 [ 11.899174] [ 11.899289] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 11.899336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.899348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.899369] Call Trace: [ 11.899384] <TASK> [ 11.899429] dump_stack_lvl+0x73/0xb0 [ 11.899473] print_report+0xd1/0x610 [ 11.899518] ? __virt_addr_valid+0x1db/0x2d0 [ 11.899734] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.899765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.899789] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.899813] kasan_report+0x141/0x180 [ 11.899835] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.899863] __asan_report_load1_noabort+0x18/0x20 [ 11.899888] kmalloc_node_oob_right+0x369/0x3c0 [ 11.899912] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 11.899938] ? __schedule+0x10cc/0x2b60 [ 11.899961] ? __pfx_read_tsc+0x10/0x10 [ 11.899983] ? ktime_get_ts64+0x86/0x230 [ 11.900007] kunit_try_run_case+0x1a5/0x480 [ 11.900032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.900055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.900079] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.900103] ? __kthread_parkme+0x82/0x180 [ 11.900123] ? preempt_count_sub+0x50/0x80 [ 11.900148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.900172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.900196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.900221] kthread+0x337/0x6f0 [ 11.900240] ? trace_preempt_on+0x20/0xc0 [ 11.900263] ? __pfx_kthread+0x10/0x10 [ 11.900287] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.900308] ? calculate_sigpending+0x7b/0xa0 [ 11.900333] ? __pfx_kthread+0x10/0x10 [ 11.900354] ret_from_fork+0x116/0x1d0 [ 11.900373] ? __pfx_kthread+0x10/0x10 [ 11.900410] ret_from_fork_asm+0x1a/0x30 [ 11.900441] </TASK> [ 11.900463] [ 11.915717] Allocated by task 157: [ 11.916157] kasan_save_stack+0x45/0x70 [ 11.916729] kasan_save_track+0x18/0x40 [ 11.917208] kasan_save_alloc_info+0x3b/0x50 [ 11.917798] __kasan_kmalloc+0xb7/0xc0 [ 11.918270] __kmalloc_cache_node_noprof+0x188/0x420 [ 11.918775] kmalloc_node_oob_right+0xab/0x3c0 [ 11.918943] kunit_try_run_case+0x1a5/0x480 [ 11.919086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.919257] kthread+0x337/0x6f0 [ 11.919374] ret_from_fork+0x116/0x1d0 [ 11.919656] ret_from_fork_asm+0x1a/0x30 [ 11.920408] [ 11.920637] The buggy address belongs to the object at ffff888103a80000 [ 11.920637] which belongs to the cache kmalloc-4k of size 4096 [ 11.921983] The buggy address is located 0 bytes to the right of [ 11.921983] allocated 4096-byte region [ffff888103a80000, ffff888103a81000) [ 11.922345] [ 11.922619] The buggy address belongs to the physical page: [ 11.923372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a80 [ 11.924689] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.925454] flags: 0x200000000000040(head|node=0|zone=2) [ 11.926147] page_type: f5(slab) [ 11.926640] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 11.927258] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 11.927538] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 11.927776] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 11.928011] head: 0200000000000003 ffffea00040ea001 00000000ffffffff 00000000ffffffff [ 11.928242] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 11.928504] page dumped because: kasan: bad access detected [ 11.928905] [ 11.929440] Memory state around the buggy address: [ 11.929775] ffff888103a80f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.930166] ffff888103a80f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.930677] >ffff888103a81000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.931060] ^ [ 11.931229] ffff888103a81080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.931755] ffff888103a81100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.932234] ==================================================================
[ 12.132159] ================================================================== [ 12.133307] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 12.133639] Read of size 1 at addr ffff888102a55000 by task kunit_try_catch/158 [ 12.134414] [ 12.134607] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.134673] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.134684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.134709] Call Trace: [ 12.134720] <TASK> [ 12.134738] dump_stack_lvl+0x73/0xb0 [ 12.134806] print_report+0xd1/0x610 [ 12.134864] ? __virt_addr_valid+0x1db/0x2d0 [ 12.134888] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.134912] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.134935] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.134959] kasan_report+0x141/0x180 [ 12.134981] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.135009] __asan_report_load1_noabort+0x18/0x20 [ 12.135036] kmalloc_node_oob_right+0x369/0x3c0 [ 12.135071] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 12.135098] ? __schedule+0x10cc/0x2b60 [ 12.135121] ? __pfx_read_tsc+0x10/0x10 [ 12.135143] ? ktime_get_ts64+0x86/0x230 [ 12.135168] kunit_try_run_case+0x1a5/0x480 [ 12.135194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.135217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.135241] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.135265] ? __kthread_parkme+0x82/0x180 [ 12.135285] ? preempt_count_sub+0x50/0x80 [ 12.135309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.135333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.135358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.135383] kthread+0x337/0x6f0 [ 12.135402] ? trace_preempt_on+0x20/0xc0 [ 12.135425] ? __pfx_kthread+0x10/0x10 [ 12.135445] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.135466] ? calculate_sigpending+0x7b/0xa0 [ 12.135491] ? __pfx_kthread+0x10/0x10 [ 12.135512] ret_from_fork+0x116/0x1d0 [ 12.135531] ? __pfx_kthread+0x10/0x10 [ 12.135551] ret_from_fork_asm+0x1a/0x30 [ 12.135582] </TASK> [ 12.135591] [ 12.149810] Allocated by task 158: [ 12.150300] kasan_save_stack+0x45/0x70 [ 12.150497] kasan_save_track+0x18/0x40 [ 12.150684] kasan_save_alloc_info+0x3b/0x50 [ 12.150884] __kasan_kmalloc+0xb7/0xc0 [ 12.151067] __kmalloc_cache_node_noprof+0x188/0x420 [ 12.151266] kmalloc_node_oob_right+0xab/0x3c0 [ 12.151486] kunit_try_run_case+0x1a5/0x480 [ 12.151681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.151859] kthread+0x337/0x6f0 [ 12.151984] ret_from_fork+0x116/0x1d0 [ 12.152234] ret_from_fork_asm+0x1a/0x30 [ 12.152571] [ 12.152676] The buggy address belongs to the object at ffff888102a54000 [ 12.152676] which belongs to the cache kmalloc-4k of size 4096 [ 12.153165] The buggy address is located 0 bytes to the right of [ 12.153165] allocated 4096-byte region [ffff888102a54000, ffff888102a55000) [ 12.153604] [ 12.153678] The buggy address belongs to the physical page: [ 12.153996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.154608] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.155164] flags: 0x200000000000040(head|node=0|zone=2) [ 12.155510] page_type: f5(slab) [ 12.155718] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.156004] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.156379] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.156794] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.157084] head: 0200000000000003 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.157496] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.157761] page dumped because: kasan: bad access detected [ 12.158015] [ 12.158123] Memory state around the buggy address: [ 12.158339] ffff888102a54f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.158588] ffff888102a54f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.158897] >ffff888102a55000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.159308] ^ [ 12.159530] ffff888102a55080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.159847] ffff888102a55100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.160272] ==================================================================