Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 16.812841] ================================================================== [ 16.812906] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 16.813201] Write of size 16 at addr fff00000c1376ba0 by task kunit_try_catch/167 [ 16.813265] [ 16.813746] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.813970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.814002] Hardware name: linux,dummy-virt (DT) [ 16.814054] Call trace: [ 16.814075] show_stack+0x20/0x38 (C) [ 16.814325] dump_stack_lvl+0x8c/0xd0 [ 16.814393] print_report+0x118/0x608 [ 16.814438] kasan_report+0xdc/0x128 [ 16.814664] __asan_report_store16_noabort+0x20/0x30 [ 16.814835] kmalloc_oob_16+0x3a0/0x3f8 [ 16.814878] kunit_try_run_case+0x170/0x3f0 [ 16.814935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.814985] kthread+0x328/0x630 [ 16.815025] ret_from_fork+0x10/0x20 [ 16.815071] [ 16.815088] Allocated by task 167: [ 16.815115] kasan_save_stack+0x3c/0x68 [ 16.815153] kasan_save_track+0x20/0x40 [ 16.815189] kasan_save_alloc_info+0x40/0x58 [ 16.815227] __kasan_kmalloc+0xd4/0xd8 [ 16.815261] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.815298] kmalloc_oob_16+0xb4/0x3f8 [ 16.815333] kunit_try_run_case+0x170/0x3f0 [ 16.815369] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.815731] kthread+0x328/0x630 [ 16.815781] ret_from_fork+0x10/0x20 [ 16.815827] [ 16.815932] The buggy address belongs to the object at fff00000c1376ba0 [ 16.815932] which belongs to the cache kmalloc-16 of size 16 [ 16.816074] The buggy address is located 0 bytes inside of [ 16.816074] allocated 13-byte region [fff00000c1376ba0, fff00000c1376bad) [ 16.816196] [ 16.816217] The buggy address belongs to the physical page: [ 16.816245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101376 [ 16.816618] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.816803] page_type: f5(slab) [ 16.816889] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.816949] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.816987] page dumped because: kasan: bad access detected [ 16.817184] [ 16.817210] Memory state around the buggy address: [ 16.817242] fff00000c1376a80: fa fb fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 16.817624] fff00000c1376b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 16.817692] >fff00000c1376b80: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 16.817760] ^ [ 16.817793] fff00000c1376c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.817899] fff00000c1376c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.817946] ==================================================================
[ 13.315189] ================================================================== [ 13.315670] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 13.316423] Write of size 16 at addr ffff8881024eb3e0 by task kunit_try_catch/184 [ 13.316820] [ 13.317369] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.317442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.317455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.317474] Call Trace: [ 13.317486] <TASK> [ 13.317505] dump_stack_lvl+0x73/0xb0 [ 13.317556] print_report+0xd1/0x650 [ 13.317592] ? __virt_addr_valid+0x1db/0x2d0 [ 13.317647] ? kmalloc_oob_16+0x452/0x4a0 [ 13.317680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.317722] ? kmalloc_oob_16+0x452/0x4a0 [ 13.317757] kasan_report+0x141/0x180 [ 13.317794] ? kmalloc_oob_16+0x452/0x4a0 [ 13.317837] __asan_report_store16_noabort+0x1b/0x30 [ 13.317865] kmalloc_oob_16+0x452/0x4a0 [ 13.317883] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 13.317903] ? __schedule+0x10cc/0x2b60 [ 13.317933] ? __pfx_read_tsc+0x10/0x10 [ 13.317953] ? ktime_get_ts64+0x86/0x230 [ 13.317977] kunit_try_run_case+0x1a5/0x480 [ 13.317999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.318018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.318038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.318058] ? __kthread_parkme+0x82/0x180 [ 13.318076] ? preempt_count_sub+0x50/0x80 [ 13.318097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.318129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.318157] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.318190] kthread+0x337/0x6f0 [ 13.318223] ? trace_preempt_on+0x20/0xc0 [ 13.318263] ? __pfx_kthread+0x10/0x10 [ 13.318300] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.318336] ? calculate_sigpending+0x7b/0xa0 [ 13.318380] ? __pfx_kthread+0x10/0x10 [ 13.318420] ret_from_fork+0x116/0x1d0 [ 13.318456] ? __pfx_kthread+0x10/0x10 [ 13.318494] ret_from_fork_asm+0x1a/0x30 [ 13.318543] </TASK> [ 13.318561] [ 13.329712] Allocated by task 184: [ 13.331131] kasan_save_stack+0x45/0x70 [ 13.331461] kasan_save_track+0x18/0x40 [ 13.331893] kasan_save_alloc_info+0x3b/0x50 [ 13.332205] __kasan_kmalloc+0xb7/0xc0 [ 13.332603] __kmalloc_cache_noprof+0x189/0x420 [ 13.333325] kmalloc_oob_16+0xa8/0x4a0 [ 13.333778] kunit_try_run_case+0x1a5/0x480 [ 13.334203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.334974] kthread+0x337/0x6f0 [ 13.335299] ret_from_fork+0x116/0x1d0 [ 13.335865] ret_from_fork_asm+0x1a/0x30 [ 13.336241] [ 13.336349] The buggy address belongs to the object at ffff8881024eb3e0 [ 13.336349] which belongs to the cache kmalloc-16 of size 16 [ 13.337187] The buggy address is located 0 bytes inside of [ 13.337187] allocated 13-byte region [ffff8881024eb3e0, ffff8881024eb3ed) [ 13.337762] [ 13.337955] The buggy address belongs to the physical page: [ 13.338364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024eb [ 13.338934] flags: 0x200000000000000(node=0|zone=2) [ 13.339312] page_type: f5(slab) [ 13.340057] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.340348] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.341013] page dumped because: kasan: bad access detected [ 13.341344] [ 13.341501] Memory state around the buggy address: [ 13.342005] ffff8881024eb280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.342436] ffff8881024eb300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.342959] >ffff8881024eb380: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.343424] ^ [ 13.344191] ffff8881024eb400: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.344565] ffff8881024eb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.345023] ==================================================================
[ 13.490779] ================================================================== [ 13.491383] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 13.491817] Write of size 16 at addr ffff888102873080 by task kunit_try_catch/183 [ 13.492180] [ 13.492306] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.492378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.492390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.492431] Call Trace: [ 13.492444] <TASK> [ 13.492461] dump_stack_lvl+0x73/0xb0 [ 13.492490] print_report+0xd1/0x650 [ 13.492513] ? __virt_addr_valid+0x1db/0x2d0 [ 13.492554] ? kmalloc_oob_16+0x452/0x4a0 [ 13.492575] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.492601] ? kmalloc_oob_16+0x452/0x4a0 [ 13.492622] kasan_report+0x141/0x180 [ 13.492645] ? kmalloc_oob_16+0x452/0x4a0 [ 13.492671] __asan_report_store16_noabort+0x1b/0x30 [ 13.492696] kmalloc_oob_16+0x452/0x4a0 [ 13.492717] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 13.492742] ? __schedule+0x10cc/0x2b60 [ 13.492764] ? __pfx_read_tsc+0x10/0x10 [ 13.492877] ? ktime_get_ts64+0x86/0x230 [ 13.492903] kunit_try_run_case+0x1a5/0x480 [ 13.492928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.492950] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.492991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.493016] ? __kthread_parkme+0x82/0x180 [ 13.493062] ? preempt_count_sub+0x50/0x80 [ 13.493087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.493111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.493134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.493157] kthread+0x337/0x6f0 [ 13.493177] ? trace_preempt_on+0x20/0xc0 [ 13.493200] ? __pfx_kthread+0x10/0x10 [ 13.493221] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.493243] ? calculate_sigpending+0x7b/0xa0 [ 13.493267] ? __pfx_kthread+0x10/0x10 [ 13.493289] ret_from_fork+0x116/0x1d0 [ 13.493308] ? __pfx_kthread+0x10/0x10 [ 13.493329] ret_from_fork_asm+0x1a/0x30 [ 13.493361] </TASK> [ 13.493373] [ 13.502245] Allocated by task 183: [ 13.502515] kasan_save_stack+0x45/0x70 [ 13.502826] kasan_save_track+0x18/0x40 [ 13.503014] kasan_save_alloc_info+0x3b/0x50 [ 13.503254] __kasan_kmalloc+0xb7/0xc0 [ 13.503497] __kmalloc_cache_noprof+0x189/0x420 [ 13.503823] kmalloc_oob_16+0xa8/0x4a0 [ 13.504062] kunit_try_run_case+0x1a5/0x480 [ 13.504390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.504663] kthread+0x337/0x6f0 [ 13.504915] ret_from_fork+0x116/0x1d0 [ 13.505167] ret_from_fork_asm+0x1a/0x30 [ 13.505367] [ 13.505444] The buggy address belongs to the object at ffff888102873080 [ 13.505444] which belongs to the cache kmalloc-16 of size 16 [ 13.505906] The buggy address is located 0 bytes inside of [ 13.505906] allocated 13-byte region [ffff888102873080, ffff88810287308d) [ 13.506464] [ 13.506586] The buggy address belongs to the physical page: [ 13.506857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102873 [ 13.507316] flags: 0x200000000000000(node=0|zone=2) [ 13.507590] page_type: f5(slab) [ 13.507864] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.508204] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.508436] page dumped because: kasan: bad access detected [ 13.508688] [ 13.508840] Memory state around the buggy address: [ 13.509177] ffff888102872f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.509479] ffff888102873000: 00 01 fc fc 00 04 fc fc 00 04 fc fc fa fb fc fc [ 13.509844] >ffff888102873080: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.510165] ^ [ 13.510294] ffff888102873100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.510937] ffff888102873180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.511377] ==================================================================
[ 23.895081] ================================================================== [ 23.905706] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 23.912408] Write of size 16 at addr ffff888106713140 by task kunit_try_catch/207 [ 23.919894] [ 23.921410] CPU: 3 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 23.921419] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 23.921421] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 23.921424] Call Trace: [ 23.921426] <TASK> [ 23.921428] dump_stack_lvl+0x73/0xb0 [ 23.921433] print_report+0xd1/0x650 [ 23.921437] ? __virt_addr_valid+0x1db/0x2d0 [ 23.921441] ? kmalloc_oob_16+0x452/0x4a0 [ 23.921445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.921450] ? kmalloc_oob_16+0x452/0x4a0 [ 23.921453] kasan_report+0x141/0x180 [ 23.921457] ? kmalloc_oob_16+0x452/0x4a0 [ 23.921462] __asan_report_store16_noabort+0x1b/0x30 [ 23.921467] kmalloc_oob_16+0x452/0x4a0 [ 23.921470] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.921474] ? __schedule+0x10cc/0x2b60 [ 23.921478] ? ktime_get_ts64+0x83/0x230 [ 23.921483] kunit_try_run_case+0x1a2/0x480 [ 23.921487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.921491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.921495] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.921500] ? __kthread_parkme+0x82/0x180 [ 23.921503] ? preempt_count_sub+0x50/0x80 [ 23.921507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.921512] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 23.921516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.921520] kthread+0x334/0x6f0 [ 23.921523] ? trace_preempt_on+0x20/0xc0 [ 23.921527] ? __pfx_kthread+0x10/0x10 [ 23.921531] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.921535] ? calculate_sigpending+0x7b/0xa0 [ 23.921539] ? __pfx_kthread+0x10/0x10 [ 23.921543] ret_from_fork+0x113/0x1d0 [ 23.921546] ? __pfx_kthread+0x10/0x10 [ 23.921550] ret_from_fork_asm+0x1a/0x30 [ 23.921556] </TASK> [ 23.921557] [ 24.085243] Allocated by task 207: [ 24.088651] kasan_save_stack+0x45/0x70 [ 24.092491] kasan_save_track+0x18/0x40 [ 24.096328] kasan_save_alloc_info+0x3b/0x50 [ 24.100627] __kasan_kmalloc+0xb7/0xc0 [ 24.104417] __kmalloc_cache_noprof+0x189/0x420 [ 24.108972] kmalloc_oob_16+0xa8/0x4a0 [ 24.112726] kunit_try_run_case+0x1a2/0x480 [ 24.116911] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 24.122311] kthread+0x334/0x6f0 [ 24.125543] ret_from_fork+0x113/0x1d0 [ 24.129298] ret_from_fork_asm+0x1a/0x30 [ 24.133224] [ 24.134721] The buggy address belongs to the object at ffff888106713140 [ 24.134721] which belongs to the cache kmalloc-16 of size 16 [ 24.147054] The buggy address is located 0 bytes inside of [ 24.147054] allocated 13-byte region [ffff888106713140, ffff88810671314d) [ 24.159420] [ 24.160923] The buggy address belongs to the physical page: [ 24.166495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106713 [ 24.174504] flags: 0x200000000000000(node=0|zone=2) [ 24.179415] page_type: f5(slab) [ 24.182590] raw: 0200000000000000 ffff888100042640 dead000000000122 0000000000000000 [ 24.190378] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.198127] page dumped because: kasan: bad access detected [ 24.203700] [ 24.205199] Memory state around the buggy address: [ 24.209992] ffff888106713000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.217211] ffff888106713080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.224452] >ffff888106713100: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 24.231674] ^ [ 24.237248] ffff888106713180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.244469] ffff888106713200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.251689] ==================================================================