Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.852537] ================================================================== [ 15.852601] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 15.852649] Write of size 16 at addr fff00000c58094c0 by task kunit_try_catch/167 [ 15.852698] [ 15.852743] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.852831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.852858] Hardware name: linux,dummy-virt (DT) [ 15.852894] Call trace: [ 15.852915] show_stack+0x20/0x38 (C) [ 15.852962] dump_stack_lvl+0x8c/0xd0 [ 15.853013] print_report+0x118/0x5d0 [ 15.853059] kasan_report+0xdc/0x128 [ 15.853103] __asan_report_store16_noabort+0x20/0x30 [ 15.853154] kmalloc_oob_16+0x3a0/0x3f8 [ 15.853210] kunit_try_run_case+0x170/0x3f0 [ 15.853269] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.854159] kthread+0x328/0x630 [ 15.854236] ret_from_fork+0x10/0x20 [ 15.854284] [ 15.854302] Allocated by task 167: [ 15.854330] kasan_save_stack+0x3c/0x68 [ 15.854387] kasan_save_track+0x20/0x40 [ 15.854480] kasan_save_alloc_info+0x40/0x58 [ 15.854560] __kasan_kmalloc+0xd4/0xd8 [ 15.854871] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.855012] kmalloc_oob_16+0xb4/0x3f8 [ 15.855082] kunit_try_run_case+0x170/0x3f0 [ 15.855232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.855325] kthread+0x328/0x630 [ 15.855396] ret_from_fork+0x10/0x20 [ 15.855683] [ 15.855737] The buggy address belongs to the object at fff00000c58094c0 [ 15.855737] which belongs to the cache kmalloc-16 of size 16 [ 15.855902] The buggy address is located 0 bytes inside of [ 15.855902] allocated 13-byte region [fff00000c58094c0, fff00000c58094cd) [ 15.855987] [ 15.856028] The buggy address belongs to the physical page: [ 15.856126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105809 [ 15.856211] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.856347] page_type: f5(slab) [ 15.856404] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 15.856581] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.856649] page dumped because: kasan: bad access detected [ 15.856680] [ 15.856697] Memory state around the buggy address: [ 15.856878] fff00000c5809380: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 15.857007] fff00000c5809400: 00 00 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 15.857918] >fff00000c5809480: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 15.858751] ^ [ 15.858834] fff00000c5809500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.858926] fff00000c5809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.859014] ==================================================================
[ 16.661132] ================================================================== [ 16.661243] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 16.661295] Write of size 16 at addr fff00000c44aba20 by task kunit_try_catch/167 [ 16.661345] [ 16.661376] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.661588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.661632] Hardware name: linux,dummy-virt (DT) [ 16.661725] Call trace: [ 16.661764] show_stack+0x20/0x38 (C) [ 16.661830] dump_stack_lvl+0x8c/0xd0 [ 16.661934] print_report+0x118/0x5d0 [ 16.662016] kasan_report+0xdc/0x128 [ 16.662087] __asan_report_store16_noabort+0x20/0x30 [ 16.662155] kmalloc_oob_16+0x3a0/0x3f8 [ 16.662230] kunit_try_run_case+0x170/0x3f0 [ 16.662320] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.662390] kthread+0x328/0x630 [ 16.662432] ret_from_fork+0x10/0x20 [ 16.662478] [ 16.662512] Allocated by task 167: [ 16.662546] kasan_save_stack+0x3c/0x68 [ 16.662821] kasan_save_track+0x20/0x40 [ 16.662930] kasan_save_alloc_info+0x40/0x58 [ 16.663365] __kasan_kmalloc+0xd4/0xd8 [ 16.663427] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.663482] kmalloc_oob_16+0xb4/0x3f8 [ 16.663674] kunit_try_run_case+0x170/0x3f0 [ 16.663780] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.663857] kthread+0x328/0x630 [ 16.664140] ret_from_fork+0x10/0x20 [ 16.664240] [ 16.664284] The buggy address belongs to the object at fff00000c44aba20 [ 16.664284] which belongs to the cache kmalloc-16 of size 16 [ 16.664344] The buggy address is located 0 bytes inside of [ 16.664344] allocated 13-byte region [fff00000c44aba20, fff00000c44aba2d) [ 16.664427] [ 16.664447] The buggy address belongs to the physical page: [ 16.664476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044ab [ 16.664531] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.664578] page_type: f5(slab) [ 16.664753] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.664824] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.664932] page dumped because: kasan: bad access detected [ 16.665017] [ 16.665034] Memory state around the buggy address: [ 16.665164] fff00000c44ab900: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 16.665496] fff00000c44ab980: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 16.665549] >fff00000c44aba00: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 16.665587] ^ [ 16.665873] fff00000c44aba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.665948] fff00000c44abb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.666004] ==================================================================
[ 12.570364] ================================================================== [ 12.570769] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 12.571124] Write of size 16 at addr ffff8881026761a0 by task kunit_try_catch/183 [ 12.571460] [ 12.571780] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.571841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.571853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.571886] Call Trace: [ 12.571897] <TASK> [ 12.571912] dump_stack_lvl+0x73/0xb0 [ 12.571944] print_report+0xd1/0x610 [ 12.571967] ? __virt_addr_valid+0x1db/0x2d0 [ 12.571989] ? kmalloc_oob_16+0x452/0x4a0 [ 12.572009] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.572033] ? kmalloc_oob_16+0x452/0x4a0 [ 12.572054] kasan_report+0x141/0x180 [ 12.572075] ? kmalloc_oob_16+0x452/0x4a0 [ 12.572110] __asan_report_store16_noabort+0x1b/0x30 [ 12.572136] kmalloc_oob_16+0x452/0x4a0 [ 12.572168] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 12.572190] ? __schedule+0x10cc/0x2b60 [ 12.572212] ? __pfx_read_tsc+0x10/0x10 [ 12.572234] ? ktime_get_ts64+0x86/0x230 [ 12.572268] kunit_try_run_case+0x1a5/0x480 [ 12.572297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.572320] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.572355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.572379] ? __kthread_parkme+0x82/0x180 [ 12.572399] ? preempt_count_sub+0x50/0x80 [ 12.572423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.572457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.572491] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.572516] kthread+0x337/0x6f0 [ 12.572535] ? trace_preempt_on+0x20/0xc0 [ 12.572644] ? __pfx_kthread+0x10/0x10 [ 12.572670] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.572693] ? calculate_sigpending+0x7b/0xa0 [ 12.572719] ? __pfx_kthread+0x10/0x10 [ 12.572741] ret_from_fork+0x116/0x1d0 [ 12.572760] ? __pfx_kthread+0x10/0x10 [ 12.572781] ret_from_fork_asm+0x1a/0x30 [ 12.572811] </TASK> [ 12.572822] [ 12.584222] Allocated by task 183: [ 12.584369] kasan_save_stack+0x45/0x70 [ 12.584846] kasan_save_track+0x18/0x40 [ 12.585208] kasan_save_alloc_info+0x3b/0x50 [ 12.585702] __kasan_kmalloc+0xb7/0xc0 [ 12.586065] __kmalloc_cache_noprof+0x189/0x420 [ 12.586512] kmalloc_oob_16+0xa8/0x4a0 [ 12.586979] kunit_try_run_case+0x1a5/0x480 [ 12.587384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.587949] kthread+0x337/0x6f0 [ 12.588203] ret_from_fork+0x116/0x1d0 [ 12.588341] ret_from_fork_asm+0x1a/0x30 [ 12.588651] [ 12.588902] The buggy address belongs to the object at ffff8881026761a0 [ 12.588902] which belongs to the cache kmalloc-16 of size 16 [ 12.590027] The buggy address is located 0 bytes inside of [ 12.590027] allocated 13-byte region [ffff8881026761a0, ffff8881026761ad) [ 12.590385] [ 12.590549] The buggy address belongs to the physical page: [ 12.591104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102676 [ 12.591965] flags: 0x200000000000000(node=0|zone=2) [ 12.592459] page_type: f5(slab) [ 12.592812] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.593266] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.593530] page dumped because: kasan: bad access detected [ 12.594028] [ 12.594169] Memory state around the buggy address: [ 12.594556] ffff888102676080: 00 05 fc fc 00 05 fc fc 00 00 fc fc 00 06 fc fc [ 12.594953] ffff888102676100: 00 06 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 12.595172] >ffff888102676180: 00 05 fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 12.595384] ^ [ 12.595868] ffff888102676200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.596616] ffff888102676280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.597226] ==================================================================
[ 12.874315] ================================================================== [ 12.875342] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 12.875581] Write of size 16 at addr ffff888102b01200 by task kunit_try_catch/184 [ 12.875810] [ 12.875901] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.875946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.875957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.875978] Call Trace: [ 12.875990] <TASK> [ 12.876007] dump_stack_lvl+0x73/0xb0 [ 12.876039] print_report+0xd1/0x610 [ 12.876084] ? __virt_addr_valid+0x1db/0x2d0 [ 12.876133] ? kmalloc_oob_16+0x452/0x4a0 [ 12.876154] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.876177] ? kmalloc_oob_16+0x452/0x4a0 [ 12.876198] kasan_report+0x141/0x180 [ 12.876220] ? kmalloc_oob_16+0x452/0x4a0 [ 12.876245] __asan_report_store16_noabort+0x1b/0x30 [ 12.876272] kmalloc_oob_16+0x452/0x4a0 [ 12.876294] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 12.876316] ? __schedule+0x10cc/0x2b60 [ 12.876601] ? __pfx_read_tsc+0x10/0x10 [ 12.876631] ? ktime_get_ts64+0x86/0x230 [ 12.876672] kunit_try_run_case+0x1a5/0x480 [ 12.876740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.876765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.876796] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.876821] ? __kthread_parkme+0x82/0x180 [ 12.876844] ? preempt_count_sub+0x50/0x80 [ 12.876868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.876893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.876918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.876944] kthread+0x337/0x6f0 [ 12.876964] ? trace_preempt_on+0x20/0xc0 [ 12.876988] ? __pfx_kthread+0x10/0x10 [ 12.877008] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.877030] ? calculate_sigpending+0x7b/0xa0 [ 12.877066] ? __pfx_kthread+0x10/0x10 [ 12.877087] ret_from_fork+0x116/0x1d0 [ 12.877107] ? __pfx_kthread+0x10/0x10 [ 12.877178] ret_from_fork_asm+0x1a/0x30 [ 12.877211] </TASK> [ 12.877221] [ 12.885364] Allocated by task 184: [ 12.885586] kasan_save_stack+0x45/0x70 [ 12.885893] kasan_save_track+0x18/0x40 [ 12.886115] kasan_save_alloc_info+0x3b/0x50 [ 12.886350] __kasan_kmalloc+0xb7/0xc0 [ 12.886529] __kmalloc_cache_noprof+0x189/0x420 [ 12.886860] kmalloc_oob_16+0xa8/0x4a0 [ 12.887068] kunit_try_run_case+0x1a5/0x480 [ 12.887220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.887578] kthread+0x337/0x6f0 [ 12.887742] ret_from_fork+0x116/0x1d0 [ 12.887879] ret_from_fork_asm+0x1a/0x30 [ 12.888239] [ 12.888343] The buggy address belongs to the object at ffff888102b01200 [ 12.888343] which belongs to the cache kmalloc-16 of size 16 [ 12.888789] The buggy address is located 0 bytes inside of [ 12.888789] allocated 13-byte region [ffff888102b01200, ffff888102b0120d) [ 12.889554] [ 12.889642] The buggy address belongs to the physical page: [ 12.889917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b01 [ 12.890466] flags: 0x200000000000000(node=0|zone=2) [ 12.890831] page_type: f5(slab) [ 12.891019] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.891477] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.891709] page dumped because: kasan: bad access detected [ 12.892095] [ 12.892227] Memory state around the buggy address: [ 12.892466] ffff888102b01100: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 12.892868] ffff888102b01180: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 12.893216] >ffff888102b01200: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 12.893450] ^ [ 12.893609] ffff888102b01280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.894189] ffff888102b01300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.894559] ==================================================================