Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.553154] ================================================================== [ 16.553575] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 16.553712] Write of size 16 at addr fff00000c59ab8e0 by task kunit_try_catch/166 [ 16.553922] [ 16.553958] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.554039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.554065] Hardware name: linux,dummy-virt (DT) [ 16.554096] Call trace: [ 16.554118] show_stack+0x20/0x38 (C) [ 16.554167] dump_stack_lvl+0x8c/0xd0 [ 16.554218] print_report+0x118/0x5d0 [ 16.554264] kasan_report+0xdc/0x128 [ 16.554310] __asan_report_store16_noabort+0x20/0x30 [ 16.554385] kmalloc_oob_16+0x3a0/0x3f8 [ 16.554430] kunit_try_run_case+0x170/0x3f0 [ 16.554667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.554848] kthread+0x328/0x630 [ 16.554890] ret_from_fork+0x10/0x20 [ 16.554949] [ 16.554967] Allocated by task 166: [ 16.555068] kasan_save_stack+0x3c/0x68 [ 16.555523] kasan_save_track+0x20/0x40 [ 16.555676] kasan_save_alloc_info+0x40/0x58 [ 16.555754] __kasan_kmalloc+0xd4/0xd8 [ 16.555850] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.556237] kmalloc_oob_16+0xb4/0x3f8 [ 16.556601] kunit_try_run_case+0x170/0x3f0 [ 16.556642] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.556685] kthread+0x328/0x630 [ 16.556717] ret_from_fork+0x10/0x20 [ 16.556780] [ 16.556800] The buggy address belongs to the object at fff00000c59ab8e0 [ 16.556800] which belongs to the cache kmalloc-16 of size 16 [ 16.556883] The buggy address is located 0 bytes inside of [ 16.556883] allocated 13-byte region [fff00000c59ab8e0, fff00000c59ab8ed) [ 16.557435] [ 16.557458] The buggy address belongs to the physical page: [ 16.557497] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ab [ 16.557642] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.557740] page_type: f5(slab) [ 16.557874] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.557934] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.557974] page dumped because: kasan: bad access detected [ 16.558254] [ 16.558314] Memory state around the buggy address: [ 16.558377] fff00000c59ab780: 00 02 fc fc 00 05 fc fc fa fb fc fc 00 02 fc fc [ 16.558421] fff00000c59ab800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.558473] >fff00000c59ab880: fa fb fc fc 00 04 fc fc fa fb fc fc 00 05 fc fc [ 16.558718] ^ [ 16.558758] fff00000c59ab900: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.558800] fff00000c59ab980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.558837] ==================================================================
[ 16.530575] ================================================================== [ 16.530659] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 16.530713] Write of size 16 at addr fff00000c1375b00 by task kunit_try_catch/166 [ 16.530775] [ 16.530808] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.530889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.530915] Hardware name: linux,dummy-virt (DT) [ 16.530947] Call trace: [ 16.530970] show_stack+0x20/0x38 (C) [ 16.531019] dump_stack_lvl+0x8c/0xd0 [ 16.531076] print_report+0x118/0x5d0 [ 16.531123] kasan_report+0xdc/0x128 [ 16.531170] __asan_report_store16_noabort+0x20/0x30 [ 16.531222] kmalloc_oob_16+0x3a0/0x3f8 [ 16.531267] kunit_try_run_case+0x170/0x3f0 [ 16.531316] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.531376] kthread+0x328/0x630 [ 16.531434] ret_from_fork+0x10/0x20 [ 16.531491] [ 16.531510] Allocated by task 166: [ 16.531538] kasan_save_stack+0x3c/0x68 [ 16.531585] kasan_save_track+0x20/0x40 [ 16.532420] kasan_save_alloc_info+0x40/0x58 [ 16.532478] __kasan_kmalloc+0xd4/0xd8 [ 16.532515] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.532796] kmalloc_oob_16+0xb4/0x3f8 [ 16.532875] kunit_try_run_case+0x170/0x3f0 [ 16.532917] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.533335] kthread+0x328/0x630 [ 16.533476] ret_from_fork+0x10/0x20 [ 16.533651] [ 16.533696] The buggy address belongs to the object at fff00000c1375b00 [ 16.533696] which belongs to the cache kmalloc-16 of size 16 [ 16.533933] The buggy address is located 0 bytes inside of [ 16.533933] allocated 13-byte region [fff00000c1375b00, fff00000c1375b0d) [ 16.534228] [ 16.534365] The buggy address belongs to the physical page: [ 16.534453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101375 [ 16.534540] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.534813] page_type: f5(slab) [ 16.534871] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.535177] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.535424] page dumped because: kasan: bad access detected [ 16.535888] [ 16.535975] Memory state around the buggy address: [ 16.536085] fff00000c1375a00: 00 07 fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 16.536190] fff00000c1375a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.536302] >fff00000c1375b00: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.536403] ^ [ 16.536452] fff00000c1375b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.536815] fff00000c1375c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.536905] ==================================================================
[ 12.661657] ================================================================== [ 12.662335] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 12.662689] Write of size 16 at addr ffff8881017e03c0 by task kunit_try_catch/184 [ 12.662976] [ 12.663175] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.663221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.663233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.663255] Call Trace: [ 12.663268] <TASK> [ 12.663285] dump_stack_lvl+0x73/0xb0 [ 12.663316] print_report+0xd1/0x610 [ 12.663339] ? __virt_addr_valid+0x1db/0x2d0 [ 12.663362] ? kmalloc_oob_16+0x452/0x4a0 [ 12.663382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.663416] ? kmalloc_oob_16+0x452/0x4a0 [ 12.663437] kasan_report+0x141/0x180 [ 12.663459] ? kmalloc_oob_16+0x452/0x4a0 [ 12.663485] __asan_report_store16_noabort+0x1b/0x30 [ 12.663509] kmalloc_oob_16+0x452/0x4a0 [ 12.663529] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 12.663551] ? __schedule+0x10c6/0x2b60 [ 12.663574] ? __pfx_read_tsc+0x10/0x10 [ 12.663595] ? ktime_get_ts64+0x86/0x230 [ 12.663621] kunit_try_run_case+0x1a5/0x480 [ 12.663646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.663667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.663691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.663713] ? __kthread_parkme+0x82/0x180 [ 12.663733] ? preempt_count_sub+0x50/0x80 [ 12.663757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.663781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.663803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.663826] kthread+0x337/0x6f0 [ 12.663845] ? trace_preempt_on+0x20/0xc0 [ 12.663868] ? __pfx_kthread+0x10/0x10 [ 12.663888] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.663909] ? calculate_sigpending+0x7b/0xa0 [ 12.663933] ? __pfx_kthread+0x10/0x10 [ 12.663954] ret_from_fork+0x116/0x1d0 [ 12.663973] ? __pfx_kthread+0x10/0x10 [ 12.663993] ret_from_fork_asm+0x1a/0x30 [ 12.664026] </TASK> [ 12.664036] [ 12.671380] Allocated by task 184: [ 12.671528] kasan_save_stack+0x45/0x70 [ 12.671672] kasan_save_track+0x18/0x40 [ 12.671919] kasan_save_alloc_info+0x3b/0x50 [ 12.672428] __kasan_kmalloc+0xb7/0xc0 [ 12.672640] __kmalloc_cache_noprof+0x189/0x420 [ 12.672878] kmalloc_oob_16+0xa8/0x4a0 [ 12.673068] kunit_try_run_case+0x1a5/0x480 [ 12.673450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.673690] kthread+0x337/0x6f0 [ 12.673853] ret_from_fork+0x116/0x1d0 [ 12.673987] ret_from_fork_asm+0x1a/0x30 [ 12.674129] [ 12.674305] The buggy address belongs to the object at ffff8881017e03c0 [ 12.674305] which belongs to the cache kmalloc-16 of size 16 [ 12.674861] The buggy address is located 0 bytes inside of [ 12.674861] allocated 13-byte region [ffff8881017e03c0, ffff8881017e03cd) [ 12.675409] [ 12.675506] The buggy address belongs to the physical page: [ 12.675748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017e0 [ 12.676068] flags: 0x200000000000000(node=0|zone=2) [ 12.676309] page_type: f5(slab) [ 12.676484] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.676886] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.677390] page dumped because: kasan: bad access detected [ 12.677630] [ 12.677706] Memory state around the buggy address: [ 12.677910] ffff8881017e0280: 00 00 fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 12.678204] ffff8881017e0300: 00 04 fc fc 00 01 fc fc 00 01 fc fc 00 04 fc fc [ 12.678554] >ffff8881017e0380: 00 04 fc fc 00 05 fc fc 00 05 fc fc 00 00 fc fc [ 12.678862] ^ [ 12.679093] ffff8881017e0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.679309] ffff8881017e0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.679531] ==================================================================
[ 12.778647] ================================================================== [ 12.779229] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 12.779611] Write of size 16 at addr ffff88810210ebe0 by task kunit_try_catch/183 [ 12.779941] [ 12.780138] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.780197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.780209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.780230] Call Trace: [ 12.780243] <TASK> [ 12.780260] dump_stack_lvl+0x73/0xb0 [ 12.780289] print_report+0xd1/0x610 [ 12.780311] ? __virt_addr_valid+0x1db/0x2d0 [ 12.780339] ? kmalloc_oob_16+0x452/0x4a0 [ 12.780377] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.780398] ? kmalloc_oob_16+0x452/0x4a0 [ 12.780429] kasan_report+0x141/0x180 [ 12.780451] ? kmalloc_oob_16+0x452/0x4a0 [ 12.780475] __asan_report_store16_noabort+0x1b/0x30 [ 12.780499] kmalloc_oob_16+0x452/0x4a0 [ 12.780520] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 12.780541] ? __schedule+0x10c6/0x2b60 [ 12.780563] ? __pfx_read_tsc+0x10/0x10 [ 12.780593] ? ktime_get_ts64+0x86/0x230 [ 12.780618] kunit_try_run_case+0x1a5/0x480 [ 12.780642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.780676] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.780699] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.780721] ? __kthread_parkme+0x82/0x180 [ 12.780741] ? preempt_count_sub+0x50/0x80 [ 12.780774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.780797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.780819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.780852] kthread+0x337/0x6f0 [ 12.780919] ? trace_preempt_on+0x20/0xc0 [ 12.780943] ? __pfx_kthread+0x10/0x10 [ 12.780963] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.780983] ? calculate_sigpending+0x7b/0xa0 [ 12.781007] ? __pfx_kthread+0x10/0x10 [ 12.781028] ret_from_fork+0x116/0x1d0 [ 12.781045] ? __pfx_kthread+0x10/0x10 [ 12.781065] ret_from_fork_asm+0x1a/0x30 [ 12.781095] </TASK> [ 12.781105] [ 12.789048] Allocated by task 183: [ 12.789211] kasan_save_stack+0x45/0x70 [ 12.789369] kasan_save_track+0x18/0x40 [ 12.789557] kasan_save_alloc_info+0x3b/0x50 [ 12.789796] __kasan_kmalloc+0xb7/0xc0 [ 12.789983] __kmalloc_cache_noprof+0x189/0x420 [ 12.790335] kmalloc_oob_16+0xa8/0x4a0 [ 12.790869] kunit_try_run_case+0x1a5/0x480 [ 12.791052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.791398] kthread+0x337/0x6f0 [ 12.791573] ret_from_fork+0x116/0x1d0 [ 12.791756] ret_from_fork_asm+0x1a/0x30 [ 12.792041] [ 12.792187] The buggy address belongs to the object at ffff88810210ebe0 [ 12.792187] which belongs to the cache kmalloc-16 of size 16 [ 12.792715] The buggy address is located 0 bytes inside of [ 12.792715] allocated 13-byte region [ffff88810210ebe0, ffff88810210ebed) [ 12.793307] [ 12.793427] The buggy address belongs to the physical page: [ 12.793671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10210e [ 12.794255] flags: 0x200000000000000(node=0|zone=2) [ 12.794507] page_type: f5(slab) [ 12.794688] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.795134] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.795544] page dumped because: kasan: bad access detected [ 12.795721] [ 12.795792] Memory state around the buggy address: [ 12.795951] ffff88810210ea80: 00 02 fc fc 00 03 fc fc fa fb fc fc 00 02 fc fc [ 12.796317] ffff88810210eb00: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 12.796725] >ffff88810210eb80: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 12.797171] ^ [ 12.797549] ffff88810210ec00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.797771] ffff88810210ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.797986] ==================================================================