Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.947647] ================================================================== [ 15.947878] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 15.947931] Write of size 16 at addr fff00000c5866569 by task kunit_try_catch/179 [ 15.947989] [ 15.948071] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.948154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.948212] Hardware name: linux,dummy-virt (DT) [ 15.948243] Call trace: [ 15.948422] show_stack+0x20/0x38 (C) [ 15.948497] dump_stack_lvl+0x8c/0xd0 [ 15.948663] print_report+0x118/0x5d0 [ 15.948776] kasan_report+0xdc/0x128 [ 15.948852] kasan_check_range+0x100/0x1a8 [ 15.949002] __asan_memset+0x34/0x78 [ 15.949058] kmalloc_oob_memset_16+0x150/0x2f8 [ 15.949220] kunit_try_run_case+0x170/0x3f0 [ 15.949270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.949460] kthread+0x328/0x630 [ 15.949636] ret_from_fork+0x10/0x20 [ 15.950025] [ 15.950081] Allocated by task 179: [ 15.950235] kasan_save_stack+0x3c/0x68 [ 15.950293] kasan_save_track+0x20/0x40 [ 15.950406] kasan_save_alloc_info+0x40/0x58 [ 15.950497] __kasan_kmalloc+0xd4/0xd8 [ 15.950559] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.950646] kmalloc_oob_memset_16+0xb0/0x2f8 [ 15.950717] kunit_try_run_case+0x170/0x3f0 [ 15.950765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.951038] kthread+0x328/0x630 [ 15.951184] ret_from_fork+0x10/0x20 [ 15.951296] [ 15.951335] The buggy address belongs to the object at fff00000c5866500 [ 15.951335] which belongs to the cache kmalloc-128 of size 128 [ 15.951412] The buggy address is located 105 bytes inside of [ 15.951412] allocated 120-byte region [fff00000c5866500, fff00000c5866578) [ 15.951594] [ 15.951633] The buggy address belongs to the physical page: [ 15.951694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105866 [ 15.951754] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.951970] page_type: f5(slab) [ 15.952159] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.952329] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.952409] page dumped because: kasan: bad access detected [ 15.952513] [ 15.952555] Memory state around the buggy address: [ 15.952613] fff00000c5866400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.952726] fff00000c5866480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.952771] >fff00000c5866500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.952831] ^ [ 15.952878] fff00000c5866580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.953562] fff00000c5866600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.953962] ==================================================================
[ 16.724665] ================================================================== [ 16.724741] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 16.724788] Write of size 16 at addr fff00000c5aae569 by task kunit_try_catch/179 [ 16.724843] [ 16.724875] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.724965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.724999] Hardware name: linux,dummy-virt (DT) [ 16.725033] Call trace: [ 16.725055] show_stack+0x20/0x38 (C) [ 16.725109] dump_stack_lvl+0x8c/0xd0 [ 16.725162] print_report+0x118/0x5d0 [ 16.725220] kasan_report+0xdc/0x128 [ 16.725263] kasan_check_range+0x100/0x1a8 [ 16.725354] __asan_memset+0x34/0x78 [ 16.725396] kmalloc_oob_memset_16+0x150/0x2f8 [ 16.725440] kunit_try_run_case+0x170/0x3f0 [ 16.725981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.726042] kthread+0x328/0x630 [ 16.726084] ret_from_fork+0x10/0x20 [ 16.726205] [ 16.726308] Allocated by task 179: [ 16.726376] kasan_save_stack+0x3c/0x68 [ 16.726497] kasan_save_track+0x20/0x40 [ 16.726597] kasan_save_alloc_info+0x40/0x58 [ 16.726729] __kasan_kmalloc+0xd4/0xd8 [ 16.726824] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.726962] kmalloc_oob_memset_16+0xb0/0x2f8 [ 16.727060] kunit_try_run_case+0x170/0x3f0 [ 16.727167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.727221] kthread+0x328/0x630 [ 16.727252] ret_from_fork+0x10/0x20 [ 16.727414] [ 16.727449] The buggy address belongs to the object at fff00000c5aae500 [ 16.727449] which belongs to the cache kmalloc-128 of size 128 [ 16.727570] The buggy address is located 105 bytes inside of [ 16.727570] allocated 120-byte region [fff00000c5aae500, fff00000c5aae578) [ 16.727708] [ 16.727734] The buggy address belongs to the physical page: [ 16.727781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aae [ 16.727845] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.727929] page_type: f5(slab) [ 16.727966] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.728030] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.728069] page dumped because: kasan: bad access detected [ 16.728100] [ 16.728117] Memory state around the buggy address: [ 16.728348] fff00000c5aae400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.728425] fff00000c5aae480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.728484] >fff00000c5aae500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.728580] ^ [ 16.728663] fff00000c5aae580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.728748] fff00000c5aae600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.728837] ==================================================================
[ 12.791746] ================================================================== [ 12.792231] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 12.792547] Write of size 16 at addr ffff8881026b2c69 by task kunit_try_catch/195 [ 12.793026] [ 12.793151] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.793198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.793210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.793232] Call Trace: [ 12.793245] <TASK> [ 12.793261] dump_stack_lvl+0x73/0xb0 [ 12.793295] print_report+0xd1/0x610 [ 12.793319] ? __virt_addr_valid+0x1db/0x2d0 [ 12.793345] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.793367] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.793391] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.793414] kasan_report+0x141/0x180 [ 12.793436] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.793476] kasan_check_range+0x10c/0x1c0 [ 12.793512] __asan_memset+0x27/0x50 [ 12.793532] kmalloc_oob_memset_16+0x166/0x330 [ 12.793554] ? __kasan_check_write+0x18/0x20 [ 12.793574] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 12.793597] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.793624] ? trace_hardirqs_on+0x37/0xe0 [ 12.793649] ? __pfx_read_tsc+0x10/0x10 [ 12.793671] ? ktime_get_ts64+0x86/0x230 [ 12.793697] kunit_try_run_case+0x1a5/0x480 [ 12.793802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.793828] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.793855] ? __kthread_parkme+0x82/0x180 [ 12.793877] ? preempt_count_sub+0x50/0x80 [ 12.793903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.793928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.793953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.793979] kthread+0x337/0x6f0 [ 12.793998] ? trace_preempt_on+0x20/0xc0 [ 12.794021] ? __pfx_kthread+0x10/0x10 [ 12.794042] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.794064] ? calculate_sigpending+0x7b/0xa0 [ 12.794089] ? __pfx_kthread+0x10/0x10 [ 12.794111] ret_from_fork+0x116/0x1d0 [ 12.794130] ? __pfx_kthread+0x10/0x10 [ 12.794150] ret_from_fork_asm+0x1a/0x30 [ 12.794181] </TASK> [ 12.794191] [ 12.801962] Allocated by task 195: [ 12.802142] kasan_save_stack+0x45/0x70 [ 12.802288] kasan_save_track+0x18/0x40 [ 12.802422] kasan_save_alloc_info+0x3b/0x50 [ 12.802582] __kasan_kmalloc+0xb7/0xc0 [ 12.802941] __kmalloc_cache_noprof+0x189/0x420 [ 12.803187] kmalloc_oob_memset_16+0xac/0x330 [ 12.803410] kunit_try_run_case+0x1a5/0x480 [ 12.803709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.803937] kthread+0x337/0x6f0 [ 12.804096] ret_from_fork+0x116/0x1d0 [ 12.804286] ret_from_fork_asm+0x1a/0x30 [ 12.804425] [ 12.804511] The buggy address belongs to the object at ffff8881026b2c00 [ 12.804511] which belongs to the cache kmalloc-128 of size 128 [ 12.805047] The buggy address is located 105 bytes inside of [ 12.805047] allocated 120-byte region [ffff8881026b2c00, ffff8881026b2c78) [ 12.805702] [ 12.805779] The buggy address belongs to the physical page: [ 12.806000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b2 [ 12.806347] flags: 0x200000000000000(node=0|zone=2) [ 12.806700] page_type: f5(slab) [ 12.806856] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.807175] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.807549] page dumped because: kasan: bad access detected [ 12.807739] [ 12.807809] Memory state around the buggy address: [ 12.807964] ffff8881026b2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.808185] ffff8881026b2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.808510] >ffff8881026b2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.808822] ^ [ 12.809131] ffff8881026b2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.809422] ffff8881026b2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.809789] ==================================================================
[ 13.022794] ================================================================== [ 13.023337] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 13.023670] Write of size 16 at addr ffff888102b2e769 by task kunit_try_catch/196 [ 13.024175] [ 13.024275] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.024317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.024329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.024348] Call Trace: [ 13.024360] <TASK> [ 13.024374] dump_stack_lvl+0x73/0xb0 [ 13.024406] print_report+0xd1/0x610 [ 13.024429] ? __virt_addr_valid+0x1db/0x2d0 [ 13.024453] ? kmalloc_oob_memset_16+0x166/0x330 [ 13.024476] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.024500] ? kmalloc_oob_memset_16+0x166/0x330 [ 13.024523] kasan_report+0x141/0x180 [ 13.024544] ? kmalloc_oob_memset_16+0x166/0x330 [ 13.024572] kasan_check_range+0x10c/0x1c0 [ 13.024595] __asan_memset+0x27/0x50 [ 13.024615] kmalloc_oob_memset_16+0x166/0x330 [ 13.024638] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 13.024691] ? __schedule+0x10cc/0x2b60 [ 13.024714] ? __pfx_read_tsc+0x10/0x10 [ 13.024736] ? ktime_get_ts64+0x86/0x230 [ 13.024763] kunit_try_run_case+0x1a5/0x480 [ 13.024789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.024812] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.024836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.024860] ? __kthread_parkme+0x82/0x180 [ 13.024881] ? preempt_count_sub+0x50/0x80 [ 13.024906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.024930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.024955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.024981] kthread+0x337/0x6f0 [ 13.025000] ? trace_preempt_on+0x20/0xc0 [ 13.025024] ? __pfx_kthread+0x10/0x10 [ 13.025045] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.025078] ? calculate_sigpending+0x7b/0xa0 [ 13.025103] ? __pfx_kthread+0x10/0x10 [ 13.025125] ret_from_fork+0x116/0x1d0 [ 13.025144] ? __pfx_kthread+0x10/0x10 [ 13.025165] ret_from_fork_asm+0x1a/0x30 [ 13.025196] </TASK> [ 13.025205] [ 13.033309] Allocated by task 196: [ 13.033469] kasan_save_stack+0x45/0x70 [ 13.033710] kasan_save_track+0x18/0x40 [ 13.033935] kasan_save_alloc_info+0x3b/0x50 [ 13.034157] __kasan_kmalloc+0xb7/0xc0 [ 13.034355] __kmalloc_cache_noprof+0x189/0x420 [ 13.034581] kmalloc_oob_memset_16+0xac/0x330 [ 13.034795] kunit_try_run_case+0x1a5/0x480 [ 13.034943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.035138] kthread+0x337/0x6f0 [ 13.035306] ret_from_fork+0x116/0x1d0 [ 13.035499] ret_from_fork_asm+0x1a/0x30 [ 13.035737] [ 13.035832] The buggy address belongs to the object at ffff888102b2e700 [ 13.035832] which belongs to the cache kmalloc-128 of size 128 [ 13.036325] The buggy address is located 105 bytes inside of [ 13.036325] allocated 120-byte region [ffff888102b2e700, ffff888102b2e778) [ 13.036999] [ 13.037090] The buggy address belongs to the physical page: [ 13.037295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b2e [ 13.037979] flags: 0x200000000000000(node=0|zone=2) [ 13.038227] page_type: f5(slab) [ 13.038416] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.038822] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.039158] page dumped because: kasan: bad access detected [ 13.039410] [ 13.039481] Memory state around the buggy address: [ 13.039634] ffff888102b2e600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.039962] ffff888102b2e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.040313] >ffff888102b2e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.040850] ^ [ 13.041121] ffff888102b2e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.041613] ffff888102b2e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.042018] ==================================================================