Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.906604] ================================================================== [ 15.906690] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 15.906742] Write of size 2 at addr fff00000c5866277 by task kunit_try_catch/173 [ 15.906835] [ 15.906867] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.906953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.907119] Hardware name: linux,dummy-virt (DT) [ 15.907160] Call trace: [ 15.907286] show_stack+0x20/0x38 (C) [ 15.907347] dump_stack_lvl+0x8c/0xd0 [ 15.907552] print_report+0x118/0x5d0 [ 15.907710] kasan_report+0xdc/0x128 [ 15.907765] kasan_check_range+0x100/0x1a8 [ 15.907907] __asan_memset+0x34/0x78 [ 15.907973] kmalloc_oob_memset_2+0x150/0x2f8 [ 15.908030] kunit_try_run_case+0x170/0x3f0 [ 15.908118] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.908192] kthread+0x328/0x630 [ 15.908247] ret_from_fork+0x10/0x20 [ 15.908294] [ 15.908312] Allocated by task 173: [ 15.908626] kasan_save_stack+0x3c/0x68 [ 15.908833] kasan_save_track+0x20/0x40 [ 15.908887] kasan_save_alloc_info+0x40/0x58 [ 15.909111] __kasan_kmalloc+0xd4/0xd8 [ 15.909296] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.909392] kmalloc_oob_memset_2+0xb0/0x2f8 [ 15.909433] kunit_try_run_case+0x170/0x3f0 [ 15.909699] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.909980] kthread+0x328/0x630 [ 15.910049] ret_from_fork+0x10/0x20 [ 15.910175] [ 15.910280] The buggy address belongs to the object at fff00000c5866200 [ 15.910280] which belongs to the cache kmalloc-128 of size 128 [ 15.910389] The buggy address is located 119 bytes inside of [ 15.910389] allocated 120-byte region [fff00000c5866200, fff00000c5866278) [ 15.910463] [ 15.910483] The buggy address belongs to the physical page: [ 15.910760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105866 [ 15.910840] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.911003] page_type: f5(slab) [ 15.911087] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.911213] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.911302] page dumped because: kasan: bad access detected [ 15.911430] [ 15.911478] Memory state around the buggy address: [ 15.911517] fff00000c5866100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.911891] fff00000c5866180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.911989] >fff00000c5866200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.912068] ^ [ 15.912174] fff00000c5866280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.912246] fff00000c5866300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.912362] ==================================================================
[ 16.693684] ================================================================== [ 16.693754] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 16.693823] Write of size 2 at addr fff00000c5aae277 by task kunit_try_catch/173 [ 16.693888] [ 16.693920] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.694004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.694031] Hardware name: linux,dummy-virt (DT) [ 16.694081] Call trace: [ 16.694129] show_stack+0x20/0x38 (C) [ 16.694205] dump_stack_lvl+0x8c/0xd0 [ 16.694321] print_report+0x118/0x5d0 [ 16.694366] kasan_report+0xdc/0x128 [ 16.694427] kasan_check_range+0x100/0x1a8 [ 16.694473] __asan_memset+0x34/0x78 [ 16.694516] kmalloc_oob_memset_2+0x150/0x2f8 [ 16.694561] kunit_try_run_case+0x170/0x3f0 [ 16.694741] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.694820] kthread+0x328/0x630 [ 16.694867] ret_from_fork+0x10/0x20 [ 16.694920] [ 16.694938] Allocated by task 173: [ 16.694966] kasan_save_stack+0x3c/0x68 [ 16.695024] kasan_save_track+0x20/0x40 [ 16.695061] kasan_save_alloc_info+0x40/0x58 [ 16.695100] __kasan_kmalloc+0xd4/0xd8 [ 16.695135] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.695172] kmalloc_oob_memset_2+0xb0/0x2f8 [ 16.695238] kunit_try_run_case+0x170/0x3f0 [ 16.695275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.695336] kthread+0x328/0x630 [ 16.695449] ret_from_fork+0x10/0x20 [ 16.695509] [ 16.695573] The buggy address belongs to the object at fff00000c5aae200 [ 16.695573] which belongs to the cache kmalloc-128 of size 128 [ 16.695630] The buggy address is located 119 bytes inside of [ 16.695630] allocated 120-byte region [fff00000c5aae200, fff00000c5aae278) [ 16.695692] [ 16.695711] The buggy address belongs to the physical page: [ 16.695884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aae [ 16.695968] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.696088] page_type: f5(slab) [ 16.696163] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.696303] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.696410] page dumped because: kasan: bad access detected [ 16.696453] [ 16.696470] Memory state around the buggy address: [ 16.696707] fff00000c5aae100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.696925] fff00000c5aae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.697009] >fff00000c5aae200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.697058] ^ [ 16.697126] fff00000c5aae280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.697196] fff00000c5aae300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.697233] ==================================================================
[ 12.690163] ================================================================== [ 12.691167] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 12.692126] Write of size 2 at addr ffff888103427f77 by task kunit_try_catch/189 [ 12.692994] [ 12.693109] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.693157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.693169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.693190] Call Trace: [ 12.693203] <TASK> [ 12.693220] dump_stack_lvl+0x73/0xb0 [ 12.693254] print_report+0xd1/0x610 [ 12.693278] ? __virt_addr_valid+0x1db/0x2d0 [ 12.693303] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.693326] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.693349] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.693371] kasan_report+0x141/0x180 [ 12.693393] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.693630] kasan_check_range+0x10c/0x1c0 [ 12.693662] __asan_memset+0x27/0x50 [ 12.693722] kmalloc_oob_memset_2+0x166/0x330 [ 12.693747] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 12.693771] ? __schedule+0x10cc/0x2b60 [ 12.693795] ? __pfx_read_tsc+0x10/0x10 [ 12.693817] ? ktime_get_ts64+0x86/0x230 [ 12.693842] kunit_try_run_case+0x1a5/0x480 [ 12.693868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.693890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.693915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.693940] ? __kthread_parkme+0x82/0x180 [ 12.693961] ? preempt_count_sub+0x50/0x80 [ 12.693985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.694009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.694034] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.694059] kthread+0x337/0x6f0 [ 12.694078] ? trace_preempt_on+0x20/0xc0 [ 12.694103] ? __pfx_kthread+0x10/0x10 [ 12.694123] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.694145] ? calculate_sigpending+0x7b/0xa0 [ 12.694169] ? __pfx_kthread+0x10/0x10 [ 12.694191] ret_from_fork+0x116/0x1d0 [ 12.694209] ? __pfx_kthread+0x10/0x10 [ 12.694230] ret_from_fork_asm+0x1a/0x30 [ 12.694261] </TASK> [ 12.694272] [ 12.708409] Allocated by task 189: [ 12.708829] kasan_save_stack+0x45/0x70 [ 12.708976] kasan_save_track+0x18/0x40 [ 12.709108] kasan_save_alloc_info+0x3b/0x50 [ 12.709256] __kasan_kmalloc+0xb7/0xc0 [ 12.709385] __kmalloc_cache_noprof+0x189/0x420 [ 12.710115] kmalloc_oob_memset_2+0xac/0x330 [ 12.710693] kunit_try_run_case+0x1a5/0x480 [ 12.711151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.711781] kthread+0x337/0x6f0 [ 12.712127] ret_from_fork+0x116/0x1d0 [ 12.712541] ret_from_fork_asm+0x1a/0x30 [ 12.712706] [ 12.712779] The buggy address belongs to the object at ffff888103427f00 [ 12.712779] which belongs to the cache kmalloc-128 of size 128 [ 12.713121] The buggy address is located 119 bytes inside of [ 12.713121] allocated 120-byte region [ffff888103427f00, ffff888103427f78) [ 12.713556] [ 12.713784] The buggy address belongs to the physical page: [ 12.714122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103427 [ 12.714562] flags: 0x200000000000000(node=0|zone=2) [ 12.715073] page_type: f5(slab) [ 12.715369] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.715884] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.716792] page dumped because: kasan: bad access detected [ 12.717101] [ 12.717223] Memory state around the buggy address: [ 12.717395] ffff888103427e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.718177] ffff888103427e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.718947] >ffff888103427f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.719682] ^ [ 12.720867] ffff888103427f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.721090] ffff888103428000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.721303] ==================================================================
[ 12.953027] ================================================================== [ 12.954199] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 12.954507] Write of size 2 at addr ffff888102594377 by task kunit_try_catch/190 [ 12.954869] [ 12.954988] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.955031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.955043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.955077] Call Trace: [ 12.955089] <TASK> [ 12.955104] dump_stack_lvl+0x73/0xb0 [ 12.955137] print_report+0xd1/0x610 [ 12.955171] ? __virt_addr_valid+0x1db/0x2d0 [ 12.955196] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.955219] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.955242] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.955265] kasan_report+0x141/0x180 [ 12.955288] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.955315] kasan_check_range+0x10c/0x1c0 [ 12.955339] __asan_memset+0x27/0x50 [ 12.955359] kmalloc_oob_memset_2+0x166/0x330 [ 12.955382] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 12.955406] ? __schedule+0x10cc/0x2b60 [ 12.955430] ? __pfx_read_tsc+0x10/0x10 [ 12.955451] ? ktime_get_ts64+0x86/0x230 [ 12.955477] kunit_try_run_case+0x1a5/0x480 [ 12.955502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.955552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.955576] ? __kthread_parkme+0x82/0x180 [ 12.955598] ? preempt_count_sub+0x50/0x80 [ 12.955622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.955746] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.955772] kthread+0x337/0x6f0 [ 12.955792] ? trace_preempt_on+0x20/0xc0 [ 12.955816] ? __pfx_kthread+0x10/0x10 [ 12.955837] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.955859] ? calculate_sigpending+0x7b/0xa0 [ 12.955885] ? __pfx_kthread+0x10/0x10 [ 12.955906] ret_from_fork+0x116/0x1d0 [ 12.955925] ? __pfx_kthread+0x10/0x10 [ 12.955946] ret_from_fork_asm+0x1a/0x30 [ 12.955977] </TASK> [ 12.955987] [ 12.964075] Allocated by task 190: [ 12.964267] kasan_save_stack+0x45/0x70 [ 12.964415] kasan_save_track+0x18/0x40 [ 12.964551] kasan_save_alloc_info+0x3b/0x50 [ 12.965105] __kasan_kmalloc+0xb7/0xc0 [ 12.965502] __kmalloc_cache_noprof+0x189/0x420 [ 12.965865] kmalloc_oob_memset_2+0xac/0x330 [ 12.966019] kunit_try_run_case+0x1a5/0x480 [ 12.966181] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.966435] kthread+0x337/0x6f0 [ 12.966602] ret_from_fork+0x116/0x1d0 [ 12.966871] ret_from_fork_asm+0x1a/0x30 [ 12.967090] [ 12.967252] The buggy address belongs to the object at ffff888102594300 [ 12.967252] which belongs to the cache kmalloc-128 of size 128 [ 12.967623] The buggy address is located 119 bytes inside of [ 12.967623] allocated 120-byte region [ffff888102594300, ffff888102594378) [ 12.968207] [ 12.968454] The buggy address belongs to the physical page: [ 12.968829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102594 [ 12.969155] flags: 0x200000000000000(node=0|zone=2) [ 12.969324] page_type: f5(slab) [ 12.969609] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.969979] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.970464] page dumped because: kasan: bad access detected [ 12.970787] [ 12.970883] Memory state around the buggy address: [ 12.971097] ffff888102594200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.971315] ffff888102594280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.971627] >ffff888102594300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.972116] ^ [ 12.972382] ffff888102594380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.972624] ffff888102594400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.972954] ==================================================================