Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.659511] ================================================================== [ 16.659583] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 16.660055] Write of size 16 at addr fff00000c3edd869 by task kunit_try_catch/178 [ 16.660445] [ 16.660660] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.660801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.660827] Hardware name: linux,dummy-virt (DT) [ 16.660858] Call trace: [ 16.660883] show_stack+0x20/0x38 (C) [ 16.660948] dump_stack_lvl+0x8c/0xd0 [ 16.660994] print_report+0x118/0x5d0 [ 16.661041] kasan_report+0xdc/0x128 [ 16.661085] kasan_check_range+0x100/0x1a8 [ 16.661132] __asan_memset+0x34/0x78 [ 16.661173] kmalloc_oob_memset_16+0x150/0x2f8 [ 16.661218] kunit_try_run_case+0x170/0x3f0 [ 16.661267] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.661322] kthread+0x328/0x630 [ 16.661365] ret_from_fork+0x10/0x20 [ 16.661429] [ 16.661451] Allocated by task 178: [ 16.661479] kasan_save_stack+0x3c/0x68 [ 16.661520] kasan_save_track+0x20/0x40 [ 16.661572] kasan_save_alloc_info+0x40/0x58 [ 16.661617] __kasan_kmalloc+0xd4/0xd8 [ 16.661653] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.661701] kmalloc_oob_memset_16+0xb0/0x2f8 [ 16.661738] kunit_try_run_case+0x170/0x3f0 [ 16.661774] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.662317] kthread+0x328/0x630 [ 16.662415] ret_from_fork+0x10/0x20 [ 16.662650] [ 16.662796] The buggy address belongs to the object at fff00000c3edd800 [ 16.662796] which belongs to the cache kmalloc-128 of size 128 [ 16.662882] The buggy address is located 105 bytes inside of [ 16.662882] allocated 120-byte region [fff00000c3edd800, fff00000c3edd878) [ 16.663037] [ 16.663070] The buggy address belongs to the physical page: [ 16.663117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103edd [ 16.663190] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.663330] page_type: f5(slab) [ 16.663418] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.663691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.663947] page dumped because: kasan: bad access detected [ 16.664089] [ 16.664206] Memory state around the buggy address: [ 16.664375] fff00000c3edd700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.664474] fff00000c3edd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.664525] >fff00000c3edd800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.664572] ^ [ 16.664994] fff00000c3edd880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.665175] fff00000c3edd900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.665318] ==================================================================
[ 16.634562] ================================================================== [ 16.634822] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 16.634904] Write of size 16 at addr fff00000c58dcc69 by task kunit_try_catch/178 [ 16.635013] [ 16.635049] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.635168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.635208] Hardware name: linux,dummy-virt (DT) [ 16.635444] Call trace: [ 16.635596] show_stack+0x20/0x38 (C) [ 16.635762] dump_stack_lvl+0x8c/0xd0 [ 16.635823] print_report+0x118/0x5d0 [ 16.636163] kasan_report+0xdc/0x128 [ 16.636225] kasan_check_range+0x100/0x1a8 [ 16.636316] __asan_memset+0x34/0x78 [ 16.636363] kmalloc_oob_memset_16+0x150/0x2f8 [ 16.636631] kunit_try_run_case+0x170/0x3f0 [ 16.636727] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.636782] kthread+0x328/0x630 [ 16.636826] ret_from_fork+0x10/0x20 [ 16.636881] [ 16.636899] Allocated by task 178: [ 16.637213] kasan_save_stack+0x3c/0x68 [ 16.637355] kasan_save_track+0x20/0x40 [ 16.637453] kasan_save_alloc_info+0x40/0x58 [ 16.637608] __kasan_kmalloc+0xd4/0xd8 [ 16.637843] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.638098] kmalloc_oob_memset_16+0xb0/0x2f8 [ 16.638239] kunit_try_run_case+0x170/0x3f0 [ 16.638317] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.638422] kthread+0x328/0x630 [ 16.638541] ret_from_fork+0x10/0x20 [ 16.638649] [ 16.638795] The buggy address belongs to the object at fff00000c58dcc00 [ 16.638795] which belongs to the cache kmalloc-128 of size 128 [ 16.638871] The buggy address is located 105 bytes inside of [ 16.638871] allocated 120-byte region [fff00000c58dcc00, fff00000c58dcc78) [ 16.639315] [ 16.639344] The buggy address belongs to the physical page: [ 16.639695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058dc [ 16.639915] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.640060] page_type: f5(slab) [ 16.640205] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.640301] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.640645] page dumped because: kasan: bad access detected [ 16.640700] [ 16.640892] Memory state around the buggy address: [ 16.640940] fff00000c58dcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.641030] fff00000c58dcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.641149] >fff00000c58dcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.641215] ^ [ 16.641257] fff00000c58dcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.641475] fff00000c58dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.641586] ==================================================================
[ 12.805693] ================================================================== [ 12.806299] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 12.806787] Write of size 16 at addr ffff88810313a769 by task kunit_try_catch/196 [ 12.807121] [ 12.807243] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.807287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.807299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.807319] Call Trace: [ 12.807332] <TASK> [ 12.807347] dump_stack_lvl+0x73/0xb0 [ 12.807377] print_report+0xd1/0x610 [ 12.807410] ? __virt_addr_valid+0x1db/0x2d0 [ 12.807432] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.807454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.807476] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.807498] kasan_report+0x141/0x180 [ 12.807519] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.807547] kasan_check_range+0x10c/0x1c0 [ 12.807570] __asan_memset+0x27/0x50 [ 12.807813] kmalloc_oob_memset_16+0x166/0x330 [ 12.807840] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 12.807863] ? __schedule+0x10c6/0x2b60 [ 12.807885] ? __pfx_read_tsc+0x10/0x10 [ 12.807907] ? ktime_get_ts64+0x86/0x230 [ 12.807932] kunit_try_run_case+0x1a5/0x480 [ 12.807956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.807995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.808019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.808053] ? __kthread_parkme+0x82/0x180 [ 12.808074] ? preempt_count_sub+0x50/0x80 [ 12.808097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.808121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.808144] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.808167] kthread+0x337/0x6f0 [ 12.808250] ? trace_preempt_on+0x20/0xc0 [ 12.808274] ? __pfx_kthread+0x10/0x10 [ 12.808295] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.808317] ? calculate_sigpending+0x7b/0xa0 [ 12.808340] ? __pfx_kthread+0x10/0x10 [ 12.808362] ret_from_fork+0x116/0x1d0 [ 12.808380] ? __pfx_kthread+0x10/0x10 [ 12.808412] ret_from_fork_asm+0x1a/0x30 [ 12.808444] </TASK> [ 12.808455] [ 12.816522] Allocated by task 196: [ 12.816843] kasan_save_stack+0x45/0x70 [ 12.817049] kasan_save_track+0x18/0x40 [ 12.817227] kasan_save_alloc_info+0x3b/0x50 [ 12.817378] __kasan_kmalloc+0xb7/0xc0 [ 12.817582] __kmalloc_cache_noprof+0x189/0x420 [ 12.817900] kmalloc_oob_memset_16+0xac/0x330 [ 12.818236] kunit_try_run_case+0x1a5/0x480 [ 12.818419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.818678] kthread+0x337/0x6f0 [ 12.818857] ret_from_fork+0x116/0x1d0 [ 12.819098] ret_from_fork_asm+0x1a/0x30 [ 12.819309] [ 12.819411] The buggy address belongs to the object at ffff88810313a700 [ 12.819411] which belongs to the cache kmalloc-128 of size 128 [ 12.819920] The buggy address is located 105 bytes inside of [ 12.819920] allocated 120-byte region [ffff88810313a700, ffff88810313a778) [ 12.820284] [ 12.820358] The buggy address belongs to the physical page: [ 12.820584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.820937] flags: 0x200000000000000(node=0|zone=2) [ 12.821171] page_type: f5(slab) [ 12.821450] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.821828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.822117] page dumped because: kasan: bad access detected [ 12.822373] [ 12.822476] Memory state around the buggy address: [ 12.822778] ffff88810313a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.823090] ffff88810313a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.823410] >ffff88810313a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.823731] ^ [ 12.823951] ffff88810313a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.824517] ffff88810313a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.824853] ==================================================================
[ 12.936388] ================================================================== [ 12.937046] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 12.937463] Write of size 16 at addr ffff888102a51069 by task kunit_try_catch/195 [ 12.937810] [ 12.938015] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.938063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.938075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.938097] Call Trace: [ 12.938111] <TASK> [ 12.938161] dump_stack_lvl+0x73/0xb0 [ 12.938192] print_report+0xd1/0x610 [ 12.938230] ? __virt_addr_valid+0x1db/0x2d0 [ 12.938253] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.938273] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.938308] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.938329] kasan_report+0x141/0x180 [ 12.938363] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.938389] kasan_check_range+0x10c/0x1c0 [ 12.938411] __asan_memset+0x27/0x50 [ 12.938430] kmalloc_oob_memset_16+0x166/0x330 [ 12.938452] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 12.938474] ? __schedule+0x10c6/0x2b60 [ 12.938497] ? __pfx_read_tsc+0x10/0x10 [ 12.938517] ? ktime_get_ts64+0x86/0x230 [ 12.938541] kunit_try_run_case+0x1a5/0x480 [ 12.938566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.938588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.938611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.938633] ? __kthread_parkme+0x82/0x180 [ 12.938653] ? preempt_count_sub+0x50/0x80 [ 12.938677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.938700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.938723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.938746] kthread+0x337/0x6f0 [ 12.938765] ? trace_preempt_on+0x20/0xc0 [ 12.938787] ? __pfx_kthread+0x10/0x10 [ 12.938808] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.938828] ? calculate_sigpending+0x7b/0xa0 [ 12.938852] ? __pfx_kthread+0x10/0x10 [ 12.938883] ret_from_fork+0x116/0x1d0 [ 12.938900] ? __pfx_kthread+0x10/0x10 [ 12.938920] ret_from_fork_asm+0x1a/0x30 [ 12.938950] </TASK> [ 12.938960] [ 12.947292] Allocated by task 195: [ 12.947489] kasan_save_stack+0x45/0x70 [ 12.947696] kasan_save_track+0x18/0x40 [ 12.948074] kasan_save_alloc_info+0x3b/0x50 [ 12.948347] __kasan_kmalloc+0xb7/0xc0 [ 12.948568] __kmalloc_cache_noprof+0x189/0x420 [ 12.948820] kmalloc_oob_memset_16+0xac/0x330 [ 12.949086] kunit_try_run_case+0x1a5/0x480 [ 12.949308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.949556] kthread+0x337/0x6f0 [ 12.949755] ret_from_fork+0x116/0x1d0 [ 12.950012] ret_from_fork_asm+0x1a/0x30 [ 12.950210] [ 12.950306] The buggy address belongs to the object at ffff888102a51000 [ 12.950306] which belongs to the cache kmalloc-128 of size 128 [ 12.950828] The buggy address is located 105 bytes inside of [ 12.950828] allocated 120-byte region [ffff888102a51000, ffff888102a51078) [ 12.951315] [ 12.951392] The buggy address belongs to the physical page: [ 12.951771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a51 [ 12.952473] flags: 0x200000000000000(node=0|zone=2) [ 12.952726] page_type: f5(slab) [ 12.952923] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.953460] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.953797] page dumped because: kasan: bad access detected [ 12.954066] [ 12.954171] Memory state around the buggy address: [ 12.954332] ffff888102a50f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.954597] ffff888102a50f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.955376] >ffff888102a51000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.955717] ^ [ 12.956068] ffff888102a51080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.956628] ffff888102a51100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.956978] ==================================================================