Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.593140] ================================================================== [ 16.593342] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 16.593397] Write of size 2 at addr fff00000c3edd577 by task kunit_try_catch/172 [ 16.593627] [ 16.593809] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.594096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.594281] Hardware name: linux,dummy-virt (DT) [ 16.594334] Call trace: [ 16.594357] show_stack+0x20/0x38 (C) [ 16.594497] dump_stack_lvl+0x8c/0xd0 [ 16.594652] print_report+0x118/0x5d0 [ 16.594845] kasan_report+0xdc/0x128 [ 16.595093] kasan_check_range+0x100/0x1a8 [ 16.595221] __asan_memset+0x34/0x78 [ 16.595316] kmalloc_oob_memset_2+0x150/0x2f8 [ 16.595431] kunit_try_run_case+0x170/0x3f0 [ 16.595536] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.595642] kthread+0x328/0x630 [ 16.595708] ret_from_fork+0x10/0x20 [ 16.596114] [ 16.596257] Allocated by task 172: [ 16.596320] kasan_save_stack+0x3c/0x68 [ 16.596491] kasan_save_track+0x20/0x40 [ 16.596629] kasan_save_alloc_info+0x40/0x58 [ 16.596810] __kasan_kmalloc+0xd4/0xd8 [ 16.596919] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.597118] kmalloc_oob_memset_2+0xb0/0x2f8 [ 16.597347] kunit_try_run_case+0x170/0x3f0 [ 16.597421] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.597582] kthread+0x328/0x630 [ 16.597742] ret_from_fork+0x10/0x20 [ 16.597978] [ 16.598039] The buggy address belongs to the object at fff00000c3edd500 [ 16.598039] which belongs to the cache kmalloc-128 of size 128 [ 16.598097] The buggy address is located 119 bytes inside of [ 16.598097] allocated 120-byte region [fff00000c3edd500, fff00000c3edd578) [ 16.598321] [ 16.598397] The buggy address belongs to the physical page: [ 16.598573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103edd [ 16.598728] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.598778] page_type: f5(slab) [ 16.599052] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.599151] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.599267] page dumped because: kasan: bad access detected [ 16.599300] [ 16.599318] Memory state around the buggy address: [ 16.599473] fff00000c3edd400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.599599] fff00000c3edd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599653] >fff00000c3edd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.599712] ^ [ 16.599788] fff00000c3edd580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599853] fff00000c3edd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599891] ==================================================================
[ 16.583034] ================================================================== [ 16.583096] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 16.583147] Write of size 2 at addr fff00000c58dc977 by task kunit_try_catch/172 [ 16.583196] [ 16.583244] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.583325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.583351] Hardware name: linux,dummy-virt (DT) [ 16.583382] Call trace: [ 16.583425] show_stack+0x20/0x38 (C) [ 16.583474] dump_stack_lvl+0x8c/0xd0 [ 16.583520] print_report+0x118/0x5d0 [ 16.583565] kasan_report+0xdc/0x128 [ 16.583609] kasan_check_range+0x100/0x1a8 [ 16.584075] __asan_memset+0x34/0x78 [ 16.584127] kmalloc_oob_memset_2+0x150/0x2f8 [ 16.584172] kunit_try_run_case+0x170/0x3f0 [ 16.584497] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.584562] kthread+0x328/0x630 [ 16.584926] ret_from_fork+0x10/0x20 [ 16.585101] [ 16.585259] Allocated by task 172: [ 16.585393] kasan_save_stack+0x3c/0x68 [ 16.585444] kasan_save_track+0x20/0x40 [ 16.585654] kasan_save_alloc_info+0x40/0x58 [ 16.585969] __kasan_kmalloc+0xd4/0xd8 [ 16.586286] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.586480] kmalloc_oob_memset_2+0xb0/0x2f8 [ 16.586715] kunit_try_run_case+0x170/0x3f0 [ 16.586760] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.587194] kthread+0x328/0x630 [ 16.587592] ret_from_fork+0x10/0x20 [ 16.587734] [ 16.587757] The buggy address belongs to the object at fff00000c58dc900 [ 16.587757] which belongs to the cache kmalloc-128 of size 128 [ 16.588079] The buggy address is located 119 bytes inside of [ 16.588079] allocated 120-byte region [fff00000c58dc900, fff00000c58dc978) [ 16.588331] [ 16.588671] The buggy address belongs to the physical page: [ 16.588783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058dc [ 16.588993] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.589141] page_type: f5(slab) [ 16.589231] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.589533] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.589669] page dumped because: kasan: bad access detected [ 16.589747] [ 16.589816] Memory state around the buggy address: [ 16.589922] fff00000c58dc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.590115] fff00000c58dc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.590179] >fff00000c58dc900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.590241] ^ [ 16.590461] fff00000c58dc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.590516] fff00000c58dca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.590690] ==================================================================
[ 12.734731] ================================================================== [ 12.735361] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 12.735753] Write of size 2 at addr ffff88810313a577 by task kunit_try_catch/190 [ 12.736204] [ 12.736483] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.736530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.736556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.736577] Call Trace: [ 12.736589] <TASK> [ 12.736603] dump_stack_lvl+0x73/0xb0 [ 12.736657] print_report+0xd1/0x610 [ 12.736683] ? __virt_addr_valid+0x1db/0x2d0 [ 12.736704] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.736725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.736747] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.736768] kasan_report+0x141/0x180 [ 12.736790] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.736817] kasan_check_range+0x10c/0x1c0 [ 12.736840] __asan_memset+0x27/0x50 [ 12.736869] kmalloc_oob_memset_2+0x166/0x330 [ 12.736890] ? __kasan_check_write+0x18/0x20 [ 12.736909] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 12.736941] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.736966] ? trace_hardirqs_on+0x37/0xe0 [ 12.736989] ? __pfx_read_tsc+0x10/0x10 [ 12.737011] ? ktime_get_ts64+0x86/0x230 [ 12.737085] kunit_try_run_case+0x1a5/0x480 [ 12.737110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737134] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.737158] ? __kthread_parkme+0x82/0x180 [ 12.737179] ? preempt_count_sub+0x50/0x80 [ 12.737203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.737249] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.737272] kthread+0x337/0x6f0 [ 12.737292] ? trace_preempt_on+0x20/0xc0 [ 12.737313] ? __pfx_kthread+0x10/0x10 [ 12.737334] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.737355] ? calculate_sigpending+0x7b/0xa0 [ 12.737378] ? __pfx_kthread+0x10/0x10 [ 12.737411] ret_from_fork+0x116/0x1d0 [ 12.737429] ? __pfx_kthread+0x10/0x10 [ 12.737449] ret_from_fork_asm+0x1a/0x30 [ 12.737481] </TASK> [ 12.737491] [ 12.745709] Allocated by task 190: [ 12.745900] kasan_save_stack+0x45/0x70 [ 12.746095] kasan_save_track+0x18/0x40 [ 12.746234] kasan_save_alloc_info+0x3b/0x50 [ 12.746383] __kasan_kmalloc+0xb7/0xc0 [ 12.746779] __kmalloc_cache_noprof+0x189/0x420 [ 12.747161] kmalloc_oob_memset_2+0xac/0x330 [ 12.747413] kunit_try_run_case+0x1a5/0x480 [ 12.747662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.747922] kthread+0x337/0x6f0 [ 12.748142] ret_from_fork+0x116/0x1d0 [ 12.748314] ret_from_fork_asm+0x1a/0x30 [ 12.748532] [ 12.748640] The buggy address belongs to the object at ffff88810313a500 [ 12.748640] which belongs to the cache kmalloc-128 of size 128 [ 12.749148] The buggy address is located 119 bytes inside of [ 12.749148] allocated 120-byte region [ffff88810313a500, ffff88810313a578) [ 12.749770] [ 12.749863] The buggy address belongs to the physical page: [ 12.750084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.750330] flags: 0x200000000000000(node=0|zone=2) [ 12.750556] page_type: f5(slab) [ 12.750816] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.751423] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.751801] page dumped because: kasan: bad access detected [ 12.752133] [ 12.752243] Memory state around the buggy address: [ 12.752463] ffff88810313a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.752952] ffff88810313a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.753346] >ffff88810313a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.753612] ^ [ 12.753830] ffff88810313a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.754049] ffff88810313a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.754341] ==================================================================
[ 12.853546] ================================================================== [ 12.853980] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 12.854521] Write of size 2 at addr ffff888102a3ee77 by task kunit_try_catch/189 [ 12.854794] [ 12.855229] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.855293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.855305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.855336] Call Trace: [ 12.855350] <TASK> [ 12.855367] dump_stack_lvl+0x73/0xb0 [ 12.855411] print_report+0xd1/0x610 [ 12.855433] ? __virt_addr_valid+0x1db/0x2d0 [ 12.855457] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.855477] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.855499] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.855520] kasan_report+0x141/0x180 [ 12.855540] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.855566] kasan_check_range+0x10c/0x1c0 [ 12.855597] __asan_memset+0x27/0x50 [ 12.855616] kmalloc_oob_memset_2+0x166/0x330 [ 12.855638] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 12.855669] ? __schedule+0x10c6/0x2b60 [ 12.855692] ? __pfx_read_tsc+0x10/0x10 [ 12.855713] ? ktime_get_ts64+0x86/0x230 [ 12.855738] kunit_try_run_case+0x1a5/0x480 [ 12.855764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.855786] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.855818] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.855840] ? __kthread_parkme+0x82/0x180 [ 12.855898] ? preempt_count_sub+0x50/0x80 [ 12.855921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.855945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.855967] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.855990] kthread+0x337/0x6f0 [ 12.856009] ? trace_preempt_on+0x20/0xc0 [ 12.856032] ? __pfx_kthread+0x10/0x10 [ 12.856052] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.856072] ? calculate_sigpending+0x7b/0xa0 [ 12.856096] ? __pfx_kthread+0x10/0x10 [ 12.856117] ret_from_fork+0x116/0x1d0 [ 12.856135] ? __pfx_kthread+0x10/0x10 [ 12.856164] ret_from_fork_asm+0x1a/0x30 [ 12.856195] </TASK> [ 12.856205] [ 12.864259] Allocated by task 189: [ 12.864453] kasan_save_stack+0x45/0x70 [ 12.864603] kasan_save_track+0x18/0x40 [ 12.864907] kasan_save_alloc_info+0x3b/0x50 [ 12.865132] __kasan_kmalloc+0xb7/0xc0 [ 12.865359] __kmalloc_cache_noprof+0x189/0x420 [ 12.865533] kmalloc_oob_memset_2+0xac/0x330 [ 12.865683] kunit_try_run_case+0x1a5/0x480 [ 12.865889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.866159] kthread+0x337/0x6f0 [ 12.866377] ret_from_fork+0x116/0x1d0 [ 12.866565] ret_from_fork_asm+0x1a/0x30 [ 12.866764] [ 12.867051] The buggy address belongs to the object at ffff888102a3ee00 [ 12.867051] which belongs to the cache kmalloc-128 of size 128 [ 12.867647] The buggy address is located 119 bytes inside of [ 12.867647] allocated 120-byte region [ffff888102a3ee00, ffff888102a3ee78) [ 12.868195] [ 12.868346] The buggy address belongs to the physical page: [ 12.868605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3e [ 12.869074] flags: 0x200000000000000(node=0|zone=2) [ 12.869354] page_type: f5(slab) [ 12.869527] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.869937] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.870281] page dumped because: kasan: bad access detected [ 12.870558] [ 12.870656] Memory state around the buggy address: [ 12.871074] ffff888102a3ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.871406] ffff888102a3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.871656] >ffff888102a3ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.872030] ^ [ 12.872391] ffff888102a3ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.872727] ffff888102a3ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.873137] ==================================================================