Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.616062] ================================================================== [ 16.616269] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 16.616324] Write of size 4 at addr fff00000c3edd675 by task kunit_try_catch/174 [ 16.616374] [ 16.617029] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.617502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.617532] Hardware name: linux,dummy-virt (DT) [ 16.617565] Call trace: [ 16.617684] show_stack+0x20/0x38 (C) [ 16.617780] dump_stack_lvl+0x8c/0xd0 [ 16.618149] print_report+0x118/0x5d0 [ 16.618476] kasan_report+0xdc/0x128 [ 16.618838] kasan_check_range+0x100/0x1a8 [ 16.618996] __asan_memset+0x34/0x78 [ 16.619199] kmalloc_oob_memset_4+0x150/0x300 [ 16.619428] kunit_try_run_case+0x170/0x3f0 [ 16.619869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.619952] kthread+0x328/0x630 [ 16.619996] ret_from_fork+0x10/0x20 [ 16.620693] [ 16.620719] Allocated by task 174: [ 16.620750] kasan_save_stack+0x3c/0x68 [ 16.621048] kasan_save_track+0x20/0x40 [ 16.621222] kasan_save_alloc_info+0x40/0x58 [ 16.621263] __kasan_kmalloc+0xd4/0xd8 [ 16.621299] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.621574] kmalloc_oob_memset_4+0xb0/0x300 [ 16.621877] kunit_try_run_case+0x170/0x3f0 [ 16.621935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.621978] kthread+0x328/0x630 [ 16.622010] ret_from_fork+0x10/0x20 [ 16.622329] [ 16.622402] The buggy address belongs to the object at fff00000c3edd600 [ 16.622402] which belongs to the cache kmalloc-128 of size 128 [ 16.622671] The buggy address is located 117 bytes inside of [ 16.622671] allocated 120-byte region [fff00000c3edd600, fff00000c3edd678) [ 16.622752] [ 16.622773] The buggy address belongs to the physical page: [ 16.622810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103edd [ 16.623128] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.623517] page_type: f5(slab) [ 16.623852] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.624083] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.624442] page dumped because: kasan: bad access detected [ 16.624533] [ 16.624645] Memory state around the buggy address: [ 16.624805] fff00000c3edd500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.624895] fff00000c3edd580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.625048] >fff00000c3edd600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.625135] ^ [ 16.625187] fff00000c3edd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.625408] fff00000c3edd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.625449] ==================================================================
[ 16.599680] ================================================================== [ 16.599736] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 16.599790] Write of size 4 at addr fff00000c58dca75 by task kunit_try_catch/174 [ 16.599838] [ 16.599886] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.599968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.599993] Hardware name: linux,dummy-virt (DT) [ 16.600024] Call trace: [ 16.600047] show_stack+0x20/0x38 (C) [ 16.600095] dump_stack_lvl+0x8c/0xd0 [ 16.600152] print_report+0x118/0x5d0 [ 16.600206] kasan_report+0xdc/0x128 [ 16.600251] kasan_check_range+0x100/0x1a8 [ 16.600298] __asan_memset+0x34/0x78 [ 16.600340] kmalloc_oob_memset_4+0x150/0x300 [ 16.600386] kunit_try_run_case+0x170/0x3f0 [ 16.600433] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.600493] kthread+0x328/0x630 [ 16.600538] ret_from_fork+0x10/0x20 [ 16.600589] [ 16.600608] Allocated by task 174: [ 16.601448] kasan_save_stack+0x3c/0x68 [ 16.601518] kasan_save_track+0x20/0x40 [ 16.601595] kasan_save_alloc_info+0x40/0x58 [ 16.601793] __kasan_kmalloc+0xd4/0xd8 [ 16.601852] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.601986] kmalloc_oob_memset_4+0xb0/0x300 [ 16.602086] kunit_try_run_case+0x170/0x3f0 [ 16.602350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.602716] kthread+0x328/0x630 [ 16.602808] ret_from_fork+0x10/0x20 [ 16.602957] [ 16.602989] The buggy address belongs to the object at fff00000c58dca00 [ 16.602989] which belongs to the cache kmalloc-128 of size 128 [ 16.603122] The buggy address is located 117 bytes inside of [ 16.603122] allocated 120-byte region [fff00000c58dca00, fff00000c58dca78) [ 16.603433] [ 16.603538] The buggy address belongs to the physical page: [ 16.603608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058dc [ 16.603806] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.603904] page_type: f5(slab) [ 16.604047] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.604131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.604181] page dumped because: kasan: bad access detected [ 16.604211] [ 16.604408] Memory state around the buggy address: [ 16.604655] fff00000c58dc900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.604821] fff00000c58dc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.604966] >fff00000c58dca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.605099] ^ [ 16.605167] fff00000c58dca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.605209] fff00000c58dcb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.605247] ==================================================================
[ 12.758820] ================================================================== [ 12.759366] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.759717] Write of size 4 at addr ffff88810313a675 by task kunit_try_catch/192 [ 12.760027] [ 12.760160] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.760244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.760258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.760278] Call Trace: [ 12.760291] <TASK> [ 12.760307] dump_stack_lvl+0x73/0xb0 [ 12.760350] print_report+0xd1/0x610 [ 12.760373] ? __virt_addr_valid+0x1db/0x2d0 [ 12.760426] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.760447] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.760468] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.760490] kasan_report+0x141/0x180 [ 12.760522] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.760549] kasan_check_range+0x10c/0x1c0 [ 12.760573] __asan_memset+0x27/0x50 [ 12.760593] kmalloc_oob_memset_4+0x166/0x330 [ 12.760616] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.760638] ? __schedule+0x2079/0x2b60 [ 12.760662] ? __pfx_read_tsc+0x10/0x10 [ 12.760688] ? ktime_get_ts64+0x86/0x230 [ 12.760713] kunit_try_run_case+0x1a5/0x480 [ 12.760738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.760770] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.760804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.760828] ? __kthread_parkme+0x82/0x180 [ 12.760849] ? preempt_count_sub+0x50/0x80 [ 12.760883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.760907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.760930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.760953] kthread+0x337/0x6f0 [ 12.760972] ? trace_preempt_on+0x20/0xc0 [ 12.760995] ? __pfx_kthread+0x10/0x10 [ 12.761016] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.761052] ? calculate_sigpending+0x7b/0xa0 [ 12.761076] ? __pfx_kthread+0x10/0x10 [ 12.761097] ret_from_fork+0x116/0x1d0 [ 12.761115] ? __pfx_kthread+0x10/0x10 [ 12.761136] ret_from_fork_asm+0x1a/0x30 [ 12.761168] </TASK> [ 12.761178] [ 12.769321] Allocated by task 192: [ 12.769510] kasan_save_stack+0x45/0x70 [ 12.769686] kasan_save_track+0x18/0x40 [ 12.769824] kasan_save_alloc_info+0x3b/0x50 [ 12.769974] __kasan_kmalloc+0xb7/0xc0 [ 12.770302] __kmalloc_cache_noprof+0x189/0x420 [ 12.770758] kmalloc_oob_memset_4+0xac/0x330 [ 12.770983] kunit_try_run_case+0x1a5/0x480 [ 12.771485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.771685] kthread+0x337/0x6f0 [ 12.771868] ret_from_fork+0x116/0x1d0 [ 12.772051] ret_from_fork_asm+0x1a/0x30 [ 12.772314] [ 12.772428] The buggy address belongs to the object at ffff88810313a600 [ 12.772428] which belongs to the cache kmalloc-128 of size 128 [ 12.772946] The buggy address is located 117 bytes inside of [ 12.772946] allocated 120-byte region [ffff88810313a600, ffff88810313a678) [ 12.773533] [ 12.773648] The buggy address belongs to the physical page: [ 12.773833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.774078] flags: 0x200000000000000(node=0|zone=2) [ 12.774244] page_type: f5(slab) [ 12.774368] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.774755] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.775085] page dumped because: kasan: bad access detected [ 12.775334] [ 12.775477] Memory state around the buggy address: [ 12.775633] ffff88810313a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.775848] ffff88810313a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.776500] >ffff88810313a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.777142] ^ [ 12.777706] ffff88810313a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.777987] ffff88810313a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.778488] ==================================================================
[ 12.877795] ================================================================== [ 12.878370] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.878719] Write of size 4 at addr ffff888102a3ef75 by task kunit_try_catch/191 [ 12.879247] [ 12.879360] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.879408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.879420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.879441] Call Trace: [ 12.879456] <TASK> [ 12.879473] dump_stack_lvl+0x73/0xb0 [ 12.879503] print_report+0xd1/0x610 [ 12.879525] ? __virt_addr_valid+0x1db/0x2d0 [ 12.879548] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.879568] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.879590] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.879611] kasan_report+0x141/0x180 [ 12.879632] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.879657] kasan_check_range+0x10c/0x1c0 [ 12.879680] __asan_memset+0x27/0x50 [ 12.879698] kmalloc_oob_memset_4+0x166/0x330 [ 12.879720] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.879742] ? __schedule+0x10c6/0x2b60 [ 12.879764] ? __pfx_read_tsc+0x10/0x10 [ 12.879783] ? ktime_get_ts64+0x86/0x230 [ 12.879807] kunit_try_run_case+0x1a5/0x480 [ 12.879831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.879900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.879925] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.879948] ? __kthread_parkme+0x82/0x180 [ 12.879968] ? preempt_count_sub+0x50/0x80 [ 12.879991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.880014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.880037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.880059] kthread+0x337/0x6f0 [ 12.880078] ? trace_preempt_on+0x20/0xc0 [ 12.880100] ? __pfx_kthread+0x10/0x10 [ 12.880120] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.880141] ? calculate_sigpending+0x7b/0xa0 [ 12.880175] ? __pfx_kthread+0x10/0x10 [ 12.880196] ret_from_fork+0x116/0x1d0 [ 12.880213] ? __pfx_kthread+0x10/0x10 [ 12.880233] ret_from_fork_asm+0x1a/0x30 [ 12.880263] </TASK> [ 12.880273] [ 12.887968] Allocated by task 191: [ 12.888160] kasan_save_stack+0x45/0x70 [ 12.888459] kasan_save_track+0x18/0x40 [ 12.888783] kasan_save_alloc_info+0x3b/0x50 [ 12.889103] __kasan_kmalloc+0xb7/0xc0 [ 12.889685] __kmalloc_cache_noprof+0x189/0x420 [ 12.890693] kmalloc_oob_memset_4+0xac/0x330 [ 12.891056] kunit_try_run_case+0x1a5/0x480 [ 12.891269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.891762] kthread+0x337/0x6f0 [ 12.892130] ret_from_fork+0x116/0x1d0 [ 12.892533] ret_from_fork_asm+0x1a/0x30 [ 12.892744] [ 12.892843] The buggy address belongs to the object at ffff888102a3ef00 [ 12.892843] which belongs to the cache kmalloc-128 of size 128 [ 12.894340] The buggy address is located 117 bytes inside of [ 12.894340] allocated 120-byte region [ffff888102a3ef00, ffff888102a3ef78) [ 12.895069] [ 12.895184] The buggy address belongs to the physical page: [ 12.895623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3e [ 12.896307] flags: 0x200000000000000(node=0|zone=2) [ 12.896555] page_type: f5(slab) [ 12.896708] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.897484] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.898238] page dumped because: kasan: bad access detected [ 12.898704] [ 12.898801] Memory state around the buggy address: [ 12.899475] ffff888102a3ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.900160] ffff888102a3ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.900743] >ffff888102a3ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.901140] ^ [ 12.901692] ffff888102a3ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.902668] ffff888102a3f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.903161] ==================================================================