Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.637622] ================================================================== [ 16.637683] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 16.638085] Write of size 8 at addr fff00000c3edd771 by task kunit_try_catch/176 [ 16.638273] [ 16.638485] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.638950] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.638997] Hardware name: linux,dummy-virt (DT) [ 16.639029] Call trace: [ 16.639070] show_stack+0x20/0x38 (C) [ 16.639124] dump_stack_lvl+0x8c/0xd0 [ 16.639170] print_report+0x118/0x5d0 [ 16.639217] kasan_report+0xdc/0x128 [ 16.639278] kasan_check_range+0x100/0x1a8 [ 16.639326] __asan_memset+0x34/0x78 [ 16.639370] kmalloc_oob_memset_8+0x150/0x2f8 [ 16.639429] kunit_try_run_case+0x170/0x3f0 [ 16.639486] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.639538] kthread+0x328/0x630 [ 16.639588] ret_from_fork+0x10/0x20 [ 16.639643] [ 16.639662] Allocated by task 176: [ 16.639701] kasan_save_stack+0x3c/0x68 [ 16.639743] kasan_save_track+0x20/0x40 [ 16.639787] kasan_save_alloc_info+0x40/0x58 [ 16.639838] __kasan_kmalloc+0xd4/0xd8 [ 16.639877] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.639929] kmalloc_oob_memset_8+0xb0/0x2f8 [ 16.639966] kunit_try_run_case+0x170/0x3f0 [ 16.640003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.640062] kthread+0x328/0x630 [ 16.640094] ret_from_fork+0x10/0x20 [ 16.640147] [ 16.640167] The buggy address belongs to the object at fff00000c3edd700 [ 16.640167] which belongs to the cache kmalloc-128 of size 128 [ 16.640223] The buggy address is located 113 bytes inside of [ 16.640223] allocated 120-byte region [fff00000c3edd700, fff00000c3edd778) [ 16.640284] [ 16.640314] The buggy address belongs to the physical page: [ 16.640353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103edd [ 16.640405] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.640453] page_type: f5(slab) [ 16.640492] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.640542] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.640582] page dumped because: kasan: bad access detected [ 16.640614] [ 16.640632] Memory state around the buggy address: [ 16.640672] fff00000c3edd600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.640714] fff00000c3edd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.640756] >fff00000c3edd700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.640792] ^ [ 16.640830] fff00000c3edd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.640882] fff00000c3edd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.641201] ==================================================================
[ 16.620419] ================================================================== [ 16.620907] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 16.621004] Write of size 8 at addr fff00000c58dcb71 by task kunit_try_catch/176 [ 16.621062] [ 16.621099] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.621386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.621524] Hardware name: linux,dummy-virt (DT) [ 16.621914] Call trace: [ 16.622106] show_stack+0x20/0x38 (C) [ 16.622230] dump_stack_lvl+0x8c/0xd0 [ 16.622396] print_report+0x118/0x5d0 [ 16.622493] kasan_report+0xdc/0x128 [ 16.622543] kasan_check_range+0x100/0x1a8 [ 16.622597] __asan_memset+0x34/0x78 [ 16.622653] kmalloc_oob_memset_8+0x150/0x2f8 [ 16.622700] kunit_try_run_case+0x170/0x3f0 [ 16.622749] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.622801] kthread+0x328/0x630 [ 16.622848] ret_from_fork+0x10/0x20 [ 16.622898] [ 16.622918] Allocated by task 176: [ 16.622946] kasan_save_stack+0x3c/0x68 [ 16.623005] kasan_save_track+0x20/0x40 [ 16.623058] kasan_save_alloc_info+0x40/0x58 [ 16.623105] __kasan_kmalloc+0xd4/0xd8 [ 16.623141] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.623189] kmalloc_oob_memset_8+0xb0/0x2f8 [ 16.623226] kunit_try_run_case+0x170/0x3f0 [ 16.623263] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.623321] kthread+0x328/0x630 [ 16.623353] ret_from_fork+0x10/0x20 [ 16.623397] [ 16.623416] The buggy address belongs to the object at fff00000c58dcb00 [ 16.623416] which belongs to the cache kmalloc-128 of size 128 [ 16.623487] The buggy address is located 113 bytes inside of [ 16.623487] allocated 120-byte region [fff00000c58dcb00, fff00000c58dcb78) [ 16.623549] [ 16.623579] The buggy address belongs to the physical page: [ 16.623611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058dc [ 16.623689] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.623738] page_type: f5(slab) [ 16.623778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.623828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.623886] page dumped because: kasan: bad access detected [ 16.623935] [ 16.623953] Memory state around the buggy address: [ 16.623990] fff00000c58dca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.624038] fff00000c58dca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.624107] >fff00000c58dcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.624143] ^ [ 16.624184] fff00000c58dcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.624225] fff00000c58dcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.624278] ==================================================================
[ 12.782095] ================================================================== [ 12.782593] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 12.782901] Write of size 8 at addr ffff888101bc1571 by task kunit_try_catch/194 [ 12.783416] [ 12.783516] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.783560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.783572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.783593] Call Trace: [ 12.783605] <TASK> [ 12.783622] dump_stack_lvl+0x73/0xb0 [ 12.783652] print_report+0xd1/0x610 [ 12.783675] ? __virt_addr_valid+0x1db/0x2d0 [ 12.783699] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.783720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.783742] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.783764] kasan_report+0x141/0x180 [ 12.783786] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.783814] kasan_check_range+0x10c/0x1c0 [ 12.783837] __asan_memset+0x27/0x50 [ 12.783856] kmalloc_oob_memset_8+0x166/0x330 [ 12.783879] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 12.783901] ? __schedule+0x10c6/0x2b60 [ 12.783924] ? __pfx_read_tsc+0x10/0x10 [ 12.783944] ? ktime_get_ts64+0x86/0x230 [ 12.783971] kunit_try_run_case+0x1a5/0x480 [ 12.783995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.784017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.784040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.784063] ? __kthread_parkme+0x82/0x180 [ 12.784258] ? preempt_count_sub+0x50/0x80 [ 12.784284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.784308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.784332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.784356] kthread+0x337/0x6f0 [ 12.784375] ? trace_preempt_on+0x20/0xc0 [ 12.784413] ? __pfx_kthread+0x10/0x10 [ 12.784434] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.784456] ? calculate_sigpending+0x7b/0xa0 [ 12.784480] ? __pfx_kthread+0x10/0x10 [ 12.784501] ret_from_fork+0x116/0x1d0 [ 12.784520] ? __pfx_kthread+0x10/0x10 [ 12.784540] ret_from_fork_asm+0x1a/0x30 [ 12.784574] </TASK> [ 12.784584] [ 12.792271] Allocated by task 194: [ 12.792466] kasan_save_stack+0x45/0x70 [ 12.792752] kasan_save_track+0x18/0x40 [ 12.792923] kasan_save_alloc_info+0x3b/0x50 [ 12.793074] __kasan_kmalloc+0xb7/0xc0 [ 12.793213] __kmalloc_cache_noprof+0x189/0x420 [ 12.793448] kmalloc_oob_memset_8+0xac/0x330 [ 12.793795] kunit_try_run_case+0x1a5/0x480 [ 12.794307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.794566] kthread+0x337/0x6f0 [ 12.794742] ret_from_fork+0x116/0x1d0 [ 12.794907] ret_from_fork_asm+0x1a/0x30 [ 12.795158] [ 12.795253] The buggy address belongs to the object at ffff888101bc1500 [ 12.795253] which belongs to the cache kmalloc-128 of size 128 [ 12.795821] The buggy address is located 113 bytes inside of [ 12.795821] allocated 120-byte region [ffff888101bc1500, ffff888101bc1578) [ 12.796430] [ 12.796541] The buggy address belongs to the physical page: [ 12.796759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 12.796996] flags: 0x200000000000000(node=0|zone=2) [ 12.797189] page_type: f5(slab) [ 12.797361] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.797710] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.798041] page dumped because: kasan: bad access detected [ 12.798282] [ 12.798587] Memory state around the buggy address: [ 12.798773] ffff888101bc1400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.798986] ffff888101bc1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.799749] >ffff888101bc1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.800013] ^ [ 12.800390] ffff888101bc1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.800745] ffff888101bc1600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.801058] ==================================================================
[ 12.908502] ================================================================== [ 12.908895] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 12.909131] Write of size 8 at addr ffff8881027a1b71 by task kunit_try_catch/193 [ 12.909790] [ 12.910358] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.910445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.910461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.910483] Call Trace: [ 12.910496] <TASK> [ 12.910513] dump_stack_lvl+0x73/0xb0 [ 12.910547] print_report+0xd1/0x610 [ 12.910569] ? __virt_addr_valid+0x1db/0x2d0 [ 12.910592] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.910614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.910635] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.910656] kasan_report+0x141/0x180 [ 12.910677] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.910703] kasan_check_range+0x10c/0x1c0 [ 12.910725] __asan_memset+0x27/0x50 [ 12.910744] kmalloc_oob_memset_8+0x166/0x330 [ 12.910765] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 12.910787] ? __schedule+0x10c6/0x2b60 [ 12.910809] ? __pfx_read_tsc+0x10/0x10 [ 12.910830] ? ktime_get_ts64+0x86/0x230 [ 12.910854] kunit_try_run_case+0x1a5/0x480 [ 12.910878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.910900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.910923] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.910945] ? __kthread_parkme+0x82/0x180 [ 12.910966] ? preempt_count_sub+0x50/0x80 [ 12.911065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.911089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.911124] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.911164] kthread+0x337/0x6f0 [ 12.911183] ? trace_preempt_on+0x20/0xc0 [ 12.911207] ? __pfx_kthread+0x10/0x10 [ 12.911228] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.911260] ? calculate_sigpending+0x7b/0xa0 [ 12.911284] ? __pfx_kthread+0x10/0x10 [ 12.911305] ret_from_fork+0x116/0x1d0 [ 12.911323] ? __pfx_kthread+0x10/0x10 [ 12.911343] ret_from_fork_asm+0x1a/0x30 [ 12.911372] </TASK> [ 12.911383] [ 12.922106] Allocated by task 193: [ 12.922493] kasan_save_stack+0x45/0x70 [ 12.922679] kasan_save_track+0x18/0x40 [ 12.922837] kasan_save_alloc_info+0x3b/0x50 [ 12.923315] __kasan_kmalloc+0xb7/0xc0 [ 12.923516] __kmalloc_cache_noprof+0x189/0x420 [ 12.923758] kmalloc_oob_memset_8+0xac/0x330 [ 12.924311] kunit_try_run_case+0x1a5/0x480 [ 12.924491] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.925002] kthread+0x337/0x6f0 [ 12.925179] ret_from_fork+0x116/0x1d0 [ 12.925603] ret_from_fork_asm+0x1a/0x30 [ 12.925898] [ 12.926201] The buggy address belongs to the object at ffff8881027a1b00 [ 12.926201] which belongs to the cache kmalloc-128 of size 128 [ 12.926801] The buggy address is located 113 bytes inside of [ 12.926801] allocated 120-byte region [ffff8881027a1b00, ffff8881027a1b78) [ 12.927793] [ 12.927896] The buggy address belongs to the physical page: [ 12.928135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a1 [ 12.928545] flags: 0x200000000000000(node=0|zone=2) [ 12.928849] page_type: f5(slab) [ 12.929049] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.929441] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.930010] page dumped because: kasan: bad access detected [ 12.930303] [ 12.930402] Memory state around the buggy address: [ 12.930683] ffff8881027a1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.930959] ffff8881027a1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.931445] >ffff8881027a1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.931770] ^ [ 12.932218] ffff8881027a1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.932623] ffff8881027a1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.932917] ==================================================================