Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.877009] ================================================================== [ 30.877116] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 30.877170] Write of size 16 at addr fff00000c91f0069 by task kunit_try_catch/211 [ 30.877238] [ 30.877301] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.877406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.877433] Hardware name: linux,dummy-virt (DT) [ 30.877469] Call trace: [ 30.877546] show_stack+0x20/0x38 (C) [ 30.877615] dump_stack_lvl+0x8c/0xd0 [ 30.877671] print_report+0x118/0x608 [ 30.877758] kasan_report+0xdc/0x128 [ 30.877806] kasan_check_range+0x100/0x1a8 [ 30.877850] __asan_memset+0x34/0x78 [ 30.877896] kmalloc_oob_memset_16+0x150/0x2f8 [ 30.877982] kunit_try_run_case+0x170/0x3f0 [ 30.878031] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.878210] kthread+0x328/0x630 [ 30.878306] ret_from_fork+0x10/0x20 [ 30.878512] [ 30.878559] Allocated by task 211: [ 30.878589] kasan_save_stack+0x3c/0x68 [ 30.878634] kasan_save_track+0x20/0x40 [ 30.878887] kasan_save_alloc_info+0x40/0x58 [ 30.879061] __kasan_kmalloc+0xd4/0xd8 [ 30.879139] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.879189] kmalloc_oob_memset_16+0xb0/0x2f8 [ 30.879395] kunit_try_run_case+0x170/0x3f0 [ 30.879615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.879679] kthread+0x328/0x630 [ 30.879955] ret_from_fork+0x10/0x20 [ 30.880140] [ 30.880184] The buggy address belongs to the object at fff00000c91f0000 [ 30.880184] which belongs to the cache kmalloc-128 of size 128 [ 30.880324] The buggy address is located 105 bytes inside of [ 30.880324] allocated 120-byte region [fff00000c91f0000, fff00000c91f0078) [ 30.880417] [ 30.880564] The buggy address belongs to the physical page: [ 30.880620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 30.880676] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.880747] page_type: f5(slab) [ 30.880803] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.880864] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.880914] page dumped because: kasan: bad access detected [ 30.880959] [ 30.880977] Memory state around the buggy address: [ 30.881009] fff00000c91eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881063] fff00000c91eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881106] >fff00000c91f0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.881145] ^ [ 30.881195] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881239] fff00000c91f0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.881286] ==================================================================
[ 32.642241] ================================================================== [ 32.642301] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 32.642351] Write of size 16 at addr fff00000c63fbb69 by task kunit_try_catch/209 [ 32.642647] [ 32.642708] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.642795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.642828] Hardware name: linux,dummy-virt (DT) [ 32.642888] Call trace: [ 32.642925] show_stack+0x20/0x38 (C) [ 32.642977] dump_stack_lvl+0x8c/0xd0 [ 32.643042] print_report+0x118/0x608 [ 32.643963] kasan_report+0xdc/0x128 [ 32.644029] kasan_check_range+0x100/0x1a8 [ 32.644077] __asan_memset+0x34/0x78 [ 32.644121] kmalloc_oob_memset_16+0x150/0x2f8 [ 32.644181] kunit_try_run_case+0x170/0x3f0 [ 32.644230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.644284] kthread+0x328/0x630 [ 32.644328] ret_from_fork+0x10/0x20 [ 32.644374] [ 32.644392] Allocated by task 209: [ 32.644421] kasan_save_stack+0x3c/0x68 [ 32.644464] kasan_save_track+0x20/0x40 [ 32.644502] kasan_save_alloc_info+0x40/0x58 [ 32.644541] __kasan_kmalloc+0xd4/0xd8 [ 32.644579] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.644618] kmalloc_oob_memset_16+0xb0/0x2f8 [ 32.644657] kunit_try_run_case+0x170/0x3f0 [ 32.644695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.644742] kthread+0x328/0x630 [ 32.644777] ret_from_fork+0x10/0x20 [ 32.644814] [ 32.644833] The buggy address belongs to the object at fff00000c63fbb00 [ 32.644833] which belongs to the cache kmalloc-128 of size 128 [ 32.644891] The buggy address is located 105 bytes inside of [ 32.644891] allocated 120-byte region [fff00000c63fbb00, fff00000c63fbb78) [ 32.644955] [ 32.644975] The buggy address belongs to the physical page: [ 32.645007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.645058] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.645106] page_type: f5(slab) [ 32.645143] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.645202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.645243] page dumped because: kasan: bad access detected [ 32.645276] [ 32.645294] Memory state around the buggy address: [ 32.645324] fff00000c63fba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.645367] fff00000c63fba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645410] >fff00000c63fbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.645449] ^ [ 32.645494] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645536] fff00000c63fbc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.645572] ==================================================================
[ 23.208990] ================================================================== [ 23.209447] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.209919] Write of size 16 at addr ffff888105898069 by task kunit_try_catch/226 [ 23.210387] [ 23.210507] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.210557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.210571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.210592] Call Trace: [ 23.210606] <TASK> [ 23.210623] dump_stack_lvl+0x73/0xb0 [ 23.210652] print_report+0xd1/0x650 [ 23.210806] ? __virt_addr_valid+0x1db/0x2d0 [ 23.210944] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.210968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.210993] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.211016] kasan_report+0x141/0x180 [ 23.211038] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.211064] kasan_check_range+0x10c/0x1c0 [ 23.211086] __asan_memset+0x27/0x50 [ 23.211109] kmalloc_oob_memset_16+0x166/0x330 [ 23.211130] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.211152] ? __schedule+0x10cc/0x2b60 [ 23.211172] ? __pfx_read_tsc+0x10/0x10 [ 23.211193] ? ktime_get_ts64+0x86/0x230 [ 23.211217] kunit_try_run_case+0x1a5/0x480 [ 23.211242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.211264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.211285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.211318] ? __kthread_parkme+0x82/0x180 [ 23.211338] ? preempt_count_sub+0x50/0x80 [ 23.211360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.211384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.211409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.211432] kthread+0x337/0x6f0 [ 23.211451] ? trace_preempt_on+0x20/0xc0 [ 23.211473] ? __pfx_kthread+0x10/0x10 [ 23.211504] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.211527] ? calculate_sigpending+0x7b/0xa0 [ 23.211549] ? __pfx_kthread+0x10/0x10 [ 23.211570] ret_from_fork+0x116/0x1d0 [ 23.211589] ? __pfx_kthread+0x10/0x10 [ 23.211608] ret_from_fork_asm+0x1a/0x30 [ 23.211638] </TASK> [ 23.211650] [ 23.219085] Allocated by task 226: [ 23.219261] kasan_save_stack+0x45/0x70 [ 23.219472] kasan_save_track+0x18/0x40 [ 23.220525] kasan_save_alloc_info+0x3b/0x50 [ 23.221144] __kasan_kmalloc+0xb7/0xc0 [ 23.221360] __kmalloc_cache_noprof+0x189/0x420 [ 23.221809] kmalloc_oob_memset_16+0xac/0x330 [ 23.221989] kunit_try_run_case+0x1a5/0x480 [ 23.222264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.222749] kthread+0x337/0x6f0 [ 23.222899] ret_from_fork+0x116/0x1d0 [ 23.223215] ret_from_fork_asm+0x1a/0x30 [ 23.223559] [ 23.223809] The buggy address belongs to the object at ffff888105898000 [ 23.223809] which belongs to the cache kmalloc-128 of size 128 [ 23.224325] The buggy address is located 105 bytes inside of [ 23.224325] allocated 120-byte region [ffff888105898000, ffff888105898078) [ 23.225176] [ 23.225388] The buggy address belongs to the physical page: [ 23.225657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 23.226272] flags: 0x200000000000000(node=0|zone=2) [ 23.226623] page_type: f5(slab) [ 23.226852] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.227272] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.227804] page dumped because: kasan: bad access detected [ 23.228130] [ 23.228249] Memory state around the buggy address: [ 23.228718] ffff888105897f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.229147] ffff888105897f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.229561] >ffff888105898000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.230081] ^ [ 23.230401] ffff888105898080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.230894] ffff888105898100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.231373] ==================================================================
[ 23.495699] ================================================================== [ 23.496220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.496771] Write of size 16 at addr ffff8881049c5b69 by task kunit_try_catch/227 [ 23.497103] [ 23.497222] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.497278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.497291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.497315] Call Trace: [ 23.497329] <TASK> [ 23.497350] dump_stack_lvl+0x73/0xb0 [ 23.497384] print_report+0xd1/0x650 [ 23.497407] ? __virt_addr_valid+0x1db/0x2d0 [ 23.497434] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.497454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.497480] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.497501] kasan_report+0x141/0x180 [ 23.497523] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.497548] kasan_check_range+0x10c/0x1c0 [ 23.497571] __asan_memset+0x27/0x50 [ 23.497594] kmalloc_oob_memset_16+0x166/0x330 [ 23.497615] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.497637] ? __schedule+0x10cc/0x2b60 [ 23.497659] ? __pfx_read_tsc+0x10/0x10 [ 23.497681] ? ktime_get_ts64+0x86/0x230 [ 23.497708] kunit_try_run_case+0x1a5/0x480 [ 23.497736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.497758] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.497780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.497801] ? __kthread_parkme+0x82/0x180 [ 23.497829] ? preempt_count_sub+0x50/0x80 [ 23.497853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.497877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.497901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.497925] kthread+0x337/0x6f0 [ 23.498076] ? trace_preempt_on+0x20/0xc0 [ 23.498104] ? __pfx_kthread+0x10/0x10 [ 23.498124] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.498246] ? calculate_sigpending+0x7b/0xa0 [ 23.498276] ? __pfx_kthread+0x10/0x10 [ 23.498298] ret_from_fork+0x116/0x1d0 [ 23.498318] ? __pfx_kthread+0x10/0x10 [ 23.498338] ret_from_fork_asm+0x1a/0x30 [ 23.498370] </TASK> [ 23.498383] [ 23.506028] Allocated by task 227: [ 23.506310] kasan_save_stack+0x45/0x70 [ 23.506497] kasan_save_track+0x18/0x40 [ 23.506669] kasan_save_alloc_info+0x3b/0x50 [ 23.506841] __kasan_kmalloc+0xb7/0xc0 [ 23.507037] __kmalloc_cache_noprof+0x189/0x420 [ 23.507347] kmalloc_oob_memset_16+0xac/0x330 [ 23.507539] kunit_try_run_case+0x1a5/0x480 [ 23.507681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.507873] kthread+0x337/0x6f0 [ 23.508054] ret_from_fork+0x116/0x1d0 [ 23.508515] ret_from_fork_asm+0x1a/0x30 [ 23.508726] [ 23.508796] The buggy address belongs to the object at ffff8881049c5b00 [ 23.508796] which belongs to the cache kmalloc-128 of size 128 [ 23.509430] The buggy address is located 105 bytes inside of [ 23.509430] allocated 120-byte region [ffff8881049c5b00, ffff8881049c5b78) [ 23.509963] [ 23.510070] The buggy address belongs to the physical page: [ 23.510400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.510631] flags: 0x200000000000000(node=0|zone=2) [ 23.510784] page_type: f5(slab) [ 23.510899] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.511204] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.511524] page dumped because: kasan: bad access detected [ 23.511762] [ 23.511848] Memory state around the buggy address: [ 23.512355] ffff8881049c5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.512633] ffff8881049c5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.512834] >ffff8881049c5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.513160] ^ [ 23.513470] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.513760] ffff8881049c5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.514128] ==================================================================