Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.846161] ================================================================== [ 30.846220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 30.846270] Write of size 4 at addr fff00000c404fe75 by task kunit_try_catch/207 [ 30.846319] [ 30.846350] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.846436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.846462] Hardware name: linux,dummy-virt (DT) [ 30.846493] Call trace: [ 30.846515] show_stack+0x20/0x38 (C) [ 30.846573] dump_stack_lvl+0x8c/0xd0 [ 30.846621] print_report+0x118/0x608 [ 30.846666] kasan_report+0xdc/0x128 [ 30.846721] kasan_check_range+0x100/0x1a8 [ 30.846767] __asan_memset+0x34/0x78 [ 30.846810] kmalloc_oob_memset_4+0x150/0x300 [ 30.846856] kunit_try_run_case+0x170/0x3f0 [ 30.846904] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.847106] kthread+0x328/0x630 [ 30.847154] ret_from_fork+0x10/0x20 [ 30.847566] [ 30.848083] Allocated by task 207: [ 30.848137] kasan_save_stack+0x3c/0x68 [ 30.848236] kasan_save_track+0x20/0x40 [ 30.848310] kasan_save_alloc_info+0x40/0x58 [ 30.848390] __kasan_kmalloc+0xd4/0xd8 [ 30.848497] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.848612] kmalloc_oob_memset_4+0xb0/0x300 [ 30.848655] kunit_try_run_case+0x170/0x3f0 [ 30.848912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.849143] kthread+0x328/0x630 [ 30.849353] ret_from_fork+0x10/0x20 [ 30.849509] [ 30.849566] The buggy address belongs to the object at fff00000c404fe00 [ 30.849566] which belongs to the cache kmalloc-128 of size 128 [ 30.849702] The buggy address is located 117 bytes inside of [ 30.849702] allocated 120-byte region [fff00000c404fe00, fff00000c404fe78) [ 30.849793] [ 30.850190] The buggy address belongs to the physical page: [ 30.850249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.850374] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.850445] page_type: f5(slab) [ 30.850688] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.850765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.850959] page dumped because: kasan: bad access detected [ 30.850994] [ 30.851013] Memory state around the buggy address: [ 30.851045] fff00000c404fd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.851317] fff00000c404fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851455] >fff00000c404fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.851521] ^ [ 30.851664] fff00000c404fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851752] fff00000c404ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851899] ==================================================================
[ 32.618278] ================================================================== [ 32.618610] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 32.618665] Write of size 4 at addr fff00000c63fb975 by task kunit_try_catch/205 [ 32.618715] [ 32.618745] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.618832] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.618858] Hardware name: linux,dummy-virt (DT) [ 32.618888] Call trace: [ 32.618912] show_stack+0x20/0x38 (C) [ 32.618959] dump_stack_lvl+0x8c/0xd0 [ 32.619007] print_report+0x118/0x608 [ 32.619066] kasan_report+0xdc/0x128 [ 32.619112] kasan_check_range+0x100/0x1a8 [ 32.619169] __asan_memset+0x34/0x78 [ 32.619223] kmalloc_oob_memset_4+0x150/0x300 [ 32.619377] kunit_try_run_case+0x170/0x3f0 [ 32.619815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.619907] kthread+0x328/0x630 [ 32.619952] ret_from_fork+0x10/0x20 [ 32.619999] [ 32.620018] Allocated by task 205: [ 32.620045] kasan_save_stack+0x3c/0x68 [ 32.620176] kasan_save_track+0x20/0x40 [ 32.620256] kasan_save_alloc_info+0x40/0x58 [ 32.620293] __kasan_kmalloc+0xd4/0xd8 [ 32.620370] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.620474] kmalloc_oob_memset_4+0xb0/0x300 [ 32.620631] kunit_try_run_case+0x170/0x3f0 [ 32.620668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.620718] kthread+0x328/0x630 [ 32.620784] ret_from_fork+0x10/0x20 [ 32.620879] [ 32.620900] The buggy address belongs to the object at fff00000c63fb900 [ 32.620900] which belongs to the cache kmalloc-128 of size 128 [ 32.620958] The buggy address is located 117 bytes inside of [ 32.620958] allocated 120-byte region [fff00000c63fb900, fff00000c63fb978) [ 32.621018] [ 32.621038] The buggy address belongs to the physical page: [ 32.621077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.621127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.621182] page_type: f5(slab) [ 32.621246] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.621639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.621715] page dumped because: kasan: bad access detected [ 32.621773] [ 32.621872] Memory state around the buggy address: [ 32.621903] fff00000c63fb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.621978] fff00000c63fb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622055] >fff00000c63fb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.622116] ^ [ 32.622527] fff00000c63fb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622576] fff00000c63fba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.622613] ==================================================================
[ 23.161103] ================================================================== [ 23.162323] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.163096] Write of size 4 at addr ffff888104950475 by task kunit_try_catch/222 [ 23.163481] [ 23.163679] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.163727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.163740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.163760] Call Trace: [ 23.163773] <TASK> [ 23.163788] dump_stack_lvl+0x73/0xb0 [ 23.163838] print_report+0xd1/0x650 [ 23.163860] ? __virt_addr_valid+0x1db/0x2d0 [ 23.163882] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.163953] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.163983] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.164006] kasan_report+0x141/0x180 [ 23.164027] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.164064] kasan_check_range+0x10c/0x1c0 [ 23.164087] __asan_memset+0x27/0x50 [ 23.164110] kmalloc_oob_memset_4+0x166/0x330 [ 23.164142] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.164164] ? __schedule+0x10cc/0x2b60 [ 23.164186] ? __pfx_read_tsc+0x10/0x10 [ 23.164207] ? ktime_get_ts64+0x86/0x230 [ 23.164231] kunit_try_run_case+0x1a5/0x480 [ 23.164256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.164280] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.164301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.164331] ? __kthread_parkme+0x82/0x180 [ 23.164352] ? preempt_count_sub+0x50/0x80 [ 23.164383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.164408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.164431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.164465] kthread+0x337/0x6f0 [ 23.164485] ? trace_preempt_on+0x20/0xc0 [ 23.164517] ? __pfx_kthread+0x10/0x10 [ 23.164538] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.164561] ? calculate_sigpending+0x7b/0xa0 [ 23.164584] ? __pfx_kthread+0x10/0x10 [ 23.164606] ret_from_fork+0x116/0x1d0 [ 23.164625] ? __pfx_kthread+0x10/0x10 [ 23.164645] ret_from_fork_asm+0x1a/0x30 [ 23.164708] </TASK> [ 23.164722] [ 23.175614] Allocated by task 222: [ 23.175784] kasan_save_stack+0x45/0x70 [ 23.175931] kasan_save_track+0x18/0x40 [ 23.176060] kasan_save_alloc_info+0x3b/0x50 [ 23.176262] __kasan_kmalloc+0xb7/0xc0 [ 23.176546] __kmalloc_cache_noprof+0x189/0x420 [ 23.176718] kmalloc_oob_memset_4+0xac/0x330 [ 23.176857] kunit_try_run_case+0x1a5/0x480 [ 23.177058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.177316] kthread+0x337/0x6f0 [ 23.177484] ret_from_fork+0x116/0x1d0 [ 23.177648] ret_from_fork_asm+0x1a/0x30 [ 23.177919] [ 23.177998] The buggy address belongs to the object at ffff888104950400 [ 23.177998] which belongs to the cache kmalloc-128 of size 128 [ 23.178398] The buggy address is located 117 bytes inside of [ 23.178398] allocated 120-byte region [ffff888104950400, ffff888104950478) [ 23.178871] [ 23.179063] The buggy address belongs to the physical page: [ 23.179290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.179669] flags: 0x200000000000000(node=0|zone=2) [ 23.179965] page_type: f5(slab) [ 23.180123] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.180372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.180583] page dumped because: kasan: bad access detected [ 23.180743] [ 23.180807] Memory state around the buggy address: [ 23.181135] ffff888104950300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.181476] ffff888104950380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.182033] >ffff888104950400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.182420] ^ [ 23.183009] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.183360] ffff888104950500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.184373] ==================================================================
[ 23.430664] ================================================================== [ 23.432225] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.432818] Write of size 4 at addr ffff8881049c5a75 by task kunit_try_catch/223 [ 23.433071] [ 23.433192] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.433248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.433261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.433284] Call Trace: [ 23.433301] <TASK> [ 23.433323] dump_stack_lvl+0x73/0xb0 [ 23.433356] print_report+0xd1/0x650 [ 23.433500] ? __virt_addr_valid+0x1db/0x2d0 [ 23.433531] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.433553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.433579] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.433600] kasan_report+0x141/0x180 [ 23.433622] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.433647] kasan_check_range+0x10c/0x1c0 [ 23.433670] __asan_memset+0x27/0x50 [ 23.433693] kmalloc_oob_memset_4+0x166/0x330 [ 23.433714] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.433736] ? __schedule+0x10cc/0x2b60 [ 23.433758] ? __pfx_read_tsc+0x10/0x10 [ 23.433780] ? ktime_get_ts64+0x86/0x230 [ 23.433805] kunit_try_run_case+0x1a5/0x480 [ 23.433837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.433860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.433881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.433903] ? __kthread_parkme+0x82/0x180 [ 23.433924] ? preempt_count_sub+0x50/0x80 [ 23.434229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.434257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.434297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.434324] kthread+0x337/0x6f0 [ 23.434343] ? trace_preempt_on+0x20/0xc0 [ 23.434368] ? __pfx_kthread+0x10/0x10 [ 23.434388] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.434412] ? calculate_sigpending+0x7b/0xa0 [ 23.434436] ? __pfx_kthread+0x10/0x10 [ 23.434457] ret_from_fork+0x116/0x1d0 [ 23.434476] ? __pfx_kthread+0x10/0x10 [ 23.434496] ret_from_fork_asm+0x1a/0x30 [ 23.434528] </TASK> [ 23.434541] [ 23.448136] Allocated by task 223: [ 23.448402] kasan_save_stack+0x45/0x70 [ 23.448777] kasan_save_track+0x18/0x40 [ 23.449164] kasan_save_alloc_info+0x3b/0x50 [ 23.449613] __kasan_kmalloc+0xb7/0xc0 [ 23.449806] __kmalloc_cache_noprof+0x189/0x420 [ 23.449989] kmalloc_oob_memset_4+0xac/0x330 [ 23.450467] kunit_try_run_case+0x1a5/0x480 [ 23.450868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.451553] kthread+0x337/0x6f0 [ 23.451685] ret_from_fork+0x116/0x1d0 [ 23.451813] ret_from_fork_asm+0x1a/0x30 [ 23.451954] [ 23.452022] The buggy address belongs to the object at ffff8881049c5a00 [ 23.452022] which belongs to the cache kmalloc-128 of size 128 [ 23.452773] The buggy address is located 117 bytes inside of [ 23.452773] allocated 120-byte region [ffff8881049c5a00, ffff8881049c5a78) [ 23.453570] [ 23.453765] The buggy address belongs to the physical page: [ 23.454163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.454406] flags: 0x200000000000000(node=0|zone=2) [ 23.454567] page_type: f5(slab) [ 23.454685] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.454914] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.455798] page dumped because: kasan: bad access detected [ 23.456464] [ 23.456641] Memory state around the buggy address: [ 23.457076] ffff8881049c5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.457832] ffff8881049c5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.458570] >ffff8881049c5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.459363] ^ [ 23.460106] ffff8881049c5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.460588] ffff8881049c5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.461255] ==================================================================