Date
July 18, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.013232] ================================================================== [ 17.013344] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 17.013416] Write of size 4 at addr fff00000c7892175 by task kunit_try_catch/174 [ 17.013632] [ 17.013931] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.014029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.014055] Hardware name: linux,dummy-virt (DT) [ 17.014202] Call trace: [ 17.014236] show_stack+0x20/0x38 (C) [ 17.014295] dump_stack_lvl+0x8c/0xd0 [ 17.014717] print_report+0x118/0x5d0 [ 17.014818] kasan_report+0xdc/0x128 [ 17.015117] kasan_check_range+0x100/0x1a8 [ 17.015189] __asan_memset+0x34/0x78 [ 17.015234] kmalloc_oob_memset_4+0x150/0x300 [ 17.015280] kunit_try_run_case+0x170/0x3f0 [ 17.015477] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.015586] kthread+0x328/0x630 [ 17.016046] ret_from_fork+0x10/0x20 [ 17.016207] [ 17.016268] Allocated by task 174: [ 17.016338] kasan_save_stack+0x3c/0x68 [ 17.016670] kasan_save_track+0x20/0x40 [ 17.016922] kasan_save_alloc_info+0x40/0x58 [ 17.017118] __kasan_kmalloc+0xd4/0xd8 [ 17.017341] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.017455] kmalloc_oob_memset_4+0xb0/0x300 [ 17.017560] kunit_try_run_case+0x170/0x3f0 [ 17.017641] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.018044] kthread+0x328/0x630 [ 17.018131] ret_from_fork+0x10/0x20 [ 17.018172] [ 17.018238] The buggy address belongs to the object at fff00000c7892100 [ 17.018238] which belongs to the cache kmalloc-128 of size 128 [ 17.018723] The buggy address is located 117 bytes inside of [ 17.018723] allocated 120-byte region [fff00000c7892100, fff00000c7892178) [ 17.018980] [ 17.019025] The buggy address belongs to the physical page: [ 17.019065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107892 [ 17.019268] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.019402] page_type: f5(slab) [ 17.019588] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.019981] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.020027] page dumped because: kasan: bad access detected [ 17.020060] [ 17.020078] Memory state around the buggy address: [ 17.020112] fff00000c7892000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.020153] fff00000c7892080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.020194] >fff00000c7892100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.020554] ^ [ 17.020605] fff00000c7892180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.020647] fff00000c7892200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.020684] ==================================================================
[ 16.674336] ================================================================== [ 16.674400] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 16.674450] Write of size 4 at addr fff00000c5b7da75 by task kunit_try_catch/174 [ 16.674497] [ 16.674531] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.674610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.674636] Hardware name: linux,dummy-virt (DT) [ 16.674665] Call trace: [ 16.674688] show_stack+0x20/0x38 (C) [ 16.674734] dump_stack_lvl+0x8c/0xd0 [ 16.674779] print_report+0x118/0x5d0 [ 16.674823] kasan_report+0xdc/0x128 [ 16.674876] kasan_check_range+0x100/0x1a8 [ 16.674923] __asan_memset+0x34/0x78 [ 16.674963] kmalloc_oob_memset_4+0x150/0x300 [ 16.675008] kunit_try_run_case+0x170/0x3f0 [ 16.675053] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.675108] kthread+0x328/0x630 [ 16.675159] ret_from_fork+0x10/0x20 [ 16.675208] [ 16.675226] Allocated by task 174: [ 16.675254] kasan_save_stack+0x3c/0x68 [ 16.675293] kasan_save_track+0x20/0x40 [ 16.675728] kasan_save_alloc_info+0x40/0x58 [ 16.676115] __kasan_kmalloc+0xd4/0xd8 [ 16.676196] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.676244] kmalloc_oob_memset_4+0xb0/0x300 [ 16.676289] kunit_try_run_case+0x170/0x3f0 [ 16.676586] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.676748] kthread+0x328/0x630 [ 16.676802] ret_from_fork+0x10/0x20 [ 16.676990] [ 16.677031] The buggy address belongs to the object at fff00000c5b7da00 [ 16.677031] which belongs to the cache kmalloc-128 of size 128 [ 16.677234] The buggy address is located 117 bytes inside of [ 16.677234] allocated 120-byte region [fff00000c5b7da00, fff00000c5b7da78) [ 16.677650] [ 16.677701] The buggy address belongs to the physical page: [ 16.677740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b7d [ 16.677819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.677944] page_type: f5(slab) [ 16.678042] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.678220] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.678298] page dumped because: kasan: bad access detected [ 16.678422] [ 16.678468] Memory state around the buggy address: [ 16.678501] fff00000c5b7d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.678559] fff00000c5b7d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.678799] >fff00000c5b7da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.678984] ^ [ 16.679031] fff00000c5b7da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.679075] fff00000c5b7db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.679581] ==================================================================
[ 16.703626] ================================================================== [ 16.703842] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 16.704349] Write of size 4 at addr fff00000c771d175 by task kunit_try_catch/174 [ 16.704407] [ 16.704619] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.704916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.705069] Hardware name: linux,dummy-virt (DT) [ 16.705166] Call trace: [ 16.705346] show_stack+0x20/0x38 (C) [ 16.705792] dump_stack_lvl+0x8c/0xd0 [ 16.706208] print_report+0x118/0x5d0 [ 16.706301] kasan_report+0xdc/0x128 [ 16.706733] kasan_check_range+0x100/0x1a8 [ 16.706959] __asan_memset+0x34/0x78 [ 16.707194] kmalloc_oob_memset_4+0x150/0x300 [ 16.707468] kunit_try_run_case+0x170/0x3f0 [ 16.707548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.707735] kthread+0x328/0x630 [ 16.707780] ret_from_fork+0x10/0x20 [ 16.708057] [ 16.708257] Allocated by task 174: [ 16.708301] kasan_save_stack+0x3c/0x68 [ 16.708509] kasan_save_track+0x20/0x40 [ 16.708640] kasan_save_alloc_info+0x40/0x58 [ 16.708865] __kasan_kmalloc+0xd4/0xd8 [ 16.709007] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.709164] kmalloc_oob_memset_4+0xb0/0x300 [ 16.709407] kunit_try_run_case+0x170/0x3f0 [ 16.709706] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.709794] kthread+0x328/0x630 [ 16.710105] ret_from_fork+0x10/0x20 [ 16.710327] [ 16.710460] The buggy address belongs to the object at fff00000c771d100 [ 16.710460] which belongs to the cache kmalloc-128 of size 128 [ 16.710699] The buggy address is located 117 bytes inside of [ 16.710699] allocated 120-byte region [fff00000c771d100, fff00000c771d178) [ 16.711000] [ 16.711112] The buggy address belongs to the physical page: [ 16.711214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10771d [ 16.711375] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.711595] page_type: f5(slab) [ 16.711965] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.712098] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.712316] page dumped because: kasan: bad access detected [ 16.712401] [ 16.712503] Memory state around the buggy address: [ 16.712578] fff00000c771d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.712979] fff00000c771d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.713266] >fff00000c771d100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.713483] ^ [ 16.713558] fff00000c771d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.714002] fff00000c771d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.714097] ==================================================================
[ 12.355098] ================================================================== [ 12.355858] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.356562] Write of size 4 at addr ffff888102988675 by task kunit_try_catch/191 [ 12.356913] [ 12.357035] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.357080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.357208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.357237] Call Trace: [ 12.357248] <TASK> [ 12.357264] dump_stack_lvl+0x73/0xb0 [ 12.357296] print_report+0xd1/0x610 [ 12.357318] ? __virt_addr_valid+0x1db/0x2d0 [ 12.357341] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.357362] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.357404] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.357440] kasan_report+0x141/0x180 [ 12.357462] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.357489] kasan_check_range+0x10c/0x1c0 [ 12.357512] __asan_memset+0x27/0x50 [ 12.357574] kmalloc_oob_memset_4+0x166/0x330 [ 12.357600] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.357623] ? __schedule+0x10cc/0x2b60 [ 12.357645] ? __pfx_read_tsc+0x10/0x10 [ 12.357666] ? ktime_get_ts64+0x86/0x230 [ 12.357691] kunit_try_run_case+0x1a5/0x480 [ 12.357716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.357738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.357762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.357785] ? __kthread_parkme+0x82/0x180 [ 12.357805] ? preempt_count_sub+0x50/0x80 [ 12.357830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.357853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.357876] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.357913] kthread+0x337/0x6f0 [ 12.357931] ? trace_preempt_on+0x20/0xc0 [ 12.357955] ? __pfx_kthread+0x10/0x10 [ 12.357975] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.358004] ? calculate_sigpending+0x7b/0xa0 [ 12.358028] ? __pfx_kthread+0x10/0x10 [ 12.358049] ret_from_fork+0x116/0x1d0 [ 12.358067] ? __pfx_kthread+0x10/0x10 [ 12.358087] ret_from_fork_asm+0x1a/0x30 [ 12.358119] </TASK> [ 12.358129] [ 12.367113] Allocated by task 191: [ 12.367326] kasan_save_stack+0x45/0x70 [ 12.367525] kasan_save_track+0x18/0x40 [ 12.367764] kasan_save_alloc_info+0x3b/0x50 [ 12.368028] __kasan_kmalloc+0xb7/0xc0 [ 12.368204] __kmalloc_cache_noprof+0x189/0x420 [ 12.368437] kmalloc_oob_memset_4+0xac/0x330 [ 12.368857] kunit_try_run_case+0x1a5/0x480 [ 12.369089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.369316] kthread+0x337/0x6f0 [ 12.369438] ret_from_fork+0x116/0x1d0 [ 12.369596] ret_from_fork_asm+0x1a/0x30 [ 12.369792] [ 12.369937] The buggy address belongs to the object at ffff888102988600 [ 12.369937] which belongs to the cache kmalloc-128 of size 128 [ 12.370864] The buggy address is located 117 bytes inside of [ 12.370864] allocated 120-byte region [ffff888102988600, ffff888102988678) [ 12.371272] [ 12.371346] The buggy address belongs to the physical page: [ 12.371523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102988 [ 12.371765] flags: 0x200000000000000(node=0|zone=2) [ 12.371944] page_type: f5(slab) [ 12.372066] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.372382] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.372613] page dumped because: kasan: bad access detected [ 12.372786] [ 12.372857] Memory state around the buggy address: [ 12.373034] ffff888102988500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.373341] ffff888102988580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.373662] >ffff888102988600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.374138] ^ [ 12.374429] ffff888102988680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.374645] ffff888102988700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.374867] ==================================================================
[ 12.287392] ================================================================== [ 12.287806] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.288180] Write of size 4 at addr ffff888102b7d375 by task kunit_try_catch/191 [ 12.288480] [ 12.288949] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.289003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.289027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.289050] Call Trace: [ 12.289063] <TASK> [ 12.289082] dump_stack_lvl+0x73/0xb0 [ 12.289116] print_report+0xd1/0x610 [ 12.289140] ? __virt_addr_valid+0x1db/0x2d0 [ 12.289165] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.289186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.289208] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.289229] kasan_report+0x141/0x180 [ 12.289251] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.289276] kasan_check_range+0x10c/0x1c0 [ 12.289299] __asan_memset+0x27/0x50 [ 12.289318] kmalloc_oob_memset_4+0x166/0x330 [ 12.289340] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.289362] ? __schedule+0x10cc/0x2b60 [ 12.289384] ? __pfx_read_tsc+0x10/0x10 [ 12.289406] ? ktime_get_ts64+0x86/0x230 [ 12.289442] kunit_try_run_case+0x1a5/0x480 [ 12.289503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.289525] ? irqentry_exit+0x2a/0x60 [ 12.289560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.289587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.289610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.289632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.289656] kthread+0x337/0x6f0 [ 12.289676] ? trace_preempt_on+0x20/0xc0 [ 12.289700] ? __pfx_kthread+0x10/0x10 [ 12.289719] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.289741] ? calculate_sigpending+0x7b/0xa0 [ 12.289766] ? __pfx_kthread+0x10/0x10 [ 12.289786] ret_from_fork+0x116/0x1d0 [ 12.289804] ? __pfx_kthread+0x10/0x10 [ 12.289824] ret_from_fork_asm+0x1a/0x30 [ 12.289856] </TASK> [ 12.289868] [ 12.301646] Allocated by task 191: [ 12.301859] kasan_save_stack+0x45/0x70 [ 12.302395] kasan_save_track+0x18/0x40 [ 12.302695] kasan_save_alloc_info+0x3b/0x50 [ 12.302851] __kasan_kmalloc+0xb7/0xc0 [ 12.303127] __kmalloc_cache_noprof+0x189/0x420 [ 12.303494] kmalloc_oob_memset_4+0xac/0x330 [ 12.303652] kunit_try_run_case+0x1a5/0x480 [ 12.303849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.304110] kthread+0x337/0x6f0 [ 12.304255] ret_from_fork+0x116/0x1d0 [ 12.304502] ret_from_fork_asm+0x1a/0x30 [ 12.304710] [ 12.304797] The buggy address belongs to the object at ffff888102b7d300 [ 12.304797] which belongs to the cache kmalloc-128 of size 128 [ 12.305420] The buggy address is located 117 bytes inside of [ 12.305420] allocated 120-byte region [ffff888102b7d300, ffff888102b7d378) [ 12.305957] [ 12.306105] The buggy address belongs to the physical page: [ 12.306401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b7d [ 12.306801] flags: 0x200000000000000(node=0|zone=2) [ 12.307033] page_type: f5(slab) [ 12.307160] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.307392] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.307720] page dumped because: kasan: bad access detected [ 12.308145] [ 12.308217] Memory state around the buggy address: [ 12.308377] ffff888102b7d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.309359] ffff888102b7d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.309788] >ffff888102b7d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.310253] ^ [ 12.310569] ffff888102b7d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.310790] ffff888102b7d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.311287] ==================================================================