Hay
Date
July 6, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
x86

[   16.927917] ==================================================================
[   16.928187] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8
[   16.928349] Write of size 2 at addr fff00000c635ab77 by task kunit_try_catch/173
[   16.928604] 
[   16.928902] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.930041] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.930083] Hardware name: linux,dummy-virt (DT)
[   16.930114] Call trace:
[   16.930136]  show_stack+0x20/0x38 (C)
[   16.930196]  dump_stack_lvl+0x8c/0xd0
[   16.930243]  print_report+0x118/0x608
[   16.930287]  kasan_report+0xdc/0x128
[   16.930329]  kasan_check_range+0x100/0x1a8
[   16.930374]  __asan_memset+0x34/0x78
[   16.930414]  kmalloc_oob_memset_2+0x150/0x2f8
[   16.930457]  kunit_try_run_case+0x170/0x3f0
[   16.930502]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.930551]  kthread+0x328/0x630
[   16.930589]  ret_from_fork+0x10/0x20
[   16.930641] 
[   16.930658] Allocated by task 173:
[   16.930685]  kasan_save_stack+0x3c/0x68
[   16.930724]  kasan_save_track+0x20/0x40
[   16.930759]  kasan_save_alloc_info+0x40/0x58
[   16.930797]  __kasan_kmalloc+0xd4/0xd8
[   16.930831]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.930868]  kmalloc_oob_memset_2+0xb0/0x2f8
[   16.930904]  kunit_try_run_case+0x170/0x3f0
[   16.930940]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.930990]  kthread+0x328/0x630
[   16.931021]  ret_from_fork+0x10/0x20
[   16.931055] 
[   16.931073] The buggy address belongs to the object at fff00000c635ab00
[   16.931073]  which belongs to the cache kmalloc-128 of size 128
[   16.931965] The buggy address is located 119 bytes inside of
[   16.931965]  allocated 120-byte region [fff00000c635ab00, fff00000c635ab78)
[   16.932046] 
[   16.932065] The buggy address belongs to the physical page:
[   16.932095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10635a
[   16.932147] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.932253] page_type: f5(slab)
[   16.932337] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.932389] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.932591] page dumped because: kasan: bad access detected
[   16.932634] 
[   16.932652] Memory state around the buggy address:
[   16.932685]  fff00000c635aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.932727]  fff00000c635aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.932767] >fff00000c635ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.932803]                                                                 ^
[   16.932841]  fff00000c635ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.932882]  fff00000c635ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.932918] ==================================================================

[   16.879503] ==================================================================
[   16.879563] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8
[   16.879615] Write of size 2 at addr fff00000c63cda77 by task kunit_try_catch/173
[   16.880103] 
[   16.880149] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.880622] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.880649] Hardware name: linux,dummy-virt (DT)
[   16.881063] Call trace:
[   16.881138]  show_stack+0x20/0x38 (C)
[   16.881191]  dump_stack_lvl+0x8c/0xd0
[   16.881236]  print_report+0x118/0x608
[   16.881279]  kasan_report+0xdc/0x128
[   16.881332]  kasan_check_range+0x100/0x1a8
[   16.881378]  __asan_memset+0x34/0x78
[   16.881902]  kmalloc_oob_memset_2+0x150/0x2f8
[   16.882386]  kunit_try_run_case+0x170/0x3f0
[   16.882436]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.882510]  kthread+0x328/0x630
[   16.882550]  ret_from_fork+0x10/0x20
[   16.882729] 
[   16.882878] Allocated by task 173:
[   16.882999]  kasan_save_stack+0x3c/0x68
[   16.883066]  kasan_save_track+0x20/0x40
[   16.883103]  kasan_save_alloc_info+0x40/0x58
[   16.883141]  __kasan_kmalloc+0xd4/0xd8
[   16.883176]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.883214]  kmalloc_oob_memset_2+0xb0/0x2f8
[   16.883289]  kunit_try_run_case+0x170/0x3f0
[   16.883340]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.883469]  kthread+0x328/0x630
[   16.883501]  ret_from_fork+0x10/0x20
[   16.883582] 
[   16.883682] The buggy address belongs to the object at fff00000c63cda00
[   16.883682]  which belongs to the cache kmalloc-128 of size 128
[   16.883783] The buggy address is located 119 bytes inside of
[   16.883783]  allocated 120-byte region [fff00000c63cda00, fff00000c63cda78)
[   16.883923] 
[   16.883949] The buggy address belongs to the physical page:
[   16.884029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063cd
[   16.884115] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.884188] page_type: f5(slab)
[   16.884363] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.884445] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.884523] page dumped because: kasan: bad access detected
[   16.884595] 
[   16.884630] Memory state around the buggy address:
[   16.884670]  fff00000c63cd900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.884727]  fff00000c63cd980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.884822] >fff00000c63cda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.885361]                                                                 ^
[   16.885644]  fff00000c63cda80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.885745]  fff00000c63cdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.885802] ==================================================================

[   13.422410] ==================================================================
[   13.423439] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330
[   13.424004] Write of size 2 at addr ffff88810254d277 by task kunit_try_catch/190
[   13.424246] 
[   13.424382] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.424454] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.424475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.424510] Call Trace:
[   13.424537]  <TASK>
[   13.424568]  dump_stack_lvl+0x73/0xb0
[   13.424645]  print_report+0xd1/0x650
[   13.424687]  ? __virt_addr_valid+0x1db/0x2d0
[   13.424724]  ? kmalloc_oob_memset_2+0x166/0x330
[   13.424757]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.424797]  ? kmalloc_oob_memset_2+0x166/0x330
[   13.424831]  kasan_report+0x141/0x180
[   13.424863]  ? kmalloc_oob_memset_2+0x166/0x330
[   13.424905]  kasan_check_range+0x10c/0x1c0
[   13.424942]  __asan_memset+0x27/0x50
[   13.424972]  kmalloc_oob_memset_2+0x166/0x330
[   13.425011]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   13.425052]  ? __schedule+0x10cc/0x2b60
[   13.425090]  ? __pfx_read_tsc+0x10/0x10
[   13.425122]  ? ktime_get_ts64+0x86/0x230
[   13.425160]  kunit_try_run_case+0x1a5/0x480
[   13.425199]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.425236]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.425275]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.425303]  ? __kthread_parkme+0x82/0x180
[   13.425322]  ? preempt_count_sub+0x50/0x80
[   13.425343]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.425363]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.425383]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.425403]  kthread+0x337/0x6f0
[   13.425420]  ? trace_preempt_on+0x20/0xc0
[   13.425448]  ? __pfx_kthread+0x10/0x10
[   13.425480]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.425516]  ? calculate_sigpending+0x7b/0xa0
[   13.425548]  ? __pfx_kthread+0x10/0x10
[   13.425577]  ret_from_fork+0x116/0x1d0
[   13.425603]  ? __pfx_kthread+0x10/0x10
[   13.425646]  ret_from_fork_asm+0x1a/0x30
[   13.425691]  </TASK>
[   13.425709] 
[   13.436431] Allocated by task 190:
[   13.436870]  kasan_save_stack+0x45/0x70
[   13.437216]  kasan_save_track+0x18/0x40
[   13.437898]  kasan_save_alloc_info+0x3b/0x50
[   13.438300]  __kasan_kmalloc+0xb7/0xc0
[   13.438490]  __kmalloc_cache_noprof+0x189/0x420
[   13.438788]  kmalloc_oob_memset_2+0xac/0x330
[   13.439021]  kunit_try_run_case+0x1a5/0x480
[   13.439315]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.439517]  kthread+0x337/0x6f0
[   13.439966]  ret_from_fork+0x116/0x1d0
[   13.440270]  ret_from_fork_asm+0x1a/0x30
[   13.440495] 
[   13.440770] The buggy address belongs to the object at ffff88810254d200
[   13.440770]  which belongs to the cache kmalloc-128 of size 128
[   13.441468] The buggy address is located 119 bytes inside of
[   13.441468]  allocated 120-byte region [ffff88810254d200, ffff88810254d278)
[   13.442481] 
[   13.442824] The buggy address belongs to the physical page:
[   13.443220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10254d
[   13.443760] flags: 0x200000000000000(node=0|zone=2)
[   13.444119] page_type: f5(slab)
[   13.444371] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.444846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.445331] page dumped because: kasan: bad access detected
[   13.446122] 
[   13.446244] Memory state around the buggy address:
[   13.446431]  ffff88810254d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.447051]  ffff88810254d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.447676] >ffff88810254d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   13.448140]                                                                 ^
[   13.448764]  ffff88810254d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.449039]  ffff88810254d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.449905] ==================================================================

[   13.583599] ==================================================================
[   13.585014] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330
[   13.585795] Write of size 2 at addr ffff888102c3fb77 by task kunit_try_catch/189
[   13.586060] 
[   13.586160] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.586206] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.586218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.586240] Call Trace:
[   13.586254]  <TASK>
[   13.586270]  dump_stack_lvl+0x73/0xb0
[   13.586300]  print_report+0xd1/0x650
[   13.586323]  ? __virt_addr_valid+0x1db/0x2d0
[   13.586346]  ? kmalloc_oob_memset_2+0x166/0x330
[   13.586368]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.586395]  ? kmalloc_oob_memset_2+0x166/0x330
[   13.586417]  kasan_report+0x141/0x180
[   13.586440]  ? kmalloc_oob_memset_2+0x166/0x330
[   13.586468]  kasan_check_range+0x10c/0x1c0
[   13.586492]  __asan_memset+0x27/0x50
[   13.586511]  kmalloc_oob_memset_2+0x166/0x330
[   13.586534]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   13.586558]  ? __schedule+0x10cc/0x2b60
[   13.586581]  ? __pfx_read_tsc+0x10/0x10
[   13.586602]  ? ktime_get_ts64+0x86/0x230
[   13.586631]  kunit_try_run_case+0x1a5/0x480
[   13.586655]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.586677]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.586701]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.586724]  ? __kthread_parkme+0x82/0x180
[   13.586744]  ? preempt_count_sub+0x50/0x80
[   13.586768]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.586792]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.586814]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.586836]  kthread+0x337/0x6f0
[   13.586856]  ? trace_preempt_on+0x20/0xc0
[   13.586880]  ? __pfx_kthread+0x10/0x10
[   13.586900]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.586921]  ? calculate_sigpending+0x7b/0xa0
[   13.586945]  ? __pfx_kthread+0x10/0x10
[   13.586966]  ret_from_fork+0x116/0x1d0
[   13.586984]  ? __pfx_kthread+0x10/0x10
[   13.587005]  ret_from_fork_asm+0x1a/0x30
[   13.587038]  </TASK>
[   13.587060] 
[   13.599627] Allocated by task 189:
[   13.599786]  kasan_save_stack+0x45/0x70
[   13.600372]  kasan_save_track+0x18/0x40
[   13.601126]  kasan_save_alloc_info+0x3b/0x50
[   13.601632]  __kasan_kmalloc+0xb7/0xc0
[   13.602093]  __kmalloc_cache_noprof+0x189/0x420
[   13.602620]  kmalloc_oob_memset_2+0xac/0x330
[   13.603136]  kunit_try_run_case+0x1a5/0x480
[   13.603612]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.604212]  kthread+0x337/0x6f0
[   13.604612]  ret_from_fork+0x116/0x1d0
[   13.605062]  ret_from_fork_asm+0x1a/0x30
[   13.605518] 
[   13.605804] The buggy address belongs to the object at ffff888102c3fb00
[   13.605804]  which belongs to the cache kmalloc-128 of size 128
[   13.606603] The buggy address is located 119 bytes inside of
[   13.606603]  allocated 120-byte region [ffff888102c3fb00, ffff888102c3fb78)
[   13.607552] 
[   13.607721] The buggy address belongs to the physical page:
[   13.608451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c3f
[   13.609436] flags: 0x200000000000000(node=0|zone=2)
[   13.609617] page_type: f5(slab)
[   13.609755] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.610603] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.611486] page dumped because: kasan: bad access detected
[   13.612007] 
[   13.612279] Memory state around the buggy address:
[   13.612676]  ffff888102c3fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.613064]  ffff888102c3fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.613294] >ffff888102c3fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   13.613514]                                                                 ^
[   13.613750]  ffff888102c3fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.614577]  ffff888102c3fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.615411] ==================================================================

[   25.041771] ==================================================================
[   25.053177] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330
[   25.060406] Write of size 2 at addr ffff8881066f8277 by task kunit_try_catch/213
[   25.067806] 
[   25.069306] CPU: 3 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G S  B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   25.069315] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   25.069318] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   25.069321] Call Trace:
[   25.069323]  <TASK>
[   25.069325]  dump_stack_lvl+0x73/0xb0
[   25.069346]  print_report+0xd1/0x650
[   25.069351]  ? __virt_addr_valid+0x1db/0x2d0
[   25.069355]  ? kmalloc_oob_memset_2+0x166/0x330
[   25.069359]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.069364]  ? kmalloc_oob_memset_2+0x166/0x330
[   25.069368]  kasan_report+0x141/0x180
[   25.069372]  ? kmalloc_oob_memset_2+0x166/0x330
[   25.069377]  kasan_check_range+0x10c/0x1c0
[   25.069394]  __asan_memset+0x27/0x50
[   25.069397]  kmalloc_oob_memset_2+0x166/0x330
[   25.069401]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   25.069406]  ? __schedule+0x10cc/0x2b60
[   25.069410]  ? ktime_get_ts64+0x83/0x230
[   25.069414]  kunit_try_run_case+0x1a2/0x480
[   25.069418]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.069422]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.069427]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.069431]  ? __kthread_parkme+0x82/0x180
[   25.069434]  ? preempt_count_sub+0x50/0x80
[   25.069438]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.069443]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   25.069447]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.069451]  kthread+0x334/0x6f0
[   25.069455]  ? trace_preempt_on+0x20/0xc0
[   25.069459]  ? __pfx_kthread+0x10/0x10
[   25.069462]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.069466]  ? calculate_sigpending+0x7b/0xa0
[   25.069471]  ? __pfx_kthread+0x10/0x10
[   25.069474]  ret_from_fork+0x113/0x1d0
[   25.069478]  ? __pfx_kthread+0x10/0x10
[   25.069481]  ret_from_fork_asm+0x1a/0x30
[   25.069487]  </TASK>
[   25.069489] 
[   25.238581] Allocated by task 213:
[   25.241987]  kasan_save_stack+0x45/0x70
[   25.245827]  kasan_save_track+0x18/0x40
[   25.249666]  kasan_save_alloc_info+0x3b/0x50
[   25.253941]  __kasan_kmalloc+0xb7/0xc0
[   25.257692]  __kmalloc_cache_noprof+0x189/0x420
[   25.262223]  kmalloc_oob_memset_2+0xac/0x330
[   25.266497]  kunit_try_run_case+0x1a2/0x480
[   25.270683]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   25.276083]  kthread+0x334/0x6f0
[   25.279316]  ret_from_fork+0x113/0x1d0
[   25.283103]  ret_from_fork_asm+0x1a/0x30
[   25.287030] 
[   25.288527] The buggy address belongs to the object at ffff8881066f8200
[   25.288527]  which belongs to the cache kmalloc-128 of size 128
[   25.301041] The buggy address is located 119 bytes inside of
[   25.301041]  allocated 120-byte region [ffff8881066f8200, ffff8881066f8278)
[   25.313645] 
[   25.315143] The buggy address belongs to the physical page:
[   25.320717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066f8
[   25.328725] flags: 0x200000000000000(node=0|zone=2)
[   25.333604] page_type: f5(slab)
[   25.336751] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000
[   25.344498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.352236] page dumped because: kasan: bad access detected
[   25.357809] 
[   25.359309] Memory state around the buggy address:
[   25.364100]  ffff8881066f8100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.371320]  ffff8881066f8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.378567] >ffff8881066f8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   25.385786]                                                                 ^
[   25.392919]  ffff8881066f8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.400136]  ffff8881066f8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.407361] ==================================================================