Hay
Date
July 20, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.580005] ==================================================================
[   16.580245] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0
[   16.580380] Write of size 128 at addr fff00000c3edd400 by task kunit_try_catch/170
[   16.580430] 
[   16.580472] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   16.580668] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.580771] Hardware name: linux,dummy-virt (DT)
[   16.580801] Call trace:
[   16.580824]  show_stack+0x20/0x38 (C)
[   16.580872]  dump_stack_lvl+0x8c/0xd0
[   16.580930]  print_report+0x118/0x5d0
[   16.581012]  kasan_report+0xdc/0x128
[   16.581278]  kasan_check_range+0x100/0x1a8
[   16.581365]  __asan_memset+0x34/0x78
[   16.581434]  kmalloc_oob_in_memset+0x144/0x2d0
[   16.581480]  kunit_try_run_case+0x170/0x3f0
[   16.581569]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.581627]  kthread+0x328/0x630
[   16.581756]  ret_from_fork+0x10/0x20
[   16.581843] 
[   16.582100] Allocated by task 170:
[   16.582135]  kasan_save_stack+0x3c/0x68
[   16.582418]  kasan_save_track+0x20/0x40
[   16.582506]  kasan_save_alloc_info+0x40/0x58
[   16.582612]  __kasan_kmalloc+0xd4/0xd8
[   16.582659]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.582698]  kmalloc_oob_in_memset+0xb0/0x2d0
[   16.582758]  kunit_try_run_case+0x170/0x3f0
[   16.582795]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.582838]  kthread+0x328/0x630
[   16.583032]  ret_from_fork+0x10/0x20
[   16.583071] 
[   16.583134] The buggy address belongs to the object at fff00000c3edd400
[   16.583134]  which belongs to the cache kmalloc-128 of size 128
[   16.583216] The buggy address is located 0 bytes inside of
[   16.583216]  allocated 120-byte region [fff00000c3edd400, fff00000c3edd478)
[   16.583410] 
[   16.583432] The buggy address belongs to the physical page:
[   16.583470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103edd
[   16.583627] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.583750] page_type: f5(slab)
[   16.583790] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.583839] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.583927] page dumped because: kasan: bad access detected
[   16.583987] 
[   16.584110] Memory state around the buggy address:
[   16.584187]  fff00000c3edd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.584253]  fff00000c3edd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.584294] >fff00000c3edd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.584383]                                                                 ^
[   16.584881]  fff00000c3edd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.585112]  fff00000c3edd500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.585407] ==================================================================

[   16.563848] ==================================================================
[   16.563911] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0
[   16.564130] Write of size 128 at addr fff00000c58dc800 by task kunit_try_catch/170
[   16.564375] 
[   16.564431] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   16.564709] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.564776] Hardware name: linux,dummy-virt (DT)
[   16.564812] Call trace:
[   16.564942]  show_stack+0x20/0x38 (C)
[   16.565069]  dump_stack_lvl+0x8c/0xd0
[   16.565206]  print_report+0x118/0x5d0
[   16.565305]  kasan_report+0xdc/0x128
[   16.565367]  kasan_check_range+0x100/0x1a8
[   16.565414]  __asan_memset+0x34/0x78
[   16.565463]  kmalloc_oob_in_memset+0x144/0x2d0
[   16.565510]  kunit_try_run_case+0x170/0x3f0
[   16.565559]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.566054]  kthread+0x328/0x630
[   16.566601]  ret_from_fork+0x10/0x20
[   16.566841] 
[   16.566954] Allocated by task 170:
[   16.567054]  kasan_save_stack+0x3c/0x68
[   16.567125]  kasan_save_track+0x20/0x40
[   16.567496]  kasan_save_alloc_info+0x40/0x58
[   16.567706]  __kasan_kmalloc+0xd4/0xd8
[   16.567813]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.567926]  kmalloc_oob_in_memset+0xb0/0x2d0
[   16.567994]  kunit_try_run_case+0x170/0x3f0
[   16.568060]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.568278]  kthread+0x328/0x630
[   16.568499]  ret_from_fork+0x10/0x20
[   16.568643] 
[   16.568713] The buggy address belongs to the object at fff00000c58dc800
[   16.568713]  which belongs to the cache kmalloc-128 of size 128
[   16.569089] The buggy address is located 0 bytes inside of
[   16.569089]  allocated 120-byte region [fff00000c58dc800, fff00000c58dc878)
[   16.569159] 
[   16.569501] The buggy address belongs to the physical page:
[   16.569739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058dc
[   16.569860] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.570058] page_type: f5(slab)
[   16.570256] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.570415] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.570483] page dumped because: kasan: bad access detected
[   16.570586] 
[   16.570609] Memory state around the buggy address:
[   16.570674]  fff00000c58dc700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.570718]  fff00000c58dc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.570760] >fff00000c58dc800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.570797]                                                                 ^
[   16.570847]  fff00000c58dc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.570894]  fff00000c58dc900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.570932] ==================================================================

[   12.708300] ==================================================================
[   12.709136] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320
[   12.709511] Write of size 128 at addr ffff88810313a400 by task kunit_try_catch/188
[   12.710264] 
[   12.710388] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.710443] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.710455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.710476] Call Trace:
[   12.710489]  <TASK>
[   12.710505]  dump_stack_lvl+0x73/0xb0
[   12.710535]  print_report+0xd1/0x610
[   12.710557]  ? __virt_addr_valid+0x1db/0x2d0
[   12.710579]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.710602]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.710624]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.710646]  kasan_report+0x141/0x180
[   12.710668]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.710696]  kasan_check_range+0x10c/0x1c0
[   12.710719]  __asan_memset+0x27/0x50
[   12.710739]  kmalloc_oob_in_memset+0x15f/0x320
[   12.710761]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   12.710783]  ? __schedule+0x10c6/0x2b60
[   12.710805]  ? __pfx_read_tsc+0x10/0x10
[   12.710826]  ? ktime_get_ts64+0x86/0x230
[   12.710851]  kunit_try_run_case+0x1a5/0x480
[   12.710875]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.710897]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.710920]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.710943]  ? __kthread_parkme+0x82/0x180
[   12.710963]  ? preempt_count_sub+0x50/0x80
[   12.710987]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.711010]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.711033]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.711056]  kthread+0x337/0x6f0
[   12.711075]  ? trace_preempt_on+0x20/0xc0
[   12.711099]  ? __pfx_kthread+0x10/0x10
[   12.711120]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.711141]  ? calculate_sigpending+0x7b/0xa0
[   12.711164]  ? __pfx_kthread+0x10/0x10
[   12.711186]  ret_from_fork+0x116/0x1d0
[   12.711204]  ? __pfx_kthread+0x10/0x10
[   12.711224]  ret_from_fork_asm+0x1a/0x30
[   12.711328]  </TASK>
[   12.711339] 
[   12.719559] Allocated by task 188:
[   12.719783]  kasan_save_stack+0x45/0x70
[   12.719988]  kasan_save_track+0x18/0x40
[   12.720367]  kasan_save_alloc_info+0x3b/0x50
[   12.720578]  __kasan_kmalloc+0xb7/0xc0
[   12.720757]  __kmalloc_cache_noprof+0x189/0x420
[   12.721000]  kmalloc_oob_in_memset+0xac/0x320
[   12.721409]  kunit_try_run_case+0x1a5/0x480
[   12.721612]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.721841]  kthread+0x337/0x6f0
[   12.722020]  ret_from_fork+0x116/0x1d0
[   12.722214]  ret_from_fork_asm+0x1a/0x30
[   12.722470] 
[   12.722586] The buggy address belongs to the object at ffff88810313a400
[   12.722586]  which belongs to the cache kmalloc-128 of size 128
[   12.723119] The buggy address is located 0 bytes inside of
[   12.723119]  allocated 120-byte region [ffff88810313a400, ffff88810313a478)
[   12.723532] 
[   12.723610] The buggy address belongs to the physical page:
[   12.723786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a
[   12.724113] flags: 0x200000000000000(node=0|zone=2)
[   12.724430] page_type: f5(slab)
[   12.724603] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.724925] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.725450] page dumped because: kasan: bad access detected
[   12.725734] 
[   12.725830] Memory state around the buggy address:
[   12.726197]  ffff88810313a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.726827]  ffff88810313a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.727324] >ffff88810313a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.727686]                                                                 ^
[   12.727995]  ffff88810313a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.728371]  ffff88810313a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.728762] ==================================================================

[   12.828633] ==================================================================
[   12.829424] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320
[   12.829752] Write of size 128 at addr ffff888102a3ed00 by task kunit_try_catch/187
[   12.830171] 
[   12.830281] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.830331] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.830342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.830365] Call Trace:
[   12.830378]  <TASK>
[   12.830397]  dump_stack_lvl+0x73/0xb0
[   12.830480]  print_report+0xd1/0x610
[   12.830520]  ? __virt_addr_valid+0x1db/0x2d0
[   12.830545]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.830566]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.830587]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.830609]  kasan_report+0x141/0x180
[   12.830640]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.830665]  kasan_check_range+0x10c/0x1c0
[   12.830688]  __asan_memset+0x27/0x50
[   12.830717]  kmalloc_oob_in_memset+0x15f/0x320
[   12.830739]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   12.830761]  ? __schedule+0x10c6/0x2b60
[   12.830783]  ? __pfx_read_tsc+0x10/0x10
[   12.830805]  ? ktime_get_ts64+0x86/0x230
[   12.830830]  kunit_try_run_case+0x1a5/0x480
[   12.830856]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.830878]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.830910]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.830984]  ? __kthread_parkme+0x82/0x180
[   12.831006]  ? preempt_count_sub+0x50/0x80
[   12.831031]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.831054]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.831076]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.831099]  kthread+0x337/0x6f0
[   12.831118]  ? trace_preempt_on+0x20/0xc0
[   12.831142]  ? __pfx_kthread+0x10/0x10
[   12.831170]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.831190]  ? calculate_sigpending+0x7b/0xa0
[   12.831215]  ? __pfx_kthread+0x10/0x10
[   12.831235]  ret_from_fork+0x116/0x1d0
[   12.831254]  ? __pfx_kthread+0x10/0x10
[   12.831273]  ret_from_fork_asm+0x1a/0x30
[   12.831304]  </TASK>
[   12.831315] 
[   12.839598] Allocated by task 187:
[   12.839787]  kasan_save_stack+0x45/0x70
[   12.840163]  kasan_save_track+0x18/0x40
[   12.840317]  kasan_save_alloc_info+0x3b/0x50
[   12.840547]  __kasan_kmalloc+0xb7/0xc0
[   12.840768]  __kmalloc_cache_noprof+0x189/0x420
[   12.841076]  kmalloc_oob_in_memset+0xac/0x320
[   12.841313]  kunit_try_run_case+0x1a5/0x480
[   12.841467]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.841773]  kthread+0x337/0x6f0
[   12.841943]  ret_from_fork+0x116/0x1d0
[   12.842250]  ret_from_fork_asm+0x1a/0x30
[   12.842564] 
[   12.842639] The buggy address belongs to the object at ffff888102a3ed00
[   12.842639]  which belongs to the cache kmalloc-128 of size 128
[   12.843309] The buggy address is located 0 bytes inside of
[   12.843309]  allocated 120-byte region [ffff888102a3ed00, ffff888102a3ed78)
[   12.843898] 
[   12.844018] The buggy address belongs to the physical page:
[   12.844470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3e
[   12.844822] flags: 0x200000000000000(node=0|zone=2)
[   12.845123] page_type: f5(slab)
[   12.845265] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.845500] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.845729] page dumped because: kasan: bad access detected
[   12.845973] 
[   12.846082] Memory state around the buggy address:
[   12.846361]  ffff888102a3ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.846707]  ffff888102a3ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.846993] >ffff888102a3ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.847399]                                                                 ^
[   12.847719]  ffff888102a3ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.848261]  ffff888102a3ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.848612] ==================================================================