Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.632055] ================================================================== [ 105.633302] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xd4/0x200 [ 105.634043] Write of size 128 at addr ffff0000c67cd500 by task kunit_try_catch/220 [ 105.634687] [ 105.634916] CPU: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.635586] Hardware name: linux,dummy-virt (DT) [ 105.636052] Call trace: [ 105.636359] dump_backtrace+0xe0/0x134 [ 105.636797] show_stack+0x20/0x2c [ 105.637205] dump_stack_lvl+0x88/0xb4 [ 105.637639] print_report+0x158/0x44c [ 105.638077] kasan_report+0xc8/0x180 [ 105.638502] kasan_check_range+0xe4/0x190 [ 105.639285] memset+0x40/0x70 [ 105.639685] kmalloc_oob_in_memset+0xd4/0x200 [ 105.640194] kunit_try_run_case+0x8c/0x124 [ 105.640990] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.641547] kthread+0x15c/0x170 [ 105.641952] ret_from_fork+0x10/0x20 [ 105.642397] [ 105.642598] Allocated by task 220: [ 105.642936] kasan_save_stack+0x3c/0x70 [ 105.643419] kasan_set_track+0x2c/0x40 [ 105.643870] kasan_save_alloc_info+0x24/0x34 [ 105.644374] __kasan_kmalloc+0xd4/0xe0 [ 105.644821] kmalloc_trace+0x8c/0x150 [ 105.645261] kmalloc_oob_in_memset+0xa0/0x200 [ 105.645791] kunit_try_run_case+0x8c/0x124 [ 105.646279] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.647238] kthread+0x15c/0x170 [ 105.647654] ret_from_fork+0x10/0x20 [ 105.648090] [ 105.648308] The buggy address belongs to the object at ffff0000c67cd500 [ 105.648308] which belongs to the cache kmalloc-128 of size 128 [ 105.649546] The buggy address is located 0 bytes inside of [ 105.649546] 128-byte region [ffff0000c67cd500, ffff0000c67cd580) [ 105.650465] [ 105.650679] The buggy address belongs to the physical page: [ 105.651178] page:00000000e8cb511a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067cd [ 105.651954] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.652879] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.653523] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.654162] page dumped because: kasan: bad access detected [ 105.654651] [ 105.655048] Memory state around the buggy address: [ 105.655476] ffff0000c67cd400: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.656132] ffff0000c67cd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.657193] >ffff0000c67cd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 105.657789] ^ [ 105.658387] ffff0000c67cd580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.659008] ffff0000c67cd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.659626] ==================================================================
[ 75.381535] ================================================================== [ 75.382260] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xa8/0x150 [ 75.382915] Write of size 128 at addr ffff0000c5a47e00 by task kunit_try_catch/136 [ 75.384282] [ 75.384817] CPU: 1 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.385983] Hardware name: linux,dummy-virt (DT) [ 75.386625] Call trace: [ 75.387063] dump_backtrace+0xf8/0x118 [ 75.387751] show_stack+0x18/0x24 [ 75.388367] __dump_stack+0x28/0x38 [ 75.389051] dump_stack_lvl+0x54/0x6c [ 75.389686] print_address_description+0x7c/0x1ec [ 75.390452] print_report+0x50/0x68 [ 75.391092] kasan_report+0xac/0x100 [ 75.391725] kasan_check_range+0x260/0x2a0 [ 75.392428] memset+0x40/0x70 [ 75.393126] kmalloc_oob_in_memset+0xa8/0x150 [ 75.393827] kunit_try_run_case+0x80/0x184 [ 75.394297] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.394822] kthread+0x16c/0x21c [ 75.395330] ret_from_fork+0x10/0x20 [ 75.395814] [ 75.395997] Allocated by task 136: [ 75.396292] kasan_set_track+0x4c/0x80 [ 75.397058] kasan_save_alloc_info+0x28/0x34 [ 75.397741] __kasan_kmalloc+0x88/0xa0 [ 75.398426] kmalloc_trace+0x54/0x68 [ 75.399064] kmalloc_oob_in_memset+0x48/0x150 [ 75.399782] kunit_try_run_case+0x80/0x184 [ 75.400478] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.401393] kthread+0x16c/0x21c [ 75.402047] ret_from_fork+0x10/0x20 [ 75.402658] [ 75.402975] The buggy address belongs to the object at ffff0000c5a47e00 [ 75.402975] which belongs to the cache kmalloc-128 of size 128 [ 75.404355] The buggy address is located 0 bytes inside of [ 75.404355] 128-byte region [ffff0000c5a47e00, ffff0000c5a47e80) [ 75.405691] [ 75.406023] The buggy address belongs to the physical page: [ 75.406626] page:000000003f689bbf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a47 [ 75.407363] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.407943] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.408820] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.409867] page dumped because: kasan: bad access detected [ 75.410561] [ 75.410837] Memory state around the buggy address: [ 75.411382] ffff0000c5a47d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.411918] ffff0000c5a47d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.412409] >ffff0000c5a47e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 75.413181] ^ [ 75.413834] ffff0000c5a47e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.414425] ffff0000c5a47f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.415029] ==================================================================
[ 74.410404] ================================================================== [ 74.411356] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xa8/0x150 [ 74.412340] Write of size 128 at addr ffff0000c5919900 by task kunit_try_catch/136 [ 74.413849] [ 74.414156] CPU: 1 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.415140] Hardware name: linux,dummy-virt (DT) [ 74.416523] Call trace: [ 74.417475] dump_backtrace+0xf4/0x114 [ 74.417951] show_stack+0x18/0x24 [ 74.418352] __dump_stack+0x28/0x38 [ 74.418772] dump_stack_lvl+0x50/0x68 [ 74.419166] print_address_description+0x7c/0x1ec [ 74.419643] print_report+0x50/0x68 [ 74.421615] kasan_report+0xac/0xfc [ 74.422124] kasan_check_range+0x258/0x290 [ 74.422772] memset+0x40/0x70 [ 74.423284] kmalloc_oob_in_memset+0xa8/0x150 [ 74.424062] kunit_try_run_case+0x80/0x184 [ 74.424651] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.425356] kthread+0x16c/0x21c [ 74.425912] ret_from_fork+0x10/0x20 [ 74.426446] [ 74.426769] Allocated by task 136: [ 74.427089] kasan_set_track+0x4c/0x80 [ 74.427713] kasan_save_alloc_info+0x28/0x34 [ 74.428296] __kasan_kmalloc+0x88/0xa0 [ 74.428979] kmalloc_trace+0x54/0x68 [ 74.429479] kmalloc_oob_in_memset+0x48/0x150 [ 74.430039] kunit_try_run_case+0x80/0x184 [ 74.430517] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.431134] kthread+0x16c/0x21c [ 74.431552] ret_from_fork+0x10/0x20 [ 74.432134] [ 74.432346] The buggy address belongs to the object at ffff0000c5919900 [ 74.432346] which belongs to the cache kmalloc-128 of size 128 [ 74.433287] The buggy address is located 0 bytes inside of [ 74.433287] 128-byte region [ffff0000c5919900, ffff0000c5919980) [ 74.434206] [ 74.434424] The buggy address belongs to the physical page: [ 74.434905] page:0000000087a007df refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 74.435697] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.436406] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.437108] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.437718] page dumped because: kasan: bad access detected [ 74.438330] [ 74.438526] Memory state around the buggy address: [ 74.438973] ffff0000c5919800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.439606] ffff0000c5919880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.440360] >ffff0000c5919900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 74.440966] ^ [ 74.441599] ffff0000c5919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.442243] ffff0000c5919a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.442847] ==================================================================
[ 73.014362] ================================================================== [ 73.015734] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xcc/0x1f0 [ 73.016373] Write of size 128 at addr ffff0000c5915000 by task kunit_try_catch/136 [ 73.016859] [ 73.017043] CPU: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.017590] Hardware name: linux,dummy-virt (DT) [ 73.018468] Call trace: [ 73.019370] dump_backtrace.part.0+0xdc/0xf0 [ 73.020176] show_stack+0x18/0x30 [ 73.020981] dump_stack_lvl+0x64/0x80 [ 73.021436] print_report+0x158/0x438 [ 73.021850] kasan_report+0xb4/0xf4 [ 73.022278] kasan_check_range+0xe4/0x190 [ 73.023390] memset+0x40/0x70 [ 73.023753] kmalloc_oob_in_memset+0xcc/0x1f0 [ 73.024165] kunit_try_run_case+0x84/0x120 [ 73.024570] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.025033] kthread+0x180/0x190 [ 73.025352] ret_from_fork+0x10/0x20 [ 73.026429] [ 73.026903] Allocated by task 136: [ 73.027525] kasan_save_stack+0x3c/0x70 [ 73.028299] kasan_set_track+0x2c/0x40 [ 73.029054] kasan_save_alloc_info+0x24/0x34 [ 73.029933] __kasan_kmalloc+0xb8/0xc0 [ 73.030675] kmalloc_trace+0x58/0x6c [ 73.031444] kmalloc_oob_in_memset+0x98/0x1f0 [ 73.032259] kunit_try_run_case+0x84/0x120 [ 73.033014] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.033917] kthread+0x180/0x190 [ 73.034610] ret_from_fork+0x10/0x20 [ 73.035267] [ 73.035586] The buggy address belongs to the object at ffff0000c5915000 [ 73.035586] which belongs to the cache kmalloc-128 of size 128 [ 73.037005] The buggy address is located 0 bytes inside of [ 73.037005] 128-byte region [ffff0000c5915000, ffff0000c5915080) [ 73.038490] [ 73.038829] The buggy address belongs to the physical page: [ 73.039595] page:0000000033330a0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105915 [ 73.040701] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.041422] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.042359] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.043241] page dumped because: kasan: bad access detected [ 73.043891] [ 73.044142] Memory state around the buggy address: [ 73.044584] ffff0000c5914f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.045050] ffff0000c5914f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.045603] >ffff0000c5915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 73.046578] ^ [ 73.047494] ffff0000c5915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.048443] ffff0000c5915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.049340] ==================================================================
[ 64.588010] ================================================================== [ 64.588783] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xe0/0x1e8 [ 64.589437] Write of size 128 at addr ffff0000c58b8600 by task kunit_try_catch/134 [ 64.589998] [ 64.590262] CPU: 0 PID: 134 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.590850] Hardware name: linux,dummy-virt (DT) [ 64.591285] Call trace: [ 64.591498] dump_backtrace+0x110/0x120 [ 64.591931] show_stack+0x18/0x28 [ 64.592344] dump_stack_lvl+0x68/0x84 [ 64.592733] print_report+0x158/0x484 [ 64.593123] kasan_report+0x98/0xe0 [ 64.593570] kasan_check_range+0x160/0x1d8 [ 64.594049] memset+0x3c/0x80 [ 64.594397] kmalloc_oob_in_memset+0xe0/0x1e8 [ 64.594835] kunit_try_run_case+0x7c/0x120 [ 64.595272] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.595765] kthread+0x1a4/0x1b8 [ 64.596105] ret_from_fork+0x10/0x20 [ 64.596494] [ 64.596662] Allocated by task 134: [ 64.596994] kasan_save_stack+0x2c/0x58 [ 64.597376] kasan_set_track+0x2c/0x40 [ 64.597762] kasan_save_alloc_info+0x24/0x38 [ 64.598212] __kasan_kmalloc+0xa0/0xb8 [ 64.598620] kmalloc_trace+0x50/0x68 [ 64.598957] kmalloc_oob_in_memset+0xa8/0x1e8 [ 64.599421] kunit_try_run_case+0x7c/0x120 [ 64.599852] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.600347] kthread+0x1a4/0x1b8 [ 64.600702] ret_from_fork+0x10/0x20 [ 64.601068] [ 64.601264] The buggy address belongs to the object at ffff0000c58b8600 [ 64.601264] which belongs to the cache kmalloc-128 of size 128 [ 64.602068] The buggy address is located 0 bytes inside of [ 64.602068] 128-byte region [ffff0000c58b8600, ffff0000c58b8680) [ 64.603020] [ 64.603258] The buggy address belongs to the physical page: [ 64.603773] page:0000000079d9b0ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058b8 [ 64.604397] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.605039] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.605747] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.606319] page dumped because: kasan: bad access detected [ 64.606745] [ 64.606921] Memory state around the buggy address: [ 64.607321] ffff0000c58b8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.607846] ffff0000c58b8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.608394] >ffff0000c58b8600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.608902] ^ [ 64.609443] ffff0000c58b8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.610026] ffff0000c58b8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.610573] ==================================================================
[ 30.878208] ================================================================== [ 30.878829] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.879233] Write of size 128 at addr ffff8881030dea00 by task kunit_try_catch/240 [ 30.879717] [ 30.879842] CPU: 1 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.880272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.880905] Call Trace: [ 30.881074] <TASK> [ 30.881247] dump_stack_lvl+0x49/0x62 [ 30.881475] print_report+0x189/0x492 [ 30.881919] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.882239] ? kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.882627] kasan_report+0x10c/0x190 [ 30.882895] ? kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.883200] kasan_check_range+0x10b/0x1c0 [ 30.883838] memset+0x23/0x50 [ 30.884049] kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.884361] ? kmalloc_oob_memset_2+0x1d0/0x1d0 [ 30.884704] ? __kunit_add_resource+0xd1/0x100 [ 30.885009] kunit_try_run_case+0x8f/0xd0 [ 30.885291] ? kunit_catch_run_case+0x80/0x80 [ 30.885642] ? kunit_try_catch_throw+0x40/0x40 [ 30.885884] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.886232] kthread+0x17b/0x1b0 [ 30.886528] ? kthread_complete_and_exit+0x30/0x30 [ 30.886831] ret_from_fork+0x22/0x30 [ 30.887143] </TASK> [ 30.887343] [ 30.887549] Allocated by task 240: [ 30.887742] kasan_save_stack+0x41/0x70 [ 30.888013] kasan_set_track+0x25/0x40 [ 30.888226] kasan_save_alloc_info+0x1e/0x30 [ 30.888849] __kasan_kmalloc+0xb6/0xc0 [ 30.889085] kmalloc_trace+0x48/0xb0 [ 30.889397] kmalloc_oob_in_memset+0x9b/0x1d0 [ 30.889791] kunit_try_run_case+0x8f/0xd0 [ 30.890035] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.890371] kthread+0x17b/0x1b0 [ 30.890657] ret_from_fork+0x22/0x30 [ 30.890897] [ 30.891011] The buggy address belongs to the object at ffff8881030dea00 [ 30.891011] which belongs to the cache kmalloc-128 of size 128 [ 30.891733] The buggy address is located 0 bytes inside of [ 30.891733] 128-byte region [ffff8881030dea00, ffff8881030dea80) [ 30.892268] [ 30.892391] The buggy address belongs to the physical page: [ 30.892763] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030de [ 30.893255] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.893661] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.894157] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.894827] page dumped because: kasan: bad access detected [ 30.895101] [ 30.895227] Memory state around the buggy address: [ 30.895508] ffff8881030de900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.895837] ffff8881030de980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.896294] >ffff8881030dea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.896738] ^ [ 30.897087] ffff8881030dea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.897456] ffff8881030deb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.897801] ==================================================================