Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.768944] ================================================================== [ 105.770052] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xd8/0x200 [ 105.770815] Write of size 16 at addr ffff0000c66f6369 by task kunit_try_catch/224 [ 105.771457] [ 105.771698] CPU: 1 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.772375] Hardware name: linux,dummy-virt (DT) [ 105.773641] Call trace: [ 105.773917] dump_backtrace+0xe0/0x134 [ 105.774385] show_stack+0x20/0x2c [ 105.774802] dump_stack_lvl+0x88/0xb4 [ 105.775218] print_report+0x158/0x44c [ 105.775565] kasan_report+0xc8/0x180 [ 105.775943] kasan_check_range+0xe4/0x190 [ 105.776433] memset+0x40/0x70 [ 105.776864] kmalloc_oob_memset_16+0xd8/0x200 [ 105.777447] kunit_try_run_case+0x8c/0x124 [ 105.777999] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.778613] kthread+0x15c/0x170 [ 105.779847] ret_from_fork+0x10/0x20 [ 105.780283] [ 105.780484] Allocated by task 224: [ 105.781150] kasan_save_stack+0x3c/0x70 [ 105.781605] kasan_set_track+0x2c/0x40 [ 105.782017] kasan_save_alloc_info+0x24/0x34 [ 105.782509] __kasan_kmalloc+0xd4/0xe0 [ 105.782925] kmalloc_trace+0x8c/0x150 [ 105.783347] kmalloc_oob_memset_16+0xa0/0x200 [ 105.783878] kunit_try_run_case+0x8c/0x124 [ 105.784509] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.786111] kthread+0x15c/0x170 [ 105.786652] ret_from_fork+0x10/0x20 [ 105.787225] [ 105.787496] The buggy address belongs to the object at ffff0000c66f6300 [ 105.787496] which belongs to the cache kmalloc-128 of size 128 [ 105.788303] The buggy address is located 105 bytes inside of [ 105.788303] 128-byte region [ffff0000c66f6300, ffff0000c66f6380) [ 105.790012] [ 105.790291] The buggy address belongs to the physical page: [ 105.790969] page:000000008cb3a959 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066f6 [ 105.792050] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.793552] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.794168] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.794814] page dumped because: kasan: bad access detected [ 105.795291] [ 105.795490] Memory state around the buggy address: [ 105.795952] ffff0000c66f6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.796662] ffff0000c66f6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.797305] >ffff0000c66f6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 105.797913] ^ [ 105.798503] ffff0000c66f6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.799501] ffff0000c66f6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.800110] ==================================================================
[ 75.528059] ================================================================== [ 75.529016] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xac/0x154 [ 75.530085] Write of size 16 at addr ffff0000c5a46469 by task kunit_try_catch/140 [ 75.530932] [ 75.531199] CPU: 1 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.532018] Hardware name: linux,dummy-virt (DT) [ 75.532545] Call trace: [ 75.532997] dump_backtrace+0xf8/0x118 [ 75.533601] show_stack+0x18/0x24 [ 75.534180] __dump_stack+0x28/0x38 [ 75.534637] dump_stack_lvl+0x54/0x6c [ 75.535147] print_address_description+0x7c/0x1ec [ 75.535704] print_report+0x50/0x68 [ 75.536281] kasan_report+0xac/0x100 [ 75.537018] kasan_check_range+0x260/0x2a0 [ 75.537619] memset+0x40/0x70 [ 75.538111] kmalloc_oob_memset_16+0xac/0x154 [ 75.538590] kunit_try_run_case+0x80/0x184 [ 75.539182] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.539878] kthread+0x16c/0x21c [ 75.540422] ret_from_fork+0x10/0x20 [ 75.541012] [ 75.541342] Allocated by task 140: [ 75.541699] kasan_set_track+0x4c/0x80 [ 75.542366] kasan_save_alloc_info+0x28/0x34 [ 75.542926] __kasan_kmalloc+0x88/0xa0 [ 75.543387] kmalloc_trace+0x54/0x68 [ 75.543920] kmalloc_oob_memset_16+0x48/0x154 [ 75.544418] kunit_try_run_case+0x80/0x184 [ 75.545079] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.545814] kthread+0x16c/0x21c [ 75.546221] ret_from_fork+0x10/0x20 [ 75.546629] [ 75.546849] The buggy address belongs to the object at ffff0000c5a46400 [ 75.546849] which belongs to the cache kmalloc-128 of size 128 [ 75.547729] The buggy address is located 105 bytes inside of [ 75.547729] 128-byte region [ffff0000c5a46400, ffff0000c5a46480) [ 75.548628] [ 75.549104] The buggy address belongs to the physical page: [ 75.549555] page:00000000e850444c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a46 [ 75.550346] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.551076] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.551774] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.552444] page dumped because: kasan: bad access detected [ 75.553011] [ 75.553201] Memory state around the buggy address: [ 75.553558] ffff0000c5a46300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.554089] ffff0000c5a46380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.554661] >ffff0000c5a46400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 75.555331] ^ [ 75.555933] ffff0000c5a46480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.556559] ffff0000c5a46500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.557145] ==================================================================
[ 74.558770] ================================================================== [ 74.559523] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xac/0x154 [ 74.560403] Write of size 16 at addr ffff0000c5a09d69 by task kunit_try_catch/140 [ 74.560946] [ 74.561146] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.561761] Hardware name: linux,dummy-virt (DT) [ 74.562978] Call trace: [ 74.563571] dump_backtrace+0xf4/0x114 [ 74.564430] show_stack+0x18/0x24 [ 74.565201] __dump_stack+0x28/0x38 [ 74.565944] dump_stack_lvl+0x50/0x68 [ 74.566594] print_address_description+0x7c/0x1ec [ 74.567391] print_report+0x50/0x68 [ 74.568158] kasan_report+0xac/0xfc [ 74.568937] kasan_check_range+0x258/0x290 [ 74.569658] memset+0x40/0x70 [ 74.570217] kmalloc_oob_memset_16+0xac/0x154 [ 74.570946] kunit_try_run_case+0x80/0x184 [ 74.571649] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.572624] kthread+0x16c/0x21c [ 74.573254] ret_from_fork+0x10/0x20 [ 74.573902] [ 74.574217] Allocated by task 140: [ 74.574756] kasan_set_track+0x4c/0x80 [ 74.575439] kasan_save_alloc_info+0x28/0x34 [ 74.576191] __kasan_kmalloc+0x88/0xa0 [ 74.576921] kmalloc_trace+0x54/0x68 [ 74.577505] kmalloc_oob_memset_16+0x48/0x154 [ 74.577945] kunit_try_run_case+0x80/0x184 [ 74.578364] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.579049] kthread+0x16c/0x21c [ 74.579661] ret_from_fork+0x10/0x20 [ 74.580338] [ 74.580628] The buggy address belongs to the object at ffff0000c5a09d00 [ 74.580628] which belongs to the cache kmalloc-128 of size 128 [ 74.582073] The buggy address is located 105 bytes inside of [ 74.582073] 128-byte region [ffff0000c5a09d00, ffff0000c5a09d80) [ 74.583470] [ 74.583827] The buggy address belongs to the physical page: [ 74.584578] page:000000009f2754ee refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a09 [ 74.585744] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.586706] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.587686] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.588713] page dumped because: kasan: bad access detected [ 74.589437] [ 74.589731] Memory state around the buggy address: [ 74.590265] ffff0000c5a09c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.590777] ffff0000c5a09c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.591674] >ffff0000c5a09d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 74.592694] ^ [ 74.593820] ffff0000c5a09d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.594719] ffff0000c5a09e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.595599] ==================================================================
[ 73.159096] ================================================================== [ 73.159829] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xd0/0x200 [ 73.160385] Write of size 16 at addr ffff0000c5915869 by task kunit_try_catch/140 [ 73.161413] [ 73.161729] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.163101] Hardware name: linux,dummy-virt (DT) [ 73.163708] Call trace: [ 73.164069] dump_backtrace.part.0+0xdc/0xf0 [ 73.164739] show_stack+0x18/0x30 [ 73.165292] dump_stack_lvl+0x64/0x80 [ 73.166292] print_report+0x158/0x438 [ 73.166892] kasan_report+0xb4/0xf4 [ 73.167430] kasan_check_range+0xe4/0x190 [ 73.168028] memset+0x40/0x70 [ 73.168527] kmalloc_oob_memset_16+0xd0/0x200 [ 73.169166] kunit_try_run_case+0x84/0x120 [ 73.169928] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.170514] kthread+0x180/0x190 [ 73.170841] ret_from_fork+0x10/0x20 [ 73.171183] [ 73.171348] Allocated by task 140: [ 73.171820] kasan_save_stack+0x3c/0x70 [ 73.172382] kasan_set_track+0x2c/0x40 [ 73.172942] kasan_save_alloc_info+0x24/0x34 [ 73.173570] __kasan_kmalloc+0xb8/0xc0 [ 73.174270] kmalloc_trace+0x58/0x6c [ 73.174848] kmalloc_oob_memset_16+0x98/0x200 [ 73.175504] kunit_try_run_case+0x84/0x120 [ 73.176109] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.176853] kthread+0x180/0x190 [ 73.177353] ret_from_fork+0x10/0x20 [ 73.178078] [ 73.178843] The buggy address belongs to the object at ffff0000c5915800 [ 73.178843] which belongs to the cache kmalloc-128 of size 128 [ 73.179893] The buggy address is located 105 bytes inside of [ 73.179893] 128-byte region [ffff0000c5915800, ffff0000c5915880) [ 73.180586] [ 73.180799] The buggy address belongs to the physical page: [ 73.181301] page:0000000033330a0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105915 [ 73.182357] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.183012] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.183675] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.184271] page dumped because: kasan: bad access detected [ 73.184670] [ 73.184889] Memory state around the buggy address: [ 73.185334] ffff0000c5915700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.186133] ffff0000c5915780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.186752] >ffff0000c5915800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 73.187327] ^ [ 73.187918] ffff0000c5915880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.188518] ffff0000c5915900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.189081] ==================================================================
[ 64.694625] ================================================================== [ 64.695422] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xe4/0x1f0 [ 64.696040] Write of size 16 at addr ffff0000c58b8b69 by task kunit_try_catch/138 [ 64.696686] [ 64.696879] CPU: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.697525] Hardware name: linux,dummy-virt (DT) [ 64.697873] Call trace: [ 64.698132] dump_backtrace+0x110/0x120 [ 64.698569] show_stack+0x18/0x28 [ 64.699011] dump_stack_lvl+0x68/0x84 [ 64.699468] print_report+0x158/0x484 [ 64.699838] kasan_report+0x98/0xe0 [ 64.700173] kasan_check_range+0x160/0x1d8 [ 64.700589] memset+0x3c/0x80 [ 64.700940] kmalloc_oob_memset_16+0xe4/0x1f0 [ 64.701383] kunit_try_run_case+0x7c/0x120 [ 64.701816] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.702359] kthread+0x1a4/0x1b8 [ 64.702734] ret_from_fork+0x10/0x20 [ 64.703114] [ 64.703372] Allocated by task 138: [ 64.703735] kasan_save_stack+0x2c/0x58 [ 64.704112] kasan_set_track+0x2c/0x40 [ 64.704519] kasan_save_alloc_info+0x24/0x38 [ 64.704955] __kasan_kmalloc+0xa0/0xb8 [ 64.705359] kmalloc_trace+0x50/0x68 [ 64.705707] kmalloc_oob_memset_16+0xa8/0x1f0 [ 64.706147] kunit_try_run_case+0x7c/0x120 [ 64.706567] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.707068] kthread+0x1a4/0x1b8 [ 64.707423] ret_from_fork+0x10/0x20 [ 64.707780] [ 64.707962] The buggy address belongs to the object at ffff0000c58b8b00 [ 64.707962] which belongs to the cache kmalloc-128 of size 128 [ 64.708782] The buggy address is located 105 bytes inside of [ 64.708782] 128-byte region [ffff0000c58b8b00, ffff0000c58b8b80) [ 64.709609] [ 64.709803] The buggy address belongs to the physical page: [ 64.710174] page:0000000079d9b0ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058b8 [ 64.710925] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.711591] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.712322] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.712866] page dumped because: kasan: bad access detected [ 64.713285] [ 64.713497] Memory state around the buggy address: [ 64.713942] ffff0000c58b8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 64.714517] ffff0000c58b8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.715149] >ffff0000c58b8b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.715710] ^ [ 64.716248] ffff0000c58b8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.716817] ffff0000c58b8c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.717289] ==================================================================
[ 30.990517] ================================================================== [ 30.991127] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.991568] Write of size 16 at addr ffff888103497669 by task kunit_try_catch/244 [ 30.991911] [ 30.992031] CPU: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.992451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.992867] Call Trace: [ 30.993013] <TASK> [ 30.993174] dump_stack_lvl+0x49/0x62 [ 30.994006] print_report+0x189/0x492 [ 30.994277] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.994746] ? kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.995014] kasan_report+0x10c/0x190 [ 30.995235] ? kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.995591] kasan_check_range+0x10b/0x1c0 [ 30.995799] memset+0x23/0x50 [ 30.996003] kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.996235] ? kmalloc_uaf_memset+0x1c0/0x1c0 [ 30.996661] ? __kunit_add_resource+0xd1/0x100 [ 30.996929] kunit_try_run_case+0x8f/0xd0 [ 30.997191] ? kunit_catch_run_case+0x80/0x80 [ 30.997418] ? kunit_try_catch_throw+0x40/0x40 [ 30.997809] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.998135] kthread+0x17b/0x1b0 [ 30.998352] ? kthread_complete_and_exit+0x30/0x30 [ 30.998656] ret_from_fork+0x22/0x30 [ 30.998993] </TASK> [ 30.999148] [ 30.999268] Allocated by task 244: [ 30.999823] kasan_save_stack+0x41/0x70 [ 31.000059] kasan_set_track+0x25/0x40 [ 31.000298] kasan_save_alloc_info+0x1e/0x30 [ 31.000529] __kasan_kmalloc+0xb6/0xc0 [ 31.000735] kmalloc_trace+0x48/0xb0 [ 31.000939] kmalloc_oob_memset_16+0x9b/0x1d0 [ 31.001200] kunit_try_run_case+0x8f/0xd0 [ 31.002000] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.002340] kthread+0x17b/0x1b0 [ 31.002718] ret_from_fork+0x22/0x30 [ 31.002908] [ 31.003143] The buggy address belongs to the object at ffff888103497600 [ 31.003143] which belongs to the cache kmalloc-128 of size 128 [ 31.003900] The buggy address is located 105 bytes inside of [ 31.003900] 128-byte region [ffff888103497600, ffff888103497680) [ 31.004851] [ 31.004988] The buggy address belongs to the physical page: [ 31.005518] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103497 [ 31.005942] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.006399] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 31.006959] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.007571] page dumped because: kasan: bad access detected [ 31.007961] [ 31.008199] Memory state around the buggy address: [ 31.008723] ffff888103497500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.009212] ffff888103497580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.009824] >ffff888103497600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.010186] ^ [ 31.010721] ffff888103497680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011048] ffff888103497700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011549] ==================================================================