Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.664204] ================================================================== [ 105.665947] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xd8/0x200 [ 105.666636] Write of size 2 at addr ffff0000c67cd677 by task kunit_try_catch/221 [ 105.667246] [ 105.667490] CPU: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.668224] Hardware name: linux,dummy-virt (DT) [ 105.669509] Call trace: [ 105.669799] dump_backtrace+0xe0/0x134 [ 105.670261] show_stack+0x20/0x2c [ 105.670691] dump_stack_lvl+0x88/0xb4 [ 105.671174] print_report+0x158/0x44c [ 105.671625] kasan_report+0xc8/0x180 [ 105.672090] kasan_check_range+0xe4/0x190 [ 105.673437] memset+0x40/0x70 [ 105.673852] kmalloc_oob_memset_2+0xd8/0x200 [ 105.674349] kunit_try_run_case+0x8c/0x124 [ 105.674850] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.675401] kthread+0x15c/0x170 [ 105.675808] ret_from_fork+0x10/0x20 [ 105.676241] [ 105.676442] Allocated by task 221: [ 105.676788] kasan_save_stack+0x3c/0x70 [ 105.677290] kasan_set_track+0x2c/0x40 [ 105.677688] kasan_save_alloc_info+0x24/0x34 [ 105.678653] __kasan_kmalloc+0xd4/0xe0 [ 105.679108] kmalloc_trace+0x8c/0x150 [ 105.679544] kmalloc_oob_memset_2+0xa0/0x200 [ 105.680079] kunit_try_run_case+0x8c/0x124 [ 105.681427] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.682019] kthread+0x15c/0x170 [ 105.682441] ret_from_fork+0x10/0x20 [ 105.682878] [ 105.683070] The buggy address belongs to the object at ffff0000c67cd600 [ 105.683070] which belongs to the cache kmalloc-128 of size 128 [ 105.684024] The buggy address is located 119 bytes inside of [ 105.684024] 128-byte region [ffff0000c67cd600, ffff0000c67cd680) [ 105.685020] [ 105.685263] The buggy address belongs to the physical page: [ 105.685738] page:00000000e8cb511a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067cd [ 105.686528] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.687217] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.688247] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.689641] page dumped because: kasan: bad access detected [ 105.690147] [ 105.690332] Memory state around the buggy address: [ 105.690804] ffff0000c67cd500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.691424] ffff0000c67cd580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.692042] >ffff0000c67cd600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 105.693046] ^ [ 105.693614] ffff0000c67cd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.694266] ffff0000c67cd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.694862] ==================================================================
[ 75.418564] ================================================================== [ 75.419412] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xac/0x154 [ 75.420103] Write of size 2 at addr ffff0000c5a76777 by task kunit_try_catch/137 [ 75.420649] [ 75.420898] CPU: 0 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.421823] Hardware name: linux,dummy-virt (DT) [ 75.422251] Call trace: [ 75.422515] dump_backtrace+0xf8/0x118 [ 75.423176] show_stack+0x18/0x24 [ 75.423605] __dump_stack+0x28/0x38 [ 75.424072] dump_stack_lvl+0x54/0x6c [ 75.424497] print_address_description+0x7c/0x1ec [ 75.425507] print_report+0x50/0x68 [ 75.425958] kasan_report+0xac/0x100 [ 75.426415] kasan_check_range+0x260/0x2a0 [ 75.426904] memset+0x40/0x70 [ 75.427299] kmalloc_oob_memset_2+0xac/0x154 [ 75.427774] kunit_try_run_case+0x80/0x184 [ 75.428243] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.429310] kthread+0x16c/0x21c [ 75.429778] ret_from_fork+0x10/0x20 [ 75.430219] [ 75.430408] Allocated by task 137: [ 75.430752] kasan_set_track+0x4c/0x80 [ 75.431234] kasan_save_alloc_info+0x28/0x34 [ 75.431721] __kasan_kmalloc+0x88/0xa0 [ 75.432171] kmalloc_trace+0x54/0x68 [ 75.432629] kmalloc_oob_memset_2+0x48/0x154 [ 75.433140] kunit_try_run_case+0x80/0x184 [ 75.433625] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.434190] kthread+0x16c/0x21c [ 75.434590] ret_from_fork+0x10/0x20 [ 75.435483] [ 75.435681] The buggy address belongs to the object at ffff0000c5a76700 [ 75.435681] which belongs to the cache kmalloc-128 of size 128 [ 75.436939] The buggy address is located 119 bytes inside of [ 75.436939] 128-byte region [ffff0000c5a76700, ffff0000c5a76780) [ 75.437814] [ 75.438035] The buggy address belongs to the physical page: [ 75.438514] page:00000000e5b61371 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a76 [ 75.439308] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.440006] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.441200] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.441822] page dumped because: kasan: bad access detected [ 75.442289] [ 75.442499] Memory state around the buggy address: [ 75.442970] ffff0000c5a76600: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.443608] ffff0000c5a76680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.444242] >ffff0000c5a76700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 75.445143] ^ [ 75.445713] ffff0000c5a76780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.446357] ffff0000c5a76800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.446960] ==================================================================
[ 74.446923] ================================================================== [ 74.447671] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xac/0x154 [ 74.448661] Write of size 2 at addr ffff0000c5a09877 by task kunit_try_catch/137 [ 74.449601] [ 74.449876] CPU: 0 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.451047] Hardware name: linux,dummy-virt (DT) [ 74.451588] Call trace: [ 74.451916] dump_backtrace+0xf4/0x114 [ 74.452580] show_stack+0x18/0x24 [ 74.453172] __dump_stack+0x28/0x38 [ 74.453783] dump_stack_lvl+0x50/0x68 [ 74.454361] print_address_description+0x7c/0x1ec [ 74.455060] print_report+0x50/0x68 [ 74.455827] kasan_report+0xac/0xfc [ 74.456522] kasan_check_range+0x258/0x290 [ 74.457000] memset+0x40/0x70 [ 74.457353] kmalloc_oob_memset_2+0xac/0x154 [ 74.457786] kunit_try_run_case+0x80/0x184 [ 74.458208] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.458714] kthread+0x16c/0x21c [ 74.459253] ret_from_fork+0x10/0x20 [ 74.459671] [ 74.459928] Allocated by task 137: [ 74.460338] kasan_set_track+0x4c/0x80 [ 74.461143] kasan_save_alloc_info+0x28/0x34 [ 74.461704] __kasan_kmalloc+0x88/0xa0 [ 74.462278] kmalloc_trace+0x54/0x68 [ 74.462685] kmalloc_oob_memset_2+0x48/0x154 [ 74.463210] kunit_try_run_case+0x80/0x184 [ 74.463939] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.464520] kthread+0x16c/0x21c [ 74.465083] ret_from_fork+0x10/0x20 [ 74.465668] [ 74.465962] The buggy address belongs to the object at ffff0000c5a09800 [ 74.465962] which belongs to the cache kmalloc-128 of size 128 [ 74.466828] The buggy address is located 119 bytes inside of [ 74.466828] 128-byte region [ffff0000c5a09800, ffff0000c5a09880) [ 74.467539] [ 74.468035] The buggy address belongs to the physical page: [ 74.468717] page:000000009f2754ee refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a09 [ 74.469850] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.470794] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.472059] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.472978] page dumped because: kasan: bad access detected [ 74.473656] [ 74.473941] Memory state around the buggy address: [ 74.474565] ffff0000c5a09700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.475449] ffff0000c5a09780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.476613] >ffff0000c5a09800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 74.477230] ^ [ 74.477707] ffff0000c5a09880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.478304] ffff0000c5a09900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.478946] ==================================================================
[ 73.053373] ================================================================== [ 73.054926] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xd0/0x200 [ 73.055941] Write of size 2 at addr ffff0000c5915177 by task kunit_try_catch/137 [ 73.056682] [ 73.056875] CPU: 0 PID: 137 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.057429] Hardware name: linux,dummy-virt (DT) [ 73.058031] Call trace: [ 73.058504] dump_backtrace.part.0+0xdc/0xf0 [ 73.059205] show_stack+0x18/0x30 [ 73.059795] dump_stack_lvl+0x64/0x80 [ 73.060381] print_report+0x158/0x438 [ 73.060986] kasan_report+0xb4/0xf4 [ 73.061547] kasan_check_range+0xe4/0x190 [ 73.062246] memset+0x40/0x70 [ 73.062794] kmalloc_oob_memset_2+0xd0/0x200 [ 73.063456] kunit_try_run_case+0x84/0x120 [ 73.064088] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.064845] kthread+0x180/0x190 [ 73.065224] ret_from_fork+0x10/0x20 [ 73.065578] [ 73.065777] Allocated by task 137: [ 73.066266] kasan_save_stack+0x3c/0x70 [ 73.066860] kasan_set_track+0x2c/0x40 [ 73.067391] kasan_save_alloc_info+0x24/0x34 [ 73.068021] __kasan_kmalloc+0xb8/0xc0 [ 73.068563] kmalloc_trace+0x58/0x6c [ 73.069105] kmalloc_oob_memset_2+0x98/0x200 [ 73.069739] kunit_try_run_case+0x84/0x120 [ 73.070442] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.071273] kthread+0x180/0x190 [ 73.071734] ret_from_fork+0x10/0x20 [ 73.072071] [ 73.072238] The buggy address belongs to the object at ffff0000c5915100 [ 73.072238] which belongs to the cache kmalloc-128 of size 128 [ 73.072940] The buggy address is located 119 bytes inside of [ 73.072940] 128-byte region [ffff0000c5915100, ffff0000c5915180) [ 73.073872] [ 73.074142] The buggy address belongs to the physical page: [ 73.074989] page:0000000033330a0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105915 [ 73.076221] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.077200] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.078229] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.079250] page dumped because: kasan: bad access detected [ 73.079922] [ 73.080174] Memory state around the buggy address: [ 73.080782] ffff0000c5915000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.081625] ffff0000c5915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.082467] >ffff0000c5915100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 73.083275] ^ [ 73.084112] ffff0000c5915180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.084953] ffff0000c5915200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.085768] ==================================================================
[ 64.613574] ================================================================== [ 64.614518] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xe4/0x1f0 [ 64.615279] Write of size 2 at addr ffff0000c58b8777 by task kunit_try_catch/135 [ 64.615804] [ 64.616010] CPU: 0 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.616633] Hardware name: linux,dummy-virt (DT) [ 64.617053] Call trace: [ 64.617322] dump_backtrace+0x110/0x120 [ 64.617905] show_stack+0x18/0x28 [ 64.618318] dump_stack_lvl+0x68/0x84 [ 64.618758] print_report+0x158/0x484 [ 64.619114] kasan_report+0x98/0xe0 [ 64.619461] kasan_check_range+0x160/0x1d8 [ 64.619904] memset+0x3c/0x80 [ 64.620252] kmalloc_oob_memset_2+0xe4/0x1f0 [ 64.620661] kunit_try_run_case+0x7c/0x120 [ 64.621091] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.621617] kthread+0x1a4/0x1b8 [ 64.621982] ret_from_fork+0x10/0x20 [ 64.622359] [ 64.622534] Allocated by task 135: [ 64.622821] kasan_save_stack+0x2c/0x58 [ 64.623248] kasan_set_track+0x2c/0x40 [ 64.623633] kasan_save_alloc_info+0x24/0x38 [ 64.624031] __kasan_kmalloc+0xa0/0xb8 [ 64.624412] kmalloc_trace+0x50/0x68 [ 64.624780] kmalloc_oob_memset_2+0xa8/0x1f0 [ 64.625193] kunit_try_run_case+0x7c/0x120 [ 64.625690] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.626171] kthread+0x1a4/0x1b8 [ 64.626484] ret_from_fork+0x10/0x20 [ 64.626873] [ 64.627078] The buggy address belongs to the object at ffff0000c58b8700 [ 64.627078] which belongs to the cache kmalloc-128 of size 128 [ 64.627997] The buggy address is located 119 bytes inside of [ 64.627997] 128-byte region [ffff0000c58b8700, ffff0000c58b8780) [ 64.629044] [ 64.629251] The buggy address belongs to the physical page: [ 64.629697] page:0000000079d9b0ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058b8 [ 64.630334] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.631017] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.631636] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.632177] page dumped because: kasan: bad access detected [ 64.632599] [ 64.632776] Memory state around the buggy address: [ 64.633152] ffff0000c58b8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.633847] ffff0000c58b8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.634385] >ffff0000c58b8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.634896] ^ [ 64.635465] ffff0000c58b8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.636069] ffff0000c58b8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.636691] ==================================================================
[ 30.901899] ================================================================== [ 30.902713] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.903017] Write of size 2 at addr ffff888103497577 by task kunit_try_catch/241 [ 30.903327] [ 30.903428] CPU: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.904424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.904787] Call Trace: [ 30.905134] <TASK> [ 30.905527] dump_stack_lvl+0x49/0x62 [ 30.905944] print_report+0x189/0x492 [ 30.906516] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.906819] ? kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.907012] kasan_report+0x10c/0x190 [ 30.907207] ? kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.907917] kasan_check_range+0x10b/0x1c0 [ 30.908534] memset+0x23/0x50 [ 30.909051] kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.909620] ? kmalloc_oob_memset_4+0x1d0/0x1d0 [ 30.910233] ? __kunit_add_resource+0xd1/0x100 [ 30.910970] kunit_try_run_case+0x8f/0xd0 [ 30.911627] ? kunit_catch_run_case+0x80/0x80 [ 30.912223] ? kunit_try_catch_throw+0x40/0x40 [ 30.912466] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.913251] kthread+0x17b/0x1b0 [ 30.913725] ? kthread_complete_and_exit+0x30/0x30 [ 30.914218] ret_from_fork+0x22/0x30 [ 30.914442] </TASK> [ 30.914892] [ 30.915072] Allocated by task 241: [ 30.915608] kasan_save_stack+0x41/0x70 [ 30.916119] kasan_set_track+0x25/0x40 [ 30.916737] kasan_save_alloc_info+0x1e/0x30 [ 30.916941] __kasan_kmalloc+0xb6/0xc0 [ 30.917117] kmalloc_trace+0x48/0xb0 [ 30.917311] kmalloc_oob_memset_2+0x9b/0x1d0 [ 30.917724] kunit_try_run_case+0x8f/0xd0 [ 30.918300] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.918675] kthread+0x17b/0x1b0 [ 30.919135] ret_from_fork+0x22/0x30 [ 30.919690] [ 30.919813] The buggy address belongs to the object at ffff888103497500 [ 30.919813] which belongs to the cache kmalloc-128 of size 128 [ 30.920704] The buggy address is located 119 bytes inside of [ 30.920704] 128-byte region [ffff888103497500, ffff888103497580) [ 30.921232] [ 30.921356] The buggy address belongs to the physical page: [ 30.922001] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103497 [ 30.922660] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.923198] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.923479] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.923884] page dumped because: kasan: bad access detected [ 30.924649] [ 30.924919] Memory state around the buggy address: [ 30.925551] ffff888103497400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.926079] ffff888103497480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.926692] >ffff888103497500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.926941] ^ [ 30.927207] ffff888103497580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.927457] ffff888103497600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.927692] ==================================================================