Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.700559] ================================================================== [ 105.702089] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xd8/0x200 [ 105.702799] Write of size 4 at addr ffff0000c67cd775 by task kunit_try_catch/222 [ 105.703458] [ 105.703679] CPU: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.704359] Hardware name: linux,dummy-virt (DT) [ 105.704806] Call trace: [ 105.705106] dump_backtrace+0xe0/0x134 [ 105.705529] show_stack+0x20/0x2c [ 105.705966] dump_stack_lvl+0x88/0xb4 [ 105.706414] print_report+0x158/0x44c [ 105.706839] kasan_report+0xc8/0x180 [ 105.707261] kasan_check_range+0xe4/0x190 [ 105.707698] memset+0x40/0x70 [ 105.708078] kmalloc_oob_memset_4+0xd8/0x200 [ 105.708551] kunit_try_run_case+0x8c/0x124 [ 105.709023] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.709579] kthread+0x15c/0x170 [ 105.710002] ret_from_fork+0x10/0x20 [ 105.710396] [ 105.710608] Allocated by task 222: [ 105.710983] kasan_save_stack+0x3c/0x70 [ 105.711426] kasan_set_track+0x2c/0x40 [ 105.711828] kasan_save_alloc_info+0x24/0x34 [ 105.712289] __kasan_kmalloc+0xd4/0xe0 [ 105.712740] kmalloc_trace+0x8c/0x150 [ 105.713184] kmalloc_oob_memset_4+0xa0/0x200 [ 105.713657] kunit_try_run_case+0x8c/0x124 [ 105.714139] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.714691] kthread+0x15c/0x170 [ 105.715117] ret_from_fork+0x10/0x20 [ 105.715500] [ 105.715708] The buggy address belongs to the object at ffff0000c67cd700 [ 105.715708] which belongs to the cache kmalloc-128 of size 128 [ 105.716627] The buggy address is located 117 bytes inside of [ 105.716627] 128-byte region [ffff0000c67cd700, ffff0000c67cd780) [ 105.717553] [ 105.717782] The buggy address belongs to the physical page: [ 105.718218] page:00000000e8cb511a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067cd [ 105.719044] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.719680] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.720345] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.720989] page dumped because: kasan: bad access detected [ 105.721461] [ 105.721643] Memory state around the buggy address: [ 105.722116] ffff0000c67cd600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.722751] ffff0000c67cd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.723367] >ffff0000c67cd700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 105.723967] ^ [ 105.725201] ffff0000c67cd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.726019] ffff0000c67cd800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.726582] ==================================================================
[ 75.450912] ================================================================== [ 75.451633] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xac/0x154 [ 75.452673] Write of size 4 at addr ffff0000c5a76875 by task kunit_try_catch/138 [ 75.453655] [ 75.453878] CPU: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.454695] Hardware name: linux,dummy-virt (DT) [ 75.455157] Call trace: [ 75.455392] dump_backtrace+0xf8/0x118 [ 75.455833] show_stack+0x18/0x24 [ 75.456490] __dump_stack+0x28/0x38 [ 75.457018] dump_stack_lvl+0x54/0x6c [ 75.457641] print_address_description+0x7c/0x1ec [ 75.458237] print_report+0x50/0x68 [ 75.458695] kasan_report+0xac/0x100 [ 75.459161] kasan_check_range+0x260/0x2a0 [ 75.459646] memset+0x40/0x70 [ 75.460058] kmalloc_oob_memset_4+0xac/0x154 [ 75.460560] kunit_try_run_case+0x80/0x184 [ 75.461157] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.461719] kthread+0x16c/0x21c [ 75.462164] ret_from_fork+0x10/0x20 [ 75.462598] [ 75.462847] Allocated by task 138: [ 75.463223] kasan_set_track+0x4c/0x80 [ 75.463725] kasan_save_alloc_info+0x28/0x34 [ 75.464209] __kasan_kmalloc+0x88/0xa0 [ 75.464718] kmalloc_trace+0x54/0x68 [ 75.465174] kmalloc_oob_memset_4+0x48/0x154 [ 75.465649] kunit_try_run_case+0x80/0x184 [ 75.466227] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.466823] kthread+0x16c/0x21c [ 75.467254] ret_from_fork+0x10/0x20 [ 75.467707] [ 75.467928] The buggy address belongs to the object at ffff0000c5a76800 [ 75.467928] which belongs to the cache kmalloc-128 of size 128 [ 75.468944] The buggy address is located 117 bytes inside of [ 75.468944] 128-byte region [ffff0000c5a76800, ffff0000c5a76880) [ 75.470042] [ 75.470243] The buggy address belongs to the physical page: [ 75.470714] page:00000000e5b61371 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a76 [ 75.471789] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.473172] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.473876] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.474603] page dumped because: kasan: bad access detected [ 75.475165] [ 75.475472] Memory state around the buggy address: [ 75.476057] ffff0000c5a76700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.477008] ffff0000c5a76780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.477606] >ffff0000c5a76800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 75.478451] ^ [ 75.479147] ffff0000c5a76880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.479857] ffff0000c5a76900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.480527] ==================================================================
[ 74.482558] ================================================================== [ 74.483303] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xac/0x154 [ 74.484685] Write of size 4 at addr ffff0000c5919d75 by task kunit_try_catch/138 [ 74.485829] [ 74.486299] CPU: 1 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.487528] Hardware name: linux,dummy-virt (DT) [ 74.488397] Call trace: [ 74.488959] dump_backtrace+0xf4/0x114 [ 74.489761] show_stack+0x18/0x24 [ 74.490503] __dump_stack+0x28/0x38 [ 74.491264] dump_stack_lvl+0x50/0x68 [ 74.492102] print_address_description+0x7c/0x1ec [ 74.493006] print_report+0x50/0x68 [ 74.493433] kasan_report+0xac/0xfc [ 74.494134] kasan_check_range+0x258/0x290 [ 74.494986] memset+0x40/0x70 [ 74.495609] kmalloc_oob_memset_4+0xac/0x154 [ 74.496460] kunit_try_run_case+0x80/0x184 [ 74.497244] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.498092] kthread+0x16c/0x21c [ 74.498687] ret_from_fork+0x10/0x20 [ 74.499307] [ 74.499604] Allocated by task 138: [ 74.500345] kasan_set_track+0x4c/0x80 [ 74.501023] kasan_save_alloc_info+0x28/0x34 [ 74.501706] __kasan_kmalloc+0x88/0xa0 [ 74.502239] kmalloc_trace+0x54/0x68 [ 74.502617] kmalloc_oob_memset_4+0x48/0x154 [ 74.503321] kunit_try_run_case+0x80/0x184 [ 74.504098] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.504958] kthread+0x16c/0x21c [ 74.505554] ret_from_fork+0x10/0x20 [ 74.506164] [ 74.506460] The buggy address belongs to the object at ffff0000c5919d00 [ 74.506460] which belongs to the cache kmalloc-128 of size 128 [ 74.507981] The buggy address is located 117 bytes inside of [ 74.507981] 128-byte region [ffff0000c5919d00, ffff0000c5919d80) [ 74.508983] [ 74.509171] The buggy address belongs to the physical page: [ 74.509539] page:0000000087a007df refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 74.510677] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.511641] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.512777] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.513692] page dumped because: kasan: bad access detected [ 74.514377] [ 74.514656] Memory state around the buggy address: [ 74.515286] ffff0000c5919c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.516259] ffff0000c5919c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.517170] >ffff0000c5919d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 74.518030] ^ [ 74.518609] ffff0000c5919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.519494] ffff0000c5919e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.520513] ==================================================================
[ 73.089956] ================================================================== [ 73.091443] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xd0/0x200 [ 73.092116] Write of size 4 at addr ffff0000c5916e75 by task kunit_try_catch/138 [ 73.092766] [ 73.093088] CPU: 1 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.093812] Hardware name: linux,dummy-virt (DT) [ 73.094662] Call trace: [ 73.094905] dump_backtrace.part.0+0xdc/0xf0 [ 73.095402] show_stack+0x18/0x30 [ 73.095865] dump_stack_lvl+0x64/0x80 [ 73.096326] print_report+0x158/0x438 [ 73.096765] kasan_report+0xb4/0xf4 [ 73.097143] kasan_check_range+0xe4/0x190 [ 73.097587] memset+0x40/0x70 [ 73.097999] kmalloc_oob_memset_4+0xd0/0x200 [ 73.098540] kunit_try_run_case+0x84/0x120 [ 73.099012] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.099579] kthread+0x180/0x190 [ 73.099952] ret_from_fork+0x10/0x20 [ 73.100344] [ 73.100800] Allocated by task 138: [ 73.101126] kasan_save_stack+0x3c/0x70 [ 73.101536] kasan_set_track+0x2c/0x40 [ 73.102091] kasan_save_alloc_info+0x24/0x34 [ 73.102541] __kasan_kmalloc+0xb8/0xc0 [ 73.102945] kmalloc_trace+0x58/0x6c [ 73.103361] kmalloc_oob_memset_4+0x98/0x200 [ 73.103863] kunit_try_run_case+0x84/0x120 [ 73.104306] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.105011] kthread+0x180/0x190 [ 73.105378] ret_from_fork+0x10/0x20 [ 73.105787] [ 73.106175] The buggy address belongs to the object at ffff0000c5916e00 [ 73.106175] which belongs to the cache kmalloc-128 of size 128 [ 73.107107] The buggy address is located 117 bytes inside of [ 73.107107] 128-byte region [ffff0000c5916e00, ffff0000c5916e80) [ 73.108003] [ 73.108174] The buggy address belongs to the physical page: [ 73.108806] page:00000000a76cf208 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105916 [ 73.109575] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.110499] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.111143] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.111754] page dumped because: kasan: bad access detected [ 73.112173] [ 73.112377] Memory state around the buggy address: [ 73.112758] ffff0000c5916d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.113389] ffff0000c5916d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.114020] >ffff0000c5916e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 73.114565] ^ [ 73.115118] ffff0000c5916e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.115698] ffff0000c5916f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.116263] ==================================================================
[ 64.640789] ================================================================== [ 64.641586] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xe4/0x1f8 [ 64.642193] Write of size 4 at addr ffff0000c58b8875 by task kunit_try_catch/136 [ 64.642982] [ 64.643265] CPU: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.643906] Hardware name: linux,dummy-virt (DT) [ 64.644320] Call trace: [ 64.644645] dump_backtrace+0x110/0x120 [ 64.645147] show_stack+0x18/0x28 [ 64.645670] dump_stack_lvl+0x68/0x84 [ 64.646055] print_report+0x158/0x484 [ 64.646460] kasan_report+0x98/0xe0 [ 64.646861] kasan_check_range+0x160/0x1d8 [ 64.647268] memset+0x3c/0x80 [ 64.647598] kmalloc_oob_memset_4+0xe4/0x1f8 [ 64.648056] kunit_try_run_case+0x7c/0x120 [ 64.648470] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.648991] kthread+0x1a4/0x1b8 [ 64.649352] ret_from_fork+0x10/0x20 [ 64.649840] [ 64.650059] Allocated by task 136: [ 64.650372] kasan_save_stack+0x2c/0x58 [ 64.650748] kasan_set_track+0x2c/0x40 [ 64.651144] kasan_save_alloc_info+0x24/0x38 [ 64.651564] __kasan_kmalloc+0xa0/0xb8 [ 64.651938] kmalloc_trace+0x50/0x68 [ 64.652325] kmalloc_oob_memset_4+0xa8/0x1f8 [ 64.652764] kunit_try_run_case+0x7c/0x120 [ 64.653173] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.653823] kthread+0x1a4/0x1b8 [ 64.654184] ret_from_fork+0x10/0x20 [ 64.654554] [ 64.654715] The buggy address belongs to the object at ffff0000c58b8800 [ 64.654715] which belongs to the cache kmalloc-128 of size 128 [ 64.655556] The buggy address is located 117 bytes inside of [ 64.655556] 128-byte region [ffff0000c58b8800, ffff0000c58b8880) [ 64.656362] [ 64.656527] The buggy address belongs to the physical page: [ 64.656936] page:0000000079d9b0ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058b8 [ 64.657675] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.658307] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.659070] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.659636] page dumped because: kasan: bad access detected [ 64.660044] [ 64.660222] Memory state around the buggy address: [ 64.660645] ffff0000c58b8700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.661190] ffff0000c58b8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.661886] >ffff0000c58b8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 64.662417] ^ [ 64.662905] ffff0000c58b8880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.663612] ffff0000c58b8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.664118] ==================================================================
[ 30.931699] ================================================================== [ 30.933588] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.934907] Write of size 4 at addr ffff8881030ded75 by task kunit_try_catch/242 [ 30.935599] [ 30.936142] CPU: 1 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.937094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.938092] Call Trace: [ 30.938610] <TASK> [ 30.938754] dump_stack_lvl+0x49/0x62 [ 30.938964] print_report+0x189/0x492 [ 30.939150] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.939669] ? kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.939967] kasan_report+0x10c/0x190 [ 30.940250] ? kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.940848] kasan_check_range+0x10b/0x1c0 [ 30.941581] memset+0x23/0x50 [ 30.942036] kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.942667] ? kmalloc_oob_memset_8+0x1d0/0x1d0 [ 30.943176] ? __kunit_add_resource+0xd1/0x100 [ 30.943777] kunit_try_run_case+0x8f/0xd0 [ 30.944081] ? kunit_catch_run_case+0x80/0x80 [ 30.944644] ? kunit_try_catch_throw+0x40/0x40 [ 30.945141] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.945588] kthread+0x17b/0x1b0 [ 30.945965] ? kthread_complete_and_exit+0x30/0x30 [ 30.946311] ret_from_fork+0x22/0x30 [ 30.947035] </TASK> [ 30.947218] [ 30.947425] Allocated by task 242: [ 30.947764] kasan_save_stack+0x41/0x70 [ 30.947953] kasan_set_track+0x25/0x40 [ 30.948123] kasan_save_alloc_info+0x1e/0x30 [ 30.948699] __kasan_kmalloc+0xb6/0xc0 [ 30.949188] kmalloc_trace+0x48/0xb0 [ 30.949688] kmalloc_oob_memset_4+0x9b/0x1d0 [ 30.950185] kunit_try_run_case+0x8f/0xd0 [ 30.950757] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.951255] kthread+0x17b/0x1b0 [ 30.951615] ret_from_fork+0x22/0x30 [ 30.952006] [ 30.952214] The buggy address belongs to the object at ffff8881030ded00 [ 30.952214] which belongs to the cache kmalloc-128 of size 128 [ 30.953193] The buggy address is located 117 bytes inside of [ 30.953193] 128-byte region [ffff8881030ded00, ffff8881030ded80) [ 30.954138] [ 30.954349] The buggy address belongs to the physical page: [ 30.954939] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030de [ 30.955889] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.956138] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.956669] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.957401] page dumped because: kasan: bad access detected [ 30.958191] [ 30.958397] Memory state around the buggy address: [ 30.958875] ffff8881030dec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.959129] ffff8881030dec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.959765] >ffff8881030ded00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.960655] ^ [ 30.961352] ffff8881030ded80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.961904] ffff8881030dee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.962146] ==================================================================