Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 106.792992] ================================================================== [ 106.793867] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xe4/0x1f0 [ 106.794550] Read of size 1 at addr ffff0000c6629b80 by task kunit_try_catch/241 [ 106.795134] [ 106.795379] CPU: 1 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 106.796102] Hardware name: linux,dummy-virt (DT) [ 106.797475] Call trace: [ 106.797768] dump_backtrace+0xe0/0x134 [ 106.798217] show_stack+0x20/0x2c [ 106.798613] dump_stack_lvl+0x88/0xb4 [ 106.799060] print_report+0x158/0x44c [ 106.799477] kasan_report+0xc8/0x180 [ 106.799905] __asan_load1+0x68/0x74 [ 106.800314] ksize_unpoisons_memory+0xe4/0x1f0 [ 106.800872] kunit_try_run_case+0x8c/0x124 [ 106.801356] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 106.802584] kthread+0x15c/0x170 [ 106.803034] ret_from_fork+0x10/0x20 [ 106.803440] [ 106.803655] Allocated by task 241: [ 106.803991] kasan_save_stack+0x3c/0x70 [ 106.804667] kasan_set_track+0x2c/0x40 [ 106.805103] kasan_save_alloc_info+0x24/0x34 [ 106.805599] __kasan_kmalloc+0xd4/0xe0 [ 106.805999] kmalloc_trace+0x8c/0x150 [ 106.806445] ksize_unpoisons_memory+0xa0/0x1f0 [ 106.806976] kunit_try_run_case+0x8c/0x124 [ 106.807414] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 106.807988] kthread+0x15c/0x170 [ 106.808369] ret_from_fork+0x10/0x20 [ 106.808831] [ 106.809037] The buggy address belongs to the object at ffff0000c6629b00 [ 106.809037] which belongs to the cache kmalloc-128 of size 128 [ 106.810006] The buggy address is located 0 bytes to the right of [ 106.810006] 128-byte region [ffff0000c6629b00, ffff0000c6629b80) [ 106.811142] [ 106.811367] The buggy address belongs to the physical page: [ 106.811845] page:0000000080e159f7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106629 [ 106.812852] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 106.813533] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 106.814217] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 106.814847] page dumped because: kasan: bad access detected [ 106.815330] [ 106.815534] Memory state around the buggy address: [ 106.816009] ffff0000c6629a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.816838] ffff0000c6629b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 106.817444] >ffff0000c6629b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.818052] ^ [ 106.818387] ffff0000c6629c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.819667] ffff0000c6629c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.820300] ==================================================================
[ 76.443052] ================================================================== [ 76.443936] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xb8/0x164 [ 76.444885] Read of size 1 at addr ffff0000c5a88280 by task kunit_try_catch/157 [ 76.445641] [ 76.446149] CPU: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 76.446982] Hardware name: linux,dummy-virt (DT) [ 76.447501] Call trace: [ 76.447792] dump_backtrace+0xf8/0x118 [ 76.448255] show_stack+0x18/0x24 [ 76.448863] __dump_stack+0x28/0x38 [ 76.449297] dump_stack_lvl+0x54/0x6c [ 76.449742] print_address_description+0x7c/0x1ec [ 76.450286] print_report+0x50/0x68 [ 76.450732] kasan_report+0xac/0x100 [ 76.451185] __asan_load1+0x6c/0x70 [ 76.451620] ksize_unpoisons_memory+0xb8/0x164 [ 76.452113] kunit_try_run_case+0x80/0x184 [ 76.452586] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.453151] kthread+0x16c/0x21c [ 76.453558] ret_from_fork+0x10/0x20 [ 76.453986] [ 76.454178] Allocated by task 157: [ 76.454513] kasan_set_track+0x4c/0x80 [ 76.455163] kasan_save_alloc_info+0x28/0x34 [ 76.455626] __kasan_kmalloc+0x88/0xa0 [ 76.456092] kmalloc_trace+0x54/0x68 [ 76.456558] ksize_unpoisons_memory+0x48/0x164 [ 76.457209] kunit_try_run_case+0x80/0x184 [ 76.457668] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 76.458270] kthread+0x16c/0x21c [ 76.458674] ret_from_fork+0x10/0x20 [ 76.459109] [ 76.459328] The buggy address belongs to the object at ffff0000c5a88200 [ 76.459328] which belongs to the cache kmalloc-128 of size 128 [ 76.460273] The buggy address is located 0 bytes to the right of [ 76.460273] 128-byte region [ffff0000c5a88200, ffff0000c5a88280) [ 76.461470] [ 76.461685] The buggy address belongs to the physical page: [ 76.462158] page:00000000927d1208 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a88 [ 76.462976] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 76.463635] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 76.465221] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 76.465841] page dumped because: kasan: bad access detected [ 76.466313] [ 76.466501] Memory state around the buggy address: [ 76.466964] ffff0000c5a88180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.467615] ffff0000c5a88200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.468271] >ffff0000c5a88280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.469297] ^ [ 76.469637] ffff0000c5a88300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.470299] ffff0000c5a88380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.470913] ==================================================================
[ 75.502787] ================================================================== [ 75.503684] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xb8/0x164 [ 75.505192] Read of size 1 at addr ffff0000c5a06580 by task kunit_try_catch/157 [ 75.506517] [ 75.506990] CPU: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.508343] Hardware name: linux,dummy-virt (DT) [ 75.508985] Call trace: [ 75.509674] dump_backtrace+0xf4/0x114 [ 75.510494] show_stack+0x18/0x24 [ 75.511181] __dump_stack+0x28/0x38 [ 75.511578] dump_stack_lvl+0x50/0x68 [ 75.512409] print_address_description+0x7c/0x1ec [ 75.513342] print_report+0x50/0x68 [ 75.514061] kasan_report+0xac/0xfc [ 75.514757] __asan_load1+0x6c/0x70 [ 75.515481] ksize_unpoisons_memory+0xb8/0x164 [ 75.516448] kunit_try_run_case+0x80/0x184 [ 75.517175] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.517851] kthread+0x16c/0x21c [ 75.518249] ret_from_fork+0x10/0x20 [ 75.518629] [ 75.518899] Allocated by task 157: [ 75.519434] kasan_set_track+0x4c/0x80 [ 75.520218] kasan_save_alloc_info+0x28/0x34 [ 75.520996] __kasan_kmalloc+0x88/0xa0 [ 75.521691] kmalloc_trace+0x54/0x68 [ 75.522341] ksize_unpoisons_memory+0x48/0x164 [ 75.523082] kunit_try_run_case+0x80/0x184 [ 75.523812] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.524887] kthread+0x16c/0x21c [ 75.525613] ret_from_fork+0x10/0x20 [ 75.526278] [ 75.526610] The buggy address belongs to the object at ffff0000c5a06500 [ 75.526610] which belongs to the cache kmalloc-128 of size 128 [ 75.528219] The buggy address is located 0 bytes to the right of [ 75.528219] 128-byte region [ffff0000c5a06500, ffff0000c5a06580) [ 75.529951] [ 75.530150] The buggy address belongs to the physical page: [ 75.530528] page:00000000cc3fd307 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a06 [ 75.531780] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.532923] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.533992] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.534948] page dumped because: kasan: bad access detected [ 75.535665] [ 75.536058] Memory state around the buggy address: [ 75.536867] ffff0000c5a06480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.537852] ffff0000c5a06500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.538628] >ffff0000c5a06580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.539110] ^ [ 75.539415] ffff0000c5a06600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.540186] ffff0000c5a06680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.541244] ==================================================================
[ 74.134671] ================================================================== [ 74.135414] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xdc/0x1e0 [ 74.136132] Read of size 1 at addr ffff0000c5938180 by task kunit_try_catch/157 [ 74.137058] [ 74.137252] CPU: 1 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.137970] Hardware name: linux,dummy-virt (DT) [ 74.138805] Call trace: [ 74.139251] dump_backtrace.part.0+0xdc/0xf0 [ 74.139966] show_stack+0x18/0x30 [ 74.140570] dump_stack_lvl+0x64/0x80 [ 74.141151] print_report+0x158/0x438 [ 74.141790] kasan_report+0xb4/0xf4 [ 74.142445] __asan_load1+0x68/0x74 [ 74.143020] ksize_unpoisons_memory+0xdc/0x1e0 [ 74.143719] kunit_try_run_case+0x84/0x120 [ 74.144360] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.145147] kthread+0x180/0x190 [ 74.145624] ret_from_fork+0x10/0x20 [ 74.145977] [ 74.146148] Allocated by task 157: [ 74.146455] kasan_save_stack+0x3c/0x70 [ 74.147070] kasan_set_track+0x2c/0x40 [ 74.147652] kasan_save_alloc_info+0x24/0x34 [ 74.148302] __kasan_kmalloc+0xb8/0xc0 [ 74.148874] kmalloc_trace+0x58/0x6c [ 74.149451] ksize_unpoisons_memory+0x98/0x1e0 [ 74.150227] kunit_try_run_case+0x84/0x120 [ 74.150915] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 74.151726] kthread+0x180/0x190 [ 74.152257] ret_from_fork+0x10/0x20 [ 74.152837] [ 74.153134] The buggy address belongs to the object at ffff0000c5938100 [ 74.153134] which belongs to the cache kmalloc-128 of size 128 [ 74.154564] The buggy address is located 0 bytes to the right of [ 74.154564] 128-byte region [ffff0000c5938100, ffff0000c5938180) [ 74.155857] [ 74.156142] The buggy address belongs to the physical page: [ 74.156648] page:000000003af4cecf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105938 [ 74.157213] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.157898] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.158570] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.159154] page dumped because: kasan: bad access detected [ 74.159690] [ 74.159888] Memory state around the buggy address: [ 74.160356] ffff0000c5938080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.160997] ffff0000c5938100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.161603] >ffff0000c5938180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.162379] ^ [ 74.162791] ffff0000c5938200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.163461] ffff0000c5938280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.164068] ==================================================================
[ 65.613147] ================================================================== [ 65.613875] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xf0/0x1e8 [ 65.614515] Read of size 1 at addr ffff0000c58add80 by task kunit_try_catch/155 [ 65.615937] [ 65.616399] CPU: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 65.617589] Hardware name: linux,dummy-virt (DT) [ 65.618334] Call trace: [ 65.618751] dump_backtrace+0x110/0x120 [ 65.619402] show_stack+0x18/0x28 [ 65.619993] dump_stack_lvl+0x68/0x84 [ 65.620628] print_report+0x158/0x484 [ 65.621194] kasan_report+0x98/0xe0 [ 65.621860] __asan_load1+0x68/0x78 [ 65.622490] ksize_unpoisons_memory+0xf0/0x1e8 [ 65.623176] kunit_try_run_case+0x7c/0x120 [ 65.623818] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.624594] kthread+0x1a4/0x1b8 [ 65.625120] ret_from_fork+0x10/0x20 [ 65.625756] [ 65.625951] Allocated by task 155: [ 65.626598] kasan_save_stack+0x2c/0x58 [ 65.627206] kasan_set_track+0x2c/0x40 [ 65.627771] kasan_save_alloc_info+0x24/0x38 [ 65.628292] __kasan_kmalloc+0xa0/0xb8 [ 65.628606] kmalloc_trace+0x50/0x68 [ 65.628920] ksize_unpoisons_memory+0xa8/0x1e8 [ 65.629314] kunit_try_run_case+0x7c/0x120 [ 65.629668] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 65.630089] kthread+0x1a4/0x1b8 [ 65.630582] ret_from_fork+0x10/0x20 [ 65.631480] [ 65.631774] The buggy address belongs to the object at ffff0000c58add00 [ 65.631774] which belongs to the cache kmalloc-128 of size 128 [ 65.633199] The buggy address is located 0 bytes to the right of [ 65.633199] 128-byte region [ffff0000c58add00, ffff0000c58add80) [ 65.634831] [ 65.635126] The buggy address belongs to the physical page: [ 65.635790] page:00000000f12428ca refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ad [ 65.636840] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 65.637983] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 65.638909] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 65.639776] page dumped because: kasan: bad access detected [ 65.640447] [ 65.640708] Memory state around the buggy address: [ 65.641323] ffff0000c58adc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.642286] ffff0000c58add00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.643281] >ffff0000c58add80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.644120] ^ [ 65.644585] ffff0000c58ade00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.645299] ffff0000c58ade80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.645712] ==================================================================
[ 31.812133] ================================================================== [ 31.813371] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xe5/0x1f0 [ 31.814423] Read of size 1 at addr ffff888103497f80 by task kunit_try_catch/261 [ 31.815504] [ 31.815621] CPU: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.815934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.816290] Call Trace: [ 31.816455] <TASK> [ 31.816605] dump_stack_lvl+0x49/0x62 [ 31.816856] print_report+0x189/0x492 [ 31.817099] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.817573] ? ksize_unpoisons_memory+0xe5/0x1f0 [ 31.817904] kasan_report+0x10c/0x190 [ 31.818179] ? ksize_unpoisons_memory+0xe5/0x1f0 [ 31.819052] __asan_load1+0x62/0x70 [ 31.819324] ksize_unpoisons_memory+0xe5/0x1f0 [ 31.819743] ? ksize_uaf+0x2f0/0x2f0 [ 31.820003] ? __kunit_add_resource+0xd1/0x100 [ 31.820416] kunit_try_run_case+0x8f/0xd0 [ 31.820690] ? kunit_catch_run_case+0x80/0x80 [ 31.820978] ? kunit_try_catch_throw+0x40/0x40 [ 31.821257] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.821647] kthread+0x17b/0x1b0 [ 31.821860] ? kthread_complete_and_exit+0x30/0x30 [ 31.822150] ret_from_fork+0x22/0x30 [ 31.822653] </TASK> [ 31.822837] [ 31.822950] Allocated by task 261: [ 31.823149] kasan_save_stack+0x41/0x70 [ 31.823567] kasan_set_track+0x25/0x40 [ 31.823826] kasan_save_alloc_info+0x1e/0x30 [ 31.824040] __kasan_kmalloc+0xb6/0xc0 [ 31.824292] kmalloc_trace+0x48/0xb0 [ 31.824619] ksize_unpoisons_memory+0x9b/0x1f0 [ 31.824893] kunit_try_run_case+0x8f/0xd0 [ 31.825149] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.825626] kthread+0x17b/0x1b0 [ 31.825809] ret_from_fork+0x22/0x30 [ 31.826039] [ 31.826183] The buggy address belongs to the object at ffff888103497f00 [ 31.826183] which belongs to the cache kmalloc-128 of size 128 [ 31.826762] The buggy address is located 0 bytes to the right of [ 31.826762] 128-byte region [ffff888103497f00, ffff888103497f80) [ 31.827688] [ 31.827848] The buggy address belongs to the physical page: [ 31.828122] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103497 [ 31.828743] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.829064] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 31.829555] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.829894] page dumped because: kasan: bad access detected [ 31.830195] [ 31.830512] Memory state around the buggy address: [ 31.830823] ffff888103497e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.831195] ffff888103497f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.831680] >ffff888103497f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.832089] ^ [ 31.832408] ffff888103498000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.832787] ffff888103498080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.833132] ==================================================================