Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 14.208934] ================================================================== [ 14.209382] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 14.209980] Read of size 1 at addr ffff888103391b73 by task kunit_try_catch/214 [ 14.210322] [ 14.210570] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 14.210668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.210695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.210738] Call Trace: [ 14.210767] <TASK> [ 14.210802] dump_stack_lvl+0x73/0xb0 [ 14.210887] print_report+0xd1/0x650 [ 14.210941] ? __virt_addr_valid+0x1db/0x2d0 [ 14.210978] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 14.211019] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.211060] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 14.211106] kasan_report+0x141/0x180 [ 14.211166] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 14.211224] __asan_report_load1_noabort+0x18/0x20 [ 14.211264] ksize_unpoisons_memory+0x81c/0x9b0 [ 14.211314] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 14.211378] ? finish_task_switch.isra.0+0x153/0x700 [ 14.211427] ? __switch_to+0x5d9/0xf60 [ 14.211465] ? dequeue_task_fair+0x156/0x4e0 [ 14.211512] ? __schedule+0x10cc/0x2b30 [ 14.211568] ? __pfx_read_tsc+0x10/0x10 [ 14.211626] ? ktime_get_ts64+0x86/0x230 [ 14.211679] kunit_try_run_case+0x1a5/0x480 [ 14.211733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.211789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.211832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.211862] ? __kthread_parkme+0x82/0x180 [ 14.211886] ? preempt_count_sub+0x50/0x80 [ 14.211911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.211934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.211958] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.211980] kthread+0x337/0x6f0 [ 14.211998] ? trace_preempt_on+0x20/0xc0 [ 14.212022] ? __pfx_kthread+0x10/0x10 [ 14.212040] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.212060] ? calculate_sigpending+0x7b/0xa0 [ 14.212082] ? __pfx_kthread+0x10/0x10 [ 14.212100] ret_from_fork+0x41/0x80 [ 14.212120] ? __pfx_kthread+0x10/0x10 [ 14.212138] ret_from_fork_asm+0x1a/0x30 [ 14.212167] </TASK> [ 14.212180] [ 14.220878] Allocated by task 214: [ 14.221196] kasan_save_stack+0x45/0x70 [ 14.221537] kasan_save_track+0x18/0x40 [ 14.221944] kasan_save_alloc_info+0x3b/0x50 [ 14.222209] __kasan_kmalloc+0xb7/0xc0 [ 14.222507] __kmalloc_cache_noprof+0x189/0x420 [ 14.222717] ksize_unpoisons_memory+0xc7/0x9b0 [ 14.222917] kunit_try_run_case+0x1a5/0x480 [ 14.223153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.223580] kthread+0x337/0x6f0 [ 14.223888] ret_from_fork+0x41/0x80 [ 14.224208] ret_from_fork_asm+0x1a/0x30 [ 14.224527] [ 14.224711] The buggy address belongs to the object at ffff888103391b00 [ 14.224711] which belongs to the cache kmalloc-128 of size 128 [ 14.225409] The buggy address is located 0 bytes to the right of [ 14.225409] allocated 115-byte region [ffff888103391b00, ffff888103391b73) [ 14.225973] [ 14.226203] The buggy address belongs to the physical page: [ 14.226569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103391 [ 14.227083] flags: 0x200000000000000(node=0|zone=2) [ 14.227447] page_type: f5(slab) [ 14.227659] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.228102] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.228370] page dumped because: kasan: bad access detected [ 14.228804] [ 14.228955] Memory state around the buggy address: [ 14.229313] ffff888103391a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.229714] ffff888103391a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.230050] >ffff888103391b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.230420] ^ [ 14.231002] ffff888103391b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.231271] ffff888103391c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.231731] ================================================================== [ 14.261548] ================================================================== [ 14.262155] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.262733] Read of size 1 at addr ffff888103391b7f by task kunit_try_catch/214 [ 14.263256] [ 14.263458] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 14.263551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.263610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.263653] Call Trace: [ 14.263704] <TASK> [ 14.263751] dump_stack_lvl+0x73/0xb0 [ 14.263825] print_report+0xd1/0x650 [ 14.263884] ? __virt_addr_valid+0x1db/0x2d0 [ 14.263939] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.263995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.264042] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.264099] kasan_report+0x141/0x180 [ 14.264154] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.264212] __asan_report_load1_noabort+0x18/0x20 [ 14.264249] ksize_unpoisons_memory+0x7b6/0x9b0 [ 14.264288] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 14.264327] ? finish_task_switch.isra.0+0x153/0x700 [ 14.264366] ? __switch_to+0x5d9/0xf60 [ 14.264405] ? dequeue_task_fair+0x156/0x4e0 [ 14.264455] ? __schedule+0x10cc/0x2b30 [ 14.264501] ? __pfx_read_tsc+0x10/0x10 [ 14.264543] ? ktime_get_ts64+0x86/0x230 [ 14.264609] kunit_try_run_case+0x1a5/0x480 [ 14.264659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.264702] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.264747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.264794] ? __kthread_parkme+0x82/0x180 [ 14.264840] ? preempt_count_sub+0x50/0x80 [ 14.264891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.264941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.264988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.265033] kthread+0x337/0x6f0 [ 14.265070] ? trace_preempt_on+0x20/0xc0 [ 14.265117] ? __pfx_kthread+0x10/0x10 [ 14.265155] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.265197] ? calculate_sigpending+0x7b/0xa0 [ 14.265241] ? __pfx_kthread+0x10/0x10 [ 14.265279] ret_from_fork+0x41/0x80 [ 14.265319] ? __pfx_kthread+0x10/0x10 [ 14.265356] ret_from_fork_asm+0x1a/0x30 [ 14.265416] </TASK> [ 14.265442] [ 14.274417] Allocated by task 214: [ 14.274736] kasan_save_stack+0x45/0x70 [ 14.275093] kasan_save_track+0x18/0x40 [ 14.275432] kasan_save_alloc_info+0x3b/0x50 [ 14.275793] __kasan_kmalloc+0xb7/0xc0 [ 14.276121] __kmalloc_cache_noprof+0x189/0x420 [ 14.276474] ksize_unpoisons_memory+0xc7/0x9b0 [ 14.276911] kunit_try_run_case+0x1a5/0x480 [ 14.277257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.277655] kthread+0x337/0x6f0 [ 14.277919] ret_from_fork+0x41/0x80 [ 14.278149] ret_from_fork_asm+0x1a/0x30 [ 14.278456] [ 14.278597] The buggy address belongs to the object at ffff888103391b00 [ 14.278597] which belongs to the cache kmalloc-128 of size 128 [ 14.279168] The buggy address is located 12 bytes to the right of [ 14.279168] allocated 115-byte region [ffff888103391b00, ffff888103391b73) [ 14.279596] [ 14.279802] The buggy address belongs to the physical page: [ 14.280385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103391 [ 14.281035] flags: 0x200000000000000(node=0|zone=2) [ 14.281409] page_type: f5(slab) [ 14.281692] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.282010] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.282261] page dumped because: kasan: bad access detected [ 14.282459] [ 14.282571] Memory state around the buggy address: [ 14.282939] ffff888103391a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.283484] ffff888103391a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.284041] >ffff888103391b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.284518] ^ [ 14.285118] ffff888103391b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.285373] ffff888103391c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.285658] ================================================================== [ 14.233796] ================================================================== [ 14.234140] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.235456] Read of size 1 at addr ffff888103391b78 by task kunit_try_catch/214 [ 14.236177] [ 14.236410] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.2-rc1 #1 PREEMPT(voluntary) [ 14.236508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.236533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.236590] Call Trace: [ 14.236630] <TASK> [ 14.236668] dump_stack_lvl+0x73/0xb0 [ 14.236733] print_report+0xd1/0x650 [ 14.236781] ? __virt_addr_valid+0x1db/0x2d0 [ 14.236827] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.236875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.236922] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.236970] kasan_report+0x141/0x180 [ 14.237015] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.237070] __asan_report_load1_noabort+0x18/0x20 [ 14.237112] ksize_unpoisons_memory+0x7e9/0x9b0 [ 14.237160] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 14.237206] ? finish_task_switch.isra.0+0x153/0x700 [ 14.237251] ? __switch_to+0x5d9/0xf60 [ 14.237292] ? dequeue_task_fair+0x156/0x4e0 [ 14.237340] ? __schedule+0x10cc/0x2b30 [ 14.237385] ? __pfx_read_tsc+0x10/0x10 [ 14.237425] ? ktime_get_ts64+0x86/0x230 [ 14.237475] kunit_try_run_case+0x1a5/0x480 [ 14.237521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.237573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.237621] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.237667] ? __kthread_parkme+0x82/0x180 [ 14.237706] ? preempt_count_sub+0x50/0x80 [ 14.237765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.237806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.237844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.237882] kthread+0x337/0x6f0 [ 14.237914] ? trace_preempt_on+0x20/0xc0 [ 14.237973] ? __pfx_kthread+0x10/0x10 [ 14.238019] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.238067] ? calculate_sigpending+0x7b/0xa0 [ 14.238103] ? __pfx_kthread+0x10/0x10 [ 14.238276] ret_from_fork+0x41/0x80 [ 14.238326] ? __pfx_kthread+0x10/0x10 [ 14.238363] ret_from_fork_asm+0x1a/0x30 [ 14.238417] </TASK> [ 14.238465] [ 14.249037] Allocated by task 214: [ 14.249256] kasan_save_stack+0x45/0x70 [ 14.249617] kasan_save_track+0x18/0x40 [ 14.249926] kasan_save_alloc_info+0x3b/0x50 [ 14.250130] __kasan_kmalloc+0xb7/0xc0 [ 14.250429] __kmalloc_cache_noprof+0x189/0x420 [ 14.250749] ksize_unpoisons_memory+0xc7/0x9b0 [ 14.250992] kunit_try_run_case+0x1a5/0x480 [ 14.251336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.251754] kthread+0x337/0x6f0 [ 14.251990] ret_from_fork+0x41/0x80 [ 14.252214] ret_from_fork_asm+0x1a/0x30 [ 14.252462] [ 14.252635] The buggy address belongs to the object at ffff888103391b00 [ 14.252635] which belongs to the cache kmalloc-128 of size 128 [ 14.253231] The buggy address is located 5 bytes to the right of [ 14.253231] allocated 115-byte region [ffff888103391b00, ffff888103391b73) [ 14.253930] [ 14.254080] The buggy address belongs to the physical page: [ 14.254378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103391 [ 14.254793] flags: 0x200000000000000(node=0|zone=2) [ 14.255050] page_type: f5(slab) [ 14.255266] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.255600] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.256122] page dumped because: kasan: bad access detected [ 14.256528] [ 14.256691] Memory state around the buggy address: [ 14.257057] ffff888103391a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.257580] ffff888103391a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.258248] >ffff888103391b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.258674] ^ [ 14.259011] ffff888103391b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.259314] ffff888103391c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.259556] ==================================================================