Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.268112] ================================================================== [ 31.275207] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 31.282582] Read of size 1 at addr ffff000801ed677f by task kunit_try_catch/243 [ 31.289873] [ 31.291358] CPU: 7 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 31.291406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.291422] Hardware name: WinLink E850-96 board (DT) [ 31.291443] Call trace: [ 31.291455] show_stack+0x20/0x38 (C) [ 31.291488] dump_stack_lvl+0x8c/0xd0 [ 31.291526] print_report+0x118/0x608 [ 31.291554] kasan_report+0xdc/0x128 [ 31.291585] __asan_report_load1_noabort+0x20/0x30 [ 31.291624] ksize_unpoisons_memory+0x690/0x740 [ 31.291658] kunit_try_run_case+0x170/0x3f0 [ 31.291693] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.291730] kthread+0x328/0x630 [ 31.291762] ret_from_fork+0x10/0x20 [ 31.291797] [ 31.354542] Allocated by task 243: [ 31.357930] kasan_save_stack+0x3c/0x68 [ 31.361747] kasan_save_track+0x20/0x40 [ 31.365566] kasan_save_alloc_info+0x40/0x58 [ 31.369820] __kasan_kmalloc+0xd4/0xd8 [ 31.373553] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.378066] ksize_unpoisons_memory+0xc0/0x740 [ 31.382493] kunit_try_run_case+0x170/0x3f0 [ 31.386660] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.392128] kthread+0x328/0x630 [ 31.395340] ret_from_fork+0x10/0x20 [ 31.398899] [ 31.400375] The buggy address belongs to the object at ffff000801ed6700 [ 31.400375] which belongs to the cache kmalloc-128 of size 128 [ 31.412877] The buggy address is located 12 bytes to the right of [ 31.412877] allocated 115-byte region [ffff000801ed6700, ffff000801ed6773) [ 31.425895] [ 31.427372] The buggy address belongs to the physical page: [ 31.432928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ed6 [ 31.440914] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.448553] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.455497] page_type: f5(slab) [ 31.458632] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 31.466353] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.474080] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 31.481891] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.489704] head: 0bfffe0000000001 fffffdffe007b581 00000000ffffffff 00000000ffffffff [ 31.497516] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 31.505321] page dumped because: kasan: bad access detected [ 31.510876] [ 31.512352] Memory state around the buggy address: [ 31.517133] ffff000801ed6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.524335] ffff000801ed6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.531540] >ffff000801ed6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.538741] ^ [ 31.545863] ffff000801ed6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.553069] ffff000801ed6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.560268] ================================================================== [ 30.666919] ================================================================== [ 30.676692] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 30.684068] Read of size 1 at addr ffff000801ed6773 by task kunit_try_catch/243 [ 30.691358] [ 30.692845] CPU: 7 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 30.692903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.692920] Hardware name: WinLink E850-96 board (DT) [ 30.692939] Call trace: [ 30.692954] show_stack+0x20/0x38 (C) [ 30.692990] dump_stack_lvl+0x8c/0xd0 [ 30.693030] print_report+0x118/0x608 [ 30.693065] kasan_report+0xdc/0x128 [ 30.693096] __asan_report_load1_noabort+0x20/0x30 [ 30.693133] ksize_unpoisons_memory+0x628/0x740 [ 30.693170] kunit_try_run_case+0x170/0x3f0 [ 30.693207] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.693246] kthread+0x328/0x630 [ 30.693279] ret_from_fork+0x10/0x20 [ 30.693317] [ 30.756027] Allocated by task 243: [ 30.759416] kasan_save_stack+0x3c/0x68 [ 30.763232] kasan_save_track+0x20/0x40 [ 30.767051] kasan_save_alloc_info+0x40/0x58 [ 30.771304] __kasan_kmalloc+0xd4/0xd8 [ 30.775037] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.779551] ksize_unpoisons_memory+0xc0/0x740 [ 30.783978] kunit_try_run_case+0x170/0x3f0 [ 30.788144] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.793613] kthread+0x328/0x630 [ 30.796825] ret_from_fork+0x10/0x20 [ 30.800384] [ 30.801861] The buggy address belongs to the object at ffff000801ed6700 [ 30.801861] which belongs to the cache kmalloc-128 of size 128 [ 30.814362] The buggy address is located 0 bytes to the right of [ 30.814362] allocated 115-byte region [ffff000801ed6700, ffff000801ed6773) [ 30.827293] [ 30.828772] The buggy address belongs to the physical page: [ 30.834329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ed6 [ 30.842313] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.849951] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.856895] page_type: f5(slab) [ 30.860032] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 30.867751] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.875478] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 30.883289] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.891102] head: 0bfffe0000000001 fffffdffe007b581 00000000ffffffff 00000000ffffffff [ 30.898913] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.906719] page dumped because: kasan: bad access detected [ 30.912276] [ 30.913752] Memory state around the buggy address: [ 30.918530] ffff000801ed6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.925733] ffff000801ed6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.932939] >ffff000801ed6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.940139] ^ [ 30.947000] ffff000801ed6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.954206] ffff000801ed6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.961407] ================================================================== [ 30.968872] ================================================================== [ 30.975819] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 30.983194] Read of size 1 at addr ffff000801ed6778 by task kunit_try_catch/243 [ 30.990485] [ 30.991970] CPU: 7 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 30.992018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.992034] Hardware name: WinLink E850-96 board (DT) [ 30.992054] Call trace: [ 30.992066] show_stack+0x20/0x38 (C) [ 30.992101] dump_stack_lvl+0x8c/0xd0 [ 30.992138] print_report+0x118/0x608 [ 30.992168] kasan_report+0xdc/0x128 [ 30.992200] __asan_report_load1_noabort+0x20/0x30 [ 30.992233] ksize_unpoisons_memory+0x618/0x740 [ 30.992268] kunit_try_run_case+0x170/0x3f0 [ 30.992303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.992341] kthread+0x328/0x630 [ 30.992373] ret_from_fork+0x10/0x20 [ 30.992407] [ 31.055154] Allocated by task 243: [ 31.058543] kasan_save_stack+0x3c/0x68 [ 31.062359] kasan_save_track+0x20/0x40 [ 31.066178] kasan_save_alloc_info+0x40/0x58 [ 31.070432] __kasan_kmalloc+0xd4/0xd8 [ 31.074165] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.078679] ksize_unpoisons_memory+0xc0/0x740 [ 31.083105] kunit_try_run_case+0x170/0x3f0 [ 31.087272] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.092741] kthread+0x328/0x630 [ 31.095952] ret_from_fork+0x10/0x20 [ 31.099511] [ 31.100987] The buggy address belongs to the object at ffff000801ed6700 [ 31.100987] which belongs to the cache kmalloc-128 of size 128 [ 31.113489] The buggy address is located 5 bytes to the right of [ 31.113489] allocated 115-byte region [ffff000801ed6700, ffff000801ed6773) [ 31.126421] [ 31.127898] The buggy address belongs to the physical page: [ 31.133457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ed6 [ 31.141441] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.149078] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.156022] page_type: f5(slab) [ 31.159157] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 31.166878] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.174605] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 31.182416] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.190229] head: 0bfffe0000000001 fffffdffe007b581 00000000ffffffff 00000000ffffffff [ 31.198041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 31.205847] page dumped because: kasan: bad access detected [ 31.211402] [ 31.212879] Memory state around the buggy address: [ 31.217659] ffff000801ed6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.224861] ffff000801ed6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.232065] >ffff000801ed6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.239266] ^ [ 31.246388] ffff000801ed6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.253594] ffff000801ed6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.260794] ==================================================================
[ 18.233760] ================================================================== [ 18.233810] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 18.233878] Read of size 1 at addr fff00000c5bdcc78 by task kunit_try_catch/196 [ 18.233929] [ 18.233959] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 18.234045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.234074] Hardware name: linux,dummy-virt (DT) [ 18.234106] Call trace: [ 18.234145] show_stack+0x20/0x38 (C) [ 18.234194] dump_stack_lvl+0x8c/0xd0 [ 18.234252] print_report+0x118/0x608 [ 18.234298] kasan_report+0xdc/0x128 [ 18.234351] __asan_report_load1_noabort+0x20/0x30 [ 18.234403] ksize_unpoisons_memory+0x618/0x740 [ 18.234454] kunit_try_run_case+0x170/0x3f0 [ 18.234508] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.234569] kthread+0x328/0x630 [ 18.234615] ret_from_fork+0x10/0x20 [ 18.234662] [ 18.234681] Allocated by task 196: [ 18.234722] kasan_save_stack+0x3c/0x68 [ 18.234770] kasan_save_track+0x20/0x40 [ 18.234807] kasan_save_alloc_info+0x40/0x58 [ 18.234844] __kasan_kmalloc+0xd4/0xd8 [ 18.235526] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.235578] ksize_unpoisons_memory+0xc0/0x740 [ 18.235621] kunit_try_run_case+0x170/0x3f0 [ 18.235818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.235888] kthread+0x328/0x630 [ 18.235954] ret_from_fork+0x10/0x20 [ 18.236203] [ 18.236332] The buggy address belongs to the object at fff00000c5bdcc00 [ 18.236332] which belongs to the cache kmalloc-128 of size 128 [ 18.236397] The buggy address is located 5 bytes to the right of [ 18.236397] allocated 115-byte region [fff00000c5bdcc00, fff00000c5bdcc73) [ 18.236470] [ 18.236490] The buggy address belongs to the physical page: [ 18.236815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 18.236956] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.237010] page_type: f5(slab) [ 18.237344] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.237501] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.237557] page dumped because: kasan: bad access detected [ 18.237607] [ 18.237944] Memory state around the buggy address: [ 18.238016] fff00000c5bdcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.238101] fff00000c5bdcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.238150] >fff00000c5bdcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.238364] ^ [ 18.238521] fff00000c5bdcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.238647] fff00000c5bdcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.239001] ================================================================== [ 18.240605] ================================================================== [ 18.240658] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 18.240810] Read of size 1 at addr fff00000c5bdcc7f by task kunit_try_catch/196 [ 18.240925] [ 18.240957] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 18.241335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.241409] Hardware name: linux,dummy-virt (DT) [ 18.241445] Call trace: [ 18.241485] show_stack+0x20/0x38 (C) [ 18.241537] dump_stack_lvl+0x8c/0xd0 [ 18.241820] print_report+0x118/0x608 [ 18.241890] kasan_report+0xdc/0x128 [ 18.241938] __asan_report_load1_noabort+0x20/0x30 [ 18.241990] ksize_unpoisons_memory+0x690/0x740 [ 18.242119] kunit_try_run_case+0x170/0x3f0 [ 18.242172] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.242501] kthread+0x328/0x630 [ 18.242581] ret_from_fork+0x10/0x20 [ 18.242748] [ 18.242787] Allocated by task 196: [ 18.242817] kasan_save_stack+0x3c/0x68 [ 18.243093] kasan_save_track+0x20/0x40 [ 18.243173] kasan_save_alloc_info+0x40/0x58 [ 18.243221] __kasan_kmalloc+0xd4/0xd8 [ 18.243294] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.243349] ksize_unpoisons_memory+0xc0/0x740 [ 18.243392] kunit_try_run_case+0x170/0x3f0 [ 18.243658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.243745] kthread+0x328/0x630 [ 18.243795] ret_from_fork+0x10/0x20 [ 18.243831] [ 18.244068] The buggy address belongs to the object at fff00000c5bdcc00 [ 18.244068] which belongs to the cache kmalloc-128 of size 128 [ 18.244310] The buggy address is located 12 bytes to the right of [ 18.244310] allocated 115-byte region [fff00000c5bdcc00, fff00000c5bdcc73) [ 18.244516] [ 18.244539] The buggy address belongs to the physical page: [ 18.244569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 18.244777] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.244911] page_type: f5(slab) [ 18.245009] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.245127] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.245204] page dumped because: kasan: bad access detected [ 18.245346] [ 18.245444] Memory state around the buggy address: [ 18.245600] fff00000c5bdcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.245675] fff00000c5bdcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.246078] >fff00000c5bdcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.246263] ^ [ 18.246366] fff00000c5bdcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.246450] fff00000c5bdcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.246620] ================================================================== [ 18.226223] ================================================================== [ 18.226324] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 18.226601] Read of size 1 at addr fff00000c5bdcc73 by task kunit_try_catch/196 [ 18.226901] [ 18.227033] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 18.227161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.227207] Hardware name: linux,dummy-virt (DT) [ 18.227240] Call trace: [ 18.227299] show_stack+0x20/0x38 (C) [ 18.227545] dump_stack_lvl+0x8c/0xd0 [ 18.227597] print_report+0x118/0x608 [ 18.227741] kasan_report+0xdc/0x128 [ 18.227795] __asan_report_load1_noabort+0x20/0x30 [ 18.227959] ksize_unpoisons_memory+0x628/0x740 [ 18.228168] kunit_try_run_case+0x170/0x3f0 [ 18.228223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.228278] kthread+0x328/0x630 [ 18.228323] ret_from_fork+0x10/0x20 [ 18.228371] [ 18.228390] Allocated by task 196: [ 18.228417] kasan_save_stack+0x3c/0x68 [ 18.228457] kasan_save_track+0x20/0x40 [ 18.228493] kasan_save_alloc_info+0x40/0x58 [ 18.228532] __kasan_kmalloc+0xd4/0xd8 [ 18.228567] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.228606] ksize_unpoisons_memory+0xc0/0x740 [ 18.228646] kunit_try_run_case+0x170/0x3f0 [ 18.228686] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.228730] kthread+0x328/0x630 [ 18.228764] ret_from_fork+0x10/0x20 [ 18.229158] [ 18.229239] The buggy address belongs to the object at fff00000c5bdcc00 [ 18.229239] which belongs to the cache kmalloc-128 of size 128 [ 18.229396] The buggy address is located 0 bytes to the right of [ 18.229396] allocated 115-byte region [fff00000c5bdcc00, fff00000c5bdcc73) [ 18.229642] [ 18.229697] The buggy address belongs to the physical page: [ 18.229734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 18.230265] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.230360] page_type: f5(slab) [ 18.230494] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.230600] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.231001] page dumped because: kasan: bad access detected [ 18.231066] [ 18.231124] Memory state around the buggy address: [ 18.231871] fff00000c5bdcb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.231954] fff00000c5bdcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.232024] >fff00000c5bdcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.232099] ^ [ 18.232179] fff00000c5bdcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.232309] fff00000c5bdcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.232406] ==================================================================
[ 11.314093] ================================================================== [ 11.315473] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.316641] Read of size 1 at addr ffff8881029f9273 by task kunit_try_catch/213 [ 11.317935] [ 11.318317] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 11.318371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.318383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.318404] Call Trace: [ 11.318421] <TASK> [ 11.318441] dump_stack_lvl+0x73/0xb0 [ 11.318472] print_report+0xd1/0x650 [ 11.318497] ? __virt_addr_valid+0x1db/0x2d0 [ 11.318521] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.318540] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.318563] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.318583] kasan_report+0x141/0x180 [ 11.318605] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.318759] __asan_report_load1_noabort+0x18/0x20 [ 11.318781] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.318846] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.318867] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.318898] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.318932] kunit_try_run_case+0x1a5/0x480 [ 11.318960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.318981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.319005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.319028] ? __kthread_parkme+0x82/0x180 [ 11.319050] ? preempt_count_sub+0x50/0x80 [ 11.319076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.319100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.319122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.319144] kthread+0x337/0x6f0 [ 11.319160] ? trace_preempt_on+0x20/0xc0 [ 11.319184] ? __pfx_kthread+0x10/0x10 [ 11.319201] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.319222] ? calculate_sigpending+0x7b/0xa0 [ 11.319243] ? __pfx_kthread+0x10/0x10 [ 11.319260] ret_from_fork+0x41/0x80 [ 11.319282] ? __pfx_kthread+0x10/0x10 [ 11.319300] ret_from_fork_asm+0x1a/0x30 [ 11.319332] </TASK> [ 11.319343] [ 11.334841] Allocated by task 213: [ 11.335140] kasan_save_stack+0x45/0x70 [ 11.335300] kasan_save_track+0x18/0x40 [ 11.335432] kasan_save_alloc_info+0x3b/0x50 [ 11.335582] __kasan_kmalloc+0xb7/0xc0 [ 11.336136] __kmalloc_cache_noprof+0x189/0x420 [ 11.336611] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.337144] kunit_try_run_case+0x1a5/0x480 [ 11.337567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.338176] kthread+0x337/0x6f0 [ 11.338726] ret_from_fork+0x41/0x80 [ 11.338997] ret_from_fork_asm+0x1a/0x30 [ 11.339469] [ 11.339554] The buggy address belongs to the object at ffff8881029f9200 [ 11.339554] which belongs to the cache kmalloc-128 of size 128 [ 11.340373] The buggy address is located 0 bytes to the right of [ 11.340373] allocated 115-byte region [ffff8881029f9200, ffff8881029f9273) [ 11.341291] [ 11.341575] The buggy address belongs to the physical page: [ 11.342370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 11.342981] flags: 0x200000000000000(node=0|zone=2) [ 11.343156] page_type: f5(slab) [ 11.343284] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.343516] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.344207] page dumped because: kasan: bad access detected [ 11.344860] [ 11.345061] Memory state around the buggy address: [ 11.345496] ffff8881029f9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.346455] ffff8881029f9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.347358] >ffff8881029f9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.348078] ^ [ 11.348425] ffff8881029f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.349214] ffff8881029f9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.349727] ================================================================== [ 11.378083] ================================================================== [ 11.378406] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.378880] Read of size 1 at addr ffff8881029f927f by task kunit_try_catch/213 [ 11.379238] [ 11.379351] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 11.379398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.379420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.379441] Call Trace: [ 11.379455] <TASK> [ 11.379473] dump_stack_lvl+0x73/0xb0 [ 11.379511] print_report+0xd1/0x650 [ 11.379534] ? __virt_addr_valid+0x1db/0x2d0 [ 11.379556] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.379575] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.379597] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.379617] kasan_report+0x141/0x180 [ 11.379639] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.379662] __asan_report_load1_noabort+0x18/0x20 [ 11.379692] ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.379712] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.379730] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.379770] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.379794] kunit_try_run_case+0x1a5/0x480 [ 11.379819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.379842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.379866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.379889] ? __kthread_parkme+0x82/0x180 [ 11.379911] ? preempt_count_sub+0x50/0x80 [ 11.379948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.379971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.379994] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.380016] kthread+0x337/0x6f0 [ 11.380032] ? trace_preempt_on+0x20/0xc0 [ 11.380055] ? __pfx_kthread+0x10/0x10 [ 11.380073] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.380093] ? calculate_sigpending+0x7b/0xa0 [ 11.380115] ? __pfx_kthread+0x10/0x10 [ 11.380133] ret_from_fork+0x41/0x80 [ 11.380155] ? __pfx_kthread+0x10/0x10 [ 11.380173] ret_from_fork_asm+0x1a/0x30 [ 11.380203] </TASK> [ 11.380215] [ 11.387232] Allocated by task 213: [ 11.387418] kasan_save_stack+0x45/0x70 [ 11.387621] kasan_save_track+0x18/0x40 [ 11.387828] kasan_save_alloc_info+0x3b/0x50 [ 11.388041] __kasan_kmalloc+0xb7/0xc0 [ 11.388218] __kmalloc_cache_noprof+0x189/0x420 [ 11.388456] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.388606] kunit_try_run_case+0x1a5/0x480 [ 11.388758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.389035] kthread+0x337/0x6f0 [ 11.389201] ret_from_fork+0x41/0x80 [ 11.389428] ret_from_fork_asm+0x1a/0x30 [ 11.389604] [ 11.389700] The buggy address belongs to the object at ffff8881029f9200 [ 11.389700] which belongs to the cache kmalloc-128 of size 128 [ 11.390205] The buggy address is located 12 bytes to the right of [ 11.390205] allocated 115-byte region [ffff8881029f9200, ffff8881029f9273) [ 11.390775] [ 11.390880] The buggy address belongs to the physical page: [ 11.391099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 11.391452] flags: 0x200000000000000(node=0|zone=2) [ 11.391779] page_type: f5(slab) [ 11.391935] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.392287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.392570] page dumped because: kasan: bad access detected [ 11.392905] [ 11.392982] Memory state around the buggy address: [ 11.393136] ffff8881029f9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.393350] ffff8881029f9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.393564] >ffff8881029f9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.393925] ^ [ 11.394239] ffff8881029f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.394552] ffff8881029f9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.394864] ================================================================== [ 11.350907] ================================================================== [ 11.351175] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.351419] Read of size 1 at addr ffff8881029f9278 by task kunit_try_catch/213 [ 11.352032] [ 11.352382] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 11.352433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.352445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.352466] Call Trace: [ 11.352479] <TASK> [ 11.352497] dump_stack_lvl+0x73/0xb0 [ 11.352594] print_report+0xd1/0x650 [ 11.352619] ? __virt_addr_valid+0x1db/0x2d0 [ 11.352640] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.352659] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.352681] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.352700] kasan_report+0x141/0x180 [ 11.352722] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.352746] __asan_report_load1_noabort+0x18/0x20 [ 11.352775] ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.352795] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.352814] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.352856] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.352880] kunit_try_run_case+0x1a5/0x480 [ 11.352905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.352938] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.352961] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.352984] ? __kthread_parkme+0x82/0x180 [ 11.353006] ? preempt_count_sub+0x50/0x80 [ 11.353033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.353058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.353081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.353104] kthread+0x337/0x6f0 [ 11.353120] ? trace_preempt_on+0x20/0xc0 [ 11.353144] ? __pfx_kthread+0x10/0x10 [ 11.353161] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.353182] ? calculate_sigpending+0x7b/0xa0 [ 11.353203] ? __pfx_kthread+0x10/0x10 [ 11.353221] ret_from_fork+0x41/0x80 [ 11.353242] ? __pfx_kthread+0x10/0x10 [ 11.353260] ret_from_fork_asm+0x1a/0x30 [ 11.353289] </TASK> [ 11.353301] [ 11.365887] Allocated by task 213: [ 11.366189] kasan_save_stack+0x45/0x70 [ 11.366536] kasan_save_track+0x18/0x40 [ 11.366901] kasan_save_alloc_info+0x3b/0x50 [ 11.367062] __kasan_kmalloc+0xb7/0xc0 [ 11.367197] __kmalloc_cache_noprof+0x189/0x420 [ 11.367351] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.367499] kunit_try_run_case+0x1a5/0x480 [ 11.367832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.368313] kthread+0x337/0x6f0 [ 11.368657] ret_from_fork+0x41/0x80 [ 11.369003] ret_from_fork_asm+0x1a/0x30 [ 11.369379] [ 11.369567] The buggy address belongs to the object at ffff8881029f9200 [ 11.369567] which belongs to the cache kmalloc-128 of size 128 [ 11.370829] The buggy address is located 5 bytes to the right of [ 11.370829] allocated 115-byte region [ffff8881029f9200, ffff8881029f9273) [ 11.371838] [ 11.371912] The buggy address belongs to the physical page: [ 11.372094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9 [ 11.372342] flags: 0x200000000000000(node=0|zone=2) [ 11.372507] page_type: f5(slab) [ 11.372722] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.373393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.373815] page dumped because: kasan: bad access detected [ 11.374303] [ 11.374431] Memory state around the buggy address: [ 11.374787] ffff8881029f9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.375168] ffff8881029f9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.375385] >ffff8881029f9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.375627] ^ [ 11.376123] ffff8881029f9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.376347] ffff8881029f9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.376560] ==================================================================