Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 48.094290] ================================================================== [ 48.101240] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 48.108612] Read of size 1 at addr ffff00080193af78 by task kunit_try_catch/278 [ 48.115903] [ 48.117388] CPU: 2 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 48.117446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.117461] Hardware name: WinLink E850-96 board (DT) [ 48.117481] Call trace: [ 48.117494] show_stack+0x20/0x38 (C) [ 48.117527] dump_stack_lvl+0x8c/0xd0 [ 48.117560] print_report+0x118/0x5d0 [ 48.117587] kasan_report+0xdc/0x128 [ 48.117616] __asan_report_load1_noabort+0x20/0x30 [ 48.117651] ksize_unpoisons_memory+0x618/0x740 [ 48.117683] kunit_try_run_case+0x170/0x3f0 [ 48.117721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.117753] kthread+0x328/0x630 [ 48.117783] ret_from_fork+0x10/0x20 [ 48.117819] [ 48.181787] Allocated by task 278: [ 48.185175] kasan_save_stack+0x3c/0x68 [ 48.188993] kasan_save_track+0x20/0x40 [ 48.192812] kasan_save_alloc_info+0x40/0x58 [ 48.197064] __kasan_kmalloc+0xd4/0xd8 [ 48.200799] __kmalloc_cache_noprof+0x16c/0x3c0 [ 48.205312] ksize_unpoisons_memory+0xc0/0x740 [ 48.209739] kunit_try_run_case+0x170/0x3f0 [ 48.213905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.219374] kthread+0x328/0x630 [ 48.222586] ret_from_fork+0x10/0x20 [ 48.226145] [ 48.227621] The buggy address belongs to the object at ffff00080193af00 [ 48.227621] which belongs to the cache kmalloc-128 of size 128 [ 48.240124] The buggy address is located 5 bytes to the right of [ 48.240124] allocated 115-byte region [ffff00080193af00, ffff00080193af73) [ 48.253054] [ 48.254532] The buggy address belongs to the physical page: [ 48.260091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88193a [ 48.268073] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.275712] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 48.282656] page_type: f5(slab) [ 48.285791] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.293512] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.301238] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.309049] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.316862] head: 0bfffe0000000001 fffffdffe0064e81 00000000ffffffff 00000000ffffffff [ 48.324674] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 48.332480] page dumped because: kasan: bad access detected [ 48.338035] [ 48.339511] Memory state around the buggy address: [ 48.344290] ffff00080193ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.351494] ffff00080193ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.358700] >ffff00080193af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 48.365899] ^ [ 48.373022] ffff00080193af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.380227] ffff00080193b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.387427] ================================================================== [ 48.394819] ================================================================== [ 48.401843] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 48.409217] Read of size 1 at addr ffff00080193af7f by task kunit_try_catch/278 [ 48.416507] [ 48.417992] CPU: 4 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 48.418050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.418067] Hardware name: WinLink E850-96 board (DT) [ 48.418091] Call trace: [ 48.418104] show_stack+0x20/0x38 (C) [ 48.418141] dump_stack_lvl+0x8c/0xd0 [ 48.418174] print_report+0x118/0x5d0 [ 48.418203] kasan_report+0xdc/0x128 [ 48.418231] __asan_report_load1_noabort+0x20/0x30 [ 48.418263] ksize_unpoisons_memory+0x690/0x740 [ 48.418300] kunit_try_run_case+0x170/0x3f0 [ 48.418340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.418375] kthread+0x328/0x630 [ 48.418407] ret_from_fork+0x10/0x20 [ 48.418441] [ 48.482391] Allocated by task 278: [ 48.485780] kasan_save_stack+0x3c/0x68 [ 48.489596] kasan_save_track+0x20/0x40 [ 48.493415] kasan_save_alloc_info+0x40/0x58 [ 48.497668] __kasan_kmalloc+0xd4/0xd8 [ 48.501401] __kmalloc_cache_noprof+0x16c/0x3c0 [ 48.505915] ksize_unpoisons_memory+0xc0/0x740 [ 48.510342] kunit_try_run_case+0x170/0x3f0 [ 48.514509] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.519977] kthread+0x328/0x630 [ 48.523189] ret_from_fork+0x10/0x20 [ 48.526748] [ 48.528225] The buggy address belongs to the object at ffff00080193af00 [ 48.528225] which belongs to the cache kmalloc-128 of size 128 [ 48.540727] The buggy address is located 12 bytes to the right of [ 48.540727] allocated 115-byte region [ffff00080193af00, ffff00080193af73) [ 48.553744] [ 48.555222] The buggy address belongs to the physical page: [ 48.560779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88193a [ 48.568763] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.576402] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 48.583345] page_type: f5(slab) [ 48.586481] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.594202] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.601928] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.609739] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.617552] head: 0bfffe0000000001 fffffdffe0064e81 00000000ffffffff 00000000ffffffff [ 48.625364] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 48.633170] page dumped because: kasan: bad access detected [ 48.638725] [ 48.640200] Memory state around the buggy address: [ 48.644979] ffff00080193ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.652183] ffff00080193ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.659389] >ffff00080193af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 48.666589] ^ [ 48.673711] ffff00080193af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.680917] ffff00080193b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.688118] ================================================================== [ 47.791257] ================================================================== [ 47.800894] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 47.808269] Read of size 1 at addr ffff00080193af73 by task kunit_try_catch/278 [ 47.815562] [ 47.817047] CPU: 2 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 47.817102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.817119] Hardware name: WinLink E850-96 board (DT) [ 47.817140] Call trace: [ 47.817154] show_stack+0x20/0x38 (C) [ 47.817192] dump_stack_lvl+0x8c/0xd0 [ 47.817225] print_report+0x118/0x5d0 [ 47.817254] kasan_report+0xdc/0x128 [ 47.817282] __asan_report_load1_noabort+0x20/0x30 [ 47.817317] ksize_unpoisons_memory+0x628/0x740 [ 47.817350] kunit_try_run_case+0x170/0x3f0 [ 47.817389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.817421] kthread+0x328/0x630 [ 47.817450] ret_from_fork+0x10/0x20 [ 47.817485] [ 47.881445] Allocated by task 278: [ 47.884836] kasan_save_stack+0x3c/0x68 [ 47.888650] kasan_save_track+0x20/0x40 [ 47.892469] kasan_save_alloc_info+0x40/0x58 [ 47.896722] __kasan_kmalloc+0xd4/0xd8 [ 47.900456] __kmalloc_cache_noprof+0x16c/0x3c0 [ 47.904969] ksize_unpoisons_memory+0xc0/0x740 [ 47.909396] kunit_try_run_case+0x170/0x3f0 [ 47.913563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.919031] kthread+0x328/0x630 [ 47.922243] ret_from_fork+0x10/0x20 [ 47.925802] [ 47.927280] The buggy address belongs to the object at ffff00080193af00 [ 47.927280] which belongs to the cache kmalloc-128 of size 128 [ 47.939781] The buggy address is located 0 bytes to the right of [ 47.939781] allocated 115-byte region [ffff00080193af00, ffff00080193af73) [ 47.952711] [ 47.954191] The buggy address belongs to the physical page: [ 47.959747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88193a [ 47.967731] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.975370] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 47.982313] page_type: f5(slab) [ 47.985450] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 47.993169] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.000894] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.008707] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.016520] head: 0bfffe0000000001 fffffdffe0064e81 00000000ffffffff 00000000ffffffff [ 48.024331] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 48.032137] page dumped because: kasan: bad access detected [ 48.037693] [ 48.039168] Memory state around the buggy address: [ 48.043948] ffff00080193ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.051151] ffff00080193ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.058357] >ffff00080193af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 48.065557] ^ [ 48.072418] ffff00080193af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.079624] ffff00080193b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.086824] ==================================================================
[ 30.707156] ================================================================== [ 30.707204] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 30.707254] Read of size 1 at addr fff00000c91b3c78 by task kunit_try_catch/225 [ 30.707303] [ 30.707349] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.707433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.707479] Hardware name: linux,dummy-virt (DT) [ 30.707511] Call trace: [ 30.707533] show_stack+0x20/0x38 (C) [ 30.707582] dump_stack_lvl+0x8c/0xd0 [ 30.707639] print_report+0x118/0x5d0 [ 30.707692] kasan_report+0xdc/0x128 [ 30.707746] __asan_report_load1_noabort+0x20/0x30 [ 30.707798] ksize_unpoisons_memory+0x618/0x740 [ 30.707848] kunit_try_run_case+0x170/0x3f0 [ 30.707898] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.707948] kthread+0x328/0x630 [ 30.707991] ret_from_fork+0x10/0x20 [ 30.708045] [ 30.708065] Allocated by task 225: [ 30.708102] kasan_save_stack+0x3c/0x68 [ 30.708145] kasan_save_track+0x20/0x40 [ 30.708189] kasan_save_alloc_info+0x40/0x58 [ 30.708233] __kasan_kmalloc+0xd4/0xd8 [ 30.708270] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.708311] ksize_unpoisons_memory+0xc0/0x740 [ 30.708361] kunit_try_run_case+0x170/0x3f0 [ 30.708398] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.708447] kthread+0x328/0x630 [ 30.708480] ret_from_fork+0x10/0x20 [ 30.708515] [ 30.708533] The buggy address belongs to the object at fff00000c91b3c00 [ 30.708533] which belongs to the cache kmalloc-128 of size 128 [ 30.708600] The buggy address is located 5 bytes to the right of [ 30.708600] allocated 115-byte region [fff00000c91b3c00, fff00000c91b3c73) [ 30.708665] [ 30.708684] The buggy address belongs to the physical page: [ 30.708719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b3 [ 30.708772] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.708830] page_type: f5(slab) [ 30.708869] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.708919] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.708968] page dumped because: kasan: bad access detected [ 30.709000] [ 30.709033] Memory state around the buggy address: [ 30.709076] fff00000c91b3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.709121] fff00000c91b3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.709161] >fff00000c91b3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.709199] ^ [ 30.709248] fff00000c91b3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.709297] fff00000c91b3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.709346] ================================================================== [ 30.702370] ================================================================== [ 30.702444] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 30.702524] Read of size 1 at addr fff00000c91b3c73 by task kunit_try_catch/225 [ 30.702604] [ 30.702651] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.702778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.702826] Hardware name: linux,dummy-virt (DT) [ 30.702862] Call trace: [ 30.702890] show_stack+0x20/0x38 (C) [ 30.702962] dump_stack_lvl+0x8c/0xd0 [ 30.703021] print_report+0x118/0x5d0 [ 30.703082] kasan_report+0xdc/0x128 [ 30.703127] __asan_report_load1_noabort+0x20/0x30 [ 30.703187] ksize_unpoisons_memory+0x628/0x740 [ 30.703237] kunit_try_run_case+0x170/0x3f0 [ 30.705340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.705419] kthread+0x328/0x630 [ 30.705467] ret_from_fork+0x10/0x20 [ 30.705518] [ 30.705536] Allocated by task 225: [ 30.705567] kasan_save_stack+0x3c/0x68 [ 30.705609] kasan_save_track+0x20/0x40 [ 30.705648] kasan_save_alloc_info+0x40/0x58 [ 30.705686] __kasan_kmalloc+0xd4/0xd8 [ 30.705724] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.705764] ksize_unpoisons_memory+0xc0/0x740 [ 30.705803] kunit_try_run_case+0x170/0x3f0 [ 30.705842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.705884] kthread+0x328/0x630 [ 30.705917] ret_from_fork+0x10/0x20 [ 30.705953] [ 30.705972] The buggy address belongs to the object at fff00000c91b3c00 [ 30.705972] which belongs to the cache kmalloc-128 of size 128 [ 30.706032] The buggy address is located 0 bytes to the right of [ 30.706032] allocated 115-byte region [fff00000c91b3c00, fff00000c91b3c73) [ 30.706096] [ 30.706118] The buggy address belongs to the physical page: [ 30.706151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b3 [ 30.706206] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.706255] page_type: f5(slab) [ 30.706300] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.706360] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.706399] page dumped because: kasan: bad access detected [ 30.706430] [ 30.706449] Memory state around the buggy address: [ 30.706480] fff00000c91b3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.706521] fff00000c91b3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.706564] >fff00000c91b3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.706600] ^ [ 30.706640] fff00000c91b3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.706681] fff00000c91b3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.706719] ================================================================== [ 30.709474] ================================================================== [ 30.709513] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 30.709559] Read of size 1 at addr fff00000c91b3c7f by task kunit_try_catch/225 [ 30.709610] [ 30.709637] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.709732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.709759] Hardware name: linux,dummy-virt (DT) [ 30.709789] Call trace: [ 30.709812] show_stack+0x20/0x38 (C) [ 30.709860] dump_stack_lvl+0x8c/0xd0 [ 30.709905] print_report+0x118/0x5d0 [ 30.709949] kasan_report+0xdc/0x128 [ 30.709992] __asan_report_load1_noabort+0x20/0x30 [ 30.710043] ksize_unpoisons_memory+0x690/0x740 [ 30.710091] kunit_try_run_case+0x170/0x3f0 [ 30.710140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.710252] kthread+0x328/0x630 [ 30.710296] ret_from_fork+0x10/0x20 [ 30.710357] [ 30.710377] Allocated by task 225: [ 30.710403] kasan_save_stack+0x3c/0x68 [ 30.710444] kasan_save_track+0x20/0x40 [ 30.710481] kasan_save_alloc_info+0x40/0x58 [ 30.710519] __kasan_kmalloc+0xd4/0xd8 [ 30.710555] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.710596] ksize_unpoisons_memory+0xc0/0x740 [ 30.710634] kunit_try_run_case+0x170/0x3f0 [ 30.710685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.710727] kthread+0x328/0x630 [ 30.710804] ret_from_fork+0x10/0x20 [ 30.710873] [ 30.710964] The buggy address belongs to the object at fff00000c91b3c00 [ 30.710964] which belongs to the cache kmalloc-128 of size 128 [ 30.711056] The buggy address is located 12 bytes to the right of [ 30.711056] allocated 115-byte region [fff00000c91b3c00, fff00000c91b3c73) [ 30.711140] [ 30.711192] The buggy address belongs to the physical page: [ 30.711250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b3 [ 30.711313] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.711370] page_type: f5(slab) [ 30.711405] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.711457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.711496] page dumped because: kasan: bad access detected [ 30.711527] [ 30.711544] Memory state around the buggy address: [ 30.711574] fff00000c91b3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.711630] fff00000c91b3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.711734] >fff00000c91b3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.711813] ^ [ 30.711908] fff00000c91b3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.711997] fff00000c91b3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.712114] ==================================================================
[ 24.161483] ================================================================== [ 24.161907] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162156] Read of size 1 at addr ffff888105745273 by task kunit_try_catch/244 [ 24.162537] [ 24.162668] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.162720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.162742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.162764] Call Trace: [ 24.162778] <TASK> [ 24.162797] dump_stack_lvl+0x73/0xb0 [ 24.162828] print_report+0xd1/0x610 [ 24.162850] ? __virt_addr_valid+0x1db/0x2d0 [ 24.162873] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162895] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.162920] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162943] kasan_report+0x141/0x180 [ 24.162965] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162992] __asan_report_load1_noabort+0x18/0x20 [ 24.163015] ksize_unpoisons_memory+0x81c/0x9b0 [ 24.163038] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.163060] ? finish_task_switch.isra.0+0x153/0x700 [ 24.163082] ? __switch_to+0x47/0xf80 [ 24.163109] ? __schedule+0x10cc/0x2b60 [ 24.163133] ? __pfx_read_tsc+0x10/0x10 [ 24.163155] ? ktime_get_ts64+0x86/0x230 [ 24.163180] kunit_try_run_case+0x1a5/0x480 [ 24.163202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.163221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.163244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.163275] ? __kthread_parkme+0x82/0x180 [ 24.163296] ? preempt_count_sub+0x50/0x80 [ 24.163318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.163339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.163363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.163388] kthread+0x337/0x6f0 [ 24.163409] ? trace_preempt_on+0x20/0xc0 [ 24.163432] ? __pfx_kthread+0x10/0x10 [ 24.163454] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.163476] ? calculate_sigpending+0x7b/0xa0 [ 24.163500] ? __pfx_kthread+0x10/0x10 [ 24.163522] ret_from_fork+0x116/0x1d0 [ 24.163541] ? __pfx_kthread+0x10/0x10 [ 24.163562] ret_from_fork_asm+0x1a/0x30 [ 24.163593] </TASK> [ 24.163604] [ 24.170816] Allocated by task 244: [ 24.170964] kasan_save_stack+0x45/0x70 [ 24.171161] kasan_save_track+0x18/0x40 [ 24.171425] kasan_save_alloc_info+0x3b/0x50 [ 24.171657] __kasan_kmalloc+0xb7/0xc0 [ 24.171852] __kmalloc_cache_noprof+0x189/0x420 [ 24.172068] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.172236] kunit_try_run_case+0x1a5/0x480 [ 24.172510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.172695] kthread+0x337/0x6f0 [ 24.172872] ret_from_fork+0x116/0x1d0 [ 24.173043] ret_from_fork_asm+0x1a/0x30 [ 24.173176] [ 24.173242] The buggy address belongs to the object at ffff888105745200 [ 24.173242] which belongs to the cache kmalloc-128 of size 128 [ 24.173780] The buggy address is located 0 bytes to the right of [ 24.173780] allocated 115-byte region [ffff888105745200, ffff888105745273) [ 24.174497] [ 24.174625] The buggy address belongs to the physical page: [ 24.174893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 24.175210] flags: 0x200000000000000(node=0|zone=2) [ 24.175469] page_type: f5(slab) [ 24.175592] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.175893] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.176227] page dumped because: kasan: bad access detected [ 24.176566] [ 24.176654] Memory state around the buggy address: [ 24.176853] ffff888105745100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177130] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177414] >ffff888105745200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.177745] ^ [ 24.178050] ffff888105745280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178374] ffff888105745300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178620] ================================================================== [ 24.179078] ================================================================== [ 24.179403] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.179683] Read of size 1 at addr ffff888105745278 by task kunit_try_catch/244 [ 24.179907] [ 24.180012] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.180058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.180070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.180090] Call Trace: [ 24.180103] <TASK> [ 24.180117] dump_stack_lvl+0x73/0xb0 [ 24.180144] print_report+0xd1/0x610 [ 24.180165] ? __virt_addr_valid+0x1db/0x2d0 [ 24.180188] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180209] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.180234] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180256] kasan_report+0x141/0x180 [ 24.180277] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180302] __asan_report_load1_noabort+0x18/0x20 [ 24.180330] ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180352] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.180373] ? finish_task_switch.isra.0+0x153/0x700 [ 24.180395] ? __switch_to+0x47/0xf80 [ 24.180420] ? __schedule+0x10cc/0x2b60 [ 24.180443] ? __pfx_read_tsc+0x10/0x10 [ 24.180463] ? ktime_get_ts64+0x86/0x230 [ 24.180487] kunit_try_run_case+0x1a5/0x480 [ 24.180507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.180526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.180548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.180570] ? __kthread_parkme+0x82/0x180 [ 24.180590] ? preempt_count_sub+0x50/0x80 [ 24.180611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.180632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.180655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.180680] kthread+0x337/0x6f0 [ 24.180700] ? trace_preempt_on+0x20/0xc0 [ 24.180724] ? __pfx_kthread+0x10/0x10 [ 24.180765] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.180786] ? calculate_sigpending+0x7b/0xa0 [ 24.180809] ? __pfx_kthread+0x10/0x10 [ 24.180830] ret_from_fork+0x116/0x1d0 [ 24.180848] ? __pfx_kthread+0x10/0x10 [ 24.181051] ret_from_fork_asm+0x1a/0x30 [ 24.181086] </TASK> [ 24.181098] [ 24.188814] Allocated by task 244: [ 24.188976] kasan_save_stack+0x45/0x70 [ 24.189114] kasan_save_track+0x18/0x40 [ 24.189240] kasan_save_alloc_info+0x3b/0x50 [ 24.189387] __kasan_kmalloc+0xb7/0xc0 [ 24.189510] __kmalloc_cache_noprof+0x189/0x420 [ 24.189677] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.189896] kunit_try_run_case+0x1a5/0x480 [ 24.190102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.190355] kthread+0x337/0x6f0 [ 24.190514] ret_from_fork+0x116/0x1d0 [ 24.190691] ret_from_fork_asm+0x1a/0x30 [ 24.190971] [ 24.191067] The buggy address belongs to the object at ffff888105745200 [ 24.191067] which belongs to the cache kmalloc-128 of size 128 [ 24.191874] The buggy address is located 5 bytes to the right of [ 24.191874] allocated 115-byte region [ffff888105745200, ffff888105745273) [ 24.192517] [ 24.192616] The buggy address belongs to the physical page: [ 24.192841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 24.193102] flags: 0x200000000000000(node=0|zone=2) [ 24.193412] page_type: f5(slab) [ 24.193589] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.193885] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.194155] page dumped because: kasan: bad access detected [ 24.194488] [ 24.194581] Memory state around the buggy address: [ 24.194793] ffff888105745100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.195006] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.195214] >ffff888105745200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.195425] ^ [ 24.195696] ffff888105745280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.196020] ffff888105745300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.196326] ================================================================== [ 24.196727] ================================================================== [ 24.197147] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.197570] Read of size 1 at addr ffff88810574527f by task kunit_try_catch/244 [ 24.197916] [ 24.198029] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.198076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.198088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.198110] Call Trace: [ 24.198127] <TASK> [ 24.198143] dump_stack_lvl+0x73/0xb0 [ 24.198172] print_report+0xd1/0x610 [ 24.198193] ? __virt_addr_valid+0x1db/0x2d0 [ 24.198217] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198239] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.198334] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198360] kasan_report+0x141/0x180 [ 24.198381] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198408] __asan_report_load1_noabort+0x18/0x20 [ 24.198431] ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198470] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.198493] ? finish_task_switch.isra.0+0x153/0x700 [ 24.198515] ? __switch_to+0x47/0xf80 [ 24.198540] ? __schedule+0x10cc/0x2b60 [ 24.198563] ? __pfx_read_tsc+0x10/0x10 [ 24.198584] ? ktime_get_ts64+0x86/0x230 [ 24.198609] kunit_try_run_case+0x1a5/0x480 [ 24.198630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.198650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.198675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.198698] ? __kthread_parkme+0x82/0x180 [ 24.198718] ? preempt_count_sub+0x50/0x80 [ 24.198749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.198770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.198794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.198821] kthread+0x337/0x6f0 [ 24.198842] ? trace_preempt_on+0x20/0xc0 [ 24.198865] ? __pfx_kthread+0x10/0x10 [ 24.198886] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.198908] ? calculate_sigpending+0x7b/0xa0 [ 24.198932] ? __pfx_kthread+0x10/0x10 [ 24.198954] ret_from_fork+0x116/0x1d0 [ 24.198973] ? __pfx_kthread+0x10/0x10 [ 24.198994] ret_from_fork_asm+0x1a/0x30 [ 24.199024] </TASK> [ 24.199035] [ 24.206973] Allocated by task 244: [ 24.207126] kasan_save_stack+0x45/0x70 [ 24.207335] kasan_save_track+0x18/0x40 [ 24.207496] kasan_save_alloc_info+0x3b/0x50 [ 24.207639] __kasan_kmalloc+0xb7/0xc0 [ 24.207796] __kmalloc_cache_noprof+0x189/0x420 [ 24.208008] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.208215] kunit_try_run_case+0x1a5/0x480 [ 24.208501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.208765] kthread+0x337/0x6f0 [ 24.208900] ret_from_fork+0x116/0x1d0 [ 24.209065] ret_from_fork_asm+0x1a/0x30 [ 24.209226] [ 24.209382] The buggy address belongs to the object at ffff888105745200 [ 24.209382] which belongs to the cache kmalloc-128 of size 128 [ 24.209872] The buggy address is located 12 bytes to the right of [ 24.209872] allocated 115-byte region [ffff888105745200, ffff888105745273) [ 24.210303] [ 24.210400] The buggy address belongs to the physical page: [ 24.210648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 24.211009] flags: 0x200000000000000(node=0|zone=2) [ 24.211191] page_type: f5(slab) [ 24.211356] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.211656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.212044] page dumped because: kasan: bad access detected [ 24.212502] [ 24.212606] Memory state around the buggy address: [ 24.212808] ffff888105745100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.213054] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.213326] >ffff888105745200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.213563] ^ [ 24.213873] ffff888105745280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.214180] ffff888105745300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.214567] ==================================================================