Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.560863] ================================================================== [ 36.567940] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 36.574878] Read of size 1 at addr ffff000801ff7480 by task kunit_try_catch/220 [ 36.582170] [ 36.583655] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 36.583706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.583725] Hardware name: WinLink E850-96 board (DT) [ 36.583743] Call trace: [ 36.583754] show_stack+0x20/0x38 (C) [ 36.583789] dump_stack_lvl+0x8c/0xd0 [ 36.583820] print_report+0x118/0x5d0 [ 36.583847] kasan_report+0xdc/0x128 [ 36.583873] __asan_report_load1_noabort+0x20/0x30 [ 36.583906] kmalloc_oob_right+0x5d0/0x660 [ 36.583938] kunit_try_run_case+0x170/0x3f0 [ 36.583972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.584003] kthread+0x328/0x630 [ 36.584035] ret_from_fork+0x10/0x20 [ 36.584069] [ 36.647621] Allocated by task 220: [ 36.651008] kasan_save_stack+0x3c/0x68 [ 36.654825] kasan_save_track+0x20/0x40 [ 36.658645] kasan_save_alloc_info+0x40/0x58 [ 36.662898] __kasan_kmalloc+0xd4/0xd8 [ 36.666630] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.671144] kmalloc_oob_right+0xb0/0x660 [ 36.675137] kunit_try_run_case+0x170/0x3f0 [ 36.679304] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.684773] kthread+0x328/0x630 [ 36.687985] ret_from_fork+0x10/0x20 [ 36.691544] [ 36.693020] The buggy address belongs to the object at ffff000801ff7400 [ 36.693020] which belongs to the cache kmalloc-128 of size 128 [ 36.705520] The buggy address is located 13 bytes to the right of [ 36.705520] allocated 115-byte region [ffff000801ff7400, ffff000801ff7473) [ 36.718539] [ 36.720017] The buggy address belongs to the physical page: [ 36.725575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ff6 [ 36.733557] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.741197] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.748140] page_type: f5(slab) [ 36.751277] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.758997] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.766724] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.774535] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.782348] head: 0bfffe0000000001 fffffdffe007fd81 00000000ffffffff 00000000ffffffff [ 36.790160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 36.797965] page dumped because: kasan: bad access detected [ 36.803521] [ 36.804996] Memory state around the buggy address: [ 36.809775] ffff000801ff7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.816980] ffff000801ff7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.824185] >ffff000801ff7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.831385] ^ [ 36.834600] ffff000801ff7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.841805] ffff000801ff7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.849006] ================================================================== [ 36.261308] ================================================================== [ 36.268464] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 36.275404] Write of size 1 at addr ffff000801ff7478 by task kunit_try_catch/220 [ 36.282782] [ 36.284268] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 36.284321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.284337] Hardware name: WinLink E850-96 board (DT) [ 36.284356] Call trace: [ 36.284370] show_stack+0x20/0x38 (C) [ 36.284403] dump_stack_lvl+0x8c/0xd0 [ 36.284435] print_report+0x118/0x5d0 [ 36.284465] kasan_report+0xdc/0x128 [ 36.284490] __asan_report_store1_noabort+0x20/0x30 [ 36.284525] kmalloc_oob_right+0x538/0x660 [ 36.284558] kunit_try_run_case+0x170/0x3f0 [ 36.284595] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.284625] kthread+0x328/0x630 [ 36.284655] ret_from_fork+0x10/0x20 [ 36.284691] [ 36.348319] Allocated by task 220: [ 36.351708] kasan_save_stack+0x3c/0x68 [ 36.355524] kasan_save_track+0x20/0x40 [ 36.359343] kasan_save_alloc_info+0x40/0x58 [ 36.363597] __kasan_kmalloc+0xd4/0xd8 [ 36.367330] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.371843] kmalloc_oob_right+0xb0/0x660 [ 36.375836] kunit_try_run_case+0x170/0x3f0 [ 36.380003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.385472] kthread+0x328/0x630 [ 36.388683] ret_from_fork+0x10/0x20 [ 36.392243] [ 36.393719] The buggy address belongs to the object at ffff000801ff7400 [ 36.393719] which belongs to the cache kmalloc-128 of size 128 [ 36.406221] The buggy address is located 5 bytes to the right of [ 36.406221] allocated 115-byte region [ffff000801ff7400, ffff000801ff7473) [ 36.419151] [ 36.420629] The buggy address belongs to the physical page: [ 36.426187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ff6 [ 36.434169] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.441810] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.448754] page_type: f5(slab) [ 36.451888] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.459609] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.467336] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.475147] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.482960] head: 0bfffe0000000001 fffffdffe007fd81 00000000ffffffff 00000000ffffffff [ 36.490772] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 36.498579] page dumped because: kasan: bad access detected [ 36.504133] [ 36.505608] Memory state around the buggy address: [ 36.510388] ffff000801ff7300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.517591] ffff000801ff7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.524798] >ffff000801ff7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.531997] ^ [ 36.539119] ffff000801ff7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.546324] ffff000801ff7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.553525] ================================================================== [ 35.958593] ================================================================== [ 35.965171] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 35.972111] Write of size 1 at addr ffff000801ff7473 by task kunit_try_catch/220 [ 35.979489] [ 35.980975] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 35.981028] Tainted: [N]=TEST [ 35.981043] Hardware name: WinLink E850-96 board (DT) [ 35.981063] Call trace: [ 35.981080] show_stack+0x20/0x38 (C) [ 35.981116] dump_stack_lvl+0x8c/0xd0 [ 35.981149] print_report+0x118/0x5d0 [ 35.981178] kasan_report+0xdc/0x128 [ 35.981205] __asan_report_store1_noabort+0x20/0x30 [ 35.981241] kmalloc_oob_right+0x5a4/0x660 [ 35.981271] kunit_try_run_case+0x170/0x3f0 [ 35.981311] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.981344] kthread+0x328/0x630 [ 35.981372] ret_from_fork+0x10/0x20 [ 35.981408] [ 36.043811] Allocated by task 220: [ 36.047198] kasan_save_stack+0x3c/0x68 [ 36.051015] kasan_save_track+0x20/0x40 [ 36.054834] kasan_save_alloc_info+0x40/0x58 [ 36.059088] __kasan_kmalloc+0xd4/0xd8 [ 36.062822] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.067336] kmalloc_oob_right+0xb0/0x660 [ 36.071327] kunit_try_run_case+0x170/0x3f0 [ 36.075494] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.080962] kthread+0x328/0x630 [ 36.084174] ret_from_fork+0x10/0x20 [ 36.087735] [ 36.089210] The buggy address belongs to the object at ffff000801ff7400 [ 36.089210] which belongs to the cache kmalloc-128 of size 128 [ 36.101711] The buggy address is located 0 bytes to the right of [ 36.101711] allocated 115-byte region [ffff000801ff7400, ffff000801ff7473) [ 36.114642] [ 36.116122] The buggy address belongs to the physical page: [ 36.121679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ff6 [ 36.129662] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.137301] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.144245] page_type: f5(slab) [ 36.147381] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.155100] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.162826] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.170638] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.178450] head: 0bfffe0000000001 fffffdffe007fd81 00000000ffffffff 00000000ffffffff [ 36.186262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 36.194070] page dumped because: kasan: bad access detected [ 36.199623] [ 36.201099] Memory state around the buggy address: [ 36.205881] ffff000801ff7300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.213082] ffff000801ff7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.220291] >ffff000801ff7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.227488] ^ [ 36.234349] ffff000801ff7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.241554] ffff000801ff7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.248756] ==================================================================
[ 29.285067] ================================================================== [ 29.285107] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 29.285188] Write of size 1 at addr fff00000c636a678 by task kunit_try_catch/167 [ 29.285264] [ 29.285323] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.285424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.285450] Hardware name: linux,dummy-virt (DT) [ 29.285496] Call trace: [ 29.285526] show_stack+0x20/0x38 (C) [ 29.285575] dump_stack_lvl+0x8c/0xd0 [ 29.285627] print_report+0x118/0x5d0 [ 29.285669] kasan_report+0xdc/0x128 [ 29.285711] __asan_report_store1_noabort+0x20/0x30 [ 29.285879] kmalloc_oob_right+0x538/0x660 [ 29.285940] kunit_try_run_case+0x170/0x3f0 [ 29.286017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.286079] kthread+0x328/0x630 [ 29.286158] ret_from_fork+0x10/0x20 [ 29.286258] [ 29.286276] Allocated by task 167: [ 29.286303] kasan_save_stack+0x3c/0x68 [ 29.286361] kasan_save_track+0x20/0x40 [ 29.286399] kasan_save_alloc_info+0x40/0x58 [ 29.286434] __kasan_kmalloc+0xd4/0xd8 [ 29.286469] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.286507] kmalloc_oob_right+0xb0/0x660 [ 29.286543] kunit_try_run_case+0x170/0x3f0 [ 29.286580] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.286785] kthread+0x328/0x630 [ 29.286824] ret_from_fork+0x10/0x20 [ 29.286915] [ 29.286936] The buggy address belongs to the object at fff00000c636a600 [ 29.286936] which belongs to the cache kmalloc-128 of size 128 [ 29.286996] The buggy address is located 5 bytes to the right of [ 29.286996] allocated 115-byte region [fff00000c636a600, fff00000c636a673) [ 29.287067] [ 29.287086] The buggy address belongs to the physical page: [ 29.287218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.287273] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.287321] page_type: f5(slab) [ 29.287357] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.287477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.287517] page dumped because: kasan: bad access detected [ 29.287546] [ 29.287563] Memory state around the buggy address: [ 29.287592] fff00000c636a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.287633] fff00000c636a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.287673] >fff00000c636a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.287719] ^ [ 29.287757] fff00000c636a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.287796] fff00000c636a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.287831] ================================================================== [ 29.271563] ================================================================== [ 29.271883] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 29.272849] Write of size 1 at addr fff00000c636a673 by task kunit_try_catch/167 [ 29.273176] [ 29.274038] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.274199] Tainted: [N]=TEST [ 29.274231] Hardware name: linux,dummy-virt (DT) [ 29.274454] Call trace: [ 29.275005] show_stack+0x20/0x38 (C) [ 29.275342] dump_stack_lvl+0x8c/0xd0 [ 29.275398] print_report+0x118/0x5d0 [ 29.275441] kasan_report+0xdc/0x128 [ 29.275482] __asan_report_store1_noabort+0x20/0x30 [ 29.275529] kmalloc_oob_right+0x5a4/0x660 [ 29.275574] kunit_try_run_case+0x170/0x3f0 [ 29.275625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.275673] kthread+0x328/0x630 [ 29.275715] ret_from_fork+0x10/0x20 [ 29.276151] [ 29.276201] Allocated by task 167: [ 29.276320] kasan_save_stack+0x3c/0x68 [ 29.276386] kasan_save_track+0x20/0x40 [ 29.276423] kasan_save_alloc_info+0x40/0x58 [ 29.276458] __kasan_kmalloc+0xd4/0xd8 [ 29.276494] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.276533] kmalloc_oob_right+0xb0/0x660 [ 29.276568] kunit_try_run_case+0x170/0x3f0 [ 29.276606] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.276713] kthread+0x328/0x630 [ 29.276783] ret_from_fork+0x10/0x20 [ 29.276840] [ 29.277146] The buggy address belongs to the object at fff00000c636a600 [ 29.277146] which belongs to the cache kmalloc-128 of size 128 [ 29.277413] The buggy address is located 0 bytes to the right of [ 29.277413] allocated 115-byte region [fff00000c636a600, fff00000c636a673) [ 29.277563] [ 29.277902] The buggy address belongs to the physical page: [ 29.278591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.280235] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.281322] page_type: f5(slab) [ 29.282044] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.282219] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.282496] page dumped because: kasan: bad access detected [ 29.282541] [ 29.282567] Memory state around the buggy address: [ 29.282868] fff00000c636a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.282980] fff00000c636a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.283034] >fff00000c636a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.283227] ^ [ 29.283559] fff00000c636a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.283633] fff00000c636a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.283727] ================================================================== [ 29.287960] ================================================================== [ 29.287996] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 29.288037] Read of size 1 at addr fff00000c636a680 by task kunit_try_catch/167 [ 29.288452] [ 29.288514] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.288686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.288723] Hardware name: linux,dummy-virt (DT) [ 29.288752] Call trace: [ 29.288774] show_stack+0x20/0x38 (C) [ 29.288821] dump_stack_lvl+0x8c/0xd0 [ 29.288865] print_report+0x118/0x5d0 [ 29.288943] kasan_report+0xdc/0x128 [ 29.288986] __asan_report_load1_noabort+0x20/0x30 [ 29.289032] kmalloc_oob_right+0x5d0/0x660 [ 29.289088] kunit_try_run_case+0x170/0x3f0 [ 29.289134] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.289181] kthread+0x328/0x630 [ 29.289223] ret_from_fork+0x10/0x20 [ 29.289268] [ 29.289285] Allocated by task 167: [ 29.289311] kasan_save_stack+0x3c/0x68 [ 29.289392] kasan_save_track+0x20/0x40 [ 29.289491] kasan_save_alloc_info+0x40/0x58 [ 29.289618] __kasan_kmalloc+0xd4/0xd8 [ 29.289756] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.289986] kmalloc_oob_right+0xb0/0x660 [ 29.290026] kunit_try_run_case+0x170/0x3f0 [ 29.290073] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.290112] kthread+0x328/0x630 [ 29.290143] ret_from_fork+0x10/0x20 [ 29.290176] [ 29.290291] The buggy address belongs to the object at fff00000c636a600 [ 29.290291] which belongs to the cache kmalloc-128 of size 128 [ 29.290472] The buggy address is located 13 bytes to the right of [ 29.290472] allocated 115-byte region [fff00000c636a600, fff00000c636a673) [ 29.290638] [ 29.290720] The buggy address belongs to the physical page: [ 29.290748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.290888] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.290936] page_type: f5(slab) [ 29.290971] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.291018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.291238] page dumped because: kasan: bad access detected [ 29.291358] [ 29.291462] Memory state around the buggy address: [ 29.291619] fff00000c636a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291673] fff00000c636a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.291713] >fff00000c636a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291748] ^ [ 29.291827] fff00000c636a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291960] fff00000c636a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.292074] ==================================================================
[ 23.446858] ================================================================== [ 23.447921] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 23.449105] Write of size 1 at addr ffff888105865c73 by task kunit_try_catch/185 [ 23.449952] [ 23.450908] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.451290] Tainted: [N]=TEST [ 23.451323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.451538] Call Trace: [ 23.451605] <TASK> [ 23.451769] dump_stack_lvl+0x73/0xb0 [ 23.451868] print_report+0xd1/0x610 [ 23.451900] ? __virt_addr_valid+0x1db/0x2d0 [ 23.451927] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.451964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.451989] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.452010] kasan_report+0x141/0x180 [ 23.452032] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.452058] __asan_report_store1_noabort+0x1b/0x30 [ 23.452082] kmalloc_oob_right+0x6f0/0x7f0 [ 23.452104] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.452125] ? __schedule+0x10cc/0x2b60 [ 23.452150] ? __pfx_read_tsc+0x10/0x10 [ 23.452173] ? ktime_get_ts64+0x86/0x230 [ 23.452199] kunit_try_run_case+0x1a5/0x480 [ 23.452224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.452244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.452267] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.452290] ? __kthread_parkme+0x82/0x180 [ 23.452311] ? preempt_count_sub+0x50/0x80 [ 23.452335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.452356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.452380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.452404] kthread+0x337/0x6f0 [ 23.452425] ? trace_preempt_on+0x20/0xc0 [ 23.452449] ? __pfx_kthread+0x10/0x10 [ 23.452469] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.452491] ? calculate_sigpending+0x7b/0xa0 [ 23.452514] ? __pfx_kthread+0x10/0x10 [ 23.452535] ret_from_fork+0x116/0x1d0 [ 23.452553] ? __pfx_kthread+0x10/0x10 [ 23.452573] ret_from_fork_asm+0x1a/0x30 [ 23.452629] </TASK> [ 23.452707] [ 23.467328] Allocated by task 185: [ 23.468181] kasan_save_stack+0x45/0x70 [ 23.469037] kasan_save_track+0x18/0x40 [ 23.469770] kasan_save_alloc_info+0x3b/0x50 [ 23.470189] __kasan_kmalloc+0xb7/0xc0 [ 23.470381] __kmalloc_cache_noprof+0x189/0x420 [ 23.470578] kmalloc_oob_right+0xa9/0x7f0 [ 23.471251] kunit_try_run_case+0x1a5/0x480 [ 23.471447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.471622] kthread+0x337/0x6f0 [ 23.471803] ret_from_fork+0x116/0x1d0 [ 23.472114] ret_from_fork_asm+0x1a/0x30 [ 23.473070] [ 23.473348] The buggy address belongs to the object at ffff888105865c00 [ 23.473348] which belongs to the cache kmalloc-128 of size 128 [ 23.474185] The buggy address is located 0 bytes to the right of [ 23.474185] allocated 115-byte region [ffff888105865c00, ffff888105865c73) [ 23.475513] [ 23.475853] The buggy address belongs to the physical page: [ 23.476699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.477367] flags: 0x200000000000000(node=0|zone=2) [ 23.478040] page_type: f5(slab) [ 23.478590] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.479039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.479391] page dumped because: kasan: bad access detected [ 23.479629] [ 23.479728] Memory state around the buggy address: [ 23.480238] ffff888105865b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.480602] ffff888105865b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.481082] >ffff888105865c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.481348] ^ [ 23.481653] ffff888105865c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.482134] ffff888105865d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.482387] ================================================================== [ 23.483867] ================================================================== [ 23.484380] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 23.484716] Write of size 1 at addr ffff888105865c78 by task kunit_try_catch/185 [ 23.485123] [ 23.485257] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.485309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.485321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.485345] Call Trace: [ 23.485366] <TASK> [ 23.485387] dump_stack_lvl+0x73/0xb0 [ 23.485419] print_report+0xd1/0x610 [ 23.485441] ? __virt_addr_valid+0x1db/0x2d0 [ 23.485464] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.485484] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.485508] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.485529] kasan_report+0x141/0x180 [ 23.485549] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.485574] __asan_report_store1_noabort+0x1b/0x30 [ 23.485598] kmalloc_oob_right+0x6bd/0x7f0 [ 23.485618] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.485639] ? __schedule+0x10cc/0x2b60 [ 23.485675] ? __pfx_read_tsc+0x10/0x10 [ 23.485695] ? ktime_get_ts64+0x86/0x230 [ 23.485720] kunit_try_run_case+0x1a5/0x480 [ 23.485742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.485820] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.485843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.485866] ? __kthread_parkme+0x82/0x180 [ 23.485887] ? preempt_count_sub+0x50/0x80 [ 23.485910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.485930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.485955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.485979] kthread+0x337/0x6f0 [ 23.485999] ? trace_preempt_on+0x20/0xc0 [ 23.486070] ? __pfx_kthread+0x10/0x10 [ 23.486092] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.486113] ? calculate_sigpending+0x7b/0xa0 [ 23.486137] ? __pfx_kthread+0x10/0x10 [ 23.486157] ret_from_fork+0x116/0x1d0 [ 23.486176] ? __pfx_kthread+0x10/0x10 [ 23.486196] ret_from_fork_asm+0x1a/0x30 [ 23.486226] </TASK> [ 23.486237] [ 23.495741] Allocated by task 185: [ 23.496043] kasan_save_stack+0x45/0x70 [ 23.496290] kasan_save_track+0x18/0x40 [ 23.496496] kasan_save_alloc_info+0x3b/0x50 [ 23.496722] __kasan_kmalloc+0xb7/0xc0 [ 23.497057] __kmalloc_cache_noprof+0x189/0x420 [ 23.497291] kmalloc_oob_right+0xa9/0x7f0 [ 23.497424] kunit_try_run_case+0x1a5/0x480 [ 23.497561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.497774] kthread+0x337/0x6f0 [ 23.497937] ret_from_fork+0x116/0x1d0 [ 23.498205] ret_from_fork_asm+0x1a/0x30 [ 23.498403] [ 23.498494] The buggy address belongs to the object at ffff888105865c00 [ 23.498494] which belongs to the cache kmalloc-128 of size 128 [ 23.499215] The buggy address is located 5 bytes to the right of [ 23.499215] allocated 115-byte region [ffff888105865c00, ffff888105865c73) [ 23.499587] [ 23.500033] The buggy address belongs to the physical page: [ 23.500338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.500707] flags: 0x200000000000000(node=0|zone=2) [ 23.500987] page_type: f5(slab) [ 23.501164] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.501448] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.501729] page dumped because: kasan: bad access detected [ 23.502313] [ 23.502422] Memory state around the buggy address: [ 23.502634] ffff888105865b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.503284] ffff888105865b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.503652] >ffff888105865c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.504100] ^ [ 23.504457] ffff888105865c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.504785] ffff888105865d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.505364] ================================================================== [ 23.506261] ================================================================== [ 23.506587] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 23.507286] Read of size 1 at addr ffff888105865c80 by task kunit_try_catch/185 [ 23.507677] [ 23.507921] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.508173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.508187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.508210] Call Trace: [ 23.508230] <TASK> [ 23.508251] dump_stack_lvl+0x73/0xb0 [ 23.508284] print_report+0xd1/0x610 [ 23.508307] ? __virt_addr_valid+0x1db/0x2d0 [ 23.508331] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.508351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.508375] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.508396] kasan_report+0x141/0x180 [ 23.508417] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.508441] __asan_report_load1_noabort+0x18/0x20 [ 23.508463] kmalloc_oob_right+0x68a/0x7f0 [ 23.508484] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.508505] ? __schedule+0x10cc/0x2b60 [ 23.508527] ? __pfx_read_tsc+0x10/0x10 [ 23.508548] ? ktime_get_ts64+0x86/0x230 [ 23.508572] kunit_try_run_case+0x1a5/0x480 [ 23.508594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.508613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.508635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.508667] ? __kthread_parkme+0x82/0x180 [ 23.508688] ? preempt_count_sub+0x50/0x80 [ 23.508711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.508731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.508769] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.508793] kthread+0x337/0x6f0 [ 23.508813] ? trace_preempt_on+0x20/0xc0 [ 23.508836] ? __pfx_kthread+0x10/0x10 [ 23.508857] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.508877] ? calculate_sigpending+0x7b/0xa0 [ 23.508901] ? __pfx_kthread+0x10/0x10 [ 23.508921] ret_from_fork+0x116/0x1d0 [ 23.508939] ? __pfx_kthread+0x10/0x10 [ 23.508965] ret_from_fork_asm+0x1a/0x30 [ 23.508997] </TASK> [ 23.509007] [ 23.517289] Allocated by task 185: [ 23.517509] kasan_save_stack+0x45/0x70 [ 23.517742] kasan_save_track+0x18/0x40 [ 23.517869] kasan_save_alloc_info+0x3b/0x50 [ 23.518005] __kasan_kmalloc+0xb7/0xc0 [ 23.518150] __kmalloc_cache_noprof+0x189/0x420 [ 23.518390] kmalloc_oob_right+0xa9/0x7f0 [ 23.518576] kunit_try_run_case+0x1a5/0x480 [ 23.518817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.519083] kthread+0x337/0x6f0 [ 23.519196] ret_from_fork+0x116/0x1d0 [ 23.519317] ret_from_fork_asm+0x1a/0x30 [ 23.519445] [ 23.519508] The buggy address belongs to the object at ffff888105865c00 [ 23.519508] which belongs to the cache kmalloc-128 of size 128 [ 23.520605] The buggy address is located 13 bytes to the right of [ 23.520605] allocated 115-byte region [ffff888105865c00, ffff888105865c73) [ 23.521135] [ 23.521201] The buggy address belongs to the physical page: [ 23.521359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.521952] flags: 0x200000000000000(node=0|zone=2) [ 23.522302] page_type: f5(slab) [ 23.522425] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.522639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.523193] page dumped because: kasan: bad access detected [ 23.523553] [ 23.523613] Memory state around the buggy address: [ 23.523825] ffff888105865b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.524337] ffff888105865c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.524598] >ffff888105865c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.524804] ^ [ 23.524929] ffff888105865d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.525232] ffff888105865d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.525527] ==================================================================