Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 47.046004] ================================================================== [ 47.053110] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 47.060488] Read of size 1 at addr ffff0008019add7f by task kunit_try_catch/278 [ 47.067779] [ 47.069260] CPU: 3 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 47.069314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.069331] Hardware name: WinLink E850-96 board (DT) [ 47.069349] Call trace: [ 47.069362] show_stack+0x20/0x38 (C) [ 47.069397] dump_stack_lvl+0x8c/0xd0 [ 47.069431] print_report+0x118/0x5d0 [ 47.069459] kasan_report+0xdc/0x128 [ 47.069485] __asan_report_load1_noabort+0x20/0x30 [ 47.069519] ksize_unpoisons_memory+0x690/0x740 [ 47.069554] kunit_try_run_case+0x170/0x3f0 [ 47.069587] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.069619] kthread+0x328/0x630 [ 47.069645] ret_from_fork+0x10/0x20 [ 47.069677] [ 47.133661] Allocated by task 278: [ 47.137048] kasan_save_stack+0x3c/0x68 [ 47.140866] kasan_save_track+0x20/0x40 [ 47.144685] kasan_save_alloc_info+0x40/0x58 [ 47.148939] __kasan_kmalloc+0xd4/0xd8 [ 47.152671] __kmalloc_cache_noprof+0x16c/0x3c0 [ 47.157185] ksize_unpoisons_memory+0xc0/0x740 [ 47.161611] kunit_try_run_case+0x170/0x3f0 [ 47.165779] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.171247] kthread+0x328/0x630 [ 47.174459] ret_from_fork+0x10/0x20 [ 47.178018] [ 47.179495] The buggy address belongs to the object at ffff0008019add00 [ 47.179495] which belongs to the cache kmalloc-128 of size 128 [ 47.191996] The buggy address is located 12 bytes to the right of [ 47.191996] allocated 115-byte region [ffff0008019add00, ffff0008019add73) [ 47.205014] [ 47.206492] The buggy address belongs to the physical page: [ 47.212051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8819ac [ 47.220032] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.227673] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 47.234615] page_type: f5(slab) [ 47.237751] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 47.245472] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 47.253198] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 47.261009] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 47.268822] head: 0bfffe0000000001 fffffdffe0066b01 00000000ffffffff 00000000ffffffff [ 47.276634] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 47.284440] page dumped because: kasan: bad access detected [ 47.289995] [ 47.291471] Memory state around the buggy address: [ 47.296252] ffff0008019adc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.303454] ffff0008019adc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.310659] >ffff0008019add00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 47.317860] ^ [ 47.324981] ffff0008019add80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.332187] ffff0008019ade00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.339389] ================================================================== [ 46.745408] ================================================================== [ 46.752508] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 46.759882] Read of size 1 at addr ffff0008019add78 by task kunit_try_catch/278 [ 46.767174] [ 46.768660] CPU: 3 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 46.768714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.768731] Hardware name: WinLink E850-96 board (DT) [ 46.768751] Call trace: [ 46.768764] show_stack+0x20/0x38 (C) [ 46.768796] dump_stack_lvl+0x8c/0xd0 [ 46.768827] print_report+0x118/0x5d0 [ 46.768855] kasan_report+0xdc/0x128 [ 46.768882] __asan_report_load1_noabort+0x20/0x30 [ 46.768913] ksize_unpoisons_memory+0x618/0x740 [ 46.768947] kunit_try_run_case+0x170/0x3f0 [ 46.768983] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.769014] kthread+0x328/0x630 [ 46.769042] ret_from_fork+0x10/0x20 [ 46.769077] [ 46.833058] Allocated by task 278: [ 46.836443] kasan_save_stack+0x3c/0x68 [ 46.840263] kasan_save_track+0x20/0x40 [ 46.844082] kasan_save_alloc_info+0x40/0x58 [ 46.848335] __kasan_kmalloc+0xd4/0xd8 [ 46.852068] __kmalloc_cache_noprof+0x16c/0x3c0 [ 46.856582] ksize_unpoisons_memory+0xc0/0x740 [ 46.861009] kunit_try_run_case+0x170/0x3f0 [ 46.865175] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.870644] kthread+0x328/0x630 [ 46.873856] ret_from_fork+0x10/0x20 [ 46.877415] [ 46.878890] The buggy address belongs to the object at ffff0008019add00 [ 46.878890] which belongs to the cache kmalloc-128 of size 128 [ 46.891393] The buggy address is located 5 bytes to the right of [ 46.891393] allocated 115-byte region [ffff0008019add00, ffff0008019add73) [ 46.904324] [ 46.905802] The buggy address belongs to the physical page: [ 46.911358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8819ac [ 46.919342] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 46.926983] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 46.933926] page_type: f5(slab) [ 46.937059] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 46.944782] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 46.952508] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 46.960319] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 46.968132] head: 0bfffe0000000001 fffffdffe0066b01 00000000ffffffff 00000000ffffffff [ 46.975944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 46.983750] page dumped because: kasan: bad access detected [ 46.989305] [ 46.990781] Memory state around the buggy address: [ 46.995562] ffff0008019adc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.002764] ffff0008019adc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.009969] >ffff0008019add00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 47.017169] ^ [ 47.024291] ffff0008019add80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.031497] ffff0008019ade00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.038697] ================================================================== [ 46.442373] ================================================================== [ 46.452166] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 46.459540] Read of size 1 at addr ffff0008019add73 by task kunit_try_catch/278 [ 46.466832] [ 46.468316] CPU: 3 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 46.468371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.468388] Hardware name: WinLink E850-96 board (DT) [ 46.468408] Call trace: [ 46.468420] show_stack+0x20/0x38 (C) [ 46.468455] dump_stack_lvl+0x8c/0xd0 [ 46.468488] print_report+0x118/0x5d0 [ 46.468517] kasan_report+0xdc/0x128 [ 46.468545] __asan_report_load1_noabort+0x20/0x30 [ 46.468580] ksize_unpoisons_memory+0x628/0x740 [ 46.468612] kunit_try_run_case+0x170/0x3f0 [ 46.468648] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.468681] kthread+0x328/0x630 [ 46.468712] ret_from_fork+0x10/0x20 [ 46.468746] [ 46.532715] Allocated by task 278: [ 46.536104] kasan_save_stack+0x3c/0x68 [ 46.539920] kasan_save_track+0x20/0x40 [ 46.543739] kasan_save_alloc_info+0x40/0x58 [ 46.547993] __kasan_kmalloc+0xd4/0xd8 [ 46.551727] __kmalloc_cache_noprof+0x16c/0x3c0 [ 46.556239] ksize_unpoisons_memory+0xc0/0x740 [ 46.560667] kunit_try_run_case+0x170/0x3f0 [ 46.564833] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.570301] kthread+0x328/0x630 [ 46.573513] ret_from_fork+0x10/0x20 [ 46.577075] [ 46.578551] The buggy address belongs to the object at ffff0008019add00 [ 46.578551] which belongs to the cache kmalloc-128 of size 128 [ 46.591051] The buggy address is located 0 bytes to the right of [ 46.591051] allocated 115-byte region [ffff0008019add00, ffff0008019add73) [ 46.603981] [ 46.605459] The buggy address belongs to the physical page: [ 46.611018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8819ac [ 46.619001] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 46.626641] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 46.633584] page_type: f5(slab) [ 46.636720] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 46.644439] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 46.652165] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 46.659977] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 46.667790] head: 0bfffe0000000001 fffffdffe0066b01 00000000ffffffff 00000000ffffffff [ 46.675602] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 46.683410] page dumped because: kasan: bad access detected [ 46.688963] [ 46.690438] Memory state around the buggy address: [ 46.695220] ffff0008019adc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.702421] ffff0008019adc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.709625] >ffff0008019add00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 46.716827] ^ [ 46.723688] ffff0008019add80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.730894] ffff0008019ade00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.738095] ==================================================================
[ 29.830432] ================================================================== [ 29.830480] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 29.830526] Read of size 1 at addr fff00000c636ae7f by task kunit_try_catch/225 [ 29.830588] [ 29.830619] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.831311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.831367] Hardware name: linux,dummy-virt (DT) [ 29.831399] Call trace: [ 29.831421] show_stack+0x20/0x38 (C) [ 29.831472] dump_stack_lvl+0x8c/0xd0 [ 29.831523] print_report+0x118/0x5d0 [ 29.831724] kasan_report+0xdc/0x128 [ 29.831850] __asan_report_load1_noabort+0x20/0x30 [ 29.832019] ksize_unpoisons_memory+0x690/0x740 [ 29.832561] kunit_try_run_case+0x170/0x3f0 [ 29.832938] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.833354] kthread+0x328/0x630 [ 29.833498] ret_from_fork+0x10/0x20 [ 29.833625] [ 29.833644] Allocated by task 225: [ 29.834078] kasan_save_stack+0x3c/0x68 [ 29.834181] kasan_save_track+0x20/0x40 [ 29.834284] kasan_save_alloc_info+0x40/0x58 [ 29.834320] __kasan_kmalloc+0xd4/0xd8 [ 29.834358] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.834412] ksize_unpoisons_memory+0xc0/0x740 [ 29.834452] kunit_try_run_case+0x170/0x3f0 [ 29.834490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.834531] kthread+0x328/0x630 [ 29.834564] ret_from_fork+0x10/0x20 [ 29.834599] [ 29.834620] The buggy address belongs to the object at fff00000c636ae00 [ 29.834620] which belongs to the cache kmalloc-128 of size 128 [ 29.834677] The buggy address is located 12 bytes to the right of [ 29.834677] allocated 115-byte region [fff00000c636ae00, fff00000c636ae73) [ 29.834741] [ 29.834761] The buggy address belongs to the physical page: [ 29.834791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.834857] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.834907] page_type: f5(slab) [ 29.835083] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.835139] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.835180] page dumped because: kasan: bad access detected [ 29.835693] [ 29.836030] Memory state around the buggy address: [ 29.836081] fff00000c636ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.836132] fff00000c636ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.836557] >fff00000c636ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.836639] ^ [ 29.836686] fff00000c636ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.837022] fff00000c636af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.837128] ================================================================== [ 29.825153] ================================================================== [ 29.825208] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 29.825261] Read of size 1 at addr fff00000c636ae78 by task kunit_try_catch/225 [ 29.825311] [ 29.825344] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.825429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.825455] Hardware name: linux,dummy-virt (DT) [ 29.825488] Call trace: [ 29.825510] show_stack+0x20/0x38 (C) [ 29.825558] dump_stack_lvl+0x8c/0xd0 [ 29.825777] print_report+0x118/0x5d0 [ 29.826100] kasan_report+0xdc/0x128 [ 29.826155] __asan_report_load1_noabort+0x20/0x30 [ 29.826442] ksize_unpoisons_memory+0x618/0x740 [ 29.826712] kunit_try_run_case+0x170/0x3f0 [ 29.826789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.826969] kthread+0x328/0x630 [ 29.827013] ret_from_fork+0x10/0x20 [ 29.827074] [ 29.827093] Allocated by task 225: [ 29.827344] kasan_save_stack+0x3c/0x68 [ 29.827416] kasan_save_track+0x20/0x40 [ 29.827588] kasan_save_alloc_info+0x40/0x58 [ 29.827663] __kasan_kmalloc+0xd4/0xd8 [ 29.827719] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.827835] ksize_unpoisons_memory+0xc0/0x740 [ 29.827877] kunit_try_run_case+0x170/0x3f0 [ 29.827923] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.828125] kthread+0x328/0x630 [ 29.828158] ret_from_fork+0x10/0x20 [ 29.828263] [ 29.828282] The buggy address belongs to the object at fff00000c636ae00 [ 29.828282] which belongs to the cache kmalloc-128 of size 128 [ 29.828550] The buggy address is located 5 bytes to the right of [ 29.828550] allocated 115-byte region [fff00000c636ae00, fff00000c636ae73) [ 29.828653] [ 29.828718] The buggy address belongs to the physical page: [ 29.828751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.829023] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.829133] page_type: f5(slab) [ 29.829174] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.829292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.829335] page dumped because: kasan: bad access detected [ 29.829366] [ 29.829385] Memory state around the buggy address: [ 29.829418] fff00000c636ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.829468] fff00000c636ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.829554] >fff00000c636ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.829615] ^ [ 29.829659] fff00000c636ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.829702] fff00000c636af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.829741] ================================================================== [ 29.818663] ================================================================== [ 29.819132] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 29.819343] Read of size 1 at addr fff00000c636ae73 by task kunit_try_catch/225 [ 29.819396] [ 29.819436] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.819524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.819563] Hardware name: linux,dummy-virt (DT) [ 29.819596] Call trace: [ 29.819620] show_stack+0x20/0x38 (C) [ 29.819941] dump_stack_lvl+0x8c/0xd0 [ 29.820290] print_report+0x118/0x5d0 [ 29.820348] kasan_report+0xdc/0x128 [ 29.820417] __asan_report_load1_noabort+0x20/0x30 [ 29.820555] ksize_unpoisons_memory+0x628/0x740 [ 29.820760] kunit_try_run_case+0x170/0x3f0 [ 29.820810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.820867] kthread+0x328/0x630 [ 29.821073] ret_from_fork+0x10/0x20 [ 29.821170] [ 29.821227] Allocated by task 225: [ 29.821270] kasan_save_stack+0x3c/0x68 [ 29.821388] kasan_save_track+0x20/0x40 [ 29.821512] kasan_save_alloc_info+0x40/0x58 [ 29.821608] __kasan_kmalloc+0xd4/0xd8 [ 29.821663] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.821710] ksize_unpoisons_memory+0xc0/0x740 [ 29.821749] kunit_try_run_case+0x170/0x3f0 [ 29.821892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.821933] kthread+0x328/0x630 [ 29.821965] ret_from_fork+0x10/0x20 [ 29.822046] [ 29.822074] The buggy address belongs to the object at fff00000c636ae00 [ 29.822074] which belongs to the cache kmalloc-128 of size 128 [ 29.822131] The buggy address is located 0 bytes to the right of [ 29.822131] allocated 115-byte region [fff00000c636ae00, fff00000c636ae73) [ 29.822194] [ 29.822215] The buggy address belongs to the physical page: [ 29.822245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.822634] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.822688] page_type: f5(slab) [ 29.823109] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.823200] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.823344] page dumped because: kasan: bad access detected [ 29.823376] [ 29.823394] Memory state around the buggy address: [ 29.823429] fff00000c636ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.823683] fff00000c636ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.823735] >fff00000c636ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.823776] ^ [ 29.824062] fff00000c636ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.824121] fff00000c636af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.824161] ==================================================================
[ 24.678175] ================================================================== [ 24.679314] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 24.679578] Read of size 1 at addr ffff888105919273 by task kunit_try_catch/243 [ 24.680588] [ 24.680923] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.681007] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.681023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.681053] Call Trace: [ 24.681070] <TASK> [ 24.681089] dump_stack_lvl+0x73/0xb0 [ 24.681126] print_report+0xd1/0x610 [ 24.681150] ? __virt_addr_valid+0x1db/0x2d0 [ 24.681174] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.681220] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681243] kasan_report+0x141/0x180 [ 24.681263] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681289] __asan_report_load1_noabort+0x18/0x20 [ 24.681312] ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681334] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.681356] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.681385] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.681411] kunit_try_run_case+0x1a5/0x480 [ 24.681433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.681453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.681476] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.681498] ? __kthread_parkme+0x82/0x180 [ 24.681519] ? preempt_count_sub+0x50/0x80 [ 24.681541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.681562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.681587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.681611] kthread+0x337/0x6f0 [ 24.681630] ? trace_preempt_on+0x20/0xc0 [ 24.681653] ? __pfx_kthread+0x10/0x10 [ 24.681683] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.681704] ? calculate_sigpending+0x7b/0xa0 [ 24.681844] ? __pfx_kthread+0x10/0x10 [ 24.681876] ret_from_fork+0x116/0x1d0 [ 24.681897] ? __pfx_kthread+0x10/0x10 [ 24.681918] ret_from_fork_asm+0x1a/0x30 [ 24.681973] </TASK> [ 24.681984] [ 24.695151] Allocated by task 243: [ 24.695366] kasan_save_stack+0x45/0x70 [ 24.695572] kasan_save_track+0x18/0x40 [ 24.695791] kasan_save_alloc_info+0x3b/0x50 [ 24.696394] __kasan_kmalloc+0xb7/0xc0 [ 24.696647] __kmalloc_cache_noprof+0x189/0x420 [ 24.697047] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.697407] kunit_try_run_case+0x1a5/0x480 [ 24.697711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.698180] kthread+0x337/0x6f0 [ 24.698354] ret_from_fork+0x116/0x1d0 [ 24.698533] ret_from_fork_asm+0x1a/0x30 [ 24.698941] [ 24.699212] The buggy address belongs to the object at ffff888105919200 [ 24.699212] which belongs to the cache kmalloc-128 of size 128 [ 24.700319] The buggy address is located 0 bytes to the right of [ 24.700319] allocated 115-byte region [ffff888105919200, ffff888105919273) [ 24.701143] [ 24.701423] The buggy address belongs to the physical page: [ 24.701796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.702415] flags: 0x200000000000000(node=0|zone=2) [ 24.702792] page_type: f5(slab) [ 24.703049] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.703476] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.703966] page dumped because: kasan: bad access detected [ 24.704385] [ 24.704459] Memory state around the buggy address: [ 24.704851] ffff888105919100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.705380] ffff888105919180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.705881] >ffff888105919200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.706301] ^ [ 24.706508] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.706927] ffff888105919300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.707261] ================================================================== [ 24.729203] ================================================================== [ 24.729496] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.729935] Read of size 1 at addr ffff88810591927f by task kunit_try_catch/243 [ 24.730274] [ 24.730501] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.730558] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.730573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.730597] Call Trace: [ 24.730616] <TASK> [ 24.730636] dump_stack_lvl+0x73/0xb0 [ 24.730681] print_report+0xd1/0x610 [ 24.730703] ? __virt_addr_valid+0x1db/0x2d0 [ 24.730727] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.730761] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.730788] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.730810] kasan_report+0x141/0x180 [ 24.730831] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.730898] __asan_report_load1_noabort+0x18/0x20 [ 24.730991] ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.731017] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.731039] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.731069] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.731095] kunit_try_run_case+0x1a5/0x480 [ 24.731118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.731138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.731160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.731183] ? __kthread_parkme+0x82/0x180 [ 24.731204] ? preempt_count_sub+0x50/0x80 [ 24.731227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.731285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.731334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.731358] kthread+0x337/0x6f0 [ 24.731378] ? trace_preempt_on+0x20/0xc0 [ 24.731402] ? __pfx_kthread+0x10/0x10 [ 24.731422] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.731444] ? calculate_sigpending+0x7b/0xa0 [ 24.731467] ? __pfx_kthread+0x10/0x10 [ 24.731488] ret_from_fork+0x116/0x1d0 [ 24.731507] ? __pfx_kthread+0x10/0x10 [ 24.731527] ret_from_fork_asm+0x1a/0x30 [ 24.731587] </TASK> [ 24.731599] [ 24.740301] Allocated by task 243: [ 24.740455] kasan_save_stack+0x45/0x70 [ 24.740602] kasan_save_track+0x18/0x40 [ 24.741039] kasan_save_alloc_info+0x3b/0x50 [ 24.741204] __kasan_kmalloc+0xb7/0xc0 [ 24.741327] __kmalloc_cache_noprof+0x189/0x420 [ 24.741516] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.741809] kunit_try_run_case+0x1a5/0x480 [ 24.742213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.742400] kthread+0x337/0x6f0 [ 24.742592] ret_from_fork+0x116/0x1d0 [ 24.742843] ret_from_fork_asm+0x1a/0x30 [ 24.743137] [ 24.743265] The buggy address belongs to the object at ffff888105919200 [ 24.743265] which belongs to the cache kmalloc-128 of size 128 [ 24.743803] The buggy address is located 12 bytes to the right of [ 24.743803] allocated 115-byte region [ffff888105919200, ffff888105919273) [ 24.744448] [ 24.744558] The buggy address belongs to the physical page: [ 24.744844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.745074] flags: 0x200000000000000(node=0|zone=2) [ 24.745435] page_type: f5(slab) [ 24.745941] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.746563] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.746963] page dumped because: kasan: bad access detected [ 24.747291] [ 24.747364] Memory state around the buggy address: [ 24.747511] ffff888105919100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.747723] ffff888105919180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.748254] >ffff888105919200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.748686] ^ [ 24.749089] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.749674] ffff888105919300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.750614] ================================================================== [ 24.708642] ================================================================== [ 24.709360] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.709887] Read of size 1 at addr ffff888105919278 by task kunit_try_catch/243 [ 24.710480] [ 24.710607] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.710775] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.710791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.710815] Call Trace: [ 24.710835] <TASK> [ 24.710855] dump_stack_lvl+0x73/0xb0 [ 24.710888] print_report+0xd1/0x610 [ 24.710910] ? __virt_addr_valid+0x1db/0x2d0 [ 24.710933] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711171] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.711197] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711219] kasan_report+0x141/0x180 [ 24.711241] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711267] __asan_report_load1_noabort+0x18/0x20 [ 24.711290] ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711313] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.711334] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.711364] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.711390] kunit_try_run_case+0x1a5/0x480 [ 24.711413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.711433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.711455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.711478] ? __kthread_parkme+0x82/0x180 [ 24.711499] ? preempt_count_sub+0x50/0x80 [ 24.711522] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.711543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.711567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.711592] kthread+0x337/0x6f0 [ 24.711611] ? trace_preempt_on+0x20/0xc0 [ 24.711634] ? __pfx_kthread+0x10/0x10 [ 24.711667] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.711689] ? calculate_sigpending+0x7b/0xa0 [ 24.711712] ? __pfx_kthread+0x10/0x10 [ 24.711733] ret_from_fork+0x116/0x1d0 [ 24.711767] ? __pfx_kthread+0x10/0x10 [ 24.711787] ret_from_fork_asm+0x1a/0x30 [ 24.711817] </TASK> [ 24.711828] [ 24.719315] Allocated by task 243: [ 24.719513] kasan_save_stack+0x45/0x70 [ 24.719673] kasan_save_track+0x18/0x40 [ 24.719950] kasan_save_alloc_info+0x3b/0x50 [ 24.720274] __kasan_kmalloc+0xb7/0xc0 [ 24.720488] __kmalloc_cache_noprof+0x189/0x420 [ 24.720724] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.720959] kunit_try_run_case+0x1a5/0x480 [ 24.721472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.721778] kthread+0x337/0x6f0 [ 24.722036] ret_from_fork+0x116/0x1d0 [ 24.722254] ret_from_fork_asm+0x1a/0x30 [ 24.722463] [ 24.722555] The buggy address belongs to the object at ffff888105919200 [ 24.722555] which belongs to the cache kmalloc-128 of size 128 [ 24.723099] The buggy address is located 5 bytes to the right of [ 24.723099] allocated 115-byte region [ffff888105919200, ffff888105919273) [ 24.723597] [ 24.723676] The buggy address belongs to the physical page: [ 24.723875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.724211] flags: 0x200000000000000(node=0|zone=2) [ 24.724759] page_type: f5(slab) [ 24.724930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.725191] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.725471] page dumped because: kasan: bad access detected [ 24.725725] [ 24.725866] Memory state around the buggy address: [ 24.726208] ffff888105919100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.726547] ffff888105919180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.726914] >ffff888105919200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.727263] ^ [ 24.727552] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.728242] ffff888105919300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.728564] ==================================================================