Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 35.950369] ================================================================== [ 35.956948] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 35.963887] Write of size 1 at addr ffff000801889d73 by task kunit_try_catch/217 [ 35.971264] [ 35.972750] CPU: 2 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 35.972800] Tainted: [N]=TEST [ 35.972813] Hardware name: WinLink E850-96 board (DT) [ 35.972837] Call trace: [ 35.972851] show_stack+0x20/0x38 (C) [ 35.972886] dump_stack_lvl+0x8c/0xd0 [ 35.972921] print_report+0x118/0x5d0 [ 35.972948] kasan_report+0xdc/0x128 [ 35.972973] __asan_report_store1_noabort+0x20/0x30 [ 35.973006] kmalloc_oob_right+0x5a4/0x660 [ 35.973039] kunit_try_run_case+0x170/0x3f0 [ 35.973070] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 35.973105] kthread+0x328/0x630 [ 35.973133] ret_from_fork+0x10/0x20 [ 35.973168] [ 36.035586] Allocated by task 217: [ 36.038974] kasan_save_stack+0x3c/0x68 [ 36.042789] kasan_save_track+0x20/0x40 [ 36.046609] kasan_save_alloc_info+0x40/0x58 [ 36.050862] __kasan_kmalloc+0xd4/0xd8 [ 36.054595] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.059109] kmalloc_oob_right+0xb0/0x660 [ 36.063102] kunit_try_run_case+0x170/0x3f0 [ 36.067268] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.072737] kthread+0x328/0x630 [ 36.075949] ret_from_fork+0x10/0x20 [ 36.079507] [ 36.080985] The buggy address belongs to the object at ffff000801889d00 [ 36.080985] which belongs to the cache kmalloc-128 of size 128 [ 36.093487] The buggy address is located 0 bytes to the right of [ 36.093487] allocated 115-byte region [ffff000801889d00, ffff000801889d73) [ 36.106417] [ 36.107896] The buggy address belongs to the physical page: [ 36.113454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881888 [ 36.121438] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.129075] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.136019] page_type: f5(slab) [ 36.139155] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.146875] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.154603] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.162412] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.170225] head: 0bfffe0000000001 fffffdffe0062201 00000000ffffffff 00000000ffffffff [ 36.178038] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 36.185844] page dumped because: kasan: bad access detected [ 36.191398] [ 36.192874] Memory state around the buggy address: [ 36.197654] ffff000801889c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.204858] ffff000801889c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.212062] >ffff000801889d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.219263] ^ [ 36.226124] ffff000801889d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.233330] ffff000801889e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.240531] ================================================================== [ 36.253106] ================================================================== [ 36.260241] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 36.267179] Write of size 1 at addr ffff000801889d78 by task kunit_try_catch/217 [ 36.274557] [ 36.276043] CPU: 2 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 36.276099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.276117] Hardware name: WinLink E850-96 board (DT) [ 36.276135] Call trace: [ 36.276148] show_stack+0x20/0x38 (C) [ 36.276182] dump_stack_lvl+0x8c/0xd0 [ 36.276216] print_report+0x118/0x5d0 [ 36.276243] kasan_report+0xdc/0x128 [ 36.276268] __asan_report_store1_noabort+0x20/0x30 [ 36.276300] kmalloc_oob_right+0x538/0x660 [ 36.276329] kunit_try_run_case+0x170/0x3f0 [ 36.276358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.276392] kthread+0x328/0x630 [ 36.276420] ret_from_fork+0x10/0x20 [ 36.276453] [ 36.340095] Allocated by task 217: [ 36.343483] kasan_save_stack+0x3c/0x68 [ 36.347299] kasan_save_track+0x20/0x40 [ 36.351118] kasan_save_alloc_info+0x40/0x58 [ 36.355371] __kasan_kmalloc+0xd4/0xd8 [ 36.359104] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.363618] kmalloc_oob_right+0xb0/0x660 [ 36.367611] kunit_try_run_case+0x170/0x3f0 [ 36.371778] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.377246] kthread+0x328/0x630 [ 36.380458] ret_from_fork+0x10/0x20 [ 36.384017] [ 36.385494] The buggy address belongs to the object at ffff000801889d00 [ 36.385494] which belongs to the cache kmalloc-128 of size 128 [ 36.397994] The buggy address is located 5 bytes to the right of [ 36.397994] allocated 115-byte region [ffff000801889d00, ffff000801889d73) [ 36.410926] [ 36.412405] The buggy address belongs to the physical page: [ 36.417962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881888 [ 36.425943] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.433584] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.440528] page_type: f5(slab) [ 36.443662] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.451384] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.459110] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.466922] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.474734] head: 0bfffe0000000001 fffffdffe0062201 00000000ffffffff 00000000ffffffff [ 36.482546] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 36.490352] page dumped because: kasan: bad access detected [ 36.495908] [ 36.497383] Memory state around the buggy address: [ 36.502161] ffff000801889c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.509366] ffff000801889c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.516571] >ffff000801889d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.523772] ^ [ 36.530894] ffff000801889d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.538100] ffff000801889e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.545299] ================================================================== [ 36.552714] ================================================================== [ 36.559712] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 36.566655] Read of size 1 at addr ffff000801889d80 by task kunit_try_catch/217 [ 36.573945] [ 36.575429] CPU: 2 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 36.575486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.575503] Hardware name: WinLink E850-96 board (DT) [ 36.575520] Call trace: [ 36.575534] show_stack+0x20/0x38 (C) [ 36.575565] dump_stack_lvl+0x8c/0xd0 [ 36.575602] print_report+0x118/0x5d0 [ 36.575630] kasan_report+0xdc/0x128 [ 36.575654] __asan_report_load1_noabort+0x20/0x30 [ 36.575684] kmalloc_oob_right+0x5d0/0x660 [ 36.575715] kunit_try_run_case+0x170/0x3f0 [ 36.575746] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.575779] kthread+0x328/0x630 [ 36.575804] ret_from_fork+0x10/0x20 [ 36.575837] [ 36.639397] Allocated by task 217: [ 36.642783] kasan_save_stack+0x3c/0x68 [ 36.646600] kasan_save_track+0x20/0x40 [ 36.650419] kasan_save_alloc_info+0x40/0x58 [ 36.654673] __kasan_kmalloc+0xd4/0xd8 [ 36.658405] __kmalloc_cache_noprof+0x16c/0x3c0 [ 36.662919] kmalloc_oob_right+0xb0/0x660 [ 36.666912] kunit_try_run_case+0x170/0x3f0 [ 36.671079] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.676548] kthread+0x328/0x630 [ 36.679759] ret_from_fork+0x10/0x20 [ 36.683318] [ 36.684795] The buggy address belongs to the object at ffff000801889d00 [ 36.684795] which belongs to the cache kmalloc-128 of size 128 [ 36.697294] The buggy address is located 13 bytes to the right of [ 36.697294] allocated 115-byte region [ffff000801889d00, ffff000801889d73) [ 36.710314] [ 36.711793] The buggy address belongs to the physical page: [ 36.717349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881888 [ 36.725331] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 36.732973] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 36.739916] page_type: f5(slab) [ 36.743050] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.750772] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.758498] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 36.766309] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 36.774123] head: 0bfffe0000000001 fffffdffe0062201 00000000ffffffff 00000000ffffffff [ 36.781934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 36.789740] page dumped because: kasan: bad access detected [ 36.795295] [ 36.796771] Memory state around the buggy address: [ 36.801549] ffff000801889c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.808754] ffff000801889d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 36.815959] >ffff000801889d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.823160] ^ [ 36.826376] ffff000801889e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.833580] ffff000801889e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.840781] ==================================================================
[ 30.252516] ================================================================== [ 30.252844] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 30.253789] Write of size 1 at addr fff00000c64f4473 by task kunit_try_catch/168 [ 30.253899] [ 30.254676] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.254820] Tainted: [N]=TEST [ 30.254852] Hardware name: linux,dummy-virt (DT) [ 30.255079] Call trace: [ 30.255255] show_stack+0x20/0x38 (C) [ 30.255394] dump_stack_lvl+0x8c/0xd0 [ 30.255463] print_report+0x118/0x5d0 [ 30.255507] kasan_report+0xdc/0x128 [ 30.255551] __asan_report_store1_noabort+0x20/0x30 [ 30.255600] kmalloc_oob_right+0x5a4/0x660 [ 30.255646] kunit_try_run_case+0x170/0x3f0 [ 30.255695] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.255747] kthread+0x328/0x630 [ 30.255791] ret_from_fork+0x10/0x20 [ 30.255948] [ 30.255985] Allocated by task 168: [ 30.256097] kasan_save_stack+0x3c/0x68 [ 30.256163] kasan_save_track+0x20/0x40 [ 30.256202] kasan_save_alloc_info+0x40/0x58 [ 30.256240] __kasan_kmalloc+0xd4/0xd8 [ 30.256277] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.256319] kmalloc_oob_right+0xb0/0x660 [ 30.256356] kunit_try_run_case+0x170/0x3f0 [ 30.256391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.256433] kthread+0x328/0x630 [ 30.256475] ret_from_fork+0x10/0x20 [ 30.256529] [ 30.256589] The buggy address belongs to the object at fff00000c64f4400 [ 30.256589] which belongs to the cache kmalloc-128 of size 128 [ 30.256682] The buggy address is located 0 bytes to the right of [ 30.256682] allocated 115-byte region [fff00000c64f4400, fff00000c64f4473) [ 30.256746] [ 30.256827] The buggy address belongs to the physical page: [ 30.257033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.257296] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.257595] page_type: f5(slab) [ 30.257917] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.257978] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.258086] page dumped because: kasan: bad access detected [ 30.258126] [ 30.258152] Memory state around the buggy address: [ 30.258370] fff00000c64f4300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.258433] fff00000c64f4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.258500] >fff00000c64f4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.258556] ^ [ 30.258640] fff00000c64f4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.258681] fff00000c64f4500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.258741] ================================================================== [ 30.263315] ================================================================== [ 30.263359] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 30.263405] Read of size 1 at addr fff00000c64f4480 by task kunit_try_catch/168 [ 30.263485] [ 30.263514] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.263593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.263619] Hardware name: linux,dummy-virt (DT) [ 30.263648] Call trace: [ 30.263668] show_stack+0x20/0x38 (C) [ 30.263975] dump_stack_lvl+0x8c/0xd0 [ 30.264049] print_report+0x118/0x5d0 [ 30.264094] kasan_report+0xdc/0x128 [ 30.264165] __asan_report_load1_noabort+0x20/0x30 [ 30.264232] kmalloc_oob_right+0x5d0/0x660 [ 30.264280] kunit_try_run_case+0x170/0x3f0 [ 30.264325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.264384] kthread+0x328/0x630 [ 30.264461] ret_from_fork+0x10/0x20 [ 30.264527] [ 30.264544] Allocated by task 168: [ 30.264571] kasan_save_stack+0x3c/0x68 [ 30.264611] kasan_save_track+0x20/0x40 [ 30.264653] kasan_save_alloc_info+0x40/0x58 [ 30.264691] __kasan_kmalloc+0xd4/0xd8 [ 30.264730] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.264965] kmalloc_oob_right+0xb0/0x660 [ 30.265020] kunit_try_run_case+0x170/0x3f0 [ 30.265057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.265098] kthread+0x328/0x630 [ 30.265268] ret_from_fork+0x10/0x20 [ 30.265335] [ 30.265374] The buggy address belongs to the object at fff00000c64f4400 [ 30.265374] which belongs to the cache kmalloc-128 of size 128 [ 30.265466] The buggy address is located 13 bytes to the right of [ 30.265466] allocated 115-byte region [fff00000c64f4400, fff00000c64f4473) [ 30.265528] [ 30.265547] The buggy address belongs to the physical page: [ 30.265594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.265726] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.265849] page_type: f5(slab) [ 30.265936] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.266020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.266075] page dumped because: kasan: bad access detected [ 30.266114] [ 30.266131] Memory state around the buggy address: [ 30.266195] fff00000c64f4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.266268] fff00000c64f4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.266370] >fff00000c64f4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.266453] ^ [ 30.266480] fff00000c64f4500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.266519] fff00000c64f4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.266589] ================================================================== [ 30.259537] ================================================================== [ 30.259635] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 30.259702] Write of size 1 at addr fff00000c64f4478 by task kunit_try_catch/168 [ 30.259757] [ 30.259788] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.259925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.259951] Hardware name: linux,dummy-virt (DT) [ 30.260010] Call trace: [ 30.260068] show_stack+0x20/0x38 (C) [ 30.260116] dump_stack_lvl+0x8c/0xd0 [ 30.260502] print_report+0x118/0x5d0 [ 30.260585] kasan_report+0xdc/0x128 [ 30.260670] __asan_report_store1_noabort+0x20/0x30 [ 30.260801] kmalloc_oob_right+0x538/0x660 [ 30.260858] kunit_try_run_case+0x170/0x3f0 [ 30.260932] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.260984] kthread+0x328/0x630 [ 30.261052] ret_from_fork+0x10/0x20 [ 30.261538] [ 30.261593] Allocated by task 168: [ 30.261667] kasan_save_stack+0x3c/0x68 [ 30.261765] kasan_save_track+0x20/0x40 [ 30.261803] kasan_save_alloc_info+0x40/0x58 [ 30.261839] __kasan_kmalloc+0xd4/0xd8 [ 30.261876] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.261916] kmalloc_oob_right+0xb0/0x660 [ 30.261952] kunit_try_run_case+0x170/0x3f0 [ 30.261988] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.262030] kthread+0x328/0x630 [ 30.262061] ret_from_fork+0x10/0x20 [ 30.262096] [ 30.262114] The buggy address belongs to the object at fff00000c64f4400 [ 30.262114] which belongs to the cache kmalloc-128 of size 128 [ 30.262168] The buggy address is located 5 bytes to the right of [ 30.262168] allocated 115-byte region [fff00000c64f4400, fff00000c64f4473) [ 30.262229] [ 30.262247] The buggy address belongs to the physical page: [ 30.262276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.262325] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.262370] page_type: f5(slab) [ 30.262406] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.262467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.262505] page dumped because: kasan: bad access detected [ 30.262534] [ 30.262551] Memory state around the buggy address: [ 30.262580] fff00000c64f4300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.262620] fff00000c64f4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.262661] >fff00000c64f4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.262696] ^ [ 30.262733] fff00000c64f4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.262773] fff00000c64f4500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.262808] ==================================================================
[ 23.419487] ================================================================== [ 23.419824] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 23.420209] Read of size 1 at addr ffff8881041b9680 by task kunit_try_catch/184 [ 23.420462] [ 23.420555] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.420604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.420617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.420638] Call Trace: [ 23.420651] <TASK> [ 23.420666] dump_stack_lvl+0x73/0xb0 [ 23.420697] print_report+0xd1/0x610 [ 23.420725] ? __virt_addr_valid+0x1db/0x2d0 [ 23.420754] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.420780] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.420810] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.420837] kasan_report+0x141/0x180 [ 23.420865] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.420897] __asan_report_load1_noabort+0x18/0x20 [ 23.420926] kmalloc_oob_right+0x68a/0x7f0 [ 23.420954] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.420981] ? __schedule+0x10cc/0x2b60 [ 23.421007] ? __pfx_read_tsc+0x10/0x10 [ 23.421047] ? ktime_get_ts64+0x86/0x230 [ 23.421077] kunit_try_run_case+0x1a5/0x480 [ 23.421105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.421131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.421158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.421185] ? __kthread_parkme+0x82/0x180 [ 23.421210] ? preempt_count_sub+0x50/0x80 [ 23.421239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.421268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.421298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.421331] kthread+0x337/0x6f0 [ 23.421355] ? trace_preempt_on+0x20/0xc0 [ 23.421382] ? __pfx_kthread+0x10/0x10 [ 23.421408] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.421437] ? calculate_sigpending+0x7b/0xa0 [ 23.421466] ? __pfx_kthread+0x10/0x10 [ 23.421493] ret_from_fork+0x116/0x1d0 [ 23.421525] ? __pfx_kthread+0x10/0x10 [ 23.421551] ret_from_fork_asm+0x1a/0x30 [ 23.421591] </TASK> [ 23.421602] [ 23.428905] Allocated by task 184: [ 23.429080] kasan_save_stack+0x45/0x70 [ 23.429433] kasan_save_track+0x18/0x40 [ 23.429611] kasan_save_alloc_info+0x3b/0x50 [ 23.429761] __kasan_kmalloc+0xb7/0xc0 [ 23.429893] __kmalloc_cache_noprof+0x189/0x420 [ 23.430048] kmalloc_oob_right+0xa9/0x7f0 [ 23.430437] kunit_try_run_case+0x1a5/0x480 [ 23.430758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.431019] kthread+0x337/0x6f0 [ 23.431190] ret_from_fork+0x116/0x1d0 [ 23.431377] ret_from_fork_asm+0x1a/0x30 [ 23.431548] [ 23.431617] The buggy address belongs to the object at ffff8881041b9600 [ 23.431617] which belongs to the cache kmalloc-128 of size 128 [ 23.432021] The buggy address is located 13 bytes to the right of [ 23.432021] allocated 115-byte region [ffff8881041b9600, ffff8881041b9673) [ 23.432413] [ 23.432504] The buggy address belongs to the physical page: [ 23.432937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 23.433338] flags: 0x200000000000000(node=0|zone=2) [ 23.433621] page_type: f5(slab) [ 23.433792] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.434112] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.434338] page dumped because: kasan: bad access detected [ 23.434525] [ 23.434617] Memory state around the buggy address: [ 23.434839] ffff8881041b9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.435161] ffff8881041b9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.435539] >ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.435771] ^ [ 23.435884] ffff8881041b9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.436532] ffff8881041b9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.436906] ================================================================== [ 23.375504] ================================================================== [ 23.376792] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 23.377503] Write of size 1 at addr ffff8881041b9673 by task kunit_try_catch/184 [ 23.378003] [ 23.379062] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.379441] Tainted: [N]=TEST [ 23.379476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.379713] Call Trace: [ 23.379785] <TASK> [ 23.379932] dump_stack_lvl+0x73/0xb0 [ 23.380024] print_report+0xd1/0x610 [ 23.380059] ? __virt_addr_valid+0x1db/0x2d0 [ 23.380092] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.380118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.380149] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.380175] kasan_report+0x141/0x180 [ 23.380203] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.380236] __asan_report_store1_noabort+0x1b/0x30 [ 23.380265] kmalloc_oob_right+0x6f0/0x7f0 [ 23.380293] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.380320] ? __schedule+0x10cc/0x2b60 [ 23.380349] ? __pfx_read_tsc+0x10/0x10 [ 23.380376] ? ktime_get_ts64+0x86/0x230 [ 23.380409] kunit_try_run_case+0x1a5/0x480 [ 23.380439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.380465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.380492] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.380532] ? __kthread_parkme+0x82/0x180 [ 23.380559] ? preempt_count_sub+0x50/0x80 [ 23.380603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.380631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.380675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.380707] kthread+0x337/0x6f0 [ 23.380733] ? trace_preempt_on+0x20/0xc0 [ 23.380763] ? __pfx_kthread+0x10/0x10 [ 23.380789] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.380818] ? calculate_sigpending+0x7b/0xa0 [ 23.380848] ? __pfx_kthread+0x10/0x10 [ 23.380876] ret_from_fork+0x116/0x1d0 [ 23.380900] ? __pfx_kthread+0x10/0x10 [ 23.380925] ret_from_fork_asm+0x1a/0x30 [ 23.380992] </TASK> [ 23.381059] [ 23.388804] Allocated by task 184: [ 23.389221] kasan_save_stack+0x45/0x70 [ 23.389450] kasan_save_track+0x18/0x40 [ 23.389726] kasan_save_alloc_info+0x3b/0x50 [ 23.389884] __kasan_kmalloc+0xb7/0xc0 [ 23.390018] __kmalloc_cache_noprof+0x189/0x420 [ 23.390240] kmalloc_oob_right+0xa9/0x7f0 [ 23.390440] kunit_try_run_case+0x1a5/0x480 [ 23.390671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.391065] kthread+0x337/0x6f0 [ 23.391197] ret_from_fork+0x116/0x1d0 [ 23.391332] ret_from_fork_asm+0x1a/0x30 [ 23.391514] [ 23.391657] The buggy address belongs to the object at ffff8881041b9600 [ 23.391657] which belongs to the cache kmalloc-128 of size 128 [ 23.392405] The buggy address is located 0 bytes to the right of [ 23.392405] allocated 115-byte region [ffff8881041b9600, ffff8881041b9673) [ 23.393391] [ 23.393665] The buggy address belongs to the physical page: [ 23.394117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 23.394666] flags: 0x200000000000000(node=0|zone=2) [ 23.395404] page_type: f5(slab) [ 23.396008] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.396336] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.396713] page dumped because: kasan: bad access detected [ 23.396991] [ 23.397093] Memory state around the buggy address: [ 23.397888] ffff8881041b9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.398214] ffff8881041b9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.398566] >ffff8881041b9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.398967] ^ [ 23.399288] ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.399637] ffff8881041b9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.399955] ================================================================== [ 23.401038] ================================================================== [ 23.401331] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 23.401860] Write of size 1 at addr ffff8881041b9678 by task kunit_try_catch/184 [ 23.402121] [ 23.402208] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.402258] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.402273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.402295] Call Trace: [ 23.402313] <TASK> [ 23.402330] dump_stack_lvl+0x73/0xb0 [ 23.402364] print_report+0xd1/0x610 [ 23.402393] ? __virt_addr_valid+0x1db/0x2d0 [ 23.402421] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.402448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.402483] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.402511] kasan_report+0x141/0x180 [ 23.402551] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.402755] __asan_report_store1_noabort+0x1b/0x30 [ 23.402794] kmalloc_oob_right+0x6bd/0x7f0 [ 23.402823] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.402851] ? __schedule+0x10cc/0x2b60 [ 23.402877] ? __pfx_read_tsc+0x10/0x10 [ 23.402904] ? ktime_get_ts64+0x86/0x230 [ 23.402934] kunit_try_run_case+0x1a5/0x480 [ 23.402962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.402988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.403015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.403042] ? __kthread_parkme+0x82/0x180 [ 23.403067] ? preempt_count_sub+0x50/0x80 [ 23.403096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.403124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.403156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.403187] kthread+0x337/0x6f0 [ 23.403211] ? trace_preempt_on+0x20/0xc0 [ 23.403239] ? __pfx_kthread+0x10/0x10 [ 23.403265] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.403294] ? calculate_sigpending+0x7b/0xa0 [ 23.403322] ? __pfx_kthread+0x10/0x10 [ 23.403349] ret_from_fork+0x116/0x1d0 [ 23.403373] ? __pfx_kthread+0x10/0x10 [ 23.403398] ret_from_fork_asm+0x1a/0x30 [ 23.403438] </TASK> [ 23.403450] [ 23.410696] Allocated by task 184: [ 23.410880] kasan_save_stack+0x45/0x70 [ 23.411081] kasan_save_track+0x18/0x40 [ 23.411228] kasan_save_alloc_info+0x3b/0x50 [ 23.411377] __kasan_kmalloc+0xb7/0xc0 [ 23.411574] __kmalloc_cache_noprof+0x189/0x420 [ 23.411792] kmalloc_oob_right+0xa9/0x7f0 [ 23.412049] kunit_try_run_case+0x1a5/0x480 [ 23.412197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.412379] kthread+0x337/0x6f0 [ 23.412558] ret_from_fork+0x116/0x1d0 [ 23.412929] ret_from_fork_asm+0x1a/0x30 [ 23.413131] [ 23.413222] The buggy address belongs to the object at ffff8881041b9600 [ 23.413222] which belongs to the cache kmalloc-128 of size 128 [ 23.413949] The buggy address is located 5 bytes to the right of [ 23.413949] allocated 115-byte region [ffff8881041b9600, ffff8881041b9673) [ 23.414369] [ 23.414439] The buggy address belongs to the physical page: [ 23.414685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 23.415042] flags: 0x200000000000000(node=0|zone=2) [ 23.415363] page_type: f5(slab) [ 23.415629] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.415921] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.416192] page dumped because: kasan: bad access detected [ 23.416365] [ 23.416461] Memory state around the buggy address: [ 23.416693] ffff8881041b9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.417114] ffff8881041b9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.417396] >ffff8881041b9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.417666] ^ [ 23.418200] ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.418470] ffff8881041b9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.419019] ==================================================================