Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 48.293796] ================================================================== [ 48.300682] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 48.308057] Read of size 1 at addr ffff00080244db7f by task kunit_try_catch/275 [ 48.315348] [ 48.316834] CPU: 3 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 48.316890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.316908] Hardware name: WinLink E850-96 board (DT) [ 48.316927] Call trace: [ 48.316939] show_stack+0x20/0x38 (C) [ 48.316974] dump_stack_lvl+0x8c/0xd0 [ 48.317008] print_report+0x118/0x5d0 [ 48.317035] kasan_report+0xdc/0x128 [ 48.317060] __asan_report_load1_noabort+0x20/0x30 [ 48.317090] ksize_unpoisons_memory+0x690/0x740 [ 48.317123] kunit_try_run_case+0x170/0x3f0 [ 48.317152] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.317185] kthread+0x328/0x630 [ 48.317211] ret_from_fork+0x10/0x20 [ 48.317242] [ 48.381234] Allocated by task 275: [ 48.384620] kasan_save_stack+0x3c/0x68 [ 48.388437] kasan_save_track+0x20/0x40 [ 48.392257] kasan_save_alloc_info+0x40/0x58 [ 48.396510] __kasan_kmalloc+0xd4/0xd8 [ 48.400244] __kmalloc_cache_noprof+0x16c/0x3c0 [ 48.404757] ksize_unpoisons_memory+0xc0/0x740 [ 48.409183] kunit_try_run_case+0x170/0x3f0 [ 48.413350] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.418819] kthread+0x328/0x630 [ 48.422031] ret_from_fork+0x10/0x20 [ 48.425591] [ 48.427066] The buggy address belongs to the object at ffff00080244db00 [ 48.427066] which belongs to the cache kmalloc-128 of size 128 [ 48.439568] The buggy address is located 12 bytes to the right of [ 48.439568] allocated 115-byte region [ffff00080244db00, ffff00080244db73) [ 48.452586] [ 48.454064] The buggy address belongs to the physical page: [ 48.459622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88244c [ 48.467605] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.475245] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 48.482186] page_type: f5(slab) [ 48.485324] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.493043] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.500770] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.508581] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.516394] head: 0bfffe0000000001 fffffdffe0091301 00000000ffffffff 00000000ffffffff [ 48.524206] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 48.532013] page dumped because: kasan: bad access detected [ 48.537567] [ 48.539043] Memory state around the buggy address: [ 48.543824] ffff00080244da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.551026] ffff00080244da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.558230] >ffff00080244db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 48.565431] ^ [ 48.572553] ffff00080244db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.579758] ffff00080244dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.586959] ================================================================== [ 47.993134] ================================================================== [ 48.000083] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 48.007457] Read of size 1 at addr ffff00080244db78 by task kunit_try_catch/275 [ 48.014747] [ 48.016232] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 48.016285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.016304] Hardware name: WinLink E850-96 board (DT) [ 48.016325] Call trace: [ 48.016337] show_stack+0x20/0x38 (C) [ 48.016368] dump_stack_lvl+0x8c/0xd0 [ 48.016404] print_report+0x118/0x5d0 [ 48.016431] kasan_report+0xdc/0x128 [ 48.016458] __asan_report_load1_noabort+0x20/0x30 [ 48.016489] ksize_unpoisons_memory+0x618/0x740 [ 48.016521] kunit_try_run_case+0x170/0x3f0 [ 48.016553] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.016585] kthread+0x328/0x630 [ 48.016615] ret_from_fork+0x10/0x20 [ 48.016649] [ 48.080631] Allocated by task 275: [ 48.084018] kasan_save_stack+0x3c/0x68 [ 48.087835] kasan_save_track+0x20/0x40 [ 48.091654] kasan_save_alloc_info+0x40/0x58 [ 48.095907] __kasan_kmalloc+0xd4/0xd8 [ 48.099640] __kmalloc_cache_noprof+0x16c/0x3c0 [ 48.104154] ksize_unpoisons_memory+0xc0/0x740 [ 48.108581] kunit_try_run_case+0x170/0x3f0 [ 48.112747] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.118216] kthread+0x328/0x630 [ 48.121428] ret_from_fork+0x10/0x20 [ 48.124986] [ 48.126465] The buggy address belongs to the object at ffff00080244db00 [ 48.126465] which belongs to the cache kmalloc-128 of size 128 [ 48.138965] The buggy address is located 5 bytes to the right of [ 48.138965] allocated 115-byte region [ffff00080244db00, ffff00080244db73) [ 48.151896] [ 48.153374] The buggy address belongs to the physical page: [ 48.158932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88244c [ 48.166915] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.174555] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 48.181496] page_type: f5(slab) [ 48.184633] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.192353] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.200080] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 48.207891] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 48.215704] head: 0bfffe0000000001 fffffdffe0091301 00000000ffffffff 00000000ffffffff [ 48.223516] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 48.231323] page dumped because: kasan: bad access detected [ 48.236877] [ 48.238354] Memory state around the buggy address: [ 48.243132] ffff00080244da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.250336] ffff00080244da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.257540] >ffff00080244db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 48.264741] ^ [ 48.271863] ffff00080244db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.279068] ffff00080244dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.286270] ================================================================== [ 47.690046] ================================================================== [ 47.699739] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 47.707112] Read of size 1 at addr ffff00080244db73 by task kunit_try_catch/275 [ 47.714404] [ 47.715890] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 47.715947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.715966] Hardware name: WinLink E850-96 board (DT) [ 47.715988] Call trace: [ 47.716001] show_stack+0x20/0x38 (C) [ 47.716036] dump_stack_lvl+0x8c/0xd0 [ 47.716074] print_report+0x118/0x5d0 [ 47.716100] kasan_report+0xdc/0x128 [ 47.716126] __asan_report_load1_noabort+0x20/0x30 [ 47.716160] ksize_unpoisons_memory+0x628/0x740 [ 47.716194] kunit_try_run_case+0x170/0x3f0 [ 47.716224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.716261] kthread+0x328/0x630 [ 47.716290] ret_from_fork+0x10/0x20 [ 47.716325] [ 47.780288] Allocated by task 275: [ 47.783676] kasan_save_stack+0x3c/0x68 [ 47.787492] kasan_save_track+0x20/0x40 [ 47.791311] kasan_save_alloc_info+0x40/0x58 [ 47.795564] __kasan_kmalloc+0xd4/0xd8 [ 47.799298] __kmalloc_cache_noprof+0x16c/0x3c0 [ 47.803811] ksize_unpoisons_memory+0xc0/0x740 [ 47.808238] kunit_try_run_case+0x170/0x3f0 [ 47.812404] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.817873] kthread+0x328/0x630 [ 47.821086] ret_from_fork+0x10/0x20 [ 47.824644] [ 47.826121] The buggy address belongs to the object at ffff00080244db00 [ 47.826121] which belongs to the cache kmalloc-128 of size 128 [ 47.838623] The buggy address is located 0 bytes to the right of [ 47.838623] allocated 115-byte region [ffff00080244db00, ffff00080244db73) [ 47.851553] [ 47.853033] The buggy address belongs to the physical page: [ 47.858590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88244c [ 47.866572] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.874212] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 47.881155] page_type: f5(slab) [ 47.884291] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 47.892011] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 47.899739] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 47.907548] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 47.915361] head: 0bfffe0000000001 fffffdffe0091301 00000000ffffffff 00000000ffffffff [ 47.923173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 47.930981] page dumped because: kasan: bad access detected [ 47.936534] [ 47.938010] Memory state around the buggy address: [ 47.942792] ffff00080244da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.949995] ffff00080244da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.957199] >ffff00080244db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 47.964399] ^ [ 47.971260] ffff00080244db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.978466] ffff00080244dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.985667] ==================================================================
[ 30.808702] ================================================================== [ 30.808773] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 30.808854] Read of size 1 at addr fff00000c64f4c73 by task kunit_try_catch/226 [ 30.808905] [ 30.810507] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.810765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.810794] Hardware name: linux,dummy-virt (DT) [ 30.811161] Call trace: [ 30.811195] show_stack+0x20/0x38 (C) [ 30.811267] dump_stack_lvl+0x8c/0xd0 [ 30.811368] print_report+0x118/0x5d0 [ 30.811419] kasan_report+0xdc/0x128 [ 30.811476] __asan_report_load1_noabort+0x20/0x30 [ 30.811578] ksize_unpoisons_memory+0x628/0x740 [ 30.811633] kunit_try_run_case+0x170/0x3f0 [ 30.811680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.812190] kthread+0x328/0x630 [ 30.812548] ret_from_fork+0x10/0x20 [ 30.812794] [ 30.812862] Allocated by task 226: [ 30.812902] kasan_save_stack+0x3c/0x68 [ 30.813141] kasan_save_track+0x20/0x40 [ 30.813181] kasan_save_alloc_info+0x40/0x58 [ 30.813636] __kasan_kmalloc+0xd4/0xd8 [ 30.813695] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.813898] ksize_unpoisons_memory+0xc0/0x740 [ 30.813999] kunit_try_run_case+0x170/0x3f0 [ 30.814040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.814085] kthread+0x328/0x630 [ 30.814347] ret_from_fork+0x10/0x20 [ 30.814406] [ 30.814449] The buggy address belongs to the object at fff00000c64f4c00 [ 30.814449] which belongs to the cache kmalloc-128 of size 128 [ 30.814930] The buggy address is located 0 bytes to the right of [ 30.814930] allocated 115-byte region [fff00000c64f4c00, fff00000c64f4c73) [ 30.815122] [ 30.815155] The buggy address belongs to the physical page: [ 30.815212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.815547] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.815620] page_type: f5(slab) [ 30.815757] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.816073] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.816333] page dumped because: kasan: bad access detected [ 30.816377] [ 30.816602] Memory state around the buggy address: [ 30.816647] fff00000c64f4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.816698] fff00000c64f4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.816741] >fff00000c64f4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.817235] ^ [ 30.817622] fff00000c64f4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.818180] fff00000c64f4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.818221] ================================================================== [ 30.830421] ================================================================== [ 30.830729] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 30.830781] Read of size 1 at addr fff00000c64f4c7f by task kunit_try_catch/226 [ 30.830830] [ 30.830862] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.830945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.830971] Hardware name: linux,dummy-virt (DT) [ 30.831002] Call trace: [ 30.831787] show_stack+0x20/0x38 (C) [ 30.832058] dump_stack_lvl+0x8c/0xd0 [ 30.832396] print_report+0x118/0x5d0 [ 30.832455] kasan_report+0xdc/0x128 [ 30.832500] __asan_report_load1_noabort+0x20/0x30 [ 30.832548] ksize_unpoisons_memory+0x690/0x740 [ 30.832598] kunit_try_run_case+0x170/0x3f0 [ 30.832645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.832695] kthread+0x328/0x630 [ 30.832738] ret_from_fork+0x10/0x20 [ 30.832786] [ 30.832803] Allocated by task 226: [ 30.832829] kasan_save_stack+0x3c/0x68 [ 30.832872] kasan_save_track+0x20/0x40 [ 30.832912] kasan_save_alloc_info+0x40/0x58 [ 30.832950] __kasan_kmalloc+0xd4/0xd8 [ 30.832988] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.833029] ksize_unpoisons_memory+0xc0/0x740 [ 30.833069] kunit_try_run_case+0x170/0x3f0 [ 30.833781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.834377] kthread+0x328/0x630 [ 30.834491] ret_from_fork+0x10/0x20 [ 30.835001] [ 30.835027] The buggy address belongs to the object at fff00000c64f4c00 [ 30.835027] which belongs to the cache kmalloc-128 of size 128 [ 30.835456] The buggy address is located 12 bytes to the right of [ 30.835456] allocated 115-byte region [fff00000c64f4c00, fff00000c64f4c73) [ 30.835529] [ 30.835880] The buggy address belongs to the physical page: [ 30.836284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.836385] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.836449] page_type: f5(slab) [ 30.836877] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.836966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.837135] page dumped because: kasan: bad access detected [ 30.837167] [ 30.837184] Memory state around the buggy address: [ 30.837215] fff00000c64f4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.837259] fff00000c64f4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.837302] >fff00000c64f4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.837340] ^ [ 30.837953] fff00000c64f4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.838163] fff00000c64f4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.838214] ================================================================== [ 30.820622] ================================================================== [ 30.820677] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 30.820729] Read of size 1 at addr fff00000c64f4c78 by task kunit_try_catch/226 [ 30.820777] [ 30.821660] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.821774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.821803] Hardware name: linux,dummy-virt (DT) [ 30.821955] Call trace: [ 30.821979] show_stack+0x20/0x38 (C) [ 30.822032] dump_stack_lvl+0x8c/0xd0 [ 30.822083] print_report+0x118/0x5d0 [ 30.822130] kasan_report+0xdc/0x128 [ 30.822172] __asan_report_load1_noabort+0x20/0x30 [ 30.822222] ksize_unpoisons_memory+0x618/0x740 [ 30.822325] kunit_try_run_case+0x170/0x3f0 [ 30.822374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.822428] kthread+0x328/0x630 [ 30.823456] ret_from_fork+0x10/0x20 [ 30.823663] [ 30.823681] Allocated by task 226: [ 30.823710] kasan_save_stack+0x3c/0x68 [ 30.824246] kasan_save_track+0x20/0x40 [ 30.824462] kasan_save_alloc_info+0x40/0x58 [ 30.824507] __kasan_kmalloc+0xd4/0xd8 [ 30.824546] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.824744] ksize_unpoisons_memory+0xc0/0x740 [ 30.825174] kunit_try_run_case+0x170/0x3f0 [ 30.825219] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.825379] kthread+0x328/0x630 [ 30.825466] ret_from_fork+0x10/0x20 [ 30.825979] [ 30.826065] The buggy address belongs to the object at fff00000c64f4c00 [ 30.826065] which belongs to the cache kmalloc-128 of size 128 [ 30.826127] The buggy address is located 5 bytes to the right of [ 30.826127] allocated 115-byte region [fff00000c64f4c00, fff00000c64f4c73) [ 30.826191] [ 30.826210] The buggy address belongs to the physical page: [ 30.826266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.826784] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.826915] page_type: f5(slab) [ 30.827188] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.827637] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.827686] page dumped because: kasan: bad access detected [ 30.827718] [ 30.827737] Memory state around the buggy address: [ 30.827768] fff00000c64f4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.827813] fff00000c64f4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.827855] >fff00000c64f4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.827893] ^ [ 30.827935] fff00000c64f4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.827977] fff00000c64f4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.828014] ==================================================================
[ 24.467246] ================================================================== [ 24.467494] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.467888] Read of size 1 at addr ffff8881041b9978 by task kunit_try_catch/242 [ 24.468263] [ 24.468358] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.468576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.468735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.468759] Call Trace: [ 24.468775] <TASK> [ 24.468792] dump_stack_lvl+0x73/0xb0 [ 24.468829] print_report+0xd1/0x610 [ 24.468857] ? __virt_addr_valid+0x1db/0x2d0 [ 24.468886] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.468914] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.468945] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.468973] kasan_report+0x141/0x180 [ 24.469000] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.469035] __asan_report_load1_noabort+0x18/0x20 [ 24.469063] ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.469092] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.469119] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.469154] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.469188] kunit_try_run_case+0x1a5/0x480 [ 24.469217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.469243] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.469270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.469298] ? __kthread_parkme+0x82/0x180 [ 24.469323] ? preempt_count_sub+0x50/0x80 [ 24.469352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.469380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.469411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.469442] kthread+0x337/0x6f0 [ 24.469466] ? trace_preempt_on+0x20/0xc0 [ 24.469496] ? __pfx_kthread+0x10/0x10 [ 24.469735] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.470037] ? calculate_sigpending+0x7b/0xa0 [ 24.470067] ? __pfx_kthread+0x10/0x10 [ 24.470095] ret_from_fork+0x116/0x1d0 [ 24.470120] ? __pfx_kthread+0x10/0x10 [ 24.470146] ret_from_fork_asm+0x1a/0x30 [ 24.470186] </TASK> [ 24.470198] [ 24.477164] Allocated by task 242: [ 24.477326] kasan_save_stack+0x45/0x70 [ 24.477477] kasan_save_track+0x18/0x40 [ 24.477764] kasan_save_alloc_info+0x3b/0x50 [ 24.478172] __kasan_kmalloc+0xb7/0xc0 [ 24.478339] __kmalloc_cache_noprof+0x189/0x420 [ 24.478503] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.478943] kunit_try_run_case+0x1a5/0x480 [ 24.479213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.479453] kthread+0x337/0x6f0 [ 24.479603] ret_from_fork+0x116/0x1d0 [ 24.479844] ret_from_fork_asm+0x1a/0x30 [ 24.479988] [ 24.480064] The buggy address belongs to the object at ffff8881041b9900 [ 24.480064] which belongs to the cache kmalloc-128 of size 128 [ 24.480545] The buggy address is located 5 bytes to the right of [ 24.480545] allocated 115-byte region [ffff8881041b9900, ffff8881041b9973) [ 24.481200] [ 24.481394] The buggy address belongs to the physical page: [ 24.481629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.482069] flags: 0x200000000000000(node=0|zone=2) [ 24.482240] page_type: f5(slab) [ 24.482360] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.482801] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.483341] page dumped because: kasan: bad access detected [ 24.483509] [ 24.483589] Memory state around the buggy address: [ 24.483743] ffff8881041b9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.483955] ffff8881041b9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.484577] >ffff8881041b9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.484902] ^ [ 24.485219] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.485536] ffff8881041b9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.486039] ================================================================== [ 24.443229] ================================================================== [ 24.443731] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 24.444267] Read of size 1 at addr ffff8881041b9973 by task kunit_try_catch/242 [ 24.444538] [ 24.444629] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.444686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.444701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.444740] Call Trace: [ 24.444819] <TASK> [ 24.444842] dump_stack_lvl+0x73/0xb0 [ 24.444879] print_report+0xd1/0x610 [ 24.444920] ? __virt_addr_valid+0x1db/0x2d0 [ 24.444950] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.444997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.445044] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.445072] kasan_report+0x141/0x180 [ 24.445100] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.445134] __asan_report_load1_noabort+0x18/0x20 [ 24.445163] ksize_unpoisons_memory+0x81c/0x9b0 [ 24.445191] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.445218] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.445255] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.445305] kunit_try_run_case+0x1a5/0x480 [ 24.445348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.445374] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.445402] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.445430] ? __kthread_parkme+0x82/0x180 [ 24.445456] ? preempt_count_sub+0x50/0x80 [ 24.445486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.445514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.445560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.445699] kthread+0x337/0x6f0 [ 24.445726] ? trace_preempt_on+0x20/0xc0 [ 24.445755] ? __pfx_kthread+0x10/0x10 [ 24.445781] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.445810] ? calculate_sigpending+0x7b/0xa0 [ 24.445839] ? __pfx_kthread+0x10/0x10 [ 24.445866] ret_from_fork+0x116/0x1d0 [ 24.445890] ? __pfx_kthread+0x10/0x10 [ 24.445916] ret_from_fork_asm+0x1a/0x30 [ 24.445956] </TASK> [ 24.445970] [ 24.454698] Allocated by task 242: [ 24.455281] kasan_save_stack+0x45/0x70 [ 24.455825] kasan_save_track+0x18/0x40 [ 24.456339] kasan_save_alloc_info+0x3b/0x50 [ 24.456940] __kasan_kmalloc+0xb7/0xc0 [ 24.457334] __kmalloc_cache_noprof+0x189/0x420 [ 24.457503] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.457783] kunit_try_run_case+0x1a5/0x480 [ 24.458155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.458546] kthread+0x337/0x6f0 [ 24.458993] ret_from_fork+0x116/0x1d0 [ 24.459331] ret_from_fork_asm+0x1a/0x30 [ 24.459478] [ 24.459561] The buggy address belongs to the object at ffff8881041b9900 [ 24.459561] which belongs to the cache kmalloc-128 of size 128 [ 24.460778] The buggy address is located 0 bytes to the right of [ 24.460778] allocated 115-byte region [ffff8881041b9900, ffff8881041b9973) [ 24.462144] [ 24.462267] The buggy address belongs to the physical page: [ 24.462812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.463102] flags: 0x200000000000000(node=0|zone=2) [ 24.463266] page_type: f5(slab) [ 24.463386] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.463639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.464143] page dumped because: kasan: bad access detected [ 24.464362] [ 24.464455] Memory state around the buggy address: [ 24.464759] ffff8881041b9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.464985] ffff8881041b9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.465395] >ffff8881041b9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.465734] ^ [ 24.466031] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.466312] ffff8881041b9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.466686] ================================================================== [ 24.487415] ================================================================== [ 24.487871] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.488227] Read of size 1 at addr ffff8881041b997f by task kunit_try_catch/242 [ 24.488937] [ 24.489037] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.489089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.489102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.489125] Call Trace: [ 24.489142] <TASK> [ 24.489159] dump_stack_lvl+0x73/0xb0 [ 24.489194] print_report+0xd1/0x610 [ 24.489222] ? __virt_addr_valid+0x1db/0x2d0 [ 24.489252] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.489310] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489338] kasan_report+0x141/0x180 [ 24.489366] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489400] __asan_report_load1_noabort+0x18/0x20 [ 24.489429] ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489457] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.489484] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.489532] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.489566] kunit_try_run_case+0x1a5/0x480 [ 24.489818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.489846] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.489874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.489903] ? __kthread_parkme+0x82/0x180 [ 24.489929] ? preempt_count_sub+0x50/0x80 [ 24.489959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.489988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.490021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.490054] kthread+0x337/0x6f0 [ 24.490078] ? trace_preempt_on+0x20/0xc0 [ 24.490107] ? __pfx_kthread+0x10/0x10 [ 24.490133] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.490163] ? calculate_sigpending+0x7b/0xa0 [ 24.490192] ? __pfx_kthread+0x10/0x10 [ 24.490219] ret_from_fork+0x116/0x1d0 [ 24.490244] ? __pfx_kthread+0x10/0x10 [ 24.490269] ret_from_fork_asm+0x1a/0x30 [ 24.490311] </TASK> [ 24.490323] [ 24.497684] Allocated by task 242: [ 24.497814] kasan_save_stack+0x45/0x70 [ 24.497962] kasan_save_track+0x18/0x40 [ 24.498128] kasan_save_alloc_info+0x3b/0x50 [ 24.498578] __kasan_kmalloc+0xb7/0xc0 [ 24.498808] __kmalloc_cache_noprof+0x189/0x420 [ 24.499056] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.499211] kunit_try_run_case+0x1a5/0x480 [ 24.499404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.499768] kthread+0x337/0x6f0 [ 24.499994] ret_from_fork+0x116/0x1d0 [ 24.500186] ret_from_fork_asm+0x1a/0x30 [ 24.500354] [ 24.500449] The buggy address belongs to the object at ffff8881041b9900 [ 24.500449] which belongs to the cache kmalloc-128 of size 128 [ 24.501006] The buggy address is located 12 bytes to the right of [ 24.501006] allocated 115-byte region [ffff8881041b9900, ffff8881041b9973) [ 24.501401] [ 24.501495] The buggy address belongs to the physical page: [ 24.501752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.502126] flags: 0x200000000000000(node=0|zone=2) [ 24.502358] page_type: f5(slab) [ 24.502541] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.503001] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.503298] page dumped because: kasan: bad access detected [ 24.503473] [ 24.503554] Memory state around the buggy address: [ 24.503771] ffff8881041b9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.504095] ffff8881041b9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.504411] >ffff8881041b9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.504829] ^ [ 24.505097] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.505377] ffff8881041b9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.505736] ==================================================================