Date
June 2, 2025, 2:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.132065] ================================================================== [ 17.139112] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 17.146048] Write of size 1 at addr ffff00080243e178 by task kunit_try_catch/183 [ 17.153426] [ 17.154911] CPU: 7 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 17.154970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.154984] Hardware name: WinLink E850-96 board (DT) [ 17.155004] Call trace: [ 17.155017] show_stack+0x20/0x38 (C) [ 17.155050] dump_stack_lvl+0x8c/0xd0 [ 17.155084] print_report+0x118/0x608 [ 17.155115] kasan_report+0xdc/0x128 [ 17.155142] __asan_report_store1_noabort+0x20/0x30 [ 17.155176] kmalloc_oob_right+0x538/0x660 [ 17.155208] kunit_try_run_case+0x170/0x3f0 [ 17.155241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.155283] kthread+0x328/0x630 [ 17.155315] ret_from_fork+0x10/0x20 [ 17.155350] [ 17.217748] Allocated by task 183: [ 17.221137] kasan_save_stack+0x3c/0x68 [ 17.224953] kasan_save_track+0x20/0x40 [ 17.228772] kasan_save_alloc_info+0x40/0x58 [ 17.233026] __kasan_kmalloc+0xd4/0xd8 [ 17.236758] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.241272] kmalloc_oob_right+0xb0/0x660 [ 17.245265] kunit_try_run_case+0x170/0x3f0 [ 17.249432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.254902] kthread+0x328/0x630 [ 17.258112] ret_from_fork+0x10/0x20 [ 17.261671] [ 17.263150] The buggy address belongs to the object at ffff00080243e100 [ 17.263150] which belongs to the cache kmalloc-128 of size 128 [ 17.275647] The buggy address is located 5 bytes to the right of [ 17.275647] allocated 115-byte region [ffff00080243e100, ffff00080243e173) [ 17.288580] [ 17.290060] The buggy address belongs to the physical page: [ 17.295616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88243e [ 17.303601] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.311240] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.318182] page_type: f5(slab) [ 17.321316] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 17.329038] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.336764] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 17.344576] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.352390] head: 0bfffe0000000001 fffffdffe0090f81 00000000ffffffff 00000000ffffffff [ 17.360201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.368006] page dumped because: kasan: bad access detected [ 17.373562] [ 17.375038] Memory state around the buggy address: [ 17.379817] ffff00080243e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.387021] ffff00080243e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.394225] >ffff00080243e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.401426] ^ [ 17.408547] ffff00080243e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.415752] ffff00080243e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.422954] ================================================================== [ 16.830434] ================================================================== [ 16.837031] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 16.843972] Write of size 1 at addr ffff00080243e173 by task kunit_try_catch/183 [ 16.851349] [ 16.852836] CPU: 7 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G N 6.15.1-rc1 #1 PREEMPT [ 16.852884] Tainted: [N]=TEST [ 16.852898] Hardware name: WinLink E850-96 board (DT) [ 16.852922] Call trace: [ 16.852936] show_stack+0x20/0x38 (C) [ 16.852973] dump_stack_lvl+0x8c/0xd0 [ 16.853010] print_report+0x118/0x608 [ 16.853046] kasan_report+0xdc/0x128 [ 16.853078] __asan_report_store1_noabort+0x20/0x30 [ 16.853112] kmalloc_oob_right+0x5a4/0x660 [ 16.853144] kunit_try_run_case+0x170/0x3f0 [ 16.853179] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.853221] kthread+0x328/0x630 [ 16.853256] ret_from_fork+0x10/0x20 [ 16.853291] [ 16.914455] Allocated by task 183: [ 16.917843] kasan_save_stack+0x3c/0x68 [ 16.921659] kasan_save_track+0x20/0x40 [ 16.925478] kasan_save_alloc_info+0x40/0x58 [ 16.929732] __kasan_kmalloc+0xd4/0xd8 [ 16.933464] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.937978] kmalloc_oob_right+0xb0/0x660 [ 16.941971] kunit_try_run_case+0x170/0x3f0 [ 16.946138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.951608] kthread+0x328/0x630 [ 16.954818] ret_from_fork+0x10/0x20 [ 16.958377] [ 16.959856] The buggy address belongs to the object at ffff00080243e100 [ 16.959856] which belongs to the cache kmalloc-128 of size 128 [ 16.972355] The buggy address is located 0 bytes to the right of [ 16.972355] allocated 115-byte region [ffff00080243e100, ffff00080243e173) [ 16.985286] [ 16.986765] The buggy address belongs to the physical page: [ 16.992323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88243e [ 17.000307] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.007946] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.014889] page_type: f5(slab) [ 17.018027] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 17.025744] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.033470] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 17.041282] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.049095] head: 0bfffe0000000001 fffffdffe0090f81 00000000ffffffff 00000000ffffffff [ 17.056907] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.064712] page dumped because: kasan: bad access detected [ 17.070268] [ 17.071743] Memory state around the buggy address: [ 17.076527] ffff00080243e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.083727] ffff00080243e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.090932] >ffff00080243e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.098132] ^ [ 17.104993] ffff00080243e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.112199] ffff00080243e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.119401] ================================================================== [ 17.430257] ================================================================== [ 17.437365] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 17.444308] Read of size 1 at addr ffff00080243e180 by task kunit_try_catch/183 [ 17.451599] [ 17.453082] CPU: 7 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 17.453130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.453145] Hardware name: WinLink E850-96 board (DT) [ 17.453166] Call trace: [ 17.453177] show_stack+0x20/0x38 (C) [ 17.453208] dump_stack_lvl+0x8c/0xd0 [ 17.453241] print_report+0x118/0x608 [ 17.453272] kasan_report+0xdc/0x128 [ 17.453300] __asan_report_load1_noabort+0x20/0x30 [ 17.453332] kmalloc_oob_right+0x5d0/0x660 [ 17.453364] kunit_try_run_case+0x170/0x3f0 [ 17.453400] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.453437] kthread+0x328/0x630 [ 17.453472] ret_from_fork+0x10/0x20 [ 17.453505] [ 17.515834] Allocated by task 183: [ 17.519222] kasan_save_stack+0x3c/0x68 [ 17.523039] kasan_save_track+0x20/0x40 [ 17.526858] kasan_save_alloc_info+0x40/0x58 [ 17.531112] __kasan_kmalloc+0xd4/0xd8 [ 17.534844] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.539358] kmalloc_oob_right+0xb0/0x660 [ 17.543351] kunit_try_run_case+0x170/0x3f0 [ 17.547517] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.552986] kthread+0x328/0x630 [ 17.556198] ret_from_fork+0x10/0x20 [ 17.559757] [ 17.561234] The buggy address belongs to the object at ffff00080243e100 [ 17.561234] which belongs to the cache kmalloc-128 of size 128 [ 17.573733] The buggy address is located 13 bytes to the right of [ 17.573733] allocated 115-byte region [ffff00080243e100, ffff00080243e173) [ 17.586753] [ 17.588229] The buggy address belongs to the physical page: [ 17.593788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88243e [ 17.601774] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.609411] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.616353] page_type: f5(slab) [ 17.619489] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 17.627211] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.634937] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 17.642748] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.650561] head: 0bfffe0000000001 fffffdffe0090f81 00000000ffffffff 00000000ffffffff [ 17.658374] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.666179] page dumped because: kasan: bad access detected [ 17.671734] [ 17.673210] Memory state around the buggy address: [ 17.677988] ffff00080243e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.685193] ffff00080243e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.692398] >ffff00080243e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.699599] ^ [ 17.702814] ffff00080243e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.710019] ffff00080243e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.717220] ==================================================================
[ 17.326034] ================================================================== [ 17.326397] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 17.327235] Write of size 1 at addr fff00000c3f75073 by task kunit_try_catch/139 [ 17.327343] [ 17.328960] CPU: 1 UID: 0 PID: 139 Comm: kunit_try_catch Tainted: G N 6.15.1-rc1 #1 PREEMPT [ 17.329111] Tainted: [N]=TEST [ 17.329143] Hardware name: linux,dummy-virt (DT) [ 17.329387] Call trace: [ 17.329785] show_stack+0x20/0x38 (C) [ 17.329991] dump_stack_lvl+0x8c/0xd0 [ 17.330063] print_report+0x118/0x608 [ 17.330112] kasan_report+0xdc/0x128 [ 17.330157] __asan_report_store1_noabort+0x20/0x30 [ 17.330209] kmalloc_oob_right+0x5a4/0x660 [ 17.330259] kunit_try_run_case+0x170/0x3f0 [ 17.330312] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.330389] kthread+0x328/0x630 [ 17.330437] ret_from_fork+0x10/0x20 [ 17.330606] [ 17.330643] Allocated by task 139: [ 17.330756] kasan_save_stack+0x3c/0x68 [ 17.330822] kasan_save_track+0x20/0x40 [ 17.330859] kasan_save_alloc_info+0x40/0x58 [ 17.330897] __kasan_kmalloc+0xd4/0xd8 [ 17.330933] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.330976] kmalloc_oob_right+0xb0/0x660 [ 17.331021] kunit_try_run_case+0x170/0x3f0 [ 17.331060] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.331105] kthread+0x328/0x630 [ 17.331141] ret_from_fork+0x10/0x20 [ 17.331194] [ 17.331253] The buggy address belongs to the object at fff00000c3f75000 [ 17.331253] which belongs to the cache kmalloc-128 of size 128 [ 17.331345] The buggy address is located 0 bytes to the right of [ 17.331345] allocated 115-byte region [fff00000c3f75000, fff00000c3f75073) [ 17.331422] [ 17.331509] The buggy address belongs to the physical page: [ 17.331719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f75 [ 17.332002] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.332295] page_type: f5(slab) [ 17.332616] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.332680] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.332784] page dumped because: kasan: bad access detected [ 17.332824] [ 17.332849] Memory state around the buggy address: [ 17.333079] fff00000c3f74f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.333145] fff00000c3f74f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.333200] >fff00000c3f75000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.333254] ^ [ 17.333336] fff00000c3f75080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.333392] fff00000c3f75100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.333453] ================================================================== [ 17.342052] ================================================================== [ 17.342118] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 17.342186] Read of size 1 at addr fff00000c3f75080 by task kunit_try_catch/139 [ 17.342236] [ 17.342268] CPU: 1 UID: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 17.342364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.342390] Hardware name: linux,dummy-virt (DT) [ 17.342420] Call trace: [ 17.342441] show_stack+0x20/0x38 (C) [ 17.342493] dump_stack_lvl+0x8c/0xd0 [ 17.342541] print_report+0x118/0x608 [ 17.342710] kasan_report+0xdc/0x128 [ 17.342845] __asan_report_load1_noabort+0x20/0x30 [ 17.342984] kmalloc_oob_right+0x5d0/0x660 [ 17.343066] kunit_try_run_case+0x170/0x3f0 [ 17.343118] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.343182] kthread+0x328/0x630 [ 17.343560] ret_from_fork+0x10/0x20 [ 17.343656] [ 17.343676] Allocated by task 139: [ 17.343703] kasan_save_stack+0x3c/0x68 [ 17.343743] kasan_save_track+0x20/0x40 [ 17.343779] kasan_save_alloc_info+0x40/0x58 [ 17.343963] __kasan_kmalloc+0xd4/0xd8 [ 17.344009] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.344053] kmalloc_oob_right+0xb0/0x660 [ 17.344200] kunit_try_run_case+0x170/0x3f0 [ 17.344249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.344315] kthread+0x328/0x630 [ 17.344367] ret_from_fork+0x10/0x20 [ 17.344403] [ 17.344423] The buggy address belongs to the object at fff00000c3f75000 [ 17.344423] which belongs to the cache kmalloc-128 of size 128 [ 17.344496] The buggy address is located 13 bytes to the right of [ 17.344496] allocated 115-byte region [fff00000c3f75000, fff00000c3f75073) [ 17.344568] [ 17.344754] The buggy address belongs to the physical page: [ 17.344808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f75 [ 17.344861] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.344929] page_type: f5(slab) [ 17.344969] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.345023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.345063] page dumped because: kasan: bad access detected [ 17.345093] [ 17.345120] Memory state around the buggy address: [ 17.345152] fff00000c3f74f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.345193] fff00000c3f75000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.345235] >fff00000c3f75080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.345280] ^ [ 17.345308] fff00000c3f75100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.345370] fff00000c3f75180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.345405] ================================================================== [ 17.335332] ================================================================== [ 17.335419] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 17.335546] Write of size 1 at addr fff00000c3f75078 by task kunit_try_catch/139 [ 17.335600] [ 17.335634] CPU: 1 UID: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 17.335783] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.335894] Hardware name: linux,dummy-virt (DT) [ 17.335927] Call trace: [ 17.335950] show_stack+0x20/0x38 (C) [ 17.336005] dump_stack_lvl+0x8c/0xd0 [ 17.336054] print_report+0x118/0x608 [ 17.336100] kasan_report+0xdc/0x128 [ 17.336162] __asan_report_store1_noabort+0x20/0x30 [ 17.336215] kmalloc_oob_right+0x538/0x660 [ 17.336494] kunit_try_run_case+0x170/0x3f0 [ 17.336564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.336650] kthread+0x328/0x630 [ 17.336785] ret_from_fork+0x10/0x20 [ 17.336863] [ 17.336882] Allocated by task 139: [ 17.336920] kasan_save_stack+0x3c/0x68 [ 17.337403] kasan_save_track+0x20/0x40 [ 17.337664] kasan_save_alloc_info+0x40/0x58 [ 17.337925] __kasan_kmalloc+0xd4/0xd8 [ 17.338297] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.338374] kmalloc_oob_right+0xb0/0x660 [ 17.338445] kunit_try_run_case+0x170/0x3f0 [ 17.338530] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.338599] kthread+0x328/0x630 [ 17.338654] ret_from_fork+0x10/0x20 [ 17.338722] [ 17.338793] The buggy address belongs to the object at fff00000c3f75000 [ 17.338793] which belongs to the cache kmalloc-128 of size 128 [ 17.338894] The buggy address is located 5 bytes to the right of [ 17.338894] allocated 115-byte region [fff00000c3f75000, fff00000c3f75073) [ 17.338957] [ 17.338976] The buggy address belongs to the physical page: [ 17.339007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f75 [ 17.339112] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.339204] page_type: f5(slab) [ 17.339244] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.339294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.339333] page dumped because: kasan: bad access detected [ 17.339375] [ 17.339514] Memory state around the buggy address: [ 17.339564] fff00000c3f74f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.339645] fff00000c3f74f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.339687] >fff00000c3f75000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.340757] ^ [ 17.340810] fff00000c3f75080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.341003] fff00000c3f75100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.341078] ==================================================================
[ 15.495443] ================================================================== [ 15.495813] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 15.496327] Read of size 1 at addr ffff888102b25c80 by task kunit_try_catch/157 [ 15.496894] [ 15.497206] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 15.497350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.497377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.497421] Call Trace: [ 15.497463] <TASK> [ 15.497537] dump_stack_lvl+0x73/0xb0 [ 15.497634] print_report+0xd1/0x650 [ 15.497684] ? __virt_addr_valid+0x1db/0x2d0 [ 15.497734] ? kmalloc_oob_right+0x68a/0x7f0 [ 15.497796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.497848] ? kmalloc_oob_right+0x68a/0x7f0 [ 15.497898] kasan_report+0x141/0x180 [ 15.497951] ? kmalloc_oob_right+0x68a/0x7f0 [ 15.498010] __asan_report_load1_noabort+0x18/0x20 [ 15.498050] kmalloc_oob_right+0x68a/0x7f0 [ 15.498091] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 15.498148] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 15.498182] kunit_try_run_case+0x1a5/0x480 [ 15.498212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.498237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.498264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.498290] ? __kthread_parkme+0x82/0x180 [ 15.498315] ? preempt_count_sub+0x50/0x80 [ 15.498343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.498369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.498393] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.498418] kthread+0x337/0x6f0 [ 15.498438] ? trace_preempt_on+0x20/0xc0 [ 15.498464] ? __pfx_kthread+0x10/0x10 [ 15.498484] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.498508] ? calculate_sigpending+0x7b/0xa0 [ 15.498533] ? __pfx_kthread+0x10/0x10 [ 15.498554] ret_from_fork+0x41/0x80 [ 15.498578] ? __pfx_kthread+0x10/0x10 [ 15.498598] ret_from_fork_asm+0x1a/0x30 [ 15.498634] </TASK> [ 15.498648] [ 15.510356] Allocated by task 157: [ 15.510707] kasan_save_stack+0x45/0x70 [ 15.511294] kasan_save_track+0x18/0x40 [ 15.511663] kasan_save_alloc_info+0x3b/0x50 [ 15.512156] __kasan_kmalloc+0xb7/0xc0 [ 15.512438] __kmalloc_cache_noprof+0x189/0x420 [ 15.512702] kmalloc_oob_right+0xa9/0x7f0 [ 15.513211] kunit_try_run_case+0x1a5/0x480 [ 15.513632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.514178] kthread+0x337/0x6f0 [ 15.514470] ret_from_fork+0x41/0x80 [ 15.514884] ret_from_fork_asm+0x1a/0x30 [ 15.515262] [ 15.515513] The buggy address belongs to the object at ffff888102b25c00 [ 15.515513] which belongs to the cache kmalloc-128 of size 128 [ 15.516403] The buggy address is located 13 bytes to the right of [ 15.516403] allocated 115-byte region [ffff888102b25c00, ffff888102b25c73) [ 15.517290] [ 15.517502] The buggy address belongs to the physical page: [ 15.517978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b25 [ 15.518512] flags: 0x200000000000000(node=0|zone=2) [ 15.519044] page_type: f5(slab) [ 15.519483] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.520011] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.520622] page dumped because: kasan: bad access detected [ 15.520914] [ 15.521173] Memory state around the buggy address: [ 15.521574] ffff888102b25b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.521971] ffff888102b25c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 15.522665] >ffff888102b25c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.523074] ^ [ 15.523435] ffff888102b25d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.524060] ffff888102b25d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.524607] ================================================================== [ 15.460658] ================================================================== [ 15.462465] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 15.464239] Write of size 1 at addr ffff888102b25c78 by task kunit_try_catch/157 [ 15.465386] [ 15.466213] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 15.466399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.466429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.466473] Call Trace: [ 15.466515] <TASK> [ 15.466556] dump_stack_lvl+0x73/0xb0 [ 15.466634] print_report+0xd1/0x650 [ 15.466682] ? __virt_addr_valid+0x1db/0x2d0 [ 15.466728] ? kmalloc_oob_right+0x6bd/0x7f0 [ 15.466784] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.466832] ? kmalloc_oob_right+0x6bd/0x7f0 [ 15.466877] kasan_report+0x141/0x180 [ 15.466924] ? kmalloc_oob_right+0x6bd/0x7f0 [ 15.466973] __asan_report_store1_noabort+0x1b/0x30 [ 15.467008] kmalloc_oob_right+0x6bd/0x7f0 [ 15.467044] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 15.467089] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 15.467177] kunit_try_run_case+0x1a5/0x480 [ 15.467228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.467269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.467313] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.467356] ? __kthread_parkme+0x82/0x180 [ 15.467398] ? preempt_count_sub+0x50/0x80 [ 15.467444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.467484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.467520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.467556] kthread+0x337/0x6f0 [ 15.467587] ? trace_preempt_on+0x20/0xc0 [ 15.467635] ? __pfx_kthread+0x10/0x10 [ 15.467669] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.467706] ? calculate_sigpending+0x7b/0xa0 [ 15.467744] ? __pfx_kthread+0x10/0x10 [ 15.467799] ret_from_fork+0x41/0x80 [ 15.467837] ? __pfx_kthread+0x10/0x10 [ 15.467870] ret_from_fork_asm+0x1a/0x30 [ 15.467929] </TASK> [ 15.467950] [ 15.479339] Allocated by task 157: [ 15.479885] kasan_save_stack+0x45/0x70 [ 15.480401] kasan_save_track+0x18/0x40 [ 15.480828] kasan_save_alloc_info+0x3b/0x50 [ 15.481245] __kasan_kmalloc+0xb7/0xc0 [ 15.481702] __kmalloc_cache_noprof+0x189/0x420 [ 15.482145] kmalloc_oob_right+0xa9/0x7f0 [ 15.482389] kunit_try_run_case+0x1a5/0x480 [ 15.482861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.483385] kthread+0x337/0x6f0 [ 15.483579] ret_from_fork+0x41/0x80 [ 15.483794] ret_from_fork_asm+0x1a/0x30 [ 15.484379] [ 15.484571] The buggy address belongs to the object at ffff888102b25c00 [ 15.484571] which belongs to the cache kmalloc-128 of size 128 [ 15.485634] The buggy address is located 5 bytes to the right of [ 15.485634] allocated 115-byte region [ffff888102b25c00, ffff888102b25c73) [ 15.486369] [ 15.486508] The buggy address belongs to the physical page: [ 15.486934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b25 [ 15.487776] flags: 0x200000000000000(node=0|zone=2) [ 15.488294] page_type: f5(slab) [ 15.488619] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.489040] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.489391] page dumped because: kasan: bad access detected [ 15.489844] [ 15.490031] Memory state around the buggy address: [ 15.490455] ffff888102b25b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.490884] ffff888102b25b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.491426] >ffff888102b25c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 15.491820] ^ [ 15.492320] ffff888102b25c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.492612] ffff888102b25d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.493262] ================================================================== [ 15.417595] ================================================================== [ 15.419032] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 15.420075] Write of size 1 at addr ffff888102b25c73 by task kunit_try_catch/157 [ 15.420737] [ 15.422576] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 15.422993] Tainted: [N]=TEST [ 15.423038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.423337] Call Trace: [ 15.423429] <TASK> [ 15.423614] dump_stack_lvl+0x73/0xb0 [ 15.423766] print_report+0xd1/0x650 [ 15.423807] ? __virt_addr_valid+0x1db/0x2d0 [ 15.423836] ? kmalloc_oob_right+0x6f0/0x7f0 [ 15.423861] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.423886] ? kmalloc_oob_right+0x6f0/0x7f0 [ 15.423911] kasan_report+0x141/0x180 [ 15.423936] ? kmalloc_oob_right+0x6f0/0x7f0 [ 15.423966] __asan_report_store1_noabort+0x1b/0x30 [ 15.423989] kmalloc_oob_right+0x6f0/0x7f0 [ 15.424015] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 15.424042] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 15.424072] kunit_try_run_case+0x1a5/0x480 [ 15.424101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.424142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.424171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.424197] ? __kthread_parkme+0x82/0x180 [ 15.424222] ? preempt_count_sub+0x50/0x80 [ 15.424253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.424279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.424305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.424330] kthread+0x337/0x6f0 [ 15.424349] ? trace_preempt_on+0x20/0xc0 [ 15.424377] ? __pfx_kthread+0x10/0x10 [ 15.424397] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.424421] ? calculate_sigpending+0x7b/0xa0 [ 15.424446] ? __pfx_kthread+0x10/0x10 [ 15.424467] ret_from_fork+0x41/0x80 [ 15.424492] ? __pfx_kthread+0x10/0x10 [ 15.424513] ret_from_fork_asm+0x1a/0x30 [ 15.424575] </TASK> [ 15.424657] [ 15.436738] Allocated by task 157: [ 15.437444] kasan_save_stack+0x45/0x70 [ 15.437820] kasan_save_track+0x18/0x40 [ 15.438227] kasan_save_alloc_info+0x3b/0x50 [ 15.438639] __kasan_kmalloc+0xb7/0xc0 [ 15.439002] __kmalloc_cache_noprof+0x189/0x420 [ 15.439443] kmalloc_oob_right+0xa9/0x7f0 [ 15.439813] kunit_try_run_case+0x1a5/0x480 [ 15.440081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.440484] kthread+0x337/0x6f0 [ 15.440680] ret_from_fork+0x41/0x80 [ 15.440902] ret_from_fork_asm+0x1a/0x30 [ 15.441266] [ 15.441583] The buggy address belongs to the object at ffff888102b25c00 [ 15.441583] which belongs to the cache kmalloc-128 of size 128 [ 15.442788] The buggy address is located 0 bytes to the right of [ 15.442788] allocated 115-byte region [ffff888102b25c00, ffff888102b25c73) [ 15.443936] [ 15.444355] The buggy address belongs to the physical page: [ 15.445235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b25 [ 15.446301] flags: 0x200000000000000(node=0|zone=2) [ 15.447327] page_type: f5(slab) [ 15.448395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.448890] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.449571] page dumped because: kasan: bad access detected [ 15.449945] [ 15.450148] Memory state around the buggy address: [ 15.451339] ffff888102b25b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.451864] ffff888102b25b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.452547] >ffff888102b25c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 15.452947] ^ [ 15.453692] ffff888102b25c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.454596] ffff888102b25d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.454982] ==================================================================