Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.283004] ================================================================== [ 19.290143] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 19.297085] Write of size 1 at addr ffff000801b46178 by task kunit_try_catch/185 [ 19.304462] [ 19.305947] CPU: 4 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 19.305999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.306013] Hardware name: WinLink E850-96 board (DT) [ 19.306032] Call trace: [ 19.306042] show_stack+0x20/0x38 (C) [ 19.306077] dump_stack_lvl+0x8c/0xd0 [ 19.306112] print_report+0x118/0x608 [ 19.306141] kasan_report+0xdc/0x128 [ 19.306168] __asan_report_store1_noabort+0x20/0x30 [ 19.306200] kmalloc_oob_right+0x538/0x660 [ 19.306232] kunit_try_run_case+0x170/0x3f0 [ 19.306268] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.306305] kthread+0x328/0x630 [ 19.306339] ret_from_fork+0x10/0x20 [ 19.306374] [ 19.368784] Allocated by task 185: [ 19.372171] kasan_save_stack+0x3c/0x68 [ 19.375989] kasan_save_track+0x20/0x40 [ 19.379809] kasan_save_alloc_info+0x40/0x58 [ 19.384062] __kasan_kmalloc+0xd4/0xd8 [ 19.387795] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.392309] kmalloc_oob_right+0xb0/0x660 [ 19.396302] kunit_try_run_case+0x170/0x3f0 [ 19.400468] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.405937] kthread+0x328/0x630 [ 19.409149] ret_from_fork+0x10/0x20 [ 19.412708] [ 19.414183] The buggy address belongs to the object at ffff000801b46100 [ 19.414183] which belongs to the cache kmalloc-128 of size 128 [ 19.426685] The buggy address is located 5 bytes to the right of [ 19.426685] allocated 115-byte region [ffff000801b46100, ffff000801b46173) [ 19.439617] [ 19.441093] The buggy address belongs to the physical page: [ 19.446652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b46 [ 19.454636] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.462273] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.469219] page_type: f5(slab) [ 19.472352] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.480075] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.487801] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.495613] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.503426] head: 0bfffe0000000001 fffffdffe006d181 00000000ffffffff 00000000ffffffff [ 19.511237] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.519043] page dumped because: kasan: bad access detected [ 19.524598] [ 19.526074] Memory state around the buggy address: [ 19.530853] ffff000801b46000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.538057] ffff000801b46080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.545261] >ffff000801b46100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.552462] ^ [ 19.559584] ffff000801b46180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.566790] ffff000801b46200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.573990] ================================================================== [ 19.581362] ================================================================== [ 19.588402] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 19.595344] Read of size 1 at addr ffff000801b46180 by task kunit_try_catch/185 [ 19.602636] [ 19.604119] CPU: 4 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 19.604164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.604178] Hardware name: WinLink E850-96 board (DT) [ 19.604196] Call trace: [ 19.604210] show_stack+0x20/0x38 (C) [ 19.604245] dump_stack_lvl+0x8c/0xd0 [ 19.604280] print_report+0x118/0x608 [ 19.604308] kasan_report+0xdc/0x128 [ 19.604339] __asan_report_load1_noabort+0x20/0x30 [ 19.604373] kmalloc_oob_right+0x5d0/0x660 [ 19.604406] kunit_try_run_case+0x170/0x3f0 [ 19.604441] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.604477] kthread+0x328/0x630 [ 19.604509] ret_from_fork+0x10/0x20 [ 19.604541] [ 19.666870] Allocated by task 185: [ 19.670256] kasan_save_stack+0x3c/0x68 [ 19.674075] kasan_save_track+0x20/0x40 [ 19.677896] kasan_save_alloc_info+0x40/0x58 [ 19.682148] __kasan_kmalloc+0xd4/0xd8 [ 19.685880] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.690395] kmalloc_oob_right+0xb0/0x660 [ 19.694387] kunit_try_run_case+0x170/0x3f0 [ 19.698554] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.704023] kthread+0x328/0x630 [ 19.707234] ret_from_fork+0x10/0x20 [ 19.710794] [ 19.712269] The buggy address belongs to the object at ffff000801b46100 [ 19.712269] which belongs to the cache kmalloc-128 of size 128 [ 19.724769] The buggy address is located 13 bytes to the right of [ 19.724769] allocated 115-byte region [ffff000801b46100, ffff000801b46173) [ 19.737789] [ 19.739265] The buggy address belongs to the physical page: [ 19.744823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b46 [ 19.752807] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.760446] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.767390] page_type: f5(slab) [ 19.770525] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.778247] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.785974] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.793785] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.801598] head: 0bfffe0000000001 fffffdffe006d181 00000000ffffffff 00000000ffffffff [ 19.809410] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.817216] page dumped because: kasan: bad access detected [ 19.822771] [ 19.824246] Memory state around the buggy address: [ 19.829025] ffff000801b46080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.836229] ffff000801b46100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.843434] >ffff000801b46180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.850635] ^ [ 19.853850] ffff000801b46200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.861055] ffff000801b46280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.868257] ================================================================== [ 18.981515] ================================================================== [ 18.988067] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 18.995010] Write of size 1 at addr ffff000801b46173 by task kunit_try_catch/185 [ 19.002384] [ 19.003871] CPU: 4 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.15.4-rc3 #1 PREEMPT [ 19.003921] Tainted: [N]=TEST [ 19.003935] Hardware name: WinLink E850-96 board (DT) [ 19.003957] Call trace: [ 19.003970] show_stack+0x20/0x38 (C) [ 19.004006] dump_stack_lvl+0x8c/0xd0 [ 19.004045] print_report+0x118/0x608 [ 19.004080] kasan_report+0xdc/0x128 [ 19.004110] __asan_report_store1_noabort+0x20/0x30 [ 19.004147] kmalloc_oob_right+0x5a4/0x660 [ 19.004179] kunit_try_run_case+0x170/0x3f0 [ 19.004216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.004255] kthread+0x328/0x630 [ 19.004289] ret_from_fork+0x10/0x20 [ 19.004325] [ 19.065493] Allocated by task 185: [ 19.068880] kasan_save_stack+0x3c/0x68 [ 19.072695] kasan_save_track+0x20/0x40 [ 19.076515] kasan_save_alloc_info+0x40/0x58 [ 19.080768] __kasan_kmalloc+0xd4/0xd8 [ 19.084501] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.089015] kmalloc_oob_right+0xb0/0x660 [ 19.093007] kunit_try_run_case+0x170/0x3f0 [ 19.097174] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.102643] kthread+0x328/0x630 [ 19.105855] ret_from_fork+0x10/0x20 [ 19.109414] [ 19.110891] The buggy address belongs to the object at ffff000801b46100 [ 19.110891] which belongs to the cache kmalloc-128 of size 128 [ 19.123391] The buggy address is located 0 bytes to the right of [ 19.123391] allocated 115-byte region [ffff000801b46100, ffff000801b46173) [ 19.136323] [ 19.137802] The buggy address belongs to the physical page: [ 19.143359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b46 [ 19.151343] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.158981] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.165925] page_type: f5(slab) [ 19.169062] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.176780] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.184507] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.192318] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.200131] head: 0bfffe0000000001 fffffdffe006d181 00000000ffffffff 00000000ffffffff [ 19.207943] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.215749] page dumped because: kasan: bad access detected [ 19.221306] [ 19.222780] Memory state around the buggy address: [ 19.227562] ffff000801b46000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.234763] ffff000801b46080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.241969] >ffff000801b46100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.249168] ^ [ 19.256030] ffff000801b46180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.263236] ffff000801b46200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.270435] ==================================================================
[ 17.598688] ================================================================== [ 17.598741] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 17.599082] Read of size 1 at addr fff00000c5bdc580 by task kunit_try_catch/138 [ 17.599185] [ 17.599225] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 17.599316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.599454] Hardware name: linux,dummy-virt (DT) [ 17.599520] Call trace: [ 17.599641] show_stack+0x20/0x38 (C) [ 17.599719] dump_stack_lvl+0x8c/0xd0 [ 17.599820] print_report+0x118/0x608 [ 17.599882] kasan_report+0xdc/0x128 [ 17.599965] __asan_report_load1_noabort+0x20/0x30 [ 17.600171] kmalloc_oob_right+0x5d0/0x660 [ 17.600229] kunit_try_run_case+0x170/0x3f0 [ 17.600285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.600374] kthread+0x328/0x630 [ 17.600421] ret_from_fork+0x10/0x20 [ 17.600777] [ 17.600817] Allocated by task 138: [ 17.600936] kasan_save_stack+0x3c/0x68 [ 17.601166] kasan_save_track+0x20/0x40 [ 17.601300] kasan_save_alloc_info+0x40/0x58 [ 17.601481] __kasan_kmalloc+0xd4/0xd8 [ 17.601523] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.601606] kmalloc_oob_right+0xb0/0x660 [ 17.601844] kunit_try_run_case+0x170/0x3f0 [ 17.601989] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.602096] kthread+0x328/0x630 [ 17.602191] ret_from_fork+0x10/0x20 [ 17.602233] [ 17.602508] The buggy address belongs to the object at fff00000c5bdc500 [ 17.602508] which belongs to the cache kmalloc-128 of size 128 [ 17.602631] The buggy address is located 13 bytes to the right of [ 17.602631] allocated 115-byte region [fff00000c5bdc500, fff00000c5bdc573) [ 17.602762] [ 17.602791] The buggy address belongs to the physical page: [ 17.602821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 17.603023] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.603084] page_type: f5(slab) [ 17.603122] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.603326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.603380] page dumped because: kasan: bad access detected [ 17.603418] [ 17.603435] Memory state around the buggy address: [ 17.603466] fff00000c5bdc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.603512] fff00000c5bdc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.603603] >fff00000c5bdc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.603644] ^ [ 17.603672] fff00000c5bdc600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.603729] fff00000c5bdc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.603770] ================================================================== [ 17.582202] ================================================================== [ 17.582528] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 17.583369] Write of size 1 at addr fff00000c5bdc573 by task kunit_try_catch/138 [ 17.583475] [ 17.584282] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G N 6.15.4-rc3 #1 PREEMPT [ 17.584430] Tainted: [N]=TEST [ 17.584465] Hardware name: linux,dummy-virt (DT) [ 17.584687] Call trace: [ 17.584869] show_stack+0x20/0x38 (C) [ 17.585003] dump_stack_lvl+0x8c/0xd0 [ 17.585066] print_report+0x118/0x608 [ 17.585111] kasan_report+0xdc/0x128 [ 17.585155] __asan_report_store1_noabort+0x20/0x30 [ 17.585205] kmalloc_oob_right+0x5a4/0x660 [ 17.585253] kunit_try_run_case+0x170/0x3f0 [ 17.585310] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.585366] kthread+0x328/0x630 [ 17.585412] ret_from_fork+0x10/0x20 [ 17.585567] [ 17.585605] Allocated by task 138: [ 17.585720] kasan_save_stack+0x3c/0x68 [ 17.585784] kasan_save_track+0x20/0x40 [ 17.585820] kasan_save_alloc_info+0x40/0x58 [ 17.585870] __kasan_kmalloc+0xd4/0xd8 [ 17.585904] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.585943] kmalloc_oob_right+0xb0/0x660 [ 17.585980] kunit_try_run_case+0x170/0x3f0 [ 17.586018] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.586063] kthread+0x328/0x630 [ 17.586097] ret_from_fork+0x10/0x20 [ 17.586151] [ 17.586210] The buggy address belongs to the object at fff00000c5bdc500 [ 17.586210] which belongs to the cache kmalloc-128 of size 128 [ 17.586302] The buggy address is located 0 bytes to the right of [ 17.586302] allocated 115-byte region [fff00000c5bdc500, fff00000c5bdc573) [ 17.586369] [ 17.586449] The buggy address belongs to the physical page: [ 17.586646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 17.586924] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.587229] page_type: f5(slab) [ 17.587513] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.587577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.587691] page dumped because: kasan: bad access detected [ 17.587730] [ 17.587755] Memory state around the buggy address: [ 17.588007] fff00000c5bdc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.588080] fff00000c5bdc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.588137] >fff00000c5bdc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.588193] ^ [ 17.588273] fff00000c5bdc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.588317] fff00000c5bdc600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.588382] ================================================================== [ 17.589455] ================================================================== [ 17.589500] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 17.589971] Write of size 1 at addr fff00000c5bdc578 by task kunit_try_catch/138 [ 17.590060] [ 17.590099] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 17.590627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.590736] Hardware name: linux,dummy-virt (DT) [ 17.590780] Call trace: [ 17.590987] show_stack+0x20/0x38 (C) [ 17.591048] dump_stack_lvl+0x8c/0xd0 [ 17.591094] print_report+0x118/0x608 [ 17.591138] kasan_report+0xdc/0x128 [ 17.591189] __asan_report_store1_noabort+0x20/0x30 [ 17.591261] kmalloc_oob_right+0x538/0x660 [ 17.591639] kunit_try_run_case+0x170/0x3f0 [ 17.591761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.592077] kthread+0x328/0x630 [ 17.592170] ret_from_fork+0x10/0x20 [ 17.592270] [ 17.592427] Allocated by task 138: [ 17.592601] kasan_save_stack+0x3c/0x68 [ 17.592794] kasan_save_track+0x20/0x40 [ 17.592995] kasan_save_alloc_info+0x40/0x58 [ 17.593192] __kasan_kmalloc+0xd4/0xd8 [ 17.593240] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.593278] kmalloc_oob_right+0xb0/0x660 [ 17.593317] kunit_try_run_case+0x170/0x3f0 [ 17.593367] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.593411] kthread+0x328/0x630 [ 17.593446] ret_from_fork+0x10/0x20 [ 17.593691] [ 17.593790] The buggy address belongs to the object at fff00000c5bdc500 [ 17.593790] which belongs to the cache kmalloc-128 of size 128 [ 17.594182] The buggy address is located 5 bytes to the right of [ 17.594182] allocated 115-byte region [fff00000c5bdc500, fff00000c5bdc573) [ 17.594386] [ 17.594471] The buggy address belongs to the physical page: [ 17.594592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 17.594844] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.595007] page_type: f5(slab) [ 17.595101] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.595352] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.595507] page dumped because: kasan: bad access detected [ 17.595564] [ 17.595624] Memory state around the buggy address: [ 17.595768] fff00000c5bdc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.595822] fff00000c5bdc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.596042] >fff00000c5bdc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.596088] ^ [ 17.596155] fff00000c5bdc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.596488] fff00000c5bdc600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.596560] ==================================================================
[ 10.173973] ================================================================== [ 10.174649] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.175292] Write of size 1 at addr ffff8881029eaf78 by task kunit_try_catch/155 [ 10.176040] [ 10.176155] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.176209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.176221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.176242] Call Trace: [ 10.176268] <TASK> [ 10.176286] dump_stack_lvl+0x73/0xb0 [ 10.176312] print_report+0xd1/0x650 [ 10.176334] ? __virt_addr_valid+0x1db/0x2d0 [ 10.176356] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.176376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.176398] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.176419] kasan_report+0x141/0x180 [ 10.176441] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.176467] __asan_report_store1_noabort+0x1b/0x30 [ 10.176487] kmalloc_oob_right+0x6bd/0x7f0 [ 10.176509] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.176531] ? __schedule+0x10cc/0x2b60 [ 10.176554] ? __pfx_read_tsc+0x10/0x10 [ 10.176574] ? ktime_get_ts64+0x86/0x230 [ 10.176598] kunit_try_run_case+0x1a5/0x480 [ 10.176623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.176644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.176667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.176689] ? __kthread_parkme+0x82/0x180 [ 10.176711] ? preempt_count_sub+0x50/0x80 [ 10.176736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.176759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.176781] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.176803] kthread+0x337/0x6f0 [ 10.176819] ? trace_preempt_on+0x20/0xc0 [ 10.176842] ? __pfx_kthread+0x10/0x10 [ 10.176859] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.176880] ? calculate_sigpending+0x7b/0xa0 [ 10.176901] ? __pfx_kthread+0x10/0x10 [ 10.176931] ret_from_fork+0x41/0x80 [ 10.176951] ? __pfx_kthread+0x10/0x10 [ 10.176968] ret_from_fork_asm+0x1a/0x30 [ 10.176997] </TASK> [ 10.177007] [ 10.186562] Allocated by task 155: [ 10.186938] kasan_save_stack+0x45/0x70 [ 10.187366] kasan_save_track+0x18/0x40 [ 10.187722] kasan_save_alloc_info+0x3b/0x50 [ 10.188117] __kasan_kmalloc+0xb7/0xc0 [ 10.188460] __kmalloc_cache_noprof+0x189/0x420 [ 10.188901] kmalloc_oob_right+0xa9/0x7f0 [ 10.189287] kunit_try_run_case+0x1a5/0x480 [ 10.189683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.190155] kthread+0x337/0x6f0 [ 10.190359] ret_from_fork+0x41/0x80 [ 10.190495] ret_from_fork_asm+0x1a/0x30 [ 10.190654] [ 10.190727] The buggy address belongs to the object at ffff8881029eaf00 [ 10.190727] which belongs to the cache kmalloc-128 of size 128 [ 10.191098] The buggy address is located 5 bytes to the right of [ 10.191098] allocated 115-byte region [ffff8881029eaf00, ffff8881029eaf73) [ 10.191467] [ 10.191540] The buggy address belongs to the physical page: [ 10.191812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ea [ 10.192064] flags: 0x200000000000000(node=0|zone=2) [ 10.192228] page_type: f5(slab) [ 10.192358] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.192639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.193127] page dumped because: kasan: bad access detected [ 10.193299] [ 10.193366] Memory state around the buggy address: [ 10.193521] ffff8881029eae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.193769] ffff8881029eae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.194014] >ffff8881029eaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.194224] ^ [ 10.194435] ffff8881029eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.194676] ffff8881029eb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.195263] ================================================================== [ 10.196237] ================================================================== [ 10.196481] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.196738] Read of size 1 at addr ffff8881029eaf80 by task kunit_try_catch/155 [ 10.197353] [ 10.197526] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.197571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.197582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.197603] Call Trace: [ 10.197621] <TASK> [ 10.197638] dump_stack_lvl+0x73/0xb0 [ 10.197663] print_report+0xd1/0x650 [ 10.197685] ? __virt_addr_valid+0x1db/0x2d0 [ 10.197706] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.197727] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.197748] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.197770] kasan_report+0x141/0x180 [ 10.197792] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.197818] __asan_report_load1_noabort+0x18/0x20 [ 10.197838] kmalloc_oob_right+0x68a/0x7f0 [ 10.197859] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.197882] ? __schedule+0x10cc/0x2b60 [ 10.197905] ? __pfx_read_tsc+0x10/0x10 [ 10.197935] ? ktime_get_ts64+0x86/0x230 [ 10.197960] kunit_try_run_case+0x1a5/0x480 [ 10.197985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.198006] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.198029] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.198051] ? __kthread_parkme+0x82/0x180 [ 10.198073] ? preempt_count_sub+0x50/0x80 [ 10.198098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.198121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.198143] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.198165] kthread+0x337/0x6f0 [ 10.198182] ? trace_preempt_on+0x20/0xc0 [ 10.198205] ? __pfx_kthread+0x10/0x10 [ 10.198222] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.198243] ? calculate_sigpending+0x7b/0xa0 [ 10.198264] ? __pfx_kthread+0x10/0x10 [ 10.198282] ret_from_fork+0x41/0x80 [ 10.198301] ? __pfx_kthread+0x10/0x10 [ 10.198319] ret_from_fork_asm+0x1a/0x30 [ 10.198349] </TASK> [ 10.198359] [ 10.209275] Allocated by task 155: [ 10.209413] kasan_save_stack+0x45/0x70 [ 10.209572] kasan_save_track+0x18/0x40 [ 10.209927] kasan_save_alloc_info+0x3b/0x50 [ 10.210346] __kasan_kmalloc+0xb7/0xc0 [ 10.210723] __kmalloc_cache_noprof+0x189/0x420 [ 10.211167] kmalloc_oob_right+0xa9/0x7f0 [ 10.211612] kunit_try_run_case+0x1a5/0x480 [ 10.211961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.212160] kthread+0x337/0x6f0 [ 10.212327] ret_from_fork+0x41/0x80 [ 10.212475] ret_from_fork_asm+0x1a/0x30 [ 10.212684] [ 10.212778] The buggy address belongs to the object at ffff8881029eaf00 [ 10.212778] which belongs to the cache kmalloc-128 of size 128 [ 10.213241] The buggy address is located 13 bytes to the right of [ 10.213241] allocated 115-byte region [ffff8881029eaf00, ffff8881029eaf73) [ 10.213709] [ 10.213787] The buggy address belongs to the physical page: [ 10.214069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ea [ 10.214401] flags: 0x200000000000000(node=0|zone=2) [ 10.214574] page_type: f5(slab) [ 10.214747] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.215109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.215385] page dumped because: kasan: bad access detected [ 10.215578] [ 10.215673] Memory state around the buggy address: [ 10.215928] ffff8881029eae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.216255] ffff8881029eaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.216503] >ffff8881029eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.216937] ^ [ 10.217099] ffff8881029eb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.217371] ffff8881029eb080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.217609] ================================================================== [ 10.137295] ================================================================== [ 10.137928] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.139004] Write of size 1 at addr ffff8881029eaf73 by task kunit_try_catch/155 [ 10.139639] [ 10.140734] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.141027] Tainted: [N]=TEST [ 10.141059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.141289] Call Trace: [ 10.141356] <TASK> [ 10.141501] dump_stack_lvl+0x73/0xb0 [ 10.141583] print_report+0xd1/0x650 [ 10.141613] ? __virt_addr_valid+0x1db/0x2d0 [ 10.141636] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.141658] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.141680] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.141701] kasan_report+0x141/0x180 [ 10.141723] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.141749] __asan_report_store1_noabort+0x1b/0x30 [ 10.141770] kmalloc_oob_right+0x6f0/0x7f0 [ 10.141792] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.141814] ? __schedule+0x10cc/0x2b60 [ 10.141837] ? __pfx_read_tsc+0x10/0x10 [ 10.141857] ? ktime_get_ts64+0x86/0x230 [ 10.141884] kunit_try_run_case+0x1a5/0x480 [ 10.141910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.141942] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.141966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.141989] ? __kthread_parkme+0x82/0x180 [ 10.142013] ? preempt_count_sub+0x50/0x80 [ 10.142038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.142061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.142083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.142105] kthread+0x337/0x6f0 [ 10.142122] ? trace_preempt_on+0x20/0xc0 [ 10.142146] ? __pfx_kthread+0x10/0x10 [ 10.142163] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.142184] ? calculate_sigpending+0x7b/0xa0 [ 10.142205] ? __pfx_kthread+0x10/0x10 [ 10.142223] ret_from_fork+0x41/0x80 [ 10.142243] ? __pfx_kthread+0x10/0x10 [ 10.142260] ret_from_fork_asm+0x1a/0x30 [ 10.142312] </TASK> [ 10.142374] [ 10.152743] Allocated by task 155: [ 10.153325] kasan_save_stack+0x45/0x70 [ 10.154064] kasan_save_track+0x18/0x40 [ 10.154559] kasan_save_alloc_info+0x3b/0x50 [ 10.155166] __kasan_kmalloc+0xb7/0xc0 [ 10.155653] __kmalloc_cache_noprof+0x189/0x420 [ 10.156057] kmalloc_oob_right+0xa9/0x7f0 [ 10.156543] kunit_try_run_case+0x1a5/0x480 [ 10.156853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.157051] kthread+0x337/0x6f0 [ 10.157172] ret_from_fork+0x41/0x80 [ 10.157303] ret_from_fork_asm+0x1a/0x30 [ 10.157489] [ 10.157956] The buggy address belongs to the object at ffff8881029eaf00 [ 10.157956] which belongs to the cache kmalloc-128 of size 128 [ 10.159824] The buggy address is located 0 bytes to the right of [ 10.159824] allocated 115-byte region [ffff8881029eaf00, ffff8881029eaf73) [ 10.161426] [ 10.161831] The buggy address belongs to the physical page: [ 10.162814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ea [ 10.163906] flags: 0x200000000000000(node=0|zone=2) [ 10.165070] page_type: f5(slab) [ 10.166010] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.166857] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.167423] page dumped because: kasan: bad access detected [ 10.167619] [ 10.167828] Memory state around the buggy address: [ 10.168584] ffff8881029eae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.169354] ffff8881029eae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.170230] >ffff8881029eaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.171033] ^ [ 10.171294] ffff8881029eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.171510] ffff8881029eb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.171964] ==================================================================