Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 18.933077] ================================================================== [ 18.939578] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 18.946521] Write of size 1 at addr ffff000801ad8d73 by task kunit_try_catch/183 [ 18.953898] [ 18.955385] CPU: 4 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1 #1 PREEMPT [ 18.955443] Tainted: [N]=TEST [ 18.955455] Hardware name: WinLink E850-96 board (DT) [ 18.955475] Call trace: [ 18.955486] show_stack+0x20/0x38 (C) [ 18.955526] dump_stack_lvl+0x8c/0xd0 [ 18.955562] print_report+0x118/0x608 [ 18.955598] kasan_report+0xdc/0x128 [ 18.955633] __asan_report_store1_noabort+0x20/0x30 [ 18.955666] kmalloc_oob_right+0x5a4/0x660 [ 18.955695] kunit_try_run_case+0x170/0x3f0 [ 18.955732] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.955774] kthread+0x328/0x630 [ 18.955802] ret_from_fork+0x10/0x20 [ 18.955838] [ 19.017006] Allocated by task 183: [ 19.020393] kasan_save_stack+0x3c/0x68 [ 19.024209] kasan_save_track+0x20/0x40 [ 19.028028] kasan_save_alloc_info+0x40/0x58 [ 19.032281] __kasan_kmalloc+0xd4/0xd8 [ 19.036014] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.040529] kmalloc_oob_right+0xb0/0x660 [ 19.044523] kunit_try_run_case+0x170/0x3f0 [ 19.048688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.054156] kthread+0x328/0x630 [ 19.057368] ret_from_fork+0x10/0x20 [ 19.060927] [ 19.062404] The buggy address belongs to the object at ffff000801ad8d00 [ 19.062404] which belongs to the cache kmalloc-128 of size 128 [ 19.074905] The buggy address is located 0 bytes to the right of [ 19.074905] allocated 115-byte region [ffff000801ad8d00, ffff000801ad8d73) [ 19.087836] [ 19.089316] The buggy address belongs to the physical page: [ 19.094872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ad8 [ 19.102856] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.110494] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.117438] page_type: f5(slab) [ 19.120575] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.128294] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.136022] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.143832] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.151645] head: 0bfffe0000000001 fffffdffe006b601 00000000ffffffff 00000000ffffffff [ 19.159456] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.167262] page dumped because: kasan: bad access detected [ 19.172818] [ 19.174293] Memory state around the buggy address: [ 19.179074] ffff000801ad8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.186277] ffff000801ad8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.193481] >ffff000801ad8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.200682] ^ [ 19.207543] ffff000801ad8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.214750] ffff000801ad8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.221951] ================================================================== [ 19.234510] ================================================================== [ 19.241659] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 19.248598] Write of size 1 at addr ffff000801ad8d78 by task kunit_try_catch/183 [ 19.255977] [ 19.257461] CPU: 4 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.257514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.257528] Hardware name: WinLink E850-96 board (DT) [ 19.257549] Call trace: [ 19.257561] show_stack+0x20/0x38 (C) [ 19.257593] dump_stack_lvl+0x8c/0xd0 [ 19.257628] print_report+0x118/0x608 [ 19.257663] kasan_report+0xdc/0x128 [ 19.257695] __asan_report_store1_noabort+0x20/0x30 [ 19.257726] kmalloc_oob_right+0x538/0x660 [ 19.257756] kunit_try_run_case+0x170/0x3f0 [ 19.257791] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.257829] kthread+0x328/0x630 [ 19.257856] ret_from_fork+0x10/0x20 [ 19.257891] [ 19.320300] Allocated by task 183: [ 19.323685] kasan_save_stack+0x3c/0x68 [ 19.327503] kasan_save_track+0x20/0x40 [ 19.331322] kasan_save_alloc_info+0x40/0x58 [ 19.335576] __kasan_kmalloc+0xd4/0xd8 [ 19.339309] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.343822] kmalloc_oob_right+0xb0/0x660 [ 19.347817] kunit_try_run_case+0x170/0x3f0 [ 19.351982] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.357451] kthread+0x328/0x630 [ 19.360662] ret_from_fork+0x10/0x20 [ 19.364221] [ 19.365698] The buggy address belongs to the object at ffff000801ad8d00 [ 19.365698] which belongs to the cache kmalloc-128 of size 128 [ 19.378199] The buggy address is located 5 bytes to the right of [ 19.378199] allocated 115-byte region [ffff000801ad8d00, ffff000801ad8d73) [ 19.391130] [ 19.392606] The buggy address belongs to the physical page: [ 19.398166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ad8 [ 19.406149] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.413788] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.420732] page_type: f5(slab) [ 19.423869] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.431588] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.439315] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.447126] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.454939] head: 0bfffe0000000001 fffffdffe006b601 00000000ffffffff 00000000ffffffff [ 19.462751] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.470557] page dumped because: kasan: bad access detected [ 19.476112] [ 19.477588] Memory state around the buggy address: [ 19.482367] ffff000801ad8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.489571] ffff000801ad8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.496776] >ffff000801ad8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.503976] ^ [ 19.511098] ffff000801ad8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.518302] ffff000801ad8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.525504] ================================================================== [ 19.532936] ================================================================== [ 19.539916] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 19.546858] Read of size 1 at addr ffff000801ad8d80 by task kunit_try_catch/183 [ 19.554149] [ 19.555633] CPU: 4 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.555687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.555702] Hardware name: WinLink E850-96 board (DT) [ 19.555721] Call trace: [ 19.555732] show_stack+0x20/0x38 (C) [ 19.555764] dump_stack_lvl+0x8c/0xd0 [ 19.555799] print_report+0x118/0x608 [ 19.555831] kasan_report+0xdc/0x128 [ 19.555865] __asan_report_load1_noabort+0x20/0x30 [ 19.555900] kmalloc_oob_right+0x5d0/0x660 [ 19.555929] kunit_try_run_case+0x170/0x3f0 [ 19.555961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.555998] kthread+0x328/0x630 [ 19.556025] ret_from_fork+0x10/0x20 [ 19.556055] [ 19.618384] Allocated by task 183: [ 19.621770] kasan_save_stack+0x3c/0x68 [ 19.625589] kasan_save_track+0x20/0x40 [ 19.629408] kasan_save_alloc_info+0x40/0x58 [ 19.633662] __kasan_kmalloc+0xd4/0xd8 [ 19.637394] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.641908] kmalloc_oob_right+0xb0/0x660 [ 19.645902] kunit_try_run_case+0x170/0x3f0 [ 19.650068] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.655536] kthread+0x328/0x630 [ 19.658748] ret_from_fork+0x10/0x20 [ 19.662307] [ 19.663784] The buggy address belongs to the object at ffff000801ad8d00 [ 19.663784] which belongs to the cache kmalloc-128 of size 128 [ 19.676283] The buggy address is located 13 bytes to the right of [ 19.676283] allocated 115-byte region [ffff000801ad8d00, ffff000801ad8d73) [ 19.689303] [ 19.690781] The buggy address belongs to the physical page: [ 19.696337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ad8 [ 19.704322] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.711959] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.718903] page_type: f5(slab) [ 19.722038] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.729761] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.737487] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.745299] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.753112] head: 0bfffe0000000001 fffffdffe006b601 00000000ffffffff 00000000ffffffff [ 19.760924] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.768729] page dumped because: kasan: bad access detected [ 19.774284] [ 19.775760] Memory state around the buggy address: [ 19.780538] ffff000801ad8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.787743] ffff000801ad8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.794947] >ffff000801ad8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.802149] ^ [ 19.805364] ffff000801ad8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.812569] ffff000801ad8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.819770] ==================================================================
[ 24.517575] ================================================================== [ 24.518436] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 24.520829] Write of size 1 at addr fff00000c6507173 by task kunit_try_catch/136 [ 24.521108] [ 24.523703] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1 #1 PREEMPT [ 24.524372] Tainted: [N]=TEST [ 24.524457] Hardware name: linux,dummy-virt (DT) [ 24.526083] Call trace: [ 24.527217] show_stack+0x20/0x38 (C) [ 24.527866] dump_stack_lvl+0x8c/0xd0 [ 24.528112] print_report+0x118/0x608 [ 24.528277] kasan_report+0xdc/0x128 [ 24.528425] __asan_report_store1_noabort+0x20/0x30 [ 24.528608] kmalloc_oob_right+0x5a4/0x660 [ 24.528817] kunit_try_run_case+0x170/0x3f0 [ 24.529022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.529175] kthread+0x328/0x630 [ 24.529310] ret_from_fork+0x10/0x20 [ 24.529822] [ 24.529923] Allocated by task 136: [ 24.530710] kasan_save_stack+0x3c/0x68 [ 24.531613] kasan_save_track+0x20/0x40 [ 24.531922] kasan_save_alloc_info+0x40/0x58 [ 24.532663] __kasan_kmalloc+0xd4/0xd8 [ 24.532765] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.533763] kmalloc_oob_right+0xb0/0x660 [ 24.533865] kunit_try_run_case+0x170/0x3f0 [ 24.533973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.534079] kthread+0x328/0x630 [ 24.534167] ret_from_fork+0x10/0x20 [ 24.534307] [ 24.536437] The buggy address belongs to the object at fff00000c6507100 [ 24.536437] which belongs to the cache kmalloc-128 of size 128 [ 24.539040] The buggy address is located 0 bytes to the right of [ 24.539040] allocated 115-byte region [fff00000c6507100, fff00000c6507173) [ 24.539253] [ 24.539581] The buggy address belongs to the physical page: [ 24.540288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 24.542202] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.544384] page_type: f5(slab) [ 24.544773] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.544855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.545057] page dumped because: kasan: bad access detected [ 24.545266] [ 24.545473] Memory state around the buggy address: [ 24.546463] fff00000c6507000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.546628] fff00000c6507080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.546795] >fff00000c6507100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.546982] ^ [ 24.547183] fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.547317] fff00000c6507200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.547511] ================================================================== [ 24.564923] ================================================================== [ 24.565039] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 24.565149] Read of size 1 at addr fff00000c6507180 by task kunit_try_catch/136 [ 24.565259] [ 24.565332] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.565522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.565592] Hardware name: linux,dummy-virt (DT) [ 24.565669] Call trace: [ 24.565728] show_stack+0x20/0x38 (C) [ 24.565859] dump_stack_lvl+0x8c/0xd0 [ 24.566381] print_report+0x118/0x608 [ 24.566506] kasan_report+0xdc/0x128 [ 24.566620] __asan_report_load1_noabort+0x20/0x30 [ 24.566742] kmalloc_oob_right+0x5d0/0x660 [ 24.566969] kunit_try_run_case+0x170/0x3f0 [ 24.567106] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.567348] kthread+0x328/0x630 [ 24.567459] ret_from_fork+0x10/0x20 [ 24.567570] [ 24.567615] Allocated by task 136: [ 24.567677] kasan_save_stack+0x3c/0x68 [ 24.567771] kasan_save_track+0x20/0x40 [ 24.567861] kasan_save_alloc_info+0x40/0x58 [ 24.567990] __kasan_kmalloc+0xd4/0xd8 [ 24.568090] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.568194] kmalloc_oob_right+0xb0/0x660 [ 24.568289] kunit_try_run_case+0x170/0x3f0 [ 24.568380] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.568483] kthread+0x328/0x630 [ 24.571844] ret_from_fork+0x10/0x20 [ 24.572959] [ 24.573018] The buggy address belongs to the object at fff00000c6507100 [ 24.573018] which belongs to the cache kmalloc-128 of size 128 [ 24.573163] The buggy address is located 13 bytes to the right of [ 24.573163] allocated 115-byte region [fff00000c6507100, fff00000c6507173) [ 24.573555] [ 24.573780] The buggy address belongs to the physical page: [ 24.573853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 24.574884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.576473] page_type: f5(slab) [ 24.576576] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.576704] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.576813] page dumped because: kasan: bad access detected [ 24.576894] [ 24.577924] Memory state around the buggy address: [ 24.578047] fff00000c6507080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578155] fff00000c6507100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.578257] >fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578348] ^ [ 24.578414] fff00000c6507200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578514] fff00000c6507280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.578607] ================================================================== [ 24.549858] ================================================================== [ 24.550022] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 24.550189] Write of size 1 at addr fff00000c6507178 by task kunit_try_catch/136 [ 24.550317] [ 24.550454] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.550769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.550839] Hardware name: linux,dummy-virt (DT) [ 24.550929] Call trace: [ 24.551000] show_stack+0x20/0x38 (C) [ 24.551254] dump_stack_lvl+0x8c/0xd0 [ 24.551492] print_report+0x118/0x608 [ 24.551638] kasan_report+0xdc/0x128 [ 24.551765] __asan_report_store1_noabort+0x20/0x30 [ 24.551885] kmalloc_oob_right+0x538/0x660 [ 24.552023] kunit_try_run_case+0x170/0x3f0 [ 24.552140] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.552274] kthread+0x328/0x630 [ 24.553226] ret_from_fork+0x10/0x20 [ 24.553990] [ 24.554105] Allocated by task 136: [ 24.554188] kasan_save_stack+0x3c/0x68 [ 24.554959] kasan_save_track+0x20/0x40 [ 24.555175] kasan_save_alloc_info+0x40/0x58 [ 24.555284] __kasan_kmalloc+0xd4/0xd8 [ 24.555387] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.555491] kmalloc_oob_right+0xb0/0x660 [ 24.555585] kunit_try_run_case+0x170/0x3f0 [ 24.556048] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.556358] kthread+0x328/0x630 [ 24.556859] ret_from_fork+0x10/0x20 [ 24.556978] [ 24.557028] The buggy address belongs to the object at fff00000c6507100 [ 24.557028] which belongs to the cache kmalloc-128 of size 128 [ 24.557192] The buggy address is located 5 bytes to the right of [ 24.557192] allocated 115-byte region [fff00000c6507100, fff00000c6507173) [ 24.557346] [ 24.557725] The buggy address belongs to the physical page: [ 24.557811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507 [ 24.558441] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.558560] page_type: f5(slab) [ 24.558650] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.558768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.559161] page dumped because: kasan: bad access detected [ 24.559258] [ 24.559416] Memory state around the buggy address: [ 24.559638] fff00000c6507000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.559898] fff00000c6507080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.560359] >fff00000c6507100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.560740] ^ [ 24.561003] fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561130] fff00000c6507200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561503] ==================================================================
[ 24.656119] ================================================================== [ 24.656208] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 24.656314] Write of size 1 at addr fff00000c56e6f78 by task kunit_try_catch/136 [ 24.656433] [ 24.656499] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.656684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.656747] Hardware name: linux,dummy-virt (DT) [ 24.658605] Call trace: [ 24.658673] show_stack+0x20/0x38 (C) [ 24.658808] dump_stack_lvl+0x8c/0xd0 [ 24.659015] print_report+0x118/0x608 [ 24.659149] kasan_report+0xdc/0x128 [ 24.659274] __asan_report_store1_noabort+0x20/0x30 [ 24.659417] kmalloc_oob_right+0x538/0x660 [ 24.659559] kunit_try_run_case+0x170/0x3f0 [ 24.659816] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.659972] kthread+0x328/0x630 [ 24.660083] ret_from_fork+0x10/0x20 [ 24.660198] [ 24.660241] Allocated by task 136: [ 24.660322] kasan_save_stack+0x3c/0x68 [ 24.660516] kasan_save_track+0x20/0x40 [ 24.660706] kasan_save_alloc_info+0x40/0x58 [ 24.661091] __kasan_kmalloc+0xd4/0xd8 [ 24.661203] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.661313] kmalloc_oob_right+0xb0/0x660 [ 24.661473] kunit_try_run_case+0x170/0x3f0 [ 24.661570] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.661671] kthread+0x328/0x630 [ 24.661749] ret_from_fork+0x10/0x20 [ 24.661860] [ 24.661952] The buggy address belongs to the object at fff00000c56e6f00 [ 24.661952] which belongs to the cache kmalloc-128 of size 128 [ 24.662151] The buggy address is located 5 bytes to the right of [ 24.662151] allocated 115-byte region [fff00000c56e6f00, fff00000c56e6f73) [ 24.662569] [ 24.662685] The buggy address belongs to the physical page: [ 24.662824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e6 [ 24.662981] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.663173] page_type: f5(slab) [ 24.663282] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.663419] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.663521] page dumped because: kasan: bad access detected [ 24.663624] [ 24.663685] Memory state around the buggy address: [ 24.663816] fff00000c56e6e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.663979] fff00000c56e6e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.664136] >fff00000c56e6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.664273] ^ [ 24.664389] fff00000c56e6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.664506] fff00000c56e7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.664600] ================================================================== [ 24.644447] ================================================================== [ 24.644858] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 24.646263] Write of size 1 at addr fff00000c56e6f73 by task kunit_try_catch/136 [ 24.646398] [ 24.647340] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1 #1 PREEMPT [ 24.647518] Tainted: [N]=TEST [ 24.647564] Hardware name: linux,dummy-virt (DT) [ 24.647869] Call trace: [ 24.648076] show_stack+0x20/0x38 (C) [ 24.648243] dump_stack_lvl+0x8c/0xd0 [ 24.648330] print_report+0x118/0x608 [ 24.648397] kasan_report+0xdc/0x128 [ 24.648454] __asan_report_store1_noabort+0x20/0x30 [ 24.648513] kmalloc_oob_right+0x5a4/0x660 [ 24.648569] kunit_try_run_case+0x170/0x3f0 [ 24.648631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.648695] kthread+0x328/0x630 [ 24.648749] ret_from_fork+0x10/0x20 [ 24.648953] [ 24.649005] Allocated by task 136: [ 24.649279] kasan_save_stack+0x3c/0x68 [ 24.649373] kasan_save_track+0x20/0x40 [ 24.649426] kasan_save_alloc_info+0x40/0x58 [ 24.649475] __kasan_kmalloc+0xd4/0xd8 [ 24.649518] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.649568] kmalloc_oob_right+0xb0/0x660 [ 24.649611] kunit_try_run_case+0x170/0x3f0 [ 24.649657] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.649708] kthread+0x328/0x630 [ 24.649747] ret_from_fork+0x10/0x20 [ 24.649815] [ 24.649955] The buggy address belongs to the object at fff00000c56e6f00 [ 24.649955] which belongs to the cache kmalloc-128 of size 128 [ 24.650078] The buggy address is located 0 bytes to the right of [ 24.650078] allocated 115-byte region [fff00000c56e6f00, fff00000c56e6f73) [ 24.650164] [ 24.650264] The buggy address belongs to the physical page: [ 24.650473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e6 [ 24.650787] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.651158] page_type: f5(slab) [ 24.651505] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.651583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.651714] page dumped because: kasan: bad access detected [ 24.651768] [ 24.651814] Memory state around the buggy address: [ 24.652095] fff00000c56e6e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.652182] fff00000c56e6e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.652250] >fff00000c56e6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.652319] ^ [ 24.652422] fff00000c56e6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.652474] fff00000c56e7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.652548] ================================================================== [ 24.666793] ================================================================== [ 24.668069] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 24.668184] Read of size 1 at addr fff00000c56e6f80 by task kunit_try_catch/136 [ 24.669283] [ 24.669363] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.670157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.670225] Hardware name: linux,dummy-virt (DT) [ 24.671164] Call trace: [ 24.671693] show_stack+0x20/0x38 (C) [ 24.671832] dump_stack_lvl+0x8c/0xd0 [ 24.671966] print_report+0x118/0x608 [ 24.673775] kasan_report+0xdc/0x128 [ 24.674712] __asan_report_load1_noabort+0x20/0x30 [ 24.674996] kmalloc_oob_right+0x5d0/0x660 [ 24.675428] kunit_try_run_case+0x170/0x3f0 [ 24.675597] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.675728] kthread+0x328/0x630 [ 24.676245] ret_from_fork+0x10/0x20 [ 24.676372] [ 24.676417] Allocated by task 136: [ 24.676482] kasan_save_stack+0x3c/0x68 [ 24.676612] kasan_save_track+0x20/0x40 [ 24.676780] kasan_save_alloc_info+0x40/0x58 [ 24.676903] __kasan_kmalloc+0xd4/0xd8 [ 24.677012] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.677126] kmalloc_oob_right+0xb0/0x660 [ 24.677233] kunit_try_run_case+0x170/0x3f0 [ 24.678059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.678178] kthread+0x328/0x630 [ 24.678266] ret_from_fork+0x10/0x20 [ 24.678719] [ 24.678770] The buggy address belongs to the object at fff00000c56e6f00 [ 24.678770] which belongs to the cache kmalloc-128 of size 128 [ 24.679035] The buggy address is located 13 bytes to the right of [ 24.679035] allocated 115-byte region [fff00000c56e6f00, fff00000c56e6f73) [ 24.679191] [ 24.679238] The buggy address belongs to the physical page: [ 24.679307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056e6 [ 24.679435] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.679714] page_type: f5(slab) [ 24.679955] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.680370] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.680551] page dumped because: kasan: bad access detected [ 24.680694] [ 24.680789] Memory state around the buggy address: [ 24.680960] fff00000c56e6e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.681069] fff00000c56e6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.681185] >fff00000c56e6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.681359] ^ [ 24.681890] fff00000c56e7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.682691] fff00000c56e7080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 24.682917] ==================================================================
[ 17.278125] ================================================================== [ 17.278804] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 17.279352] Read of size 1 at addr ffff888101b20780 by task kunit_try_catch/154 [ 17.280270] [ 17.280551] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.280661] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.280697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.280755] Call Trace: [ 17.280805] <TASK> [ 17.280856] dump_stack_lvl+0x73/0xb0 [ 17.280955] print_report+0xd1/0x650 [ 17.281031] ? __virt_addr_valid+0x1db/0x2d0 [ 17.281101] ? kmalloc_oob_right+0x68a/0x7f0 [ 17.281174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.281306] ? kmalloc_oob_right+0x68a/0x7f0 [ 17.281386] kasan_report+0x141/0x180 [ 17.281463] ? kmalloc_oob_right+0x68a/0x7f0 [ 17.281566] __asan_report_load1_noabort+0x18/0x20 [ 17.281648] kmalloc_oob_right+0x68a/0x7f0 [ 17.281712] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 17.281822] ? __schedule+0x10cc/0x2b60 [ 17.281885] ? __pfx_read_tsc+0x10/0x10 [ 17.281940] ? ktime_get_ts64+0x86/0x230 [ 17.282000] kunit_try_run_case+0x1a5/0x480 [ 17.282068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.282137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.282213] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.282473] ? __kthread_parkme+0x82/0x180 [ 17.282567] ? preempt_count_sub+0x50/0x80 [ 17.282629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.282696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.282765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.282841] kthread+0x337/0x6f0 [ 17.282904] ? trace_preempt_on+0x20/0xc0 [ 17.282982] ? __pfx_kthread+0x10/0x10 [ 17.283048] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.283119] ? calculate_sigpending+0x7b/0xa0 [ 17.283195] ? __pfx_kthread+0x10/0x10 [ 17.283363] ret_from_fork+0x116/0x1d0 [ 17.283433] ? __pfx_kthread+0x10/0x10 [ 17.283519] ret_from_fork_asm+0x1a/0x30 [ 17.283612] </TASK> [ 17.283649] [ 17.302365] Allocated by task 154: [ 17.303028] kasan_save_stack+0x45/0x70 [ 17.303587] kasan_save_track+0x18/0x40 [ 17.303993] kasan_save_alloc_info+0x3b/0x50 [ 17.304465] __kasan_kmalloc+0xb7/0xc0 [ 17.304911] __kmalloc_cache_noprof+0x189/0x420 [ 17.305460] kmalloc_oob_right+0xa9/0x7f0 [ 17.305978] kunit_try_run_case+0x1a5/0x480 [ 17.306552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.307025] kthread+0x337/0x6f0 [ 17.307479] ret_from_fork+0x116/0x1d0 [ 17.307880] ret_from_fork_asm+0x1a/0x30 [ 17.308246] [ 17.308491] The buggy address belongs to the object at ffff888101b20700 [ 17.308491] which belongs to the cache kmalloc-128 of size 128 [ 17.309281] The buggy address is located 13 bytes to the right of [ 17.309281] allocated 115-byte region [ffff888101b20700, ffff888101b20773) [ 17.310534] [ 17.310792] The buggy address belongs to the physical page: [ 17.311313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b20 [ 17.311946] flags: 0x200000000000000(node=0|zone=2) [ 17.312835] page_type: f5(slab) [ 17.313149] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.313908] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.314374] page dumped because: kasan: bad access detected [ 17.314936] [ 17.315357] Memory state around the buggy address: [ 17.315901] ffff888101b20680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.316901] ffff888101b20700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.317466] >ffff888101b20780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.318317] ^ [ 17.318723] ffff888101b20800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.319303] ffff888101b20880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.320567] ================================================================== [ 17.239767] ================================================================== [ 17.240487] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 17.241132] Write of size 1 at addr ffff888101b20778 by task kunit_try_catch/154 [ 17.241777] [ 17.242059] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.242187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.242270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.242340] Call Trace: [ 17.242394] <TASK> [ 17.242446] dump_stack_lvl+0x73/0xb0 [ 17.242559] print_report+0xd1/0x650 [ 17.242641] ? __virt_addr_valid+0x1db/0x2d0 [ 17.242720] ? kmalloc_oob_right+0x6bd/0x7f0 [ 17.242791] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.242869] ? kmalloc_oob_right+0x6bd/0x7f0 [ 17.242946] kasan_report+0x141/0x180 [ 17.243020] ? kmalloc_oob_right+0x6bd/0x7f0 [ 17.243104] __asan_report_store1_noabort+0x1b/0x30 [ 17.243193] kmalloc_oob_right+0x6bd/0x7f0 [ 17.243324] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 17.243407] ? __schedule+0x10cc/0x2b60 [ 17.243488] ? __pfx_read_tsc+0x10/0x10 [ 17.243586] ? ktime_get_ts64+0x86/0x230 [ 17.243670] kunit_try_run_case+0x1a5/0x480 [ 17.243753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.243821] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.243864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.243902] ? __kthread_parkme+0x82/0x180 [ 17.243935] ? preempt_count_sub+0x50/0x80 [ 17.243969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.244008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.244044] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.244081] kthread+0x337/0x6f0 [ 17.244109] ? trace_preempt_on+0x20/0xc0 [ 17.244143] ? __pfx_kthread+0x10/0x10 [ 17.244174] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.244206] ? calculate_sigpending+0x7b/0xa0 [ 17.244302] ? __pfx_kthread+0x10/0x10 [ 17.244339] ret_from_fork+0x116/0x1d0 [ 17.244367] ? __pfx_kthread+0x10/0x10 [ 17.244397] ret_from_fork_asm+0x1a/0x30 [ 17.244444] </TASK> [ 17.244459] [ 17.257540] Allocated by task 154: [ 17.257992] kasan_save_stack+0x45/0x70 [ 17.258638] kasan_save_track+0x18/0x40 [ 17.259037] kasan_save_alloc_info+0x3b/0x50 [ 17.261797] __kasan_kmalloc+0xb7/0xc0 [ 17.262253] __kmalloc_cache_noprof+0x189/0x420 [ 17.262735] kmalloc_oob_right+0xa9/0x7f0 [ 17.263113] kunit_try_run_case+0x1a5/0x480 [ 17.263675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.264122] kthread+0x337/0x6f0 [ 17.265351] ret_from_fork+0x116/0x1d0 [ 17.265727] ret_from_fork_asm+0x1a/0x30 [ 17.266067] [ 17.266216] The buggy address belongs to the object at ffff888101b20700 [ 17.266216] which belongs to the cache kmalloc-128 of size 128 [ 17.267020] The buggy address is located 5 bytes to the right of [ 17.267020] allocated 115-byte region [ffff888101b20700, ffff888101b20773) [ 17.267925] [ 17.268172] The buggy address belongs to the physical page: [ 17.268688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b20 [ 17.269297] flags: 0x200000000000000(node=0|zone=2) [ 17.269815] page_type: f5(slab) [ 17.270181] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.270869] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.271489] page dumped because: kasan: bad access detected [ 17.272007] [ 17.272203] Memory state around the buggy address: [ 17.272631] ffff888101b20600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.273323] ffff888101b20680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.273947] >ffff888101b20700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.274602] ^ [ 17.275119] ffff888101b20780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.275778] ffff888101b20800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.276340] ================================================================== [ 17.186917] ================================================================== [ 17.188264] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 17.189391] Write of size 1 at addr ffff888101b20773 by task kunit_try_catch/154 [ 17.190120] [ 17.192177] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.192691] Tainted: [N]=TEST [ 17.192747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.193022] Call Trace: [ 17.193117] <TASK> [ 17.193337] dump_stack_lvl+0x73/0xb0 [ 17.193483] print_report+0xd1/0x650 [ 17.193563] ? __virt_addr_valid+0x1db/0x2d0 [ 17.193606] ? kmalloc_oob_right+0x6f0/0x7f0 [ 17.193659] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.193695] ? kmalloc_oob_right+0x6f0/0x7f0 [ 17.193728] kasan_report+0x141/0x180 [ 17.193760] ? kmalloc_oob_right+0x6f0/0x7f0 [ 17.193799] __asan_report_store1_noabort+0x1b/0x30 [ 17.193839] kmalloc_oob_right+0x6f0/0x7f0 [ 17.193873] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 17.193908] ? __schedule+0x10cc/0x2b60 [ 17.193943] ? __pfx_read_tsc+0x10/0x10 [ 17.193976] ? ktime_get_ts64+0x86/0x230 [ 17.194012] kunit_try_run_case+0x1a5/0x480 [ 17.194054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.194091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.194130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.194165] ? __kthread_parkme+0x82/0x180 [ 17.194196] ? preempt_count_sub+0x50/0x80 [ 17.194241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.194300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.194339] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.194377] kthread+0x337/0x6f0 [ 17.194408] ? trace_preempt_on+0x20/0xc0 [ 17.194444] ? __pfx_kthread+0x10/0x10 [ 17.194475] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.194529] ? calculate_sigpending+0x7b/0xa0 [ 17.194572] ? __pfx_kthread+0x10/0x10 [ 17.194603] ret_from_fork+0x116/0x1d0 [ 17.194631] ? __pfx_kthread+0x10/0x10 [ 17.194661] ret_from_fork_asm+0x1a/0x30 [ 17.194745] </TASK> [ 17.194834] [ 17.212946] Allocated by task 154: [ 17.213828] kasan_save_stack+0x45/0x70 [ 17.214761] kasan_save_track+0x18/0x40 [ 17.215592] kasan_save_alloc_info+0x3b/0x50 [ 17.215963] __kasan_kmalloc+0xb7/0xc0 [ 17.216476] __kmalloc_cache_noprof+0x189/0x420 [ 17.216981] kmalloc_oob_right+0xa9/0x7f0 [ 17.217373] kunit_try_run_case+0x1a5/0x480 [ 17.218029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.218702] kthread+0x337/0x6f0 [ 17.219119] ret_from_fork+0x116/0x1d0 [ 17.219662] ret_from_fork_asm+0x1a/0x30 [ 17.220813] [ 17.221173] The buggy address belongs to the object at ffff888101b20700 [ 17.221173] which belongs to the cache kmalloc-128 of size 128 [ 17.222586] The buggy address is located 0 bytes to the right of [ 17.222586] allocated 115-byte region [ffff888101b20700, ffff888101b20773) [ 17.223754] [ 17.224329] The buggy address belongs to the physical page: [ 17.225475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b20 [ 17.226465] flags: 0x200000000000000(node=0|zone=2) [ 17.227735] page_type: f5(slab) [ 17.228972] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 17.229688] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.230817] page dumped because: kasan: bad access detected [ 17.231756] [ 17.232003] Memory state around the buggy address: [ 17.232984] ffff888101b20600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.233719] ffff888101b20680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.234302] >ffff888101b20700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.235085] ^ [ 17.235761] ffff888101b20780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.236362] ffff888101b20800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.236991] ==================================================================
[ 16.364063] ================================================================== [ 16.365131] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 16.366351] Write of size 1 at addr ffff8881029def73 by task kunit_try_catch/154 [ 16.367207] [ 16.369173] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.369675] Tainted: [N]=TEST [ 16.369722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.370034] Call Trace: [ 16.370177] <TASK> [ 16.370374] dump_stack_lvl+0x73/0xb0 [ 16.370488] print_report+0xd1/0x650 [ 16.370920] ? __virt_addr_valid+0x1db/0x2d0 [ 16.370970] ? kmalloc_oob_right+0x6f0/0x7f0 [ 16.371001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.371032] ? kmalloc_oob_right+0x6f0/0x7f0 [ 16.371062] kasan_report+0x141/0x180 [ 16.371092] ? kmalloc_oob_right+0x6f0/0x7f0 [ 16.371167] __asan_report_store1_noabort+0x1b/0x30 [ 16.371206] kmalloc_oob_right+0x6f0/0x7f0 [ 16.371238] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 16.371269] ? __schedule+0x10cc/0x2b60 [ 16.371302] ? __pfx_read_tsc+0x10/0x10 [ 16.371331] ? ktime_get_ts64+0x86/0x230 [ 16.371364] kunit_try_run_case+0x1a5/0x480 [ 16.371400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.371433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.371466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.371498] ? __kthread_parkme+0x82/0x180 [ 16.371567] ? preempt_count_sub+0x50/0x80 [ 16.371649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.371688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.371721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.371754] kthread+0x337/0x6f0 [ 16.371781] ? trace_preempt_on+0x20/0xc0 [ 16.371814] ? __pfx_kthread+0x10/0x10 [ 16.371841] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.371871] ? calculate_sigpending+0x7b/0xa0 [ 16.371932] ? __pfx_kthread+0x10/0x10 [ 16.371962] ret_from_fork+0x116/0x1d0 [ 16.371987] ? __pfx_kthread+0x10/0x10 [ 16.372015] ret_from_fork_asm+0x1a/0x30 [ 16.372095] </TASK> [ 16.372227] [ 16.387791] Allocated by task 154: [ 16.388432] kasan_save_stack+0x45/0x70 [ 16.388987] kasan_save_track+0x18/0x40 [ 16.389470] kasan_save_alloc_info+0x3b/0x50 [ 16.390129] __kasan_kmalloc+0xb7/0xc0 [ 16.390717] __kmalloc_cache_noprof+0x189/0x420 [ 16.391264] kmalloc_oob_right+0xa9/0x7f0 [ 16.391833] kunit_try_run_case+0x1a5/0x480 [ 16.392350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.392965] kthread+0x337/0x6f0 [ 16.393376] ret_from_fork+0x116/0x1d0 [ 16.393798] ret_from_fork_asm+0x1a/0x30 [ 16.394655] [ 16.395036] The buggy address belongs to the object at ffff8881029def00 [ 16.395036] which belongs to the cache kmalloc-128 of size 128 [ 16.396279] The buggy address is located 0 bytes to the right of [ 16.396279] allocated 115-byte region [ffff8881029def00, ffff8881029def73) [ 16.397195] [ 16.397535] The buggy address belongs to the physical page: [ 16.398625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029de [ 16.400069] flags: 0x200000000000000(node=0|zone=2) [ 16.401641] page_type: f5(slab) [ 16.402748] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.403325] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.404218] page dumped because: kasan: bad access detected [ 16.404898] [ 16.405161] Memory state around the buggy address: [ 16.406340] ffff8881029dee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.407082] ffff8881029dee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.407892] >ffff8881029def00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.408688] ^ [ 16.409301] ffff8881029def80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.409731] ffff8881029df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.410736] ================================================================== [ 16.455216] ================================================================== [ 16.455917] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 16.456547] Read of size 1 at addr ffff8881029def80 by task kunit_try_catch/154 [ 16.457250] [ 16.457460] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.457570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.457671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.457753] Call Trace: [ 16.457793] <TASK> [ 16.457858] dump_stack_lvl+0x73/0xb0 [ 16.457988] print_report+0xd1/0x650 [ 16.458070] ? __virt_addr_valid+0x1db/0x2d0 [ 16.458187] ? kmalloc_oob_right+0x68a/0x7f0 [ 16.458265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.458337] ? kmalloc_oob_right+0x68a/0x7f0 [ 16.458408] kasan_report+0x141/0x180 [ 16.458479] ? kmalloc_oob_right+0x68a/0x7f0 [ 16.458559] __asan_report_load1_noabort+0x18/0x20 [ 16.458638] kmalloc_oob_right+0x68a/0x7f0 [ 16.458757] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 16.458835] ? __schedule+0x10cc/0x2b60 [ 16.458957] ? __pfx_read_tsc+0x10/0x10 [ 16.459032] ? ktime_get_ts64+0x86/0x230 [ 16.459143] kunit_try_run_case+0x1a5/0x480 [ 16.459227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.459291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.459327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.459362] ? __kthread_parkme+0x82/0x180 [ 16.459393] ? preempt_count_sub+0x50/0x80 [ 16.459424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.459458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.459491] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.459524] kthread+0x337/0x6f0 [ 16.459550] ? trace_preempt_on+0x20/0xc0 [ 16.459580] ? __pfx_kthread+0x10/0x10 [ 16.459608] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.459639] ? calculate_sigpending+0x7b/0xa0 [ 16.459672] ? __pfx_kthread+0x10/0x10 [ 16.459701] ret_from_fork+0x116/0x1d0 [ 16.459725] ? __pfx_kthread+0x10/0x10 [ 16.459755] ret_from_fork_asm+0x1a/0x30 [ 16.459795] </TASK> [ 16.459810] [ 16.473623] Allocated by task 154: [ 16.474062] kasan_save_stack+0x45/0x70 [ 16.474608] kasan_save_track+0x18/0x40 [ 16.475077] kasan_save_alloc_info+0x3b/0x50 [ 16.475640] __kasan_kmalloc+0xb7/0xc0 [ 16.476058] __kmalloc_cache_noprof+0x189/0x420 [ 16.476592] kmalloc_oob_right+0xa9/0x7f0 [ 16.477082] kunit_try_run_case+0x1a5/0x480 [ 16.477541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.478061] kthread+0x337/0x6f0 [ 16.478547] ret_from_fork+0x116/0x1d0 [ 16.478982] ret_from_fork_asm+0x1a/0x30 [ 16.479443] [ 16.479680] The buggy address belongs to the object at ffff8881029def00 [ 16.479680] which belongs to the cache kmalloc-128 of size 128 [ 16.481024] The buggy address is located 13 bytes to the right of [ 16.481024] allocated 115-byte region [ffff8881029def00, ffff8881029def73) [ 16.483815] [ 16.484016] The buggy address belongs to the physical page: [ 16.485063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029de [ 16.486299] flags: 0x200000000000000(node=0|zone=2) [ 16.486646] page_type: f5(slab) [ 16.487039] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.487784] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.488777] page dumped because: kasan: bad access detected [ 16.489212] [ 16.489467] Memory state around the buggy address: [ 16.490060] ffff8881029dee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.490919] ffff8881029def00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.491695] >ffff8881029def80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.492781] ^ [ 16.493086] ffff8881029df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.493790] ffff8881029df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.494612] ================================================================== [ 16.414701] ================================================================== [ 16.415299] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 16.415844] Write of size 1 at addr ffff8881029def78 by task kunit_try_catch/154 [ 16.416844] [ 16.417086] CPU: 1 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.417238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.417273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.417535] Call Trace: [ 16.417584] <TASK> [ 16.417624] dump_stack_lvl+0x73/0xb0 [ 16.417710] print_report+0xd1/0x650 [ 16.417785] ? __virt_addr_valid+0x1db/0x2d0 [ 16.417833] ? kmalloc_oob_right+0x6bd/0x7f0 [ 16.417895] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.417959] ? kmalloc_oob_right+0x6bd/0x7f0 [ 16.417993] kasan_report+0x141/0x180 [ 16.418025] ? kmalloc_oob_right+0x6bd/0x7f0 [ 16.418062] __asan_report_store1_noabort+0x1b/0x30 [ 16.418113] kmalloc_oob_right+0x6bd/0x7f0 [ 16.418222] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 16.418311] ? __schedule+0x10cc/0x2b60 [ 16.418386] ? __pfx_read_tsc+0x10/0x10 [ 16.418453] ? ktime_get_ts64+0x86/0x230 [ 16.418518] kunit_try_run_case+0x1a5/0x480 [ 16.418556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.418590] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.418622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.418655] ? __kthread_parkme+0x82/0x180 [ 16.418682] ? preempt_count_sub+0x50/0x80 [ 16.418712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.418746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.418778] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.418811] kthread+0x337/0x6f0 [ 16.418837] ? trace_preempt_on+0x20/0xc0 [ 16.418867] ? __pfx_kthread+0x10/0x10 [ 16.418928] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.418959] ? calculate_sigpending+0x7b/0xa0 [ 16.418992] ? __pfx_kthread+0x10/0x10 [ 16.419020] ret_from_fork+0x116/0x1d0 [ 16.419045] ? __pfx_kthread+0x10/0x10 [ 16.419072] ret_from_fork_asm+0x1a/0x30 [ 16.419132] </TASK> [ 16.419163] [ 16.434544] Allocated by task 154: [ 16.435741] kasan_save_stack+0x45/0x70 [ 16.436801] kasan_save_track+0x18/0x40 [ 16.437802] kasan_save_alloc_info+0x3b/0x50 [ 16.438441] __kasan_kmalloc+0xb7/0xc0 [ 16.438828] __kmalloc_cache_noprof+0x189/0x420 [ 16.439273] kmalloc_oob_right+0xa9/0x7f0 [ 16.439654] kunit_try_run_case+0x1a5/0x480 [ 16.440174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.440691] kthread+0x337/0x6f0 [ 16.441084] ret_from_fork+0x116/0x1d0 [ 16.441465] ret_from_fork_asm+0x1a/0x30 [ 16.441919] [ 16.442168] The buggy address belongs to the object at ffff8881029def00 [ 16.442168] which belongs to the cache kmalloc-128 of size 128 [ 16.443163] The buggy address is located 5 bytes to the right of [ 16.443163] allocated 115-byte region [ffff8881029def00, ffff8881029def73) [ 16.444062] [ 16.444331] The buggy address belongs to the physical page: [ 16.444767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029de [ 16.445404] flags: 0x200000000000000(node=0|zone=2) [ 16.445890] page_type: f5(slab) [ 16.446352] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.447003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.447647] page dumped because: kasan: bad access detected [ 16.448337] [ 16.448681] Memory state around the buggy address: [ 16.449147] ffff8881029dee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.449617] ffff8881029dee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.450369] >ffff8881029def00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.451571] ^ [ 16.452423] ffff8881029def80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.453145] ffff8881029df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.454019] ==================================================================
[ 19.666686] ================================================================== [ 19.667393] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 19.668056] Write of size 1 at addr ffff00000cef7473 by task kunit_try_catch/189 [ 19.668739] [ 19.668906] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1 #1 PREEMPT [ 19.668954] Tainted: [N]=TEST [ 19.668965] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.668982] Call trace: [ 19.668993] show_stack+0x20/0x38 (C) [ 19.669029] dump_stack_lvl+0x8c/0xd0 [ 19.669063] print_report+0x118/0x608 [ 19.669097] kasan_report+0xdc/0x128 [ 19.669128] __asan_report_store1_noabort+0x20/0x30 [ 19.669158] kmalloc_oob_right+0x5a4/0x660 [ 19.669186] kunit_try_run_case+0x170/0x3f0 [ 19.669220] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.669258] kthread+0x328/0x630 [ 19.669284] ret_from_fork+0x10/0x20 [ 19.669315] [ 19.674793] Allocated by task 189: [ 19.675120] kasan_save_stack+0x3c/0x68 [ 19.675499] kasan_save_track+0x20/0x40 [ 19.675875] kasan_save_alloc_info+0x40/0x58 [ 19.676292] __kasan_kmalloc+0xd4/0xd8 [ 19.676658] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.677095] kmalloc_oob_right+0xb0/0x660 [ 19.677483] kunit_try_run_case+0x170/0x3f0 [ 19.677889] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.678412] kthread+0x328/0x630 [ 19.678728] ret_from_fork+0x10/0x20 [ 19.679078] [ 19.679230] The buggy address belongs to the object at ffff00000cef7400 [ 19.679230] which belongs to the cache kmalloc-128 of size 128 [ 19.680362] The buggy address is located 0 bytes to the right of [ 19.680362] allocated 115-byte region [ffff00000cef7400, ffff00000cef7473) [ 19.681535] [ 19.681689] The buggy address belongs to the physical page: [ 19.682203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xcef7 [ 19.682925] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.683535] page_type: f5(slab) [ 19.683848] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 19.684563] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.685271] page dumped because: kasan: bad access detected [ 19.685784] [ 19.685936] Memory state around the buggy address: [ 19.686385] ffff00000cef7300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.687050] ffff00000cef7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.687714] >ffff00000cef7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.688374] ^ [ 19.689006] ffff00000cef7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.689671] ffff00000cef7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.690331] ================================================================== [ 19.716600] ================================================================== [ 19.717273] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 19.717916] Read of size 1 at addr ffff00000cef7480 by task kunit_try_catch/189 [ 19.718579] [ 19.718733] CPU: 4 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.718768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.718778] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.718789] Call trace: [ 19.718798] show_stack+0x20/0x38 (C) [ 19.718822] dump_stack_lvl+0x8c/0xd0 [ 19.718845] print_report+0x118/0x608 [ 19.718867] kasan_report+0xdc/0x128 [ 19.718888] __asan_report_load1_noabort+0x20/0x30 [ 19.718912] kmalloc_oob_right+0x5d0/0x660 [ 19.718931] kunit_try_run_case+0x170/0x3f0 [ 19.718953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.718977] kthread+0x328/0x630 [ 19.718994] ret_from_fork+0x10/0x20 [ 19.719015] [ 19.724538] Allocated by task 189: [ 19.724853] kasan_save_stack+0x3c/0x68 [ 19.725216] kasan_save_track+0x20/0x40 [ 19.725577] kasan_save_alloc_info+0x40/0x58 [ 19.725977] __kasan_kmalloc+0xd4/0xd8 [ 19.726329] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.726750] kmalloc_oob_right+0xb0/0x660 [ 19.727124] kunit_try_run_case+0x170/0x3f0 [ 19.727515] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.728022] kthread+0x328/0x630 [ 19.728325] ret_from_fork+0x10/0x20 [ 19.728662] [ 19.728808] The buggy address belongs to the object at ffff00000cef7400 [ 19.728808] which belongs to the cache kmalloc-128 of size 128 [ 19.729923] The buggy address is located 13 bytes to the right of [ 19.729923] allocated 115-byte region [ffff00000cef7400, ffff00000cef7473) [ 19.731086] [ 19.731233] The buggy address belongs to the physical page: [ 19.731736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xcef7 [ 19.732446] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.733042] page_type: f5(slab) [ 19.733341] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 19.734042] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.734736] page dumped because: kasan: bad access detected [ 19.735239] [ 19.735384] Memory state around the buggy address: [ 19.735821] ffff00000cef7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.736474] ffff00000cef7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.737126] >ffff00000cef7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.737774] ^ [ 19.738074] ffff00000cef7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.738726] ffff00000cef7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.739375] ================================================================== [ 19.691851] ================================================================== [ 19.692514] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 19.693171] Write of size 1 at addr ffff00000cef7478 by task kunit_try_catch/189 [ 19.693854] [ 19.694018] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.694066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.694079] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.694096] Call trace: [ 19.694107] show_stack+0x20/0x38 (C) [ 19.694139] dump_stack_lvl+0x8c/0xd0 [ 19.694174] print_report+0x118/0x608 [ 19.694207] kasan_report+0xdc/0x128 [ 19.694238] __asan_report_store1_noabort+0x20/0x30 [ 19.694268] kmalloc_oob_right+0x538/0x660 [ 19.694296] kunit_try_run_case+0x170/0x3f0 [ 19.694330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.694366] kthread+0x328/0x630 [ 19.694392] ret_from_fork+0x10/0x20 [ 19.694423] [ 19.700003] Allocated by task 189: [ 19.700327] kasan_save_stack+0x3c/0x68 [ 19.700703] kasan_save_track+0x20/0x40 [ 19.701078] kasan_save_alloc_info+0x40/0x58 [ 19.701492] __kasan_kmalloc+0xd4/0xd8 [ 19.701858] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.702294] kmalloc_oob_right+0xb0/0x660 [ 19.702682] kunit_try_run_case+0x170/0x3f0 [ 19.703087] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.703609] kthread+0x328/0x630 [ 19.703924] ret_from_fork+0x10/0x20 [ 19.704274] [ 19.704427] The buggy address belongs to the object at ffff00000cef7400 [ 19.704427] which belongs to the cache kmalloc-128 of size 128 [ 19.705557] The buggy address is located 5 bytes to the right of [ 19.705557] allocated 115-byte region [ffff00000cef7400, ffff00000cef7473) [ 19.706730] [ 19.706884] The buggy address belongs to the physical page: [ 19.707398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xcef7 [ 19.708120] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.708730] page_type: f5(slab) [ 19.709042] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 19.709755] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.710461] page dumped because: kasan: bad access detected [ 19.710974] [ 19.711126] Memory state around the buggy address: [ 19.711573] ffff00000cef7300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.712238] ffff00000cef7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.712902] >ffff00000cef7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.713562] ^ [ 19.714217] ffff00000cef7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.714881] ffff00000cef7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.715541] ==================================================================