Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 28.697928] ================================================================== [ 28.705250] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 28.712318] Write of size 1 at addr ffff0000822c2378 by task kunit_try_catch/234 [ 28.719812] [ 28.721350] CPU: 3 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 28.721386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.721396] Hardware name: Thundercomm Dragonboard 845c (DT) [ 28.721409] Call trace: [ 28.721417] show_stack+0x20/0x38 (C) [ 28.721440] dump_stack_lvl+0x8c/0xd0 [ 28.721462] print_report+0x118/0x608 [ 28.721484] kasan_report+0xdc/0x128 [ 28.721504] __asan_report_store1_noabort+0x20/0x30 [ 28.721523] kmalloc_oob_right+0x538/0x660 [ 28.721541] kunit_try_run_case+0x170/0x3f0 [ 28.721563] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.721585] kthread+0x328/0x630 [ 28.721602] ret_from_fork+0x10/0x20 [ 28.721622] [ 28.787320] Allocated by task 234: [ 28.790777] kasan_save_stack+0x3c/0x68 [ 28.794687] kasan_save_track+0x20/0x40 [ 28.798593] kasan_save_alloc_info+0x40/0x58 [ 28.802941] __kasan_kmalloc+0xd4/0xd8 [ 28.806760] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.811370] kmalloc_oob_right+0xb0/0x660 [ 28.815445] kunit_try_run_case+0x170/0x3f0 [ 28.819705] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.825280] kthread+0x328/0x630 [ 28.828567] ret_from_fork+0x10/0x20 [ 28.832213] [ 28.833744] The buggy address belongs to the object at ffff0000822c2300 [ 28.833744] which belongs to the cache kmalloc-128 of size 128 [ 28.846409] The buggy address is located 5 bytes to the right of [ 28.846409] allocated 115-byte region [ffff0000822c2300, ffff0000822c2373) [ 28.859507] [ 28.861042] The buggy address belongs to the physical page: [ 28.866691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c2 [ 28.874802] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.882565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.889631] page_type: f5(slab) [ 28.892834] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 28.900685] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.908533] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 28.916469] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.924403] head: 0bfffe0000000001 fffffdffc208b081 00000000ffffffff 00000000ffffffff [ 28.932339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.940272] page dumped because: kasan: bad access detected [ 28.945920] [ 28.947457] Memory state around the buggy address: [ 28.952323] ffff0000822c2200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.959643] ffff0000822c2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.966963] >ffff0000822c2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.974279] ^ [ 28.981507] ffff0000822c2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.988825] ffff0000822c2400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.996142] ================================================================== [ 29.003798] ================================================================== [ 29.011125] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 29.018178] Read of size 1 at addr ffff0000822c2380 by task kunit_try_catch/234 [ 29.025584] [ 29.027124] CPU: 5 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 29.027155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.027163] Hardware name: Thundercomm Dragonboard 845c (DT) [ 29.027174] Call trace: [ 29.027180] show_stack+0x20/0x38 (C) [ 29.027198] dump_stack_lvl+0x8c/0xd0 [ 29.027216] print_report+0x118/0x608 [ 29.027234] kasan_report+0xdc/0x128 [ 29.027251] __asan_report_load1_noabort+0x20/0x30 [ 29.027267] kmalloc_oob_right+0x5d0/0x660 [ 29.027282] kunit_try_run_case+0x170/0x3f0 [ 29.027300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.027319] kthread+0x328/0x630 [ 29.027332] ret_from_fork+0x10/0x20 [ 29.027349] [ 29.092922] Allocated by task 234: [ 29.096375] kasan_save_stack+0x3c/0x68 [ 29.100280] kasan_save_track+0x20/0x40 [ 29.104185] kasan_save_alloc_info+0x40/0x58 [ 29.108518] __kasan_kmalloc+0xd4/0xd8 [ 29.112333] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.116931] kmalloc_oob_right+0xb0/0x660 [ 29.121005] kunit_try_run_case+0x170/0x3f0 [ 29.125252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.130817] kthread+0x328/0x630 [ 29.134097] ret_from_fork+0x10/0x20 [ 29.137739] [ 29.139269] The buggy address belongs to the object at ffff0000822c2300 [ 29.139269] which belongs to the cache kmalloc-128 of size 128 [ 29.151917] The buggy address is located 13 bytes to the right of [ 29.151917] allocated 115-byte region [ffff0000822c2300, ffff0000822c2373) [ 29.165101] [ 29.166624] The buggy address belongs to the physical page: [ 29.172274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c2 [ 29.180375] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.188126] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.195177] page_type: f5(slab) [ 29.198375] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 29.206214] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.214052] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 29.221975] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.229898] head: 0bfffe0000000001 fffffdffc208b081 00000000ffffffff 00000000ffffffff [ 29.237820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.245741] page dumped because: kasan: bad access detected [ 29.251378] [ 29.252909] Memory state around the buggy address: [ 29.257760] ffff0000822c2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.265073] ffff0000822c2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.272386] >ffff0000822c2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.279697] ^ [ 29.282980] ffff0000822c2400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.290292] ffff0000822c2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.297603] ================================================================== [ 28.388246] ================================================================== [ 28.395592] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 28.402664] Write of size 1 at addr ffff0000822c2373 by task kunit_try_catch/234 [ 28.410164] [ 28.411709] CPU: 3 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 28.411746] Tainted: [N]=TEST [ 28.411753] Hardware name: Thundercomm Dragonboard 845c (DT) [ 28.411770] Call trace: [ 28.411779] show_stack+0x20/0x38 (C) [ 28.411804] dump_stack_lvl+0x8c/0xd0 [ 28.411828] print_report+0x118/0x608 [ 28.411851] kasan_report+0xdc/0x128 [ 28.411870] __asan_report_store1_noabort+0x20/0x30 [ 28.411890] kmalloc_oob_right+0x5a4/0x660 [ 28.411907] kunit_try_run_case+0x170/0x3f0 [ 28.411931] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.411956] kthread+0x328/0x630 [ 28.411976] ret_from_fork+0x10/0x20 [ 28.411999] [ 28.476483] Allocated by task 234: [ 28.479952] kasan_save_stack+0x3c/0x68 [ 28.483859] kasan_save_track+0x20/0x40 [ 28.487763] kasan_save_alloc_info+0x40/0x58 [ 28.492107] __kasan_kmalloc+0xd4/0xd8 [ 28.495925] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.500536] kmalloc_oob_right+0xb0/0x660 [ 28.504612] kunit_try_run_case+0x170/0x3f0 [ 28.508871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.514439] kthread+0x328/0x630 [ 28.517726] ret_from_fork+0x10/0x20 [ 28.521370] [ 28.522901] The buggy address belongs to the object at ffff0000822c2300 [ 28.522901] which belongs to the cache kmalloc-128 of size 128 [ 28.535564] The buggy address is located 0 bytes to the right of [ 28.535564] allocated 115-byte region [ffff0000822c2300, ffff0000822c2373) [ 28.548670] [ 28.550202] The buggy address belongs to the physical page: [ 28.555850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c2 [ 28.563957] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.571718] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.578783] page_type: f5(slab) [ 28.581987] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 28.589834] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.597681] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 28.605614] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.613546] head: 0bfffe0000000001 fffffdffc208b081 00000000ffffffff 00000000ffffffff [ 28.621479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.629408] page dumped because: kasan: bad access detected [ 28.635054] [ 28.636583] Memory state around the buggy address: [ 28.641445] ffff0000822c2200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.648759] ffff0000822c2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.656073] >ffff0000822c2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.663385] ^ [ 28.670351] ffff0000822c2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.677667] ffff0000822c2400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.684979] ==================================================================
[ 32.307070] ================================================================== [ 32.307188] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 32.307308] Write of size 1 at addr fff00000c56d3e78 by task kunit_try_catch/147 [ 32.307428] [ 32.307536] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.307725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.307789] Hardware name: linux,dummy-virt (DT) [ 32.307861] Call trace: [ 32.307933] show_stack+0x20/0x38 (C) [ 32.308048] dump_stack_lvl+0x8c/0xd0 [ 32.308164] print_report+0x118/0x608 [ 32.308471] kasan_report+0xdc/0x128 [ 32.308767] __asan_report_store1_noabort+0x20/0x30 [ 32.308962] kmalloc_oob_right+0x538/0x660 [ 32.309172] kunit_try_run_case+0x170/0x3f0 [ 32.309321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.309453] kthread+0x328/0x630 [ 32.309562] ret_from_fork+0x10/0x20 [ 32.309675] [ 32.309718] Allocated by task 147: [ 32.309782] kasan_save_stack+0x3c/0x68 [ 32.309874] kasan_save_track+0x20/0x40 [ 32.310001] kasan_save_alloc_info+0x40/0x58 [ 32.310109] __kasan_kmalloc+0xd4/0xd8 [ 32.310215] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.310328] kmalloc_oob_right+0xb0/0x660 [ 32.310447] kunit_try_run_case+0x170/0x3f0 [ 32.310552] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.310757] kthread+0x328/0x630 [ 32.310882] ret_from_fork+0x10/0x20 [ 32.310992] [ 32.311037] The buggy address belongs to the object at fff00000c56d3e00 [ 32.311037] which belongs to the cache kmalloc-128 of size 128 [ 32.311162] The buggy address is located 5 bytes to the right of [ 32.311162] allocated 115-byte region [fff00000c56d3e00, fff00000c56d3e73) [ 32.311309] [ 32.311357] The buggy address belongs to the physical page: [ 32.311447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c56d3800 pfn:0x1056d3 [ 32.311710] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.311954] page_type: f5(slab) [ 32.312191] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.312465] raw: fff00000c56d3800 000000008010000f 00000000f5000000 0000000000000000 [ 32.312567] page dumped because: kasan: bad access detected [ 32.312648] [ 32.312735] Memory state around the buggy address: [ 32.312823] fff00000c56d3d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.312955] fff00000c56d3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.313065] >fff00000c56d3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.313166] ^ [ 32.313273] fff00000c56d3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.313368] fff00000c56d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.313453] ================================================================== [ 32.314407] ================================================================== [ 32.314512] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 32.314627] Read of size 1 at addr fff00000c56d3e80 by task kunit_try_catch/147 [ 32.314853] [ 32.314945] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.315175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.315376] Hardware name: linux,dummy-virt (DT) [ 32.315514] Call trace: [ 32.315629] show_stack+0x20/0x38 (C) [ 32.315758] dump_stack_lvl+0x8c/0xd0 [ 32.315903] print_report+0x118/0x608 [ 32.316025] kasan_report+0xdc/0x128 [ 32.316143] __asan_report_load1_noabort+0x20/0x30 [ 32.316284] kmalloc_oob_right+0x5d0/0x660 [ 32.316423] kunit_try_run_case+0x170/0x3f0 [ 32.316558] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.316705] kthread+0x328/0x630 [ 32.317007] ret_from_fork+0x10/0x20 [ 32.317213] [ 32.317260] Allocated by task 147: [ 32.317332] kasan_save_stack+0x3c/0x68 [ 32.317433] kasan_save_track+0x20/0x40 [ 32.317522] kasan_save_alloc_info+0x40/0x58 [ 32.317607] __kasan_kmalloc+0xd4/0xd8 [ 32.317710] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.317826] kmalloc_oob_right+0xb0/0x660 [ 32.317951] kunit_try_run_case+0x170/0x3f0 [ 32.318062] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.318256] kthread+0x328/0x630 [ 32.318347] ret_from_fork+0x10/0x20 [ 32.318510] [ 32.318563] The buggy address belongs to the object at fff00000c56d3e00 [ 32.318563] which belongs to the cache kmalloc-128 of size 128 [ 32.318690] The buggy address is located 13 bytes to the right of [ 32.318690] allocated 115-byte region [fff00000c56d3e00, fff00000c56d3e73) [ 32.319012] [ 32.319061] The buggy address belongs to the physical page: [ 32.319744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c56d3800 pfn:0x1056d3 [ 32.319819] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.319881] page_type: f5(slab) [ 32.319977] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.320038] raw: fff00000c56d3800 000000008010000f 00000000f5000000 0000000000000000 [ 32.320086] page dumped because: kasan: bad access detected [ 32.320161] [ 32.320187] Memory state around the buggy address: [ 32.320224] fff00000c56d3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320277] fff00000c56d3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.320327] >fff00000c56d3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320372] ^ [ 32.320407] fff00000c56d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320457] fff00000c56d3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.320500] ================================================================== [ 32.293703] ================================================================== [ 32.295751] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 32.297666] Write of size 1 at addr fff00000c56d3e73 by task kunit_try_catch/147 [ 32.297840] [ 32.298843] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.299064] Tainted: [N]=TEST [ 32.299167] Hardware name: linux,dummy-virt (DT) [ 32.299599] Call trace: [ 32.299815] show_stack+0x20/0x38 (C) [ 32.300023] dump_stack_lvl+0x8c/0xd0 [ 32.300098] print_report+0x118/0x608 [ 32.300159] kasan_report+0xdc/0x128 [ 32.300214] __asan_report_store1_noabort+0x20/0x30 [ 32.300270] kmalloc_oob_right+0x5a4/0x660 [ 32.300325] kunit_try_run_case+0x170/0x3f0 [ 32.300385] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.300447] kthread+0x328/0x630 [ 32.300500] ret_from_fork+0x10/0x20 [ 32.300688] [ 32.300736] Allocated by task 147: [ 32.300876] kasan_save_stack+0x3c/0x68 [ 32.300975] kasan_save_track+0x20/0x40 [ 32.301028] kasan_save_alloc_info+0x40/0x58 [ 32.301073] __kasan_kmalloc+0xd4/0xd8 [ 32.301117] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.301166] kmalloc_oob_right+0xb0/0x660 [ 32.301208] kunit_try_run_case+0x170/0x3f0 [ 32.301252] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.301303] kthread+0x328/0x630 [ 32.301340] ret_from_fork+0x10/0x20 [ 32.301408] [ 32.301481] The buggy address belongs to the object at fff00000c56d3e00 [ 32.301481] which belongs to the cache kmalloc-128 of size 128 [ 32.301596] The buggy address is located 0 bytes to the right of [ 32.301596] allocated 115-byte region [fff00000c56d3e00, fff00000c56d3e73) [ 32.301679] [ 32.301778] The buggy address belongs to the physical page: [ 32.302012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c56d3800 pfn:0x1056d3 [ 32.302336] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.302691] page_type: f5(slab) [ 32.303075] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.303221] raw: fff00000c56d3800 000000008010000f 00000000f5000000 0000000000000000 [ 32.303426] page dumped because: kasan: bad access detected [ 32.303486] [ 32.303520] Memory state around the buggy address: [ 32.303781] fff00000c56d3d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.303869] fff00000c56d3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.303965] >fff00000c56d3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.304037] ^ [ 32.304149] fff00000c56d3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.304202] fff00000c56d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.304279] ==================================================================
[ 27.832407] ================================================================== [ 27.832978] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 27.833917] Read of size 1 at addr ffff888102dcf680 by task kunit_try_catch/166 [ 27.834380] [ 27.834577] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.834683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.834715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.834760] Call Trace: [ 27.834799] <TASK> [ 27.834839] dump_stack_lvl+0x73/0xb0 [ 27.834910] print_report+0xd1/0x650 [ 27.834963] ? __virt_addr_valid+0x1db/0x2d0 [ 27.835023] ? kmalloc_oob_right+0x68a/0x7f0 [ 27.835079] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.835146] ? kmalloc_oob_right+0x68a/0x7f0 [ 27.835202] kasan_report+0x141/0x180 [ 27.835261] ? kmalloc_oob_right+0x68a/0x7f0 [ 27.835331] __asan_report_load1_noabort+0x18/0x20 [ 27.835395] kmalloc_oob_right+0x68a/0x7f0 [ 27.835453] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 27.835571] ? __schedule+0x10cc/0x2b60 [ 27.835641] ? __pfx_read_tsc+0x10/0x10 [ 27.835698] ? ktime_get_ts64+0x86/0x230 [ 27.835763] kunit_try_run_case+0x1a5/0x480 [ 27.835839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.835898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.835962] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.836029] ? __kthread_parkme+0x82/0x180 [ 27.836086] ? preempt_count_sub+0x50/0x80 [ 27.836149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.836215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.836281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.836346] kthread+0x337/0x6f0 [ 27.836400] ? trace_preempt_on+0x20/0xc0 [ 27.836462] ? __pfx_kthread+0x10/0x10 [ 27.836520] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.836599] ? calculate_sigpending+0x7b/0xa0 [ 27.836664] ? __pfx_kthread+0x10/0x10 [ 27.836723] ret_from_fork+0x116/0x1d0 [ 27.836777] ? __pfx_kthread+0x10/0x10 [ 27.836850] ret_from_fork_asm+0x1a/0x30 [ 27.836916] </TASK> [ 27.836933] [ 27.851073] Allocated by task 166: [ 27.851453] kasan_save_stack+0x45/0x70 [ 27.851765] kasan_save_track+0x18/0x40 [ 27.852161] kasan_save_alloc_info+0x3b/0x50 [ 27.852589] __kasan_kmalloc+0xb7/0xc0 [ 27.852981] __kmalloc_cache_noprof+0x189/0x420 [ 27.853360] kmalloc_oob_right+0xa9/0x7f0 [ 27.853761] kunit_try_run_case+0x1a5/0x480 [ 27.854128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.854493] kthread+0x337/0x6f0 [ 27.854800] ret_from_fork+0x116/0x1d0 [ 27.855194] ret_from_fork_asm+0x1a/0x30 [ 27.855604] [ 27.855849] The buggy address belongs to the object at ffff888102dcf600 [ 27.855849] which belongs to the cache kmalloc-128 of size 128 [ 27.856667] The buggy address is located 13 bytes to the right of [ 27.856667] allocated 115-byte region [ffff888102dcf600, ffff888102dcf673) [ 27.857476] [ 27.857704] The buggy address belongs to the physical page: [ 27.858141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 27.858712] flags: 0x200000000000000(node=0|zone=2) [ 27.859164] page_type: f5(slab) [ 27.859396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.860002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.860354] page dumped because: kasan: bad access detected [ 27.860891] [ 27.861079] Memory state around the buggy address: [ 27.861525] ffff888102dcf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.862139] ffff888102dcf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.862657] >ffff888102dcf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.863148] ^ [ 27.863404] ffff888102dcf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.863962] ffff888102dcf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.864348] ================================================================== [ 27.752697] ================================================================== [ 27.753972] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 27.755068] Write of size 1 at addr ffff888102dcf673 by task kunit_try_catch/166 [ 27.755914] [ 27.757956] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.758512] Tainted: [N]=TEST [ 27.758584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.758880] Call Trace: [ 27.758971] <TASK> [ 27.759218] dump_stack_lvl+0x73/0xb0 [ 27.759352] print_report+0xd1/0x650 [ 27.759396] ? __virt_addr_valid+0x1db/0x2d0 [ 27.759433] ? kmalloc_oob_right+0x6f0/0x7f0 [ 27.759461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.759495] ? kmalloc_oob_right+0x6f0/0x7f0 [ 27.759523] kasan_report+0x141/0x180 [ 27.759573] ? kmalloc_oob_right+0x6f0/0x7f0 [ 27.759609] __asan_report_store1_noabort+0x1b/0x30 [ 27.759662] kmalloc_oob_right+0x6f0/0x7f0 [ 27.759695] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 27.759725] ? __schedule+0x10cc/0x2b60 [ 27.759758] ? __pfx_read_tsc+0x10/0x10 [ 27.759789] ? ktime_get_ts64+0x86/0x230 [ 27.759834] kunit_try_run_case+0x1a5/0x480 [ 27.759871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.759900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.759932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.759964] ? __kthread_parkme+0x82/0x180 [ 27.759992] ? preempt_count_sub+0x50/0x80 [ 27.760023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.760058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.760179] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.760212] kthread+0x337/0x6f0 [ 27.760239] ? trace_preempt_on+0x20/0xc0 [ 27.760272] ? __pfx_kthread+0x10/0x10 [ 27.760299] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.760330] ? calculate_sigpending+0x7b/0xa0 [ 27.760362] ? __pfx_kthread+0x10/0x10 [ 27.760389] ret_from_fork+0x116/0x1d0 [ 27.760415] ? __pfx_kthread+0x10/0x10 [ 27.760441] ret_from_fork_asm+0x1a/0x30 [ 27.760520] </TASK> [ 27.760633] [ 27.773526] Allocated by task 166: [ 27.774797] kasan_save_stack+0x45/0x70 [ 27.775447] kasan_save_track+0x18/0x40 [ 27.775903] kasan_save_alloc_info+0x3b/0x50 [ 27.776338] __kasan_kmalloc+0xb7/0xc0 [ 27.776633] __kmalloc_cache_noprof+0x189/0x420 [ 27.777140] kmalloc_oob_right+0xa9/0x7f0 [ 27.777672] kunit_try_run_case+0x1a5/0x480 [ 27.778627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.779196] kthread+0x337/0x6f0 [ 27.779508] ret_from_fork+0x116/0x1d0 [ 27.779943] ret_from_fork_asm+0x1a/0x30 [ 27.780498] [ 27.780854] The buggy address belongs to the object at ffff888102dcf600 [ 27.780854] which belongs to the cache kmalloc-128 of size 128 [ 27.781977] The buggy address is located 0 bytes to the right of [ 27.781977] allocated 115-byte region [ffff888102dcf600, ffff888102dcf673) [ 27.783691] [ 27.784217] The buggy address belongs to the physical page: [ 27.785184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 27.786173] flags: 0x200000000000000(node=0|zone=2) [ 27.787382] page_type: f5(slab) [ 27.788497] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.789417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.790115] page dumped because: kasan: bad access detected [ 27.790743] [ 27.790905] Memory state around the buggy address: [ 27.792357] ffff888102dcf500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.793239] ffff888102dcf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.793822] >ffff888102dcf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.794715] ^ [ 27.795844] ffff888102dcf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.796379] ffff888102dcf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.797317] ================================================================== [ 27.799472] ================================================================== [ 27.800097] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 27.801442] Write of size 1 at addr ffff888102dcf678 by task kunit_try_catch/166 [ 27.802090] [ 27.802293] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.802447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.802498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.802573] Call Trace: [ 27.802610] <TASK> [ 27.802703] dump_stack_lvl+0x73/0xb0 [ 27.802804] print_report+0xd1/0x650 [ 27.802858] ? __virt_addr_valid+0x1db/0x2d0 [ 27.802894] ? kmalloc_oob_right+0x6bd/0x7f0 [ 27.802923] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.802957] ? kmalloc_oob_right+0x6bd/0x7f0 [ 27.802985] kasan_report+0x141/0x180 [ 27.803013] ? kmalloc_oob_right+0x6bd/0x7f0 [ 27.803046] __asan_report_store1_noabort+0x1b/0x30 [ 27.803077] kmalloc_oob_right+0x6bd/0x7f0 [ 27.803105] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 27.803133] ? __schedule+0x10cc/0x2b60 [ 27.803165] ? __pfx_read_tsc+0x10/0x10 [ 27.803193] ? ktime_get_ts64+0x86/0x230 [ 27.803224] kunit_try_run_case+0x1a5/0x480 [ 27.803256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.803284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.803315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.803345] ? __kthread_parkme+0x82/0x180 [ 27.803372] ? preempt_count_sub+0x50/0x80 [ 27.803401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.803432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.803461] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.803491] kthread+0x337/0x6f0 [ 27.803516] ? trace_preempt_on+0x20/0xc0 [ 27.803567] ? __pfx_kthread+0x10/0x10 [ 27.803599] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.803643] ? calculate_sigpending+0x7b/0xa0 [ 27.803699] ? __pfx_kthread+0x10/0x10 [ 27.803728] ret_from_fork+0x116/0x1d0 [ 27.803754] ? __pfx_kthread+0x10/0x10 [ 27.803781] ret_from_fork_asm+0x1a/0x30 [ 27.803820] </TASK> [ 27.803845] [ 27.816082] Allocated by task 166: [ 27.816327] kasan_save_stack+0x45/0x70 [ 27.816627] kasan_save_track+0x18/0x40 [ 27.816864] kasan_save_alloc_info+0x3b/0x50 [ 27.817273] __kasan_kmalloc+0xb7/0xc0 [ 27.817685] __kmalloc_cache_noprof+0x189/0x420 [ 27.818172] kmalloc_oob_right+0xa9/0x7f0 [ 27.818673] kunit_try_run_case+0x1a5/0x480 [ 27.819124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.819767] kthread+0x337/0x6f0 [ 27.820161] ret_from_fork+0x116/0x1d0 [ 27.820572] ret_from_fork_asm+0x1a/0x30 [ 27.821033] [ 27.821239] The buggy address belongs to the object at ffff888102dcf600 [ 27.821239] which belongs to the cache kmalloc-128 of size 128 [ 27.822075] The buggy address is located 5 bytes to the right of [ 27.822075] allocated 115-byte region [ffff888102dcf600, ffff888102dcf673) [ 27.822744] [ 27.822953] The buggy address belongs to the physical page: [ 27.823489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102dcf [ 27.824315] flags: 0x200000000000000(node=0|zone=2) [ 27.824873] page_type: f5(slab) [ 27.825275] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.825870] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.826402] page dumped because: kasan: bad access detected [ 27.826910] [ 27.827158] Memory state around the buggy address: [ 27.827534] ffff888102dcf500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.828205] ffff888102dcf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.828663] >ffff888102dcf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.829255] ^ [ 27.829710] ffff888102dcf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.830431] ffff888102dcf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.831138] ==================================================================