Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 40.935436] ================================================================== [ 40.942752] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 40.950250] Read of size 1 at addr ffff0000822c2978 by task kunit_try_catch/292 [ 40.957663] [ 40.959195] CPU: 3 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.959227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.959235] Hardware name: Thundercomm Dragonboard 845c (DT) [ 40.959246] Call trace: [ 40.959254] show_stack+0x20/0x38 (C) [ 40.959272] dump_stack_lvl+0x8c/0xd0 [ 40.959291] print_report+0x118/0x608 [ 40.959310] kasan_report+0xdc/0x128 [ 40.959330] __asan_report_load1_noabort+0x20/0x30 [ 40.959350] ksize_unpoisons_memory+0x618/0x740 [ 40.959369] kunit_try_run_case+0x170/0x3f0 [ 40.959389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.959413] kthread+0x328/0x630 [ 40.959428] ret_from_fork+0x10/0x20 [ 40.959445] [ 41.025494] Allocated by task 292: [ 41.028954] kasan_save_stack+0x3c/0x68 [ 41.032865] kasan_save_track+0x20/0x40 [ 41.036775] kasan_save_alloc_info+0x40/0x58 [ 41.041114] __kasan_kmalloc+0xd4/0xd8 [ 41.044938] __kmalloc_cache_noprof+0x16c/0x3c0 [ 41.049550] ksize_unpoisons_memory+0xc0/0x740 [ 41.054074] kunit_try_run_case+0x170/0x3f0 [ 41.058330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.063899] kthread+0x328/0x630 [ 41.067183] ret_from_fork+0x10/0x20 [ 41.070824] [ 41.072358] The buggy address belongs to the object at ffff0000822c2900 [ 41.072358] which belongs to the cache kmalloc-128 of size 128 [ 41.085025] The buggy address is located 5 bytes to the right of [ 41.085025] allocated 115-byte region [ffff0000822c2900, ffff0000822c2973) [ 41.098122] [ 41.099659] The buggy address belongs to the physical page: [ 41.105307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c2 [ 41.113421] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 41.121179] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 41.128236] page_type: f5(slab) [ 41.131443] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 41.139291] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 41.147138] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 41.155070] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 41.163003] head: 0bfffe0000000001 fffffdffc208b081 00000000ffffffff 00000000ffffffff [ 41.170936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 41.178864] page dumped because: kasan: bad access detected [ 41.184508] [ 41.186037] Memory state around the buggy address: [ 41.190901] ffff0000822c2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.198215] ffff0000822c2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.205530] >ffff0000822c2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 41.212852] ^ [ 41.220078] ffff0000822c2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.227395] ffff0000822c2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.234710] ================================================================== [ 41.242897] ================================================================== [ 41.250217] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 41.257718] Read of size 1 at addr ffff0000822c297f by task kunit_try_catch/292 [ 41.265119] [ 41.266648] CPU: 5 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 41.266679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.266688] Hardware name: Thundercomm Dragonboard 845c (DT) [ 41.266698] Call trace: [ 41.266703] show_stack+0x20/0x38 (C) [ 41.266723] dump_stack_lvl+0x8c/0xd0 [ 41.266741] print_report+0x118/0x608 [ 41.266758] kasan_report+0xdc/0x128 [ 41.266776] __asan_report_load1_noabort+0x20/0x30 [ 41.266792] ksize_unpoisons_memory+0x690/0x740 [ 41.266810] kunit_try_run_case+0x170/0x3f0 [ 41.266828] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.266848] kthread+0x328/0x630 [ 41.266862] ret_from_fork+0x10/0x20 [ 41.266879] [ 41.332875] Allocated by task 292: [ 41.336331] kasan_save_stack+0x3c/0x68 [ 41.340229] kasan_save_track+0x20/0x40 [ 41.344126] kasan_save_alloc_info+0x40/0x58 [ 41.348462] __kasan_kmalloc+0xd4/0xd8 [ 41.352269] __kmalloc_cache_noprof+0x16c/0x3c0 [ 41.356868] ksize_unpoisons_memory+0xc0/0x740 [ 41.361383] kunit_try_run_case+0x170/0x3f0 [ 41.365633] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 41.371199] kthread+0x328/0x630 [ 41.374484] ret_from_fork+0x10/0x20 [ 41.378117] [ 41.379648] The buggy address belongs to the object at ffff0000822c2900 [ 41.379648] which belongs to the cache kmalloc-128 of size 128 [ 41.392295] The buggy address is located 12 bytes to the right of [ 41.392295] allocated 115-byte region [ffff0000822c2900, ffff0000822c2973) [ 41.405477] [ 41.407001] The buggy address belongs to the physical page: [ 41.412643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c2 [ 41.420746] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 41.428491] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 41.435541] page_type: f5(slab) [ 41.438741] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 41.446586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 41.454431] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 41.462360] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 41.470289] head: 0bfffe0000000001 fffffdffc208b081 00000000ffffffff 00000000ffffffff [ 41.478218] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 41.486143] page dumped because: kasan: bad access detected [ 41.491785] [ 41.493306] Memory state around the buggy address: [ 41.498160] ffff0000822c2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.505470] ffff0000822c2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.512778] >ffff0000822c2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 41.520085] ^ [ 41.527304] ffff0000822c2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.534616] ffff0000822c2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.541921] ================================================================== [ 40.624767] ================================================================== [ 40.636332] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 40.643835] Read of size 1 at addr ffff0000822c2973 by task kunit_try_catch/292 [ 40.651246] [ 40.652788] CPU: 3 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 40.652819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.652828] Hardware name: Thundercomm Dragonboard 845c (DT) [ 40.652840] Call trace: [ 40.652848] show_stack+0x20/0x38 (C) [ 40.652866] dump_stack_lvl+0x8c/0xd0 [ 40.652886] print_report+0x118/0x608 [ 40.652906] kasan_report+0xdc/0x128 [ 40.652926] __asan_report_load1_noabort+0x20/0x30 [ 40.652944] ksize_unpoisons_memory+0x628/0x740 [ 40.652963] kunit_try_run_case+0x170/0x3f0 [ 40.652984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.653006] kthread+0x328/0x630 [ 40.653022] ret_from_fork+0x10/0x20 [ 40.653039] [ 40.719100] Allocated by task 292: [ 40.722560] kasan_save_stack+0x3c/0x68 [ 40.726470] kasan_save_track+0x20/0x40 [ 40.730380] kasan_save_alloc_info+0x40/0x58 [ 40.734720] __kasan_kmalloc+0xd4/0xd8 [ 40.738542] __kmalloc_cache_noprof+0x16c/0x3c0 [ 40.743151] ksize_unpoisons_memory+0xc0/0x740 [ 40.747675] kunit_try_run_case+0x170/0x3f0 [ 40.751934] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.757508] kthread+0x328/0x630 [ 40.760797] ret_from_fork+0x10/0x20 [ 40.764435] [ 40.765965] The buggy address belongs to the object at ffff0000822c2900 [ 40.765965] which belongs to the cache kmalloc-128 of size 128 [ 40.778627] The buggy address is located 0 bytes to the right of [ 40.778627] allocated 115-byte region [ffff0000822c2900, ffff0000822c2973) [ 40.791729] [ 40.793256] The buggy address belongs to the physical page: [ 40.798905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c2 [ 40.807016] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 40.814772] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 40.821829] page_type: f5(slab) [ 40.825033] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 40.832877] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 40.840721] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 40.848652] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 40.856582] head: 0bfffe0000000001 fffffdffc208b081 00000000ffffffff 00000000ffffffff [ 40.864513] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 40.872439] page dumped because: kasan: bad access detected [ 40.878088] [ 40.879624] Memory state around the buggy address: [ 40.884483] ffff0000822c2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.891807] ffff0000822c2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.899121] >ffff0000822c2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 40.906444] ^ [ 40.913408] ffff0000822c2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.920733] ffff0000822c2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.928053] ==================================================================
[ 33.341118] ================================================================== [ 33.341553] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 33.342067] Read of size 1 at addr fff00000c7732573 by task kunit_try_catch/205 [ 33.342449] [ 33.342643] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.343463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.343819] Hardware name: linux,dummy-virt (DT) [ 33.343921] Call trace: [ 33.344303] show_stack+0x20/0x38 (C) [ 33.344476] dump_stack_lvl+0x8c/0xd0 [ 33.344576] print_report+0x118/0x608 [ 33.344639] kasan_report+0xdc/0x128 [ 33.344736] __asan_report_load1_noabort+0x20/0x30 [ 33.344829] ksize_unpoisons_memory+0x628/0x740 [ 33.344927] kunit_try_run_case+0x170/0x3f0 [ 33.345299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.345464] kthread+0x328/0x630 [ 33.345777] ret_from_fork+0x10/0x20 [ 33.345955] [ 33.346028] Allocated by task 205: [ 33.346122] kasan_save_stack+0x3c/0x68 [ 33.346275] kasan_save_track+0x20/0x40 [ 33.346412] kasan_save_alloc_info+0x40/0x58 [ 33.346651] __kasan_kmalloc+0xd4/0xd8 [ 33.346748] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.346878] ksize_unpoisons_memory+0xc0/0x740 [ 33.347138] kunit_try_run_case+0x170/0x3f0 [ 33.347249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.347372] kthread+0x328/0x630 [ 33.347472] ret_from_fork+0x10/0x20 [ 33.347578] [ 33.347623] The buggy address belongs to the object at fff00000c7732500 [ 33.347623] which belongs to the cache kmalloc-128 of size 128 [ 33.347755] The buggy address is located 0 bytes to the right of [ 33.347755] allocated 115-byte region [fff00000c7732500, fff00000c7732573) [ 33.347930] [ 33.348062] The buggy address belongs to the physical page: [ 33.348153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.348282] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.348427] page_type: f5(slab) [ 33.348604] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.348768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.348944] page dumped because: kasan: bad access detected [ 33.349058] [ 33.349140] Memory state around the buggy address: [ 33.349216] fff00000c7732400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.349486] fff00000c7732480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.349652] >fff00000c7732500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.349744] ^ [ 33.349903] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.350104] fff00000c7732600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.350257] ================================================================== [ 33.353457] ================================================================== [ 33.353582] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 33.353816] Read of size 1 at addr fff00000c7732578 by task kunit_try_catch/205 [ 33.354081] [ 33.354208] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.354801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.354997] Hardware name: linux,dummy-virt (DT) [ 33.355078] Call trace: [ 33.355150] show_stack+0x20/0x38 (C) [ 33.355268] dump_stack_lvl+0x8c/0xd0 [ 33.356703] print_report+0x118/0x608 [ 33.356800] kasan_report+0xdc/0x128 [ 33.356865] __asan_report_load1_noabort+0x20/0x30 [ 33.356985] ksize_unpoisons_memory+0x618/0x740 [ 33.357049] kunit_try_run_case+0x170/0x3f0 [ 33.357111] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.357178] kthread+0x328/0x630 [ 33.357229] ret_from_fork+0x10/0x20 [ 33.357288] [ 33.357310] Allocated by task 205: [ 33.357349] kasan_save_stack+0x3c/0x68 [ 33.357400] kasan_save_track+0x20/0x40 [ 33.357447] kasan_save_alloc_info+0x40/0x58 [ 33.357494] __kasan_kmalloc+0xd4/0xd8 [ 33.357539] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.357590] ksize_unpoisons_memory+0xc0/0x740 [ 33.357636] kunit_try_run_case+0x170/0x3f0 [ 33.357684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.357736] kthread+0x328/0x630 [ 33.357774] ret_from_fork+0x10/0x20 [ 33.357818] [ 33.357840] The buggy address belongs to the object at fff00000c7732500 [ 33.357840] which belongs to the cache kmalloc-128 of size 128 [ 33.358136] The buggy address is located 5 bytes to the right of [ 33.358136] allocated 115-byte region [fff00000c7732500, fff00000c7732573) [ 33.358441] [ 33.358500] The buggy address belongs to the physical page: [ 33.359129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.359328] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.359495] page_type: f5(slab) [ 33.359619] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.359806] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.359932] page dumped because: kasan: bad access detected [ 33.360384] [ 33.360453] Memory state around the buggy address: [ 33.360550] fff00000c7732400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.360818] fff00000c7732480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.361365] >fff00000c7732500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.361562] ^ [ 33.361943] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.362077] fff00000c7732600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.362171] ================================================================== [ 33.363601] ================================================================== [ 33.363726] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 33.364504] Read of size 1 at addr fff00000c773257f by task kunit_try_catch/205 [ 33.364730] [ 33.364817] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.365850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.366266] Hardware name: linux,dummy-virt (DT) [ 33.366871] Call trace: [ 33.366962] show_stack+0x20/0x38 (C) [ 33.367149] dump_stack_lvl+0x8c/0xd0 [ 33.367691] print_report+0x118/0x608 [ 33.368132] kasan_report+0xdc/0x128 [ 33.368297] __asan_report_load1_noabort+0x20/0x30 [ 33.368836] ksize_unpoisons_memory+0x690/0x740 [ 33.369329] kunit_try_run_case+0x170/0x3f0 [ 33.369652] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.370117] kthread+0x328/0x630 [ 33.370842] ret_from_fork+0x10/0x20 [ 33.371159] [ 33.371284] Allocated by task 205: [ 33.371392] kasan_save_stack+0x3c/0x68 [ 33.371511] kasan_save_track+0x20/0x40 [ 33.371630] kasan_save_alloc_info+0x40/0x58 [ 33.371730] __kasan_kmalloc+0xd4/0xd8 [ 33.371818] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.371982] ksize_unpoisons_memory+0xc0/0x740 [ 33.372161] kunit_try_run_case+0x170/0x3f0 [ 33.372287] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.372392] kthread+0x328/0x630 [ 33.372474] ret_from_fork+0x10/0x20 [ 33.372558] [ 33.372603] The buggy address belongs to the object at fff00000c7732500 [ 33.372603] which belongs to the cache kmalloc-128 of size 128 [ 33.372735] The buggy address is located 12 bytes to the right of [ 33.372735] allocated 115-byte region [fff00000c7732500, fff00000c7732573) [ 33.372955] [ 33.373065] The buggy address belongs to the physical page: [ 33.373176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107732 [ 33.373343] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.373460] page_type: f5(slab) [ 33.373560] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.373812] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.373934] page dumped because: kasan: bad access detected [ 33.374027] [ 33.374080] Memory state around the buggy address: [ 33.374170] fff00000c7732400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.374291] fff00000c7732480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.374423] >fff00000c7732500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 33.374534] ^ [ 33.374652] fff00000c7732580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.374809] fff00000c7732600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.375011] ==================================================================
[ 29.581584] ================================================================== [ 29.582495] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 29.583005] Read of size 1 at addr ffff888100aae973 by task kunit_try_catch/224 [ 29.583509] [ 29.583833] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.583947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.583979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.584023] Call Trace: [ 29.584052] <TASK> [ 29.584087] dump_stack_lvl+0x73/0xb0 [ 29.584152] print_report+0xd1/0x650 [ 29.584250] ? __virt_addr_valid+0x1db/0x2d0 [ 29.584315] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.584443] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584507] kasan_report+0x141/0x180 [ 29.584577] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584680] __asan_report_load1_noabort+0x18/0x20 [ 29.584744] ksize_unpoisons_memory+0x81c/0x9b0 [ 29.584801] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 29.584852] ? finish_task_switch.isra.0+0x153/0x700 [ 29.584910] ? __switch_to+0x47/0xf50 [ 29.584974] ? __schedule+0x10cc/0x2b60 [ 29.585033] ? __pfx_read_tsc+0x10/0x10 [ 29.585083] ? ktime_get_ts64+0x86/0x230 [ 29.585141] kunit_try_run_case+0x1a5/0x480 [ 29.585206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.585266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.585326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.585362] ? __kthread_parkme+0x82/0x180 [ 29.585390] ? preempt_count_sub+0x50/0x80 [ 29.585421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.585453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.585484] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.585514] kthread+0x337/0x6f0 [ 29.585560] ? trace_preempt_on+0x20/0xc0 [ 29.585594] ? __pfx_kthread+0x10/0x10 [ 29.585621] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.585676] ? calculate_sigpending+0x7b/0xa0 [ 29.585709] ? __pfx_kthread+0x10/0x10 [ 29.585737] ret_from_fork+0x116/0x1d0 [ 29.585764] ? __pfx_kthread+0x10/0x10 [ 29.585791] ret_from_fork_asm+0x1a/0x30 [ 29.585831] </TASK> [ 29.585845] [ 29.600216] Allocated by task 224: [ 29.600586] kasan_save_stack+0x45/0x70 [ 29.601127] kasan_save_track+0x18/0x40 [ 29.601585] kasan_save_alloc_info+0x3b/0x50 [ 29.602054] __kasan_kmalloc+0xb7/0xc0 [ 29.602414] __kmalloc_cache_noprof+0x189/0x420 [ 29.602889] ksize_unpoisons_memory+0xc7/0x9b0 [ 29.603316] kunit_try_run_case+0x1a5/0x480 [ 29.603745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.604242] kthread+0x337/0x6f0 [ 29.604496] ret_from_fork+0x116/0x1d0 [ 29.604894] ret_from_fork_asm+0x1a/0x30 [ 29.605295] [ 29.605523] The buggy address belongs to the object at ffff888100aae900 [ 29.605523] which belongs to the cache kmalloc-128 of size 128 [ 29.606313] The buggy address is located 0 bytes to the right of [ 29.606313] allocated 115-byte region [ffff888100aae900, ffff888100aae973) [ 29.607206] [ 29.607419] The buggy address belongs to the physical page: [ 29.608020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.608436] flags: 0x200000000000000(node=0|zone=2) [ 29.608984] page_type: f5(slab) [ 29.609342] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.609844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.610496] page dumped because: kasan: bad access detected [ 29.610910] [ 29.611141] Memory state around the buggy address: [ 29.611659] ffff888100aae800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.612103] ffff888100aae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.612763] >ffff888100aae900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.613267] ^ [ 29.613875] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614298] ffff888100aaea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614978] ================================================================== [ 29.651856] ================================================================== [ 29.653261] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.653980] Read of size 1 at addr ffff888100aae97f by task kunit_try_catch/224 [ 29.654626] [ 29.654873] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.654987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.655018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.655068] Call Trace: [ 29.655110] <TASK> [ 29.655150] dump_stack_lvl+0x73/0xb0 [ 29.655223] print_report+0xd1/0x650 [ 29.655282] ? __virt_addr_valid+0x1db/0x2d0 [ 29.655345] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655406] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.655470] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655579] kasan_report+0x141/0x180 [ 29.655637] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655724] __asan_report_load1_noabort+0x18/0x20 [ 29.655813] ksize_unpoisons_memory+0x7b6/0x9b0 [ 29.655902] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 29.655959] ? finish_task_switch.isra.0+0x153/0x700 [ 29.656014] ? __switch_to+0x47/0xf50 [ 29.656080] ? __schedule+0x10cc/0x2b60 [ 29.656147] ? __pfx_read_tsc+0x10/0x10 [ 29.656206] ? ktime_get_ts64+0x86/0x230 [ 29.656271] kunit_try_run_case+0x1a5/0x480 [ 29.656332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.656408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.656440] ? __kthread_parkme+0x82/0x180 [ 29.656467] ? preempt_count_sub+0x50/0x80 [ 29.656497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.656582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.656614] kthread+0x337/0x6f0 [ 29.656651] ? trace_preempt_on+0x20/0xc0 [ 29.656699] ? __pfx_kthread+0x10/0x10 [ 29.656726] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.656756] ? calculate_sigpending+0x7b/0xa0 [ 29.656787] ? __pfx_kthread+0x10/0x10 [ 29.656815] ret_from_fork+0x116/0x1d0 [ 29.656840] ? __pfx_kthread+0x10/0x10 [ 29.656866] ret_from_fork_asm+0x1a/0x30 [ 29.656905] </TASK> [ 29.656919] [ 29.669271] Allocated by task 224: [ 29.669681] kasan_save_stack+0x45/0x70 [ 29.670068] kasan_save_track+0x18/0x40 [ 29.670314] kasan_save_alloc_info+0x3b/0x50 [ 29.670603] __kasan_kmalloc+0xb7/0xc0 [ 29.671013] __kmalloc_cache_noprof+0x189/0x420 [ 29.671465] ksize_unpoisons_memory+0xc7/0x9b0 [ 29.671896] kunit_try_run_case+0x1a5/0x480 [ 29.672162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.672683] kthread+0x337/0x6f0 [ 29.673094] ret_from_fork+0x116/0x1d0 [ 29.673494] ret_from_fork_asm+0x1a/0x30 [ 29.673930] [ 29.674100] The buggy address belongs to the object at ffff888100aae900 [ 29.674100] which belongs to the cache kmalloc-128 of size 128 [ 29.674718] The buggy address is located 12 bytes to the right of [ 29.674718] allocated 115-byte region [ffff888100aae900, ffff888100aae973) [ 29.675390] [ 29.675574] The buggy address belongs to the physical page: [ 29.676087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.676769] flags: 0x200000000000000(node=0|zone=2) [ 29.677246] page_type: f5(slab) [ 29.677774] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.678373] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.678972] page dumped because: kasan: bad access detected [ 29.679470] [ 29.679747] Memory state around the buggy address: [ 29.680095] ffff888100aae800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.680703] ffff888100aae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.681211] >ffff888100aae900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.681576] ^ [ 29.682212] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.682908] ffff888100aaea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.683397] ================================================================== [ 29.617103] ================================================================== [ 29.618240] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.618892] Read of size 1 at addr ffff888100aae978 by task kunit_try_catch/224 [ 29.619354] [ 29.619502] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.619592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.619620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.619667] Call Trace: [ 29.619704] <TASK> [ 29.619793] dump_stack_lvl+0x73/0xb0 [ 29.619890] print_report+0xd1/0x650 [ 29.619950] ? __virt_addr_valid+0x1db/0x2d0 [ 29.620013] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620115] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.620190] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620252] kasan_report+0x141/0x180 [ 29.620306] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620376] __asan_report_load1_noabort+0x18/0x20 [ 29.620490] ksize_unpoisons_memory+0x7e9/0x9b0 [ 29.620573] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 29.620633] ? finish_task_switch.isra.0+0x153/0x700 [ 29.620690] ? __switch_to+0x47/0xf50 [ 29.620756] ? __schedule+0x10cc/0x2b60 [ 29.620872] ? __pfx_read_tsc+0x10/0x10 [ 29.620934] ? ktime_get_ts64+0x86/0x230 [ 29.621000] kunit_try_run_case+0x1a5/0x480 [ 29.621067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621179] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.621246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.621305] ? __kthread_parkme+0x82/0x180 [ 29.621346] ? preempt_count_sub+0x50/0x80 [ 29.621377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.621441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.621472] kthread+0x337/0x6f0 [ 29.621499] ? trace_preempt_on+0x20/0xc0 [ 29.621531] ? __pfx_kthread+0x10/0x10 [ 29.621578] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.621608] ? calculate_sigpending+0x7b/0xa0 [ 29.621651] ? __pfx_kthread+0x10/0x10 [ 29.621696] ret_from_fork+0x116/0x1d0 [ 29.621723] ? __pfx_kthread+0x10/0x10 [ 29.621750] ret_from_fork_asm+0x1a/0x30 [ 29.621791] </TASK> [ 29.621804] [ 29.634628] Allocated by task 224: [ 29.634990] kasan_save_stack+0x45/0x70 [ 29.635669] kasan_save_track+0x18/0x40 [ 29.636083] kasan_save_alloc_info+0x3b/0x50 [ 29.636566] __kasan_kmalloc+0xb7/0xc0 [ 29.636960] __kmalloc_cache_noprof+0x189/0x420 [ 29.637370] ksize_unpoisons_memory+0xc7/0x9b0 [ 29.637718] kunit_try_run_case+0x1a5/0x480 [ 29.638028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.638659] kthread+0x337/0x6f0 [ 29.639002] ret_from_fork+0x116/0x1d0 [ 29.639394] ret_from_fork_asm+0x1a/0x30 [ 29.639846] [ 29.640054] The buggy address belongs to the object at ffff888100aae900 [ 29.640054] which belongs to the cache kmalloc-128 of size 128 [ 29.640918] The buggy address is located 5 bytes to the right of [ 29.640918] allocated 115-byte region [ffff888100aae900, ffff888100aae973) [ 29.641779] [ 29.641993] The buggy address belongs to the physical page: [ 29.642490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae [ 29.643235] flags: 0x200000000000000(node=0|zone=2) [ 29.643792] page_type: f5(slab) [ 29.644059] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.644420] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.645063] page dumped because: kasan: bad access detected [ 29.645611] [ 29.645853] Memory state around the buggy address: [ 29.646315] ffff888100aae800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.646939] ffff888100aae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.647291] >ffff888100aae900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 29.647702] ^ [ 29.648374] ffff888100aae980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.649130] ffff888100aaea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.649785] ==================================================================