Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.756231] ================================================================== [ 29.763570] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 29.770647] Write of size 1 at addr ffff000080dbc173 by task kunit_try_catch/222 [ 29.778144] [ 29.779682] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 29.779713] Tainted: [N]=TEST [ 29.779720] Hardware name: Thundercomm Dragonboard 845c (DT) [ 29.779731] Call trace: [ 29.779739] show_stack+0x20/0x38 (C) [ 29.779762] dump_stack_lvl+0x8c/0xd0 [ 29.779784] print_report+0x118/0x608 [ 29.779806] kasan_report+0xdc/0x128 [ 29.779823] __asan_report_store1_noabort+0x20/0x30 [ 29.779842] kmalloc_oob_right+0x5a4/0x660 [ 29.779858] kunit_try_run_case+0x170/0x3f0 [ 29.779879] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.779900] kthread+0x328/0x630 [ 29.779916] ret_from_fork+0x10/0x20 [ 29.779937] [ 29.844445] Allocated by task 222: [ 29.847906] kasan_save_stack+0x3c/0x68 [ 29.851817] kasan_save_track+0x20/0x40 [ 29.855724] kasan_save_alloc_info+0x40/0x58 [ 29.860068] __kasan_kmalloc+0xd4/0xd8 [ 29.863890] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.868499] kmalloc_oob_right+0xb0/0x660 [ 29.872579] kunit_try_run_case+0x170/0x3f0 [ 29.876834] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.882405] kthread+0x328/0x630 [ 29.885696] ret_from_fork+0x10/0x20 [ 29.889339] [ 29.890870] The buggy address belongs to the object at ffff000080dbc100 [ 29.890870] which belongs to the cache kmalloc-128 of size 128 [ 29.903529] The buggy address is located 0 bytes to the right of [ 29.903529] allocated 115-byte region [ffff000080dbc100, ffff000080dbc173) [ 29.916629] [ 29.918161] The buggy address belongs to the physical page: [ 29.923808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100dbc [ 29.931920] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.939679] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.946742] page_type: f5(slab) [ 29.949950] raw: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 29.957793] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.965636] head: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 29.973575] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.981513] head: 0bfffe0000000001 fffffdffc2036f01 00000000ffffffff 00000000ffffffff [ 29.989444] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 29.997379] page dumped because: kasan: bad access detected [ 30.003028] [ 30.004560] Memory state around the buggy address: [ 30.009423] ffff000080dbc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.016743] ffff000080dbc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.024065] >ffff000080dbc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.031377] ^ [ 30.038340] ffff000080dbc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.045661] ffff000080dbc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.052979] ================================================================== [ 30.371783] ================================================================== [ 30.379093] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 30.386139] Read of size 1 at addr ffff000080dbc180 by task kunit_try_catch/222 [ 30.393544] [ 30.395069] CPU: 5 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.395096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.395103] Hardware name: Thundercomm Dragonboard 845c (DT) [ 30.395112] Call trace: [ 30.395118] show_stack+0x20/0x38 (C) [ 30.395134] dump_stack_lvl+0x8c/0xd0 [ 30.395151] print_report+0x118/0x608 [ 30.395168] kasan_report+0xdc/0x128 [ 30.395185] __asan_report_load1_noabort+0x20/0x30 [ 30.395200] kmalloc_oob_right+0x5d0/0x660 [ 30.395215] kunit_try_run_case+0x170/0x3f0 [ 30.395231] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.395251] kthread+0x328/0x630 [ 30.395263] ret_from_fork+0x10/0x20 [ 30.395279] [ 30.460838] Allocated by task 222: [ 30.464290] kasan_save_stack+0x3c/0x68 [ 30.468193] kasan_save_track+0x20/0x40 [ 30.472095] kasan_save_alloc_info+0x40/0x58 [ 30.476426] __kasan_kmalloc+0xd4/0xd8 [ 30.480241] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.484837] kmalloc_oob_right+0xb0/0x660 [ 30.488911] kunit_try_run_case+0x170/0x3f0 [ 30.493157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.498721] kthread+0x328/0x630 [ 30.502002] ret_from_fork+0x10/0x20 [ 30.505641] [ 30.507163] The buggy address belongs to the object at ffff000080dbc100 [ 30.507163] which belongs to the cache kmalloc-128 of size 128 [ 30.519816] The buggy address is located 13 bytes to the right of [ 30.519816] allocated 115-byte region [ffff000080dbc100, ffff000080dbc173) [ 30.532989] [ 30.534511] The buggy address belongs to the physical page: [ 30.540157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100dbc [ 30.548253] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.556001] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.563050] page_type: f5(slab) [ 30.566243] raw: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 30.574080] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.581916] head: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 30.589838] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.597760] head: 0bfffe0000000001 fffffdffc2036f01 00000000ffffffff 00000000ffffffff [ 30.605682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.613600] page dumped because: kasan: bad access detected [ 30.619240] [ 30.620768] Memory state around the buggy address: [ 30.625618] ffff000080dbc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.632932] ffff000080dbc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.640244] >ffff000080dbc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.647558] ^ [ 30.650839] ffff000080dbc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.658149] ffff000080dbc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.665458] ================================================================== [ 30.066624] ================================================================== [ 30.073954] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 30.081020] Write of size 1 at addr ffff000080dbc178 by task kunit_try_catch/222 [ 30.088514] [ 30.090044] CPU: 5 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 30.090077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.090084] Hardware name: Thundercomm Dragonboard 845c (DT) [ 30.090097] Call trace: [ 30.090103] show_stack+0x20/0x38 (C) [ 30.090124] dump_stack_lvl+0x8c/0xd0 [ 30.090144] print_report+0x118/0x608 [ 30.090163] kasan_report+0xdc/0x128 [ 30.090180] __asan_report_store1_noabort+0x20/0x30 [ 30.090196] kmalloc_oob_right+0x538/0x660 [ 30.090211] kunit_try_run_case+0x170/0x3f0 [ 30.090229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.090248] kthread+0x328/0x630 [ 30.090261] ret_from_fork+0x10/0x20 [ 30.090279] [ 30.155946] Allocated by task 222: [ 30.159402] kasan_save_stack+0x3c/0x68 [ 30.163308] kasan_save_track+0x20/0x40 [ 30.167201] kasan_save_alloc_info+0x40/0x58 [ 30.171530] __kasan_kmalloc+0xd4/0xd8 [ 30.175334] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.179928] kmalloc_oob_right+0xb0/0x660 [ 30.184003] kunit_try_run_case+0x170/0x3f0 [ 30.188250] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.193813] kthread+0x328/0x630 [ 30.197094] ret_from_fork+0x10/0x20 [ 30.200723] [ 30.202245] The buggy address belongs to the object at ffff000080dbc100 [ 30.202245] which belongs to the cache kmalloc-128 of size 128 [ 30.214896] The buggy address is located 5 bytes to the right of [ 30.214896] allocated 115-byte region [ffff000080dbc100, ffff000080dbc173) [ 30.227988] [ 30.229511] The buggy address belongs to the physical page: [ 30.235154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100dbc [ 30.243252] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.251003] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.258050] page_type: f5(slab) [ 30.261249] raw: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 30.269088] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.276925] head: 0bfffe0000000040 ffff000080002a00 dead000000000100 dead000000000122 [ 30.284850] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.292773] head: 0bfffe0000000001 fffffdffc2036f01 00000000ffffffff 00000000ffffffff [ 30.300696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.308614] page dumped because: kasan: bad access detected [ 30.314255] [ 30.315782] Memory state around the buggy address: [ 30.320633] ffff000080dbc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.327945] ffff000080dbc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.335251] >ffff000080dbc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.342562] ^ [ 30.349785] ffff000080dbc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.357098] ffff000080dbc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.364408] ==================================================================
[ 26.538628] ================================================================== [ 26.538665] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 26.538716] Write of size 1 at addr fff00000c643f078 by task kunit_try_catch/148 [ 26.538763] [ 26.538792] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 26.538875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.538900] Hardware name: linux,dummy-virt (DT) [ 26.538928] Call trace: [ 26.538949] show_stack+0x20/0x38 (C) [ 26.538995] dump_stack_lvl+0x8c/0xd0 [ 26.539040] print_report+0x118/0x608 [ 26.539101] kasan_report+0xdc/0x128 [ 26.539147] __asan_report_store1_noabort+0x20/0x30 [ 26.539195] kmalloc_oob_right+0x538/0x660 [ 26.539240] kunit_try_run_case+0x170/0x3f0 [ 26.539286] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.539338] kthread+0x328/0x630 [ 26.539378] ret_from_fork+0x10/0x20 [ 26.539424] [ 26.539455] Allocated by task 148: [ 26.539482] kasan_save_stack+0x3c/0x68 [ 26.539523] kasan_save_track+0x20/0x40 [ 26.539560] kasan_save_alloc_info+0x40/0x58 [ 26.539595] __kasan_kmalloc+0xd4/0xd8 [ 26.539630] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.539667] kmalloc_oob_right+0xb0/0x660 [ 26.539703] kunit_try_run_case+0x170/0x3f0 [ 26.539739] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.539780] kthread+0x328/0x630 [ 26.539811] ret_from_fork+0x10/0x20 [ 26.539870] [ 26.539949] The buggy address belongs to the object at fff00000c643f000 [ 26.539949] which belongs to the cache kmalloc-128 of size 128 [ 26.540140] The buggy address is located 5 bytes to the right of [ 26.540140] allocated 115-byte region [fff00000c643f000, fff00000c643f073) [ 26.540202] [ 26.540222] The buggy address belongs to the physical page: [ 26.540260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 26.540508] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.540563] page_type: f5(slab) [ 26.540600] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 26.540648] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.540685] page dumped because: kasan: bad access detected [ 26.540714] [ 26.540730] Memory state around the buggy address: [ 26.540760] fff00000c643ef00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.540799] fff00000c643ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.540839] >fff00000c643f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.540904] ^ [ 26.540943] fff00000c643f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.540982] fff00000c643f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.541017] ================================================================== [ 26.529794] ================================================================== [ 26.530431] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 26.531280] Write of size 1 at addr fff00000c643f073 by task kunit_try_catch/148 [ 26.531386] [ 26.532172] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 26.532320] Tainted: [N]=TEST [ 26.532352] Hardware name: linux,dummy-virt (DT) [ 26.532567] Call trace: [ 26.532734] show_stack+0x20/0x38 (C) [ 26.532866] dump_stack_lvl+0x8c/0xd0 [ 26.532920] print_report+0x118/0x608 [ 26.532968] kasan_report+0xdc/0x128 [ 26.533013] __asan_report_store1_noabort+0x20/0x30 [ 26.533073] kmalloc_oob_right+0x5a4/0x660 [ 26.533119] kunit_try_run_case+0x170/0x3f0 [ 26.533169] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.533222] kthread+0x328/0x630 [ 26.533266] ret_from_fork+0x10/0x20 [ 26.533422] [ 26.533459] Allocated by task 148: [ 26.533579] kasan_save_stack+0x3c/0x68 [ 26.533634] kasan_save_track+0x20/0x40 [ 26.533671] kasan_save_alloc_info+0x40/0x58 [ 26.533706] __kasan_kmalloc+0xd4/0xd8 [ 26.533742] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.533782] kmalloc_oob_right+0xb0/0x660 [ 26.533817] kunit_try_run_case+0x170/0x3f0 [ 26.533854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.533896] kthread+0x328/0x630 [ 26.533927] ret_from_fork+0x10/0x20 [ 26.533979] [ 26.534036] The buggy address belongs to the object at fff00000c643f000 [ 26.534036] which belongs to the cache kmalloc-128 of size 128 [ 26.534138] The buggy address is located 0 bytes to the right of [ 26.534138] allocated 115-byte region [fff00000c643f000, fff00000c643f073) [ 26.534207] [ 26.534287] The buggy address belongs to the physical page: [ 26.534487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 26.534757] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.535036] page_type: f5(slab) [ 26.535331] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 26.535392] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.535496] page dumped because: kasan: bad access detected [ 26.535534] [ 26.535558] Memory state around the buggy address: [ 26.535765] fff00000c643ef00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.535827] fff00000c643ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.535878] >fff00000c643f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.535930] ^ [ 26.536010] fff00000c643f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.536050] fff00000c643f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.536124] ================================================================== [ 26.541340] ================================================================== [ 26.541411] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 26.541459] Read of size 1 at addr fff00000c643f080 by task kunit_try_catch/148 [ 26.541512] [ 26.541558] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 26.541960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.541992] Hardware name: linux,dummy-virt (DT) [ 26.542082] Call trace: [ 26.542108] show_stack+0x20/0x38 (C) [ 26.542237] dump_stack_lvl+0x8c/0xd0 [ 26.542310] print_report+0x118/0x608 [ 26.542400] kasan_report+0xdc/0x128 [ 26.542451] __asan_report_load1_noabort+0x20/0x30 [ 26.542548] kmalloc_oob_right+0x5d0/0x660 [ 26.542686] kunit_try_run_case+0x170/0x3f0 [ 26.542732] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.542789] kthread+0x328/0x630 [ 26.542854] ret_from_fork+0x10/0x20 [ 26.543045] [ 26.543139] Allocated by task 148: [ 26.543193] kasan_save_stack+0x3c/0x68 [ 26.543231] kasan_save_track+0x20/0x40 [ 26.543272] kasan_save_alloc_info+0x40/0x58 [ 26.543455] __kasan_kmalloc+0xd4/0xd8 [ 26.543491] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.543528] kmalloc_oob_right+0xb0/0x660 [ 26.543568] kunit_try_run_case+0x170/0x3f0 [ 26.543750] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.544373] kthread+0x328/0x630 [ 26.544526] ret_from_fork+0x10/0x20 [ 26.544564] [ 26.544582] The buggy address belongs to the object at fff00000c643f000 [ 26.544582] which belongs to the cache kmalloc-128 of size 128 [ 26.544635] The buggy address is located 13 bytes to the right of [ 26.544635] allocated 115-byte region [fff00000c643f000, fff00000c643f073) [ 26.544696] [ 26.544714] The buggy address belongs to the physical page: [ 26.544742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 26.544790] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.544834] page_type: f5(slab) [ 26.544870] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 26.544917] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.544954] page dumped because: kasan: bad access detected [ 26.544983] [ 26.545000] Memory state around the buggy address: [ 26.545028] fff00000c643ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.545078] fff00000c643f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.545117] >fff00000c643f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.545152] ^ [ 26.545177] fff00000c643f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.545216] fff00000c643f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.545252] ==================================================================
[ 21.450700] ================================================================== [ 21.451325] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 21.451701] Write of size 1 at addr ffff888102d56478 by task kunit_try_catch/165 [ 21.452297] [ 21.452398] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.452448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.452460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.452483] Call Trace: [ 21.452497] <TASK> [ 21.452517] dump_stack_lvl+0x73/0xb0 [ 21.452545] print_report+0xd1/0x650 [ 21.452599] ? __virt_addr_valid+0x1db/0x2d0 [ 21.452623] ? kmalloc_oob_right+0x6bd/0x7f0 [ 21.452643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.452680] ? kmalloc_oob_right+0x6bd/0x7f0 [ 21.452701] kasan_report+0x141/0x180 [ 21.452721] ? kmalloc_oob_right+0x6bd/0x7f0 [ 21.452745] __asan_report_store1_noabort+0x1b/0x30 [ 21.452768] kmalloc_oob_right+0x6bd/0x7f0 [ 21.452789] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 21.452809] ? __schedule+0x10cc/0x2b60 [ 21.452833] ? __pfx_read_tsc+0x10/0x10 [ 21.452855] ? ktime_get_ts64+0x86/0x230 [ 21.452923] kunit_try_run_case+0x1a5/0x480 [ 21.452949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.452982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.453006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.453030] ? __kthread_parkme+0x82/0x180 [ 21.453050] ? preempt_count_sub+0x50/0x80 [ 21.453073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.453095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.453117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.453140] kthread+0x337/0x6f0 [ 21.453160] ? trace_preempt_on+0x20/0xc0 [ 21.453182] ? __pfx_kthread+0x10/0x10 [ 21.453202] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.453233] ? calculate_sigpending+0x7b/0xa0 [ 21.453256] ? __pfx_kthread+0x10/0x10 [ 21.453276] ret_from_fork+0x116/0x1d0 [ 21.453294] ? __pfx_kthread+0x10/0x10 [ 21.453313] ret_from_fork_asm+0x1a/0x30 [ 21.453344] </TASK> [ 21.453356] [ 21.464626] Allocated by task 165: [ 21.464948] kasan_save_stack+0x45/0x70 [ 21.465446] kasan_save_track+0x18/0x40 [ 21.465756] kasan_save_alloc_info+0x3b/0x50 [ 21.465953] __kasan_kmalloc+0xb7/0xc0 [ 21.466438] __kmalloc_cache_noprof+0x189/0x420 [ 21.466835] kmalloc_oob_right+0xa9/0x7f0 [ 21.467173] kunit_try_run_case+0x1a5/0x480 [ 21.467406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.467820] kthread+0x337/0x6f0 [ 21.468162] ret_from_fork+0x116/0x1d0 [ 21.468489] ret_from_fork_asm+0x1a/0x30 [ 21.468667] [ 21.468759] The buggy address belongs to the object at ffff888102d56400 [ 21.468759] which belongs to the cache kmalloc-128 of size 128 [ 21.469585] The buggy address is located 5 bytes to the right of [ 21.469585] allocated 115-byte region [ffff888102d56400, ffff888102d56473) [ 21.470476] [ 21.470590] The buggy address belongs to the physical page: [ 21.471083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 21.471480] flags: 0x200000000000000(node=0|zone=2) [ 21.471999] page_type: f5(slab) [ 21.472251] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.472678] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.473194] page dumped because: kasan: bad access detected [ 21.473421] [ 21.473512] Memory state around the buggy address: [ 21.473718] ffff888102d56300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.474299] ffff888102d56380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.474672] >ffff888102d56400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.475218] ^ [ 21.475691] ffff888102d56480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.476182] ffff888102d56500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.476760] ================================================================== [ 21.477612] ================================================================== [ 21.478354] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 21.478858] Read of size 1 at addr ffff888102d56480 by task kunit_try_catch/165 [ 21.479471] [ 21.479572] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.479625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.479638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.479662] Call Trace: [ 21.479684] <TASK> [ 21.479706] dump_stack_lvl+0x73/0xb0 [ 21.479738] print_report+0xd1/0x650 [ 21.479761] ? __virt_addr_valid+0x1db/0x2d0 [ 21.479939] ? kmalloc_oob_right+0x68a/0x7f0 [ 21.479970] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.479996] ? kmalloc_oob_right+0x68a/0x7f0 [ 21.480016] kasan_report+0x141/0x180 [ 21.480037] ? kmalloc_oob_right+0x68a/0x7f0 [ 21.480062] __asan_report_load1_noabort+0x18/0x20 [ 21.480085] kmalloc_oob_right+0x68a/0x7f0 [ 21.480105] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 21.480126] ? __schedule+0x10cc/0x2b60 [ 21.480150] ? __pfx_read_tsc+0x10/0x10 [ 21.480172] ? ktime_get_ts64+0x86/0x230 [ 21.480196] kunit_try_run_case+0x1a5/0x480 [ 21.480233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.480255] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.480278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.480302] ? __kthread_parkme+0x82/0x180 [ 21.480322] ? preempt_count_sub+0x50/0x80 [ 21.480344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.480367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.480390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.480413] kthread+0x337/0x6f0 [ 21.480434] ? trace_preempt_on+0x20/0xc0 [ 21.480460] ? __pfx_kthread+0x10/0x10 [ 21.480481] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.480503] ? calculate_sigpending+0x7b/0xa0 [ 21.480527] ? __pfx_kthread+0x10/0x10 [ 21.480547] ret_from_fork+0x116/0x1d0 [ 21.480566] ? __pfx_kthread+0x10/0x10 [ 21.480585] ret_from_fork_asm+0x1a/0x30 [ 21.480615] </TASK> [ 21.480626] [ 21.492628] Allocated by task 165: [ 21.492813] kasan_save_stack+0x45/0x70 [ 21.493393] kasan_save_track+0x18/0x40 [ 21.493702] kasan_save_alloc_info+0x3b/0x50 [ 21.494098] __kasan_kmalloc+0xb7/0xc0 [ 21.494325] __kmalloc_cache_noprof+0x189/0x420 [ 21.494730] kmalloc_oob_right+0xa9/0x7f0 [ 21.495181] kunit_try_run_case+0x1a5/0x480 [ 21.495356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.495695] kthread+0x337/0x6f0 [ 21.496006] ret_from_fork+0x116/0x1d0 [ 21.496637] ret_from_fork_asm+0x1a/0x30 [ 21.496940] [ 21.497139] The buggy address belongs to the object at ffff888102d56400 [ 21.497139] which belongs to the cache kmalloc-128 of size 128 [ 21.497756] The buggy address is located 13 bytes to the right of [ 21.497756] allocated 115-byte region [ffff888102d56400, ffff888102d56473) [ 21.498564] [ 21.498657] The buggy address belongs to the physical page: [ 21.498949] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 21.499563] flags: 0x200000000000000(node=0|zone=2) [ 21.499820] page_type: f5(slab) [ 21.499968] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.500488] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.500947] page dumped because: kasan: bad access detected [ 21.501232] [ 21.501339] Memory state around the buggy address: [ 21.501562] ffff888102d56380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.502133] ffff888102d56400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.502462] >ffff888102d56480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.502966] ^ [ 21.503150] ffff888102d56500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.503464] ffff888102d56580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.503760] ================================================================== [ 21.421964] ================================================================== [ 21.422630] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 21.423403] Write of size 1 at addr ffff888102d56473 by task kunit_try_catch/165 [ 21.423741] [ 21.424908] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 21.425305] Tainted: [N]=TEST [ 21.425339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.425577] Call Trace: [ 21.425651] <TASK> [ 21.425826] dump_stack_lvl+0x73/0xb0 [ 21.425920] print_report+0xd1/0x650 [ 21.425948] ? __virt_addr_valid+0x1db/0x2d0 [ 21.425973] ? kmalloc_oob_right+0x6f0/0x7f0 [ 21.425993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.426037] ? kmalloc_oob_right+0x6f0/0x7f0 [ 21.426058] kasan_report+0x141/0x180 [ 21.426079] ? kmalloc_oob_right+0x6f0/0x7f0 [ 21.426104] __asan_report_store1_noabort+0x1b/0x30 [ 21.426127] kmalloc_oob_right+0x6f0/0x7f0 [ 21.426148] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 21.426169] ? __schedule+0x10cc/0x2b60 [ 21.426194] ? __pfx_read_tsc+0x10/0x10 [ 21.426217] ? ktime_get_ts64+0x86/0x230 [ 21.426255] kunit_try_run_case+0x1a5/0x480 [ 21.426281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.426303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.426327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.426351] ? __kthread_parkme+0x82/0x180 [ 21.426373] ? preempt_count_sub+0x50/0x80 [ 21.426397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.426420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.426443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.426466] kthread+0x337/0x6f0 [ 21.426485] ? trace_preempt_on+0x20/0xc0 [ 21.426509] ? __pfx_kthread+0x10/0x10 [ 21.426529] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.426552] ? calculate_sigpending+0x7b/0xa0 [ 21.426576] ? __pfx_kthread+0x10/0x10 [ 21.426597] ret_from_fork+0x116/0x1d0 [ 21.426615] ? __pfx_kthread+0x10/0x10 [ 21.426635] ret_from_fork_asm+0x1a/0x30 [ 21.426694] </TASK> [ 21.426764] [ 21.436504] Allocated by task 165: [ 21.437159] kasan_save_stack+0x45/0x70 [ 21.437420] kasan_save_track+0x18/0x40 [ 21.437578] kasan_save_alloc_info+0x3b/0x50 [ 21.437960] __kasan_kmalloc+0xb7/0xc0 [ 21.438195] __kmalloc_cache_noprof+0x189/0x420 [ 21.438410] kmalloc_oob_right+0xa9/0x7f0 [ 21.438586] kunit_try_run_case+0x1a5/0x480 [ 21.438771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.439278] kthread+0x337/0x6f0 [ 21.439433] ret_from_fork+0x116/0x1d0 [ 21.439616] ret_from_fork_asm+0x1a/0x30 [ 21.439862] [ 21.440371] The buggy address belongs to the object at ffff888102d56400 [ 21.440371] which belongs to the cache kmalloc-128 of size 128 [ 21.440960] The buggy address is located 0 bytes to the right of [ 21.440960] allocated 115-byte region [ffff888102d56400, ffff888102d56473) [ 21.441524] [ 21.441693] The buggy address belongs to the physical page: [ 21.442634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d56 [ 21.443250] flags: 0x200000000000000(node=0|zone=2) [ 21.444048] page_type: f5(slab) [ 21.444917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.445278] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.446082] page dumped because: kasan: bad access detected [ 21.446363] [ 21.446468] Memory state around the buggy address: [ 21.446934] ffff888102d56300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.447366] ffff888102d56380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447646] >ffff888102d56400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 21.448068] ^ [ 21.448595] ffff888102d56480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.449090] ffff888102d56500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.449410] ==================================================================