Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 42.286641] ================================================================== [ 42.293956] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 42.301459] Read of size 1 at addr ffff000080e00378 by task kunit_try_catch/280 [ 42.308870] [ 42.310404] CPU: 2 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 42.310433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 42.310442] Hardware name: Thundercomm Dragonboard 845c (DT) [ 42.310454] Call trace: [ 42.310460] show_stack+0x20/0x38 (C) [ 42.310478] dump_stack_lvl+0x8c/0xd0 [ 42.310498] print_report+0x118/0x608 [ 42.310517] kasan_report+0xdc/0x128 [ 42.310536] __asan_report_load1_noabort+0x20/0x30 [ 42.310554] ksize_unpoisons_memory+0x618/0x740 [ 42.310572] kunit_try_run_case+0x170/0x3f0 [ 42.310591] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.310613] kthread+0x328/0x630 [ 42.310628] ret_from_fork+0x10/0x20 [ 42.310647] [ 42.376715] Allocated by task 280: [ 42.380173] kasan_save_stack+0x3c/0x68 [ 42.384083] kasan_save_track+0x20/0x40 [ 42.387993] kasan_save_alloc_info+0x40/0x58 [ 42.392329] __kasan_kmalloc+0xd4/0xd8 [ 42.396151] __kmalloc_cache_noprof+0x16c/0x3c0 [ 42.400761] ksize_unpoisons_memory+0xc0/0x740 [ 42.405277] kunit_try_run_case+0x170/0x3f0 [ 42.409531] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.415103] kthread+0x328/0x630 [ 42.418394] ret_from_fork+0x10/0x20 [ 42.422031] [ 42.423557] The buggy address belongs to the object at ffff000080e00300 [ 42.423557] which belongs to the cache kmalloc-128 of size 128 [ 42.436218] The buggy address is located 5 bytes to the right of [ 42.436218] allocated 115-byte region [ffff000080e00300, ffff000080e00373) [ 42.449318] [ 42.450848] The buggy address belongs to the physical page: [ 42.456492] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100e00 [ 42.464596] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 42.472353] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 42.479410] page_type: f5(slab) [ 42.482616] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 42.490462] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 42.498308] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 42.506241] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 42.514172] head: 0bfffe0000000001 fffffdffc2038001 00000000ffffffff 00000000ffffffff [ 42.522103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 42.530029] page dumped because: kasan: bad access detected [ 42.535676] [ 42.537203] Memory state around the buggy address: [ 42.542066] ffff000080e00200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.549379] ffff000080e00280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.556695] >ffff000080e00300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 42.564007] ^ [ 42.571236] ffff000080e00380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.578551] ffff000080e00400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.585862] ================================================================== [ 41.976054] ================================================================== [ 41.987617] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 41.995113] Read of size 1 at addr ffff000080e00373 by task kunit_try_catch/280 [ 42.002525] [ 42.004065] CPU: 2 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 42.004094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 42.004103] Hardware name: Thundercomm Dragonboard 845c (DT) [ 42.004113] Call trace: [ 42.004119] show_stack+0x20/0x38 (C) [ 42.004138] dump_stack_lvl+0x8c/0xd0 [ 42.004158] print_report+0x118/0x608 [ 42.004176] kasan_report+0xdc/0x128 [ 42.004195] __asan_report_load1_noabort+0x20/0x30 [ 42.004212] ksize_unpoisons_memory+0x628/0x740 [ 42.004231] kunit_try_run_case+0x170/0x3f0 [ 42.004249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.004272] kthread+0x328/0x630 [ 42.004287] ret_from_fork+0x10/0x20 [ 42.004305] [ 42.070332] Allocated by task 280: [ 42.073791] kasan_save_stack+0x3c/0x68 [ 42.077703] kasan_save_track+0x20/0x40 [ 42.081613] kasan_save_alloc_info+0x40/0x58 [ 42.085952] __kasan_kmalloc+0xd4/0xd8 [ 42.089773] __kmalloc_cache_noprof+0x16c/0x3c0 [ 42.094388] ksize_unpoisons_memory+0xc0/0x740 [ 42.098901] kunit_try_run_case+0x170/0x3f0 [ 42.103155] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.108722] kthread+0x328/0x630 [ 42.112015] ret_from_fork+0x10/0x20 [ 42.115655] [ 42.117183] The buggy address belongs to the object at ffff000080e00300 [ 42.117183] which belongs to the cache kmalloc-128 of size 128 [ 42.129849] The buggy address is located 0 bytes to the right of [ 42.129849] allocated 115-byte region [ffff000080e00300, ffff000080e00373) [ 42.142949] [ 42.144484] The buggy address belongs to the physical page: [ 42.150136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100e00 [ 42.158242] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 42.166000] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 42.173059] page_type: f5(slab) [ 42.176263] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 42.184110] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 42.191957] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 42.199887] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 42.207818] head: 0bfffe0000000001 fffffdffc2038001 00000000ffffffff 00000000ffffffff [ 42.215752] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 42.223679] page dumped because: kasan: bad access detected [ 42.229327] [ 42.230857] Memory state around the buggy address: [ 42.235718] ffff000080e00200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.243034] ffff000080e00280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.250349] >ffff000080e00300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 42.257659] ^ [ 42.264626] ffff000080e00380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.271943] ffff000080e00400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.279257] ================================================================== [ 42.594035] ================================================================== [ 42.601365] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 42.608865] Read of size 1 at addr ffff000080e0037f by task kunit_try_catch/280 [ 42.616275] [ 42.617804] CPU: 4 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 42.617834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 42.617843] Hardware name: Thundercomm Dragonboard 845c (DT) [ 42.617854] Call trace: [ 42.617861] show_stack+0x20/0x38 (C) [ 42.617879] dump_stack_lvl+0x8c/0xd0 [ 42.617898] print_report+0x118/0x608 [ 42.617917] kasan_report+0xdc/0x128 [ 42.617935] __asan_report_load1_noabort+0x20/0x30 [ 42.617951] ksize_unpoisons_memory+0x690/0x740 [ 42.617969] kunit_try_run_case+0x170/0x3f0 [ 42.617985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.618004] kthread+0x328/0x630 [ 42.618017] ret_from_fork+0x10/0x20 [ 42.618034] [ 42.684038] Allocated by task 280: [ 42.687493] kasan_save_stack+0x3c/0x68 [ 42.691398] kasan_save_track+0x20/0x40 [ 42.695292] kasan_save_alloc_info+0x40/0x58 [ 42.699623] __kasan_kmalloc+0xd4/0xd8 [ 42.703440] __kmalloc_cache_noprof+0x16c/0x3c0 [ 42.708036] ksize_unpoisons_memory+0xc0/0x740 [ 42.712548] kunit_try_run_case+0x170/0x3f0 [ 42.716797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.722363] kthread+0x328/0x630 [ 42.725644] ret_from_fork+0x10/0x20 [ 42.729275] [ 42.730797] The buggy address belongs to the object at ffff000080e00300 [ 42.730797] which belongs to the cache kmalloc-128 of size 128 [ 42.743447] The buggy address is located 12 bytes to the right of [ 42.743447] allocated 115-byte region [ffff000080e00300, ffff000080e00373) [ 42.756625] [ 42.758148] The buggy address belongs to the physical page: [ 42.763789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100e00 [ 42.771889] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 42.779641] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 42.786692] page_type: f5(slab) [ 42.789888] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 42.797729] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 42.805568] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 42.813492] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 42.821421] head: 0bfffe0000000001 fffffdffc2038001 00000000ffffffff 00000000ffffffff [ 42.829346] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 42.837268] page dumped because: kasan: bad access detected [ 42.842909] [ 42.844437] Memory state around the buggy address: [ 42.849289] ffff000080e00200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.856594] ffff000080e00280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.863909] >ffff000080e00300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 42.871216] ^ [ 42.878432] ffff000080e00380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.885747] ffff000080e00400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.893051] ==================================================================
[ 27.077219] ================================================================== [ 27.077714] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 27.077815] Read of size 1 at addr fff00000c643f97f by task kunit_try_catch/206 [ 27.077865] [ 27.077896] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 27.078447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.078495] Hardware name: linux,dummy-virt (DT) [ 27.078700] Call trace: [ 27.078791] show_stack+0x20/0x38 (C) [ 27.078844] dump_stack_lvl+0x8c/0xd0 [ 27.078893] print_report+0x118/0x608 [ 27.078941] kasan_report+0xdc/0x128 [ 27.078987] __asan_report_load1_noabort+0x20/0x30 [ 27.079036] ksize_unpoisons_memory+0x690/0x740 [ 27.079095] kunit_try_run_case+0x170/0x3f0 [ 27.079989] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.080189] kthread+0x328/0x630 [ 27.080435] ret_from_fork+0x10/0x20 [ 27.080488] [ 27.080698] Allocated by task 206: [ 27.080771] kasan_save_stack+0x3c/0x68 [ 27.080976] kasan_save_track+0x20/0x40 [ 27.081226] kasan_save_alloc_info+0x40/0x58 [ 27.081512] __kasan_kmalloc+0xd4/0xd8 [ 27.081563] __kmalloc_cache_noprof+0x16c/0x3c0 [ 27.081985] ksize_unpoisons_memory+0xc0/0x740 [ 27.082027] kunit_try_run_case+0x170/0x3f0 [ 27.082546] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.082712] kthread+0x328/0x630 [ 27.082787] ret_from_fork+0x10/0x20 [ 27.083076] [ 27.083099] The buggy address belongs to the object at fff00000c643f900 [ 27.083099] which belongs to the cache kmalloc-128 of size 128 [ 27.083344] The buggy address is located 12 bytes to the right of [ 27.083344] allocated 115-byte region [fff00000c643f900, fff00000c643f973) [ 27.083410] [ 27.083429] The buggy address belongs to the physical page: [ 27.083847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 27.084119] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.084468] page_type: f5(slab) [ 27.084781] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 27.085122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.085415] page dumped because: kasan: bad access detected [ 27.085919] [ 27.085995] Memory state around the buggy address: [ 27.086126] fff00000c643f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.086184] fff00000c643f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.086226] >fff00000c643f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.086494] ^ [ 27.086601] fff00000c643f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.086747] fff00000c643fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.087065] ================================================================== [ 27.051509] ================================================================== [ 27.051753] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 27.051981] Read of size 1 at addr fff00000c643f973 by task kunit_try_catch/206 [ 27.052031] [ 27.052078] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 27.052833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.053110] Hardware name: linux,dummy-virt (DT) [ 27.053321] Call trace: [ 27.053385] show_stack+0x20/0x38 (C) [ 27.053443] dump_stack_lvl+0x8c/0xd0 [ 27.053492] print_report+0x118/0x608 [ 27.054105] kasan_report+0xdc/0x128 [ 27.054549] __asan_report_load1_noabort+0x20/0x30 [ 27.054697] ksize_unpoisons_memory+0x628/0x740 [ 27.054746] kunit_try_run_case+0x170/0x3f0 [ 27.055246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.055313] kthread+0x328/0x630 [ 27.055483] ret_from_fork+0x10/0x20 [ 27.055953] [ 27.055973] Allocated by task 206: [ 27.056067] kasan_save_stack+0x3c/0x68 [ 27.056112] kasan_save_track+0x20/0x40 [ 27.056371] kasan_save_alloc_info+0x40/0x58 [ 27.056455] __kasan_kmalloc+0xd4/0xd8 [ 27.056493] __kmalloc_cache_noprof+0x16c/0x3c0 [ 27.056606] ksize_unpoisons_memory+0xc0/0x740 [ 27.056645] kunit_try_run_case+0x170/0x3f0 [ 27.057092] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.057387] kthread+0x328/0x630 [ 27.057425] ret_from_fork+0x10/0x20 [ 27.057461] [ 27.057481] The buggy address belongs to the object at fff00000c643f900 [ 27.057481] which belongs to the cache kmalloc-128 of size 128 [ 27.057542] The buggy address is located 0 bytes to the right of [ 27.057542] allocated 115-byte region [fff00000c643f900, fff00000c643f973) [ 27.058380] [ 27.058729] The buggy address belongs to the physical page: [ 27.058816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 27.058926] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.058979] page_type: f5(slab) [ 27.059617] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 27.059676] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.059718] page dumped because: kasan: bad access detected [ 27.059750] [ 27.059768] Memory state around the buggy address: [ 27.059802] fff00000c643f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.060202] fff00000c643f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.060444] >fff00000c643f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.060776] ^ [ 27.060853] fff00000c643f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.060895] fff00000c643fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.060933] ================================================================== [ 27.065783] ================================================================== [ 27.065832] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 27.065889] Read of size 1 at addr fff00000c643f978 by task kunit_try_catch/206 [ 27.065936] [ 27.065965] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 27.066049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.066086] Hardware name: linux,dummy-virt (DT) [ 27.067359] Call trace: [ 27.067439] show_stack+0x20/0x38 (C) [ 27.067494] dump_stack_lvl+0x8c/0xd0 [ 27.067551] print_report+0x118/0x608 [ 27.067597] kasan_report+0xdc/0x128 [ 27.067642] __asan_report_load1_noabort+0x20/0x30 [ 27.068130] ksize_unpoisons_memory+0x618/0x740 [ 27.068341] kunit_try_run_case+0x170/0x3f0 [ 27.068395] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.068923] kthread+0x328/0x630 [ 27.069104] ret_from_fork+0x10/0x20 [ 27.069695] [ 27.069892] Allocated by task 206: [ 27.070111] kasan_save_stack+0x3c/0x68 [ 27.070165] kasan_save_track+0x20/0x40 [ 27.070318] kasan_save_alloc_info+0x40/0x58 [ 27.070483] __kasan_kmalloc+0xd4/0xd8 [ 27.070679] __kmalloc_cache_noprof+0x16c/0x3c0 [ 27.070726] ksize_unpoisons_memory+0xc0/0x740 [ 27.071106] kunit_try_run_case+0x170/0x3f0 [ 27.071163] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.071382] kthread+0x328/0x630 [ 27.071443] ret_from_fork+0x10/0x20 [ 27.071669] [ 27.071853] The buggy address belongs to the object at fff00000c643f900 [ 27.071853] which belongs to the cache kmalloc-128 of size 128 [ 27.071968] The buggy address is located 5 bytes to the right of [ 27.071968] allocated 115-byte region [fff00000c643f900, fff00000c643f973) [ 27.072218] [ 27.072404] The buggy address belongs to the physical page: [ 27.072441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 27.072886] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 27.072942] page_type: f5(slab) [ 27.073163] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 27.073388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.073432] page dumped because: kasan: bad access detected [ 27.073462] [ 27.073481] Memory state around the buggy address: [ 27.073511] fff00000c643f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.074297] fff00000c643f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.074625] >fff00000c643f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.074825] ^ [ 27.074992] fff00000c643f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.075118] fff00000c643fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.075157] ==================================================================
[ 22.565119] ================================================================== [ 22.565664] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.565948] Read of size 1 at addr ffff8881024c9c7f by task kunit_try_catch/223 [ 22.566361] [ 22.566447] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.566492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.566504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.566525] Call Trace: [ 22.566543] <TASK> [ 22.566559] dump_stack_lvl+0x73/0xb0 [ 22.566585] print_report+0xd1/0x650 [ 22.566606] ? __virt_addr_valid+0x1db/0x2d0 [ 22.566628] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.566673] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566695] kasan_report+0x141/0x180 [ 22.566715] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566741] __asan_report_load1_noabort+0x18/0x20 [ 22.566763] ksize_unpoisons_memory+0x7b6/0x9b0 [ 22.566785] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.566807] ? finish_task_switch.isra.0+0x153/0x700 [ 22.566829] ? __switch_to+0x47/0xf50 [ 22.566853] ? __schedule+0x10cc/0x2b60 [ 22.566877] ? __pfx_read_tsc+0x10/0x10 [ 22.566899] ? ktime_get_ts64+0x86/0x230 [ 22.566922] kunit_try_run_case+0x1a5/0x480 [ 22.566945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.566967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.566990] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.567014] ? __kthread_parkme+0x82/0x180 [ 22.567108] ? preempt_count_sub+0x50/0x80 [ 22.567131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.567154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.567178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.567201] kthread+0x337/0x6f0 [ 22.567232] ? trace_preempt_on+0x20/0xc0 [ 22.567254] ? __pfx_kthread+0x10/0x10 [ 22.567273] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.567295] ? calculate_sigpending+0x7b/0xa0 [ 22.567318] ? __pfx_kthread+0x10/0x10 [ 22.567338] ret_from_fork+0x116/0x1d0 [ 22.567357] ? __pfx_kthread+0x10/0x10 [ 22.567376] ret_from_fork_asm+0x1a/0x30 [ 22.567406] </TASK> [ 22.567417] [ 22.575293] Allocated by task 223: [ 22.575445] kasan_save_stack+0x45/0x70 [ 22.575645] kasan_save_track+0x18/0x40 [ 22.575793] kasan_save_alloc_info+0x3b/0x50 [ 22.575988] __kasan_kmalloc+0xb7/0xc0 [ 22.576214] __kmalloc_cache_noprof+0x189/0x420 [ 22.576423] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.576590] kunit_try_run_case+0x1a5/0x480 [ 22.576730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.576895] kthread+0x337/0x6f0 [ 22.577009] ret_from_fork+0x116/0x1d0 [ 22.577189] ret_from_fork_asm+0x1a/0x30 [ 22.577394] [ 22.577484] The buggy address belongs to the object at ffff8881024c9c00 [ 22.577484] which belongs to the cache kmalloc-128 of size 128 [ 22.578038] The buggy address is located 12 bytes to the right of [ 22.578038] allocated 115-byte region [ffff8881024c9c00, ffff8881024c9c73) [ 22.578705] [ 22.578807] The buggy address belongs to the physical page: [ 22.579096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.579510] flags: 0x200000000000000(node=0|zone=2) [ 22.579667] page_type: f5(slab) [ 22.579783] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.580002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.580889] page dumped because: kasan: bad access detected [ 22.581548] [ 22.581715] Memory state around the buggy address: [ 22.582579] ffff8881024c9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.583519] ffff8881024c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.584455] >ffff8881024c9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.585278] ^ [ 22.585502] ffff8881024c9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.585712] ffff8881024c9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.587149] ================================================================== [ 22.546201] ================================================================== [ 22.546502] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.546794] Read of size 1 at addr ffff8881024c9c78 by task kunit_try_catch/223 [ 22.547347] [ 22.547470] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.547520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.547532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.547555] Call Trace: [ 22.547569] <TASK> [ 22.547588] dump_stack_lvl+0x73/0xb0 [ 22.547617] print_report+0xd1/0x650 [ 22.547639] ? __virt_addr_valid+0x1db/0x2d0 [ 22.547663] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547684] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.547710] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547734] kasan_report+0x141/0x180 [ 22.547756] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547782] __asan_report_load1_noabort+0x18/0x20 [ 22.547818] ksize_unpoisons_memory+0x7e9/0x9b0 [ 22.547840] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.547862] ? finish_task_switch.isra.0+0x153/0x700 [ 22.547883] ? __switch_to+0x47/0xf50 [ 22.547908] ? __schedule+0x10cc/0x2b60 [ 22.547932] ? __pfx_read_tsc+0x10/0x10 [ 22.547954] ? ktime_get_ts64+0x86/0x230 [ 22.547978] kunit_try_run_case+0x1a5/0x480 [ 22.548003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.548024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.548047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.548071] ? __kthread_parkme+0x82/0x180 [ 22.548090] ? preempt_count_sub+0x50/0x80 [ 22.548112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.548134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.548156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.548179] kthread+0x337/0x6f0 [ 22.548200] ? trace_preempt_on+0x20/0xc0 [ 22.548235] ? __pfx_kthread+0x10/0x10 [ 22.548256] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.548279] ? calculate_sigpending+0x7b/0xa0 [ 22.548304] ? __pfx_kthread+0x10/0x10 [ 22.548325] ret_from_fork+0x116/0x1d0 [ 22.548344] ? __pfx_kthread+0x10/0x10 [ 22.548364] ret_from_fork_asm+0x1a/0x30 [ 22.548395] </TASK> [ 22.548406] [ 22.556185] Allocated by task 223: [ 22.556379] kasan_save_stack+0x45/0x70 [ 22.556763] kasan_save_track+0x18/0x40 [ 22.556898] kasan_save_alloc_info+0x3b/0x50 [ 22.557152] __kasan_kmalloc+0xb7/0xc0 [ 22.557291] __kmalloc_cache_noprof+0x189/0x420 [ 22.557440] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.557829] kunit_try_run_case+0x1a5/0x480 [ 22.558008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.558179] kthread+0x337/0x6f0 [ 22.558302] ret_from_fork+0x116/0x1d0 [ 22.558430] ret_from_fork_asm+0x1a/0x30 [ 22.558650] [ 22.558915] The buggy address belongs to the object at ffff8881024c9c00 [ 22.558915] which belongs to the cache kmalloc-128 of size 128 [ 22.559704] The buggy address is located 5 bytes to the right of [ 22.559704] allocated 115-byte region [ffff8881024c9c00, ffff8881024c9c73) [ 22.560213] [ 22.560299] The buggy address belongs to the physical page: [ 22.560470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.560801] flags: 0x200000000000000(node=0|zone=2) [ 22.561099] page_type: f5(slab) [ 22.561276] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.561622] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.561958] page dumped because: kasan: bad access detected [ 22.562336] [ 22.562405] Memory state around the buggy address: [ 22.562620] ffff8881024c9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.562830] ffff8881024c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.563377] >ffff8881024c9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.563678] ^ [ 22.563959] ffff8881024c9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.564166] ffff8881024c9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.564413] ================================================================== [ 22.514197] ================================================================== [ 22.514724] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 22.515903] Read of size 1 at addr ffff8881024c9c73 by task kunit_try_catch/223 [ 22.516741] [ 22.516945] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 22.516999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.517011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.517035] Call Trace: [ 22.517050] <TASK> [ 22.517071] dump_stack_lvl+0x73/0xb0 [ 22.517105] print_report+0xd1/0x650 [ 22.517127] ? __virt_addr_valid+0x1db/0x2d0 [ 22.517152] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517173] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.517198] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517417] kasan_report+0x141/0x180 [ 22.517471] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517499] __asan_report_load1_noabort+0x18/0x20 [ 22.517522] ksize_unpoisons_memory+0x81c/0x9b0 [ 22.517544] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 22.517572] ? finish_task_switch.isra.0+0x153/0x700 [ 22.517596] ? __switch_to+0x47/0xf50 [ 22.517623] ? __schedule+0x10cc/0x2b60 [ 22.517648] ? __pfx_read_tsc+0x10/0x10 [ 22.517669] ? ktime_get_ts64+0x86/0x230 [ 22.517694] kunit_try_run_case+0x1a5/0x480 [ 22.517720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.517741] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.517765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.517789] ? __kthread_parkme+0x82/0x180 [ 22.517809] ? preempt_count_sub+0x50/0x80 [ 22.517830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.517853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.517875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.517898] kthread+0x337/0x6f0 [ 22.517917] ? trace_preempt_on+0x20/0xc0 [ 22.517942] ? __pfx_kthread+0x10/0x10 [ 22.517961] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.517984] ? calculate_sigpending+0x7b/0xa0 [ 22.518007] ? __pfx_kthread+0x10/0x10 [ 22.518028] ret_from_fork+0x116/0x1d0 [ 22.518045] ? __pfx_kthread+0x10/0x10 [ 22.518064] ret_from_fork_asm+0x1a/0x30 [ 22.518095] </TASK> [ 22.518107] [ 22.531561] Allocated by task 223: [ 22.531695] kasan_save_stack+0x45/0x70 [ 22.531838] kasan_save_track+0x18/0x40 [ 22.531967] kasan_save_alloc_info+0x3b/0x50 [ 22.532272] __kasan_kmalloc+0xb7/0xc0 [ 22.532524] __kmalloc_cache_noprof+0x189/0x420 [ 22.532944] ksize_unpoisons_memory+0xc7/0x9b0 [ 22.533392] kunit_try_run_case+0x1a5/0x480 [ 22.533543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.533714] kthread+0x337/0x6f0 [ 22.533857] ret_from_fork+0x116/0x1d0 [ 22.534414] ret_from_fork_asm+0x1a/0x30 [ 22.535083] [ 22.535301] The buggy address belongs to the object at ffff8881024c9c00 [ 22.535301] which belongs to the cache kmalloc-128 of size 128 [ 22.536541] The buggy address is located 0 bytes to the right of [ 22.536541] allocated 115-byte region [ffff8881024c9c00, ffff8881024c9c73) [ 22.537466] [ 22.537663] The buggy address belongs to the physical page: [ 22.538268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024c9 [ 22.538559] flags: 0x200000000000000(node=0|zone=2) [ 22.539078] page_type: f5(slab) [ 22.539615] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.540235] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.540716] page dumped because: kasan: bad access detected [ 22.541034] [ 22.541310] Memory state around the buggy address: [ 22.541887] ffff8881024c9b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.542449] ffff8881024c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.542716] >ffff8881024c9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.543398] ^ [ 22.544048] ffff8881024c9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.544817] ffff8881024c9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.545533] ==================================================================