Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.498375] ================================================================== [ 30.498423] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 30.498468] Write of size 1 at addr fff00000c404f978 by task kunit_try_catch/169 [ 30.498545] [ 30.498584] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.498687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.498715] Hardware name: linux,dummy-virt (DT) [ 30.498753] Call trace: [ 30.498804] show_stack+0x20/0x38 (C) [ 30.498852] dump_stack_lvl+0x8c/0xd0 [ 30.498899] print_report+0x118/0x608 [ 30.499279] kasan_report+0xdc/0x128 [ 30.499353] __asan_report_store1_noabort+0x20/0x30 [ 30.499489] kmalloc_oob_right+0x538/0x660 [ 30.499552] kunit_try_run_case+0x170/0x3f0 [ 30.499669] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.500159] kthread+0x328/0x630 [ 30.500311] ret_from_fork+0x10/0x20 [ 30.500393] [ 30.500412] Allocated by task 169: [ 30.500440] kasan_save_stack+0x3c/0x68 [ 30.500511] kasan_save_track+0x20/0x40 [ 30.500549] kasan_save_alloc_info+0x40/0x58 [ 30.500585] __kasan_kmalloc+0xd4/0xd8 [ 30.500672] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.500968] kmalloc_oob_right+0xb0/0x660 [ 30.501061] kunit_try_run_case+0x170/0x3f0 [ 30.501131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.501210] kthread+0x328/0x630 [ 30.501277] ret_from_fork+0x10/0x20 [ 30.501333] [ 30.501374] The buggy address belongs to the object at fff00000c404f900 [ 30.501374] which belongs to the cache kmalloc-128 of size 128 [ 30.501483] The buggy address is located 5 bytes to the right of [ 30.501483] allocated 115-byte region [fff00000c404f900, fff00000c404f973) [ 30.501572] [ 30.501620] The buggy address belongs to the physical page: [ 30.501693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.501748] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.501815] page_type: f5(slab) [ 30.502193] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.502504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.502605] page dumped because: kasan: bad access detected [ 30.502666] [ 30.502729] Memory state around the buggy address: [ 30.502788] fff00000c404f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.502847] fff00000c404f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.502894] >fff00000c404f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.503009] ^ [ 30.503077] fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.503147] fff00000c404fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.503225] ================================================================== [ 30.504394] ================================================================== [ 30.504461] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 30.504521] Read of size 1 at addr fff00000c404f980 by task kunit_try_catch/169 [ 30.504572] [ 30.504600] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.504815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.504846] Hardware name: linux,dummy-virt (DT) [ 30.504995] Call trace: [ 30.505033] show_stack+0x20/0x38 (C) [ 30.505085] dump_stack_lvl+0x8c/0xd0 [ 30.505142] print_report+0x118/0x608 [ 30.505190] kasan_report+0xdc/0x128 [ 30.505237] __asan_report_load1_noabort+0x20/0x30 [ 30.505286] kmalloc_oob_right+0x5d0/0x660 [ 30.505340] kunit_try_run_case+0x170/0x3f0 [ 30.505388] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.505441] kthread+0x328/0x630 [ 30.505483] ret_from_fork+0x10/0x20 [ 30.505530] [ 30.505548] Allocated by task 169: [ 30.505585] kasan_save_stack+0x3c/0x68 [ 30.505643] kasan_save_track+0x20/0x40 [ 30.505681] kasan_save_alloc_info+0x40/0x58 [ 30.505770] __kasan_kmalloc+0xd4/0xd8 [ 30.505970] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.506154] kmalloc_oob_right+0xb0/0x660 [ 30.506199] kunit_try_run_case+0x170/0x3f0 [ 30.506237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.506419] kthread+0x328/0x630 [ 30.506456] ret_from_fork+0x10/0x20 [ 30.506601] [ 30.506627] The buggy address belongs to the object at fff00000c404f900 [ 30.506627] which belongs to the cache kmalloc-128 of size 128 [ 30.506684] The buggy address is located 13 bytes to the right of [ 30.506684] allocated 115-byte region [fff00000c404f900, fff00000c404f973) [ 30.506747] [ 30.506766] The buggy address belongs to the physical page: [ 30.506808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.506861] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.506907] page_type: f5(slab) [ 30.506955] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.507150] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.507220] page dumped because: kasan: bad access detected [ 30.507258] [ 30.507277] Memory state around the buggy address: [ 30.507333] fff00000c404f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507376] fff00000c404f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.507426] >fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507464] ^ [ 30.507491] fff00000c404fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507532] fff00000c404fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507777] ================================================================== [ 30.490855] ================================================================== [ 30.491663] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 30.492507] Write of size 1 at addr fff00000c404f973 by task kunit_try_catch/169 [ 30.492616] [ 30.493387] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.493536] Tainted: [N]=TEST [ 30.493569] Hardware name: linux,dummy-virt (DT) [ 30.493786] Call trace: [ 30.493976] show_stack+0x20/0x38 (C) [ 30.494113] dump_stack_lvl+0x8c/0xd0 [ 30.494168] print_report+0x118/0x608 [ 30.494219] kasan_report+0xdc/0x128 [ 30.494266] __asan_report_store1_noabort+0x20/0x30 [ 30.494315] kmalloc_oob_right+0x5a4/0x660 [ 30.494362] kunit_try_run_case+0x170/0x3f0 [ 30.494415] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.494469] kthread+0x328/0x630 [ 30.494514] ret_from_fork+0x10/0x20 [ 30.494668] [ 30.494710] Allocated by task 169: [ 30.494827] kasan_save_stack+0x3c/0x68 [ 30.494892] kasan_save_track+0x20/0x40 [ 30.494943] kasan_save_alloc_info+0x40/0x58 [ 30.494980] __kasan_kmalloc+0xd4/0xd8 [ 30.495016] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.495058] kmalloc_oob_right+0xb0/0x660 [ 30.495094] kunit_try_run_case+0x170/0x3f0 [ 30.495131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.495174] kthread+0x328/0x630 [ 30.495206] ret_from_fork+0x10/0x20 [ 30.495261] [ 30.495320] The buggy address belongs to the object at fff00000c404f900 [ 30.495320] which belongs to the cache kmalloc-128 of size 128 [ 30.495410] The buggy address is located 0 bytes to the right of [ 30.495410] allocated 115-byte region [fff00000c404f900, fff00000c404f973) [ 30.495476] [ 30.495617] The buggy address belongs to the physical page: [ 30.495844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10404f [ 30.496127] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.496407] page_type: f5(slab) [ 30.496692] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.496754] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.496857] page dumped because: kasan: bad access detected [ 30.496897] [ 30.496922] Memory state around the buggy address: [ 30.497150] fff00000c404f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.497215] fff00000c404f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.497268] >fff00000c404f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.497322] ^ [ 30.497402] fff00000c404f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.497444] fff00000c404fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.497504] ==================================================================
[ 32.326275] ================================================================== [ 32.326374] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 32.326472] Read of size 1 at addr fff00000c63fb480 by task kunit_try_catch/167 [ 32.326642] [ 32.326737] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.326865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.326891] Hardware name: linux,dummy-virt (DT) [ 32.326936] Call trace: [ 32.326959] show_stack+0x20/0x38 (C) [ 32.327014] dump_stack_lvl+0x8c/0xd0 [ 32.327122] print_report+0x118/0x608 [ 32.327474] kasan_report+0xdc/0x128 [ 32.327794] __asan_report_load1_noabort+0x20/0x30 [ 32.327852] kmalloc_oob_right+0x5d0/0x660 [ 32.327916] kunit_try_run_case+0x170/0x3f0 [ 32.327964] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.328017] kthread+0x328/0x630 [ 32.328059] ret_from_fork+0x10/0x20 [ 32.328106] [ 32.328123] Allocated by task 167: [ 32.328151] kasan_save_stack+0x3c/0x68 [ 32.328206] kasan_save_track+0x20/0x40 [ 32.328243] kasan_save_alloc_info+0x40/0x58 [ 32.328278] __kasan_kmalloc+0xd4/0xd8 [ 32.328358] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.328396] kmalloc_oob_right+0xb0/0x660 [ 32.328570] kunit_try_run_case+0x170/0x3f0 [ 32.328609] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.328651] kthread+0x328/0x630 [ 32.328692] ret_from_fork+0x10/0x20 [ 32.328781] [ 32.328800] The buggy address belongs to the object at fff00000c63fb400 [ 32.328800] which belongs to the cache kmalloc-128 of size 128 [ 32.328998] The buggy address is located 13 bytes to the right of [ 32.328998] allocated 115-byte region [fff00000c63fb400, fff00000c63fb473) [ 32.329102] [ 32.329135] The buggy address belongs to the physical page: [ 32.329339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.329437] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.329495] page_type: f5(slab) [ 32.329532] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.329581] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.329620] page dumped because: kasan: bad access detected [ 32.329807] [ 32.329839] Memory state around the buggy address: [ 32.329909] fff00000c63fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.329956] fff00000c63fb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.330041] >fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330141] ^ [ 32.330477] fff00000c63fb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330557] fff00000c63fb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.330596] ================================================================== [ 32.313769] ================================================================== [ 32.314092] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 32.314916] Write of size 1 at addr fff00000c63fb473 by task kunit_try_catch/167 [ 32.315027] [ 32.315840] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.315993] Tainted: [N]=TEST [ 32.316027] Hardware name: linux,dummy-virt (DT) [ 32.316261] Call trace: [ 32.316435] show_stack+0x20/0x38 (C) [ 32.316567] dump_stack_lvl+0x8c/0xd0 [ 32.316624] print_report+0x118/0x608 [ 32.316675] kasan_report+0xdc/0x128 [ 32.316721] __asan_report_store1_noabort+0x20/0x30 [ 32.316772] kmalloc_oob_right+0x5a4/0x660 [ 32.316820] kunit_try_run_case+0x170/0x3f0 [ 32.316872] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.316926] kthread+0x328/0x630 [ 32.316971] ret_from_fork+0x10/0x20 [ 32.317122] [ 32.317173] Allocated by task 167: [ 32.317286] kasan_save_stack+0x3c/0x68 [ 32.317350] kasan_save_track+0x20/0x40 [ 32.317388] kasan_save_alloc_info+0x40/0x58 [ 32.317425] __kasan_kmalloc+0xd4/0xd8 [ 32.317461] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.317506] kmalloc_oob_right+0xb0/0x660 [ 32.317542] kunit_try_run_case+0x170/0x3f0 [ 32.317579] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.317622] kthread+0x328/0x630 [ 32.317653] ret_from_fork+0x10/0x20 [ 32.317706] [ 32.317764] The buggy address belongs to the object at fff00000c63fb400 [ 32.317764] which belongs to the cache kmalloc-128 of size 128 [ 32.317853] The buggy address is located 0 bytes to the right of [ 32.317853] allocated 115-byte region [fff00000c63fb400, fff00000c63fb473) [ 32.317924] [ 32.318004] The buggy address belongs to the physical page: [ 32.318200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.318466] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.318750] page_type: f5(slab) [ 32.319026] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.319086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.319200] page dumped because: kasan: bad access detected [ 32.319241] [ 32.319267] Memory state around the buggy address: [ 32.319510] fff00000c63fb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.319601] fff00000c63fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319655] >fff00000c63fb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.319709] ^ [ 32.319795] fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319838] fff00000c63fb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.319899] ================================================================== [ 32.321411] ================================================================== [ 32.321612] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 32.321846] Write of size 1 at addr fff00000c63fb478 by task kunit_try_catch/167 [ 32.321896] [ 32.321925] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.322015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.322132] Hardware name: linux,dummy-virt (DT) [ 32.322192] Call trace: [ 32.322214] show_stack+0x20/0x38 (C) [ 32.322262] dump_stack_lvl+0x8c/0xd0 [ 32.322899] print_report+0x118/0x608 [ 32.323126] kasan_report+0xdc/0x128 [ 32.323184] __asan_report_store1_noabort+0x20/0x30 [ 32.323232] kmalloc_oob_right+0x538/0x660 [ 32.323285] kunit_try_run_case+0x170/0x3f0 [ 32.323375] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.323512] kthread+0x328/0x630 [ 32.323554] ret_from_fork+0x10/0x20 [ 32.323601] [ 32.323619] Allocated by task 167: [ 32.323646] kasan_save_stack+0x3c/0x68 [ 32.323705] kasan_save_track+0x20/0x40 [ 32.323742] kasan_save_alloc_info+0x40/0x58 [ 32.323778] __kasan_kmalloc+0xd4/0xd8 [ 32.323814] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.323852] kmalloc_oob_right+0xb0/0x660 [ 32.323995] kunit_try_run_case+0x170/0x3f0 [ 32.324200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.324387] kthread+0x328/0x630 [ 32.324467] ret_from_fork+0x10/0x20 [ 32.324567] [ 32.324588] The buggy address belongs to the object at fff00000c63fb400 [ 32.324588] which belongs to the cache kmalloc-128 of size 128 [ 32.324791] The buggy address is located 5 bytes to the right of [ 32.324791] allocated 115-byte region [fff00000c63fb400, fff00000c63fb473) [ 32.324854] [ 32.324873] The buggy address belongs to the physical page: [ 32.324916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.324965] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.325033] page_type: f5(slab) [ 32.325070] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.325120] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.325169] page dumped because: kasan: bad access detected [ 32.325199] [ 32.325217] Memory state around the buggy address: [ 32.325246] fff00000c63fb300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.325288] fff00000c63fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.325329] >fff00000c63fb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.325365] ^ [ 32.325404] fff00000c63fb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.325477] fff00000c63fb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.325518] ==================================================================
[ 22.384014] ================================================================== [ 22.384818] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.385510] Write of size 1 at addr ffff888105887d73 by task kunit_try_catch/184 [ 22.385951] [ 22.387152] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.387515] Tainted: [N]=TEST [ 22.387549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.387782] Call Trace: [ 22.387851] <TASK> [ 22.388004] dump_stack_lvl+0x73/0xb0 [ 22.388092] print_report+0xd1/0x650 [ 22.388121] ? __virt_addr_valid+0x1db/0x2d0 [ 22.388147] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.388168] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.388192] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.388213] kasan_report+0x141/0x180 [ 22.388234] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.388259] __asan_report_store1_noabort+0x1b/0x30 [ 22.388282] kmalloc_oob_right+0x6f0/0x7f0 [ 22.388303] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.388338] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.388363] kunit_try_run_case+0x1a5/0x480 [ 22.388390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.388412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.388434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.388455] ? __kthread_parkme+0x82/0x180 [ 22.388476] ? preempt_count_sub+0x50/0x80 [ 22.388499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.388536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.388559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.388583] kthread+0x337/0x6f0 [ 22.388601] ? trace_preempt_on+0x20/0xc0 [ 22.388626] ? __pfx_kthread+0x10/0x10 [ 22.388646] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.388683] ? calculate_sigpending+0x7b/0xa0 [ 22.388707] ? __pfx_kthread+0x10/0x10 [ 22.388728] ret_from_fork+0x116/0x1d0 [ 22.388748] ? __pfx_kthread+0x10/0x10 [ 22.388769] ret_from_fork_asm+0x1a/0x30 [ 22.388826] </TASK> [ 22.388894] [ 22.399270] Allocated by task 184: [ 22.400042] kasan_save_stack+0x45/0x70 [ 22.400297] kasan_save_track+0x18/0x40 [ 22.400469] kasan_save_alloc_info+0x3b/0x50 [ 22.400717] __kasan_kmalloc+0xb7/0xc0 [ 22.401136] __kmalloc_cache_noprof+0x189/0x420 [ 22.401365] kmalloc_oob_right+0xa9/0x7f0 [ 22.401546] kunit_try_run_case+0x1a5/0x480 [ 22.401982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.402187] kthread+0x337/0x6f0 [ 22.402372] ret_from_fork+0x116/0x1d0 [ 22.402525] ret_from_fork_asm+0x1a/0x30 [ 22.402805] [ 22.403336] The buggy address belongs to the object at ffff888105887d00 [ 22.403336] which belongs to the cache kmalloc-128 of size 128 [ 22.404137] The buggy address is located 0 bytes to the right of [ 22.404137] allocated 115-byte region [ffff888105887d00, ffff888105887d73) [ 22.404786] [ 22.405215] The buggy address belongs to the physical page: [ 22.405913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 22.406479] flags: 0x200000000000000(node=0|zone=2) [ 22.407113] page_type: f5(slab) [ 22.407667] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.408034] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.408482] page dumped because: kasan: bad access detected [ 22.408910] [ 22.409128] Memory state around the buggy address: [ 22.409786] ffff888105887c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.410115] ffff888105887c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.410461] >ffff888105887d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.411197] ^ [ 22.411628] ffff888105887d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.412194] ffff888105887e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.412652] ================================================================== [ 22.433152] ================================================================== [ 22.433409] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.433883] Read of size 1 at addr ffff888105887d80 by task kunit_try_catch/184 [ 22.434156] [ 22.434238] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.434285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.434298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.434366] Call Trace: [ 22.434404] <TASK> [ 22.434470] dump_stack_lvl+0x73/0xb0 [ 22.434507] print_report+0xd1/0x650 [ 22.434539] ? __virt_addr_valid+0x1db/0x2d0 [ 22.434562] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.434582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.434606] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.434627] kasan_report+0x141/0x180 [ 22.434647] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.434705] __asan_report_load1_noabort+0x18/0x20 [ 22.434760] kmalloc_oob_right+0x68a/0x7f0 [ 22.434781] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.434804] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.434828] kunit_try_run_case+0x1a5/0x480 [ 22.434852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.434875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.434896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.434917] ? __kthread_parkme+0x82/0x180 [ 22.434937] ? preempt_count_sub+0x50/0x80 [ 22.434960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.434984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.435006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.435030] kthread+0x337/0x6f0 [ 22.435049] ? trace_preempt_on+0x20/0xc0 [ 22.435072] ? __pfx_kthread+0x10/0x10 [ 22.435092] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.435115] ? calculate_sigpending+0x7b/0xa0 [ 22.435138] ? __pfx_kthread+0x10/0x10 [ 22.435159] ret_from_fork+0x116/0x1d0 [ 22.435178] ? __pfx_kthread+0x10/0x10 [ 22.435197] ret_from_fork_asm+0x1a/0x30 [ 22.435227] </TASK> [ 22.435238] [ 22.442634] Allocated by task 184: [ 22.442946] kasan_save_stack+0x45/0x70 [ 22.443142] kasan_save_track+0x18/0x40 [ 22.443339] kasan_save_alloc_info+0x3b/0x50 [ 22.443542] __kasan_kmalloc+0xb7/0xc0 [ 22.443669] __kmalloc_cache_noprof+0x189/0x420 [ 22.444058] kmalloc_oob_right+0xa9/0x7f0 [ 22.444270] kunit_try_run_case+0x1a5/0x480 [ 22.444487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.444834] kthread+0x337/0x6f0 [ 22.445039] ret_from_fork+0x116/0x1d0 [ 22.445216] ret_from_fork_asm+0x1a/0x30 [ 22.445363] [ 22.445430] The buggy address belongs to the object at ffff888105887d00 [ 22.445430] which belongs to the cache kmalloc-128 of size 128 [ 22.445786] The buggy address is located 13 bytes to the right of [ 22.445786] allocated 115-byte region [ffff888105887d00, ffff888105887d73) [ 22.446713] [ 22.446810] The buggy address belongs to the physical page: [ 22.447085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 22.447460] flags: 0x200000000000000(node=0|zone=2) [ 22.447695] page_type: f5(slab) [ 22.447879] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.448249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.448642] page dumped because: kasan: bad access detected [ 22.448824] [ 22.448889] Memory state around the buggy address: [ 22.449099] ffff888105887c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.449657] ffff888105887d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.449956] >ffff888105887d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.450226] ^ [ 22.450398] ffff888105887e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.450868] ffff888105887e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.451180] ================================================================== [ 22.414122] ================================================================== [ 22.414480] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.414860] Write of size 1 at addr ffff888105887d78 by task kunit_try_catch/184 [ 22.415354] [ 22.415462] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.415512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.415526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.415549] Call Trace: [ 22.415562] <TASK> [ 22.415579] dump_stack_lvl+0x73/0xb0 [ 22.415606] print_report+0xd1/0x650 [ 22.415628] ? __virt_addr_valid+0x1db/0x2d0 [ 22.415650] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.415670] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.415739] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.415761] kasan_report+0x141/0x180 [ 22.415820] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.415845] __asan_report_store1_noabort+0x1b/0x30 [ 22.415868] kmalloc_oob_right+0x6bd/0x7f0 [ 22.415889] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.415912] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.415937] kunit_try_run_case+0x1a5/0x480 [ 22.415961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.415984] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.416046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.416066] ? __kthread_parkme+0x82/0x180 [ 22.416131] ? preempt_count_sub+0x50/0x80 [ 22.416155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.416179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.416212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.416236] kthread+0x337/0x6f0 [ 22.416255] ? trace_preempt_on+0x20/0xc0 [ 22.416278] ? __pfx_kthread+0x10/0x10 [ 22.416298] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.416329] ? calculate_sigpending+0x7b/0xa0 [ 22.416353] ? __pfx_kthread+0x10/0x10 [ 22.416374] ret_from_fork+0x116/0x1d0 [ 22.416393] ? __pfx_kthread+0x10/0x10 [ 22.416413] ret_from_fork_asm+0x1a/0x30 [ 22.416445] </TASK> [ 22.416456] [ 22.423988] Allocated by task 184: [ 22.424167] kasan_save_stack+0x45/0x70 [ 22.424378] kasan_save_track+0x18/0x40 [ 22.424562] kasan_save_alloc_info+0x3b/0x50 [ 22.424768] __kasan_kmalloc+0xb7/0xc0 [ 22.424944] __kmalloc_cache_noprof+0x189/0x420 [ 22.425191] kmalloc_oob_right+0xa9/0x7f0 [ 22.425360] kunit_try_run_case+0x1a5/0x480 [ 22.425526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.425785] kthread+0x337/0x6f0 [ 22.426061] ret_from_fork+0x116/0x1d0 [ 22.426276] ret_from_fork_asm+0x1a/0x30 [ 22.426556] [ 22.426631] The buggy address belongs to the object at ffff888105887d00 [ 22.426631] which belongs to the cache kmalloc-128 of size 128 [ 22.427143] The buggy address is located 5 bytes to the right of [ 22.427143] allocated 115-byte region [ffff888105887d00, ffff888105887d73) [ 22.427522] [ 22.427614] The buggy address belongs to the physical page: [ 22.427945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 22.428301] flags: 0x200000000000000(node=0|zone=2) [ 22.428684] page_type: f5(slab) [ 22.428851] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.429077] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.429418] page dumped because: kasan: bad access detected [ 22.429887] [ 22.430064] Memory state around the buggy address: [ 22.430411] ffff888105887c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.430838] ffff888105887c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.431193] >ffff888105887d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.431568] ^ [ 22.431897] ffff888105887d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.432187] ffff888105887e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.432464] ==================================================================
[ 22.610131] ================================================================== [ 22.610487] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.610808] Write of size 1 at addr ffff88810255e378 by task kunit_try_catch/185 [ 22.611149] [ 22.611237] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.611286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.611299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.611320] Call Trace: [ 22.611341] <TASK> [ 22.611360] dump_stack_lvl+0x73/0xb0 [ 22.611388] print_report+0xd1/0x650 [ 22.611410] ? __virt_addr_valid+0x1db/0x2d0 [ 22.611433] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.611453] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.611478] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.611499] kasan_report+0x141/0x180 [ 22.611520] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.611545] __asan_report_store1_noabort+0x1b/0x30 [ 22.611569] kmalloc_oob_right+0x6bd/0x7f0 [ 22.611590] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.611611] ? __schedule+0x10cc/0x2b60 [ 22.611632] ? __pfx_read_tsc+0x10/0x10 [ 22.611653] ? ktime_get_ts64+0x86/0x230 [ 22.611678] kunit_try_run_case+0x1a5/0x480 [ 22.611703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.611726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.611747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.611768] ? __kthread_parkme+0x82/0x180 [ 22.611788] ? preempt_count_sub+0x50/0x80 [ 22.611811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.611835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.611858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.611882] kthread+0x337/0x6f0 [ 22.611902] ? trace_preempt_on+0x20/0xc0 [ 22.611946] ? __pfx_kthread+0x10/0x10 [ 22.611966] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.611991] ? calculate_sigpending+0x7b/0xa0 [ 22.612015] ? __pfx_kthread+0x10/0x10 [ 22.612036] ret_from_fork+0x116/0x1d0 [ 22.612055] ? __pfx_kthread+0x10/0x10 [ 22.612083] ret_from_fork_asm+0x1a/0x30 [ 22.612114] </TASK> [ 22.612125] [ 22.620535] Allocated by task 185: [ 22.620913] kasan_save_stack+0x45/0x70 [ 22.621144] kasan_save_track+0x18/0x40 [ 22.621474] kasan_save_alloc_info+0x3b/0x50 [ 22.621747] __kasan_kmalloc+0xb7/0xc0 [ 22.621896] __kmalloc_cache_noprof+0x189/0x420 [ 22.622256] kmalloc_oob_right+0xa9/0x7f0 [ 22.622449] kunit_try_run_case+0x1a5/0x480 [ 22.622638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.622862] kthread+0x337/0x6f0 [ 22.623261] ret_from_fork+0x116/0x1d0 [ 22.623421] ret_from_fork_asm+0x1a/0x30 [ 22.623619] [ 22.623687] The buggy address belongs to the object at ffff88810255e300 [ 22.623687] which belongs to the cache kmalloc-128 of size 128 [ 22.624417] The buggy address is located 5 bytes to the right of [ 22.624417] allocated 115-byte region [ffff88810255e300, ffff88810255e373) [ 22.625173] [ 22.625272] The buggy address belongs to the physical page: [ 22.625458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.625799] flags: 0x200000000000000(node=0|zone=2) [ 22.626304] page_type: f5(slab) [ 22.626447] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.626905] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.627341] page dumped because: kasan: bad access detected [ 22.627572] [ 22.627663] Memory state around the buggy address: [ 22.627876] ffff88810255e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.628431] ffff88810255e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.628722] >ffff88810255e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.629145] ^ [ 22.629521] ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.629827] ffff88810255e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.630273] ================================================================== [ 22.631115] ================================================================== [ 22.631572] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.631880] Read of size 1 at addr ffff88810255e380 by task kunit_try_catch/185 [ 22.632548] [ 22.632727] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.632849] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.632864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.632887] Call Trace: [ 22.632911] <TASK> [ 22.632959] dump_stack_lvl+0x73/0xb0 [ 22.632991] print_report+0xd1/0x650 [ 22.633014] ? __virt_addr_valid+0x1db/0x2d0 [ 22.633038] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.633068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.633094] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.633116] kasan_report+0x141/0x180 [ 22.633137] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.633163] __asan_report_load1_noabort+0x18/0x20 [ 22.633186] kmalloc_oob_right+0x68a/0x7f0 [ 22.633208] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.633230] ? __schedule+0x10cc/0x2b60 [ 22.633251] ? __pfx_read_tsc+0x10/0x10 [ 22.633274] ? ktime_get_ts64+0x86/0x230 [ 22.633299] kunit_try_run_case+0x1a5/0x480 [ 22.633326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.633349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.633371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.633392] ? __kthread_parkme+0x82/0x180 [ 22.633413] ? preempt_count_sub+0x50/0x80 [ 22.633437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.633462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.633486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.633510] kthread+0x337/0x6f0 [ 22.633529] ? trace_preempt_on+0x20/0xc0 [ 22.633553] ? __pfx_kthread+0x10/0x10 [ 22.633573] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.633598] ? calculate_sigpending+0x7b/0xa0 [ 22.633623] ? __pfx_kthread+0x10/0x10 [ 22.633645] ret_from_fork+0x116/0x1d0 [ 22.633663] ? __pfx_kthread+0x10/0x10 [ 22.633684] ret_from_fork_asm+0x1a/0x30 [ 22.633716] </TASK> [ 22.633727] [ 22.642526] Allocated by task 185: [ 22.642786] kasan_save_stack+0x45/0x70 [ 22.643147] kasan_save_track+0x18/0x40 [ 22.643320] kasan_save_alloc_info+0x3b/0x50 [ 22.643506] __kasan_kmalloc+0xb7/0xc0 [ 22.643667] __kmalloc_cache_noprof+0x189/0x420 [ 22.643866] kmalloc_oob_right+0xa9/0x7f0 [ 22.644374] kunit_try_run_case+0x1a5/0x480 [ 22.644643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.644884] kthread+0x337/0x6f0 [ 22.645210] ret_from_fork+0x116/0x1d0 [ 22.645436] ret_from_fork_asm+0x1a/0x30 [ 22.645745] [ 22.645818] The buggy address belongs to the object at ffff88810255e300 [ 22.645818] which belongs to the cache kmalloc-128 of size 128 [ 22.646441] The buggy address is located 13 bytes to the right of [ 22.646441] allocated 115-byte region [ffff88810255e300, ffff88810255e373) [ 22.647150] [ 22.647250] The buggy address belongs to the physical page: [ 22.647440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.647918] flags: 0x200000000000000(node=0|zone=2) [ 22.648348] page_type: f5(slab) [ 22.648486] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.648809] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.649348] page dumped because: kasan: bad access detected [ 22.649722] [ 22.649798] Memory state around the buggy address: [ 22.650325] ffff88810255e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.650778] ffff88810255e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.651231] >ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.651625] ^ [ 22.651898] ffff88810255e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.652268] ffff88810255e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.652678] ================================================================== [ 22.587752] ================================================================== [ 22.588632] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.589677] Write of size 1 at addr ffff88810255e373 by task kunit_try_catch/185 [ 22.590452] [ 22.591667] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.592045] Tainted: [N]=TEST [ 22.592091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.592334] Call Trace: [ 22.592407] <TASK> [ 22.592560] dump_stack_lvl+0x73/0xb0 [ 22.592653] print_report+0xd1/0x650 [ 22.592684] ? __virt_addr_valid+0x1db/0x2d0 [ 22.592710] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.592731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.592757] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.592778] kasan_report+0x141/0x180 [ 22.592799] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.592825] __asan_report_store1_noabort+0x1b/0x30 [ 22.592849] kmalloc_oob_right+0x6f0/0x7f0 [ 22.592871] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.592892] ? __schedule+0x10cc/0x2b60 [ 22.592942] ? __pfx_read_tsc+0x10/0x10 [ 22.592965] ? ktime_get_ts64+0x86/0x230 [ 22.592992] kunit_try_run_case+0x1a5/0x480 [ 22.593020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.593043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.593075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.593096] ? __kthread_parkme+0x82/0x180 [ 22.593118] ? preempt_count_sub+0x50/0x80 [ 22.593142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.593166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.593189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.593213] kthread+0x337/0x6f0 [ 22.593233] ? trace_preempt_on+0x20/0xc0 [ 22.593259] ? __pfx_kthread+0x10/0x10 [ 22.593279] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.593302] ? calculate_sigpending+0x7b/0xa0 [ 22.593328] ? __pfx_kthread+0x10/0x10 [ 22.593349] ret_from_fork+0x116/0x1d0 [ 22.593368] ? __pfx_kthread+0x10/0x10 [ 22.593389] ret_from_fork_asm+0x1a/0x30 [ 22.593446] </TASK> [ 22.593514] [ 22.599720] Allocated by task 185: [ 22.599998] kasan_save_stack+0x45/0x70 [ 22.600232] kasan_save_track+0x18/0x40 [ 22.600422] kasan_save_alloc_info+0x3b/0x50 [ 22.600626] __kasan_kmalloc+0xb7/0xc0 [ 22.600802] __kmalloc_cache_noprof+0x189/0x420 [ 22.601010] kmalloc_oob_right+0xa9/0x7f0 [ 22.601155] kunit_try_run_case+0x1a5/0x480 [ 22.601297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.601537] kthread+0x337/0x6f0 [ 22.601703] ret_from_fork+0x116/0x1d0 [ 22.601892] ret_from_fork_asm+0x1a/0x30 [ 22.602157] [ 22.602301] The buggy address belongs to the object at ffff88810255e300 [ 22.602301] which belongs to the cache kmalloc-128 of size 128 [ 22.602816] The buggy address is located 0 bytes to the right of [ 22.602816] allocated 115-byte region [ffff88810255e300, ffff88810255e373) [ 22.603405] [ 22.603569] The buggy address belongs to the physical page: [ 22.604069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10255e [ 22.604600] flags: 0x200000000000000(node=0|zone=2) [ 22.605212] page_type: f5(slab) [ 22.605653] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.605986] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.606360] page dumped because: kasan: bad access detected [ 22.606629] [ 22.606728] Memory state around the buggy address: [ 22.607229] ffff88810255e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.607533] ffff88810255e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.607763] >ffff88810255e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.608133] ^ [ 22.608443] ffff88810255e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.608702] ffff88810255e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.608955] ==================================================================