Date
July 2, 2025, 11:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.990404] ================================================================== [ 30.990713] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 30.991037] Read of size 1 at addr fff00000c91f0173 by task kunit_try_catch/227 [ 30.991224] [ 30.991259] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.991423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.991451] Hardware name: linux,dummy-virt (DT) [ 30.991663] Call trace: [ 30.991705] show_stack+0x20/0x38 (C) [ 30.992020] dump_stack_lvl+0x8c/0xd0 [ 30.992256] print_report+0x118/0x608 [ 30.992471] kasan_report+0xdc/0x128 [ 30.992642] __asan_report_load1_noabort+0x20/0x30 [ 30.992767] ksize_unpoisons_memory+0x628/0x740 [ 30.992847] kunit_try_run_case+0x170/0x3f0 [ 30.993084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.993267] kthread+0x328/0x630 [ 30.993359] ret_from_fork+0x10/0x20 [ 30.993669] [ 30.993801] Allocated by task 227: [ 30.993941] kasan_save_stack+0x3c/0x68 [ 30.994001] kasan_save_track+0x20/0x40 [ 30.994237] kasan_save_alloc_info+0x40/0x58 [ 30.994327] __kasan_kmalloc+0xd4/0xd8 [ 30.994482] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.994560] ksize_unpoisons_memory+0xc0/0x740 [ 30.994627] kunit_try_run_case+0x170/0x3f0 [ 30.994704] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.994750] kthread+0x328/0x630 [ 30.994812] ret_from_fork+0x10/0x20 [ 30.995119] [ 30.995244] The buggy address belongs to the object at fff00000c91f0100 [ 30.995244] which belongs to the cache kmalloc-128 of size 128 [ 30.995310] The buggy address is located 0 bytes to the right of [ 30.995310] allocated 115-byte region [fff00000c91f0100, fff00000c91f0173) [ 30.995412] [ 30.995576] The buggy address belongs to the physical page: [ 30.995670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 30.995884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.996019] page_type: f5(slab) [ 30.996067] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.996409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.996480] page dumped because: kasan: bad access detected [ 30.996614] [ 30.996673] Memory state around the buggy address: [ 30.996733] fff00000c91f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.996775] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.996959] >fff00000c91f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.997165] ^ [ 30.997265] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.997338] fff00000c91f0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.997404] ================================================================== [ 30.998521] ================================================================== [ 30.998571] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 30.998621] Read of size 1 at addr fff00000c91f0178 by task kunit_try_catch/227 [ 30.998673] [ 30.998703] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.998833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.998891] Hardware name: linux,dummy-virt (DT) [ 30.999467] Call trace: [ 30.999575] show_stack+0x20/0x38 (C) [ 31.000055] dump_stack_lvl+0x8c/0xd0 [ 31.000171] print_report+0x118/0x608 [ 31.000381] kasan_report+0xdc/0x128 [ 31.000488] __asan_report_load1_noabort+0x20/0x30 [ 31.000692] ksize_unpoisons_memory+0x618/0x740 [ 31.000776] kunit_try_run_case+0x170/0x3f0 [ 31.001131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.001220] kthread+0x328/0x630 [ 31.001345] ret_from_fork+0x10/0x20 [ 31.001416] [ 31.001466] Allocated by task 227: [ 31.001570] kasan_save_stack+0x3c/0x68 [ 31.001615] kasan_save_track+0x20/0x40 [ 31.001652] kasan_save_alloc_info+0x40/0x58 [ 31.001722] __kasan_kmalloc+0xd4/0xd8 [ 31.001884] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.002236] ksize_unpoisons_memory+0xc0/0x740 [ 31.002315] kunit_try_run_case+0x170/0x3f0 [ 31.002432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.002501] kthread+0x328/0x630 [ 31.002605] ret_from_fork+0x10/0x20 [ 31.002644] [ 31.002663] The buggy address belongs to the object at fff00000c91f0100 [ 31.002663] which belongs to the cache kmalloc-128 of size 128 [ 31.002939] The buggy address is located 5 bytes to the right of [ 31.002939] allocated 115-byte region [fff00000c91f0100, fff00000c91f0173) [ 31.003157] [ 31.003219] The buggy address belongs to the physical page: [ 31.003416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 31.003491] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.003621] page_type: f5(slab) [ 31.003678] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.003737] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.003777] page dumped because: kasan: bad access detected [ 31.003810] [ 31.003831] Memory state around the buggy address: [ 31.004134] fff00000c91f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.004269] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.004390] >fff00000c91f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.004458] ^ [ 31.004570] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.004629] fff00000c91f0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.004712] ================================================================== [ 31.005702] ================================================================== [ 31.005757] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 31.005808] Read of size 1 at addr fff00000c91f017f by task kunit_try_catch/227 [ 31.006153] [ 31.006342] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 31.006442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.006470] Hardware name: linux,dummy-virt (DT) [ 31.006530] Call trace: [ 31.006666] show_stack+0x20/0x38 (C) [ 31.006874] dump_stack_lvl+0x8c/0xd0 [ 31.006946] print_report+0x118/0x608 [ 31.007029] kasan_report+0xdc/0x128 [ 31.007097] __asan_report_load1_noabort+0x20/0x30 [ 31.007164] ksize_unpoisons_memory+0x690/0x740 [ 31.007270] kunit_try_run_case+0x170/0x3f0 [ 31.007321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.007539] kthread+0x328/0x630 [ 31.007719] ret_from_fork+0x10/0x20 [ 31.007873] [ 31.007986] Allocated by task 227: [ 31.008047] kasan_save_stack+0x3c/0x68 [ 31.008117] kasan_save_track+0x20/0x40 [ 31.008189] kasan_save_alloc_info+0x40/0x58 [ 31.008438] __kasan_kmalloc+0xd4/0xd8 [ 31.008486] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.008689] ksize_unpoisons_memory+0xc0/0x740 [ 31.008771] kunit_try_run_case+0x170/0x3f0 [ 31.008861] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.009006] kthread+0x328/0x630 [ 31.009055] ret_from_fork+0x10/0x20 [ 31.009207] [ 31.009275] The buggy address belongs to the object at fff00000c91f0100 [ 31.009275] which belongs to the cache kmalloc-128 of size 128 [ 31.009397] The buggy address is located 12 bytes to the right of [ 31.009397] allocated 115-byte region [fff00000c91f0100, fff00000c91f0173) [ 31.009787] [ 31.009918] The buggy address belongs to the physical page: [ 31.009998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0 [ 31.010133] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.010222] page_type: f5(slab) [ 31.010297] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.010442] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.010514] page dumped because: kasan: bad access detected [ 31.010546] [ 31.010810] Memory state around the buggy address: [ 31.010867] fff00000c91f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.010985] fff00000c91f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011082] >fff00000c91f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.011150] ^ [ 31.011198] fff00000c91f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011243] fff00000c91f0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011283] ==================================================================
[ 32.732274] ================================================================== [ 32.732325] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 32.732687] Read of size 1 at addr fff00000c63fbc78 by task kunit_try_catch/225 [ 32.732776] [ 32.732815] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.732992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.733062] Hardware name: linux,dummy-virt (DT) [ 32.733139] Call trace: [ 32.733247] show_stack+0x20/0x38 (C) [ 32.733335] dump_stack_lvl+0x8c/0xd0 [ 32.733431] print_report+0x118/0x608 [ 32.733584] kasan_report+0xdc/0x128 [ 32.733667] __asan_report_load1_noabort+0x20/0x30 [ 32.733754] ksize_unpoisons_memory+0x618/0x740 [ 32.733822] kunit_try_run_case+0x170/0x3f0 [ 32.733890] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.734287] kthread+0x328/0x630 [ 32.734364] ret_from_fork+0x10/0x20 [ 32.734512] [ 32.734561] Allocated by task 225: [ 32.734626] kasan_save_stack+0x3c/0x68 [ 32.734762] kasan_save_track+0x20/0x40 [ 32.734830] kasan_save_alloc_info+0x40/0x58 [ 32.734916] __kasan_kmalloc+0xd4/0xd8 [ 32.735028] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.735068] ksize_unpoisons_memory+0xc0/0x740 [ 32.735126] kunit_try_run_case+0x170/0x3f0 [ 32.735200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.735432] kthread+0x328/0x630 [ 32.735584] ret_from_fork+0x10/0x20 [ 32.735652] [ 32.735741] The buggy address belongs to the object at fff00000c63fbc00 [ 32.735741] which belongs to the cache kmalloc-128 of size 128 [ 32.735847] The buggy address is located 5 bytes to the right of [ 32.735847] allocated 115-byte region [fff00000c63fbc00, fff00000c63fbc73) [ 32.735923] [ 32.735943] The buggy address belongs to the physical page: [ 32.735975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.736303] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.736453] page_type: f5(slab) [ 32.736531] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.736604] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.736657] page dumped because: kasan: bad access detected [ 32.736702] [ 32.736734] Memory state around the buggy address: [ 32.736766] fff00000c63fbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.736825] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.736868] >fff00000c63fbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.736907] ^ [ 32.736971] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.737019] fff00000c63fbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.737058] ================================================================== [ 32.737707] ================================================================== [ 32.737774] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 32.737856] Read of size 1 at addr fff00000c63fbc7f by task kunit_try_catch/225 [ 32.737923] [ 32.737959] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.738046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.738908] Hardware name: linux,dummy-virt (DT) [ 32.738954] Call trace: [ 32.738978] show_stack+0x20/0x38 (C) [ 32.739029] dump_stack_lvl+0x8c/0xd0 [ 32.739102] print_report+0x118/0x608 [ 32.739181] kasan_report+0xdc/0x128 [ 32.739230] __asan_report_load1_noabort+0x20/0x30 [ 32.739279] ksize_unpoisons_memory+0x690/0x740 [ 32.739327] kunit_try_run_case+0x170/0x3f0 [ 32.739376] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.739431] kthread+0x328/0x630 [ 32.739849] ret_from_fork+0x10/0x20 [ 32.739900] [ 32.739920] Allocated by task 225: [ 32.739951] kasan_save_stack+0x3c/0x68 [ 32.739993] kasan_save_track+0x20/0x40 [ 32.740033] kasan_save_alloc_info+0x40/0x58 [ 32.740068] __kasan_kmalloc+0xd4/0xd8 [ 32.740105] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.740145] ksize_unpoisons_memory+0xc0/0x740 [ 32.740198] kunit_try_run_case+0x170/0x3f0 [ 32.740237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.740282] kthread+0x328/0x630 [ 32.740317] ret_from_fork+0x10/0x20 [ 32.740353] [ 32.740371] The buggy address belongs to the object at fff00000c63fbc00 [ 32.740371] which belongs to the cache kmalloc-128 of size 128 [ 32.740430] The buggy address is located 12 bytes to the right of [ 32.740430] allocated 115-byte region [fff00000c63fbc00, fff00000c63fbc73) [ 32.740496] [ 32.740517] The buggy address belongs to the physical page: [ 32.740548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.740601] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.740648] page_type: f5(slab) [ 32.740685] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.740735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.740776] page dumped because: kasan: bad access detected [ 32.740808] [ 32.740825] Memory state around the buggy address: [ 32.740856] fff00000c63fbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.740899] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.740942] >fff00000c63fbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.740980] ^ [ 32.741020] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.741063] fff00000c63fbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.741102] ================================================================== [ 32.727785] ================================================================== [ 32.727846] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 32.728061] Read of size 1 at addr fff00000c63fbc73 by task kunit_try_catch/225 [ 32.728298] [ 32.728355] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.728514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.728558] Hardware name: linux,dummy-virt (DT) [ 32.728610] Call trace: [ 32.728644] show_stack+0x20/0x38 (C) [ 32.728733] dump_stack_lvl+0x8c/0xd0 [ 32.728789] print_report+0x118/0x608 [ 32.728845] kasan_report+0xdc/0x128 [ 32.728897] __asan_report_load1_noabort+0x20/0x30 [ 32.728985] ksize_unpoisons_memory+0x628/0x740 [ 32.729040] kunit_try_run_case+0x170/0x3f0 [ 32.729096] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.729151] kthread+0x328/0x630 [ 32.729332] ret_from_fork+0x10/0x20 [ 32.729382] [ 32.729400] Allocated by task 225: [ 32.729547] kasan_save_stack+0x3c/0x68 [ 32.729600] kasan_save_track+0x20/0x40 [ 32.729675] kasan_save_alloc_info+0x40/0x58 [ 32.729732] __kasan_kmalloc+0xd4/0xd8 [ 32.729769] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.729821] ksize_unpoisons_memory+0xc0/0x740 [ 32.729919] kunit_try_run_case+0x170/0x3f0 [ 32.729977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.730021] kthread+0x328/0x630 [ 32.730076] ret_from_fork+0x10/0x20 [ 32.730111] [ 32.730182] The buggy address belongs to the object at fff00000c63fbc00 [ 32.730182] which belongs to the cache kmalloc-128 of size 128 [ 32.730259] The buggy address is located 0 bytes to the right of [ 32.730259] allocated 115-byte region [fff00000c63fbc00, fff00000c63fbc73) [ 32.730325] [ 32.730346] The buggy address belongs to the physical page: [ 32.730378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063fb [ 32.730508] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.730652] page_type: f5(slab) [ 32.730697] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.730795] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.730880] page dumped because: kasan: bad access detected [ 32.730915] [ 32.730973] Memory state around the buggy address: [ 32.731008] fff00000c63fbb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.731050] fff00000c63fbb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.731192] >fff00000c63fbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 32.731233] ^ [ 32.731299] fff00000c63fbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.731343] fff00000c63fbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.731405] ==================================================================
[ 23.482139] ================================================================== [ 23.482569] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483014] Read of size 1 at addr ffff88810495057f by task kunit_try_catch/242 [ 23.483359] [ 23.483456] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.483518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.483545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.483564] Call Trace: [ 23.483592] <TASK> [ 23.483606] dump_stack_lvl+0x73/0xb0 [ 23.483633] print_report+0xd1/0x650 [ 23.483668] ? __virt_addr_valid+0x1db/0x2d0 [ 23.483703] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.483763] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483799] kasan_report+0x141/0x180 [ 23.483821] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483878] __asan_report_load1_noabort+0x18/0x20 [ 23.483903] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483926] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.483998] ? finish_task_switch.isra.0+0x153/0x700 [ 23.484023] ? __switch_to+0x47/0xf50 [ 23.484048] ? __schedule+0x10cc/0x2b60 [ 23.484069] ? __pfx_read_tsc+0x10/0x10 [ 23.484090] ? ktime_get_ts64+0x86/0x230 [ 23.484113] kunit_try_run_case+0x1a5/0x480 [ 23.484137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.484160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.484181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.484202] ? __kthread_parkme+0x82/0x180 [ 23.484222] ? preempt_count_sub+0x50/0x80 [ 23.484243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.484289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.484331] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.484356] kthread+0x337/0x6f0 [ 23.484386] ? trace_preempt_on+0x20/0xc0 [ 23.484408] ? __pfx_kthread+0x10/0x10 [ 23.484428] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.484451] ? calculate_sigpending+0x7b/0xa0 [ 23.484474] ? __pfx_kthread+0x10/0x10 [ 23.484502] ret_from_fork+0x116/0x1d0 [ 23.484520] ? __pfx_kthread+0x10/0x10 [ 23.484568] ret_from_fork_asm+0x1a/0x30 [ 23.484598] </TASK> [ 23.484609] [ 23.494254] Allocated by task 242: [ 23.494472] kasan_save_stack+0x45/0x70 [ 23.494668] kasan_save_track+0x18/0x40 [ 23.494918] kasan_save_alloc_info+0x3b/0x50 [ 23.495129] __kasan_kmalloc+0xb7/0xc0 [ 23.495279] __kmalloc_cache_noprof+0x189/0x420 [ 23.495437] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.495731] kunit_try_run_case+0x1a5/0x480 [ 23.496023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.496183] kthread+0x337/0x6f0 [ 23.496293] ret_from_fork+0x116/0x1d0 [ 23.496785] ret_from_fork_asm+0x1a/0x30 [ 23.496990] [ 23.497079] The buggy address belongs to the object at ffff888104950500 [ 23.497079] which belongs to the cache kmalloc-128 of size 128 [ 23.497670] The buggy address is located 12 bytes to the right of [ 23.497670] allocated 115-byte region [ffff888104950500, ffff888104950573) [ 23.498067] [ 23.498131] The buggy address belongs to the physical page: [ 23.498291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.498986] flags: 0x200000000000000(node=0|zone=2) [ 23.499503] page_type: f5(slab) [ 23.499758] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.500122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.500518] page dumped because: kasan: bad access detected [ 23.500848] [ 23.500940] Memory state around the buggy address: [ 23.501182] ffff888104950400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.501465] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.501867] >ffff888104950500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.502064] ^ [ 23.502258] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.502912] ffff888104950600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.503225] ================================================================== [ 23.460515] ================================================================== [ 23.461122] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.461372] Read of size 1 at addr ffff888104950578 by task kunit_try_catch/242 [ 23.461863] [ 23.462048] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.462117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.462131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.462176] Call Trace: [ 23.462190] <TASK> [ 23.462205] dump_stack_lvl+0x73/0xb0 [ 23.462247] print_report+0xd1/0x650 [ 23.462270] ? __virt_addr_valid+0x1db/0x2d0 [ 23.462292] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.462348] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462372] kasan_report+0x141/0x180 [ 23.462394] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462421] __asan_report_load1_noabort+0x18/0x20 [ 23.462445] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462468] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.462499] ? finish_task_switch.isra.0+0x153/0x700 [ 23.462522] ? __switch_to+0x47/0xf50 [ 23.462547] ? __schedule+0x10cc/0x2b60 [ 23.462568] ? __pfx_read_tsc+0x10/0x10 [ 23.462606] ? ktime_get_ts64+0x86/0x230 [ 23.462630] kunit_try_run_case+0x1a5/0x480 [ 23.462667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.462691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.462712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.462734] ? __kthread_parkme+0x82/0x180 [ 23.462773] ? preempt_count_sub+0x50/0x80 [ 23.462795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.462888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.462915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.462939] kthread+0x337/0x6f0 [ 23.462959] ? trace_preempt_on+0x20/0xc0 [ 23.462981] ? __pfx_kthread+0x10/0x10 [ 23.463001] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.463024] ? calculate_sigpending+0x7b/0xa0 [ 23.463047] ? __pfx_kthread+0x10/0x10 [ 23.463068] ret_from_fork+0x116/0x1d0 [ 23.463086] ? __pfx_kthread+0x10/0x10 [ 23.463106] ret_from_fork_asm+0x1a/0x30 [ 23.463136] </TASK> [ 23.463147] [ 23.472431] Allocated by task 242: [ 23.472613] kasan_save_stack+0x45/0x70 [ 23.472748] kasan_save_track+0x18/0x40 [ 23.472875] kasan_save_alloc_info+0x3b/0x50 [ 23.473213] __kasan_kmalloc+0xb7/0xc0 [ 23.473443] __kmalloc_cache_noprof+0x189/0x420 [ 23.473941] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.474162] kunit_try_run_case+0x1a5/0x480 [ 23.474383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.474652] kthread+0x337/0x6f0 [ 23.474888] ret_from_fork+0x116/0x1d0 [ 23.475079] ret_from_fork_asm+0x1a/0x30 [ 23.475209] [ 23.475276] The buggy address belongs to the object at ffff888104950500 [ 23.475276] which belongs to the cache kmalloc-128 of size 128 [ 23.476101] The buggy address is located 5 bytes to the right of [ 23.476101] allocated 115-byte region [ffff888104950500, ffff888104950573) [ 23.476665] [ 23.476869] The buggy address belongs to the physical page: [ 23.477064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.477290] flags: 0x200000000000000(node=0|zone=2) [ 23.477693] page_type: f5(slab) [ 23.477882] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.478340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.478551] page dumped because: kasan: bad access detected [ 23.478708] [ 23.478906] Memory state around the buggy address: [ 23.479198] ffff888104950400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.479613] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.480100] >ffff888104950500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.480413] ^ [ 23.480625] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.480981] ffff888104950600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.481518] ================================================================== [ 23.437954] ================================================================== [ 23.438482] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.438982] Read of size 1 at addr ffff888104950573 by task kunit_try_catch/242 [ 23.439339] [ 23.439464] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.439515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.439527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.439569] Call Trace: [ 23.439583] <TASK> [ 23.439601] dump_stack_lvl+0x73/0xb0 [ 23.439643] print_report+0xd1/0x650 [ 23.439664] ? __virt_addr_valid+0x1db/0x2d0 [ 23.439825] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.439955] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.439988] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.440011] kasan_report+0x141/0x180 [ 23.440033] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.440060] __asan_report_load1_noabort+0x18/0x20 [ 23.440083] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.440106] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.440128] ? finish_task_switch.isra.0+0x153/0x700 [ 23.440150] ? __switch_to+0x47/0xf50 [ 23.440176] ? __schedule+0x10cc/0x2b60 [ 23.440197] ? __pfx_read_tsc+0x10/0x10 [ 23.440218] ? ktime_get_ts64+0x86/0x230 [ 23.440243] kunit_try_run_case+0x1a5/0x480 [ 23.440269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.440292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.440326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.440348] ? __kthread_parkme+0x82/0x180 [ 23.440367] ? preempt_count_sub+0x50/0x80 [ 23.440389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.440414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.440437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.440461] kthread+0x337/0x6f0 [ 23.440480] ? trace_preempt_on+0x20/0xc0 [ 23.440517] ? __pfx_kthread+0x10/0x10 [ 23.440538] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.440561] ? calculate_sigpending+0x7b/0xa0 [ 23.440584] ? __pfx_kthread+0x10/0x10 [ 23.440605] ret_from_fork+0x116/0x1d0 [ 23.440624] ? __pfx_kthread+0x10/0x10 [ 23.440644] ret_from_fork_asm+0x1a/0x30 [ 23.440690] </TASK> [ 23.440702] [ 23.449845] Allocated by task 242: [ 23.450060] kasan_save_stack+0x45/0x70 [ 23.450325] kasan_save_track+0x18/0x40 [ 23.450522] kasan_save_alloc_info+0x3b/0x50 [ 23.450788] __kasan_kmalloc+0xb7/0xc0 [ 23.451023] __kmalloc_cache_noprof+0x189/0x420 [ 23.451261] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.451509] kunit_try_run_case+0x1a5/0x480 [ 23.451790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.452071] kthread+0x337/0x6f0 [ 23.452234] ret_from_fork+0x116/0x1d0 [ 23.452462] ret_from_fork_asm+0x1a/0x30 [ 23.452786] [ 23.452941] The buggy address belongs to the object at ffff888104950500 [ 23.452941] which belongs to the cache kmalloc-128 of size 128 [ 23.454057] The buggy address is located 0 bytes to the right of [ 23.454057] allocated 115-byte region [ffff888104950500, ffff888104950573) [ 23.454744] [ 23.454950] The buggy address belongs to the physical page: [ 23.455172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.455577] flags: 0x200000000000000(node=0|zone=2) [ 23.455878] page_type: f5(slab) [ 23.456090] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.456327] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.456914] page dumped because: kasan: bad access detected [ 23.457243] [ 23.457361] Memory state around the buggy address: [ 23.457545] ffff888104950400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.457823] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.458289] >ffff888104950500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.458872] ^ [ 23.459248] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.459518] ffff888104950600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.460034] ==================================================================
[ 23.769897] ================================================================== [ 23.770273] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.770510] Read of size 1 at addr ffff8881049c5c7f by task kunit_try_catch/243 [ 23.770762] [ 23.770877] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.770927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.770940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.770963] Call Trace: [ 23.770986] <TASK> [ 23.771007] dump_stack_lvl+0x73/0xb0 [ 23.771035] print_report+0xd1/0x650 [ 23.771057] ? __virt_addr_valid+0x1db/0x2d0 [ 23.771097] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.771145] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771168] kasan_report+0x141/0x180 [ 23.771190] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771217] __asan_report_load1_noabort+0x18/0x20 [ 23.771240] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.771264] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.771287] ? __kasan_check_write+0x18/0x20 [ 23.771310] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.771331] ? irqentry_exit+0x2a/0x60 [ 23.771353] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.771375] ? trace_hardirqs_on+0x37/0xe0 [ 23.771399] ? __pfx_read_tsc+0x10/0x10 [ 23.771421] ? ktime_get_ts64+0x86/0x230 [ 23.771445] kunit_try_run_case+0x1a5/0x480 [ 23.771471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.771496] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.771517] ? __kthread_parkme+0x82/0x180 [ 23.771538] ? preempt_count_sub+0x50/0x80 [ 23.771561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.771586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.771609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.771633] kthread+0x337/0x6f0 [ 23.771652] ? trace_preempt_on+0x20/0xc0 [ 23.771674] ? __pfx_kthread+0x10/0x10 [ 23.771694] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.771718] ? calculate_sigpending+0x7b/0xa0 [ 23.771742] ? __pfx_kthread+0x10/0x10 [ 23.771763] ret_from_fork+0x116/0x1d0 [ 23.771782] ? __pfx_kthread+0x10/0x10 [ 23.771803] ret_from_fork_asm+0x1a/0x30 [ 23.771833] </TASK> [ 23.771845] [ 23.779644] Allocated by task 243: [ 23.779808] kasan_save_stack+0x45/0x70 [ 23.780110] kasan_save_track+0x18/0x40 [ 23.780740] kasan_save_alloc_info+0x3b/0x50 [ 23.780909] __kasan_kmalloc+0xb7/0xc0 [ 23.781032] __kmalloc_cache_noprof+0x189/0x420 [ 23.781531] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.781741] kunit_try_run_case+0x1a5/0x480 [ 23.781941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.782207] kthread+0x337/0x6f0 [ 23.782346] ret_from_fork+0x116/0x1d0 [ 23.782477] ret_from_fork_asm+0x1a/0x30 [ 23.782617] [ 23.782684] The buggy address belongs to the object at ffff8881049c5c00 [ 23.782684] which belongs to the cache kmalloc-128 of size 128 [ 23.783532] The buggy address is located 12 bytes to the right of [ 23.783532] allocated 115-byte region [ffff8881049c5c00, ffff8881049c5c73) [ 23.784013] [ 23.784126] The buggy address belongs to the physical page: [ 23.785644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.786014] flags: 0x200000000000000(node=0|zone=2) [ 23.786193] page_type: f5(slab) [ 23.786317] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.786573] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.786793] page dumped because: kasan: bad access detected [ 23.787289] [ 23.787393] Memory state around the buggy address: [ 23.787831] ffff8881049c5b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.788628] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789092] >ffff8881049c5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.789305] ^ [ 23.789513] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789719] ffff8881049c5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.790168] ================================================================== [ 23.730534] ================================================================== [ 23.730972] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.731459] Read of size 1 at addr ffff8881049c5c73 by task kunit_try_catch/243 [ 23.731782] [ 23.731871] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.731924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.731937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.731959] Call Trace: [ 23.731974] <TASK> [ 23.731994] dump_stack_lvl+0x73/0xb0 [ 23.732035] print_report+0xd1/0x650 [ 23.732058] ? __virt_addr_valid+0x1db/0x2d0 [ 23.732096] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.732144] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732166] kasan_report+0x141/0x180 [ 23.732195] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732221] __asan_report_load1_noabort+0x18/0x20 [ 23.732246] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.732268] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.732292] ? __kasan_check_write+0x18/0x20 [ 23.732314] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.732335] ? irqentry_exit+0x2a/0x60 [ 23.732355] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.732377] ? trace_hardirqs_on+0x37/0xe0 [ 23.732401] ? __pfx_read_tsc+0x10/0x10 [ 23.732422] ? ktime_get_ts64+0x86/0x230 [ 23.732448] kunit_try_run_case+0x1a5/0x480 [ 23.732474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.732498] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.732519] ? __kthread_parkme+0x82/0x180 [ 23.732540] ? preempt_count_sub+0x50/0x80 [ 23.732563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.732587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.732611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.732634] kthread+0x337/0x6f0 [ 23.732653] ? trace_preempt_on+0x20/0xc0 [ 23.732674] ? __pfx_kthread+0x10/0x10 [ 23.732694] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.732718] ? calculate_sigpending+0x7b/0xa0 [ 23.732742] ? __pfx_kthread+0x10/0x10 [ 23.732763] ret_from_fork+0x116/0x1d0 [ 23.732781] ? __pfx_kthread+0x10/0x10 [ 23.732801] ret_from_fork_asm+0x1a/0x30 [ 23.732832] </TASK> [ 23.732844] [ 23.740779] Allocated by task 243: [ 23.740965] kasan_save_stack+0x45/0x70 [ 23.741156] kasan_save_track+0x18/0x40 [ 23.741410] kasan_save_alloc_info+0x3b/0x50 [ 23.741581] __kasan_kmalloc+0xb7/0xc0 [ 23.741762] __kmalloc_cache_noprof+0x189/0x420 [ 23.741980] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.742162] kunit_try_run_case+0x1a5/0x480 [ 23.742299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.742460] kthread+0x337/0x6f0 [ 23.742570] ret_from_fork+0x116/0x1d0 [ 23.742728] ret_from_fork_asm+0x1a/0x30 [ 23.742913] [ 23.742999] The buggy address belongs to the object at ffff8881049c5c00 [ 23.742999] which belongs to the cache kmalloc-128 of size 128 [ 23.743851] The buggy address is located 0 bytes to the right of [ 23.743851] allocated 115-byte region [ffff8881049c5c00, ffff8881049c5c73) [ 23.744668] [ 23.744768] The buggy address belongs to the physical page: [ 23.745033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.745452] flags: 0x200000000000000(node=0|zone=2) [ 23.745667] page_type: f5(slab) [ 23.745826] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.746150] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.746418] page dumped because: kasan: bad access detected [ 23.746581] [ 23.746682] Memory state around the buggy address: [ 23.746909] ffff8881049c5b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.747594] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.747835] >ffff8881049c5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.748042] ^ [ 23.748258] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.748573] ffff8881049c5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.748876] ================================================================== [ 23.750470] ================================================================== [ 23.750825] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.751193] Read of size 1 at addr ffff8881049c5c78 by task kunit_try_catch/243 [ 23.751517] [ 23.751976] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.752032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.752046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.752082] Call Trace: [ 23.752098] <TASK> [ 23.752118] dump_stack_lvl+0x73/0xb0 [ 23.752150] print_report+0xd1/0x650 [ 23.752172] ? __virt_addr_valid+0x1db/0x2d0 [ 23.752196] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752218] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.752244] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752266] kasan_report+0x141/0x180 [ 23.752287] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752314] __asan_report_load1_noabort+0x18/0x20 [ 23.752425] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.752449] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.752472] ? __kasan_check_write+0x18/0x20 [ 23.752495] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.752517] ? irqentry_exit+0x2a/0x60 [ 23.752537] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.752559] ? trace_hardirqs_on+0x37/0xe0 [ 23.752583] ? __pfx_read_tsc+0x10/0x10 [ 23.752604] ? ktime_get_ts64+0x86/0x230 [ 23.752629] kunit_try_run_case+0x1a5/0x480 [ 23.752656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.752681] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.752701] ? __kthread_parkme+0x82/0x180 [ 23.752722] ? preempt_count_sub+0x50/0x80 [ 23.752745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.752769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.752793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.752816] kthread+0x337/0x6f0 [ 23.752835] ? trace_preempt_on+0x20/0xc0 [ 23.752857] ? __pfx_kthread+0x10/0x10 [ 23.752877] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.752900] ? calculate_sigpending+0x7b/0xa0 [ 23.752924] ? __pfx_kthread+0x10/0x10 [ 23.752954] ret_from_fork+0x116/0x1d0 [ 23.752973] ? __pfx_kthread+0x10/0x10 [ 23.752993] ret_from_fork_asm+0x1a/0x30 [ 23.753023] </TASK> [ 23.753036] [ 23.761023] Allocated by task 243: [ 23.761206] kasan_save_stack+0x45/0x70 [ 23.761382] kasan_save_track+0x18/0x40 [ 23.761572] kasan_save_alloc_info+0x3b/0x50 [ 23.761742] __kasan_kmalloc+0xb7/0xc0 [ 23.761930] __kmalloc_cache_noprof+0x189/0x420 [ 23.762426] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.762585] kunit_try_run_case+0x1a5/0x480 [ 23.762729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.762900] kthread+0x337/0x6f0 [ 23.763016] ret_from_fork+0x116/0x1d0 [ 23.763161] ret_from_fork_asm+0x1a/0x30 [ 23.763356] [ 23.763445] The buggy address belongs to the object at ffff8881049c5c00 [ 23.763445] which belongs to the cache kmalloc-128 of size 128 [ 23.764074] The buggy address is located 5 bytes to the right of [ 23.764074] allocated 115-byte region [ffff8881049c5c00, ffff8881049c5c73) [ 23.764492] [ 23.764560] The buggy address belongs to the physical page: [ 23.764727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049c5 [ 23.765344] flags: 0x200000000000000(node=0|zone=2) [ 23.765603] page_type: f5(slab) [ 23.765774] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.766324] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.766624] page dumped because: kasan: bad access detected [ 23.766794] [ 23.766860] Memory state around the buggy address: [ 23.767098] ffff8881049c5b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.767419] ffff8881049c5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.767907] >ffff8881049c5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.768123] ^ [ 23.768332] ffff8881049c5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.768928] ffff8881049c5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.769258] ==================================================================