Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.132904] ================================================================== [ 31.140222] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 31.147271] Read of size 1 at addr ffff00009068f180 by task kunit_try_catch/245 [ 31.154666] [ 31.156199] CPU: 5 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.156228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.156235] Hardware name: Thundercomm Dragonboard 845c (DT) [ 31.156247] Call trace: [ 31.156253] show_stack+0x20/0x38 (C) [ 31.156269] dump_stack_lvl+0x8c/0xd0 [ 31.156286] print_report+0x118/0x608 [ 31.156304] kasan_report+0xdc/0x128 [ 31.156322] __asan_report_load1_noabort+0x20/0x30 [ 31.156338] kmalloc_oob_right+0x5d0/0x660 [ 31.156355] kunit_try_run_case+0x170/0x3f0 [ 31.156371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.156391] kthread+0x328/0x630 [ 31.156403] ret_from_fork+0x10/0x20 [ 31.156419] [ 31.221996] Allocated by task 245: [ 31.225447] kasan_save_stack+0x3c/0x68 [ 31.229353] kasan_save_track+0x20/0x40 [ 31.233258] kasan_save_alloc_info+0x40/0x58 [ 31.237592] __kasan_kmalloc+0xd4/0xd8 [ 31.241409] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.246007] kmalloc_oob_right+0xb0/0x660 [ 31.250081] kunit_try_run_case+0x170/0x3f0 [ 31.254331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.259892] kthread+0x328/0x630 [ 31.263176] ret_from_fork+0x10/0x20 [ 31.266809] [ 31.268339] The buggy address belongs to the object at ffff00009068f100 [ 31.268339] which belongs to the cache kmalloc-128 of size 128 [ 31.280989] The buggy address is located 13 bytes to the right of [ 31.280989] allocated 115-byte region [ffff00009068f100, ffff00009068f173) [ 31.294164] [ 31.295694] The buggy address belongs to the physical page: [ 31.301335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11068e [ 31.309433] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.317183] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.324228] page_type: f5(slab) [ 31.327424] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 31.335264] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.343104] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 31.351028] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.358953] head: 0bfffe0000000001 fffffdffc241a381 00000000ffffffff 00000000ffffffff [ 31.366876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 31.374797] page dumped because: kasan: bad access detected [ 31.380445] [ 31.381968] Memory state around the buggy address: [ 31.386818] ffff00009068f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.394134] ffff00009068f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.401448] >ffff00009068f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.408762] ^ [ 31.412041] ffff00009068f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.419356] ffff00009068f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.426658] ================================================================== [ 30.827720] ================================================================== [ 30.835029] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 30.842082] Write of size 1 at addr ffff00009068f178 by task kunit_try_catch/245 [ 30.849575] [ 30.851113] CPU: 5 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.851142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.851150] Hardware name: Thundercomm Dragonboard 845c (DT) [ 30.851159] Call trace: [ 30.851165] show_stack+0x20/0x38 (C) [ 30.851182] dump_stack_lvl+0x8c/0xd0 [ 30.851201] print_report+0x118/0x608 [ 30.851220] kasan_report+0xdc/0x128 [ 30.851237] __asan_report_store1_noabort+0x20/0x30 [ 30.851253] kmalloc_oob_right+0x538/0x660 [ 30.851268] kunit_try_run_case+0x170/0x3f0 [ 30.851285] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.851305] kthread+0x328/0x630 [ 30.851319] ret_from_fork+0x10/0x20 [ 30.851335] [ 30.916997] Allocated by task 245: [ 30.920461] kasan_save_stack+0x3c/0x68 [ 30.924368] kasan_save_track+0x20/0x40 [ 30.928272] kasan_save_alloc_info+0x40/0x58 [ 30.932602] __kasan_kmalloc+0xd4/0xd8 [ 30.936418] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.941015] kmalloc_oob_right+0xb0/0x660 [ 30.945090] kunit_try_run_case+0x170/0x3f0 [ 30.949341] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.954908] kthread+0x328/0x630 [ 30.958189] ret_from_fork+0x10/0x20 [ 30.961829] [ 30.963360] The buggy address belongs to the object at ffff00009068f100 [ 30.963360] which belongs to the cache kmalloc-128 of size 128 [ 30.976011] The buggy address is located 5 bytes to the right of [ 30.976011] allocated 115-byte region [ffff00009068f100, ffff00009068f173) [ 30.989099] [ 30.990625] The buggy address belongs to the physical page: [ 30.996266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11068e [ 31.004369] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.012119] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 31.019171] page_type: f5(slab) [ 31.022371] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 31.030211] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.038050] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 31.045975] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 31.053902] head: 0bfffe0000000001 fffffdffc241a381 00000000ffffffff 00000000ffffffff [ 31.061825] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 31.069744] page dumped because: kasan: bad access detected [ 31.075381] [ 31.076903] Memory state around the buggy address: [ 31.081755] ffff00009068f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.089070] ffff00009068f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.096383] >ffff00009068f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.103696] ^ [ 31.110918] ffff00009068f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.118231] ffff00009068f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.125545] ================================================================== [ 30.518340] ================================================================== [ 30.525671] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 30.532740] Write of size 1 at addr ffff00009068f173 by task kunit_try_catch/245 [ 30.540236] [ 30.541772] CPU: 5 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.541805] Tainted: [N]=TEST [ 30.541812] Hardware name: Thundercomm Dragonboard 845c (DT) [ 30.541827] Call trace: [ 30.541835] show_stack+0x20/0x38 (C) [ 30.541865] dump_stack_lvl+0x8c/0xd0 [ 30.541930] print_report+0x118/0x608 [ 30.541951] kasan_report+0xdc/0x128 [ 30.541969] __asan_report_store1_noabort+0x20/0x30 [ 30.541986] kmalloc_oob_right+0x5a4/0x660 [ 30.542002] kunit_try_run_case+0x170/0x3f0 [ 30.542021] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.542042] kthread+0x328/0x630 [ 30.542057] ret_from_fork+0x10/0x20 [ 30.542076] [ 30.606528] Allocated by task 245: [ 30.609983] kasan_save_stack+0x3c/0x68 [ 30.613890] kasan_save_track+0x20/0x40 [ 30.617793] kasan_save_alloc_info+0x40/0x58 [ 30.622129] __kasan_kmalloc+0xd4/0xd8 [ 30.625945] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.630546] kmalloc_oob_right+0xb0/0x660 [ 30.634621] kunit_try_run_case+0x170/0x3f0 [ 30.638870] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.644432] kthread+0x328/0x630 [ 30.647714] ret_from_fork+0x10/0x20 [ 30.651346] [ 30.652881] The buggy address belongs to the object at ffff00009068f100 [ 30.652881] which belongs to the cache kmalloc-128 of size 128 [ 30.665533] The buggy address is located 0 bytes to the right of [ 30.665533] allocated 115-byte region [ffff00009068f100, ffff00009068f173) [ 30.678621] [ 30.680153] The buggy address belongs to the physical page: [ 30.685798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11068e [ 30.693902] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.701654] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.708705] page_type: f5(slab) [ 30.711906] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 30.719746] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.727586] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 30.735511] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.743435] head: 0bfffe0000000001 fffffdffc241a381 00000000ffffffff 00000000ffffffff [ 30.751358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 30.759278] page dumped because: kasan: bad access detected [ 30.764919] [ 30.766441] Memory state around the buggy address: [ 30.771301] ffff00009068f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.778607] ffff00009068f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.785921] >ffff00009068f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.793232] ^ [ 30.800185] ffff00009068f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.807500] ffff00009068f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.814806] ==================================================================
[ 30.637186] ================================================================== [ 30.637293] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 30.637391] Write of size 1 at addr fff00000c58afc78 by task kunit_try_catch/168 [ 30.637442] [ 30.637470] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.637611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.637638] Hardware name: linux,dummy-virt (DT) [ 30.637726] Call trace: [ 30.637748] show_stack+0x20/0x38 (C) [ 30.637796] dump_stack_lvl+0x8c/0xd0 [ 30.638281] print_report+0x118/0x608 [ 30.638346] kasan_report+0xdc/0x128 [ 30.638410] __asan_report_store1_noabort+0x20/0x30 [ 30.638464] kmalloc_oob_right+0x538/0x660 [ 30.638512] kunit_try_run_case+0x170/0x3f0 [ 30.639370] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.639453] kthread+0x328/0x630 [ 30.639496] ret_from_fork+0x10/0x20 [ 30.639562] [ 30.639582] Allocated by task 168: [ 30.639609] kasan_save_stack+0x3c/0x68 [ 30.639653] kasan_save_track+0x20/0x40 [ 30.639691] kasan_save_alloc_info+0x40/0x58 [ 30.639727] __kasan_kmalloc+0xd4/0xd8 [ 30.639763] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.639802] kmalloc_oob_right+0xb0/0x660 [ 30.640148] kunit_try_run_case+0x170/0x3f0 [ 30.640206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.640370] kthread+0x328/0x630 [ 30.640609] ret_from_fork+0x10/0x20 [ 30.640656] [ 30.640950] The buggy address belongs to the object at fff00000c58afc00 [ 30.640950] which belongs to the cache kmalloc-128 of size 128 [ 30.641051] The buggy address is located 5 bytes to the right of [ 30.641051] allocated 115-byte region [fff00000c58afc00, fff00000c58afc73) [ 30.641526] [ 30.641667] The buggy address belongs to the physical page: [ 30.641746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.642139] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.642323] page_type: f5(slab) [ 30.642549] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.642690] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.642732] page dumped because: kasan: bad access detected [ 30.642763] [ 30.642781] Memory state around the buggy address: [ 30.643053] fff00000c58afb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.643330] fff00000c58afb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.643515] >fff00000c58afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.643858] ^ [ 30.644012] fff00000c58afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.644148] fff00000c58afd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.644252] ================================================================== [ 30.629928] ================================================================== [ 30.630271] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 30.631112] Write of size 1 at addr fff00000c58afc73 by task kunit_try_catch/168 [ 30.631218] [ 30.631988] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.632140] Tainted: [N]=TEST [ 30.632172] Hardware name: linux,dummy-virt (DT) [ 30.632498] Call trace: [ 30.632684] show_stack+0x20/0x38 (C) [ 30.632818] dump_stack_lvl+0x8c/0xd0 [ 30.632893] print_report+0x118/0x608 [ 30.632941] kasan_report+0xdc/0x128 [ 30.632988] __asan_report_store1_noabort+0x20/0x30 [ 30.633037] kmalloc_oob_right+0x5a4/0x660 [ 30.633084] kunit_try_run_case+0x170/0x3f0 [ 30.633135] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.633190] kthread+0x328/0x630 [ 30.633233] ret_from_fork+0x10/0x20 [ 30.633388] [ 30.633425] Allocated by task 168: [ 30.633535] kasan_save_stack+0x3c/0x68 [ 30.633600] kasan_save_track+0x20/0x40 [ 30.633639] kasan_save_alloc_info+0x40/0x58 [ 30.633676] __kasan_kmalloc+0xd4/0xd8 [ 30.633713] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.633755] kmalloc_oob_right+0xb0/0x660 [ 30.633792] kunit_try_run_case+0x170/0x3f0 [ 30.633831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.633887] kthread+0x328/0x630 [ 30.633919] ret_from_fork+0x10/0x20 [ 30.633978] [ 30.634036] The buggy address belongs to the object at fff00000c58afc00 [ 30.634036] which belongs to the cache kmalloc-128 of size 128 [ 30.634130] The buggy address is located 0 bytes to the right of [ 30.634130] allocated 115-byte region [fff00000c58afc00, fff00000c58afc73) [ 30.634197] [ 30.634276] The buggy address belongs to the physical page: [ 30.634476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.634745] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.635158] page_type: f5(slab) [ 30.635451] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.635515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.635624] page dumped because: kasan: bad access detected [ 30.635664] [ 30.635692] Memory state around the buggy address: [ 30.635919] fff00000c58afb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.635988] fff00000c58afb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.636044] >fff00000c58afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.636097] ^ [ 30.636182] fff00000c58afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.636223] fff00000c58afd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.636283] ================================================================== [ 30.645781] ================================================================== [ 30.647121] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 30.647759] Read of size 1 at addr fff00000c58afc80 by task kunit_try_catch/168 [ 30.647818] [ 30.647858] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.647940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.647966] Hardware name: linux,dummy-virt (DT) [ 30.647999] Call trace: [ 30.648891] show_stack+0x20/0x38 (C) [ 30.649565] dump_stack_lvl+0x8c/0xd0 [ 30.650078] print_report+0x118/0x608 [ 30.650374] kasan_report+0xdc/0x128 [ 30.650745] __asan_report_load1_noabort+0x20/0x30 [ 30.651166] kmalloc_oob_right+0x5d0/0x660 [ 30.651980] kunit_try_run_case+0x170/0x3f0 [ 30.652430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.652895] kthread+0x328/0x630 [ 30.653062] ret_from_fork+0x10/0x20 [ 30.653111] [ 30.653129] Allocated by task 168: [ 30.653156] kasan_save_stack+0x3c/0x68 [ 30.653580] kasan_save_track+0x20/0x40 [ 30.653740] kasan_save_alloc_info+0x40/0x58 [ 30.653779] __kasan_kmalloc+0xd4/0xd8 [ 30.654457] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.654740] kmalloc_oob_right+0xb0/0x660 [ 30.655585] kunit_try_run_case+0x170/0x3f0 [ 30.655736] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.655785] kthread+0x328/0x630 [ 30.655818] ret_from_fork+0x10/0x20 [ 30.655864] [ 30.655884] The buggy address belongs to the object at fff00000c58afc00 [ 30.655884] which belongs to the cache kmalloc-128 of size 128 [ 30.657357] The buggy address is located 13 bytes to the right of [ 30.657357] allocated 115-byte region [fff00000c58afc00, fff00000c58afc73) [ 30.657435] [ 30.657792] The buggy address belongs to the physical page: [ 30.658226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 30.658471] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.659554] page_type: f5(slab) [ 30.659622] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.659693] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.659761] page dumped because: kasan: bad access detected [ 30.659818] [ 30.659862] Memory state around the buggy address: [ 30.659958] fff00000c58afb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660096] fff00000c58afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.660265] >fff00000c58afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660303] ^ [ 30.660330] fff00000c58afd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660709] fff00000c58afd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.660771] ==================================================================
[ 22.442523] ================================================================== [ 22.443251] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.444205] Write of size 1 at addr ffff888105479b78 by task kunit_try_catch/185 [ 22.445132] [ 22.445348] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.445396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.445409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.445430] Call Trace: [ 22.445444] <TASK> [ 22.445470] dump_stack_lvl+0x73/0xb0 [ 22.445499] print_report+0xd1/0x650 [ 22.445522] ? __virt_addr_valid+0x1db/0x2d0 [ 22.445545] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.445565] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.445590] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.445611] kasan_report+0x141/0x180 [ 22.445632] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.445657] __asan_report_store1_noabort+0x1b/0x30 [ 22.445680] kmalloc_oob_right+0x6bd/0x7f0 [ 22.445701] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.445723] ? __schedule+0x10cc/0x2b60 [ 22.445749] ? __pfx_read_tsc+0x10/0x10 [ 22.445770] ? ktime_get_ts64+0x86/0x230 [ 22.445794] kunit_try_run_case+0x1a5/0x480 [ 22.445818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.445844] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.445864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.445891] ? __kthread_parkme+0x82/0x180 [ 22.445910] ? preempt_count_sub+0x50/0x80 [ 22.445933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.445956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.445979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.446003] kthread+0x337/0x6f0 [ 22.446021] ? trace_preempt_on+0x20/0xc0 [ 22.446044] ? __pfx_kthread+0x10/0x10 [ 22.446064] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.446089] ? calculate_sigpending+0x7b/0xa0 [ 22.446113] ? __pfx_kthread+0x10/0x10 [ 22.446134] ret_from_fork+0x116/0x1d0 [ 22.446153] ? __pfx_kthread+0x10/0x10 [ 22.446173] ret_from_fork_asm+0x1a/0x30 [ 22.446204] </TASK> [ 22.446215] [ 22.454574] Allocated by task 185: [ 22.454905] kasan_save_stack+0x45/0x70 [ 22.455300] kasan_save_track+0x18/0x40 [ 22.455714] kasan_save_alloc_info+0x3b/0x50 [ 22.456128] __kasan_kmalloc+0xb7/0xc0 [ 22.456513] __kmalloc_cache_noprof+0x189/0x420 [ 22.457000] kmalloc_oob_right+0xa9/0x7f0 [ 22.457412] kunit_try_run_case+0x1a5/0x480 [ 22.457792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.458288] kthread+0x337/0x6f0 [ 22.458546] ret_from_fork+0x116/0x1d0 [ 22.458672] ret_from_fork_asm+0x1a/0x30 [ 22.458804] [ 22.458869] The buggy address belongs to the object at ffff888105479b00 [ 22.458869] which belongs to the cache kmalloc-128 of size 128 [ 22.459229] The buggy address is located 5 bytes to the right of [ 22.459229] allocated 115-byte region [ffff888105479b00, ffff888105479b73) [ 22.459626] [ 22.459690] The buggy address belongs to the physical page: [ 22.459856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 22.460088] flags: 0x200000000000000(node=0|zone=2) [ 22.460246] page_type: f5(slab) [ 22.460359] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.460595] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.460813] page dumped because: kasan: bad access detected [ 22.460976] [ 22.461042] Memory state around the buggy address: [ 22.461194] ffff888105479a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.461783] ffff888105479a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.462374] >ffff888105479b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.462593] ^ [ 22.462799] ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.463008] ffff888105479c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.463265] ================================================================== [ 22.464083] ================================================================== [ 22.464807] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.465466] Read of size 1 at addr ffff888105479b80 by task kunit_try_catch/185 [ 22.466085] [ 22.466268] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.466312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.466324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.466344] Call Trace: [ 22.466357] <TASK> [ 22.466371] dump_stack_lvl+0x73/0xb0 [ 22.466397] print_report+0xd1/0x650 [ 22.466418] ? __virt_addr_valid+0x1db/0x2d0 [ 22.466440] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.466471] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.466496] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.466517] kasan_report+0x141/0x180 [ 22.466538] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.466563] __asan_report_load1_noabort+0x18/0x20 [ 22.466587] kmalloc_oob_right+0x68a/0x7f0 [ 22.466608] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.466629] ? __schedule+0x10cc/0x2b60 [ 22.466656] ? __pfx_read_tsc+0x10/0x10 [ 22.466676] ? ktime_get_ts64+0x86/0x230 [ 22.466700] kunit_try_run_case+0x1a5/0x480 [ 22.466725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.466747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.466768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.466795] ? __kthread_parkme+0x82/0x180 [ 22.466814] ? preempt_count_sub+0x50/0x80 [ 22.466836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.466860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.466883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.466906] kthread+0x337/0x6f0 [ 22.466925] ? trace_preempt_on+0x20/0xc0 [ 22.466947] ? __pfx_kthread+0x10/0x10 [ 22.466967] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.466992] ? calculate_sigpending+0x7b/0xa0 [ 22.467016] ? __pfx_kthread+0x10/0x10 [ 22.467037] ret_from_fork+0x116/0x1d0 [ 22.467056] ? __pfx_kthread+0x10/0x10 [ 22.467076] ret_from_fork_asm+0x1a/0x30 [ 22.467106] </TASK> [ 22.467116] [ 22.478857] Allocated by task 185: [ 22.479162] kasan_save_stack+0x45/0x70 [ 22.479575] kasan_save_track+0x18/0x40 [ 22.479880] kasan_save_alloc_info+0x3b/0x50 [ 22.480022] __kasan_kmalloc+0xb7/0xc0 [ 22.480150] __kmalloc_cache_noprof+0x189/0x420 [ 22.480378] kmalloc_oob_right+0xa9/0x7f0 [ 22.480737] kunit_try_run_case+0x1a5/0x480 [ 22.481241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.481703] kthread+0x337/0x6f0 [ 22.481987] ret_from_fork+0x116/0x1d0 [ 22.482365] ret_from_fork_asm+0x1a/0x30 [ 22.482738] [ 22.482890] The buggy address belongs to the object at ffff888105479b00 [ 22.482890] which belongs to the cache kmalloc-128 of size 128 [ 22.483487] The buggy address is located 13 bytes to the right of [ 22.483487] allocated 115-byte region [ffff888105479b00, ffff888105479b73) [ 22.483858] [ 22.483925] The buggy address belongs to the physical page: [ 22.484088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 22.484602] flags: 0x200000000000000(node=0|zone=2) [ 22.485005] page_type: f5(slab) [ 22.485319] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.486020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.486726] page dumped because: kasan: bad access detected [ 22.487194] [ 22.487367] Memory state around the buggy address: [ 22.487787] ffff888105479a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.488416] ffff888105479b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.489010] >ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.489646] ^ [ 22.489994] ffff888105479c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.490298] ffff888105479c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.490513] ================================================================== [ 22.408681] ================================================================== [ 22.409815] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.410760] Write of size 1 at addr ffff888105479b73 by task kunit_try_catch/185 [ 22.411064] [ 22.412083] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.412429] Tainted: [N]=TEST [ 22.412473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.412701] Call Trace: [ 22.412770] <TASK> [ 22.412920] dump_stack_lvl+0x73/0xb0 [ 22.413013] print_report+0xd1/0x650 [ 22.413043] ? __virt_addr_valid+0x1db/0x2d0 [ 22.413070] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.413090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.413115] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.413136] kasan_report+0x141/0x180 [ 22.413157] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.413183] __asan_report_store1_noabort+0x1b/0x30 [ 22.413206] kmalloc_oob_right+0x6f0/0x7f0 [ 22.413228] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.413249] ? __schedule+0x10cc/0x2b60 [ 22.413277] ? __pfx_read_tsc+0x10/0x10 [ 22.413300] ? ktime_get_ts64+0x86/0x230 [ 22.413326] kunit_try_run_case+0x1a5/0x480 [ 22.413352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.413375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.413396] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.413424] ? __kthread_parkme+0x82/0x180 [ 22.413446] ? preempt_count_sub+0x50/0x80 [ 22.413482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.413506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.413528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.413552] kthread+0x337/0x6f0 [ 22.413572] ? trace_preempt_on+0x20/0xc0 [ 22.413596] ? __pfx_kthread+0x10/0x10 [ 22.413617] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.413642] ? calculate_sigpending+0x7b/0xa0 [ 22.413666] ? __pfx_kthread+0x10/0x10 [ 22.413688] ret_from_fork+0x116/0x1d0 [ 22.413707] ? __pfx_kthread+0x10/0x10 [ 22.413727] ret_from_fork_asm+0x1a/0x30 [ 22.413780] </TASK> [ 22.413851] [ 22.425526] Allocated by task 185: [ 22.425965] kasan_save_stack+0x45/0x70 [ 22.426338] kasan_save_track+0x18/0x40 [ 22.426485] kasan_save_alloc_info+0x3b/0x50 [ 22.426627] __kasan_kmalloc+0xb7/0xc0 [ 22.426757] __kmalloc_cache_noprof+0x189/0x420 [ 22.426909] kmalloc_oob_right+0xa9/0x7f0 [ 22.427041] kunit_try_run_case+0x1a5/0x480 [ 22.427180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.427639] kthread+0x337/0x6f0 [ 22.427925] ret_from_fork+0x116/0x1d0 [ 22.428243] ret_from_fork_asm+0x1a/0x30 [ 22.428634] [ 22.428841] The buggy address belongs to the object at ffff888105479b00 [ 22.428841] which belongs to the cache kmalloc-128 of size 128 [ 22.430005] The buggy address is located 0 bytes to the right of [ 22.430005] allocated 115-byte region [ffff888105479b00, ffff888105479b73) [ 22.431415] [ 22.431673] The buggy address belongs to the physical page: [ 22.432353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 22.433235] flags: 0x200000000000000(node=0|zone=2) [ 22.433775] page_type: f5(slab) [ 22.434227] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.434503] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.434795] page dumped because: kasan: bad access detected [ 22.434970] [ 22.435047] Memory state around the buggy address: [ 22.435435] ffff888105479a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.436075] ffff888105479a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.436847] >ffff888105479b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.437764] ^ [ 22.438619] ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.439440] ffff888105479c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.440283] ==================================================================