Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 42.805526] ================================================================== [ 42.817089] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 42.824589] Read of size 1 at addr ffff000082240173 by task kunit_try_catch/303 [ 42.831998] [ 42.833534] CPU: 3 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 42.833566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 42.833574] Hardware name: Thundercomm Dragonboard 845c (DT) [ 42.833587] Call trace: [ 42.833594] show_stack+0x20/0x38 (C) [ 42.833613] dump_stack_lvl+0x8c/0xd0 [ 42.833635] print_report+0x118/0x608 [ 42.833655] kasan_report+0xdc/0x128 [ 42.833675] __asan_report_load1_noabort+0x20/0x30 [ 42.833694] ksize_unpoisons_memory+0x628/0x740 [ 42.833713] kunit_try_run_case+0x170/0x3f0 [ 42.833733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.833754] kthread+0x328/0x630 [ 42.833769] ret_from_fork+0x10/0x20 [ 42.833788] [ 42.899872] Allocated by task 303: [ 42.903336] kasan_save_stack+0x3c/0x68 [ 42.907246] kasan_save_track+0x20/0x40 [ 42.911156] kasan_save_alloc_info+0x40/0x58 [ 42.915493] __kasan_kmalloc+0xd4/0xd8 [ 42.919315] __kmalloc_cache_noprof+0x16c/0x3c0 [ 42.923920] ksize_unpoisons_memory+0xc0/0x740 [ 42.928443] kunit_try_run_case+0x170/0x3f0 [ 42.932697] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 42.938272] kthread+0x328/0x630 [ 42.941564] ret_from_fork+0x10/0x20 [ 42.945211] [ 42.946741] The buggy address belongs to the object at ffff000082240100 [ 42.946741] which belongs to the cache kmalloc-128 of size 128 [ 42.959400] The buggy address is located 0 bytes to the right of [ 42.959400] allocated 115-byte region [ffff000082240100, ffff000082240173) [ 42.972503] [ 42.974035] The buggy address belongs to the physical page: [ 42.979681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102240 [ 42.987794] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 42.995552] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 43.002609] page_type: f5(slab) [ 43.005814] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 43.013659] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.021502] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 43.029434] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.037365] head: 0bfffe0000000001 fffffdffc2089001 00000000ffffffff 00000000ffffffff [ 43.045296] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 43.053222] page dumped because: kasan: bad access detected [ 43.058871] [ 43.060407] Memory state around the buggy address: [ 43.065269] ffff000082240000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.072595] ffff000082240080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.079918] >ffff000082240100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 43.087233] ^ [ 43.094200] ffff000082240180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.101524] ffff000082240200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.108844] ================================================================== [ 43.116234] ================================================================== [ 43.123557] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 43.131058] Read of size 1 at addr ffff000082240178 by task kunit_try_catch/303 [ 43.138470] [ 43.140009] CPU: 3 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 43.140038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.140046] Hardware name: Thundercomm Dragonboard 845c (DT) [ 43.140057] Call trace: [ 43.140065] show_stack+0x20/0x38 (C) [ 43.140083] dump_stack_lvl+0x8c/0xd0 [ 43.140106] print_report+0x118/0x608 [ 43.140124] kasan_report+0xdc/0x128 [ 43.140143] __asan_report_load1_noabort+0x20/0x30 [ 43.140162] ksize_unpoisons_memory+0x618/0x740 [ 43.140182] kunit_try_run_case+0x170/0x3f0 [ 43.140200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.140223] kthread+0x328/0x630 [ 43.140237] ret_from_fork+0x10/0x20 [ 43.140254] [ 43.206302] Allocated by task 303: [ 43.209762] kasan_save_stack+0x3c/0x68 [ 43.213672] kasan_save_track+0x20/0x40 [ 43.217582] kasan_save_alloc_info+0x40/0x58 [ 43.221920] __kasan_kmalloc+0xd4/0xd8 [ 43.225742] __kmalloc_cache_noprof+0x16c/0x3c0 [ 43.230352] ksize_unpoisons_memory+0xc0/0x740 [ 43.234873] kunit_try_run_case+0x170/0x3f0 [ 43.239124] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.244702] kthread+0x328/0x630 [ 43.247993] ret_from_fork+0x10/0x20 [ 43.251634] [ 43.253171] The buggy address belongs to the object at ffff000082240100 [ 43.253171] which belongs to the cache kmalloc-128 of size 128 [ 43.265835] The buggy address is located 5 bytes to the right of [ 43.265835] allocated 115-byte region [ffff000082240100, ffff000082240173) [ 43.278941] [ 43.280477] The buggy address belongs to the physical page: [ 43.286124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102240 [ 43.294238] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 43.301995] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 43.309049] page_type: f5(slab) [ 43.312252] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 43.320096] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.327940] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 43.335872] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.343802] head: 0bfffe0000000001 fffffdffc2089001 00000000ffffffff 00000000ffffffff [ 43.351731] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 43.359656] page dumped because: kasan: bad access detected [ 43.365303] [ 43.366833] Memory state around the buggy address: [ 43.371692] ffff000082240000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.379007] ffff000082240080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.386332] >ffff000082240100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 43.393652] ^ [ 43.400888] ffff000082240180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.408212] ffff000082240200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.415527] ================================================================== [ 43.423704] ================================================================== [ 43.431032] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 43.438530] Read of size 1 at addr ffff00008224017f by task kunit_try_catch/303 [ 43.445936] [ 43.447472] CPU: 5 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 43.447503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.447512] Hardware name: Thundercomm Dragonboard 845c (DT) [ 43.447523] Call trace: [ 43.447530] show_stack+0x20/0x38 (C) [ 43.447547] dump_stack_lvl+0x8c/0xd0 [ 43.447566] print_report+0x118/0x608 [ 43.447584] kasan_report+0xdc/0x128 [ 43.447603] __asan_report_load1_noabort+0x20/0x30 [ 43.447619] ksize_unpoisons_memory+0x690/0x740 [ 43.447637] kunit_try_run_case+0x170/0x3f0 [ 43.447654] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.447676] kthread+0x328/0x630 [ 43.447690] ret_from_fork+0x10/0x20 [ 43.447706] [ 43.513723] Allocated by task 303: [ 43.517175] kasan_save_stack+0x3c/0x68 [ 43.521083] kasan_save_track+0x20/0x40 [ 43.524987] kasan_save_alloc_info+0x40/0x58 [ 43.529323] __kasan_kmalloc+0xd4/0xd8 [ 43.533137] __kmalloc_cache_noprof+0x16c/0x3c0 [ 43.537738] ksize_unpoisons_memory+0xc0/0x740 [ 43.542249] kunit_try_run_case+0x170/0x3f0 [ 43.546499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.552069] kthread+0x328/0x630 [ 43.555351] ret_from_fork+0x10/0x20 [ 43.558985] [ 43.560515] The buggy address belongs to the object at ffff000082240100 [ 43.560515] which belongs to the cache kmalloc-128 of size 128 [ 43.573168] The buggy address is located 12 bytes to the right of [ 43.573168] allocated 115-byte region [ffff000082240100, ffff000082240173) [ 43.586355] [ 43.587883] The buggy address belongs to the physical page: [ 43.593527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102240 [ 43.601629] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 43.609381] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 43.616437] page_type: f5(slab) [ 43.619631] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 43.627471] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.635313] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 43.643238] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.651163] head: 0bfffe0000000001 fffffdffc2089001 00000000ffffffff 00000000ffffffff [ 43.659090] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 43.667013] page dumped because: kasan: bad access detected [ 43.672663] [ 43.674185] Memory state around the buggy address: [ 43.679045] ffff000082240000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.686360] ffff000082240080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.693673] >ffff000082240100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 43.700984] ^ [ 43.708210] ffff000082240180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.715526] ffff000082240200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.722833] ==================================================================
[ 31.316445] ================================================================== [ 31.316959] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 31.317046] Read of size 1 at addr fff00000c9ae347f by task kunit_try_catch/226 [ 31.317173] [ 31.317203] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.317492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.317634] Hardware name: linux,dummy-virt (DT) [ 31.317696] Call trace: [ 31.317797] show_stack+0x20/0x38 (C) [ 31.318056] dump_stack_lvl+0x8c/0xd0 [ 31.318314] print_report+0x118/0x608 [ 31.318416] kasan_report+0xdc/0x128 [ 31.318510] __asan_report_load1_noabort+0x20/0x30 [ 31.318751] ksize_unpoisons_memory+0x690/0x740 [ 31.318956] kunit_try_run_case+0x170/0x3f0 [ 31.319016] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.319420] kthread+0x328/0x630 [ 31.319526] ret_from_fork+0x10/0x20 [ 31.319807] [ 31.319931] Allocated by task 226: [ 31.320050] kasan_save_stack+0x3c/0x68 [ 31.320363] kasan_save_track+0x20/0x40 [ 31.320793] kasan_save_alloc_info+0x40/0x58 [ 31.321030] __kasan_kmalloc+0xd4/0xd8 [ 31.321181] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.321296] ksize_unpoisons_memory+0xc0/0x740 [ 31.321338] kunit_try_run_case+0x170/0x3f0 [ 31.321670] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.322000] kthread+0x328/0x630 [ 31.322143] ret_from_fork+0x10/0x20 [ 31.322277] [ 31.322299] The buggy address belongs to the object at fff00000c9ae3400 [ 31.322299] which belongs to the cache kmalloc-128 of size 128 [ 31.322535] The buggy address is located 12 bytes to the right of [ 31.322535] allocated 115-byte region [fff00000c9ae3400, fff00000c9ae3473) [ 31.322771] [ 31.322826] The buggy address belongs to the physical page: [ 31.322947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.323095] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.323213] page_type: f5(slab) [ 31.323420] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.323531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.324039] page dumped because: kasan: bad access detected [ 31.324142] [ 31.324203] Memory state around the buggy address: [ 31.324296] fff00000c9ae3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.324556] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.324880] >fff00000c9ae3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.325058] ^ [ 31.325136] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.325353] fff00000c9ae3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.325517] ================================================================== [ 31.309542] ================================================================== [ 31.309597] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 31.309668] Read of size 1 at addr fff00000c9ae3478 by task kunit_try_catch/226 [ 31.309721] [ 31.309750] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.309848] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.309876] Hardware name: linux,dummy-virt (DT) [ 31.309909] Call trace: [ 31.309930] show_stack+0x20/0x38 (C) [ 31.309989] dump_stack_lvl+0x8c/0xd0 [ 31.310046] print_report+0x118/0x608 [ 31.310105] kasan_report+0xdc/0x128 [ 31.310151] __asan_report_load1_noabort+0x20/0x30 [ 31.310202] ksize_unpoisons_memory+0x618/0x740 [ 31.310252] kunit_try_run_case+0x170/0x3f0 [ 31.310310] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.310365] kthread+0x328/0x630 [ 31.310408] ret_from_fork+0x10/0x20 [ 31.310454] [ 31.310474] Allocated by task 226: [ 31.310501] kasan_save_stack+0x3c/0x68 [ 31.310544] kasan_save_track+0x20/0x40 [ 31.310582] kasan_save_alloc_info+0x40/0x58 [ 31.310629] __kasan_kmalloc+0xd4/0xd8 [ 31.310667] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.310709] ksize_unpoisons_memory+0xc0/0x740 [ 31.310749] kunit_try_run_case+0x170/0x3f0 [ 31.310798] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.311152] kthread+0x328/0x630 [ 31.311201] ret_from_fork+0x10/0x20 [ 31.311673] [ 31.311916] The buggy address belongs to the object at fff00000c9ae3400 [ 31.311916] which belongs to the cache kmalloc-128 of size 128 [ 31.312019] The buggy address is located 5 bytes to the right of [ 31.312019] allocated 115-byte region [fff00000c9ae3400, fff00000c9ae3473) [ 31.313015] [ 31.313073] The buggy address belongs to the physical page: [ 31.313405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.313465] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.313558] page_type: f5(slab) [ 31.313640] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.313717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.313936] page dumped because: kasan: bad access detected [ 31.314055] [ 31.314076] Memory state around the buggy address: [ 31.314342] fff00000c9ae3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.314580] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.314933] >fff00000c9ae3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.315031] ^ [ 31.315233] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.315317] fff00000c9ae3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.315513] ================================================================== [ 31.299595] ================================================================== [ 31.299666] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 31.300064] Read of size 1 at addr fff00000c9ae3473 by task kunit_try_catch/226 [ 31.300134] [ 31.300170] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.300500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.300625] Hardware name: linux,dummy-virt (DT) [ 31.300662] Call trace: [ 31.300697] show_stack+0x20/0x38 (C) [ 31.301044] dump_stack_lvl+0x8c/0xd0 [ 31.301197] print_report+0x118/0x608 [ 31.301387] kasan_report+0xdc/0x128 [ 31.301513] __asan_report_load1_noabort+0x20/0x30 [ 31.301648] ksize_unpoisons_memory+0x628/0x740 [ 31.301746] kunit_try_run_case+0x170/0x3f0 [ 31.302117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.302252] kthread+0x328/0x630 [ 31.302421] ret_from_fork+0x10/0x20 [ 31.302548] [ 31.302614] Allocated by task 226: [ 31.303095] kasan_save_stack+0x3c/0x68 [ 31.303276] kasan_save_track+0x20/0x40 [ 31.303347] kasan_save_alloc_info+0x40/0x58 [ 31.303410] __kasan_kmalloc+0xd4/0xd8 [ 31.303472] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.303964] ksize_unpoisons_memory+0xc0/0x740 [ 31.304118] kunit_try_run_case+0x170/0x3f0 [ 31.304190] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.304591] kthread+0x328/0x630 [ 31.304823] ret_from_fork+0x10/0x20 [ 31.305110] [ 31.305155] The buggy address belongs to the object at fff00000c9ae3400 [ 31.305155] which belongs to the cache kmalloc-128 of size 128 [ 31.305235] The buggy address is located 0 bytes to the right of [ 31.305235] allocated 115-byte region [fff00000c9ae3400, fff00000c9ae3473) [ 31.305580] [ 31.305656] The buggy address belongs to the physical page: [ 31.305892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.306034] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.306143] page_type: f5(slab) [ 31.306186] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.306455] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.306545] page dumped because: kasan: bad access detected [ 31.306784] [ 31.306985] Memory state around the buggy address: [ 31.307077] fff00000c9ae3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.307150] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.307559] >fff00000c9ae3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 31.307626] ^ [ 31.307721] fff00000c9ae3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.308065] fff00000c9ae3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.308231] ==================================================================
[ 23.592534] ================================================================== [ 23.593005] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594015] Read of size 1 at addr ffff88810554007f by task kunit_try_catch/243 [ 23.594545] [ 23.594648] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.594695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.594707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.594727] Call Trace: [ 23.594738] <TASK> [ 23.594752] dump_stack_lvl+0x73/0xb0 [ 23.594780] print_report+0xd1/0x650 [ 23.594801] ? __virt_addr_valid+0x1db/0x2d0 [ 23.594823] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594845] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.594870] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594892] kasan_report+0x141/0x180 [ 23.594913] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594939] __asan_report_load1_noabort+0x18/0x20 [ 23.594961] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594984] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.595005] ? finish_task_switch.isra.0+0x153/0x700 [ 23.595026] ? __switch_to+0x47/0xf50 [ 23.595050] ? __schedule+0x10cc/0x2b60 [ 23.595076] ? __pfx_read_tsc+0x10/0x10 [ 23.595096] ? ktime_get_ts64+0x86/0x230 [ 23.595137] kunit_try_run_case+0x1a5/0x480 [ 23.595173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.595196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.595216] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.595241] ? __kthread_parkme+0x82/0x180 [ 23.595260] ? preempt_count_sub+0x50/0x80 [ 23.595282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.595313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.595335] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.595359] kthread+0x337/0x6f0 [ 23.595378] ? trace_preempt_on+0x20/0xc0 [ 23.595400] ? __pfx_kthread+0x10/0x10 [ 23.595420] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.595443] ? calculate_sigpending+0x7b/0xa0 [ 23.595478] ? __pfx_kthread+0x10/0x10 [ 23.595500] ret_from_fork+0x116/0x1d0 [ 23.595519] ? __pfx_kthread+0x10/0x10 [ 23.595540] ret_from_fork_asm+0x1a/0x30 [ 23.595570] </TASK> [ 23.595581] [ 23.604074] Allocated by task 243: [ 23.604537] kasan_save_stack+0x45/0x70 [ 23.604702] kasan_save_track+0x18/0x40 [ 23.605024] kasan_save_alloc_info+0x3b/0x50 [ 23.605354] __kasan_kmalloc+0xb7/0xc0 [ 23.605627] __kmalloc_cache_noprof+0x189/0x420 [ 23.605794] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.606134] kunit_try_run_case+0x1a5/0x480 [ 23.606363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.606604] kthread+0x337/0x6f0 [ 23.606756] ret_from_fork+0x116/0x1d0 [ 23.606923] ret_from_fork_asm+0x1a/0x30 [ 23.607096] [ 23.607172] The buggy address belongs to the object at ffff888105540000 [ 23.607172] which belongs to the cache kmalloc-128 of size 128 [ 23.608035] The buggy address is located 12 bytes to the right of [ 23.608035] allocated 115-byte region [ffff888105540000, ffff888105540073) [ 23.608812] [ 23.608913] The buggy address belongs to the physical page: [ 23.609269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.609805] flags: 0x200000000000000(node=0|zone=2) [ 23.610345] page_type: f5(slab) [ 23.610817] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.611670] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.612078] page dumped because: kasan: bad access detected [ 23.612388] [ 23.612642] Memory state around the buggy address: [ 23.613173] ffff88810553ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.613765] ffff88810553ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.613985] >ffff888105540000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.614184] ^ [ 23.614798] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.615566] ffff888105540100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.616185] ================================================================== [ 23.533120] ================================================================== [ 23.533713] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.534743] Read of size 1 at addr ffff888105540073 by task kunit_try_catch/243 [ 23.535298] [ 23.535585] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.535638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.535651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.535674] Call Trace: [ 23.535687] <TASK> [ 23.535705] dump_stack_lvl+0x73/0xb0 [ 23.535735] print_report+0xd1/0x650 [ 23.535757] ? __virt_addr_valid+0x1db/0x2d0 [ 23.535781] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.535827] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535849] kasan_report+0x141/0x180 [ 23.535870] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535897] __asan_report_load1_noabort+0x18/0x20 [ 23.535919] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535942] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.535963] ? finish_task_switch.isra.0+0x153/0x700 [ 23.535984] ? __switch_to+0x47/0xf50 [ 23.536010] ? __schedule+0x10cc/0x2b60 [ 23.536035] ? __pfx_read_tsc+0x10/0x10 [ 23.536057] ? ktime_get_ts64+0x86/0x230 [ 23.536081] kunit_try_run_case+0x1a5/0x480 [ 23.536107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.536129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.536149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.536175] ? __kthread_parkme+0x82/0x180 [ 23.536195] ? preempt_count_sub+0x50/0x80 [ 23.536217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.536241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.536263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.536287] kthread+0x337/0x6f0 [ 23.536305] ? trace_preempt_on+0x20/0xc0 [ 23.536328] ? __pfx_kthread+0x10/0x10 [ 23.536359] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.536382] ? calculate_sigpending+0x7b/0xa0 [ 23.536406] ? __pfx_kthread+0x10/0x10 [ 23.536433] ret_from_fork+0x116/0x1d0 [ 23.536451] ? __pfx_kthread+0x10/0x10 [ 23.536479] ret_from_fork_asm+0x1a/0x30 [ 23.536510] </TASK> [ 23.536521] [ 23.548582] Allocated by task 243: [ 23.548706] kasan_save_stack+0x45/0x70 [ 23.548843] kasan_save_track+0x18/0x40 [ 23.548967] kasan_save_alloc_info+0x3b/0x50 [ 23.549103] __kasan_kmalloc+0xb7/0xc0 [ 23.549485] __kmalloc_cache_noprof+0x189/0x420 [ 23.549883] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.550381] kunit_try_run_case+0x1a5/0x480 [ 23.550776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.551266] kthread+0x337/0x6f0 [ 23.551633] ret_from_fork+0x116/0x1d0 [ 23.551979] ret_from_fork_asm+0x1a/0x30 [ 23.552352] [ 23.552542] The buggy address belongs to the object at ffff888105540000 [ 23.552542] which belongs to the cache kmalloc-128 of size 128 [ 23.553030] The buggy address is located 0 bytes to the right of [ 23.553030] allocated 115-byte region [ffff888105540000, ffff888105540073) [ 23.554055] [ 23.554221] The buggy address belongs to the physical page: [ 23.554797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.555512] flags: 0x200000000000000(node=0|zone=2) [ 23.556049] page_type: f5(slab) [ 23.556346] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.556626] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.556837] page dumped because: kasan: bad access detected [ 23.556994] [ 23.557056] Memory state around the buggy address: [ 23.557518] ffff88810553ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.557795] ffff88810553ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.558084] >ffff888105540000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.558950] ^ [ 23.559390] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.559910] ffff888105540100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.560589] ================================================================== [ 23.561227] ================================================================== [ 23.561995] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.562739] Read of size 1 at addr ffff888105540078 by task kunit_try_catch/243 [ 23.563287] [ 23.563580] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.563634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.563649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.563669] Call Trace: [ 23.563682] <TASK> [ 23.563697] dump_stack_lvl+0x73/0xb0 [ 23.563736] print_report+0xd1/0x650 [ 23.563757] ? __virt_addr_valid+0x1db/0x2d0 [ 23.563779] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563801] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.563825] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563847] kasan_report+0x141/0x180 [ 23.563868] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563894] __asan_report_load1_noabort+0x18/0x20 [ 23.563917] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563939] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.563960] ? finish_task_switch.isra.0+0x153/0x700 [ 23.563981] ? __switch_to+0x47/0xf50 [ 23.564006] ? __schedule+0x10cc/0x2b60 [ 23.564031] ? __pfx_read_tsc+0x10/0x10 [ 23.564052] ? ktime_get_ts64+0x86/0x230 [ 23.564076] kunit_try_run_case+0x1a5/0x480 [ 23.564101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.564123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.564143] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.564170] ? __kthread_parkme+0x82/0x180 [ 23.564190] ? preempt_count_sub+0x50/0x80 [ 23.564245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.564269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.564292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.564315] kthread+0x337/0x6f0 [ 23.564334] ? trace_preempt_on+0x20/0xc0 [ 23.564356] ? __pfx_kthread+0x10/0x10 [ 23.564375] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.564398] ? calculate_sigpending+0x7b/0xa0 [ 23.564422] ? __pfx_kthread+0x10/0x10 [ 23.564444] ret_from_fork+0x116/0x1d0 [ 23.564472] ? __pfx_kthread+0x10/0x10 [ 23.564493] ret_from_fork_asm+0x1a/0x30 [ 23.564523] </TASK> [ 23.564533] [ 23.578227] Allocated by task 243: [ 23.578405] kasan_save_stack+0x45/0x70 [ 23.578606] kasan_save_track+0x18/0x40 [ 23.578778] kasan_save_alloc_info+0x3b/0x50 [ 23.578961] __kasan_kmalloc+0xb7/0xc0 [ 23.579130] __kmalloc_cache_noprof+0x189/0x420 [ 23.580180] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.580674] kunit_try_run_case+0x1a5/0x480 [ 23.581361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.581618] kthread+0x337/0x6f0 [ 23.581772] ret_from_fork+0x116/0x1d0 [ 23.581954] ret_from_fork_asm+0x1a/0x30 [ 23.582125] [ 23.582523] The buggy address belongs to the object at ffff888105540000 [ 23.582523] which belongs to the cache kmalloc-128 of size 128 [ 23.583531] The buggy address is located 5 bytes to the right of [ 23.583531] allocated 115-byte region [ffff888105540000, ffff888105540073) [ 23.584388] [ 23.584495] The buggy address belongs to the physical page: [ 23.584726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.585045] flags: 0x200000000000000(node=0|zone=2) [ 23.585658] page_type: f5(slab) [ 23.585968] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.586803] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.587115] page dumped because: kasan: bad access detected [ 23.587590] [ 23.587818] Memory state around the buggy address: [ 23.588023] ffff88810553ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.588607] ffff88810553ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.588907] >ffff888105540000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.589510] ^ [ 23.589882] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.590413] ffff888105540100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.590706] ==================================================================