Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 20.862235] ================================================================== [ 20.873065] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 20.880348] Write of size 1 at addr ffff000805d69f00 by task kunit_try_catch/191 [ 20.887723] [ 20.889211] CPU: 7 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 20.889268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.889285] Hardware name: WinLink E850-96 board (DT) [ 20.889306] Call trace: [ 20.889321] show_stack+0x20/0x38 (C) [ 20.889360] dump_stack_lvl+0x8c/0xd0 [ 20.889398] print_report+0x118/0x608 [ 20.889433] kasan_report+0xdc/0x128 [ 20.889466] __asan_report_store1_noabort+0x20/0x30 [ 20.889497] kmalloc_big_oob_right+0x2a4/0x2f0 [ 20.889528] kunit_try_run_case+0x170/0x3f0 [ 20.889564] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.889601] kthread+0x328/0x630 [ 20.889632] ret_from_fork+0x10/0x20 [ 20.889667] [ 20.952393] Allocated by task 191: [ 20.955781] kasan_save_stack+0x3c/0x68 [ 20.959598] kasan_save_track+0x20/0x40 [ 20.963416] kasan_save_alloc_info+0x40/0x58 [ 20.967669] __kasan_kmalloc+0xd4/0xd8 [ 20.971403] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.975916] kmalloc_big_oob_right+0xb8/0x2f0 [ 20.980257] kunit_try_run_case+0x170/0x3f0 [ 20.984423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.989891] kthread+0x328/0x630 [ 20.993103] ret_from_fork+0x10/0x20 [ 20.996662] [ 20.998139] The buggy address belongs to the object at ffff000805d68000 [ 20.998139] which belongs to the cache kmalloc-8k of size 8192 [ 21.010640] The buggy address is located 0 bytes to the right of [ 21.010640] allocated 7936-byte region [ffff000805d68000, ffff000805d69f00) [ 21.023658] [ 21.025138] The buggy address belongs to the physical page: [ 21.030693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885d68 [ 21.038677] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.046317] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.053261] page_type: f5(slab) [ 21.056397] raw: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000 [ 21.064116] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.071845] head: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000 [ 21.079653] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.087466] head: 0bfffe0000000003 fffffdffe0175a01 00000000ffffffff 00000000ffffffff [ 21.095278] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.103084] page dumped because: kasan: bad access detected [ 21.108641] [ 21.110115] Memory state around the buggy address: [ 21.114896] ffff000805d69e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.122098] ffff000805d69e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.129302] >ffff000805d69f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.136504] ^ [ 21.139720] ffff000805d69f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.146925] ffff000805d6a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.154128] ==================================================================
[ 24.712999] ================================================================== [ 24.713247] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.713367] Write of size 1 at addr fff00000c7791f00 by task kunit_try_catch/144 [ 24.713599] [ 24.713728] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.713948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.714013] Hardware name: linux,dummy-virt (DT) [ 24.714084] Call trace: [ 24.714140] show_stack+0x20/0x38 (C) [ 24.714257] dump_stack_lvl+0x8c/0xd0 [ 24.714383] print_report+0x118/0x608 [ 24.714725] kasan_report+0xdc/0x128 [ 24.715075] __asan_report_store1_noabort+0x20/0x30 [ 24.715271] kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.715547] kunit_try_run_case+0x170/0x3f0 [ 24.715685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.715838] kthread+0x328/0x630 [ 24.715981] ret_from_fork+0x10/0x20 [ 24.716207] [ 24.716277] Allocated by task 144: [ 24.716350] kasan_save_stack+0x3c/0x68 [ 24.716480] kasan_save_track+0x20/0x40 [ 24.716799] kasan_save_alloc_info+0x40/0x58 [ 24.716999] __kasan_kmalloc+0xd4/0xd8 [ 24.717111] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.717361] kmalloc_big_oob_right+0xb8/0x2f0 [ 24.717456] kunit_try_run_case+0x170/0x3f0 [ 24.717550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.717690] kthread+0x328/0x630 [ 24.717879] ret_from_fork+0x10/0x20 [ 24.717988] [ 24.718045] The buggy address belongs to the object at fff00000c7790000 [ 24.718045] which belongs to the cache kmalloc-8k of size 8192 [ 24.718431] The buggy address is located 0 bytes to the right of [ 24.718431] allocated 7936-byte region [fff00000c7790000, fff00000c7791f00) [ 24.718955] [ 24.719011] The buggy address belongs to the physical page: [ 24.719304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107790 [ 24.719530] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.719682] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.719808] page_type: f5(slab) [ 24.719912] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.720057] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.720727] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.721232] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.721525] head: 0bfffe0000000003 ffffc1ffc31de401 00000000ffffffff 00000000ffffffff [ 24.721664] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.722170] page dumped because: kasan: bad access detected [ 24.722273] [ 24.722327] Memory state around the buggy address: [ 24.722413] fff00000c7791e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.722658] fff00000c7791e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.722812] >fff00000c7791f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.723081] ^ [ 24.723154] fff00000c7791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.723258] fff00000c7792000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.723380] ==================================================================
[ 24.852463] ================================================================== [ 24.852607] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.852892] Write of size 1 at addr fff00000c64cdf00 by task kunit_try_catch/144 [ 24.853021] [ 24.853539] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.853774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.853908] Hardware name: linux,dummy-virt (DT) [ 24.853998] Call trace: [ 24.854063] show_stack+0x20/0x38 (C) [ 24.854188] dump_stack_lvl+0x8c/0xd0 [ 24.854499] print_report+0x118/0x608 [ 24.854629] kasan_report+0xdc/0x128 [ 24.854859] __asan_report_store1_noabort+0x20/0x30 [ 24.855097] kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.855226] kunit_try_run_case+0x170/0x3f0 [ 24.855574] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.855710] kthread+0x328/0x630 [ 24.855850] ret_from_fork+0x10/0x20 [ 24.855977] [ 24.856029] Allocated by task 144: [ 24.856106] kasan_save_stack+0x3c/0x68 [ 24.856216] kasan_save_track+0x20/0x40 [ 24.856327] kasan_save_alloc_info+0x40/0x58 [ 24.856438] __kasan_kmalloc+0xd4/0xd8 [ 24.856546] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.856662] kmalloc_big_oob_right+0xb8/0x2f0 [ 24.856775] kunit_try_run_case+0x170/0x3f0 [ 24.856919] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.857041] kthread+0x328/0x630 [ 24.857154] ret_from_fork+0x10/0x20 [ 24.857251] [ 24.857306] The buggy address belongs to the object at fff00000c64cc000 [ 24.857306] which belongs to the cache kmalloc-8k of size 8192 [ 24.857451] The buggy address is located 0 bytes to the right of [ 24.857451] allocated 7936-byte region [fff00000c64cc000, fff00000c64cdf00) [ 24.857711] [ 24.857772] The buggy address belongs to the physical page: [ 24.857875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c8 [ 24.858015] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.858162] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.859214] page_type: f5(slab) [ 24.859339] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.859461] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.859584] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.859700] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.859827] head: 0bfffe0000000003 ffffc1ffc3193201 00000000ffffffff 00000000ffffffff [ 24.859980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.860084] page dumped because: kasan: bad access detected [ 24.860250] [ 24.860326] Memory state around the buggy address: [ 24.860416] fff00000c64cde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.860519] fff00000c64cde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.860783] >fff00000c64cdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.860917] ^ [ 24.860997] fff00000c64cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.861158] fff00000c64ce000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.861263] ==================================================================
[ 17.560192] ================================================================== [ 17.561961] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 17.563137] Write of size 1 at addr ffff888103999f00 by task kunit_try_catch/162 [ 17.564017] [ 17.564582] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.564716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.564754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.564819] Call Trace: [ 17.564867] <TASK> [ 17.565102] dump_stack_lvl+0x73/0xb0 [ 17.565268] print_report+0xd1/0x650 [ 17.565373] ? __virt_addr_valid+0x1db/0x2d0 [ 17.565416] ? kmalloc_big_oob_right+0x316/0x370 [ 17.565451] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.565481] ? kmalloc_big_oob_right+0x316/0x370 [ 17.565551] kasan_report+0x141/0x180 [ 17.565668] ? kmalloc_big_oob_right+0x316/0x370 [ 17.565742] __asan_report_store1_noabort+0x1b/0x30 [ 17.565806] kmalloc_big_oob_right+0x316/0x370 [ 17.565871] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 17.565911] ? __schedule+0x10cc/0x2b60 [ 17.565946] ? __pfx_read_tsc+0x10/0x10 [ 17.565976] ? ktime_get_ts64+0x86/0x230 [ 17.566010] kunit_try_run_case+0x1a5/0x480 [ 17.566048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.566081] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.566115] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.566147] ? __kthread_parkme+0x82/0x180 [ 17.566175] ? preempt_count_sub+0x50/0x80 [ 17.566209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.566285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.566322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.566357] kthread+0x337/0x6f0 [ 17.566386] ? trace_preempt_on+0x20/0xc0 [ 17.566421] ? __pfx_kthread+0x10/0x10 [ 17.566450] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.566480] ? calculate_sigpending+0x7b/0xa0 [ 17.566551] ? __pfx_kthread+0x10/0x10 [ 17.566626] ret_from_fork+0x116/0x1d0 [ 17.566680] ? __pfx_kthread+0x10/0x10 [ 17.566711] ret_from_fork_asm+0x1a/0x30 [ 17.566755] </TASK> [ 17.566771] [ 17.589937] Allocated by task 162: [ 17.590631] kasan_save_stack+0x45/0x70 [ 17.591275] kasan_save_track+0x18/0x40 [ 17.591706] kasan_save_alloc_info+0x3b/0x50 [ 17.592163] __kasan_kmalloc+0xb7/0xc0 [ 17.592563] __kmalloc_cache_noprof+0x189/0x420 [ 17.593032] kmalloc_big_oob_right+0xa9/0x370 [ 17.593591] kunit_try_run_case+0x1a5/0x480 [ 17.593976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.594935] kthread+0x337/0x6f0 [ 17.595388] ret_from_fork+0x116/0x1d0 [ 17.596185] ret_from_fork_asm+0x1a/0x30 [ 17.596821] [ 17.597053] The buggy address belongs to the object at ffff888103998000 [ 17.597053] which belongs to the cache kmalloc-8k of size 8192 [ 17.598283] The buggy address is located 0 bytes to the right of [ 17.598283] allocated 7936-byte region [ffff888103998000, ffff888103999f00) [ 17.599858] [ 17.600288] The buggy address belongs to the physical page: [ 17.601050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103998 [ 17.602010] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.602674] flags: 0x200000000000040(head|node=0|zone=2) [ 17.603375] page_type: f5(slab) [ 17.603917] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 17.604756] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 17.605435] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 17.606708] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 17.607325] head: 0200000000000003 ffffea00040e6601 00000000ffffffff 00000000ffffffff [ 17.608116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 17.608955] page dumped because: kasan: bad access detected [ 17.609492] [ 17.609936] Memory state around the buggy address: [ 17.610406] ffff888103999e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.611435] ffff888103999e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.612210] >ffff888103999f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.613000] ^ [ 17.613396] ffff888103999f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.614202] ffff88810399a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.615008] ==================================================================
[ 16.751319] ================================================================== [ 16.752678] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 16.753692] Write of size 1 at addr ffff888102a0df00 by task kunit_try_catch/162 [ 16.754349] [ 16.754695] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.754856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.754913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.754970] Call Trace: [ 16.755004] <TASK> [ 16.755096] dump_stack_lvl+0x73/0xb0 [ 16.755213] print_report+0xd1/0x650 [ 16.755331] ? __virt_addr_valid+0x1db/0x2d0 [ 16.755379] ? kmalloc_big_oob_right+0x316/0x370 [ 16.755413] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.755445] ? kmalloc_big_oob_right+0x316/0x370 [ 16.755477] kasan_report+0x141/0x180 [ 16.755510] ? kmalloc_big_oob_right+0x316/0x370 [ 16.755591] __asan_report_store1_noabort+0x1b/0x30 [ 16.755657] kmalloc_big_oob_right+0x316/0x370 [ 16.755692] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 16.755726] ? __schedule+0x10cc/0x2b60 [ 16.755759] ? __pfx_read_tsc+0x10/0x10 [ 16.755788] ? ktime_get_ts64+0x86/0x230 [ 16.755819] kunit_try_run_case+0x1a5/0x480 [ 16.755854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.755913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.755952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.755986] ? __kthread_parkme+0x82/0x180 [ 16.756014] ? preempt_count_sub+0x50/0x80 [ 16.756044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.756078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.756129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.756175] kthread+0x337/0x6f0 [ 16.756205] ? trace_preempt_on+0x20/0xc0 [ 16.756237] ? __pfx_kthread+0x10/0x10 [ 16.756265] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.756296] ? calculate_sigpending+0x7b/0xa0 [ 16.756331] ? __pfx_kthread+0x10/0x10 [ 16.756360] ret_from_fork+0x116/0x1d0 [ 16.756384] ? __pfx_kthread+0x10/0x10 [ 16.756411] ret_from_fork_asm+0x1a/0x30 [ 16.756451] </TASK> [ 16.756465] [ 16.776306] Allocated by task 162: [ 16.777104] kasan_save_stack+0x45/0x70 [ 16.778007] kasan_save_track+0x18/0x40 [ 16.778293] kasan_save_alloc_info+0x3b/0x50 [ 16.779327] __kasan_kmalloc+0xb7/0xc0 [ 16.779761] __kmalloc_cache_noprof+0x189/0x420 [ 16.780835] kmalloc_big_oob_right+0xa9/0x370 [ 16.781583] kunit_try_run_case+0x1a5/0x480 [ 16.782307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.783190] kthread+0x337/0x6f0 [ 16.783614] ret_from_fork+0x116/0x1d0 [ 16.784421] ret_from_fork_asm+0x1a/0x30 [ 16.785021] [ 16.785212] The buggy address belongs to the object at ffff888102a0c000 [ 16.785212] which belongs to the cache kmalloc-8k of size 8192 [ 16.786979] The buggy address is located 0 bytes to the right of [ 16.786979] allocated 7936-byte region [ffff888102a0c000, ffff888102a0df00) [ 16.788597] [ 16.789057] The buggy address belongs to the physical page: [ 16.789692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a08 [ 16.790800] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.791971] flags: 0x200000000000040(head|node=0|zone=2) [ 16.792394] page_type: f5(slab) [ 16.793245] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 16.794140] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.794698] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 16.795397] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.796692] head: 0200000000000003 ffffea00040a8201 00000000ffffffff 00000000ffffffff [ 16.797238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 16.798059] page dumped because: kasan: bad access detected [ 16.798933] [ 16.799092] Memory state around the buggy address: [ 16.799477] ffff888102a0de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.800694] ffff888102a0de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.801400] >ffff888102a0df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.802221] ^ [ 16.802500] ffff888102a0df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.803439] ffff888102a0e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.804304] ==================================================================
[ 19.874335] ================================================================== [ 19.875486] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 19.876178] Write of size 1 at addr ffff00000e5e1f00 by task kunit_try_catch/197 [ 19.876861] [ 19.877026] CPU: 2 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.877076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.877090] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.877107] Call trace: [ 19.877117] show_stack+0x20/0x38 (C) [ 19.877152] dump_stack_lvl+0x8c/0xd0 [ 19.877187] print_report+0x118/0x608 [ 19.877220] kasan_report+0xdc/0x128 [ 19.877252] __asan_report_store1_noabort+0x20/0x30 [ 19.877281] kmalloc_big_oob_right+0x2a4/0x2f0 [ 19.877311] kunit_try_run_case+0x170/0x3f0 [ 19.877344] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.877381] kthread+0x328/0x630 [ 19.877408] ret_from_fork+0x10/0x20 [ 19.877439] [ 19.883049] Allocated by task 197: [ 19.883373] kasan_save_stack+0x3c/0x68 [ 19.883750] kasan_save_track+0x20/0x40 [ 19.884124] kasan_save_alloc_info+0x40/0x58 [ 19.884540] __kasan_kmalloc+0xd4/0xd8 [ 19.884906] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.885343] kmalloc_big_oob_right+0xb8/0x2f0 [ 19.885761] kunit_try_run_case+0x170/0x3f0 [ 19.886167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.886690] kthread+0x328/0x630 [ 19.887005] ret_from_fork+0x10/0x20 [ 19.887355] [ 19.887507] The buggy address belongs to the object at ffff00000e5e0000 [ 19.887507] which belongs to the cache kmalloc-8k of size 8192 [ 19.888638] The buggy address is located 0 bytes to the right of [ 19.888638] allocated 7936-byte region [ffff00000e5e0000, ffff00000e5e1f00) [ 19.889819] [ 19.889973] The buggy address belongs to the physical page: [ 19.890487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe5e0 [ 19.891210] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.891914] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 19.892564] page_type: f5(slab) [ 19.892879] raw: 03fffe0000000040 ffff000000403180 dead000000000122 0000000000000000 [ 19.893594] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 19.894308] head: 03fffe0000000040 ffff000000403180 dead000000000122 0000000000000000 [ 19.895030] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 19.895752] head: 03fffe0000000003 fffffdffc0397801 00000000ffffffff 00000000ffffffff [ 19.896474] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 19.897189] page dumped because: kasan: bad access detected [ 19.897703] [ 19.897854] Memory state around the buggy address: [ 19.898302] ffff00000e5e1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.898966] ffff00000e5e1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.899631] >ffff00000e5e1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.900291] ^ [ 19.900601] ffff00000e5e1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.901265] ffff00000e5e2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.901925] ==================================================================