Date
June 8, 2025, 11:09 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 19.828841] ================================================================== [ 19.837914] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 19.844771] Read of size 1 at addr ffff000800c2f01f by task kunit_try_catch/185 [ 19.852062] [ 19.853549] CPU: 5 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.853605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.853622] Hardware name: WinLink E850-96 board (DT) [ 19.853645] Call trace: [ 19.853659] show_stack+0x20/0x38 (C) [ 19.853700] dump_stack_lvl+0x8c/0xd0 [ 19.853737] print_report+0x118/0x608 [ 19.853776] kasan_report+0xdc/0x128 [ 19.853812] __asan_report_load1_noabort+0x20/0x30 [ 19.853851] kmalloc_oob_left+0x2ec/0x320 [ 19.853881] kunit_try_run_case+0x170/0x3f0 [ 19.853917] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.853955] kthread+0x328/0x630 [ 19.853984] ret_from_fork+0x10/0x20 [ 19.854021] [ 19.916209] Allocated by task 44: [ 19.919512] kasan_save_stack+0x3c/0x68 [ 19.923327] kasan_save_track+0x20/0x40 [ 19.927148] kasan_save_alloc_info+0x40/0x58 [ 19.931400] __kasan_kmalloc+0xd4/0xd8 [ 19.935133] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 19.940688] kvasprintf+0xe0/0x180 [ 19.944075] __kthread_create_on_node+0x16c/0x350 [ 19.948761] kthread_create_on_node+0xe4/0x130 [ 19.953188] create_worker+0x380/0x6b8 [ 19.956921] worker_thread+0x808/0xf38 [ 19.960653] kthread+0x328/0x630 [ 19.963865] ret_from_fork+0x10/0x20 [ 19.967424] [ 19.968901] The buggy address belongs to the object at ffff000800c2f000 [ 19.968901] which belongs to the cache kmalloc-16 of size 16 [ 19.981228] The buggy address is located 19 bytes to the right of [ 19.981228] allocated 12-byte region [ffff000800c2f000, ffff000800c2f00c) [ 19.994160] [ 19.995638] The buggy address belongs to the physical page: [ 20.001195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880c2f [ 20.009179] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.015689] page_type: f5(slab) [ 20.018826] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000 [ 20.026545] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.034265] page dumped because: kasan: bad access detected [ 20.039818] [ 20.041294] Memory state around the buggy address: [ 20.046076] ffff000800c2ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.053277] ffff000800c2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.060483] >ffff000800c2f000: 00 04 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 20.067683] ^ [ 20.071680] ffff000800c2f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.078885] ffff000800c2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.086087] ==================================================================
[ 24.598249] ================================================================== [ 24.598402] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 24.598954] Read of size 1 at addr fff00000c62bd25f by task kunit_try_catch/138 [ 24.599335] [ 24.599429] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.600182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.600277] Hardware name: linux,dummy-virt (DT) [ 24.600462] Call trace: [ 24.600845] show_stack+0x20/0x38 (C) [ 24.601019] dump_stack_lvl+0x8c/0xd0 [ 24.601299] print_report+0x118/0x608 [ 24.601445] kasan_report+0xdc/0x128 [ 24.601564] __asan_report_load1_noabort+0x20/0x30 [ 24.601689] kmalloc_oob_left+0x2ec/0x320 [ 24.601858] kunit_try_run_case+0x170/0x3f0 [ 24.602047] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.602953] kthread+0x328/0x630 [ 24.603328] ret_from_fork+0x10/0x20 [ 24.603543] [ 24.603597] Allocated by task 9: [ 24.603669] kasan_save_stack+0x3c/0x68 [ 24.603779] kasan_save_track+0x20/0x40 [ 24.603880] kasan_save_alloc_info+0x40/0x58 [ 24.603999] __kasan_kmalloc+0xd4/0xd8 [ 24.604153] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 24.604318] kvasprintf+0xe0/0x180 [ 24.604577] __kthread_create_on_node+0x16c/0x350 [ 24.604679] kthread_create_on_node+0xe4/0x130 [ 24.604776] create_worker+0x380/0x6b8 [ 24.604866] worker_thread+0x808/0xf38 [ 24.604981] kthread+0x328/0x630 [ 24.605228] ret_from_fork+0x10/0x20 [ 24.605322] [ 24.605425] The buggy address belongs to the object at fff00000c62bd240 [ 24.605425] which belongs to the cache kmalloc-16 of size 16 [ 24.605568] The buggy address is located 19 bytes to the right of [ 24.605568] allocated 12-byte region [fff00000c62bd240, fff00000c62bd24c) [ 24.605715] [ 24.605809] The buggy address belongs to the physical page: [ 24.605882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 24.606047] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.606183] page_type: f5(slab) [ 24.606294] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 24.606431] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.606538] page dumped because: kasan: bad access detected [ 24.606621] [ 24.606670] Memory state around the buggy address: [ 24.606752] fff00000c62bd100: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 24.606880] fff00000c62bd180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.607083] >fff00000c62bd200: fa fb fc fc fa fb fc fc 00 04 fc fc 00 07 fc fc [ 24.607300] ^ [ 24.607461] fff00000c62bd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.607667] fff00000c62bd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.607836] ==================================================================
[ 24.710306] ================================================================== [ 24.710437] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 24.710565] Read of size 1 at addr fff00000c56fe33f by task kunit_try_catch/138 [ 24.710680] [ 24.710761] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 24.710974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.711037] Hardware name: linux,dummy-virt (DT) [ 24.711109] Call trace: [ 24.711159] show_stack+0x20/0x38 (C) [ 24.711276] dump_stack_lvl+0x8c/0xd0 [ 24.711395] print_report+0x118/0x608 [ 24.711509] kasan_report+0xdc/0x128 [ 24.711622] __asan_report_load1_noabort+0x20/0x30 [ 24.711749] kmalloc_oob_left+0x2ec/0x320 [ 24.711908] kunit_try_run_case+0x170/0x3f0 [ 24.712505] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.712703] kthread+0x328/0x630 [ 24.712939] ret_from_fork+0x10/0x20 [ 24.713327] [ 24.713378] Allocated by task 11: [ 24.713470] kasan_save_stack+0x3c/0x68 [ 24.713660] kasan_save_track+0x20/0x40 [ 24.713859] kasan_save_alloc_info+0x40/0x58 [ 24.713967] __kasan_kmalloc+0xd4/0xd8 [ 24.714076] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 24.714193] kvasprintf+0xe0/0x180 [ 24.714546] __kthread_create_on_node+0x16c/0x350 [ 24.714657] kthread_create_on_node+0xe4/0x130 [ 24.714758] create_worker+0x380/0x6b8 [ 24.714918] worker_thread+0x808/0xf38 [ 24.715139] kthread+0x328/0x630 [ 24.715291] ret_from_fork+0x10/0x20 [ 24.715457] [ 24.715702] The buggy address belongs to the object at fff00000c56fe320 [ 24.715702] which belongs to the cache kmalloc-16 of size 16 [ 24.716315] The buggy address is located 19 bytes to the right of [ 24.716315] allocated 12-byte region [fff00000c56fe320, fff00000c56fe32c) [ 24.716725] [ 24.716911] The buggy address belongs to the physical page: [ 24.717042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056fe [ 24.717339] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.717504] page_type: f5(slab) [ 24.717609] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 24.718049] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.718760] page dumped because: kasan: bad access detected [ 24.719046] [ 24.719095] Memory state around the buggy address: [ 24.719219] fff00000c56fe200: 00 02 fc fc 00 05 fc fc fa fb fc fc 00 02 fc fc [ 24.719830] fff00000c56fe280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.720208] >fff00000c56fe300: fa fb fc fc 00 04 fc fc 00 07 fc fc fc fc fc fc [ 24.720336] ^ [ 24.720655] fff00000c56fe380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.720789] fff00000c56fe400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.721324] ==================================================================
[ 17.328805] ================================================================== [ 17.329752] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 17.330416] Read of size 1 at addr ffff888101a90b1f by task kunit_try_catch/156 [ 17.331130] [ 17.332427] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 17.332753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.332791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.332846] Call Trace: [ 17.332883] <TASK> [ 17.332929] dump_stack_lvl+0x73/0xb0 [ 17.333052] print_report+0xd1/0x650 [ 17.333578] ? __virt_addr_valid+0x1db/0x2d0 [ 17.333672] ? kmalloc_oob_left+0x361/0x3c0 [ 17.333739] ? kasan_complete_mode_report_info+0x64/0x200 [ 17.333788] ? kmalloc_oob_left+0x361/0x3c0 [ 17.333821] kasan_report+0x141/0x180 [ 17.333855] ? kmalloc_oob_left+0x361/0x3c0 [ 17.333892] __asan_report_load1_noabort+0x18/0x20 [ 17.333928] kmalloc_oob_left+0x361/0x3c0 [ 17.333960] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 17.333993] ? __schedule+0x10cc/0x2b60 [ 17.334028] ? __pfx_read_tsc+0x10/0x10 [ 17.334061] ? ktime_get_ts64+0x86/0x230 [ 17.334096] kunit_try_run_case+0x1a5/0x480 [ 17.334136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.334170] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.334204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.334255] ? __kthread_parkme+0x82/0x180 [ 17.334300] ? preempt_count_sub+0x50/0x80 [ 17.334334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.334370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.334404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.334438] kthread+0x337/0x6f0 [ 17.334466] ? trace_preempt_on+0x20/0xc0 [ 17.334522] ? __pfx_kthread+0x10/0x10 [ 17.334610] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.334671] ? calculate_sigpending+0x7b/0xa0 [ 17.334734] ? __pfx_kthread+0x10/0x10 [ 17.334791] ret_from_fork+0x116/0x1d0 [ 17.334850] ? __pfx_kthread+0x10/0x10 [ 17.334903] ret_from_fork_asm+0x1a/0x30 [ 17.334976] </TASK> [ 17.335006] [ 17.362738] Allocated by task 1: [ 17.363995] kasan_save_stack+0x45/0x70 [ 17.364806] kasan_save_track+0x18/0x40 [ 17.365462] kasan_save_alloc_info+0x3b/0x50 [ 17.366217] __kasan_kmalloc+0xb7/0xc0 [ 17.368417] __kmalloc_noprof+0x1c9/0x500 [ 17.369597] kobject_get_path+0xa7/0x1f0 [ 17.371364] kobject_uevent_env+0x1f9/0xff0 [ 17.372165] kobject_uevent+0xf/0x20 [ 17.372793] param_sysfs_builtin_init+0x28b/0x3a0 [ 17.373463] do_one_initcall+0xd8/0x370 [ 17.374224] kernel_init_freeable+0x420/0x6f0 [ 17.375801] kernel_init+0x23/0x1e0 [ 17.377110] ret_from_fork+0x116/0x1d0 [ 17.378070] ret_from_fork_asm+0x1a/0x30 [ 17.378972] [ 17.379363] Freed by task 1: [ 17.380216] kasan_save_stack+0x45/0x70 [ 17.380546] kasan_save_track+0x18/0x40 [ 17.381844] kasan_save_free_info+0x3f/0x60 [ 17.382532] __kasan_slab_free+0x56/0x70 [ 17.383042] kfree+0x222/0x3f0 [ 17.383419] kobject_uevent_env+0x233/0xff0 [ 17.384166] kobject_uevent+0xf/0x20 [ 17.384941] param_sysfs_builtin_init+0x28b/0x3a0 [ 17.385582] do_one_initcall+0xd8/0x370 [ 17.386450] kernel_init_freeable+0x420/0x6f0 [ 17.387309] kernel_init+0x23/0x1e0 [ 17.387872] ret_from_fork+0x116/0x1d0 [ 17.388627] ret_from_fork_asm+0x1a/0x30 [ 17.389235] [ 17.389416] The buggy address belongs to the object at ffff888101a90b00 [ 17.389416] which belongs to the cache kmalloc-16 of size 16 [ 17.391064] The buggy address is located 15 bytes to the right of [ 17.391064] allocated 16-byte region [ffff888101a90b00, ffff888101a90b10) [ 17.392447] [ 17.393063] The buggy address belongs to the physical page: [ 17.393986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a90 [ 17.395356] flags: 0x200000000000000(node=0|zone=2) [ 17.395908] page_type: f5(slab) [ 17.396310] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 17.396990] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.397547] page dumped because: kasan: bad access detected [ 17.397943] [ 17.398108] Memory state around the buggy address: [ 17.398481] ffff888101a90a00: 00 01 fc fc 00 01 fc fc fa fb fc fc fa fb fc fc [ 17.399973] ffff888101a90a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.401079] >ffff888101a90b00: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 17.401894] ^ [ 17.402677] ffff888101a90b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.403781] ffff888101a90c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.404784] ==================================================================
[ 16.500698] ================================================================== [ 16.501683] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 16.502273] Read of size 1 at addr ffff888101e49e3f by task kunit_try_catch/156 [ 16.502778] [ 16.504066] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT(voluntary) [ 16.504176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.504196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.504230] Call Trace: [ 16.504246] <TASK> [ 16.504266] dump_stack_lvl+0x73/0xb0 [ 16.504310] print_report+0xd1/0x650 [ 16.504341] ? __virt_addr_valid+0x1db/0x2d0 [ 16.504374] ? kmalloc_oob_left+0x361/0x3c0 [ 16.504404] ? kasan_complete_mode_report_info+0x64/0x200 [ 16.504434] ? kmalloc_oob_left+0x361/0x3c0 [ 16.504464] kasan_report+0x141/0x180 [ 16.504494] ? kmalloc_oob_left+0x361/0x3c0 [ 16.504602] __asan_report_load1_noabort+0x18/0x20 [ 16.504666] kmalloc_oob_left+0x361/0x3c0 [ 16.504701] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 16.504733] ? __schedule+0x10cc/0x2b60 [ 16.504767] ? __pfx_read_tsc+0x10/0x10 [ 16.504797] ? ktime_get_ts64+0x86/0x230 [ 16.504831] kunit_try_run_case+0x1a5/0x480 [ 16.504867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.504932] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.504969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.505002] ? __kthread_parkme+0x82/0x180 [ 16.505030] ? preempt_count_sub+0x50/0x80 [ 16.505061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.505096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.505169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.505207] kthread+0x337/0x6f0 [ 16.505235] ? trace_preempt_on+0x20/0xc0 [ 16.505269] ? __pfx_kthread+0x10/0x10 [ 16.505297] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.505329] ? calculate_sigpending+0x7b/0xa0 [ 16.505363] ? __pfx_kthread+0x10/0x10 [ 16.505392] ret_from_fork+0x116/0x1d0 [ 16.505417] ? __pfx_kthread+0x10/0x10 [ 16.505445] ret_from_fork_asm+0x1a/0x30 [ 16.505487] </TASK> [ 16.505500] [ 16.526945] Allocated by task 1: [ 16.527867] kasan_save_stack+0x45/0x70 [ 16.528357] kasan_save_track+0x18/0x40 [ 16.529051] kasan_save_alloc_info+0x3b/0x50 [ 16.529465] __kasan_kmalloc+0xb7/0xc0 [ 16.530250] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 16.530829] kvasprintf+0xc5/0x150 [ 16.531108] __kthread_create_on_node+0x18b/0x3a0 [ 16.531938] kthread_create_on_node+0xab/0xe0 [ 16.532425] cryptomgr_notify+0x704/0x9f0 [ 16.533088] notifier_call_chain+0xcb/0x250 [ 16.534077] blocking_notifier_call_chain+0x64/0x90 [ 16.534998] crypto_alg_mod_lookup+0x21f/0x440 [ 16.535642] crypto_alloc_tfm_node+0xc5/0x1f0 [ 16.536298] crypto_alloc_sig+0x23/0x30 [ 16.537097] public_key_verify_signature+0x208/0x9f0 [ 16.537526] x509_check_for_self_signed+0x2cb/0x480 [ 16.537934] x509_cert_parse+0x59c/0x830 [ 16.538936] x509_key_preparse+0x68/0x8a0 [ 16.539972] asymmetric_key_preparse+0xb1/0x160 [ 16.540334] __key_create_or_update+0x43d/0xcc0 [ 16.541172] key_create_or_update+0x17/0x20 [ 16.541652] x509_load_certificate_list+0x174/0x200 [ 16.542152] regulatory_init_db+0xee/0x3a0 [ 16.543039] do_one_initcall+0xd8/0x370 [ 16.543776] kernel_init_freeable+0x420/0x6f0 [ 16.544681] kernel_init+0x23/0x1e0 [ 16.545322] ret_from_fork+0x116/0x1d0 [ 16.545990] ret_from_fork_asm+0x1a/0x30 [ 16.546783] [ 16.547021] Freed by task 0: [ 16.547901] kasan_save_stack+0x45/0x70 [ 16.548467] kasan_save_track+0x18/0x40 [ 16.548914] kasan_save_free_info+0x3f/0x60 [ 16.549688] __kasan_slab_free+0x56/0x70 [ 16.550076] kfree+0x222/0x3f0 [ 16.551033] free_kthread_struct+0xeb/0x150 [ 16.551696] free_task+0xf3/0x130 [ 16.552091] __put_task_struct+0x1c8/0x480 [ 16.552535] delayed_put_task_struct+0x10a/0x150 [ 16.552965] rcu_core+0x66f/0x1c40 [ 16.553355] rcu_core_si+0x12/0x20 [ 16.553945] handle_softirqs+0x209/0x730 [ 16.554375] __irq_exit_rcu+0xc9/0x110 [ 16.554868] irq_exit_rcu+0x12/0x20 [ 16.555200] sysvec_apic_timer_interrupt+0x81/0x90 [ 16.555674] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 16.556348] [ 16.556593] The buggy address belongs to the object at ffff888101e49e20 [ 16.556593] which belongs to the cache kmalloc-16 of size 16 [ 16.557504] The buggy address is located 15 bytes to the right of [ 16.557504] allocated 16-byte region [ffff888101e49e20, ffff888101e49e30) [ 16.558523] [ 16.558716] The buggy address belongs to the physical page: [ 16.559449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e49 [ 16.560159] flags: 0x200000000000000(node=0|zone=2) [ 16.560552] page_type: f5(slab) [ 16.560919] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.562207] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.562896] page dumped because: kasan: bad access detected [ 16.563341] [ 16.563635] Memory state around the buggy address: [ 16.564116] ffff888101e49d00: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 16.564569] ffff888101e49d80: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 16.567006] >ffff888101e49e00: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 16.569983] ^ [ 16.571291] ffff888101e49e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.571689] ffff888101e49f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.572111] ==================================================================
[ 19.743117] ================================================================== [ 19.744175] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 19.744841] Read of size 1 at addr ffff00000251e77f by task kunit_try_catch/191 [ 19.745530] [ 19.745701] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc1 #1 PREEMPT [ 19.745759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.745776] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.745796] Call trace: [ 19.745809] show_stack+0x20/0x38 (C) [ 19.745851] dump_stack_lvl+0x8c/0xd0 [ 19.745894] print_report+0x118/0x608 [ 19.745935] kasan_report+0xdc/0x128 [ 19.745973] __asan_report_load1_noabort+0x20/0x30 [ 19.746018] kmalloc_oob_left+0x2ec/0x320 [ 19.746053] kunit_try_run_case+0x170/0x3f0 [ 19.746094] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.746139] kthread+0x328/0x630 [ 19.746171] ret_from_fork+0x10/0x20 [ 19.746210] [ 19.751809] Allocated by task 11: [ 19.752133] kasan_save_stack+0x3c/0x68 [ 19.752519] kasan_save_track+0x20/0x40 [ 19.752903] kasan_save_alloc_info+0x40/0x58 [ 19.753329] __kasan_kmalloc+0xd4/0xd8 [ 19.753704] __kmalloc_noprof+0x198/0x4c8 [ 19.754105] usb_hcd_submit_urb+0x444/0x1a58 [ 19.754534] usb_submit_urb+0x53c/0x1568 [ 19.754921] usb_start_wait_urb+0x120/0x3e8 [ 19.755330] usb_control_msg+0x2b4/0x3e0 [ 19.755716] hub_ext_port_status+0x114/0x580 [ 19.756138] hub_activate+0x2a4/0x1338 [ 19.756513] hub_resume+0xa8/0x380 [ 19.756858] usb_resume_interface.isra.0+0x1f8/0x348 [ 19.757342] usb_suspend_both+0x250/0x6f0 [ 19.757739] usb_runtime_suspend+0x3c/0xf8 [ 19.758145] __rpm_callback+0xa0/0x470 [ 19.758525] rpm_callback+0x168/0x1b0 [ 19.758894] rpm_suspend+0x1bc/0xcd8 [ 19.759255] __pm_runtime_suspend+0x5c/0x1e8 [ 19.759680] usb_runtime_idle+0x48/0x68 [ 19.760062] rpm_idle+0x13c/0x708 [ 19.760399] pm_runtime_work+0x110/0x170 [ 19.760793] process_one_work+0x530/0xf98 [ 19.761192] worker_thread+0x618/0xf38 [ 19.761563] kthread+0x328/0x630 [ 19.761887] ret_from_fork+0x10/0x20 [ 19.762245] [ 19.762403] Freed by task 11: [ 19.762695] kasan_save_stack+0x3c/0x68 [ 19.763080] kasan_save_track+0x20/0x40 [ 19.763465] kasan_save_free_info+0x4c/0x78 [ 19.763882] __kasan_slab_free+0x6c/0x98 [ 19.764273] kfree+0x214/0x3c8 [ 19.764585] usb_hcd_submit_urb+0x518/0x1a58 [ 19.765012] usb_submit_urb+0x53c/0x1568 [ 19.765397] usb_start_wait_urb+0x120/0x3e8 [ 19.765806] usb_control_msg+0x2b4/0x3e0 [ 19.766192] hub_ext_port_status+0x114/0x580 [ 19.766613] hub_activate+0x2a4/0x1338 [ 19.766988] hub_resume+0xa8/0x380 [ 19.767332] usb_resume_interface.isra.0+0x1f8/0x348 [ 19.767814] usb_suspend_both+0x250/0x6f0 [ 19.768210] usb_runtime_suspend+0x3c/0xf8 [ 19.768615] __rpm_callback+0xa0/0x470 [ 19.768992] rpm_callback+0x168/0x1b0 [ 19.769361] rpm_suspend+0x1bc/0xcd8 [ 19.769722] __pm_runtime_suspend+0x5c/0x1e8 [ 19.770145] usb_runtime_idle+0x48/0x68 [ 19.770526] rpm_idle+0x13c/0x708 [ 19.770864] pm_runtime_work+0x110/0x170 [ 19.771256] process_one_work+0x530/0xf98 [ 19.771654] worker_thread+0x618/0xf38 [ 19.772028] kthread+0x328/0x630 [ 19.772351] ret_from_fork+0x10/0x20 [ 19.772709] [ 19.772869] The buggy address belongs to the object at ffff00000251e760 [ 19.772869] which belongs to the cache kmalloc-16 of size 16 [ 19.773996] The buggy address is located 15 bytes to the right of [ 19.773996] allocated 16-byte region [ffff00000251e760, ffff00000251e770) [ 19.775180] [ 19.775339] The buggy address belongs to the physical page: [ 19.775860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x251e [ 19.776595] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.777215] page_type: f5(slab) [ 19.777537] raw: 03fffe0000000000 ffff000000402640 dead000000000122 0000000000000000 [ 19.778262] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.778977] page dumped because: kasan: bad access detected [ 19.779497] [ 19.779654] Memory state around the buggy address: [ 19.780108] ffff00000251e600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.780782] ffff00000251e680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.781455] >ffff00000251e700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.782125] ^ [ 19.782789] ffff00000251e780: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.783462] ffff00000251e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.784132] ==================================================================