Hay
Sign in
Date
June 24, 2025, 11:37 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64 

[   30.838558] ==================================================================
[   30.850029] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   30.857613] Write of size 1 at addr ffff00009561200a by task kunit_try_catch/244
[   30.865104] 
[   30.866634] CPU: 4 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   30.866664] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.866672] Hardware name: Thundercomm Dragonboard 845c (DT)
[   30.866683] Call trace:
[   30.866688]  show_stack+0x20/0x38 (C)
[   30.866706]  dump_stack_lvl+0x8c/0xd0
[   30.866725]  print_report+0x118/0x608
[   30.866744]  kasan_report+0xdc/0x128
[   30.866762]  __asan_report_store1_noabort+0x20/0x30
[   30.866779]  kmalloc_large_oob_right+0x278/0x2b8
[   30.866797]  kunit_try_run_case+0x170/0x3f0
[   30.866814]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.866833]  kthread+0x328/0x630
[   30.866846]  ret_from_fork+0x10/0x20
[   30.866863] 
[   30.933050] The buggy address belongs to the physical page:
[   30.938693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115610
[   30.946794] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.954556] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.961607] page_type: f8(unknown)
[   30.965068] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.972908] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.980746] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.988669] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.996591] head: 0bfffe0000000002 fffffdffc2558401 00000000ffffffff 00000000ffffffff
[   31.004514] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.012434] page dumped because: kasan: bad access detected
[   31.018075] 
[   31.019605] Memory state around the buggy address:
[   31.024458]  ffff000095611f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.031771]  ffff000095611f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.039076] >ffff000095612000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.046387]                       ^
[   31.049926]  ffff000095612080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.057240]  ffff000095612100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.064550] ==================================================================
Metadata Full log Test run details 

[   32.458698] ==================================================================
[   32.458974] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   32.459166] Write of size 1 at addr fff00000c773e00a by task kunit_try_catch/157
[   32.459294] 
[   32.459389] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.459707] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.459851] Hardware name: linux,dummy-virt (DT)
[   32.459953] Call trace:
[   32.460012]  show_stack+0x20/0x38 (C)
[   32.460151]  dump_stack_lvl+0x8c/0xd0
[   32.460368]  print_report+0x118/0x608
[   32.460544]  kasan_report+0xdc/0x128
[   32.460749]  __asan_report_store1_noabort+0x20/0x30
[   32.460930]  kmalloc_large_oob_right+0x278/0x2b8
[   32.461102]  kunit_try_run_case+0x170/0x3f0
[   32.461176]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.461242]  kthread+0x328/0x630
[   32.461296]  ret_from_fork+0x10/0x20
[   32.461354] 
[   32.461398] The buggy address belongs to the physical page:
[   32.461442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10773c
[   32.461504] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.461560] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.461632] page_type: f8(unknown)
[   32.461686] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.461744] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.461801] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.461856] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.461965] head: 0bfffe0000000002 ffffc1ffc31dcf01 00000000ffffffff 00000000ffffffff
[   32.462208] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.462327] page dumped because: kasan: bad access detected
[   32.462528] 
[   32.462608] Memory state around the buggy address:
[   32.462749]  fff00000c773df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.462944]  fff00000c773df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.463444] >fff00000c773e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.463562]                       ^
[   32.463708]  fff00000c773e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.463979]  fff00000c773e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.464076] ==================================================================
Metadata Full log Test run details 

[   28.106788] ==================================================================
[   28.107739] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330
[   28.108661] Write of size 1 at addr ffff888102d6200a by task kunit_try_catch/176
[   28.109196] 
[   28.109382] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.109491] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.109521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.109583] Call Trace:
[   28.109612]  <TASK>
[   28.109648]  dump_stack_lvl+0x73/0xb0
[   28.109726]  print_report+0xd1/0x650
[   28.109783]  ? __virt_addr_valid+0x1db/0x2d0
[   28.109846]  ? kmalloc_large_oob_right+0x2e9/0x330
[   28.109942]  ? kasan_addr_to_slab+0x11/0xa0
[   28.110022]  ? kmalloc_large_oob_right+0x2e9/0x330
[   28.110081]  kasan_report+0x141/0x180
[   28.110142]  ? kmalloc_large_oob_right+0x2e9/0x330
[   28.110210]  __asan_report_store1_noabort+0x1b/0x30
[   28.110277]  kmalloc_large_oob_right+0x2e9/0x330
[   28.110339]  ? __pfx_kmalloc_large_oob_right+0x10/0x10
[   28.110400]  ? __schedule+0x10cc/0x2b60
[   28.110469]  ? __pfx_read_tsc+0x10/0x10
[   28.110529]  ? ktime_get_ts64+0x86/0x230
[   28.110612]  kunit_try_run_case+0x1a5/0x480
[   28.110678]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.110732]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.110771]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.110804]  ? __kthread_parkme+0x82/0x180
[   28.110832]  ? preempt_count_sub+0x50/0x80
[   28.110864]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.110895]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.110926]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.110957]  kthread+0x337/0x6f0
[   28.110982]  ? trace_preempt_on+0x20/0xc0
[   28.111013]  ? __pfx_kthread+0x10/0x10
[   28.111039]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.111111]  ? calculate_sigpending+0x7b/0xa0
[   28.111173]  ? __pfx_kthread+0x10/0x10
[   28.111219]  ret_from_fork+0x116/0x1d0
[   28.111262]  ? __pfx_kthread+0x10/0x10
[   28.111307]  ret_from_fork_asm+0x1a/0x30
[   28.111376]  </TASK>
[   28.111400] 
[   28.126733] The buggy address belongs to the physical page:
[   28.127349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d60
[   28.127955] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.128956] flags: 0x200000000000040(head|node=0|zone=2)
[   28.129500] page_type: f8(unknown)
[   28.129879] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.130519] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.131289] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.131945] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.132615] head: 0200000000000002 ffffea00040b5801 00000000ffffffff 00000000ffffffff
[   28.133306] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.133876] page dumped because: kasan: bad access detected
[   28.134732] 
[   28.134902] Memory state around the buggy address:
[   28.135446]  ffff888102d61f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.136043]  ffff888102d61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.137120] >ffff888102d62000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.137810]                       ^
[   28.138158]  ffff888102d62080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.138501]  ffff888102d62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.139135] ==================================================================
Metadata Full log Test run details