Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.307632] ================================================================== [ 29.318756] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 29.325727] Read of size 1 at addr ffff000080a5511f by task kunit_try_catch/236 [ 29.333137] [ 29.334674] CPU: 2 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 29.334706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.334715] Hardware name: Thundercomm Dragonboard 845c (DT) [ 29.334728] Call trace: [ 29.334735] show_stack+0x20/0x38 (C) [ 29.334754] dump_stack_lvl+0x8c/0xd0 [ 29.334775] print_report+0x118/0x608 [ 29.334796] kasan_report+0xdc/0x128 [ 29.334814] __asan_report_load1_noabort+0x20/0x30 [ 29.334831] kmalloc_oob_left+0x2ec/0x320 [ 29.334849] kunit_try_run_case+0x170/0x3f0 [ 29.334869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.334890] kthread+0x328/0x630 [ 29.334905] ret_from_fork+0x10/0x20 [ 29.334922] [ 29.400476] Allocated by task 67: [ 29.403850] kasan_save_stack+0x3c/0x68 [ 29.407760] kasan_save_track+0x20/0x40 [ 29.411670] kasan_save_alloc_info+0x40/0x58 [ 29.416005] __kasan_kmalloc+0xd4/0xd8 [ 29.419826] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 29.425484] kvasprintf+0xe0/0x180 [ 29.428951] kasprintf+0xd0/0x110 [ 29.432327] pinctrl_dt_to_map+0x118/0x778 [ 29.436499] create_pinctrl+0x120/0xb60 [ 29.440408] pinctrl_get+0xf4/0x1d0 [ 29.443957] devm_pinctrl_get+0x54/0xc8 [ 29.447865] pinctrl_bind_pins+0xa4/0x6e0 [ 29.451951] really_probe+0x94/0x7f0 [ 29.455590] __driver_probe_device+0x164/0x378 [ 29.460110] driver_probe_device+0x64/0x180 [ 29.464360] __device_attach_driver+0x174/0x280 [ 29.468969] bus_for_each_drv+0x118/0x1b0 [ 29.473054] __device_attach+0x174/0x378 [ 29.477047] device_initial_probe+0x1c/0x30 [ 29.481297] bus_probe_device+0x12c/0x170 [ 29.485381] deferred_probe_work_func+0x140/0x208 [ 29.490161] process_one_work+0x530/0xf98 [ 29.494245] worker_thread+0x618/0xf38 [ 29.498064] kthread+0x328/0x630 [ 29.501354] ret_from_fork+0x10/0x20 [ 29.504991] [ 29.506521] Freed by task 67: [ 29.509547] kasan_save_stack+0x3c/0x68 [ 29.513455] kasan_save_track+0x20/0x40 [ 29.517365] kasan_save_free_info+0x4c/0x78 [ 29.521615] __kasan_slab_free+0x6c/0x98 [ 29.525612] kfree+0x214/0x3c8 [ 29.528729] pinctrl_dt_to_map+0x144/0x778 [ 29.532898] create_pinctrl+0x120/0xb60 [ 29.536805] pinctrl_get+0xf4/0x1d0 [ 29.540356] devm_pinctrl_get+0x54/0xc8 [ 29.544262] pinctrl_bind_pins+0xa4/0x6e0 [ 29.548346] really_probe+0x94/0x7f0 [ 29.551982] __driver_probe_device+0x164/0x378 [ 29.556501] driver_probe_device+0x64/0x180 [ 29.560752] __device_attach_driver+0x174/0x280 [ 29.565361] bus_for_each_drv+0x118/0x1b0 [ 29.569444] __device_attach+0x174/0x378 [ 29.573439] device_initial_probe+0x1c/0x30 [ 29.577690] bus_probe_device+0x12c/0x170 [ 29.581772] deferred_probe_work_func+0x140/0x208 [ 29.586553] process_one_work+0x530/0xf98 [ 29.590633] worker_thread+0x618/0xf38 [ 29.594451] kthread+0x328/0x630 [ 29.597741] ret_from_fork+0x10/0x20 [ 29.601378] [ 29.602908] The buggy address belongs to the object at ffff000080a55100 [ 29.602908] which belongs to the cache kmalloc-16 of size 16 [ 29.615393] The buggy address is located 15 bytes to the right of [ 29.615393] allocated 16-byte region [ffff000080a55100, ffff000080a55110) [ 29.628495] [ 29.630026] The buggy address belongs to the physical page: [ 29.635670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a55 [ 29.643780] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.650396] page_type: f5(slab) [ 29.653600] raw: 0bfffe0000000000 ffff000080002640 dead000000000122 0000000000000000 [ 29.661451] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.669290] page dumped because: kasan: bad access detected [ 29.674938] [ 29.676472] Memory state around the buggy address: [ 29.681333] ffff000080a55000: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 29.688654] ffff000080a55080: 00 06 fc fc 00 05 fc fc 00 05 fc fc 00 05 fc fc [ 29.695976] >ffff000080a55100: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 29.703288] ^ [ 29.707363] ffff000080a55180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.714679] ffff000080a55200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.721998] ==================================================================
[ 32.332985] ================================================================== [ 32.333106] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 32.333220] Read of size 1 at addr fff00000c575725f by task kunit_try_catch/149 [ 32.333331] [ 32.333405] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 32.333595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.333659] Hardware name: linux,dummy-virt (DT) [ 32.333729] Call trace: [ 32.333777] show_stack+0x20/0x38 (C) [ 32.334179] dump_stack_lvl+0x8c/0xd0 [ 32.334372] print_report+0x118/0x608 [ 32.334942] kasan_report+0xdc/0x128 [ 32.335080] __asan_report_load1_noabort+0x20/0x30 [ 32.335263] kmalloc_oob_left+0x2ec/0x320 [ 32.335394] kunit_try_run_case+0x170/0x3f0 [ 32.335590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.336513] kthread+0x328/0x630 [ 32.336651] ret_from_fork+0x10/0x20 [ 32.336925] [ 32.336980] Allocated by task 11: [ 32.337056] kasan_save_stack+0x3c/0x68 [ 32.337295] kasan_save_track+0x20/0x40 [ 32.337389] kasan_save_alloc_info+0x40/0x58 [ 32.337478] __kasan_kmalloc+0xd4/0xd8 [ 32.337603] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 32.337908] kvasprintf+0xe0/0x180 [ 32.338297] __kthread_create_on_node+0x16c/0x350 [ 32.338456] kthread_create_on_node+0xe4/0x130 [ 32.338570] create_worker+0x380/0x6b8 [ 32.338674] worker_thread+0x808/0xf38 [ 32.338774] kthread+0x328/0x630 [ 32.338864] ret_from_fork+0x10/0x20 [ 32.338995] [ 32.339096] The buggy address belongs to the object at fff00000c5757240 [ 32.339096] which belongs to the cache kmalloc-16 of size 16 [ 32.339272] The buggy address is located 19 bytes to the right of [ 32.339272] allocated 12-byte region [fff00000c5757240, fff00000c575724c) [ 32.339497] [ 32.339550] The buggy address belongs to the physical page: [ 32.339686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105757 [ 32.339812] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.339954] page_type: f5(slab) [ 32.340050] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 32.340261] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 32.340514] page dumped because: kasan: bad access detected [ 32.340694] [ 32.340767] Memory state around the buggy address: [ 32.340843] fff00000c5757100: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 32.340983] fff00000c5757180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.341135] >fff00000c5757200: fa fb fc fc fa fb fc fc 00 04 fc fc 00 07 fc fc [ 32.341263] ^ [ 32.341368] fff00000c5757280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.341483] fff00000c5757300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.341582] ==================================================================
[ 27.872357] ================================================================== [ 27.873247] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 27.874293] Read of size 1 at addr ffff8881022bd67f by task kunit_try_catch/168 [ 27.875030] [ 27.875320] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 27.875442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.875474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.875521] Call Trace: [ 27.875569] <TASK> [ 27.875607] dump_stack_lvl+0x73/0xb0 [ 27.875788] print_report+0xd1/0x650 [ 27.875869] ? __virt_addr_valid+0x1db/0x2d0 [ 27.875933] ? kmalloc_oob_left+0x361/0x3c0 [ 27.875988] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.876084] ? kmalloc_oob_left+0x361/0x3c0 [ 27.876145] kasan_report+0x141/0x180 [ 27.876206] ? kmalloc_oob_left+0x361/0x3c0 [ 27.876273] __asan_report_load1_noabort+0x18/0x20 [ 27.876336] kmalloc_oob_left+0x361/0x3c0 [ 27.876389] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 27.876442] ? __schedule+0x10cc/0x2b60 [ 27.876510] ? __pfx_read_tsc+0x10/0x10 [ 27.876590] ? ktime_get_ts64+0x86/0x230 [ 27.876699] kunit_try_run_case+0x1a5/0x480 [ 27.876848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.876910] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.876974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.877038] ? __kthread_parkme+0x82/0x180 [ 27.877111] ? preempt_count_sub+0x50/0x80 [ 27.877177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.877244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.877310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.877402] kthread+0x337/0x6f0 [ 27.877465] ? trace_preempt_on+0x20/0xc0 [ 27.877511] ? __pfx_kthread+0x10/0x10 [ 27.877561] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.877595] ? calculate_sigpending+0x7b/0xa0 [ 27.877627] ? __pfx_kthread+0x10/0x10 [ 27.877679] ret_from_fork+0x116/0x1d0 [ 27.877707] ? __pfx_kthread+0x10/0x10 [ 27.877734] ret_from_fork_asm+0x1a/0x30 [ 27.877776] </TASK> [ 27.877791] [ 27.894489] Allocated by task 21: [ 27.894820] kasan_save_stack+0x45/0x70 [ 27.895480] kasan_save_track+0x18/0x40 [ 27.896187] kasan_save_alloc_info+0x3b/0x50 [ 27.896796] __kasan_kmalloc+0xb7/0xc0 [ 27.897308] __kmalloc_cache_node_noprof+0x188/0x420 [ 27.897778] build_sched_domains+0x38c/0x5dd0 [ 27.898411] partition_sched_domains+0x471/0x9c0 [ 27.898825] rebuild_sched_domains_locked+0x97d/0xd50 [ 27.899611] cpuset_update_active_cpus+0x80f/0x1a90 [ 27.900269] sched_cpu_activate+0x2bf/0x330 [ 27.900685] cpuhp_invoke_callback+0x2a1/0xf00 [ 27.901188] cpuhp_thread_fun+0x2ce/0x5c0 [ 27.901572] smpboot_thread_fn+0x2bc/0x730 [ 27.902110] kthread+0x337/0x6f0 [ 27.902556] ret_from_fork+0x116/0x1d0 [ 27.903006] ret_from_fork_asm+0x1a/0x30 [ 27.903662] [ 27.904209] Freed by task 21: [ 27.904475] kasan_save_stack+0x45/0x70 [ 27.904886] kasan_save_track+0x18/0x40 [ 27.905341] kasan_save_free_info+0x3f/0x60 [ 27.905849] __kasan_slab_free+0x56/0x70 [ 27.906738] kfree+0x222/0x3f0 [ 27.907399] build_sched_domains+0x1fff/0x5dd0 [ 27.907787] partition_sched_domains+0x471/0x9c0 [ 27.908332] rebuild_sched_domains_locked+0x97d/0xd50 [ 27.908659] cpuset_update_active_cpus+0x80f/0x1a90 [ 27.909233] sched_cpu_activate+0x2bf/0x330 [ 27.909639] cpuhp_invoke_callback+0x2a1/0xf00 [ 27.910305] cpuhp_thread_fun+0x2ce/0x5c0 [ 27.910702] smpboot_thread_fn+0x2bc/0x730 [ 27.911323] kthread+0x337/0x6f0 [ 27.911877] ret_from_fork+0x116/0x1d0 [ 27.912138] ret_from_fork_asm+0x1a/0x30 [ 27.912709] [ 27.912941] The buggy address belongs to the object at ffff8881022bd660 [ 27.912941] which belongs to the cache kmalloc-16 of size 16 [ 27.913872] The buggy address is located 15 bytes to the right of [ 27.913872] allocated 16-byte region [ffff8881022bd660, ffff8881022bd670) [ 27.914819] [ 27.915083] The buggy address belongs to the physical page: [ 27.915976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022bd [ 27.916838] flags: 0x200000000000000(node=0|zone=2) [ 27.917390] page_type: f5(slab) [ 27.917761] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.918474] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.919267] page dumped because: kasan: bad access detected [ 27.919767] [ 27.919955] Memory state around the buggy address: [ 27.920309] ffff8881022bd500: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 27.920725] ffff8881022bd580: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 27.921309] >ffff8881022bd600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.922523] ^ [ 27.923228] ffff8881022bd680: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.923791] ffff8881022bd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.924222] ==================================================================