Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 |
[ 39.514605] ================================================================== [ 39.526080] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 39.533485] Write of size 16 at addr ffff00009462c969 by task kunit_try_catch/264 [ 39.541061] [ 39.542591] CPU: 7 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 39.542621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.542629] Hardware name: Thundercomm Dragonboard 845c (DT) [ 39.542642] Call trace: [ 39.542649] show_stack+0x20/0x38 (C) [ 39.542667] dump_stack_lvl+0x8c/0xd0 [ 39.542684] print_report+0x118/0x608 [ 39.542702] kasan_report+0xdc/0x128 [ 39.542720] kasan_check_range+0x100/0x1a8 [ 39.542739] __asan_memset+0x34/0x78 [ 39.542753] kmalloc_oob_memset_16+0x150/0x2f8 [ 39.542771] kunit_try_run_case+0x170/0x3f0 [ 39.542789] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.542808] kthread+0x328/0x630 [ 39.542821] ret_from_fork+0x10/0x20 [ 39.542838] [ 39.611692] Allocated by task 264: [ 39.615148] kasan_save_stack+0x3c/0x68 [ 39.619053] kasan_save_track+0x20/0x40 [ 39.622955] kasan_save_alloc_info+0x40/0x58 [ 39.627286] __kasan_kmalloc+0xd4/0xd8 [ 39.631101] __kmalloc_cache_noprof+0x16c/0x3c0 [ 39.635702] kmalloc_oob_memset_16+0xb0/0x2f8 [ 39.640123] kunit_try_run_case+0x170/0x3f0 [ 39.644371] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.649935] kthread+0x328/0x630 [ 39.653214] ret_from_fork+0x10/0x20 [ 39.656844] [ 39.658366] The buggy address belongs to the object at ffff00009462c900 [ 39.658366] which belongs to the cache kmalloc-128 of size 128 [ 39.671017] The buggy address is located 105 bytes inside of [ 39.671017] allocated 120-byte region [ffff00009462c900, ffff00009462c978) [ 39.683761] [ 39.685285] The buggy address belongs to the physical page: [ 39.690929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11462c [ 39.699027] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 39.706777] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 39.713831] page_type: f5(slab) [ 39.717028] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 39.724866] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 39.732703] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 39.740626] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 39.748550] head: 0bfffe0000000001 fffffdffc2518b01 00000000ffffffff 00000000ffffffff [ 39.756473] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 39.764392] page dumped because: kasan: bad access detected [ 39.770033] [ 39.771562] Memory state around the buggy address: [ 39.776422] ffff00009462c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.783735] ffff00009462c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.791039] >ffff00009462c900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.798350] ^ [ 39.805574] ffff00009462c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.812887] ffff00009462ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.820199] ==================================================================
[ 26.900485] ================================================================== [ 26.900540] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 26.900588] Write of size 16 at addr fff00000c643f869 by task kunit_try_catch/190 [ 26.900636] [ 26.900663] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 26.900746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.901208] Hardware name: linux,dummy-virt (DT) [ 26.901253] Call trace: [ 26.901274] show_stack+0x20/0x38 (C) [ 26.901322] dump_stack_lvl+0x8c/0xd0 [ 26.901367] print_report+0x118/0x608 [ 26.901411] kasan_report+0xdc/0x128 [ 26.901455] kasan_check_range+0x100/0x1a8 [ 26.901501] __asan_memset+0x34/0x78 [ 26.901542] kmalloc_oob_memset_16+0x150/0x2f8 [ 26.901587] kunit_try_run_case+0x170/0x3f0 [ 26.901632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.901682] kthread+0x328/0x630 [ 26.901723] ret_from_fork+0x10/0x20 [ 26.901768] [ 26.901812] Allocated by task 190: [ 26.901839] kasan_save_stack+0x3c/0x68 [ 26.901878] kasan_save_track+0x20/0x40 [ 26.901914] kasan_save_alloc_info+0x40/0x58 [ 26.901949] __kasan_kmalloc+0xd4/0xd8 [ 26.901984] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.902022] kmalloc_oob_memset_16+0xb0/0x2f8 [ 26.902068] kunit_try_run_case+0x170/0x3f0 [ 26.902104] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.902146] kthread+0x328/0x630 [ 26.902183] ret_from_fork+0x10/0x20 [ 26.902218] [ 26.902235] The buggy address belongs to the object at fff00000c643f800 [ 26.902235] which belongs to the cache kmalloc-128 of size 128 [ 26.902369] The buggy address is located 105 bytes inside of [ 26.902369] allocated 120-byte region [fff00000c643f800, fff00000c643f878) [ 26.902525] [ 26.902662] The buggy address belongs to the physical page: [ 26.902691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10643f [ 26.902739] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.902783] page_type: f5(slab) [ 26.902819] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122 [ 26.902866] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.902903] page dumped because: kasan: bad access detected [ 26.902941] [ 26.902958] Memory state around the buggy address: [ 26.902986] fff00000c643f700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.903032] fff00000c643f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.903082] >fff00000c643f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.903117] ^ [ 26.903156] fff00000c643f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.903246] fff00000c643f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.903368] ==================================================================