Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 51.566397] ================================================================== [ 51.579107] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 51.586785] Read of size 1 at addr ffffb46a770e964d by task kunit_try_catch/354 [ 51.594197] [ 51.595740] CPU: 3 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 51.595771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.595780] Hardware name: Thundercomm Dragonboard 845c (DT) [ 51.595792] Call trace: [ 51.595800] show_stack+0x20/0x38 (C) [ 51.595819] dump_stack_lvl+0x8c/0xd0 [ 51.595840] print_report+0x310/0x608 [ 51.595860] kasan_report+0xdc/0x128 [ 51.595879] __asan_report_load1_noabort+0x20/0x30 [ 51.595898] kasan_global_oob_right+0x230/0x270 [ 51.595915] kunit_try_run_case+0x170/0x3f0 [ 51.595935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 51.595958] kthread+0x328/0x630 [ 51.595974] ret_from_fork+0x10/0x20 [ 51.595993] [ 51.662045] The buggy address belongs to the variable: [ 51.667263] global_array+0xd/0x40 [ 51.670738] [ 51.672290] The buggy address belongs to the virtual mapping at [ 51.672290] [ffffb46a75270000, ffffb46a771a1000) created by: [ 51.672290] paging_init+0x66c/0x7d0 [ 51.687690] [ 51.689225] The buggy address belongs to the physical page: [ 51.694875] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa7ae9 [ 51.702892] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 51.710314] raw: 03fffe0000002000 fffffdffc09eba48 fffffdffc09eba48 0000000000000000 [ 51.718161] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 51.726003] page dumped because: kasan: bad access detected [ 51.731651] [ 51.733179] Memory state around the buggy address: [ 51.738042] ffffb46a770e9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.745368] ffffb46a770e9580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.752693] >ffffb46a770e9600: 02 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 51.760017] ^ [ 51.765672] ffffb46a770e9680: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 51.772996] ffffb46a770e9700: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 51.780319] ==================================================================
[ 33.203290] ================================================================== [ 33.203573] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 33.203773] Read of size 1 at addr ffffa6527c0e964d by task kunit_try_catch/277 [ 33.204025] [ 33.204072] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.204327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.204398] Hardware name: linux,dummy-virt (DT) [ 33.204572] Call trace: [ 33.204695] show_stack+0x20/0x38 (C) [ 33.204754] dump_stack_lvl+0x8c/0xd0 [ 33.204809] print_report+0x310/0x608 [ 33.204875] kasan_report+0xdc/0x128 [ 33.204923] __asan_report_load1_noabort+0x20/0x30 [ 33.205189] kasan_global_oob_right+0x230/0x270 [ 33.205259] kunit_try_run_case+0x170/0x3f0 [ 33.205315] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.205421] kthread+0x328/0x630 [ 33.205504] ret_from_fork+0x10/0x20 [ 33.205686] [ 33.205848] The buggy address belongs to the variable: [ 33.205884] global_array+0xd/0x40 [ 33.205939] [ 33.206054] The buggy address belongs to the virtual mapping at [ 33.206054] [ffffa6527a270000, ffffa6527c1a1000) created by: [ 33.206054] paging_init+0x66c/0x7d0 [ 33.206250] [ 33.206796] The buggy address belongs to the physical page: [ 33.206869] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47ce9 [ 33.206932] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 33.207012] raw: 03fffe0000002000 ffffc1ffc01f3a48 ffffc1ffc01f3a48 0000000000000000 [ 33.207066] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.207311] page dumped because: kasan: bad access detected [ 33.207347] [ 33.207447] Memory state around the buggy address: [ 33.207486] ffffa6527c0e9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.207532] ffffa6527c0e9580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.207578] >ffffa6527c0e9600: 02 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 33.207751] ^ [ 33.207817] ffffa6527c0e9680: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 33.207893] ffffa6527c0e9700: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 33.207946] ==================================================================
[ 24.952389] ================================================================== [ 24.952940] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 24.953275] Read of size 1 at addr ffffffffb9caaecd by task kunit_try_catch/294 [ 24.953610] [ 24.953745] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.953816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.953829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.953859] Call Trace: [ 24.953873] <TASK> [ 24.953890] dump_stack_lvl+0x73/0xb0 [ 24.953920] print_report+0xd1/0x650 [ 24.953942] ? __virt_addr_valid+0x1db/0x2d0 [ 24.953967] ? kasan_global_oob_right+0x286/0x2d0 [ 24.953993] ? kasan_addr_to_slab+0x11/0xa0 [ 24.954018] ? kasan_global_oob_right+0x286/0x2d0 [ 24.954043] kasan_report+0x141/0x180 [ 24.954078] ? kasan_global_oob_right+0x286/0x2d0 [ 24.954110] __asan_report_load1_noabort+0x18/0x20 [ 24.954145] kasan_global_oob_right+0x286/0x2d0 [ 24.954171] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 24.954214] ? __schedule+0x10cc/0x2b60 [ 24.954241] ? __pfx_read_tsc+0x10/0x10 [ 24.954264] ? ktime_get_ts64+0x86/0x230 [ 24.954299] kunit_try_run_case+0x1a5/0x480 [ 24.954327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.954350] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.954383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.954410] ? __kthread_parkme+0x82/0x180 [ 24.954431] ? preempt_count_sub+0x50/0x80 [ 24.954463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.954488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.954512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.954535] kthread+0x337/0x6f0 [ 24.954555] ? trace_preempt_on+0x20/0xc0 [ 24.954579] ? __pfx_kthread+0x10/0x10 [ 24.954600] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.954623] ? calculate_sigpending+0x7b/0xa0 [ 24.954657] ? __pfx_kthread+0x10/0x10 [ 24.954678] ret_from_fork+0x116/0x1d0 [ 24.954698] ? __pfx_kthread+0x10/0x10 [ 24.954729] ret_from_fork_asm+0x1a/0x30 [ 24.954761] </TASK> [ 24.954772] [ 24.961450] The buggy address belongs to the variable: [ 24.961712] global_array+0xd/0x40 [ 24.961912] [ 24.962016] The buggy address belongs to the physical page: [ 24.962263] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78aaa [ 24.962509] flags: 0x100000000002000(reserved|node=0|zone=1) [ 24.962803] raw: 0100000000002000 ffffea0001e2aa88 ffffea0001e2aa88 0000000000000000 [ 24.963132] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.963398] page dumped because: kasan: bad access detected [ 24.963843] [ 24.963915] Memory state around the buggy address: [ 24.964063] ffffffffb9caad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.964512] ffffffffb9caae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.964830] >ffffffffb9caae80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 24.965092] ^ [ 24.965451] ffffffffb9caaf00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 24.965723] ffffffffb9caaf80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 24.966017] ==================================================================