Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.710092] ================================================================== [ 32.722367] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 32.729781] Write of size 1 at addr ffff000086f55f00 by task kunit_try_catch/253 [ 32.737278] [ 32.738813] CPU: 2 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 32.738841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.738849] Hardware name: Thundercomm Dragonboard 845c (DT) [ 32.738859] Call trace: [ 32.738865] show_stack+0x20/0x38 (C) [ 32.738883] dump_stack_lvl+0x8c/0xd0 [ 32.738904] print_report+0x118/0x608 [ 32.738924] kasan_report+0xdc/0x128 [ 32.738944] __asan_report_store1_noabort+0x20/0x30 [ 32.738961] kmalloc_big_oob_right+0x2a4/0x2f0 [ 32.738979] kunit_try_run_case+0x170/0x3f0 [ 32.738997] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.739018] kthread+0x328/0x630 [ 32.739033] ret_from_fork+0x10/0x20 [ 32.739050] [ 32.805122] Allocated by task 253: [ 32.808579] kasan_save_stack+0x3c/0x68 [ 32.812487] kasan_save_track+0x20/0x40 [ 32.816396] kasan_save_alloc_info+0x40/0x58 [ 32.820733] __kasan_kmalloc+0xd4/0xd8 [ 32.824554] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.829165] kmalloc_big_oob_right+0xb8/0x2f0 [ 32.833600] kunit_try_run_case+0x170/0x3f0 [ 32.837854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.843425] kthread+0x328/0x630 [ 32.846717] ret_from_fork+0x10/0x20 [ 32.850354] [ 32.851890] The buggy address belongs to the object at ffff000086f54000 [ 32.851890] which belongs to the cache kmalloc-8k of size 8192 [ 32.864549] The buggy address is located 0 bytes to the right of [ 32.864549] allocated 7936-byte region [ffff000086f54000, ffff000086f55f00) [ 32.877742] [ 32.879272] The buggy address belongs to the physical page: [ 32.884928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f50 [ 32.893040] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.900794] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 32.907848] page_type: f5(slab) [ 32.911055] raw: 0bfffe0000000040 ffff000080003180 dead000000000122 0000000000000000 [ 32.918898] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 32.926741] head: 0bfffe0000000040 ffff000080003180 dead000000000122 0000000000000000 [ 32.934669] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 32.942608] head: 0bfffe0000000003 fffffdffc21bd401 00000000ffffffff 00000000ffffffff [ 32.950537] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 32.958472] page dumped because: kasan: bad access detected [ 32.964125] [ 32.965655] Memory state around the buggy address: [ 32.970516] ffff000086f55e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.977838] ffff000086f55e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.985160] >ffff000086f55f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.992479] ^ [ 32.995768] ffff000086f55f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.003082] ffff000086f56000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.010404] ==================================================================
[ 30.740130] ================================================================== [ 30.740192] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 30.740248] Write of size 1 at addr fff00000c65bdf00 by task kunit_try_catch/176 [ 30.740718] [ 30.740771] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 30.741163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.741240] Hardware name: linux,dummy-virt (DT) [ 30.741284] Call trace: [ 30.741309] show_stack+0x20/0x38 (C) [ 30.741379] dump_stack_lvl+0x8c/0xd0 [ 30.741465] print_report+0x118/0x608 [ 30.741524] kasan_report+0xdc/0x128 [ 30.741569] __asan_report_store1_noabort+0x20/0x30 [ 30.741617] kmalloc_big_oob_right+0x2a4/0x2f0 [ 30.741673] kunit_try_run_case+0x170/0x3f0 [ 30.741730] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.741792] kthread+0x328/0x630 [ 30.741843] ret_from_fork+0x10/0x20 [ 30.741890] [ 30.741918] Allocated by task 176: [ 30.741945] kasan_save_stack+0x3c/0x68 [ 30.742011] kasan_save_track+0x20/0x40 [ 30.742051] kasan_save_alloc_info+0x40/0x58 [ 30.742104] __kasan_kmalloc+0xd4/0xd8 [ 30.742141] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.742192] kmalloc_big_oob_right+0xb8/0x2f0 [ 30.742246] kunit_try_run_case+0x170/0x3f0 [ 30.742290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.742347] kthread+0x328/0x630 [ 30.742390] ret_from_fork+0x10/0x20 [ 30.742427] [ 30.742456] The buggy address belongs to the object at fff00000c65bc000 [ 30.742456] which belongs to the cache kmalloc-8k of size 8192 [ 30.742513] The buggy address is located 0 bytes to the right of [ 30.742513] allocated 7936-byte region [fff00000c65bc000, fff00000c65bdf00) [ 30.742575] [ 30.742595] The buggy address belongs to the physical page: [ 30.742637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b8 [ 30.742688] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 30.742741] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 30.742793] page_type: f5(slab) [ 30.742831] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 30.743349] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 30.743474] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 30.744435] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 30.744551] head: 0bfffe0000000003 ffffc1ffc3196e01 00000000ffffffff 00000000ffffffff [ 30.744632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 30.744674] page dumped because: kasan: bad access detected [ 30.744708] [ 30.744727] Memory state around the buggy address: [ 30.745194] fff00000c65bde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.745259] fff00000c65bde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.745574] >fff00000c65bdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.745705] ^ [ 30.745743] fff00000c65bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.745791] fff00000c65be000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.746197] ==================================================================
[ 22.613261] ================================================================== [ 22.614354] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 22.614657] Write of size 1 at addr ffff888102aadf00 by task kunit_try_catch/193 [ 22.614878] [ 22.614960] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.615008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.615021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.615043] Call Trace: [ 22.615056] <TASK> [ 22.615073] dump_stack_lvl+0x73/0xb0 [ 22.615100] print_report+0xd1/0x650 [ 22.615122] ? __virt_addr_valid+0x1db/0x2d0 [ 22.615154] ? kmalloc_big_oob_right+0x316/0x370 [ 22.615175] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.615199] ? kmalloc_big_oob_right+0x316/0x370 [ 22.615221] kasan_report+0x141/0x180 [ 22.615242] ? kmalloc_big_oob_right+0x316/0x370 [ 22.615268] __asan_report_store1_noabort+0x1b/0x30 [ 22.615291] kmalloc_big_oob_right+0x316/0x370 [ 22.615313] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 22.615334] ? __schedule+0x10cc/0x2b60 [ 22.615359] ? __pfx_read_tsc+0x10/0x10 [ 22.615380] ? ktime_get_ts64+0x86/0x230 [ 22.615404] kunit_try_run_case+0x1a5/0x480 [ 22.615428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.615451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.615480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.615505] ? __kthread_parkme+0x82/0x180 [ 22.615524] ? preempt_count_sub+0x50/0x80 [ 22.615547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.615571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.615594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.615617] kthread+0x337/0x6f0 [ 22.615637] ? trace_preempt_on+0x20/0xc0 [ 22.615659] ? __pfx_kthread+0x10/0x10 [ 22.615679] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.615702] ? calculate_sigpending+0x7b/0xa0 [ 22.615726] ? __pfx_kthread+0x10/0x10 [ 22.615747] ret_from_fork+0x116/0x1d0 [ 22.615765] ? __pfx_kthread+0x10/0x10 [ 22.615786] ret_from_fork_asm+0x1a/0x30 [ 22.615816] </TASK> [ 22.615829] [ 22.627591] Allocated by task 193: [ 22.627889] kasan_save_stack+0x45/0x70 [ 22.628370] kasan_save_track+0x18/0x40 [ 22.628528] kasan_save_alloc_info+0x3b/0x50 [ 22.628673] __kasan_kmalloc+0xb7/0xc0 [ 22.628804] __kmalloc_cache_noprof+0x189/0x420 [ 22.628956] kmalloc_big_oob_right+0xa9/0x370 [ 22.629101] kunit_try_run_case+0x1a5/0x480 [ 22.629601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.630094] kthread+0x337/0x6f0 [ 22.630522] ret_from_fork+0x116/0x1d0 [ 22.630871] ret_from_fork_asm+0x1a/0x30 [ 22.631343] [ 22.631511] The buggy address belongs to the object at ffff888102aac000 [ 22.631511] which belongs to the cache kmalloc-8k of size 8192 [ 22.632772] The buggy address is located 0 bytes to the right of [ 22.632772] allocated 7936-byte region [ffff888102aac000, ffff888102aadf00) [ 22.633672] [ 22.633748] The buggy address belongs to the physical page: [ 22.633924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa8 [ 22.634293] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.635063] flags: 0x200000000000040(head|node=0|zone=2) [ 22.635691] page_type: f5(slab) [ 22.635999] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.636978] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.637738] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.638620] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.638860] head: 0200000000000003 ffffea00040aaa01 00000000ffffffff 00000000ffffffff [ 22.639086] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.639337] page dumped because: kasan: bad access detected [ 22.639699] [ 22.639793] Memory state around the buggy address: [ 22.640002] ffff888102aade00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.640433] ffff888102aade80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.640824] >ffff888102aadf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.641215] ^ [ 22.641378] ffff888102aadf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.641677] ffff888102aae000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.641948] ==================================================================