Hay
Sign in
Date
July 3, 2025, 10:10 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64 

[   31.770818] ==================================================================
[   31.781855] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   31.789358] Read of size 1 at addr ffff00008448b000 by task kunit_try_catch/249
[   31.796767] 
[   31.798304] CPU: 3 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   31.798334] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.798342] Hardware name: Thundercomm Dragonboard 845c (DT)
[   31.798354] Call trace:
[   31.798361]  show_stack+0x20/0x38 (C)
[   31.798381]  dump_stack_lvl+0x8c/0xd0
[   31.798403]  print_report+0x118/0x608
[   31.798422]  kasan_report+0xdc/0x128
[   31.798441]  __asan_report_load1_noabort+0x20/0x30
[   31.798458]  kmalloc_node_oob_right+0x2f4/0x330
[   31.798476]  kunit_try_run_case+0x170/0x3f0
[   31.798496]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.798518]  kthread+0x328/0x630
[   31.798533]  ret_from_fork+0x10/0x20
[   31.798551] 
[   31.864617] Allocated by task 249:
[   31.868077]  kasan_save_stack+0x3c/0x68
[   31.871987]  kasan_save_track+0x20/0x40
[   31.875897]  kasan_save_alloc_info+0x40/0x58
[   31.880234]  __kasan_kmalloc+0xd4/0xd8
[   31.884056]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   31.889101]  kmalloc_node_oob_right+0xbc/0x330
[   31.893617]  kunit_try_run_case+0x170/0x3f0
[   31.897870]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.903442]  kthread+0x328/0x630
[   31.906735]  ret_from_fork+0x10/0x20
[   31.910373] 
[   31.911910] The buggy address belongs to the object at ffff00008448a000
[   31.911910]  which belongs to the cache kmalloc-4k of size 4096
[   31.924573] The buggy address is located 0 bytes to the right of
[   31.924573]  allocated 4096-byte region [ffff00008448a000, ffff00008448b000)
[   31.937758] 
[   31.939288] The buggy address belongs to the physical page:
[   31.944935] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104488
[   31.953048] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.960804] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.967863] page_type: f5(slab)
[   31.971071] raw: 0bfffe0000000040 ffff000080003040 dead000000000122 0000000000000000
[   31.978916] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   31.986761] head: 0bfffe0000000040 ffff000080003040 dead000000000122 0000000000000000
[   31.994690] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   32.002622] head: 0bfffe0000000003 fffffdffc2112201 00000000ffffffff 00000000ffffffff
[   32.010553] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   32.018480] page dumped because: kasan: bad access detected
[   32.024134] 
[   32.025663] Memory state around the buggy address:
[   32.030526]  ffff00008448af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.037849]  ffff00008448af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.045174] >ffff00008448b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.052496]                    ^
[   32.055783]  ffff00008448b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.063099]  ffff00008448b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.070411] ==================================================================
Metadata Full log Test run details 

[   30.693283] ==================================================================
[   30.693396] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   30.693565] Read of size 1 at addr fff00000c9b69000 by task kunit_try_catch/172
[   30.693700] 
[   30.693737] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.694049] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.694097] Hardware name: linux,dummy-virt (DT)
[   30.694131] Call trace:
[   30.694245]  show_stack+0x20/0x38 (C)
[   30.694307]  dump_stack_lvl+0x8c/0xd0
[   30.694490]  print_report+0x118/0x608
[   30.694566]  kasan_report+0xdc/0x128
[   30.694624]  __asan_report_load1_noabort+0x20/0x30
[   30.694675]  kmalloc_node_oob_right+0x2f4/0x330
[   30.695034]  kunit_try_run_case+0x170/0x3f0
[   30.695104]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.695159]  kthread+0x328/0x630
[   30.695202]  ret_from_fork+0x10/0x20
[   30.695315] 
[   30.695451] Allocated by task 172:
[   30.695827]  kasan_save_stack+0x3c/0x68
[   30.695946]  kasan_save_track+0x20/0x40
[   30.696031]  kasan_save_alloc_info+0x40/0x58
[   30.696130]  __kasan_kmalloc+0xd4/0xd8
[   30.696226]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   30.696293]  kmalloc_node_oob_right+0xbc/0x330
[   30.696434]  kunit_try_run_case+0x170/0x3f0
[   30.696478]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.696544]  kthread+0x328/0x630
[   30.696896]  ret_from_fork+0x10/0x20
[   30.696953] 
[   30.696984] The buggy address belongs to the object at fff00000c9b68000
[   30.696984]  which belongs to the cache kmalloc-4k of size 4096
[   30.697099] The buggy address is located 0 bytes to the right of
[   30.697099]  allocated 4096-byte region [fff00000c9b68000, fff00000c9b69000)
[   30.697170] 
[   30.697189] The buggy address belongs to the physical page:
[   30.697673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b68
[   30.698477] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.698539] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.699203] page_type: f5(slab)
[   30.699277] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   30.699347] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   30.699529] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   30.700259] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   30.700631] head: 0bfffe0000000003 ffffc1ffc326da01 00000000ffffffff 00000000ffffffff
[   30.700733] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   30.700867] page dumped because: kasan: bad access detected
[   30.700901] 
[   30.700919] Memory state around the buggy address:
[   30.700965]  fff00000c9b68f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.701009]  fff00000c9b68f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.701061] >fff00000c9b69000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.701098]                    ^
[   30.701126]  fff00000c9b69080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.701167]  fff00000c9b69100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.701205] ==================================================================
Metadata Full log Test run details 

[   22.532717] ==================================================================
[   22.533176] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   22.533535] Read of size 1 at addr ffff888106053000 by task kunit_try_catch/189
[   22.533857] 
[   22.533949] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.533996] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.534008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.534029] Call Trace:
[   22.534041]  <TASK>
[   22.534057]  dump_stack_lvl+0x73/0xb0
[   22.534085]  print_report+0xd1/0x650
[   22.534107]  ? __virt_addr_valid+0x1db/0x2d0
[   22.534128]  ? kmalloc_node_oob_right+0x369/0x3c0
[   22.534150]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.534174]  ? kmalloc_node_oob_right+0x369/0x3c0
[   22.534197]  kasan_report+0x141/0x180
[   22.534218]  ? kmalloc_node_oob_right+0x369/0x3c0
[   22.534245]  __asan_report_load1_noabort+0x18/0x20
[   22.534267]  kmalloc_node_oob_right+0x369/0x3c0
[   22.534721]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   22.534748]  ? __schedule+0x10cc/0x2b60
[   22.534777]  ? __pfx_read_tsc+0x10/0x10
[   22.534799]  ? ktime_get_ts64+0x86/0x230
[   22.534823]  kunit_try_run_case+0x1a5/0x480
[   22.534848]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.534870]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.534891]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.534918]  ? __kthread_parkme+0x82/0x180
[   22.534937]  ? preempt_count_sub+0x50/0x80
[   22.534960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.534984]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.535007]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.535030]  kthread+0x337/0x6f0
[   22.535049]  ? trace_preempt_on+0x20/0xc0
[   22.535071]  ? __pfx_kthread+0x10/0x10
[   22.535091]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.535116]  ? calculate_sigpending+0x7b/0xa0
[   22.535139]  ? __pfx_kthread+0x10/0x10
[   22.535176]  ret_from_fork+0x116/0x1d0
[   22.535196]  ? __pfx_kthread+0x10/0x10
[   22.535216]  ret_from_fork_asm+0x1a/0x30
[   22.535247]  </TASK>
[   22.535258] 
[   22.546017] Allocated by task 189:
[   22.546393]  kasan_save_stack+0x45/0x70
[   22.546779]  kasan_save_track+0x18/0x40
[   22.547072]  kasan_save_alloc_info+0x3b/0x50
[   22.547589]  __kasan_kmalloc+0xb7/0xc0
[   22.547944]  __kmalloc_cache_node_noprof+0x188/0x420
[   22.548136]  kmalloc_node_oob_right+0xab/0x3c0
[   22.548531]  kunit_try_run_case+0x1a5/0x480
[   22.548703]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.548954]  kthread+0x337/0x6f0
[   22.549119]  ret_from_fork+0x116/0x1d0
[   22.549357]  ret_from_fork_asm+0x1a/0x30
[   22.549521] 
[   22.549615] The buggy address belongs to the object at ffff888106052000
[   22.549615]  which belongs to the cache kmalloc-4k of size 4096
[   22.550148] The buggy address is located 0 bytes to the right of
[   22.550148]  allocated 4096-byte region [ffff888106052000, ffff888106053000)
[   22.550845] 
[   22.550981] The buggy address belongs to the physical page:
[   22.552091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106050
[   22.552757] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.553072] flags: 0x200000000000040(head|node=0|zone=2)
[   22.553529] page_type: f5(slab)
[   22.553698] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122
[   22.554061] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   22.554551] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122
[   22.554933] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   22.555253] head: 0200000000000003 ffffea0004181401 00000000ffffffff 00000000ffffffff
[   22.555818] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   22.556147] page dumped because: kasan: bad access detected
[   22.556516] 
[   22.556660] Memory state around the buggy address:
[   22.556892]  ffff888106052f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.557273]  ffff888106052f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.557676] >ffff888106053000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.558005]                    ^
[   22.558208]  ffff888106053080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.558534]  ffff888106053100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.558858] ==================================================================
Metadata Full log Test run details