Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.070531] ================================================================== [ 39.081492] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 39.088904] Write of size 128 at addr ffff0000814acf00 by task kunit_try_catch/279 [ 39.096577] [ 39.098114] CPU: 3 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 39.098143] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.098152] Hardware name: Thundercomm Dragonboard 845c (DT) [ 39.098164] Call trace: [ 39.098173] show_stack+0x20/0x38 (C) [ 39.098190] dump_stack_lvl+0x8c/0xd0 [ 39.098212] print_report+0x118/0x608 [ 39.098233] kasan_report+0xdc/0x128 [ 39.098252] kasan_check_range+0x100/0x1a8 [ 39.098273] __asan_memset+0x34/0x78 [ 39.098289] kmalloc_oob_in_memset+0x144/0x2d0 [ 39.098306] kunit_try_run_case+0x170/0x3f0 [ 39.098324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.098346] kthread+0x328/0x630 [ 39.098361] ret_from_fork+0x10/0x20 [ 39.098380] [ 39.167262] Allocated by task 279: [ 39.170724] kasan_save_stack+0x3c/0x68 [ 39.174633] kasan_save_track+0x20/0x40 [ 39.178543] kasan_save_alloc_info+0x40/0x58 [ 39.182881] __kasan_kmalloc+0xd4/0xd8 [ 39.186702] __kmalloc_cache_noprof+0x16c/0x3c0 [ 39.191313] kmalloc_oob_in_memset+0xb0/0x2d0 [ 39.195748] kunit_try_run_case+0x170/0x3f0 [ 39.200000] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.205574] kthread+0x328/0x630 [ 39.208865] ret_from_fork+0x10/0x20 [ 39.212502] [ 39.214033] The buggy address belongs to the object at ffff0000814acf00 [ 39.214033] which belongs to the cache kmalloc-128 of size 128 [ 39.226699] The buggy address is located 0 bytes inside of [ 39.226699] allocated 120-byte region [ffff0000814acf00, ffff0000814acf78) [ 39.239277] [ 39.240816] The buggy address belongs to the physical page: [ 39.246469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1014ac [ 39.254583] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 39.262340] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 39.269838] page_type: f5(slab) [ 39.273043] raw: 0bfffe0000000040 ffff000080002a00 0000000000000000 0000000000000001 [ 39.280886] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 39.288732] head: 0bfffe0000000040 ffff000080002a00 0000000000000000 0000000000000001 [ 39.296665] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 39.304596] head: 0bfffe0000000001 fffffdffc2052b01 00000000ffffffff 00000000ffffffff [ 39.312527] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 39.320453] page dumped because: kasan: bad access detected [ 39.326103] [ 39.327640] Memory state around the buggy address: [ 39.332500] ffff0000814ace00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 39.339814] ffff0000814ace80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.347131] >ffff0000814acf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.354444] ^ [ 39.361668] ffff0000814acf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.368994] ffff0000814ad000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.376314] ==================================================================
[ 31.060204] ================================================================== [ 31.060317] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 31.060425] Write of size 128 at addr fff00000c58aff00 by task kunit_try_catch/202 [ 31.060779] [ 31.060974] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.061140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.061496] Hardware name: linux,dummy-virt (DT) [ 31.061711] Call trace: [ 31.061809] show_stack+0x20/0x38 (C) [ 31.061875] dump_stack_lvl+0x8c/0xd0 [ 31.062404] print_report+0x118/0x608 [ 31.062594] kasan_report+0xdc/0x128 [ 31.062799] kasan_check_range+0x100/0x1a8 [ 31.062945] __asan_memset+0x34/0x78 [ 31.063000] kmalloc_oob_in_memset+0x144/0x2d0 [ 31.063343] kunit_try_run_case+0x170/0x3f0 [ 31.063510] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.063655] kthread+0x328/0x630 [ 31.063700] ret_from_fork+0x10/0x20 [ 31.063948] [ 31.064015] Allocated by task 202: [ 31.064165] kasan_save_stack+0x3c/0x68 [ 31.064400] kasan_save_track+0x20/0x40 [ 31.064636] kasan_save_alloc_info+0x40/0x58 [ 31.064813] __kasan_kmalloc+0xd4/0xd8 [ 31.065004] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.065441] kmalloc_oob_in_memset+0xb0/0x2d0 [ 31.065502] kunit_try_run_case+0x170/0x3f0 [ 31.065668] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.065867] kthread+0x328/0x630 [ 31.066008] ret_from_fork+0x10/0x20 [ 31.066388] [ 31.066432] The buggy address belongs to the object at fff00000c58aff00 [ 31.066432] which belongs to the cache kmalloc-128 of size 128 [ 31.066494] The buggy address is located 0 bytes inside of [ 31.066494] allocated 120-byte region [fff00000c58aff00, fff00000c58aff78) [ 31.066602] [ 31.066629] The buggy address belongs to the physical page: [ 31.066663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058af [ 31.066725] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.066774] page_type: f5(slab) [ 31.066814] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.066874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.066924] page dumped because: kasan: bad access detected [ 31.066954] [ 31.066973] Memory state around the buggy address: [ 31.067011] fff00000c58afe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.067057] fff00000c58afe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.067097] >fff00000c58aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.067134] ^ [ 31.067183] fff00000c58aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.067226] fff00000c58b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 31.067263] ==================================================================
[ 23.205618] ================================================================== [ 23.205980] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.206311] Write of size 128 at addr ffff888105479c00 by task kunit_try_catch/219 [ 23.207376] [ 23.207508] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.207557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.207570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.207590] Call Trace: [ 23.207603] <TASK> [ 23.207619] dump_stack_lvl+0x73/0xb0 [ 23.207647] print_report+0xd1/0x650 [ 23.207668] ? __virt_addr_valid+0x1db/0x2d0 [ 23.207690] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.207711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.207735] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.207756] kasan_report+0x141/0x180 [ 23.207777] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.207802] kasan_check_range+0x10c/0x1c0 [ 23.207824] __asan_memset+0x27/0x50 [ 23.207846] kmalloc_oob_in_memset+0x15f/0x320 [ 23.207867] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.207888] ? __schedule+0x207f/0x2b60 [ 23.207912] ? __pfx_read_tsc+0x10/0x10 [ 23.207933] ? ktime_get_ts64+0x86/0x230 [ 23.207956] kunit_try_run_case+0x1a5/0x480 [ 23.207982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.208004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.208024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.208048] ? __kthread_parkme+0x82/0x180 [ 23.208068] ? preempt_count_sub+0x50/0x80 [ 23.208090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.208114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.208145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.208170] kthread+0x337/0x6f0 [ 23.208189] ? trace_preempt_on+0x20/0xc0 [ 23.208211] ? __pfx_kthread+0x10/0x10 [ 23.208231] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.208254] ? calculate_sigpending+0x7b/0xa0 [ 23.208277] ? __pfx_kthread+0x10/0x10 [ 23.208298] ret_from_fork+0x116/0x1d0 [ 23.208316] ? __pfx_kthread+0x10/0x10 [ 23.208336] ret_from_fork_asm+0x1a/0x30 [ 23.208367] </TASK> [ 23.208377] [ 23.215896] Allocated by task 219: [ 23.216074] kasan_save_stack+0x45/0x70 [ 23.216360] kasan_save_track+0x18/0x40 [ 23.216563] kasan_save_alloc_info+0x3b/0x50 [ 23.216725] __kasan_kmalloc+0xb7/0xc0 [ 23.216907] __kmalloc_cache_noprof+0x189/0x420 [ 23.217093] kmalloc_oob_in_memset+0xac/0x320 [ 23.217349] kunit_try_run_case+0x1a5/0x480 [ 23.217535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.217786] kthread+0x337/0x6f0 [ 23.217952] ret_from_fork+0x116/0x1d0 [ 23.218100] ret_from_fork_asm+0x1a/0x30 [ 23.218495] [ 23.218570] The buggy address belongs to the object at ffff888105479c00 [ 23.218570] which belongs to the cache kmalloc-128 of size 128 [ 23.218919] The buggy address is located 0 bytes inside of [ 23.218919] allocated 120-byte region [ffff888105479c00, ffff888105479c78) [ 23.219559] [ 23.219656] The buggy address belongs to the physical page: [ 23.219897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 23.220323] flags: 0x200000000000000(node=0|zone=2) [ 23.220552] page_type: f5(slab) [ 23.220665] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.220934] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.221334] page dumped because: kasan: bad access detected [ 23.221588] [ 23.221674] Memory state around the buggy address: [ 23.221875] ffff888105479b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.222344] ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.222654] >ffff888105479c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.222934] ^ [ 23.223316] ffff888105479c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.223605] ffff888105479d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.223845] ==================================================================