Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 40.339324] ================================================================== [ 40.350793] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 40.358205] Write of size 16 at addr ffff000095356269 by task kunit_try_catch/287 [ 40.365788] [ 40.367324] CPU: 4 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 40.367355] Tainted: [B]=BAD_PAGE, [N]=TEST [ 40.367364] Hardware name: Thundercomm Dragonboard 845c (DT) [ 40.367377] Call trace: [ 40.367384] show_stack+0x20/0x38 (C) [ 40.367402] dump_stack_lvl+0x8c/0xd0 [ 40.367421] print_report+0x118/0x608 [ 40.367440] kasan_report+0xdc/0x128 [ 40.367457] kasan_check_range+0x100/0x1a8 [ 40.367476] __asan_memset+0x34/0x78 [ 40.367491] kmalloc_oob_memset_16+0x150/0x2f8 [ 40.367509] kunit_try_run_case+0x170/0x3f0 [ 40.367526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.367547] kthread+0x328/0x630 [ 40.367560] ret_from_fork+0x10/0x20 [ 40.367577] [ 40.436420] Allocated by task 287: [ 40.439875] kasan_save_stack+0x3c/0x68 [ 40.443784] kasan_save_track+0x20/0x40 [ 40.447691] kasan_save_alloc_info+0x40/0x58 [ 40.452028] __kasan_kmalloc+0xd4/0xd8 [ 40.455848] __kmalloc_cache_noprof+0x16c/0x3c0 [ 40.460447] kmalloc_oob_memset_16+0xb0/0x2f8 [ 40.464871] kunit_try_run_case+0x170/0x3f0 [ 40.469122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 40.474689] kthread+0x328/0x630 [ 40.477971] ret_from_fork+0x10/0x20 [ 40.481605] [ 40.483137] The buggy address belongs to the object at ffff000095356200 [ 40.483137] which belongs to the cache kmalloc-128 of size 128 [ 40.495794] The buggy address is located 105 bytes inside of [ 40.495794] allocated 120-byte region [ffff000095356200, ffff000095356278) [ 40.508541] [ 40.510067] The buggy address belongs to the physical page: [ 40.515712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115356 [ 40.523815] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 40.531570] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 40.538624] page_type: f5(slab) [ 40.541821] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 40.549664] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 40.557507] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 40.565435] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 40.573362] head: 0bfffe0000000001 fffffdffc254d581 00000000ffffffff 00000000ffffffff [ 40.581290] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 40.589215] page dumped because: kasan: bad access detected [ 40.594862] [ 40.596391] Memory state around the buggy address: [ 40.601245] ffff000095356100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.608563] ffff000095356180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.615870] >ffff000095356200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.623179] ^ [ 40.630400] ffff000095356280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.637717] ffff000095356300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.645022] ==================================================================
[ 31.135305] ================================================================== [ 31.135410] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 31.135469] Write of size 16 at addr fff00000c9ae3369 by task kunit_try_catch/210 [ 31.135519] [ 31.135563] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.135649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.135674] Hardware name: linux,dummy-virt (DT) [ 31.135705] Call trace: [ 31.135727] show_stack+0x20/0x38 (C) [ 31.135775] dump_stack_lvl+0x8c/0xd0 [ 31.135824] print_report+0x118/0x608 [ 31.135882] kasan_report+0xdc/0x128 [ 31.135936] kasan_check_range+0x100/0x1a8 [ 31.135984] __asan_memset+0x34/0x78 [ 31.136026] kmalloc_oob_memset_16+0x150/0x2f8 [ 31.136083] kunit_try_run_case+0x170/0x3f0 [ 31.136133] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.136186] kthread+0x328/0x630 [ 31.136226] ret_from_fork+0x10/0x20 [ 31.136273] [ 31.136291] Allocated by task 210: [ 31.136637] kasan_save_stack+0x3c/0x68 [ 31.136690] kasan_save_track+0x20/0x40 [ 31.136728] kasan_save_alloc_info+0x40/0x58 [ 31.136772] __kasan_kmalloc+0xd4/0xd8 [ 31.136810] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.136865] kmalloc_oob_memset_16+0xb0/0x2f8 [ 31.137240] kunit_try_run_case+0x170/0x3f0 [ 31.137590] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.138104] kthread+0x328/0x630 [ 31.138406] ret_from_fork+0x10/0x20 [ 31.138516] [ 31.138622] The buggy address belongs to the object at fff00000c9ae3300 [ 31.138622] which belongs to the cache kmalloc-128 of size 128 [ 31.138988] The buggy address is located 105 bytes inside of [ 31.138988] allocated 120-byte region [fff00000c9ae3300, fff00000c9ae3378) [ 31.139166] [ 31.139186] The buggy address belongs to the physical page: [ 31.139355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.139581] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.139952] page_type: f5(slab) [ 31.140204] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.140296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.140520] page dumped because: kasan: bad access detected [ 31.140807] [ 31.141005] Memory state around the buggy address: [ 31.141070] fff00000c9ae3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.141130] fff00000c9ae3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.141615] >fff00000c9ae3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.141868] ^ [ 31.142054] fff00000c9ae3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.142426] fff00000c9ae3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.142545] ==================================================================
[ 23.308586] ================================================================== [ 23.309056] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.309406] Write of size 16 at addr ffff888105479f69 by task kunit_try_catch/227 [ 23.309721] [ 23.309827] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.309877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.309890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.309911] Call Trace: [ 23.309924] <TASK> [ 23.309939] dump_stack_lvl+0x73/0xb0 [ 23.309966] print_report+0xd1/0x650 [ 23.309987] ? __virt_addr_valid+0x1db/0x2d0 [ 23.310010] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.310030] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.310055] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.310076] kasan_report+0x141/0x180 [ 23.310097] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.310122] kasan_check_range+0x10c/0x1c0 [ 23.310145] __asan_memset+0x27/0x50 [ 23.310167] kmalloc_oob_memset_16+0x166/0x330 [ 23.310189] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.310211] ? __schedule+0x10cc/0x2b60 [ 23.310236] ? __pfx_read_tsc+0x10/0x10 [ 23.310342] ? ktime_get_ts64+0x86/0x230 [ 23.310367] kunit_try_run_case+0x1a5/0x480 [ 23.310393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.310416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.310437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.310474] ? __kthread_parkme+0x82/0x180 [ 23.310495] ? preempt_count_sub+0x50/0x80 [ 23.310518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.310542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.310565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.310588] kthread+0x337/0x6f0 [ 23.310608] ? trace_preempt_on+0x20/0xc0 [ 23.310631] ? __pfx_kthread+0x10/0x10 [ 23.310651] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.310674] ? calculate_sigpending+0x7b/0xa0 [ 23.310698] ? __pfx_kthread+0x10/0x10 [ 23.310719] ret_from_fork+0x116/0x1d0 [ 23.310738] ? __pfx_kthread+0x10/0x10 [ 23.310758] ret_from_fork_asm+0x1a/0x30 [ 23.310790] </TASK> [ 23.310801] [ 23.318637] Allocated by task 227: [ 23.319032] kasan_save_stack+0x45/0x70 [ 23.319230] kasan_save_track+0x18/0x40 [ 23.319411] kasan_save_alloc_info+0x3b/0x50 [ 23.319565] __kasan_kmalloc+0xb7/0xc0 [ 23.319694] __kmalloc_cache_noprof+0x189/0x420 [ 23.320001] kmalloc_oob_memset_16+0xac/0x330 [ 23.320215] kunit_try_run_case+0x1a5/0x480 [ 23.320726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.320981] kthread+0x337/0x6f0 [ 23.321117] ret_from_fork+0x116/0x1d0 [ 23.321241] ret_from_fork_asm+0x1a/0x30 [ 23.321521] [ 23.321646] The buggy address belongs to the object at ffff888105479f00 [ 23.321646] which belongs to the cache kmalloc-128 of size 128 [ 23.322049] The buggy address is located 105 bytes inside of [ 23.322049] allocated 120-byte region [ffff888105479f00, ffff888105479f78) [ 23.322431] [ 23.322589] The buggy address belongs to the physical page: [ 23.322835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 23.323232] flags: 0x200000000000000(node=0|zone=2) [ 23.323396] page_type: f5(slab) [ 23.323524] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.323765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.324091] page dumped because: kasan: bad access detected [ 23.324735] [ 23.324841] Memory state around the buggy address: [ 23.325060] ffff888105479e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.325437] ffff888105479e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.325664] >ffff888105479f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.325973] ^ [ 23.326302] ffff888105479f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.326518] ffff88810547a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.326723] ==================================================================