Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.387999] ================================================================== [ 39.399563] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 39.406883] Write of size 2 at addr ffff000080df5877 by task kunit_try_catch/281 [ 39.414384] [ 39.415920] CPU: 2 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 39.415952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.415961] Hardware name: Thundercomm Dragonboard 845c (DT) [ 39.415974] Call trace: [ 39.415980] show_stack+0x20/0x38 (C) [ 39.415998] dump_stack_lvl+0x8c/0xd0 [ 39.416020] print_report+0x118/0x608 [ 39.416040] kasan_report+0xdc/0x128 [ 39.416058] kasan_check_range+0x100/0x1a8 [ 39.416079] __asan_memset+0x34/0x78 [ 39.416095] kmalloc_oob_memset_2+0x150/0x2f8 [ 39.416113] kunit_try_run_case+0x170/0x3f0 [ 39.416131] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.416152] kthread+0x328/0x630 [ 39.416169] ret_from_fork+0x10/0x20 [ 39.416187] [ 39.484991] Allocated by task 281: [ 39.488458] kasan_save_stack+0x3c/0x68 [ 39.492363] kasan_save_track+0x20/0x40 [ 39.496269] kasan_save_alloc_info+0x40/0x58 [ 39.500613] __kasan_kmalloc+0xd4/0xd8 [ 39.504432] __kmalloc_cache_noprof+0x16c/0x3c0 [ 39.509040] kmalloc_oob_memset_2+0xb0/0x2f8 [ 39.513387] kunit_try_run_case+0x170/0x3f0 [ 39.517646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.523215] kthread+0x328/0x630 [ 39.526502] ret_from_fork+0x10/0x20 [ 39.530147] [ 39.531677] The buggy address belongs to the object at ffff000080df5800 [ 39.531677] which belongs to the cache kmalloc-128 of size 128 [ 39.544339] The buggy address is located 119 bytes inside of [ 39.544339] allocated 120-byte region [ffff000080df5800, ffff000080df5878) [ 39.557090] [ 39.558621] The buggy address belongs to the physical page: [ 39.564270] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100df4 [ 39.572375] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 39.580135] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 39.587193] page_type: f5(slab) [ 39.590393] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 39.598240] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 39.606088] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 39.614021] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 39.621956] head: 0bfffe0000000001 fffffdffc2037d01 00000000ffffffff 00000000ffffffff [ 39.629889] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 39.637817] page dumped because: kasan: bad access detected [ 39.643463] [ 39.644993] Memory state around the buggy address: [ 39.649853] ffff000080df5700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.657168] ffff000080df5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.664484] >ffff000080df5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 39.671797] ^ [ 39.679022] ffff000080df5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.686337] ffff000080df5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.693651] ==================================================================
[ 31.079003] ================================================================== [ 31.079064] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 31.079120] Write of size 2 at addr fff00000c9ae3077 by task kunit_try_catch/204 [ 31.079242] [ 31.079288] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 31.079778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.079964] Hardware name: linux,dummy-virt (DT) [ 31.080052] Call trace: [ 31.080077] show_stack+0x20/0x38 (C) [ 31.080130] dump_stack_lvl+0x8c/0xd0 [ 31.080240] print_report+0x118/0x608 [ 31.080330] kasan_report+0xdc/0x128 [ 31.080412] kasan_check_range+0x100/0x1a8 [ 31.080762] __asan_memset+0x34/0x78 [ 31.080973] kmalloc_oob_memset_2+0x150/0x2f8 [ 31.081127] kunit_try_run_case+0x170/0x3f0 [ 31.081262] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.081321] kthread+0x328/0x630 [ 31.081890] ret_from_fork+0x10/0x20 [ 31.082117] [ 31.082294] Allocated by task 204: [ 31.082399] kasan_save_stack+0x3c/0x68 [ 31.082621] kasan_save_track+0x20/0x40 [ 31.082916] kasan_save_alloc_info+0x40/0x58 [ 31.083064] __kasan_kmalloc+0xd4/0xd8 [ 31.083255] __kmalloc_cache_noprof+0x16c/0x3c0 [ 31.083398] kmalloc_oob_memset_2+0xb0/0x2f8 [ 31.083449] kunit_try_run_case+0x170/0x3f0 [ 31.083488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.083533] kthread+0x328/0x630 [ 31.083566] ret_from_fork+0x10/0x20 [ 31.083603] [ 31.083633] The buggy address belongs to the object at fff00000c9ae3000 [ 31.083633] which belongs to the cache kmalloc-128 of size 128 [ 31.083692] The buggy address is located 119 bytes inside of [ 31.083692] allocated 120-byte region [fff00000c9ae3000, fff00000c9ae3078) [ 31.083761] [ 31.083781] The buggy address belongs to the physical page: [ 31.083811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae3 [ 31.083877] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.083940] page_type: f5(slab) [ 31.083989] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.084038] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.084092] page dumped because: kasan: bad access detected [ 31.084136] [ 31.084154] Memory state around the buggy address: [ 31.084190] fff00000c9ae2f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.084247] fff00000c9ae2f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.084288] >fff00000c9ae3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.084351] ^ [ 31.084944] fff00000c9ae3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.085027] fff00000c9ae3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.085093] ==================================================================
[ 23.229422] ================================================================== [ 23.229895] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.230192] Write of size 2 at addr ffff888105ab1377 by task kunit_try_catch/221 [ 23.230510] [ 23.230733] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.230784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.230797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.230818] Call Trace: [ 23.230830] <TASK> [ 23.230846] dump_stack_lvl+0x73/0xb0 [ 23.230875] print_report+0xd1/0x650 [ 23.230898] ? __virt_addr_valid+0x1db/0x2d0 [ 23.230921] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.230942] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.230967] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.230988] kasan_report+0x141/0x180 [ 23.231167] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.231197] kasan_check_range+0x10c/0x1c0 [ 23.231220] __asan_memset+0x27/0x50 [ 23.231243] kmalloc_oob_memset_2+0x166/0x330 [ 23.231265] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.231287] ? __schedule+0x10cc/0x2b60 [ 23.231312] ? __pfx_read_tsc+0x10/0x10 [ 23.231340] ? ktime_get_ts64+0x86/0x230 [ 23.231365] kunit_try_run_case+0x1a5/0x480 [ 23.231391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.231414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.231435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.231474] ? __kthread_parkme+0x82/0x180 [ 23.231495] ? preempt_count_sub+0x50/0x80 [ 23.231518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.231542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.231566] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.231590] kthread+0x337/0x6f0 [ 23.231610] ? trace_preempt_on+0x20/0xc0 [ 23.231633] ? __pfx_kthread+0x10/0x10 [ 23.231654] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.231677] ? calculate_sigpending+0x7b/0xa0 [ 23.231700] ? __pfx_kthread+0x10/0x10 [ 23.231722] ret_from_fork+0x116/0x1d0 [ 23.231741] ? __pfx_kthread+0x10/0x10 [ 23.231762] ret_from_fork_asm+0x1a/0x30 [ 23.231794] </TASK> [ 23.231805] [ 23.239045] Allocated by task 221: [ 23.239175] kasan_save_stack+0x45/0x70 [ 23.239605] kasan_save_track+0x18/0x40 [ 23.239795] kasan_save_alloc_info+0x3b/0x50 [ 23.239998] __kasan_kmalloc+0xb7/0xc0 [ 23.240261] __kmalloc_cache_noprof+0x189/0x420 [ 23.240422] kmalloc_oob_memset_2+0xac/0x330 [ 23.240572] kunit_try_run_case+0x1a5/0x480 [ 23.240775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.241018] kthread+0x337/0x6f0 [ 23.241478] ret_from_fork+0x116/0x1d0 [ 23.241665] ret_from_fork_asm+0x1a/0x30 [ 23.241811] [ 23.241881] The buggy address belongs to the object at ffff888105ab1300 [ 23.241881] which belongs to the cache kmalloc-128 of size 128 [ 23.242269] The buggy address is located 119 bytes inside of [ 23.242269] allocated 120-byte region [ffff888105ab1300, ffff888105ab1378) [ 23.242820] [ 23.242911] The buggy address belongs to the physical page: [ 23.243161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 23.244476] flags: 0x200000000000000(node=0|zone=2) [ 23.245071] page_type: f5(slab) [ 23.245279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.245688] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.246012] page dumped because: kasan: bad access detected [ 23.246571] [ 23.246651] Memory state around the buggy address: [ 23.246886] ffff888105ab1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.247436] ffff888105ab1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.247884] >ffff888105ab1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.248151] ^ [ 23.248819] ffff888105ab1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.249322] ffff888105ab1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.249622] ==================================================================