Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 51.798857] ================================================================== [ 51.814097] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 51.821070] Read of size 1 at addr ffff800084397c2a by task kunit_try_catch/358 [ 51.828483] [ 51.830019] CPU: 3 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 51.830052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.830061] Hardware name: Thundercomm Dragonboard 845c (DT) [ 51.830073] Call trace: [ 51.830082] show_stack+0x20/0x38 (C) [ 51.830101] dump_stack_lvl+0x8c/0xd0 [ 51.830123] print_report+0x310/0x608 [ 51.830147] kasan_report+0xdc/0x128 [ 51.830167] __asan_report_load1_noabort+0x20/0x30 [ 51.830186] kasan_stack_oob+0x238/0x270 [ 51.830204] kunit_try_run_case+0x170/0x3f0 [ 51.830225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 51.830247] kthread+0x328/0x630 [ 51.830264] ret_from_fork+0x10/0x20 [ 51.830284] [ 51.895735] The buggy address belongs to stack of task kunit_try_catch/358 [ 51.902704] and is located at offset 138 in frame: [ 51.907651] kasan_stack_oob+0x0/0x270 [ 51.911477] [ 51.913013] This frame has 4 objects: [ 51.916742] [48, 49) '__assertion' [ 51.916756] [64, 72) 'array' [ 51.920302] [96, 112) '__assertion' [ 51.923326] [128, 138) 'stack_array' [ 51.926961] [ 51.932211] The buggy address belongs to the virtual mapping at [ 51.932211] [ffff800084390000, ffff800084399000) created by: [ 51.932211] kernel_clone+0x150/0x7a8 [ 51.947690] [ 51.949220] The buggy address belongs to the physical page: [ 51.954871] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x104649 [ 51.964295] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 51.970919] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 51.978765] raw: ffffffffffffffff 0000000000000000 00000001ffffffff 0000000000000000 [ 51.986604] page dumped because: kasan: bad access detected [ 51.992257] [ 51.993788] Memory state around the buggy address: [ 51.998649] ffff800084397b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.005974] ffff800084397b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 52.013300] >ffff800084397c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 52.020622] ^ [ 52.025230] ffff800084397c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 52.032552] ffff800084397d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 52.039866] ==================================================================
[ 33.225413] ================================================================== [ 33.225761] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 33.225847] Read of size 1 at addr ffff800080a87c2a by task kunit_try_catch/281 [ 33.225901] [ 33.225937] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.226384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.226472] Hardware name: linux,dummy-virt (DT) [ 33.226532] Call trace: [ 33.226560] show_stack+0x20/0x38 (C) [ 33.226624] dump_stack_lvl+0x8c/0xd0 [ 33.226794] print_report+0x310/0x608 [ 33.226944] kasan_report+0xdc/0x128 [ 33.226995] __asan_report_load1_noabort+0x20/0x30 [ 33.227047] kasan_stack_oob+0x238/0x270 [ 33.227095] kunit_try_run_case+0x170/0x3f0 [ 33.227441] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.227589] kthread+0x328/0x630 [ 33.227792] ret_from_fork+0x10/0x20 [ 33.227855] [ 33.227925] The buggy address belongs to stack of task kunit_try_catch/281 [ 33.228111] and is located at offset 138 in frame: [ 33.228152] kasan_stack_oob+0x0/0x270 [ 33.228393] [ 33.228432] This frame has 4 objects: [ 33.228704] [48, 49) '__assertion' [ 33.228811] [64, 72) 'array' [ 33.228883] [96, 112) '__assertion' [ 33.228934] [128, 138) 'stack_array' [ 33.229171] [ 33.229213] The buggy address belongs to the virtual mapping at [ 33.229213] [ffff800080a80000, ffff800080a89000) created by: [ 33.229213] kernel_clone+0x150/0x7a8 [ 33.229301] [ 33.229331] The buggy address belongs to the physical page: [ 33.229408] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b42 [ 33.229472] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.229677] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 33.229808] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 33.229929] page dumped because: kasan: bad access detected [ 33.230042] [ 33.230104] Memory state around the buggy address: [ 33.230209] ffff800080a87b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.230256] ffff800080a87b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 33.230301] >ffff800080a87c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 33.230367] ^ [ 33.230501] ffff800080a87c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 33.230582] ffff800080a87d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 33.230771] ==================================================================
[ 24.970959] ================================================================== [ 24.972129] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 24.972376] Read of size 1 at addr ffff8881061efd02 by task kunit_try_catch/298 [ 24.972610] [ 24.972694] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.972745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.972759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.972783] Call Trace: [ 24.972796] <TASK> [ 24.972812] dump_stack_lvl+0x73/0xb0 [ 24.972841] print_report+0xd1/0x650 [ 24.972864] ? __virt_addr_valid+0x1db/0x2d0 [ 24.972888] ? kasan_stack_oob+0x2b5/0x300 [ 24.972911] ? kasan_addr_to_slab+0x11/0xa0 [ 24.972935] ? kasan_stack_oob+0x2b5/0x300 [ 24.972959] kasan_report+0x141/0x180 [ 24.972981] ? kasan_stack_oob+0x2b5/0x300 [ 24.973009] __asan_report_load1_noabort+0x18/0x20 [ 24.973033] kasan_stack_oob+0x2b5/0x300 [ 24.973057] ? __pfx_kasan_stack_oob+0x10/0x10 [ 24.973080] ? finish_task_switch.isra.0+0x153/0x700 [ 24.973102] ? __switch_to+0x47/0xf50 [ 24.973130] ? __schedule+0x10cc/0x2b60 [ 24.973157] ? __pfx_read_tsc+0x10/0x10 [ 24.973180] ? ktime_get_ts64+0x86/0x230 [ 24.973204] kunit_try_run_case+0x1a5/0x480 [ 24.973231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.973254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.973277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.973303] ? __kthread_parkme+0x82/0x180 [ 24.973324] ? preempt_count_sub+0x50/0x80 [ 24.973346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.973371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.973396] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.973420] kthread+0x337/0x6f0 [ 24.973440] ? trace_preempt_on+0x20/0xc0 [ 24.973486] ? __pfx_kthread+0x10/0x10 [ 24.973508] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.973533] ? calculate_sigpending+0x7b/0xa0 [ 24.973557] ? __pfx_kthread+0x10/0x10 [ 24.973580] ret_from_fork+0x116/0x1d0 [ 24.973599] ? __pfx_kthread+0x10/0x10 [ 24.973620] ret_from_fork_asm+0x1a/0x30 [ 24.973651] </TASK> [ 24.973664] [ 24.989957] The buggy address belongs to stack of task kunit_try_catch/298 [ 24.990859] and is located at offset 138 in frame: [ 24.991390] kasan_stack_oob+0x0/0x300 [ 24.991983] [ 24.992123] This frame has 4 objects: [ 24.992503] [48, 49) '__assertion' [ 24.992532] [64, 72) 'array' [ 24.992742] [96, 112) '__assertion' [ 24.992870] [128, 138) 'stack_array' [ 24.993005] [ 24.993301] The buggy address belongs to the physical page: [ 24.993961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061ef [ 24.994703] flags: 0x200000000000000(node=0|zone=2) [ 24.995216] raw: 0200000000000000 ffffea0004187bc8 ffffea0004187bc8 0000000000000000 [ 24.995928] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.996677] page dumped because: kasan: bad access detected [ 24.997138] [ 24.997360] Memory state around the buggy address: [ 24.997678] ffff8881061efc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.998046] ffff8881061efc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 24.998490] >ffff8881061efd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.999257] ^ [ 24.999568] ffff8881061efd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.000317] ffff8881061efe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.000827] ==================================================================