Date
May 23, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.898489] ================================================================== [ 26.898707] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 26.898875] Write of size 1 at addr fff00000c77a600a by task kunit_try_catch/148 [ 26.899018] [ 26.899111] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 26.899347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.899431] Hardware name: linux,dummy-virt (DT) [ 26.899528] Call trace: [ 26.899592] show_stack+0x20/0x38 (C) [ 26.900118] dump_stack_lvl+0x8c/0xd0 [ 26.900309] print_report+0x118/0x608 [ 26.900439] kasan_report+0xdc/0x128 [ 26.900599] __asan_report_store1_noabort+0x20/0x30 [ 26.900734] kmalloc_large_oob_right+0x278/0x2b8 [ 26.901140] kunit_try_run_case+0x170/0x3f0 [ 26.901224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.901299] kthread+0x328/0x630 [ 26.901364] ret_from_fork+0x10/0x20 [ 26.901433] [ 26.901527] The buggy address belongs to the physical page: [ 26.901617] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077a4 [ 26.901851] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.902012] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 26.902183] page_type: f8(unknown) [ 26.902293] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.902440] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.902604] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.902748] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 26.902894] head: 0bfffe0000000002 ffffc1ffc31de901 00000000ffffffff 00000000ffffffff [ 26.903037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.903156] page dumped because: kasan: bad access detected [ 26.903248] [ 26.903301] Memory state around the buggy address: [ 26.903407] fff00000c77a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.904045] fff00000c77a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.904263] >fff00000c77a6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.904430] ^ [ 26.904770] fff00000c77a6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.904971] fff00000c77a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.905082] ==================================================================
[ 12.152685] ================================================================== [ 12.153181] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.153524] Write of size 1 at addr ffff88810211200a by task kunit_try_catch/165 [ 12.153815] [ 12.153923] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 12.153971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.153982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.154003] Call Trace: [ 12.154014] <TASK> [ 12.154030] dump_stack_lvl+0x73/0xb0 [ 12.154058] print_report+0xd1/0x650 [ 12.154080] ? __virt_addr_valid+0x1db/0x2d0 [ 12.154101] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.154122] ? kasan_addr_to_slab+0x11/0xa0 [ 12.154142] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.154164] kasan_report+0x141/0x180 [ 12.154186] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.154213] __asan_report_store1_noabort+0x1b/0x30 [ 12.154234] kmalloc_large_oob_right+0x2e9/0x330 [ 12.154256] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.154279] ? __schedule+0x10cc/0x2b30 [ 12.154312] ? __pfx_read_tsc+0x10/0x10 [ 12.154333] ? ktime_get_ts64+0x86/0x230 [ 12.154358] kunit_try_run_case+0x1a5/0x480 [ 12.154382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.154403] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.154425] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.154447] ? __kthread_parkme+0x82/0x180 [ 12.154468] ? preempt_count_sub+0x50/0x80 [ 12.154493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.154515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.154537] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.154880] kthread+0x337/0x6f0 [ 12.154911] ? trace_preempt_on+0x20/0xc0 [ 12.154934] ? __pfx_kthread+0x10/0x10 [ 12.154952] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.154973] ? calculate_sigpending+0x7b/0xa0 [ 12.154994] ? __pfx_kthread+0x10/0x10 [ 12.155013] ret_from_fork+0x41/0x80 [ 12.155033] ? __pfx_kthread+0x10/0x10 [ 12.155051] ret_from_fork_asm+0x1a/0x30 [ 12.155082] </TASK> [ 12.155093] [ 12.162753] The buggy address belongs to the physical page: [ 12.163108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102110 [ 12.163563] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.163971] flags: 0x200000000000040(head|node=0|zone=2) [ 12.164257] page_type: f8(unknown) [ 12.164460] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.164774] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.165383] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.165838] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.166229] head: 0200000000000002 ffffea0004084401 00000000ffffffff 00000000ffffffff [ 12.166650] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.167038] page dumped because: kasan: bad access detected [ 12.167272] [ 12.167380] Memory state around the buggy address: [ 12.167567] ffff888102111f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.167785] ffff888102111f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.168050] >ffff888102112000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.168563] ^ [ 12.168697] ffff888102112080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.169142] ffff888102112100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.169536] ==================================================================