Date
July 4, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.798083] ================================================================== [ 17.798155] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 17.798226] Write of size 1 at addr fff00000c64ba00a by task kunit_try_catch/146 [ 17.798276] [ 17.798311] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.798390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.798415] Hardware name: linux,dummy-virt (DT) [ 17.798446] Call trace: [ 17.798468] show_stack+0x20/0x38 (C) [ 17.798527] dump_stack_lvl+0x8c/0xd0 [ 17.798575] print_report+0x118/0x608 [ 17.798628] kasan_report+0xdc/0x128 [ 17.798683] __asan_report_store1_noabort+0x20/0x30 [ 17.798739] kmalloc_large_oob_right+0x278/0x2b8 [ 17.798785] kunit_try_run_case+0x170/0x3f0 [ 17.799216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.799271] kthread+0x328/0x630 [ 17.799689] ret_from_fork+0x10/0x20 [ 17.799827] [ 17.799873] The buggy address belongs to the physical page: [ 17.800038] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b8 [ 17.800537] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.801020] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.801198] page_type: f8(unknown) [ 17.801296] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.801465] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.801558] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.801817] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.802000] head: 0bfffe0000000002 ffffc1ffc3192e01 00000000ffffffff 00000000ffffffff [ 17.802117] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.802280] page dumped because: kasan: bad access detected [ 17.802348] [ 17.802486] Memory state around the buggy address: [ 17.802576] fff00000c64b9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.802620] fff00000c64b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.803120] >fff00000c64ba000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.803195] ^ [ 17.803334] fff00000c64ba080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.803509] fff00000c64ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.803570] ==================================================================
[ 11.330958] ================================================================== [ 11.331704] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 11.332893] Write of size 1 at addr ffff88810273e00a by task kunit_try_catch/163 [ 11.333772] [ 11.334129] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.334185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.334197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.334232] Call Trace: [ 11.334248] <TASK> [ 11.334427] dump_stack_lvl+0x73/0xb0 [ 11.334474] print_report+0xd1/0x650 [ 11.334498] ? __virt_addr_valid+0x1db/0x2d0 [ 11.334521] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.334542] ? kasan_addr_to_slab+0x11/0xa0 [ 11.334561] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.334582] kasan_report+0x141/0x180 [ 11.334602] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.334627] __asan_report_store1_noabort+0x1b/0x30 [ 11.334646] kmalloc_large_oob_right+0x2e9/0x330 [ 11.334666] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 11.334688] ? __schedule+0x10cc/0x2b60 [ 11.334709] ? __pfx_read_tsc+0x10/0x10 [ 11.334729] ? ktime_get_ts64+0x86/0x230 [ 11.334754] kunit_try_run_case+0x1a5/0x480 [ 11.334779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.334799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.334821] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.334842] ? __kthread_parkme+0x82/0x180 [ 11.334862] ? preempt_count_sub+0x50/0x80 [ 11.334884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.334905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.334926] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.334946] kthread+0x337/0x6f0 [ 11.334964] ? trace_preempt_on+0x20/0xc0 [ 11.334987] ? __pfx_kthread+0x10/0x10 [ 11.335006] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.335026] ? calculate_sigpending+0x7b/0xa0 [ 11.335048] ? __pfx_kthread+0x10/0x10 [ 11.335068] ret_from_fork+0x116/0x1d0 [ 11.335084] ? __pfx_kthread+0x10/0x10 [ 11.335103] ret_from_fork_asm+0x1a/0x30 [ 11.335133] </TASK> [ 11.335144] [ 11.350966] The buggy address belongs to the physical page: [ 11.351192] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10273c [ 11.351780] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.352250] flags: 0x200000000000040(head|node=0|zone=2) [ 11.352576] page_type: f8(unknown) [ 11.352771] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.353084] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.353539] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.353769] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.354050] head: 0200000000000002 ffffea000409cf01 00000000ffffffff 00000000ffffffff [ 11.354555] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.354948] page dumped because: kasan: bad access detected [ 11.355370] [ 11.355454] Memory state around the buggy address: [ 11.355680] ffff88810273df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.355980] ffff88810273df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.356292] >ffff88810273e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.356848] ^ [ 11.357416] ffff88810273e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.358056] ffff88810273e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.358696] ==================================================================