Date
July 5, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.877116] ================================================================== [ 17.877213] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 17.877491] Write of size 1 at addr fff00000c782a00a by task kunit_try_catch/146 [ 17.877554] [ 17.877607] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 17.877704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.877730] Hardware name: linux,dummy-virt (DT) [ 17.877779] Call trace: [ 17.877801] show_stack+0x20/0x38 (C) [ 17.877868] dump_stack_lvl+0x8c/0xd0 [ 17.877913] print_report+0x118/0x608 [ 17.877956] kasan_report+0xdc/0x128 [ 17.877999] __asan_report_store1_noabort+0x20/0x30 [ 17.878044] kmalloc_large_oob_right+0x278/0x2b8 [ 17.878090] kunit_try_run_case+0x170/0x3f0 [ 17.878137] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.878367] kthread+0x328/0x630 [ 17.878480] ret_from_fork+0x10/0x20 [ 17.878536] [ 17.878578] The buggy address belongs to the physical page: [ 17.878634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107828 [ 17.878878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.878945] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 17.879011] page_type: f8(unknown) [ 17.879052] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.879101] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.879179] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.879227] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.879487] head: 0bfffe0000000002 ffffc1ffc31e0a01 00000000ffffffff 00000000ffffffff [ 17.879548] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.879635] page dumped because: kasan: bad access detected [ 17.879669] [ 17.879687] Memory state around the buggy address: [ 17.879749] fff00000c7829f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.879791] fff00000c7829f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.879831] >fff00000c782a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.879867] ^ [ 17.879923] fff00000c782a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.880102] fff00000c782a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.880145] ==================================================================
[ 12.929598] ================================================================== [ 12.930280] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.931448] Write of size 1 at addr ffff8881028ea00a by task kunit_try_catch/164 [ 12.932492] [ 12.932691] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.932751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.932766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.932806] Call Trace: [ 12.932824] <TASK> [ 12.932847] dump_stack_lvl+0x73/0xb0 [ 12.932889] print_report+0xd1/0x650 [ 12.932917] ? __virt_addr_valid+0x1db/0x2d0 [ 12.932946] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.932972] ? kasan_addr_to_slab+0x11/0xa0 [ 12.932995] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.933020] kasan_report+0x141/0x180 [ 12.933045] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.933106] __asan_report_store1_noabort+0x1b/0x30 [ 12.933130] kmalloc_large_oob_right+0x2e9/0x330 [ 12.933155] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.933181] ? __schedule+0x10cc/0x2b60 [ 12.933207] ? __pfx_read_tsc+0x10/0x10 [ 12.933262] ? ktime_get_ts64+0x86/0x230 [ 12.933291] kunit_try_run_case+0x1a5/0x480 [ 12.933338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.933363] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.933392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.933419] ? __kthread_parkme+0x82/0x180 [ 12.933444] ? preempt_count_sub+0x50/0x80 [ 12.933471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.933497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.933523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.933548] kthread+0x337/0x6f0 [ 12.933570] ? trace_preempt_on+0x20/0xc0 [ 12.933598] ? __pfx_kthread+0x10/0x10 [ 12.933621] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.933645] ? calculate_sigpending+0x7b/0xa0 [ 12.933693] ? __pfx_kthread+0x10/0x10 [ 12.933718] ret_from_fork+0x116/0x1d0 [ 12.933739] ? __pfx_kthread+0x10/0x10 [ 12.933762] ret_from_fork_asm+0x1a/0x30 [ 12.933810] </TASK> [ 12.933824] [ 12.948905] The buggy address belongs to the physical page: [ 12.949194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e8 [ 12.950177] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.950958] flags: 0x200000000000040(head|node=0|zone=2) [ 12.951475] page_type: f8(unknown) [ 12.951636] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.951913] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.952194] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.952834] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.953274] head: 0200000000000002 ffffea00040a3a01 00000000ffffffff 00000000ffffffff [ 12.953633] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.953966] page dumped because: kasan: bad access detected [ 12.954463] [ 12.954564] Memory state around the buggy address: [ 12.954838] ffff8881028e9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.955254] ffff8881028e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.955656] >ffff8881028ea000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.956017] ^ [ 12.956316] ffff8881028ea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.956640] ffff8881028ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.957006] ==================================================================