Date
July 15, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.210529] ================================================================== [ 15.211525] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 15.212262] Write of size 1 at addr fff00000c783600a by task kunit_try_catch/147 [ 15.212446] [ 15.212488] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.212569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.212595] Hardware name: linux,dummy-virt (DT) [ 15.212626] Call trace: [ 15.212647] show_stack+0x20/0x38 (C) [ 15.213745] dump_stack_lvl+0x8c/0xd0 [ 15.214163] print_report+0x118/0x5d0 [ 15.214615] kasan_report+0xdc/0x128 [ 15.214893] __asan_report_store1_noabort+0x20/0x30 [ 15.214949] kmalloc_large_oob_right+0x278/0x2b8 [ 15.214994] kunit_try_run_case+0x170/0x3f0 [ 15.215498] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.215578] kthread+0x328/0x630 [ 15.215963] ret_from_fork+0x10/0x20 [ 15.216904] [ 15.217221] The buggy address belongs to the physical page: [ 15.217388] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107834 [ 15.217444] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.218368] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.218445] page_type: f8(unknown) [ 15.218486] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.218535] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.218583] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.218631] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.218678] head: 0bfffe0000000002 ffffc1ffc31e0d01 00000000ffffffff 00000000ffffffff [ 15.218725] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.218764] page dumped because: kasan: bad access detected [ 15.218794] [ 15.218812] Memory state around the buggy address: [ 15.218842] fff00000c7835f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.218883] fff00000c7835f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.218924] >fff00000c7836000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.218960] ^ [ 15.218989] fff00000c7836080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.219034] fff00000c7836100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.219072] ==================================================================
[ 12.057672] ================================================================== [ 12.058171] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.058552] Write of size 1 at addr ffff8881026ba00a by task kunit_try_catch/163 [ 12.058868] [ 12.058979] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.059021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.059032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.059052] Call Trace: [ 12.059063] <TASK> [ 12.059076] dump_stack_lvl+0x73/0xb0 [ 12.059106] print_report+0xd1/0x610 [ 12.059129] ? __virt_addr_valid+0x1db/0x2d0 [ 12.059151] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.059173] ? kasan_addr_to_slab+0x11/0xa0 [ 12.059194] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.059217] kasan_report+0x141/0x180 [ 12.059239] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.059266] __asan_report_store1_noabort+0x1b/0x30 [ 12.059292] kmalloc_large_oob_right+0x2e9/0x330 [ 12.059314] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.059384] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.059415] kunit_try_run_case+0x1a5/0x480 [ 12.059441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.059472] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.059496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.059520] ? __kthread_parkme+0x82/0x180 [ 12.059540] ? preempt_count_sub+0x50/0x80 [ 12.059564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.059589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.059613] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.059638] kthread+0x337/0x6f0 [ 12.059657] ? trace_preempt_on+0x20/0xc0 [ 12.059680] ? __pfx_kthread+0x10/0x10 [ 12.059700] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.059722] ? calculate_sigpending+0x7b/0xa0 [ 12.059746] ? __pfx_kthread+0x10/0x10 [ 12.059780] ret_from_fork+0x116/0x1d0 [ 12.059799] ? __pfx_kthread+0x10/0x10 [ 12.059819] ret_from_fork_asm+0x1a/0x30 [ 12.059849] </TASK> [ 12.059859] [ 12.066873] The buggy address belongs to the physical page: [ 12.067101] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b8 [ 12.067341] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.067600] flags: 0x200000000000040(head|node=0|zone=2) [ 12.067875] page_type: f8(unknown) [ 12.068066] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.068400] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.068717] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.069154] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.069389] head: 0200000000000002 ffffea000409ae01 00000000ffffffff 00000000ffffffff [ 12.070125] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.070544] page dumped because: kasan: bad access detected [ 12.070719] [ 12.070801] Memory state around the buggy address: [ 12.070977] ffff8881026b9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.071297] ffff8881026b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.071773] >ffff8881026ba000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.072015] ^ [ 12.072191] ffff8881026ba080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.072581] ffff8881026ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.072890] ==================================================================