Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.635647] ================================================================== [ 15.635716] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 15.635821] Write of size 1 at addr fff00000c65fa00a by task kunit_try_catch/147 [ 15.635885] [ 15.635922] CPU: 0 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 15.636002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.636050] Hardware name: linux,dummy-virt (DT) [ 15.636128] Call trace: [ 15.636162] show_stack+0x20/0x38 (C) [ 15.636232] dump_stack_lvl+0x8c/0xd0 [ 15.636278] print_report+0x118/0x5d0 [ 15.636322] kasan_report+0xdc/0x128 [ 15.636367] __asan_report_store1_noabort+0x20/0x30 [ 15.636427] kmalloc_large_oob_right+0x278/0x2b8 [ 15.636474] kunit_try_run_case+0x170/0x3f0 [ 15.636521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.636572] kthread+0x328/0x630 [ 15.636620] ret_from_fork+0x10/0x20 [ 15.636739] [ 15.636777] The buggy address belongs to the physical page: [ 15.636810] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f8 [ 15.636946] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.637250] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.637788] page_type: f8(unknown) [ 15.637837] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.638100] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.638504] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.638615] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.638763] head: 0bfffe0000000002 ffffc1ffc3197e01 00000000ffffffff 00000000ffffffff [ 15.638830] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.638958] page dumped because: kasan: bad access detected [ 15.639005] [ 15.639046] Memory state around the buggy address: [ 15.639280] fff00000c65f9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.639603] fff00000c65f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.639676] >fff00000c65fa000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.640003] ^ [ 15.640138] fff00000c65fa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.640261] fff00000c65fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.640320] ==================================================================
[ 16.505093] ================================================================== [ 16.505166] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 16.505301] Write of size 1 at addr fff00000c782e00a by task kunit_try_catch/147 [ 16.505353] [ 16.505388] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 16.505487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.505514] Hardware name: linux,dummy-virt (DT) [ 16.505562] Call trace: [ 16.505651] show_stack+0x20/0x38 (C) [ 16.505701] dump_stack_lvl+0x8c/0xd0 [ 16.505747] print_report+0x118/0x5d0 [ 16.506011] kasan_report+0xdc/0x128 [ 16.506103] __asan_report_store1_noabort+0x20/0x30 [ 16.506173] kmalloc_large_oob_right+0x278/0x2b8 [ 16.506260] kunit_try_run_case+0x170/0x3f0 [ 16.506328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.506380] kthread+0x328/0x630 [ 16.506420] ret_from_fork+0x10/0x20 [ 16.506466] [ 16.506504] The buggy address belongs to the physical page: [ 16.506538] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10782c [ 16.506594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.506640] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.506813] page_type: f8(unknown) [ 16.506884] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.506963] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.507051] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.507129] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.507201] head: 0bfffe0000000002 ffffc1ffc31e0b01 00000000ffffffff 00000000ffffffff [ 16.507251] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.507565] page dumped because: kasan: bad access detected [ 16.507663] [ 16.507704] Memory state around the buggy address: [ 16.507788] fff00000c782df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.507831] fff00000c782df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.507873] >fff00000c782e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.507910] ^ [ 16.507957] fff00000c782e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.508000] fff00000c782e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.508037] ==================================================================
[ 12.023500] ================================================================== [ 12.024077] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.024327] Write of size 1 at addr ffff888103a0a00a by task kunit_try_catch/163 [ 12.025571] [ 12.025905] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.025972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.025983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.026003] Call Trace: [ 12.026015] <TASK> [ 12.026029] dump_stack_lvl+0x73/0xb0 [ 12.026058] print_report+0xd1/0x610 [ 12.026080] ? __virt_addr_valid+0x1db/0x2d0 [ 12.026102] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.026125] ? kasan_addr_to_slab+0x11/0xa0 [ 12.026146] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.026169] kasan_report+0x141/0x180 [ 12.026191] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.026218] __asan_report_store1_noabort+0x1b/0x30 [ 12.026244] kmalloc_large_oob_right+0x2e9/0x330 [ 12.026266] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.026290] ? __schedule+0x10cc/0x2b60 [ 12.026312] ? __pfx_read_tsc+0x10/0x10 [ 12.026333] ? ktime_get_ts64+0x86/0x230 [ 12.026357] kunit_try_run_case+0x1a5/0x480 [ 12.026382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.026413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.026437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.026469] ? __kthread_parkme+0x82/0x180 [ 12.026489] ? preempt_count_sub+0x50/0x80 [ 12.026513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.026537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.026561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.026586] kthread+0x337/0x6f0 [ 12.026605] ? trace_preempt_on+0x20/0xc0 [ 12.026627] ? __pfx_kthread+0x10/0x10 [ 12.026647] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.026669] ? calculate_sigpending+0x7b/0xa0 [ 12.026693] ? __pfx_kthread+0x10/0x10 [ 12.026714] ret_from_fork+0x116/0x1d0 [ 12.026733] ? __pfx_kthread+0x10/0x10 [ 12.026754] ret_from_fork_asm+0x1a/0x30 [ 12.026784] </TASK> [ 12.026795] [ 12.042009] The buggy address belongs to the physical page: [ 12.042647] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a08 [ 12.043646] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.044419] flags: 0x200000000000040(head|node=0|zone=2) [ 12.044936] page_type: f8(unknown) [ 12.045072] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.045305] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.045888] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.046634] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.046931] head: 0200000000000002 ffffea00040e8201 00000000ffffffff 00000000ffffffff [ 12.047282] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.047638] page dumped because: kasan: bad access detected [ 12.047887] [ 12.047970] Memory state around the buggy address: [ 12.048191] ffff888103a09f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.048983] ffff888103a09f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.049358] >ffff888103a0a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.049834] ^ [ 12.050150] ffff888103a0a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.050585] ffff888103a0a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.051046] ==================================================================
[ 12.267231] ================================================================== [ 12.268354] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.268609] Write of size 1 at addr ffff888102caa00a by task kunit_try_catch/164 [ 12.269719] [ 12.270045] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 12.270154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.270256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.270280] Call Trace: [ 12.270293] <TASK> [ 12.270308] dump_stack_lvl+0x73/0xb0 [ 12.270342] print_report+0xd1/0x610 [ 12.270364] ? __virt_addr_valid+0x1db/0x2d0 [ 12.270404] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.270427] ? kasan_addr_to_slab+0x11/0xa0 [ 12.270447] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.270470] kasan_report+0x141/0x180 [ 12.270492] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.270519] __asan_report_store1_noabort+0x1b/0x30 [ 12.270545] kmalloc_large_oob_right+0x2e9/0x330 [ 12.270568] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.270592] ? __schedule+0x10cc/0x2b60 [ 12.270616] ? __pfx_read_tsc+0x10/0x10 [ 12.270649] ? ktime_get_ts64+0x86/0x230 [ 12.270675] kunit_try_run_case+0x1a5/0x480 [ 12.270700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.270729] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.270753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.270777] ? __kthread_parkme+0x82/0x180 [ 12.270798] ? preempt_count_sub+0x50/0x80 [ 12.270823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.270848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.270872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.270898] kthread+0x337/0x6f0 [ 12.270917] ? trace_preempt_on+0x20/0xc0 [ 12.270940] ? __pfx_kthread+0x10/0x10 [ 12.270960] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.270982] ? calculate_sigpending+0x7b/0xa0 [ 12.271006] ? __pfx_kthread+0x10/0x10 [ 12.271027] ret_from_fork+0x116/0x1d0 [ 12.271046] ? __pfx_kthread+0x10/0x10 [ 12.271077] ret_from_fork_asm+0x1a/0x30 [ 12.271108] </TASK> [ 12.271125] [ 12.287590] The buggy address belongs to the physical page: [ 12.287781] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca8 [ 12.288078] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.288788] flags: 0x200000000000040(head|node=0|zone=2) [ 12.289423] page_type: f8(unknown) [ 12.289852] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.290600] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.291428] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.292300] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.293066] head: 0200000000000002 ffffea00040b2a01 00000000ffffffff 00000000ffffffff [ 12.293950] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.294589] page dumped because: kasan: bad access detected [ 12.295001] [ 12.295218] Memory state around the buggy address: [ 12.295720] ffff888102ca9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.296191] ffff888102ca9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.296811] >ffff888102caa000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.297028] ^ [ 12.297181] ffff888102caa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.297898] ffff888102caa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.298609] ==================================================================