Date
June 17, 2025, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.628850] ================================================================== [ 16.629142] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 16.629217] Write of size 1 at addr fff00000c177a00a by task kunit_try_catch/155 [ 16.629268] [ 16.629307] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT [ 16.629488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.629581] Hardware name: linux,dummy-virt (DT) [ 16.629654] Call trace: [ 16.629695] show_stack+0x20/0x38 (C) [ 16.629750] dump_stack_lvl+0x8c/0xd0 [ 16.629799] print_report+0x118/0x608 [ 16.629846] kasan_report+0xdc/0x128 [ 16.630103] __asan_report_store1_noabort+0x20/0x30 [ 16.630199] kmalloc_large_oob_right+0x278/0x2b8 [ 16.630259] kunit_try_run_case+0x170/0x3f0 [ 16.630348] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.630487] kthread+0x328/0x630 [ 16.630530] ret_from_fork+0x10/0x20 [ 16.630579] [ 16.630619] The buggy address belongs to the physical page: [ 16.630654] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101778 [ 16.630710] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.630969] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.631141] page_type: f8(unknown) [ 16.631515] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.631587] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.631685] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.631757] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.631867] head: 0bfffe0000000002 ffffc1ffc305de01 00000000ffffffff 00000000ffffffff [ 16.631974] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.632049] page dumped because: kasan: bad access detected [ 16.632149] [ 16.632197] Memory state around the buggy address: [ 16.632260] fff00000c1779f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.632591] fff00000c1779f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.632666] >fff00000c177a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.632737] ^ [ 16.632785] fff00000c177a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.632849] fff00000c177a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.632902] ==================================================================
[ 16.965101] ================================================================== [ 16.966147] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 16.967403] Write of size 1 at addr ffff88810395600a by task kunit_try_catch/173 [ 16.967961] [ 16.968379] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 16.968566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.968605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.968662] Call Trace: [ 16.968699] <TASK> [ 16.968744] dump_stack_lvl+0x73/0xb0 [ 16.968793] print_report+0xd1/0x650 [ 16.968825] ? __virt_addr_valid+0x1db/0x2d0 [ 16.968892] ? kmalloc_large_oob_right+0x2e9/0x330 [ 16.968925] ? kasan_addr_to_slab+0x11/0xa0 [ 16.968955] ? kmalloc_large_oob_right+0x2e9/0x330 [ 16.968987] kasan_report+0x141/0x180 [ 16.969017] ? kmalloc_large_oob_right+0x2e9/0x330 [ 16.969052] __asan_report_store1_noabort+0x1b/0x30 [ 16.969088] kmalloc_large_oob_right+0x2e9/0x330 [ 16.969119] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 16.969150] ? __schedule+0x10cc/0x2b60 [ 16.969178] ? __pfx_read_tsc+0x10/0x10 [ 16.969207] ? ktime_get_ts64+0x86/0x230 [ 16.969336] kunit_try_run_case+0x1a5/0x480 [ 16.969416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.969491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.969557] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.969657] ? __kthread_parkme+0x82/0x180 [ 16.969693] ? preempt_count_sub+0x50/0x80 [ 16.969726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.969759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.969792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.969824] kthread+0x337/0x6f0 [ 16.969890] ? trace_preempt_on+0x20/0xc0 [ 16.969925] ? __pfx_kthread+0x10/0x10 [ 16.969952] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.969985] ? calculate_sigpending+0x7b/0xa0 [ 16.970018] ? __pfx_kthread+0x10/0x10 [ 16.970046] ret_from_fork+0x116/0x1d0 [ 16.970071] ? __pfx_kthread+0x10/0x10 [ 16.970098] ret_from_fork_asm+0x1a/0x30 [ 16.970137] </TASK> [ 16.970153] [ 16.986753] The buggy address belongs to the physical page: [ 16.987650] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103954 [ 16.988405] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.989155] flags: 0x200000000000040(head|node=0|zone=2) [ 16.989777] page_type: f8(unknown) [ 16.990145] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.990942] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.991699] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.992686] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.993444] head: 0200000000000002 ffffea00040e5501 00000000ffffffff 00000000ffffffff [ 16.994143] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.994988] page dumped because: kasan: bad access detected [ 16.995579] [ 16.995782] Memory state around the buggy address: [ 16.996206] ffff888103955f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.996889] ffff888103955f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.997468] >ffff888103956000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.998538] ^ [ 16.998793] ffff888103956080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.999821] ffff888103956100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.000528] ==================================================================