Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.772858] ================================================================== [ 23.773310] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 23.773580] Write of size 16 at addr fff00000c3fab6a0 by task kunit_try_catch/168 [ 23.773906] [ 23.774102] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 23.774561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.774689] Hardware name: linux,dummy-virt (DT) [ 23.774779] Call trace: [ 23.774832] show_stack+0x20/0x38 (C) [ 23.774952] dump_stack_lvl+0x8c/0xd0 [ 23.775071] print_report+0x118/0x608 [ 23.775730] kasan_report+0xdc/0x128 [ 23.775860] __asan_report_store16_noabort+0x20/0x30 [ 23.775984] kmalloc_oob_16+0x3a0/0x3f8 [ 23.776298] kunit_try_run_case+0x170/0x3f0 [ 23.776516] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.776830] kthread+0x328/0x630 [ 23.776956] ret_from_fork+0x10/0x20 [ 23.777121] [ 23.777171] Allocated by task 168: [ 23.777254] kasan_save_stack+0x3c/0x68 [ 23.777358] kasan_save_track+0x20/0x40 [ 23.777752] kasan_save_alloc_info+0x40/0x58 [ 23.777946] __kasan_kmalloc+0xd4/0xd8 [ 23.778215] __kmalloc_cache_noprof+0x16c/0x3c0 [ 23.778489] kmalloc_oob_16+0xb4/0x3f8 [ 23.778733] kunit_try_run_case+0x170/0x3f0 [ 23.778943] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.779561] kthread+0x328/0x630 [ 23.779835] ret_from_fork+0x10/0x20 [ 23.779961] [ 23.780116] The buggy address belongs to the object at fff00000c3fab6a0 [ 23.780116] which belongs to the cache kmalloc-16 of size 16 [ 23.780306] The buggy address is located 0 bytes inside of [ 23.780306] allocated 13-byte region [fff00000c3fab6a0, fff00000c3fab6ad) [ 23.780552] [ 23.780647] The buggy address belongs to the physical page: [ 23.780757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fab [ 23.781102] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.781225] page_type: f5(slab) [ 23.781443] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 23.781585] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.781712] page dumped because: kasan: bad access detected [ 23.781822] [ 23.781869] Memory state around the buggy address: [ 23.781959] fff00000c3fab580: fa fb fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 23.782111] fff00000c3fab600: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 23.782237] >fff00000c3fab680: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 23.782347] ^ [ 23.782468] fff00000c3fab700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.783091] fff00000c3fab780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.783188] ==================================================================
[ 11.697868] ================================================================== [ 11.698340] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.698945] Write of size 16 at addr ffff888102662f40 by task kunit_try_catch/186 [ 11.699147] [ 11.699276] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 11.699362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.699384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.699420] Call Trace: [ 11.699447] <TASK> [ 11.699483] dump_stack_lvl+0x73/0xb0 [ 11.699535] print_report+0xd1/0x650 [ 11.699571] ? __virt_addr_valid+0x1db/0x2d0 [ 11.699608] ? kmalloc_oob_16+0x452/0x4a0 [ 11.699653] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.699676] ? kmalloc_oob_16+0x452/0x4a0 [ 11.699696] kasan_report+0x141/0x180 [ 11.699717] ? kmalloc_oob_16+0x452/0x4a0 [ 11.699741] __asan_report_store16_noabort+0x1b/0x30 [ 11.699761] kmalloc_oob_16+0x452/0x4a0 [ 11.699781] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.699801] ? __schedule+0x10cc/0x2b60 [ 11.699824] ? __pfx_read_tsc+0x10/0x10 [ 11.699844] ? ktime_get_ts64+0x86/0x230 [ 11.699869] kunit_try_run_case+0x1a5/0x480 [ 11.699895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.699915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.699938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.699959] ? __kthread_parkme+0x82/0x180 [ 11.699981] ? preempt_count_sub+0x50/0x80 [ 11.700005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.700027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.700048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.700068] kthread+0x337/0x6f0 [ 11.700084] ? trace_preempt_on+0x20/0xc0 [ 11.700107] ? __pfx_kthread+0x10/0x10 [ 11.700124] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.700144] ? calculate_sigpending+0x7b/0xa0 [ 11.700165] ? __pfx_kthread+0x10/0x10 [ 11.700182] ret_from_fork+0x41/0x80 [ 11.700201] ? __pfx_kthread+0x10/0x10 [ 11.700217] ret_from_fork_asm+0x1a/0x30 [ 11.700247] </TASK> [ 11.700259] [ 11.711482] Allocated by task 186: [ 11.711850] kasan_save_stack+0x45/0x70 [ 11.712173] kasan_save_track+0x18/0x40 [ 11.712473] kasan_save_alloc_info+0x3b/0x50 [ 11.712748] __kasan_kmalloc+0xb7/0xc0 [ 11.713029] __kmalloc_cache_noprof+0x189/0x420 [ 11.713246] kmalloc_oob_16+0xa8/0x4a0 [ 11.713408] kunit_try_run_case+0x1a5/0x480 [ 11.713928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.714829] kthread+0x337/0x6f0 [ 11.715111] ret_from_fork+0x41/0x80 [ 11.715526] ret_from_fork_asm+0x1a/0x30 [ 11.715846] [ 11.715954] The buggy address belongs to the object at ffff888102662f40 [ 11.715954] which belongs to the cache kmalloc-16 of size 16 [ 11.716657] The buggy address is located 0 bytes inside of [ 11.716657] allocated 13-byte region [ffff888102662f40, ffff888102662f4d) [ 11.717275] [ 11.717684] The buggy address belongs to the physical page: [ 11.718074] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102662 [ 11.718970] flags: 0x200000000000000(node=0|zone=2) [ 11.719277] page_type: f5(slab) [ 11.719742] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.720127] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.720661] page dumped because: kasan: bad access detected [ 11.721004] [ 11.721104] Memory state around the buggy address: [ 11.721414] ffff888102662e00: 00 02 fc fc 00 05 fc fc 00 02 fc fc 00 02 fc fc [ 11.721885] ffff888102662e80: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 11.722166] >ffff888102662f00: fa fb fc fc 00 05 fc fc 00 05 fc fc 00 00 fc fc [ 11.722578] ^ [ 11.723602] ffff888102662f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.723994] ffff888102663000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.724442] ==================================================================