Date
July 3, 2025, 3:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 15.277540] ================================================================== [ 15.277696] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 15.277759] Write of size 1 at addr fff00000c65be00a by task kunit_try_catch/149 [ 15.277916] [ 15.277967] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT [ 15.278057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.278083] Hardware name: linux,dummy-virt (DT) [ 15.278249] Call trace: [ 15.278343] show_stack+0x20/0x38 (C) [ 15.278689] dump_stack_lvl+0x8c/0xd0 [ 15.278911] print_report+0x118/0x608 [ 15.278978] kasan_report+0xdc/0x128 [ 15.279365] __asan_report_store1_noabort+0x20/0x30 [ 15.279512] kmalloc_large_oob_right+0x278/0x2b8 [ 15.279663] kunit_try_run_case+0x170/0x3f0 [ 15.279827] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.280004] kthread+0x328/0x630 [ 15.280240] ret_from_fork+0x10/0x20 [ 15.280371] [ 15.280748] The buggy address belongs to the physical page: [ 15.280885] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065bc [ 15.281153] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.281368] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.281500] page_type: f8(unknown) [ 15.281635] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.281762] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.281879] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.282122] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.282245] head: 0bfffe0000000002 ffffc1ffc3196f01 00000000ffffffff 00000000ffffffff [ 15.282413] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.282588] page dumped because: kasan: bad access detected [ 15.282758] [ 15.282812] Memory state around the buggy address: [ 15.282845] fff00000c65bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.282912] fff00000c65bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.282961] >fff00000c65be000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.283311] ^ [ 15.283407] fff00000c65be080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.283460] fff00000c65be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.283501] ==================================================================
[ 10.699933] ================================================================== [ 10.700476] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 10.701004] Write of size 1 at addr ffff8881031a600a by task kunit_try_catch/165 [ 10.701308] [ 10.701463] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc1 #1 PREEMPT(voluntary) [ 10.701509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.701521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.701542] Call Trace: [ 10.701563] <TASK> [ 10.701581] dump_stack_lvl+0x73/0xb0 [ 10.701609] print_report+0xd1/0x650 [ 10.701632] ? __virt_addr_valid+0x1db/0x2d0 [ 10.701655] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.701677] ? kasan_addr_to_slab+0x11/0xa0 [ 10.701699] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.701722] kasan_report+0x141/0x180 [ 10.701745] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.701773] __asan_report_store1_noabort+0x1b/0x30 [ 10.701795] kmalloc_large_oob_right+0x2e9/0x330 [ 10.701818] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 10.701843] ? __schedule+0x207f/0x2b60 [ 10.701867] ? __pfx_read_tsc+0x10/0x10 [ 10.701887] ? ktime_get_ts64+0x86/0x230 [ 10.701914] kunit_try_run_case+0x1a5/0x480 [ 10.701938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.701961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.701985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.702009] ? __kthread_parkme+0x82/0x180 [ 10.702031] ? preempt_count_sub+0x50/0x80 [ 10.702057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.702081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.702105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.702128] kthread+0x337/0x6f0 [ 10.702145] ? trace_preempt_on+0x20/0xc0 [ 10.702168] ? __pfx_kthread+0x10/0x10 [ 10.702187] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.702208] ? calculate_sigpending+0x7b/0xa0 [ 10.702230] ? __pfx_kthread+0x10/0x10 [ 10.702387] ret_from_fork+0x41/0x80 [ 10.702410] ? __pfx_kthread+0x10/0x10 [ 10.702429] ret_from_fork_asm+0x1a/0x30 [ 10.702460] </TASK> [ 10.702471] [ 10.709947] The buggy address belongs to the physical page: [ 10.710230] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a4 [ 10.710607] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.710961] flags: 0x200000000000040(head|node=0|zone=2) [ 10.711217] page_type: f8(unknown) [ 10.711683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.711989] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.712273] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.712615] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.712988] head: 0200000000000002 ffffea00040c6901 00000000ffffffff 00000000ffffffff [ 10.713250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.713549] page dumped because: kasan: bad access detected [ 10.713996] [ 10.714092] Memory state around the buggy address: [ 10.714543] ffff8881031a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.714827] ffff8881031a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.715093] >ffff8881031a6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.715324] ^ [ 10.715502] ffff8881031a6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.715814] ffff8881031a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.716374] ==================================================================