Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 19.133640] ================================================================== [ 19.143091] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 19.150554] Write of size 1 at addr ffff00080310600a by task kunit_try_catch/195 [ 19.157931] [ 19.159419] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 19.159473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.159487] Hardware name: WinLink E850-96 board (DT) [ 19.159509] Call trace: [ 19.159524] show_stack+0x20/0x38 (C) [ 19.159561] dump_stack_lvl+0x8c/0xd0 [ 19.159596] print_report+0x118/0x608 [ 19.159627] kasan_report+0xdc/0x128 [ 19.159657] __asan_report_store1_noabort+0x20/0x30 [ 19.159692] kmalloc_large_oob_right+0x278/0x2b8 [ 19.159724] kunit_try_run_case+0x170/0x3f0 [ 19.159760] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.159798] kthread+0x328/0x630 [ 19.159832] ret_from_fork+0x10/0x20 [ 19.159866] [ 19.222776] The buggy address belongs to the physical page: [ 19.228334] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883104 [ 19.236318] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.243956] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.250898] page_type: f8(unknown) [ 19.254300] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.262016] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.269742] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.277553] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.285367] head: 0bfffe0000000002 fffffdffe00c4101 00000000ffffffff 00000000ffffffff [ 19.293179] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.300987] page dumped because: kasan: bad access detected [ 19.306540] [ 19.308015] Memory state around the buggy address: [ 19.312795] ffff000803105f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.319998] ffff000803105f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.327205] >ffff000803106000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.334404] ^ [ 19.337880] ffff000803106080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.345085] ffff000803106100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.352288] ==================================================================
[ 15.337692] ================================================================== [ 15.337876] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 15.337961] Write of size 1 at addr fff00000c656200a by task kunit_try_catch/151 [ 15.338019] [ 15.338270] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.338489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.338638] Hardware name: linux,dummy-virt (DT) [ 15.338672] Call trace: [ 15.338786] show_stack+0x20/0x38 (C) [ 15.338839] dump_stack_lvl+0x8c/0xd0 [ 15.339165] print_report+0x118/0x608 [ 15.339292] kasan_report+0xdc/0x128 [ 15.339336] __asan_report_store1_noabort+0x20/0x30 [ 15.339479] kmalloc_large_oob_right+0x278/0x2b8 [ 15.339713] kunit_try_run_case+0x170/0x3f0 [ 15.339918] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.340014] kthread+0x328/0x630 [ 15.340061] ret_from_fork+0x10/0x20 [ 15.340128] [ 15.340181] The buggy address belongs to the physical page: [ 15.340215] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560 [ 15.340594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.340740] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.340920] page_type: f8(unknown) [ 15.340996] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.341202] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.341280] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.341540] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.341780] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff [ 15.341876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.341917] page dumped because: kasan: bad access detected [ 15.342280] [ 15.342477] Memory state around the buggy address: [ 15.342711] fff00000c6561f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.342926] fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.343137] >fff00000c6562000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.343174] ^ [ 15.343246] fff00000c6562080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.343809] fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.344034] ==================================================================
[ 13.456751] ================================================================== [ 13.457425] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 13.457848] Write of size 1 at addr ffff8881022a600a by task kunit_try_catch/167 [ 13.458177] [ 13.458331] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.459242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.459267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.459304] Call Trace: [ 13.459330] <TASK> [ 13.459378] dump_stack_lvl+0x73/0xb0 [ 13.459418] print_report+0xd1/0x650 [ 13.459445] ? __virt_addr_valid+0x1db/0x2d0 [ 13.459470] ? kmalloc_large_oob_right+0x2e9/0x330 [ 13.459495] ? kasan_addr_to_slab+0x11/0xa0 [ 13.459518] ? kmalloc_large_oob_right+0x2e9/0x330 [ 13.459543] kasan_report+0x141/0x180 [ 13.459567] ? kmalloc_large_oob_right+0x2e9/0x330 [ 13.459596] __asan_report_store1_noabort+0x1b/0x30 [ 13.459619] kmalloc_large_oob_right+0x2e9/0x330 [ 13.459644] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 13.459669] ? __schedule+0x10cc/0x2b60 [ 13.459695] ? __pfx_read_tsc+0x10/0x10 [ 13.459716] ? ktime_get_ts64+0x86/0x230 [ 13.459745] kunit_try_run_case+0x1a5/0x480 [ 13.459773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.459796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.459822] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.459847] ? __kthread_parkme+0x82/0x180 [ 13.459871] ? preempt_count_sub+0x50/0x80 [ 13.459899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.459924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.459949] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.459973] kthread+0x337/0x6f0 [ 13.459991] ? trace_preempt_on+0x20/0xc0 [ 13.460016] ? __pfx_kthread+0x10/0x10 [ 13.460036] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.460059] ? calculate_sigpending+0x7b/0xa0 [ 13.460092] ? __pfx_kthread+0x10/0x10 [ 13.460111] ret_from_fork+0x41/0x80 [ 13.460133] ? __pfx_kthread+0x10/0x10 [ 13.460153] ret_from_fork_asm+0x1a/0x30 [ 13.460186] </TASK> [ 13.460199] [ 13.473177] The buggy address belongs to the physical page: [ 13.473656] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a4 [ 13.474064] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.474410] flags: 0x200000000000040(head|node=0|zone=2) [ 13.474715] page_type: f8(unknown) [ 13.475215] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.475955] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.477066] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.477797] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.478525] head: 0200000000000002 ffffea000408a901 00000000ffffffff 00000000ffffffff [ 13.478927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.479786] page dumped because: kasan: bad access detected [ 13.480189] [ 13.480384] Memory state around the buggy address: [ 13.481061] ffff8881022a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.481729] ffff8881022a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.482397] >ffff8881022a6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.482694] ^ [ 13.483004] ffff8881022a6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.483389] ffff8881022a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.484014] ==================================================================
[ 20.633119] ================================================================== [ 20.644442] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 20.651929] Write of size 1 at addr ffff888102a3200a by task kunit_try_catch/189 [ 20.659347] [ 20.660847] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 20.660855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.660857] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.660860] Call Trace: [ 20.660862] <TASK> [ 20.660864] dump_stack_lvl+0x73/0xb0 [ 20.660867] print_report+0xd1/0x650 [ 20.660872] ? __virt_addr_valid+0x1db/0x2d0 [ 20.660875] ? kmalloc_large_oob_right+0x2e9/0x330 [ 20.660880] ? kasan_addr_to_slab+0x11/0xa0 [ 20.660884] ? kmalloc_large_oob_right+0x2e9/0x330 [ 20.660888] kasan_report+0x141/0x180 [ 20.660892] ? kmalloc_large_oob_right+0x2e9/0x330 [ 20.660914] __asan_report_store1_noabort+0x1b/0x30 [ 20.660919] kmalloc_large_oob_right+0x2e9/0x330 [ 20.660923] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 20.660942] ? __schedule+0x10cc/0x2b60 [ 20.660947] ? ktime_get_ts64+0x83/0x230 [ 20.660964] kunit_try_run_case+0x1a2/0x480 [ 20.660969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.660974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.660978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.660995] ? __kthread_parkme+0x82/0x180 [ 20.660999] ? preempt_count_sub+0x50/0x80 [ 20.661004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.661009] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.661013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.661017] kthread+0x334/0x6f0 [ 20.661020] ? trace_preempt_on+0x20/0xc0 [ 20.661025] ? __pfx_kthread+0x10/0x10 [ 20.661028] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.661032] ? calculate_sigpending+0x7b/0xa0 [ 20.661036] ? __pfx_kthread+0x10/0x10 [ 20.661039] ret_from_fork+0x3e/0x80 [ 20.661043] ? __pfx_kthread+0x10/0x10 [ 20.661046] ret_from_fork_asm+0x1a/0x30 [ 20.661051] </TASK> [ 20.661053] [ 20.825340] The buggy address belongs to the physical page: [ 20.830929] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 20.838975] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.846633] flags: 0x200000000000040(head|node=0|zone=2) [ 20.851970] page_type: f8(unknown) [ 20.855380] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.863126] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.870868] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.878701] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.886527] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff [ 20.894352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.902178] page dumped because: kasan: bad access detected [ 20.907751] [ 20.909251] Memory state around the buggy address: [ 20.914043] ffff888102a31f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.921264] ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.928492] >ffff888102a32000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.935710] ^ [ 20.939203] ffff888102a32080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.946422] ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.953641] ==================================================================