Date
June 17, 2025, 3:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 20.968298] ================================================================== [ 20.968444] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 20.968605] Read of size 1 at addr fff00000c4799880 by task kunit_try_catch/138 [ 20.968763] [ 20.968840] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 20.969018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.969087] Hardware name: linux,dummy-virt (DT) [ 20.969162] Call trace: [ 20.969206] show_stack+0x20/0x38 (C) [ 20.969324] dump_stack_lvl+0x8c/0xd0 [ 20.969433] print_report+0x118/0x608 [ 20.969550] kasan_report+0xdc/0x128 [ 20.969661] __asan_report_load1_noabort+0x20/0x30 [ 20.969880] kmalloc_oob_right+0x5d0/0x660 [ 20.969994] kunit_try_run_case+0x170/0x3f0 [ 20.970095] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.970215] kthread+0x328/0x630 [ 20.970306] ret_from_fork+0x10/0x20 [ 20.970411] [ 20.970457] Allocated by task 138: [ 20.970516] kasan_save_stack+0x3c/0x68 [ 20.970591] kasan_save_track+0x20/0x40 [ 20.970703] kasan_save_alloc_info+0x40/0x58 [ 20.970802] __kasan_kmalloc+0xd4/0xd8 [ 20.970879] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.970971] kmalloc_oob_right+0xb0/0x660 [ 20.971150] kunit_try_run_case+0x170/0x3f0 [ 20.971308] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.971459] kthread+0x328/0x630 [ 20.971551] ret_from_fork+0x10/0x20 [ 20.971642] [ 20.971713] The buggy address belongs to the object at fff00000c4799800 [ 20.971713] which belongs to the cache kmalloc-128 of size 128 [ 20.971873] The buggy address is located 13 bytes to the right of [ 20.971873] allocated 115-byte region [fff00000c4799800, fff00000c4799873) [ 20.972036] [ 20.972088] The buggy address belongs to the physical page: [ 20.972175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104799 [ 20.972308] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.972431] page_type: f5(slab) [ 20.972531] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.972658] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.972772] page dumped because: kasan: bad access detected [ 20.972852] [ 20.972896] Memory state around the buggy address: [ 20.972977] fff00000c4799780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.973088] fff00000c4799800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.973198] >fff00000c4799880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.973296] ^ [ 20.973367] fff00000c4799900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.973489] fff00000c4799980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.973590] ================================================================== [ 20.958634] ================================================================== [ 20.958782] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 20.958926] Write of size 1 at addr fff00000c4799878 by task kunit_try_catch/138 [ 20.959122] [ 20.959214] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.15.3-rc1 #1 PREEMPT [ 20.959567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.959652] Hardware name: linux,dummy-virt (DT) [ 20.959723] Call trace: [ 20.959784] show_stack+0x20/0x38 (C) [ 20.960388] dump_stack_lvl+0x8c/0xd0 [ 20.960830] print_report+0x118/0x608 [ 20.960963] kasan_report+0xdc/0x128 [ 20.961965] __asan_report_store1_noabort+0x20/0x30 [ 20.962136] kmalloc_oob_right+0x538/0x660 [ 20.962231] kunit_try_run_case+0x170/0x3f0 [ 20.962330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.962442] kthread+0x328/0x630 [ 20.962542] ret_from_fork+0x10/0x20 [ 20.962649] [ 20.962691] Allocated by task 138: [ 20.962770] kasan_save_stack+0x3c/0x68 [ 20.962857] kasan_save_track+0x20/0x40 [ 20.963494] kasan_save_alloc_info+0x40/0x58 [ 20.963609] __kasan_kmalloc+0xd4/0xd8 [ 20.963712] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.963828] kmalloc_oob_right+0xb0/0x660 [ 20.963914] kunit_try_run_case+0x170/0x3f0 [ 20.964004] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.965060] kthread+0x328/0x630 [ 20.965197] ret_from_fork+0x10/0x20 [ 20.965391] [ 20.965443] The buggy address belongs to the object at fff00000c4799800 [ 20.965443] which belongs to the cache kmalloc-128 of size 128 [ 20.965584] The buggy address is located 5 bytes to the right of [ 20.965584] allocated 115-byte region [fff00000c4799800, fff00000c4799873) [ 20.965706] [ 20.965758] The buggy address belongs to the physical page: [ 20.965842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104799 [ 20.965957] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.966062] page_type: f5(slab) [ 20.966143] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.966251] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.966344] page dumped because: kasan: bad access detected [ 20.966408] [ 20.966441] Memory state around the buggy address: [ 20.966509] fff00000c4799700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.966642] fff00000c4799780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.966764] >fff00000c4799800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.966859] ^ [ 20.966966] fff00000c4799880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.967065] fff00000c4799900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.967191] ================================================================== [ 20.943413] ================================================================== [ 20.944102] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 20.946924] Write of size 1 at addr fff00000c4799873 by task kunit_try_catch/138 [ 20.947140] [ 20.948807] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G N 6.15.3-rc1 #1 PREEMPT [ 20.949133] Tainted: [N]=TEST [ 20.949210] Hardware name: linux,dummy-virt (DT) [ 20.949670] Call trace: [ 20.950040] show_stack+0x20/0x38 (C) [ 20.950331] dump_stack_lvl+0x8c/0xd0 [ 20.950475] print_report+0x118/0x608 [ 20.950575] kasan_report+0xdc/0x128 [ 20.950661] __asan_report_store1_noabort+0x20/0x30 [ 20.951094] kmalloc_oob_right+0x5a4/0x660 [ 20.951216] kunit_try_run_case+0x170/0x3f0 [ 20.951337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.951457] kthread+0x328/0x630 [ 20.951559] ret_from_fork+0x10/0x20 [ 20.952082] [ 20.952182] Allocated by task 138: [ 20.952428] kasan_save_stack+0x3c/0x68 [ 20.952575] kasan_save_track+0x20/0x40 [ 20.952659] kasan_save_alloc_info+0x40/0x58 [ 20.952764] __kasan_kmalloc+0xd4/0xd8 [ 20.952842] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.952940] kmalloc_oob_right+0xb0/0x660 [ 20.953028] kunit_try_run_case+0x170/0x3f0 [ 20.953156] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.953263] kthread+0x328/0x630 [ 20.953395] ret_from_fork+0x10/0x20 [ 20.953570] [ 20.953748] The buggy address belongs to the object at fff00000c4799800 [ 20.953748] which belongs to the cache kmalloc-128 of size 128 [ 20.953997] The buggy address is located 0 bytes to the right of [ 20.953997] allocated 115-byte region [fff00000c4799800, fff00000c4799873) [ 20.954230] [ 20.954608] The buggy address belongs to the physical page: [ 20.955006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104799 [ 20.955378] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.955769] page_type: f5(slab) [ 20.956187] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.956264] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.956401] page dumped because: kasan: bad access detected [ 20.956451] [ 20.956482] Memory state around the buggy address: [ 20.956773] fff00000c4799700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.956859] fff00000c4799780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.956924] >fff00000c4799800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.956986] ^ [ 20.957087] fff00000c4799880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.957135] fff00000c4799900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.957210] ==================================================================