Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 67.028442] ================================================================== [ 67.039916] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x314/0x34c [ 67.047546] Read of size 1 at addr f2693c8a by task kunit_try_catch/309 [ 67.054199] [ 67.055694] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 67.055725] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 67.055755] Hardware name: Generic DRA74X (Flattened Device Tree) [ 67.055755] Call trace: [ 67.055755] unwind_backtrace from show_stack+0x18/0x1c [ 67.055786] show_stack from dump_stack_lvl+0x70/0x90 [ 67.055816] dump_stack_lvl from print_report+0x158/0x528 [ 67.055847] print_report from kasan_report+0xdc/0x118 [ 67.055877] kasan_report from kasan_alloca_oob_right+0x314/0x34c [ 67.055877] kasan_alloca_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 67.055908] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 67.055938] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 67.055969] kthread from ret_from_fork+0x14/0x20 [ 67.055999] Exception stack(0xf2693fb0 to 0xf2693ff8) [ 67.055999] 3fa0: 00000000 00000000 00000000 00000000 [ 67.056030] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 67.056030] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 67.056060] [ 67.161804] The buggy address belongs to stack of task kunit_try_catch/309 [ 67.168731] [ 67.170227] The buggy address belongs to the virtual mapping at [ 67.170227] [f2690000, f2695000) created by: [ 67.170227] kernel_clone+0x174/0x794 [ 67.184234] [ 67.185729] The buggy address belongs to the physical page: [ 67.191345] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0xb0d7a [ 67.198638] flags: 0x80000000(zone=2) [ 67.202331] raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 [ 67.210479] raw: 00000000 [ 67.213104] page dumped because: kasan: bad access detected [ 67.218719] [ 67.220214] Memory state around the buggy address: [ 67.225036] f2693b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.231628] f2693c00: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca [ 67.238189] >f2693c80: 00 02 cb cb cb cb cb cb 00 00 00 00 00 00 00 00 [ 67.244750] ^ [ 67.247589] f2693d00: f1 f1 f1 f1 f1 f1 01 f2 04 f2 04 f2 00 f3 f3 f3 [ 67.254150] f2693d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.260711] ==================================================================
[ 41.082091] ================================================================== [ 41.093499] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 41.101075] Read of size 1 at addr ffff88810527fc4a by task kunit_try_catch/296 [ 41.108390] [ 41.109888] CPU: 1 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 41.109896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 41.109898] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 41.109902] Call Trace: [ 41.109904] <TASK> [ 41.109905] dump_stack_lvl+0x73/0xb0 [ 41.109909] print_report+0xd1/0x650 [ 41.109914] ? __virt_addr_valid+0x1db/0x2d0 [ 41.109918] ? kasan_alloca_oob_right+0x329/0x390 [ 41.109922] ? kasan_addr_to_slab+0x11/0xa0 [ 41.109926] ? kasan_alloca_oob_right+0x329/0x390 [ 41.109931] kasan_report+0x141/0x180 [ 41.109935] ? kasan_alloca_oob_right+0x329/0x390 [ 41.109940] __asan_report_load1_noabort+0x18/0x20 [ 41.109944] kasan_alloca_oob_right+0x329/0x390 [ 41.109949] ? finish_task_switch.isra.0+0x153/0x700 [ 41.109953] ? rwsem_down_read_slowpath+0x64e/0xb90 [ 41.109957] ? trace_hardirqs_on+0x37/0xe0 [ 41.109962] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 41.109967] ? __schedule+0x10cc/0x2b30 [ 41.109972] ? ktime_get_ts64+0x83/0x230 [ 41.109976] kunit_try_run_case+0x1a2/0x480 [ 41.109981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 41.109985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 41.109990] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 41.109994] ? __kthread_parkme+0x82/0x180 [ 41.109999] ? preempt_count_sub+0x50/0x80 [ 41.110003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 41.110008] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 41.110012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 41.110016] kthread+0x334/0x6f0 [ 41.110020] ? trace_preempt_on+0x20/0xc0 [ 41.110025] ? __pfx_kthread+0x10/0x10 [ 41.110029] ? _raw_spin_unlock_irq+0x47/0x80 [ 41.110033] ? calculate_sigpending+0x7b/0xa0 [ 41.110037] ? __pfx_kthread+0x10/0x10 [ 41.110041] ret_from_fork+0x3e/0x80 [ 41.110046] ? __pfx_kthread+0x10/0x10 [ 41.110050] ret_from_fork_asm+0x1a/0x30 [ 41.110056] </TASK> [ 41.110057] [ 41.287781] The buggy address belongs to stack of task kunit_try_catch/296 [ 41.294654] [ 41.296150] The buggy address belongs to the physical page: [ 41.301736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 41.309743] flags: 0x200000000000000(node=0|zone=2) [ 41.314630] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 41.322376] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 41.330114] page dumped because: kasan: bad access detected [ 41.335704] [ 41.337222] Memory state around the buggy address: [ 41.342013] ffff88810527fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.349232] ffff88810527fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.356452] >ffff88810527fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 41.363686] ^ [ 41.369288] ffff88810527fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 41.376515] ffff88810527fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 41.383741] ==================================================================