Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 47.635650] ================================================================== [ 47.647827] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x324/0x37c [ 47.655181] Write of size 1 at addr cbaedf00 by task kunit_try_catch/200 [ 47.661926] [ 47.663452] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 47.663482] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 47.663482] Hardware name: Generic DRA74X (Flattened Device Tree) [ 47.663482] Call trace: [ 47.663482] unwind_backtrace from show_stack+0x18/0x1c [ 47.663513] show_stack from dump_stack_lvl+0x70/0x90 [ 47.663543] dump_stack_lvl from print_report+0x158/0x528 [ 47.663574] print_report from kasan_report+0xdc/0x118 [ 47.663604] kasan_report from kmalloc_big_oob_right+0x324/0x37c [ 47.663604] kmalloc_big_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 47.663635] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.663665] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 47.663696] kthread from ret_from_fork+0x14/0x20 [ 47.663696] Exception stack(0xf236bfb0 to 0xf236bff8) [ 47.663726] bfa0: 00000000 00000000 00000000 00000000 [ 47.663726] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 47.663757] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 47.663757] [ 47.769348] Allocated by task 200: [ 47.772766] kasan_save_track+0x30/0x5c [ 47.776641] __kasan_kmalloc+0x8c/0x94 [ 47.780426] kmalloc_big_oob_right+0xd0/0x37c [ 47.784820] kunit_try_run_case+0x22c/0x5a8 [ 47.789031] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.794555] kthread+0x464/0x810 [ 47.797790] ret_from_fork+0x14/0x20 [ 47.801422] [ 47.802917] The buggy address belongs to the object at cbaec000 [ 47.802917] which belongs to the cache kmalloc-8k of size 8192 [ 47.814819] The buggy address is located 0 bytes to the right of [ 47.814819] allocated 7936-byte region [cbaec000, cbaedf00) [ 47.826538] [ 47.828033] The buggy address belongs to the physical page: [ 47.833648] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8bae8 [ 47.840911] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.848632] flags: 0x40(head|zone=0) [ 47.852233] page_type: f5(slab) [ 47.855407] raw: 00000040 c7001a00 00000122 00000000 00000000 80020002 f5000000 00000000 [ 47.863525] raw: 00000000 [ 47.866180] head: 00000040 c7001a00 00000122 00000000 00000000 80020002 f5000000 00000000 [ 47.874420] head: 00000000 00000003 eeba38a1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 47.882659] head: 00000000 00000008 [ 47.886169] page dumped because: kasan: bad access detected [ 47.891754] [ 47.893280] Memory state around the buggy address: [ 47.898101] cbaede00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.904663] cbaede80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.911224] >cbaedf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.917816] ^ [ 47.920349] cbaedf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.926910] cbaee000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.933502] ==================================================================
[ 15.731298] ================================================================== [ 15.743779] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 15.751094] Write of size 1 at addr ffff888101a95f00 by task kunit_try_catch/187 [ 15.758496] [ 15.759996] CPU: 2 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 15.760004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.760006] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 15.760009] Call Trace: [ 15.760011] <TASK> [ 15.760013] dump_stack_lvl+0x73/0xb0 [ 15.760017] print_report+0xd1/0x650 [ 15.760021] ? __virt_addr_valid+0x1db/0x2d0 [ 15.760025] ? kmalloc_big_oob_right+0x316/0x370 [ 15.760029] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.760033] ? kmalloc_big_oob_right+0x316/0x370 [ 15.760038] kasan_report+0x141/0x180 [ 15.760042] ? kmalloc_big_oob_right+0x316/0x370 [ 15.760047] __asan_report_store1_noabort+0x1b/0x30 [ 15.760051] kmalloc_big_oob_right+0x316/0x370 [ 15.760055] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 15.760060] ? __schedule+0x10cc/0x2b30 [ 15.760064] ? ktime_get_ts64+0x83/0x230 [ 15.760069] kunit_try_run_case+0x1a2/0x480 [ 15.760073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.760077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.760082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.760086] ? __kthread_parkme+0x82/0x180 [ 15.760090] ? preempt_count_sub+0x50/0x80 [ 15.760095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.760099] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 15.760103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.760107] kthread+0x334/0x6f0 [ 15.760111] ? trace_preempt_on+0x20/0xc0 [ 15.760116] ? __pfx_kthread+0x10/0x10 [ 15.760120] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.760124] ? calculate_sigpending+0x7b/0xa0 [ 15.760128] ? __pfx_kthread+0x10/0x10 [ 15.760132] ret_from_fork+0x3e/0x80 [ 15.760136] ? __pfx_kthread+0x10/0x10 [ 15.760141] ret_from_fork_asm+0x1a/0x30 [ 15.760146] </TASK> [ 15.760148] [ 15.924748] Allocated by task 187: [ 15.928154] kasan_save_stack+0x45/0x70 [ 15.931993] kasan_save_track+0x18/0x40 [ 15.935833] kasan_save_alloc_info+0x3b/0x50 [ 15.940105] __kasan_kmalloc+0xb7/0xc0 [ 15.943856] __kmalloc_cache_noprof+0x189/0x420 [ 15.948391] kmalloc_big_oob_right+0xa9/0x370 [ 15.952757] kunit_try_run_case+0x1a2/0x480 [ 15.956943] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 15.962342] kthread+0x334/0x6f0 [ 15.965575] ret_from_fork+0x3e/0x80 [ 15.969155] ret_from_fork_asm+0x1a/0x30 [ 15.973079] [ 15.974571] The buggy address belongs to the object at ffff888101a94000 [ 15.974571] which belongs to the cache kmalloc-8k of size 8192 [ 15.987087] The buggy address is located 0 bytes to the right of [ 15.987087] allocated 7936-byte region [ffff888101a94000, ffff888101a95f00) [ 16.000127] [ 16.001627] The buggy address belongs to the physical page: [ 16.007199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a90 [ 16.015206] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.022858] flags: 0x200000000000040(head|node=0|zone=2) [ 16.028172] page_type: f5(slab) [ 16.031319] raw: 0200000000000040 ffff888100043180 dead000000000122 0000000000000000 [ 16.039066] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.046813] head: 0200000000000040 ffff888100043180 dead000000000122 0000000000000000 [ 16.054640] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.062472] head: 0200000000000003 ffffea000406a401 00000000ffffffff 00000000ffffffff [ 16.070300] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 16.078124] page dumped because: kasan: bad access detected [ 16.083700] [ 16.085211] Memory state around the buggy address: [ 16.090006] ffff888101a95e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.097225] ffff888101a95e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.104443] >ffff888101a95f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.111661] ^ [ 16.114922] ffff888101a95f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.122140] ffff888101a96000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.129360] ==================================================================