Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 47.060974] ================================================================== [ 47.072448] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c0/0x548 [ 47.080596] Write of size 1 at addr cc228778 by task kunit_try_catch/198 [ 47.087341] [ 47.088867] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 47.088897] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 47.088897] Hardware name: Generic DRA74X (Flattened Device Tree) [ 47.088897] Call trace: [ 47.088897] unwind_backtrace from show_stack+0x18/0x1c [ 47.088928] show_stack from dump_stack_lvl+0x70/0x90 [ 47.088958] dump_stack_lvl from print_report+0x158/0x528 [ 47.088989] print_report from kasan_report+0xdc/0x118 [ 47.089019] kasan_report from kmalloc_track_caller_oob_right+0x4c0/0x548 [ 47.089019] kmalloc_track_caller_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 47.089050] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.089080] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 47.089111] kthread from ret_from_fork+0x14/0x20 [ 47.089111] Exception stack(0xf2363fb0 to 0xf2363ff8) [ 47.089141] 3fa0: 00000000 00000000 00000000 00000000 [ 47.089141] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 47.089172] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 47.089172] [ 47.196319] Allocated by task 198: [ 47.199737] kasan_save_track+0x30/0x5c [ 47.203613] __kasan_kmalloc+0x8c/0x94 [ 47.207397] __kmalloc_node_track_caller_noprof+0x210/0x470 [ 47.213012] kmalloc_track_caller_oob_right+0x98/0x548 [ 47.218200] kunit_try_run_case+0x22c/0x5a8 [ 47.222412] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.227935] kthread+0x464/0x810 [ 47.231201] ret_from_fork+0x14/0x20 [ 47.234802] [ 47.236297] The buggy address belongs to the object at cc228700 [ 47.236297] which belongs to the cache kmalloc-128 of size 128 [ 47.248199] The buggy address is located 0 bytes to the right of [ 47.248199] allocated 120-byte region [cc228700, cc228778) [ 47.259826] [ 47.261352] The buggy address belongs to the physical page: [ 47.266937] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c228 [ 47.274230] flags: 0x0(zone=0) [ 47.277313] page_type: f5(slab) [ 47.280456] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 47.288604] raw: 00000000 [ 47.291259] page dumped because: kasan: bad access detected [ 47.296844] [ 47.298370] Memory state around the buggy address: [ 47.303192] cc228600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.309753] cc228680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.316314] >cc228700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 47.322906] ^ [ 47.329376] cc228780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.335937] cc228800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.342529] ================================================================== [ 47.350158] ================================================================== [ 47.357421] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x548 [ 47.365600] Write of size 1 at addr cc228878 by task kunit_try_catch/198 [ 47.372344] [ 47.373840] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 47.373870] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 47.373870] Hardware name: Generic DRA74X (Flattened Device Tree) [ 47.373901] Call trace: [ 47.373901] unwind_backtrace from show_stack+0x18/0x1c [ 47.373931] show_stack from dump_stack_lvl+0x70/0x90 [ 47.373931] dump_stack_lvl from print_report+0x158/0x528 [ 47.373962] print_report from kasan_report+0xdc/0x118 [ 47.373992] kasan_report from kmalloc_track_caller_oob_right+0x4c8/0x548 [ 47.374023] kmalloc_track_caller_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 47.374053] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.374053] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 47.374084] kthread from ret_from_fork+0x14/0x20 [ 47.374114] Exception stack(0xf2363fb0 to 0xf2363ff8) [ 47.374114] 3fa0: 00000000 00000000 00000000 00000000 [ 47.374145] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 47.374145] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 47.374176] [ 47.481323] Allocated by task 198: [ 47.484741] kasan_save_track+0x30/0x5c [ 47.488616] __kasan_kmalloc+0x8c/0x94 [ 47.492370] __kmalloc_node_track_caller_noprof+0x210/0x470 [ 47.498016] kmalloc_track_caller_oob_right+0x1c4/0x548 [ 47.503265] kunit_try_run_case+0x22c/0x5a8 [ 47.507476] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.513031] kthread+0x464/0x810 [ 47.516265] ret_from_fork+0x14/0x20 [ 47.519866] [ 47.521362] The buggy address belongs to the object at cc228800 [ 47.521362] which belongs to the cache kmalloc-128 of size 128 [ 47.533264] The buggy address is located 0 bytes to the right of [ 47.533264] allocated 120-byte region [cc228800, cc228878) [ 47.544921] [ 47.546417] The buggy address belongs to the physical page: [ 47.552032] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c228 [ 47.559295] flags: 0x0(zone=0) [ 47.562377] page_type: f5(slab) [ 47.565551] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 47.573669] raw: 00000000 [ 47.576324] page dumped because: kasan: bad access detected [ 47.581939] [ 47.583435] Memory state around the buggy address: [ 47.588256] cc228700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.594818] cc228780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.601409] >cc228800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 47.607971] ^ [ 47.614440] cc228880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.621032] cc228900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.627593] ==================================================================
[ 15.179200] ================================================================== [ 15.190630] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.198735] Write of size 1 at addr ffff88810633a478 by task kunit_try_catch/185 [ 15.206133] [ 15.207634] CPU: 3 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 15.207642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.207644] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 15.207648] Call Trace: [ 15.207649] <TASK> [ 15.207651] dump_stack_lvl+0x73/0xb0 [ 15.207655] print_report+0xd1/0x650 [ 15.207659] ? __virt_addr_valid+0x1db/0x2d0 [ 15.207663] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.207685] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.207689] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.207694] kasan_report+0x141/0x180 [ 15.207699] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.207705] __asan_report_store1_noabort+0x1b/0x30 [ 15.207708] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.207726] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 15.207732] ? __schedule+0x10cc/0x2b30 [ 15.207736] ? ktime_get_ts64+0x83/0x230 [ 15.207741] kunit_try_run_case+0x1a2/0x480 [ 15.207745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.207749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.207754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.207758] ? __kthread_parkme+0x82/0x180 [ 15.207762] ? preempt_count_sub+0x50/0x80 [ 15.207767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.207771] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 15.207775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.207780] kthread+0x334/0x6f0 [ 15.207784] ? trace_preempt_on+0x20/0xc0 [ 15.207788] ? __pfx_kthread+0x10/0x10 [ 15.207792] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.207796] ? calculate_sigpending+0x7b/0xa0 [ 15.207800] ? __pfx_kthread+0x10/0x10 [ 15.207804] ret_from_fork+0x3e/0x80 [ 15.207808] ? __pfx_kthread+0x10/0x10 [ 15.207813] ret_from_fork_asm+0x1a/0x30 [ 15.207818] </TASK> [ 15.207820] [ 15.376434] Allocated by task 185: [ 15.379839] kasan_save_stack+0x45/0x70 [ 15.383704] kasan_save_track+0x18/0x40 [ 15.387570] kasan_save_alloc_info+0x3b/0x50 [ 15.391843] __kasan_kmalloc+0xb7/0xc0 [ 15.395596] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 15.401166] kmalloc_track_caller_oob_right+0x99/0x520 [ 15.406305] kunit_try_run_case+0x1a2/0x480 [ 15.410493] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 15.415898] kthread+0x334/0x6f0 [ 15.419131] ret_from_fork+0x3e/0x80 [ 15.422735] ret_from_fork_asm+0x1a/0x30 [ 15.426664] [ 15.428189] The buggy address belongs to the object at ffff88810633a400 [ 15.428189] which belongs to the cache kmalloc-128 of size 128 [ 15.440704] The buggy address is located 0 bytes to the right of [ 15.440704] allocated 120-byte region [ffff88810633a400, ffff88810633a478) [ 15.453667] [ 15.455194] The buggy address belongs to the physical page: [ 15.460764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10633a [ 15.468763] flags: 0x200000000000000(node=0|zone=2) [ 15.473643] page_type: f5(slab) [ 15.476789] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 15.484529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.492275] page dumped because: kasan: bad access detected [ 15.497849] [ 15.499346] Memory state around the buggy address: [ 15.504141] ffff88810633a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.511359] ffff88810633a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.518579] >ffff88810633a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.525796] ^ [ 15.532931] ffff88810633a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.540147] ffff88810633a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.547368] ==================================================================