Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| x15 | |
| x86 |
[ 60.273284] ================================================================== [ 60.284179] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x3e0/0x524 [ 60.290924] Read of size 1 at addr cc2310c8 by task kunit_try_catch/263 [ 60.297576] [ 60.299102] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B W N 6.15.0-rc3 #1 NONE [ 60.299133] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 60.299133] Hardware name: Generic DRA74X (Flattened Device Tree) [ 60.299133] Call trace: [ 60.299163] unwind_backtrace from show_stack+0x18/0x1c [ 60.299163] show_stack from dump_stack_lvl+0x70/0x90 [ 60.299194] dump_stack_lvl from print_report+0x158/0x528 [ 60.299224] print_report from kasan_report+0xdc/0x118 [ 60.299255] kasan_report from kmem_cache_oob+0x3e0/0x524 [ 60.299285] kmem_cache_oob from kunit_try_run_case+0x22c/0x5a8 [ 60.299285] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.299316] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 60.299346] kthread from ret_from_fork+0x14/0x20 [ 60.299377] Exception stack(0xf254bfb0 to 0xf254bff8) [ 60.299377] bfa0: 00000000 00000000 00000000 00000000 [ 60.299407] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 60.299407] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 60.299438] [ 60.403778] Allocated by task 263: [ 60.407226] kasan_save_track+0x30/0x5c [ 60.411071] __kasan_slab_alloc+0x60/0x68 [ 60.415130] kmem_cache_alloc_noprof+0x17c/0x36c [ 60.419769] kmem_cache_oob+0x170/0x524 [ 60.423645] kunit_try_run_case+0x22c/0x5a8 [ 60.427856] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 60.433410] kthread+0x464/0x810 [ 60.436645] ret_from_fork+0x14/0x20 [ 60.440246] [ 60.441772] The buggy address belongs to the object at cc231000 [ 60.441772] which belongs to the cache test_cache of size 200 [ 60.453582] The buggy address is located 0 bytes to the right of [ 60.453582] allocated 200-byte region [cc231000, cc2310c8) [ 60.465209] [ 60.466735] The buggy address belongs to the physical page: [ 60.472320] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c231 [ 60.479614] flags: 0x0(zone=0) [ 60.482666] page_type: f5(slab) [ 60.485839] raw: 00000000 cc22f000 00000122 00000000 00000000 800f000f f5000000 00000000 [ 60.493988] raw: 00000000 [ 60.496643] page dumped because: kasan: bad access detected [ 60.502258] [ 60.503753] Memory state around the buggy address: [ 60.508575] cc230f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.515136] cc231000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.521697] >cc231080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 60.528289] ^ [ 60.533203] cc231100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.539764] cc231180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.546325] ==================================================================
[ 32.483043] ================================================================== [ 32.493851] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 32.500550] Read of size 1 at addr ffff888107fba0c8 by task kunit_try_catch/250 [ 32.507858] [ 32.509358] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 32.509366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.509369] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 32.509372] Call Trace: [ 32.509374] <TASK> [ 32.509375] dump_stack_lvl+0x73/0xb0 [ 32.509379] print_report+0xd1/0x650 [ 32.509384] ? __virt_addr_valid+0x1db/0x2d0 [ 32.509388] ? kmem_cache_oob+0x402/0x530 [ 32.509391] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.509395] ? kmem_cache_oob+0x402/0x530 [ 32.509398] kasan_report+0x141/0x180 [ 32.509403] ? kmem_cache_oob+0x402/0x530 [ 32.509407] __asan_report_load1_noabort+0x18/0x20 [ 32.509410] kmem_cache_oob+0x402/0x530 [ 32.509413] ? trace_hardirqs_on+0x37/0xe0 [ 32.509418] ? __pfx_kmem_cache_oob+0x10/0x10 [ 32.509421] ? finish_task_switch.isra.0+0x153/0x700 [ 32.509425] ? __switch_to+0x5d9/0xf60 [ 32.509429] ? dequeue_task_fair+0x166/0x4e0 [ 32.509435] ? ktime_get_ts64+0x83/0x230 [ 32.509440] kunit_try_run_case+0x1a2/0x480 [ 32.509444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.509448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.509453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.509457] ? __kthread_parkme+0x82/0x180 [ 32.509461] ? preempt_count_sub+0x50/0x80 [ 32.509466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.509470] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 32.509475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.509479] kthread+0x334/0x6f0 [ 32.509483] ? trace_preempt_on+0x20/0xc0 [ 32.509487] ? __pfx_kthread+0x10/0x10 [ 32.509491] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.509495] ? calculate_sigpending+0x7b/0xa0 [ 32.509499] ? __pfx_kthread+0x10/0x10 [ 32.509503] ret_from_fork+0x3e/0x80 [ 32.509507] ? __pfx_kthread+0x10/0x10 [ 32.509512] ret_from_fork_asm+0x1a/0x30 [ 32.509517] </TASK> [ 32.509519] [ 32.684396] Allocated by task 250: [ 32.687803] kasan_save_stack+0x45/0x70 [ 32.691641] kasan_save_track+0x18/0x40 [ 32.695481] kasan_save_alloc_info+0x3b/0x50 [ 32.699760] __kasan_slab_alloc+0x91/0xa0 [ 32.703774] kmem_cache_alloc_noprof+0x123/0x3f0 [ 32.708393] kmem_cache_oob+0x157/0x530 [ 32.712233] kunit_try_run_case+0x1a2/0x480 [ 32.716417] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 32.721817] kthread+0x334/0x6f0 [ 32.725050] ret_from_fork+0x3e/0x80 [ 32.728630] ret_from_fork_asm+0x1a/0x30 [ 32.732554] [ 32.734054] The buggy address belongs to the object at ffff888107fba000 [ 32.734054] which belongs to the cache test_cache of size 200 [ 32.746482] The buggy address is located 0 bytes to the right of [ 32.746482] allocated 200-byte region [ffff888107fba000, ffff888107fba0c8) [ 32.759428] [ 32.760927] The buggy address belongs to the physical page: [ 32.766503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107fba [ 32.774508] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 32.782160] flags: 0x200000000000040(head|node=0|zone=2) [ 32.787474] page_type: f5(slab) [ 32.790622] raw: 0200000000000040 ffff8881003423c0 dead000000000122 0000000000000000 [ 32.798367] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 32.806108] head: 0200000000000040 ffff8881003423c0 dead000000000122 0000000000000000 [ 32.813940] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 32.821766] head: 0200000000000001 ffffea00041fee81 00000000ffffffff 00000000ffffffff [ 32.829592] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 32.837418] page dumped because: kasan: bad access detected [ 32.842989] [ 32.844489] Memory state around the buggy address: [ 32.849281] ffff888107fb9f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.856500] ffff888107fba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.863758] >ffff888107fba080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 32.870980] ^ [ 32.876554] ffff888107fba100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.883774] ffff888107fba180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.890992] ==================================================================