Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 |
[ 19.567151] ================================================================== [ 19.574258] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 19.581200] Read of size 1 at addr ffff000801ede580 by task kunit_try_catch/181 [ 19.588491] [ 19.589975] CPU: 6 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 19.590027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.590041] Hardware name: WinLink E850-96 board (DT) [ 19.590059] Call trace: [ 19.590071] show_stack+0x20/0x38 (C) [ 19.590104] dump_stack_lvl+0x8c/0xd0 [ 19.590134] print_report+0x118/0x608 [ 19.590165] kasan_report+0xdc/0x128 [ 19.590194] __asan_report_load1_noabort+0x20/0x30 [ 19.590228] kmalloc_oob_right+0x5d0/0x660 [ 19.590257] kunit_try_run_case+0x170/0x3f0 [ 19.590288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.590324] kthread+0x328/0x630 [ 19.590356] ret_from_fork+0x10/0x20 [ 19.590387] [ 19.653941] Allocated by task 181: [ 19.657329] kasan_save_stack+0x3c/0x68 [ 19.661146] kasan_save_track+0x20/0x40 [ 19.664966] kasan_save_alloc_info+0x40/0x58 [ 19.669219] __kasan_kmalloc+0xd4/0xd8 [ 19.672951] __kmalloc_cache_noprof+0x15c/0x3c0 [ 19.677465] kmalloc_oob_right+0xb0/0x660 [ 19.681458] kunit_try_run_case+0x170/0x3f0 [ 19.685625] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.691094] kthread+0x328/0x630 [ 19.694305] ret_from_fork+0x10/0x20 [ 19.697864] [ 19.699340] The buggy address belongs to the object at ffff000801ede500 [ 19.699340] which belongs to the cache kmalloc-128 of size 128 [ 19.711842] The buggy address is located 13 bytes to the right of [ 19.711842] allocated 115-byte region [ffff000801ede500, ffff000801ede573) [ 19.724860] [ 19.726337] The buggy address belongs to the physical page: [ 19.731895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ede [ 19.739880] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.747518] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.754462] page_type: f5(slab) [ 19.757597] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.765318] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.773044] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.780856] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.788669] head: 0bfffe0000000001 fffffdffe007b781 00000000ffffffff 00000000ffffffff [ 19.796480] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.804288] page dumped because: kasan: bad access detected [ 19.809842] [ 19.811317] Memory state around the buggy address: [ 19.816095] ffff000801ede480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.823300] ffff000801ede500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.830506] >ffff000801ede580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.837706] ^ [ 19.840921] ffff000801ede600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.848126] ffff000801ede680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.855327] ================================================================== [ 18.964925] ================================================================== [ 18.971492] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 18.978433] Write of size 1 at addr ffff000801ede573 by task kunit_try_catch/181 [ 18.985809] [ 18.987298] CPU: 6 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 18.987356] Tainted: [N]=TEST [ 18.987369] Hardware name: WinLink E850-96 board (DT) [ 18.987388] Call trace: [ 18.987403] show_stack+0x20/0x38 (C) [ 18.987441] dump_stack_lvl+0x8c/0xd0 [ 18.987472] print_report+0x118/0x608 [ 18.987506] kasan_report+0xdc/0x128 [ 18.987538] __asan_report_store1_noabort+0x20/0x30 [ 18.987575] kmalloc_oob_right+0x5a4/0x660 [ 18.987607] kunit_try_run_case+0x170/0x3f0 [ 18.987638] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.987674] kthread+0x328/0x630 [ 18.987707] ret_from_fork+0x10/0x20 [ 18.987741] [ 19.050133] Allocated by task 181: [ 19.053520] kasan_save_stack+0x3c/0x68 [ 19.057336] kasan_save_track+0x20/0x40 [ 19.061155] kasan_save_alloc_info+0x40/0x58 [ 19.065408] __kasan_kmalloc+0xd4/0xd8 [ 19.069142] __kmalloc_cache_noprof+0x15c/0x3c0 [ 19.073655] kmalloc_oob_right+0xb0/0x660 [ 19.077648] kunit_try_run_case+0x170/0x3f0 [ 19.081815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.087283] kthread+0x328/0x630 [ 19.090495] ret_from_fork+0x10/0x20 [ 19.094054] [ 19.095531] The buggy address belongs to the object at ffff000801ede500 [ 19.095531] which belongs to the cache kmalloc-128 of size 128 [ 19.108032] The buggy address is located 0 bytes to the right of [ 19.108032] allocated 115-byte region [ffff000801ede500, ffff000801ede573) [ 19.120963] [ 19.122443] The buggy address belongs to the physical page: [ 19.127999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ede [ 19.135982] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.143622] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.150565] page_type: f5(slab) [ 19.153703] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.161421] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.169147] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.176958] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.184772] head: 0bfffe0000000001 fffffdffe007b781 00000000ffffffff 00000000ffffffff [ 19.192583] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.200389] page dumped because: kasan: bad access detected [ 19.205944] [ 19.207420] Memory state around the buggy address: [ 19.212200] ffff000801ede400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.219403] ffff000801ede480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.226608] >ffff000801ede500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.233809] ^ [ 19.240670] ffff000801ede580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.247876] ffff000801ede600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.255077] ================================================================== [ 19.267735] ================================================================== [ 19.274786] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 19.281726] Write of size 1 at addr ffff000801ede578 by task kunit_try_catch/181 [ 19.289103] [ 19.290589] CPU: 6 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 19.290644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.290660] Hardware name: WinLink E850-96 board (DT) [ 19.290681] Call trace: [ 19.290694] show_stack+0x20/0x38 (C) [ 19.290727] dump_stack_lvl+0x8c/0xd0 [ 19.290757] print_report+0x118/0x608 [ 19.290788] kasan_report+0xdc/0x128 [ 19.290815] __asan_report_store1_noabort+0x20/0x30 [ 19.290849] kmalloc_oob_right+0x538/0x660 [ 19.290876] kunit_try_run_case+0x170/0x3f0 [ 19.290906] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.290941] kthread+0x328/0x630 [ 19.290977] ret_from_fork+0x10/0x20 [ 19.291011] [ 19.354640] Allocated by task 181: [ 19.358028] kasan_save_stack+0x3c/0x68 [ 19.361845] kasan_save_track+0x20/0x40 [ 19.365664] kasan_save_alloc_info+0x40/0x58 [ 19.369918] __kasan_kmalloc+0xd4/0xd8 [ 19.373650] __kmalloc_cache_noprof+0x15c/0x3c0 [ 19.378164] kmalloc_oob_right+0xb0/0x660 [ 19.382157] kunit_try_run_case+0x170/0x3f0 [ 19.386324] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.391793] kthread+0x328/0x630 [ 19.395004] ret_from_fork+0x10/0x20 [ 19.398563] [ 19.400040] The buggy address belongs to the object at ffff000801ede500 [ 19.400040] which belongs to the cache kmalloc-128 of size 128 [ 19.412542] The buggy address is located 5 bytes to the right of [ 19.412542] allocated 115-byte region [ffff000801ede500, ffff000801ede573) [ 19.425472] [ 19.426950] The buggy address belongs to the physical page: [ 19.432509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ede [ 19.440491] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.448128] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.455074] page_type: f5(slab) [ 19.458209] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.465930] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.473656] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 19.481468] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 19.489281] head: 0bfffe0000000001 fffffdffe007b781 00000000ffffffff 00000000ffffffff [ 19.497093] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 19.504899] page dumped because: kasan: bad access detected [ 19.510454] [ 19.511929] Memory state around the buggy address: [ 19.516708] ffff000801ede400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.523912] ffff000801ede480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.531117] >ffff000801ede500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.538318] ^ [ 19.545440] ffff000801ede580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.552646] ffff000801ede600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.559846] ==================================================================