Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 39.728171] ================================================================== [ 39.737733] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 39.745280] Read of size 1 at addr ffff800089517b4a by task kunit_try_catch/297 [ 39.752570] [ 39.754054] CPU: 4 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 39.754117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.754138] Hardware name: WinLink E850-96 board (DT) [ 39.754159] Call trace: [ 39.754171] show_stack+0x20/0x38 (C) [ 39.754212] dump_stack_lvl+0x8c/0xd0 [ 39.754249] print_report+0x310/0x608 [ 39.754287] kasan_report+0xdc/0x128 [ 39.754321] __asan_report_load1_noabort+0x20/0x30 [ 39.754353] kasan_alloca_oob_right+0x2dc/0x340 [ 39.754384] kunit_try_run_case+0x170/0x3f0 [ 39.754423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.754462] kthread+0x328/0x630 [ 39.754495] ret_from_fork+0x10/0x20 [ 39.754530] [ 39.818109] The buggy address belongs to stack of task kunit_try_catch/297 [ 39.824986] [ 39.826447] The buggy address belongs to the virtual mapping at [ 39.826447] [ffff800089510000, ffff800089519000) created by: [ 39.826447] kernel_clone+0x150/0x7a8 [ 39.841719] [ 39.843196] The buggy address belongs to the physical page: [ 39.848753] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886982 [ 39.856737] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.863258] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 39.870978] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.878696] page dumped because: kasan: bad access detected [ 39.884253] [ 39.885727] Memory state around the buggy address: [ 39.890508] ffff800089517a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.897710] ffff800089517a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.904917] >ffff800089517b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 39.912116] ^ [ 39.917675] ffff800089517b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 39.924881] ffff800089517c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 39.932081] ==================================================================
[ 28.388459] ================================================================== [ 28.388538] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 28.388618] Read of size 1 at addr ffff800080a57b4a by task kunit_try_catch/254 [ 28.388706] [ 28.388802] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 28.389064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.389458] Hardware name: linux,dummy-virt (DT) [ 28.389542] Call trace: [ 28.389609] show_stack+0x20/0x38 (C) [ 28.390196] dump_stack_lvl+0x8c/0xd0 [ 28.390346] print_report+0x310/0x608 [ 28.390603] kasan_report+0xdc/0x128 [ 28.391246] __asan_report_load1_noabort+0x20/0x30 [ 28.391457] kasan_alloca_oob_right+0x2dc/0x340 [ 28.392032] kunit_try_run_case+0x170/0x3f0 [ 28.392721] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.393489] kthread+0x328/0x630 [ 28.393640] ret_from_fork+0x10/0x20 [ 28.393836] [ 28.393896] The buggy address belongs to stack of task kunit_try_catch/254 [ 28.394105] [ 28.394264] The buggy address belongs to the virtual mapping at [ 28.394264] [ffff800080a50000, ffff800080a59000) created by: [ 28.394264] kernel_clone+0x150/0x7a8 [ 28.394669] [ 28.394886] The buggy address belongs to the physical page: [ 28.395041] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107760 [ 28.395304] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.395874] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.397621] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.398750] page dumped because: kasan: bad access detected [ 28.398842] [ 28.398908] Memory state around the buggy address: [ 28.398999] ffff800080a57a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.399113] ffff800080a57a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.399225] >ffff800080a57b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 28.399329] ^ [ 28.399533] ffff800080a57b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 28.399640] ffff800080a57c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 28.399815] ==================================================================
[ 21.177373] ================================================================== [ 21.178475] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 21.179575] Read of size 1 at addr ffff888103bc7c4a by task kunit_try_catch/270 [ 21.180914] [ 21.181485] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 21.181624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.181691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.181772] Call Trace: [ 21.181811] <TASK> [ 21.181861] dump_stack_lvl+0x73/0xb0 [ 21.181923] print_report+0xd1/0x650 [ 21.181983] ? __virt_addr_valid+0x1db/0x2d0 [ 21.182022] ? kasan_alloca_oob_right+0x329/0x390 [ 21.182056] ? kasan_addr_to_slab+0x11/0xa0 [ 21.182088] ? kasan_alloca_oob_right+0x329/0x390 [ 21.182122] kasan_report+0x141/0x180 [ 21.182154] ? kasan_alloca_oob_right+0x329/0x390 [ 21.182195] __asan_report_load1_noabort+0x18/0x20 [ 21.182224] kasan_alloca_oob_right+0x329/0x390 [ 21.182269] ? __kasan_check_write+0x18/0x20 [ 21.182299] ? __pfx_sched_clock_cpu+0x10/0x10 [ 21.182330] ? finish_task_switch.isra.0+0x153/0x700 [ 21.182362] ? __mutex_unlock_slowpath.isra.0+0x30e/0x310 [ 21.182395] ? trace_hardirqs_on+0x37/0xe0 [ 21.182435] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 21.182550] ? __schedule+0x10cc/0x2b60 [ 21.182602] ? __pfx_read_tsc+0x10/0x10 [ 21.182635] ? ktime_get_ts64+0x86/0x230 [ 21.182676] kunit_try_run_case+0x1a5/0x480 [ 21.182742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.182772] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.182807] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.182845] ? __kthread_parkme+0x82/0x180 [ 21.182872] ? preempt_count_sub+0x50/0x80 [ 21.182904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.182933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.182995] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.183033] kthread+0x337/0x6f0 [ 21.183062] ? trace_preempt_on+0x20/0xc0 [ 21.183093] ? __pfx_kthread+0x10/0x10 [ 21.183121] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.183154] ? calculate_sigpending+0x7b/0xa0 [ 21.183224] ? __pfx_kthread+0x10/0x10 [ 21.183308] ret_from_fork+0x116/0x1d0 [ 21.183349] ? __pfx_kthread+0x10/0x10 [ 21.183381] ret_from_fork_asm+0x1a/0x30 [ 21.183424] </TASK> [ 21.183439] [ 21.200184] The buggy address belongs to stack of task kunit_try_catch/270 [ 21.201019] [ 21.201215] The buggy address belongs to the physical page: [ 21.201888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103bc7 [ 21.202888] flags: 0x200000000000000(node=0|zone=2) [ 21.203298] raw: 0200000000000000 ffffea00040ef1c8 ffffea00040ef1c8 0000000000000000 [ 21.203776] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 21.204377] page dumped because: kasan: bad access detected [ 21.205215] [ 21.205454] Memory state around the buggy address: [ 21.205930] ffff888103bc7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.206860] ffff888103bc7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.207338] >ffff888103bc7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 21.207776] ^ [ 21.209696] ffff888103bc7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 21.211873] ffff888103bc7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 21.212400] ==================================================================
[ 66.713897] ================================================================== [ 66.725372] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x314/0x34c [ 66.733001] Read of size 1 at addr f2493c8a by task kunit_try_catch/305 [ 66.739654] [ 66.741180] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 66.741210] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 66.741210] Hardware name: Generic DRA74X (Flattened Device Tree) [ 66.741210] Call trace: [ 66.741241] unwind_backtrace from show_stack+0x18/0x1c [ 66.741241] show_stack from dump_stack_lvl+0x70/0x90 [ 66.741271] dump_stack_lvl from print_report+0x158/0x528 [ 66.741302] print_report from kasan_report+0xdc/0x118 [ 66.741333] kasan_report from kasan_alloca_oob_right+0x314/0x34c [ 66.741363] kasan_alloca_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 66.741363] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 66.741394] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 66.741424] kthread from ret_from_fork+0x14/0x20 [ 66.741455] Exception stack(0xf2493fb0 to 0xf2493ff8) [ 66.741455] 3fa0: 00000000 00000000 00000000 00000000 [ 66.741485] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 66.741516] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 66.741516] [ 66.848114] The buggy address belongs to stack of task kunit_try_catch/305 [ 66.855041] [ 66.856567] The buggy address belongs to the virtual mapping at [ 66.856567] [f2490000, f2495000) created by: [ 66.856567] kernel_clone+0x174/0x794 [ 66.870544] [ 66.872070] The buggy address belongs to the physical page: [ 66.877655] page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0xb0823 [ 66.884948] flags: 0x80000000(zone=2) [ 66.888641] raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001 [ 66.896789] raw: 00000000 [ 66.899414] page dumped because: kasan: bad access detected [ 66.905029] [ 66.906524] Memory state around the buggy address: [ 66.911346] f2493b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.917938] f2493c00: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca [ 66.924499] >f2493c80: 00 02 cb cb cb cb cb cb 00 00 00 00 00 00 00 00 [ 66.931060] ^ [ 66.933898] f2493d00: f1 f1 f1 f1 f1 f1 01 f2 04 f2 04 f2 00 f3 f3 f3 [ 66.940460] f2493d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.947021] ==================================================================