Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 20.987427] ================================================================== [ 20.998263] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 21.005547] Write of size 1 at addr ffff000805f79f00 by task kunit_try_catch/188 [ 21.012922] [ 21.014410] CPU: 5 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 21.014466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.014482] Hardware name: WinLink E850-96 board (DT) [ 21.014505] Call trace: [ 21.014521] show_stack+0x20/0x38 (C) [ 21.014558] dump_stack_lvl+0x8c/0xd0 [ 21.014594] print_report+0x118/0x608 [ 21.014631] kasan_report+0xdc/0x128 [ 21.014662] __asan_report_store1_noabort+0x20/0x30 [ 21.014693] kmalloc_big_oob_right+0x2a4/0x2f0 [ 21.014724] kunit_try_run_case+0x170/0x3f0 [ 21.014761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.014799] kthread+0x328/0x630 [ 21.014826] ret_from_fork+0x10/0x20 [ 21.014861] [ 21.078459] Allocated by task 188: [ 21.081848] kasan_save_stack+0x3c/0x68 [ 21.085664] kasan_save_track+0x20/0x40 [ 21.089483] kasan_save_alloc_info+0x40/0x58 [ 21.093736] __kasan_kmalloc+0xd4/0xd8 [ 21.097469] __kmalloc_cache_noprof+0x15c/0x3c0 [ 21.101983] kmalloc_big_oob_right+0xb8/0x2f0 [ 21.106323] kunit_try_run_case+0x170/0x3f0 [ 21.110490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.115958] kthread+0x328/0x630 [ 21.119170] ret_from_fork+0x10/0x20 [ 21.122729] [ 21.124206] The buggy address belongs to the object at ffff000805f78000 [ 21.124206] which belongs to the cache kmalloc-8k of size 8192 [ 21.136708] The buggy address is located 0 bytes to the right of [ 21.136708] allocated 7936-byte region [ffff000805f78000, ffff000805f79f00) [ 21.149725] [ 21.151203] The buggy address belongs to the physical page: [ 21.156761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885f78 [ 21.164744] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 21.172383] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 21.179327] page_type: f5(slab) [ 21.182464] raw: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000 [ 21.190183] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.197911] head: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000 [ 21.205720] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 21.213533] head: 0bfffe0000000003 fffffdffe017de01 00000000ffffffff 00000000ffffffff [ 21.221345] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 21.229151] page dumped because: kasan: bad access detected [ 21.234708] [ 21.236182] Memory state around the buggy address: [ 21.240962] ffff000805f79e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.248165] ffff000805f79e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.255371] >ffff000805f79f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.262571] ^ [ 21.265786] ffff000805f79f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.272991] ffff000805f7a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.280193] ==================================================================
[ 24.158658] ================================================================== [ 24.159043] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.159334] Write of size 1 at addr fff00000c77c9f00 by task kunit_try_catch/145 [ 24.159514] [ 24.159956] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.160198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.160878] Hardware name: linux,dummy-virt (DT) [ 24.160967] Call trace: [ 24.161044] show_stack+0x20/0x38 (C) [ 24.161736] dump_stack_lvl+0x8c/0xd0 [ 24.161861] print_report+0x118/0x608 [ 24.161983] kasan_report+0xdc/0x128 [ 24.162769] __asan_report_store1_noabort+0x20/0x30 [ 24.163614] kmalloc_big_oob_right+0x2a4/0x2f0 [ 24.163760] kunit_try_run_case+0x170/0x3f0 [ 24.163892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.164604] kthread+0x328/0x630 [ 24.165241] ret_from_fork+0x10/0x20 [ 24.165668] [ 24.165765] Allocated by task 145: [ 24.166218] kasan_save_stack+0x3c/0x68 [ 24.166325] kasan_save_track+0x20/0x40 [ 24.166801] kasan_save_alloc_info+0x40/0x58 [ 24.167471] __kasan_kmalloc+0xd4/0xd8 [ 24.167624] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.167843] kmalloc_big_oob_right+0xb8/0x2f0 [ 24.168179] kunit_try_run_case+0x170/0x3f0 [ 24.168300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.168605] kthread+0x328/0x630 [ 24.168980] ret_from_fork+0x10/0x20 [ 24.169501] [ 24.169615] The buggy address belongs to the object at fff00000c77c8000 [ 24.169615] which belongs to the cache kmalloc-8k of size 8192 [ 24.169921] The buggy address is located 0 bytes to the right of [ 24.169921] allocated 7936-byte region [fff00000c77c8000, fff00000c77c9f00) [ 24.170076] [ 24.170223] The buggy address belongs to the physical page: [ 24.170523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077c8 [ 24.170957] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.171182] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 24.171361] page_type: f5(slab) [ 24.171552] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.171699] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.171840] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 24.172175] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.172442] head: 0bfffe0000000003 ffffc1ffc31df201 00000000ffffffff 00000000ffffffff [ 24.172568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.172966] page dumped because: kasan: bad access detected [ 24.173073] [ 24.173348] Memory state around the buggy address: [ 24.173560] fff00000c77c9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.173662] fff00000c77c9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.173783] >fff00000c77c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.174832] ^ [ 24.175048] fff00000c77c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.175184] fff00000c77ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.175274] ==================================================================
[ 16.923626] ================================================================== [ 16.924923] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 16.926163] Write of size 1 at addr ffff888102cf5f00 by task kunit_try_catch/161 [ 16.926761] [ 16.927072] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 16.927199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.927237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.927297] Call Trace: [ 16.927343] <TASK> [ 16.927397] dump_stack_lvl+0x73/0xb0 [ 16.927483] print_report+0xd1/0x650 [ 16.927563] ? __virt_addr_valid+0x1db/0x2d0 [ 16.927645] ? kmalloc_big_oob_right+0x316/0x370 [ 16.927720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.927797] ? kmalloc_big_oob_right+0x316/0x370 [ 16.927875] kasan_report+0x141/0x180 [ 16.927954] ? kmalloc_big_oob_right+0x316/0x370 [ 16.928039] __asan_report_store1_noabort+0x1b/0x30 [ 16.928528] kmalloc_big_oob_right+0x316/0x370 [ 16.928565] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 16.928599] ? __schedule+0x10cc/0x2b60 [ 16.928634] ? __pfx_read_tsc+0x10/0x10 [ 16.928665] ? ktime_get_ts64+0x86/0x230 [ 16.928699] kunit_try_run_case+0x1a5/0x480 [ 16.928729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.928756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.928809] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.928860] ? __kthread_parkme+0x82/0x180 [ 16.928890] ? preempt_count_sub+0x50/0x80 [ 16.928922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.928951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.928985] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.929019] kthread+0x337/0x6f0 [ 16.929046] ? trace_preempt_on+0x20/0xc0 [ 16.929107] ? __pfx_kthread+0x10/0x10 [ 16.929137] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.929180] ? calculate_sigpending+0x7b/0xa0 [ 16.929320] ? __pfx_kthread+0x10/0x10 [ 16.929352] ret_from_fork+0x116/0x1d0 [ 16.929378] ? __pfx_kthread+0x10/0x10 [ 16.929406] ret_from_fork_asm+0x1a/0x30 [ 16.929448] </TASK> [ 16.929463] [ 16.949813] Allocated by task 161: [ 16.950222] kasan_save_stack+0x45/0x70 [ 16.950689] kasan_save_track+0x18/0x40 [ 16.951248] kasan_save_alloc_info+0x3b/0x50 [ 16.951597] __kasan_kmalloc+0xb7/0xc0 [ 16.952143] __kmalloc_cache_noprof+0x189/0x420 [ 16.953150] kmalloc_big_oob_right+0xa9/0x370 [ 16.954280] kunit_try_run_case+0x1a5/0x480 [ 16.954962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.955739] kthread+0x337/0x6f0 [ 16.956245] ret_from_fork+0x116/0x1d0 [ 16.956962] ret_from_fork_asm+0x1a/0x30 [ 16.957649] [ 16.957806] The buggy address belongs to the object at ffff888102cf4000 [ 16.957806] which belongs to the cache kmalloc-8k of size 8192 [ 16.959397] The buggy address is located 0 bytes to the right of [ 16.959397] allocated 7936-byte region [ffff888102cf4000, ffff888102cf5f00) [ 16.961371] [ 16.961577] The buggy address belongs to the physical page: [ 16.962222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102cf0 [ 16.962946] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.963581] flags: 0x200000000000040(head|node=0|zone=2) [ 16.964549] page_type: f5(slab) [ 16.965508] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 16.966027] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.967171] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 16.967808] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.969134] head: 0200000000000003 ffffea00040b3c01 00000000ffffffff 00000000ffffffff [ 16.970422] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 16.971596] page dumped because: kasan: bad access detected [ 16.972517] [ 16.972688] Memory state around the buggy address: [ 16.973016] ffff888102cf5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.973826] ffff888102cf5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.974427] >ffff888102cf5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.975529] ^ [ 16.975781] ffff888102cf5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.976976] ffff888102cf6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.977829] ==================================================================
[ 47.347839] ================================================================== [ 47.359985] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x324/0x37c [ 47.367370] Write of size 1 at addr ca82df00 by task kunit_try_catch/196 [ 47.374114] [ 47.375610] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 47.375640] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 47.375640] Hardware name: Generic DRA74X (Flattened Device Tree) [ 47.375671] Call trace: [ 47.375671] unwind_backtrace from show_stack+0x18/0x1c [ 47.375701] show_stack from dump_stack_lvl+0x70/0x90 [ 47.375701] dump_stack_lvl from print_report+0x158/0x528 [ 47.375732] print_report from kasan_report+0xdc/0x118 [ 47.375762] kasan_report from kmalloc_big_oob_right+0x324/0x37c [ 47.375793] kmalloc_big_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 47.375793] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.375823] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 47.375854] kthread from ret_from_fork+0x14/0x20 [ 47.375885] Exception stack(0xf21c3fb0 to 0xf21c3ff8) [ 47.375885] 3fa0: 00000000 00000000 00000000 00000000 [ 47.375915] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 47.375915] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 47.375946] [ 47.482360] Allocated by task 196: [ 47.485809] kasan_save_track+0x30/0x5c [ 47.489654] __kasan_kmalloc+0x8c/0x94 [ 47.493438] kmalloc_big_oob_right+0xd0/0x37c [ 47.497833] kunit_try_run_case+0x22c/0x5a8 [ 47.502044] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 47.507568] kthread+0x464/0x810 [ 47.510833] ret_from_fork+0x14/0x20 [ 47.514434] [ 47.515930] The buggy address belongs to the object at ca82c000 [ 47.515930] which belongs to the cache kmalloc-8k of size 8192 [ 47.527832] The buggy address is located 0 bytes to the right of [ 47.527832] allocated 7936-byte region [ca82c000, ca82df00) [ 47.539550] [ 47.541046] The buggy address belongs to the physical page: [ 47.546661] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8a828 [ 47.553924] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.561645] flags: 0x40(head|zone=0) [ 47.565246] page_type: f5(slab) [ 47.568420] raw: 00000040 c7001a00 00000122 00000000 00000000 80020002 f5000000 00000000 [ 47.576568] raw: 00000000 [ 47.579193] head: 00000040 c7001a00 00000122 00000000 00000000 80020002 f5000000 00000000 [ 47.587432] head: 00000000 00000003 eeb795a1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 47.595672] head: 00000000 00000008 [ 47.599182] page dumped because: kasan: bad access detected [ 47.604797] [ 47.606292] Memory state around the buggy address: [ 47.611114] ca82de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.617675] ca82de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.624237] >ca82df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.630828] ^ [ 47.633361] ca82df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.639923] ca82e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.646514] ==================================================================