Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-x86_64 | |
| x15 |
[ 20.217741] ================================================================== [ 20.226743] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 20.234115] Read of size 1 at addr ffff000802f01000 by task kunit_try_catch/184 [ 20.241405] [ 20.242893] CPU: 6 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 20.242948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.242964] Hardware name: WinLink E850-96 board (DT) [ 20.242984] Call trace: [ 20.243000] show_stack+0x20/0x38 (C) [ 20.243037] dump_stack_lvl+0x8c/0xd0 [ 20.243074] print_report+0x118/0x608 [ 20.243109] kasan_report+0xdc/0x128 [ 20.243141] __asan_report_load1_noabort+0x20/0x30 [ 20.243173] kmalloc_node_oob_right+0x2f4/0x330 [ 20.243206] kunit_try_run_case+0x170/0x3f0 [ 20.243241] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.243278] kthread+0x328/0x630 [ 20.243306] ret_from_fork+0x10/0x20 [ 20.243342] [ 20.306944] Allocated by task 184: [ 20.310332] kasan_save_stack+0x3c/0x68 [ 20.314147] kasan_save_track+0x20/0x40 [ 20.317967] kasan_save_alloc_info+0x40/0x58 [ 20.322220] __kasan_kmalloc+0xd4/0xd8 [ 20.325953] __kmalloc_cache_node_noprof+0x168/0x3d0 [ 20.330901] kmalloc_node_oob_right+0xbc/0x330 [ 20.335328] kunit_try_run_case+0x170/0x3f0 [ 20.339494] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.344963] kthread+0x328/0x630 [ 20.348174] ret_from_fork+0x10/0x20 [ 20.351734] [ 20.353212] The buggy address belongs to the object at ffff000802f00000 [ 20.353212] which belongs to the cache kmalloc-4k of size 4096 [ 20.365713] The buggy address is located 0 bytes to the right of [ 20.365713] allocated 4096-byte region [ffff000802f00000, ffff000802f01000) [ 20.378730] [ 20.380208] The buggy address belongs to the physical page: [ 20.385766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882f00 [ 20.393749] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.401389] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 20.408332] page_type: f5(slab) [ 20.411469] raw: 0bfffe0000000040 ffff000800003040 dead000000000122 0000000000000000 [ 20.419187] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 20.426916] head: 0bfffe0000000040 ffff000800003040 dead000000000122 0000000000000000 [ 20.434725] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 20.442538] head: 0bfffe0000000003 fffffdffe00bc001 00000000ffffffff 00000000ffffffff [ 20.450350] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 20.458156] page dumped because: kasan: bad access detected [ 20.463712] [ 20.465186] Memory state around the buggy address: [ 20.469968] ffff000802f00f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.477170] ffff000802f00f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.484374] >ffff000802f01000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.491575] ^ [ 20.494790] ffff000802f01080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.501995] ffff000802f01100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.509197] ==================================================================
[ 16.755512] ================================================================== [ 16.756913] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 16.757603] Read of size 1 at addr ffff88810299f000 by task kunit_try_catch/157 [ 16.758077] [ 16.758651] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 16.758718] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.758735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.758764] Call Trace: [ 16.758790] <TASK> [ 16.758832] dump_stack_lvl+0x73/0xb0 [ 16.758872] print_report+0xd1/0x650 [ 16.758905] ? __virt_addr_valid+0x1db/0x2d0 [ 16.758938] ? kmalloc_node_oob_right+0x369/0x3c0 [ 16.758971] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.759001] ? kmalloc_node_oob_right+0x369/0x3c0 [ 16.759035] kasan_report+0x141/0x180 [ 16.759098] ? kmalloc_node_oob_right+0x369/0x3c0 [ 16.759189] __asan_report_load1_noabort+0x18/0x20 [ 16.759449] kmalloc_node_oob_right+0x369/0x3c0 [ 16.759498] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 16.759536] ? kasan_save_stack+0x45/0x70 [ 16.759567] ? __pfx_read_tsc+0x10/0x10 [ 16.759599] ? ktime_get_ts64+0x86/0x230 [ 16.759633] kunit_try_run_case+0x1a5/0x480 [ 16.759664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.759691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.759726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.759761] ? __kthread_parkme+0x82/0x180 [ 16.759805] ? preempt_count_sub+0x50/0x80 [ 16.759856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.759885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.759920] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.759954] kthread+0x337/0x6f0 [ 16.759980] ? trace_preempt_on+0x20/0xc0 [ 16.760013] ? __pfx_kthread+0x10/0x10 [ 16.760040] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.760098] ? calculate_sigpending+0x7b/0xa0 [ 16.760135] ? __pfx_kthread+0x10/0x10 [ 16.760174] ret_from_fork+0x116/0x1d0 [ 16.760555] ? __pfx_kthread+0x10/0x10 [ 16.760593] ret_from_fork_asm+0x1a/0x30 [ 16.760640] </TASK> [ 16.760656] [ 16.783828] Allocated by task 157: [ 16.784181] kasan_save_stack+0x45/0x70 [ 16.785684] kasan_save_track+0x18/0x40 [ 16.786618] kasan_save_alloc_info+0x3b/0x50 [ 16.787573] __kasan_kmalloc+0xb7/0xc0 [ 16.788100] __kmalloc_cache_node_noprof+0x188/0x420 [ 16.788925] kmalloc_node_oob_right+0xab/0x3c0 [ 16.789727] kunit_try_run_case+0x1a5/0x480 [ 16.790625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.790976] kthread+0x337/0x6f0 [ 16.791599] ret_from_fork+0x116/0x1d0 [ 16.791993] ret_from_fork_asm+0x1a/0x30 [ 16.792782] [ 16.793824] The buggy address belongs to the object at ffff88810299e000 [ 16.793824] which belongs to the cache kmalloc-4k of size 4096 [ 16.795073] The buggy address is located 0 bytes to the right of [ 16.795073] allocated 4096-byte region [ffff88810299e000, ffff88810299f000) [ 16.796412] [ 16.797012] The buggy address belongs to the physical page: [ 16.798042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102998 [ 16.799268] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.799906] flags: 0x200000000000040(head|node=0|zone=2) [ 16.800628] page_type: f5(slab) [ 16.801361] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 16.802180] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 16.803098] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 16.804356] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 16.805005] head: 0200000000000003 ffffea00040a6601 00000000ffffffff 00000000ffffffff [ 16.805778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 16.806581] page dumped because: kasan: bad access detected [ 16.807552] [ 16.807719] Memory state around the buggy address: [ 16.808783] ffff88810299ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.809416] ffff88810299ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.810414] >ffff88810299f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.810957] ^ [ 16.811182] ffff88810299f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.811942] ffff88810299f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.812539] ==================================================================
[ 46.465454] ================================================================== [ 46.476409] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x380/0x3c4 [ 46.483886] Read of size 1 at addr cc7ab000 by task kunit_try_catch/192 [ 46.490539] [ 46.492034] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 46.492065] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 46.492065] Hardware name: Generic DRA74X (Flattened Device Tree) [ 46.492095] Call trace: [ 46.492095] unwind_backtrace from show_stack+0x18/0x1c [ 46.492126] show_stack from dump_stack_lvl+0x70/0x90 [ 46.492156] dump_stack_lvl from print_report+0x158/0x528 [ 46.492156] print_report from kasan_report+0xdc/0x118 [ 46.492187] kasan_report from kmalloc_node_oob_right+0x380/0x3c4 [ 46.492218] kmalloc_node_oob_right from kunit_try_run_case+0x22c/0x5a8 [ 46.492248] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 46.492279] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 46.492309] kthread from ret_from_fork+0x14/0x20 [ 46.492309] Exception stack(0xf21abfb0 to 0xf21abff8) [ 46.492340] bfa0: 00000000 00000000 00000000 00000000 [ 46.492340] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 46.492370] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 46.492370] [ 46.598968] Allocated by task 192: [ 46.602416] kasan_save_track+0x30/0x5c [ 46.606262] __kasan_kmalloc+0x8c/0x94 [ 46.610046] kmalloc_node_oob_right+0xd4/0x3c4 [ 46.614532] kunit_try_run_case+0x22c/0x5a8 [ 46.618743] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 46.624267] kthread+0x464/0x810 [ 46.627532] ret_from_fork+0x14/0x20 [ 46.631134] [ 46.632629] The buggy address belongs to the object at cc7aa000 [ 46.632629] which belongs to the cache kmalloc-4k of size 4096 [ 46.644531] The buggy address is located 0 bytes to the right of [ 46.644531] allocated 4096-byte region [cc7aa000, cc7ab000) [ 46.656249] [ 46.657775] The buggy address belongs to the physical page: [ 46.663391] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c7a8 [ 46.670654] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 46.678344] flags: 0x40(head|zone=0) [ 46.681945] page_type: f5(slab) [ 46.685119] raw: 00000040 c7001900 00000122 00000000 00000000 80040004 f5000000 00000000 [ 46.693267] raw: 00000000 [ 46.695922] head: 00000040 c7001900 00000122 00000000 00000000 80040004 f5000000 00000000 [ 46.704162] head: 00000000 00000003 eebc03a1 ffffffff 00000000 ffffffff 00000000 ffffffff [ 46.712371] head: 00000000 00000008 [ 46.715881] page dumped because: kasan: bad access detected [ 46.721496] [ 46.722991] Memory state around the buggy address: [ 46.727813] cc7aaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.734405] cc7aaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.740966] >cc7ab000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.747528] ^ [ 46.750091] cc7ab080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.756652] cc7ab100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.763214] ==================================================================