Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 19.848811] ================================================================== [ 19.858083] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 19.864937] Read of size 1 at addr ffff000801b0773f by task kunit_try_catch/182 [ 19.872227] [ 19.873714] CPU: 3 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 19.873771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.873788] Hardware name: WinLink E850-96 board (DT) [ 19.873809] Call trace: [ 19.873821] show_stack+0x20/0x38 (C) [ 19.873858] dump_stack_lvl+0x8c/0xd0 [ 19.873895] print_report+0x118/0x608 [ 19.873931] kasan_report+0xdc/0x128 [ 19.873962] __asan_report_load1_noabort+0x20/0x30 [ 19.873993] kmalloc_oob_left+0x2ec/0x320 [ 19.874021] kunit_try_run_case+0x170/0x3f0 [ 19.874056] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.874095] kthread+0x328/0x630 [ 19.874124] ret_from_fork+0x10/0x20 [ 19.874157] [ 19.937245] Allocated by task 12: [ 19.940546] kasan_save_stack+0x3c/0x68 [ 19.944361] kasan_save_track+0x20/0x40 [ 19.948182] kasan_save_alloc_info+0x40/0x58 [ 19.952434] __kasan_kmalloc+0xd4/0xd8 [ 19.956166] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 19.961722] kstrdup+0x54/0xc8 [ 19.964760] kstrdup_const+0x48/0x60 [ 19.968319] __kernfs_new_node+0xb0/0x578 [ 19.972312] kernfs_new_node+0x128/0x1a8 [ 19.976218] kernfs_create_link+0xac/0x228 [ 19.980300] sysfs_do_create_link_sd+0x8c/0x128 [ 19.984812] sysfs_create_link+0x48/0xb8 [ 19.988718] driver_sysfs_add+0x88/0x258 [ 19.992624] really_probe+0xf0/0x7f0 [ 19.996183] __driver_probe_device+0x164/0x378 [ 20.000610] driver_probe_device+0x64/0x180 [ 20.004776] __device_attach_driver+0x174/0x280 [ 20.009291] bus_for_each_drv+0x118/0x1b0 [ 20.013285] __device_attach+0x174/0x378 [ 20.017190] device_initial_probe+0x1c/0x30 [ 20.021357] bus_probe_device+0x12c/0x170 [ 20.025350] deferred_probe_work_func+0x140/0x208 [ 20.030037] process_one_work+0x530/0xf98 [ 20.034030] worker_thread+0x8ac/0xf28 [ 20.037763] kthread+0x328/0x630 [ 20.040974] ret_from_fork+0x10/0x20 [ 20.044533] [ 20.046010] Freed by task 0: [ 20.048877] kasan_save_stack+0x3c/0x68 [ 20.052693] kasan_save_track+0x20/0x40 [ 20.056514] kasan_save_free_info+0x4c/0x78 [ 20.060679] __kasan_slab_free+0x6c/0x98 [ 20.064585] kfree+0x214/0x3c8 [ 20.067623] kfree_const+0x3c/0x50 [ 20.071008] kernfs_free_rcu+0x4c/0x120 [ 20.074828] rcu_core+0x9f4/0x1e20 [ 20.078213] rcu_core_si+0x18/0x30 [ 20.081599] handle_softirqs+0x374/0xb28 [ 20.085506] __do_softirq+0x1c/0x28 [ 20.088977] [ 20.090455] The buggy address belongs to the object at ffff000801b07720 [ 20.090455] which belongs to the cache kmalloc-16 of size 16 [ 20.102783] The buggy address is located 15 bytes to the right of [ 20.102783] allocated 16-byte region [ffff000801b07720, ffff000801b07730) [ 20.115713] [ 20.117191] The buggy address belongs to the physical page: [ 20.122749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b07 [ 20.130735] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.137242] page_type: f5(slab) [ 20.140379] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000 [ 20.148097] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.155818] page dumped because: kasan: bad access detected [ 20.161373] [ 20.162847] Memory state around the buggy address: [ 20.167631] ffff000801b07600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.174832] ffff000801b07680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 20.182036] >ffff000801b07700: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 20.189236] ^ [ 20.194274] ffff000801b07780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.201481] ffff000801b07800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.208680] ==================================================================
[ 24.040813] ================================================================== [ 24.041146] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 24.041383] Read of size 1 at addr fff00000c5ed4c7f by task kunit_try_catch/139 [ 24.041510] [ 24.041724] CPU: 0 UID: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.041988] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.042405] Hardware name: linux,dummy-virt (DT) [ 24.042553] Call trace: [ 24.042729] show_stack+0x20/0x38 (C) [ 24.042955] dump_stack_lvl+0x8c/0xd0 [ 24.043190] print_report+0x118/0x608 [ 24.043506] kasan_report+0xdc/0x128 [ 24.043626] __asan_report_load1_noabort+0x20/0x30 [ 24.043802] kmalloc_oob_left+0x2ec/0x320 [ 24.044063] kunit_try_run_case+0x170/0x3f0 [ 24.044221] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.045130] kthread+0x328/0x630 [ 24.045280] ret_from_fork+0x10/0x20 [ 24.045404] [ 24.045451] Allocated by task 9: [ 24.045516] kasan_save_stack+0x3c/0x68 [ 24.045616] kasan_save_track+0x20/0x40 [ 24.046102] kasan_save_alloc_info+0x40/0x58 [ 24.046210] __kasan_kmalloc+0xd4/0xd8 [ 24.046311] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 24.046425] kvasprintf+0xe0/0x180 [ 24.046520] __kthread_create_on_node+0x16c/0x350 [ 24.046611] kthread_create_on_node+0xe4/0x130 [ 24.046777] create_worker+0x380/0x6b8 [ 24.047158] worker_thread+0x5dc/0xf28 [ 24.047963] kthread+0x328/0x630 [ 24.048081] ret_from_fork+0x10/0x20 [ 24.048174] [ 24.048223] The buggy address belongs to the object at fff00000c5ed4c60 [ 24.048223] which belongs to the cache kmalloc-16 of size 16 [ 24.048354] The buggy address is located 19 bytes to the right of [ 24.048354] allocated 12-byte region [fff00000c5ed4c60, fff00000c5ed4c6c) [ 24.048502] [ 24.048549] The buggy address belongs to the physical page: [ 24.048618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ed4 [ 24.050443] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.051303] page_type: f5(slab) [ 24.051427] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 24.051579] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.051730] page dumped because: kasan: bad access detected [ 24.051805] [ 24.051879] Memory state around the buggy address: [ 24.051955] fff00000c5ed4b00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 24.052051] fff00000c5ed4b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.052155] >fff00000c5ed4c00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 24.052321] ^ [ 24.052414] fff00000c5ed4c80: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.052509] fff00000c5ed4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.052611] ==================================================================
[ 16.695328] ================================================================== [ 16.696689] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 16.698177] Read of size 1 at addr ffff888100fa0ebf by task kunit_try_catch/155 [ 16.698657] [ 16.698865] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 16.698933] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.698950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.698982] Call Trace: [ 16.698999] <TASK> [ 16.699023] dump_stack_lvl+0x73/0xb0 [ 16.699093] print_report+0xd1/0x650 [ 16.699176] ? __virt_addr_valid+0x1db/0x2d0 [ 16.699256] ? kmalloc_oob_left+0x361/0x3c0 [ 16.699328] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.699404] ? kmalloc_oob_left+0x361/0x3c0 [ 16.699478] kasan_report+0x141/0x180 [ 16.699558] ? kmalloc_oob_left+0x361/0x3c0 [ 16.699644] __asan_report_load1_noabort+0x18/0x20 [ 16.699713] kmalloc_oob_left+0x361/0x3c0 [ 16.699770] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 16.699827] ? __schedule+0x10cc/0x2b60 [ 16.699866] ? __pfx_read_tsc+0x10/0x10 [ 16.699898] ? ktime_get_ts64+0x86/0x230 [ 16.699932] kunit_try_run_case+0x1a5/0x480 [ 16.699963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.699989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.700024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.700077] ? __kthread_parkme+0x82/0x180 [ 16.700113] ? preempt_count_sub+0x50/0x80 [ 16.700145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.700190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.700274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.700318] kthread+0x337/0x6f0 [ 16.700346] ? trace_preempt_on+0x20/0xc0 [ 16.700380] ? __pfx_kthread+0x10/0x10 [ 16.700409] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.700441] ? calculate_sigpending+0x7b/0xa0 [ 16.700475] ? __pfx_kthread+0x10/0x10 [ 16.700504] ret_from_fork+0x116/0x1d0 [ 16.700528] ? __pfx_kthread+0x10/0x10 [ 16.700556] ret_from_fork_asm+0x1a/0x30 [ 16.700598] </TASK> [ 16.700613] [ 16.721051] Allocated by task 1: [ 16.722217] kasan_save_stack+0x45/0x70 [ 16.722631] kasan_save_track+0x18/0x40 [ 16.722999] kasan_save_alloc_info+0x3b/0x50 [ 16.723965] __kasan_kmalloc+0xb7/0xc0 [ 16.724659] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 16.725417] kvasprintf+0xc5/0x150 [ 16.725999] __kthread_create_on_node+0x18b/0x3a0 [ 16.726976] kthread_create_on_node+0xab/0xe0 [ 16.727745] create_worker+0x3e5/0x7b0 [ 16.728431] alloc_unbound_pwq+0x8ea/0xdb0 [ 16.729143] apply_wqattrs_prepare+0x332/0xd20 [ 16.729633] apply_workqueue_attrs_locked+0x4d/0xa0 [ 16.730454] alloc_workqueue+0xcc7/0x1ad0 [ 16.730747] latency_fsnotify_init+0x1b/0x50 [ 16.731687] do_one_initcall+0xd8/0x370 [ 16.732474] kernel_init_freeable+0x420/0x6f0 [ 16.732889] kernel_init+0x23/0x1e0 [ 16.733508] ret_from_fork+0x116/0x1d0 [ 16.733833] ret_from_fork_asm+0x1a/0x30 [ 16.734175] [ 16.734356] The buggy address belongs to the object at ffff888100fa0ea0 [ 16.734356] which belongs to the cache kmalloc-16 of size 16 [ 16.736379] The buggy address is located 18 bytes to the right of [ 16.736379] allocated 13-byte region [ffff888100fa0ea0, ffff888100fa0ead) [ 16.737646] [ 16.737838] The buggy address belongs to the physical page: [ 16.738415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fa0 [ 16.739028] flags: 0x200000000000000(node=0|zone=2) [ 16.740047] page_type: f5(slab) [ 16.740958] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.741795] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.742656] page dumped because: kasan: bad access detected [ 16.743684] [ 16.743928] Memory state around the buggy address: [ 16.745253] ffff888100fa0d80: 00 04 fc fc 00 04 fc fc 00 00 fc fc fa fb fc fc [ 16.745769] ffff888100fa0e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.747055] >ffff888100fa0e80: fa fb fc fc 00 05 fc fc 00 07 fc fc fc fc fc fc [ 16.747933] ^ [ 16.748362] ffff888100fa0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.749383] ffff888100fa0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.750211] ==================================================================
[ 46.143371] ================================================================== [ 46.154418] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x378/0x3b8 [ 46.161346] Read of size 1 at addr cc795a7f by task kunit_try_catch/190 [ 46.167999] [ 46.169494] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 46.169525] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 46.169525] Hardware name: Generic DRA74X (Flattened Device Tree) [ 46.169555] Call trace: [ 46.169555] unwind_backtrace from show_stack+0x18/0x1c [ 46.169586] show_stack from dump_stack_lvl+0x70/0x90 [ 46.169616] dump_stack_lvl from print_report+0x158/0x528 [ 46.169647] print_report from kasan_report+0xdc/0x118 [ 46.169647] kasan_report from kmalloc_oob_left+0x378/0x3b8 [ 46.169677] kmalloc_oob_left from kunit_try_run_case+0x22c/0x5a8 [ 46.169708] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 46.169738] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 46.169769] kthread from ret_from_fork+0x14/0x20 [ 46.169769] Exception stack(0xf219bfb0 to 0xf219bff8) [ 46.169799] bfa0: 00000000 00000000 00000000 00000000 [ 46.169799] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 46.169830] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 46.169830] [ 46.275390] Allocated by task 189: [ 46.278839] kasan_save_track+0x30/0x5c [ 46.282684] __kasan_kmalloc+0x8c/0x94 [ 46.286468] kmem_cache_free+0x1e0/0x470 [ 46.290435] release_task+0xcb8/0x175c [ 46.294219] do_exit+0x14b8/0x2584 [ 46.297637] kthread_exit+0x208/0x25c [ 46.301330] kthread+0x420/0x810 [ 46.304595] ret_from_fork+0x14/0x20 [ 46.308197] [ 46.309692] Last potentially related work creation: [ 46.314605] kasan_save_stack+0x30/0x4c [ 46.318481] kasan_record_aux_stack+0x80/0x88 [ 46.322875] __call_rcu_common.constprop.0+0x98/0xb80 [ 46.327972] kmem_cache_free+0x204/0x470 [ 46.331909] release_task+0xcb8/0x175c [ 46.335693] do_exit+0x14b8/0x2584 [ 46.339141] kthread_exit+0x208/0x25c [ 46.342834] kthread+0x420/0x810 [ 46.346069] ret_from_fork+0x14/0x20 [ 46.349670] [ 46.351196] The buggy address belongs to the object at cc795a00 [ 46.351196] which belongs to the cache kmalloc-64 of size 64 [ 46.362915] The buggy address is located 115 bytes to the right of [ 46.362915] allocated 12-byte region [cc795a00, cc795a0c) [ 46.374633] [ 46.376129] The buggy address belongs to the physical page: [ 46.381744] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c795 [ 46.389007] flags: 0x0(zone=0) [ 46.392089] page_type: f5(slab) [ 46.395263] raw: 00000000 c7001300 00000122 00000000 00000000 80200020 f5000000 00000000 [ 46.403411] raw: 00000000 [ 46.406036] page dumped because: kasan: bad access detected [ 46.411651] [ 46.413146] Memory state around the buggy address: [ 46.417968] cc795900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 46.424530] cc795980: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 46.431121] >cc795a00: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.437683] ^ [ 46.444152] cc795a80: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.450744] cc795b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.457305] ==================================================================