Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 26.277687] ================================================================== [ 26.277799] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 26.277914] Read of size 1 at addr ffff800080a27b4a by task kunit_try_catch/255 [ 26.279224] [ 26.279403] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 26.281173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.281322] Hardware name: linux,dummy-virt (DT) [ 26.281433] Call trace: [ 26.281790] show_stack+0x20/0x38 (C) [ 26.281911] dump_stack_lvl+0x8c/0xd0 [ 26.282045] print_report+0x310/0x608 [ 26.282156] kasan_report+0xdc/0x128 [ 26.282268] __asan_report_load1_noabort+0x20/0x30 [ 26.282393] kasan_alloca_oob_right+0x2dc/0x340 [ 26.282509] kunit_try_run_case+0x170/0x3f0 [ 26.283491] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.283790] kthread+0x328/0x630 [ 26.284439] ret_from_fork+0x10/0x20 [ 26.284810] [ 26.284898] The buggy address belongs to stack of task kunit_try_catch/255 [ 26.285803] [ 26.286105] The buggy address belongs to the virtual mapping at [ 26.286105] [ffff800080a20000, ffff800080a29000) created by: [ 26.286105] kernel_clone+0x150/0x7a8 [ 26.286593] [ 26.286915] The buggy address belongs to the physical page: [ 26.287123] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10761b [ 26.287247] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.287383] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.288765] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.289172] page dumped because: kasan: bad access detected [ 26.289299] [ 26.289381] Memory state around the buggy address: [ 26.290247] ffff800080a27a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.290555] ffff800080a27a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.290676] >ffff800080a27b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.290779] ^ [ 26.290878] ffff800080a27b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 26.291562] ffff800080a27c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 26.292232] ==================================================================
[ 13.349463] ================================================================== [ 13.350387] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.351298] Read of size 1 at addr ffff888103acfc4a by task kunit_try_catch/273 [ 13.351757] [ 13.351939] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 13.351998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.352010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.352033] Call Trace: [ 13.352056] <TASK> [ 13.352082] dump_stack_lvl+0x73/0xb0 [ 13.352112] print_report+0xd1/0x650 [ 13.352137] ? __virt_addr_valid+0x1db/0x2d0 [ 13.352172] ? kasan_alloca_oob_right+0x329/0x390 [ 13.352195] ? kasan_addr_to_slab+0x11/0xa0 [ 13.352217] ? kasan_alloca_oob_right+0x329/0x390 [ 13.352240] kasan_report+0x141/0x180 [ 13.352263] ? kasan_alloca_oob_right+0x329/0x390 [ 13.352291] __asan_report_load1_noabort+0x18/0x20 [ 13.352313] kasan_alloca_oob_right+0x329/0x390 [ 13.352347] ? finish_task_switch.isra.0+0x153/0x700 [ 13.352373] ? rwsem_down_read_slowpath+0x64e/0xb90 [ 13.352453] ? trace_hardirqs_on+0x37/0xe0 [ 13.352482] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.352508] ? __schedule+0x10cc/0x2b30 [ 13.352532] ? __pfx_read_tsc+0x10/0x10 [ 13.352553] ? ktime_get_ts64+0x86/0x230 [ 13.352581] kunit_try_run_case+0x1a5/0x480 [ 13.352608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.352630] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.352654] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.352678] ? __kthread_parkme+0x82/0x180 [ 13.352700] ? preempt_count_sub+0x50/0x80 [ 13.352724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.352748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.352771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.352794] kthread+0x337/0x6f0 [ 13.352814] ? trace_preempt_on+0x20/0xc0 [ 13.352836] ? __pfx_kthread+0x10/0x10 [ 13.352858] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.352880] ? calculate_sigpending+0x7b/0xa0 [ 13.352902] ? __pfx_kthread+0x10/0x10 [ 13.352925] ret_from_fork+0x41/0x80 [ 13.352945] ? __pfx_kthread+0x10/0x10 [ 13.352967] ret_from_fork_asm+0x1a/0x30 [ 13.353000] </TASK> [ 13.353010] [ 13.364385] The buggy address belongs to stack of task kunit_try_catch/273 [ 13.364740] [ 13.364827] The buggy address belongs to the physical page: [ 13.365003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103acf [ 13.365362] flags: 0x200000000000000(node=0|zone=2) [ 13.365688] raw: 0200000000000000 ffffea00040eb3c8 ffffea00040eb3c8 0000000000000000 [ 13.365991] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.366344] page dumped because: kasan: bad access detected [ 13.366539] [ 13.366634] Memory state around the buggy address: [ 13.366859] ffff888103acfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.367360] ffff888103acfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.367664] >ffff888103acfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.368115] ^ [ 13.368580] ffff888103acfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.368885] ffff888103acfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.369192] ==================================================================
[ 23.422847] ================================================================== [ 23.423938] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 23.424661] Read of size 1 at addr ffff800089717b4a by task kunit_try_catch/307 [ 23.425340] [ 23.425506] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.425556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.425572] Hardware name: Radxa ROCK Pi 4B (DT) [ 23.425590] Call trace: [ 23.425604] show_stack+0x20/0x38 (C) [ 23.425637] dump_stack_lvl+0x8c/0xd0 [ 23.425669] print_report+0x310/0x608 [ 23.425701] kasan_report+0xdc/0x128 [ 23.425731] __asan_report_load1_noabort+0x20/0x30 [ 23.425767] kasan_alloca_oob_right+0x2dc/0x340 [ 23.425804] kunit_try_run_case+0x170/0x3f0 [ 23.425843] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.425883] kthread+0x328/0x630 [ 23.425919] ret_from_fork+0x10/0x20 [ 23.425953] [ 23.431572] The buggy address belongs to stack of task kunit_try_catch/307 [ 23.432228] [ 23.432385] The buggy address belongs to the virtual mapping at [ 23.432385] [ffff800089710000, ffff800089719000) created by: [ 23.432385] kernel_clone+0x150/0x7a8 [ 23.433778] [ 23.433934] The buggy address belongs to the physical page: [ 23.434452] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfdf2 [ 23.435179] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 23.435804] raw: 03fffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 23.436522] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 23.437231] page dumped because: kasan: bad access detected [ 23.437748] [ 23.437902] Memory state around the buggy address: [ 23.438351] ffff800089717a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.439019] ffff800089717a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.439686] >ffff800089717b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 23.440348] ^ [ 23.440868] ffff800089717b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 23.441535] ffff800089717c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 23.442198] ==================================================================