Date
April 20, 2025, 11:09 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 | |
rk3399-rock-pi-4b |
[ 201.262104] ================================================================== [ 201.262218] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 201.262310] Read of size 12 at addr ffffa18757f44de0 by task kunit_try_catch/3323 [ 201.262359] [ 201.262411] CPU: 1 UID: 0 PID: 3323 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc3 #1 PREEMPT [ 201.262499] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 201.262529] Hardware name: linux,dummy-virt (DT) [ 201.262566] Call trace: [ 201.262600] show_stack+0x20/0x38 (C) [ 201.262663] dump_stack_lvl+0x8c/0xd0 [ 201.262723] print_report+0x310/0x608 [ 201.262781] kasan_report+0xdc/0x128 [ 201.262834] kasan_check_range+0x100/0x1a8 [ 201.262888] __asan_memcpy+0x3c/0x98 [ 201.262972] cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 201.263036] cs_dsp_mock_bin_add_info+0x18/0x30 [ 201.263092] bin_patch_name_and_info+0x168/0x6b0 [ 201.263145] kunit_try_run_case+0x170/0x3f0 [ 201.263206] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 201.263264] kthread+0x328/0x630 [ 201.263323] ret_from_fork+0x10/0x20 [ 201.263384] [ 201.263409] The buggy address belongs to the variable: [ 201.263435] __loc.0+0x2c0/0x3a0 [ 201.263489] [ 201.263597] The buggy address belongs to the virtual mapping at [ 201.263597] [ffffa18756c50000, ffffa18758960000) created by: [ 201.263597] paging_init+0x620/0x7d0 [ 201.263765] [ 201.263883] The buggy address belongs to the physical page: [ 201.264057] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44f44 [ 201.264156] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 201.264299] raw: 03fffe0000002000 ffffc1ffc013d108 ffffc1ffc013d108 0000000000000000 [ 201.264396] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 201.264452] page dumped because: kasan: bad access detected [ 201.264485] [ 201.264508] Memory state around the buggy address: [ 201.264544] ffffa18757f44c80: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 [ 201.264583] ffffa18757f44d00: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 [ 201.264623] >ffffa18757f44d80: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 [ 201.264654] ^ [ 201.264691] ffffa18757f44e00: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 [ 201.264729] ffffa18757f44e80: 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 201.264763] ==================================================================
[ 133.681604] ================================================================== [ 133.681904] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.1+0x198/0x33c [ 133.682029] Read of size 12 at addr ffff994f276d63c0 by task kunit_try_catch/3086 [ 133.682091] [ 133.682172] CPU: 0 UID: 0 PID: 3086 Comm: kunit_try_catch Tainted: G D W N 6.15.0-rc3 #1 PREEMPT [ 133.682286] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 133.682377] Hardware name: linux,dummy-virt (DT) [ 133.682499] Call trace: [ 133.682593] show_stack+0x18/0x24 (C) [ 133.682724] dump_stack_lvl+0x78/0x90 [ 133.682838] print_report+0x1d4/0x5dc [ 133.682948] kasan_report+0x78/0xc0 [ 133.683061] kasan_check_range+0x180/0x210 [ 133.683171] memcpy+0x3c/0xa4 [ 133.683286] cs_dsp_mock_bin_add_name_or_info.isra.1+0x198/0x33c [ 133.683395] cs_dsp_mock_bin_add_info+0x10/0x1c [ 133.683499] bin_patch_name_and_info+0x164/0x6a8 [ 133.683620] kunit_try_run_case+0x144/0x3bc [ 133.683739] kunit_generic_run_threadfn_adapter+0x80/0xec [ 133.683865] kthread+0x3f0/0x744 [ 133.683932] ret_from_fork+0x10/0x20 [ 133.684005] [ 133.684073] The buggy address belongs to the variable: [ 133.684107] __loc.44591+0x280/0x420 [ 133.684169] [ 133.684298] The buggy address belongs to the virtual mapping at [ 133.684298] [ffff994f26600000, ffff994f27ec0000) created by: [ 133.684298] paging_init+0x474/0x61c [ 133.684371] [ 133.684451] The buggy address belongs to the physical page: [ 133.684791] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x442d6 [ 133.684919] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 133.685385] raw: 03fffe0000002000 ffffc1ffc010b588 ffffc1ffc010b588 0000000000000000 [ 133.685450] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 133.685585] page dumped because: kasan: bad access detected [ 133.685637] [ 133.685668] Memory state around the buggy address: [ 133.685924] ffff994f276d6280: 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 [ 133.686001] ffff994f276d6300: 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 133.686061] >ffff994f276d6380: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 133.686111] ^ [ 133.686198] ffff994f276d6400: 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 00 06 f9 f9 [ 133.686240] ffff994f276d6480: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 [ 133.686358] ==================================================================
[ 111.816176] ================================================================== [ 111.816389] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 111.816492] Read of size 12 at addr ffff987e568487c0 by task kunit_try_catch/3086 [ 111.816535] [ 111.816598] CPU: 0 UID: 0 PID: 3086 Comm: kunit_try_catch Tainted: G D W N 6.15.0-rc3 #1 PREEMPT [ 111.816663] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 111.816683] Hardware name: linux,dummy-virt (DT) [ 111.816710] Call trace: [ 111.816733] show_stack+0x18/0x24 (C) [ 111.816781] dump_stack_lvl+0x74/0x8c [ 111.816823] print_report+0x300/0x5f4 [ 111.816863] kasan_report+0xc4/0x108 [ 111.816901] kasan_check_range+0x100/0x1a8 [ 111.816941] __asan_memcpy+0x3c/0x94 [ 111.816981] cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 111.817024] cs_dsp_mock_bin_add_info+0x10/0x1c [ 111.817078] bin_patch_name_and_info+0x15c/0x6a0 [ 111.817119] kunit_try_run_case+0x144/0x3bc [ 111.817164] kunit_generic_run_threadfn_adapter+0x80/0xec [ 111.817206] kthread+0x37c/0x67c [ 111.817246] ret_from_fork+0x10/0x20 [ 111.817295] [ 111.817354] The buggy address belongs to the variable: [ 111.817376] __loc.0+0x2c0/0x3a0 [ 111.817419] [ 111.817499] The buggy address belongs to the virtual mapping at [ 111.817499] [ffff987e55780000, ffff987e57040000) created by: [ 111.817499] paging_init+0x4d4/0x640 [ 111.817552] [ 111.817613] The buggy address belongs to the physical page: [ 111.817869] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44248 [ 111.817975] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 111.818302] raw: 03fffe0000002000 ffffc1ffc0109208 ffffc1ffc0109208 0000000000000000 [ 111.818346] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 111.818436] page dumped because: kasan: bad access detected [ 111.818466] [ 111.818491] Memory state around the buggy address: [ 111.818742] ffff987e56848680: 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 [ 111.818802] ffff987e56848700: 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 111.818843] >ffff987e56848780: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 111.818890] ^ [ 111.818959] ffff987e56848800: 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 111.818988] ffff987e56848880: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 06 f9 f9 [ 111.819046] ==================================================================
[ 149.754172] ================================================================== [ 149.754950] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 149.755422] Read of size 12 at addr ffffffff8b2ccd00 by task kunit_try_catch/4185 [ 149.755730] [ 149.755872] CPU: 1 UID: 0 PID: 4185 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 149.755935] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.755948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.755979] Call Trace: [ 149.755993] <TASK> [ 149.756015] dump_stack_lvl+0x73/0xb0 [ 149.756043] print_report+0xd1/0x650 [ 149.756072] ? __virt_addr_valid+0x1db/0x2d0 [ 149.756095] ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 149.756118] ? kasan_addr_to_slab+0x11/0xa0 [ 149.756139] ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 149.756162] kasan_report+0x141/0x180 [ 149.756184] ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 149.756213] kasan_check_range+0x10c/0x1c0 [ 149.756236] __asan_memcpy+0x27/0x70 [ 149.756268] cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 149.756303] ? __pfx_cs_dsp_mock_bin_add_name_or_info.isra.0+0x10/0x10 [ 149.756328] ? __pfx_cs_dsp_mock_reg_addr_inc_per_unpacked_word+0x10/0x10 [ 149.756352] ? __pfx__cs_dsp_remove_wrapper+0x10/0x10 [ 149.756378] cs_dsp_mock_bin_add_info+0x12/0x20 [ 149.756399] bin_patch_name_and_info+0x1a1/0x8d0 [ 149.756425] ? __pfx_bin_patch_name_and_info+0x10/0x10 [ 149.756449] ? __pfx_kfree_action_wrapper+0x10/0x10 [ 149.756474] ? kunit_add_action_or_reset+0x1d/0x40 [ 149.756495] ? __pfx_read_tsc+0x10/0x10 [ 149.756515] ? ktime_get_ts64+0x86/0x230 [ 149.756542] kunit_try_run_case+0x1a5/0x480 [ 149.756563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.756582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 149.756605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 149.756646] ? __kthread_parkme+0x82/0x180 [ 149.756669] ? preempt_count_sub+0x50/0x80 [ 149.756694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.756731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.756752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.756771] kthread+0x337/0x6f0 [ 149.756792] ? trace_preempt_on+0x20/0xc0 [ 149.756816] ? __pfx_kthread+0x10/0x10 [ 149.756837] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.756857] ? calculate_sigpending+0x7b/0xa0 [ 149.756878] ? __pfx_kthread+0x10/0x10 [ 149.756899] ret_from_fork+0x41/0x80 [ 149.756920] ? __pfx_kthread+0x10/0x10 [ 149.756941] ret_from_fork_asm+0x1a/0x30 [ 149.756975] </TASK> [ 149.756987] [ 149.766783] The buggy address belongs to the variable: [ 149.767027] __loc.16+0x80/0x540 [ 149.767234] [ 149.767356] The buggy address belongs to the physical page: [ 149.767614] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13e2cc [ 149.767979] flags: 0x200000000002000(reserved|node=0|zone=2) [ 149.768320] raw: 0200000000002000 ffffea0004f8b308 ffffea0004f8b308 0000000000000000 [ 149.768665] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 149.769014] page dumped because: kasan: bad access detected [ 149.769325] [ 149.769450] Memory state around the buggy address: [ 149.769679] ffffffff8b2ccc00: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 149.769951] ffffffff8b2ccc80: 00 00 f9 f9 f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 [ 149.770337] >ffffffff8b2ccd00: 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 [ 149.770656] ^ [ 149.770779] ffffffff8b2ccd80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 [ 149.771025] ffffffff8b2cce00: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 [ 149.771404] ==================================================================
[ 96.316072] ================================================================== [ 96.317282] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 96.318128] Read of size 12 at addr ffff800084d44de0 by task kunit_try_catch/3375 [ 96.318816] [ 96.318982] CPU: 1 UID: 0 PID: 3375 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc3 #1 PREEMPT [ 96.319028] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 96.319042] Hardware name: Radxa ROCK Pi 4B (DT) [ 96.319057] Call trace: [ 96.319068] show_stack+0x20/0x38 (C) [ 96.319102] dump_stack_lvl+0x8c/0xd0 [ 96.319133] print_report+0x310/0x608 [ 96.319163] kasan_report+0xdc/0x128 [ 96.319191] kasan_check_range+0x100/0x1a8 [ 96.319221] __asan_memcpy+0x3c/0x98 [ 96.319251] cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 96.319283] cs_dsp_mock_bin_add_info+0x18/0x30 [ 96.319311] bin_patch_name_and_info+0x168/0x6b0 [ 96.319340] kunit_try_run_case+0x170/0x3f0 [ 96.319374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 96.319409] kthread+0x328/0x630 [ 96.319442] ret_from_fork+0x10/0x20 [ 96.319474] [ 96.326438] The buggy address belongs to the variable: [ 96.326910] __loc.0+0x2c0/0x3a0 [ 96.327237] [ 96.327404] The buggy address belongs to the virtual mapping at [ 96.327404] [ffff800083a50000, ffff800085760000) created by: [ 96.327404] paging_init+0x620/0x7d0 [ 96.327670] dwmmc_rockchip fe310000.mmc: IDMAC supports 32-bit address mode. [ 96.328770] [ 96.329436] dwmmc_rockchip fe310000.mmc: Using internal DMA controller. [ 96.329536] The buggy address belongs to the physical page: [ 96.330150] dwmmc_rockchip fe310000.mmc: Version ID is 270a [ 96.330613] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7544 [ 96.331141] dwmmc_rockchip fe310000.mmc: DW MMC controller at irq 49,32 bit host data width,256 deep fifo [ 96.331790] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 96.333285] raw: 03fffe0000002000 fffffdffc01d5108 fffffdffc01d5108 0000000000000000 [ 96.333995] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 96.334695] page dumped because: kasan: bad access detected [ 96.335206] [ 96.335359] Memory state around the buggy address: [ 96.335805] ffff800084d44c80: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 [ 96.336465] ffff800084d44d00: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 [ 96.337126] >ffff800084d44d80: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 [ 96.337782] ^ [ 96.338387] ffff800084d44e00: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 [ 96.339047] ffff800084d44e80: 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 96.339703] ==================================================================