Hay
Date
April 20, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[  201.262104] ==================================================================
[  201.262218] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348
[  201.262310] Read of size 12 at addr ffffa18757f44de0 by task kunit_try_catch/3323
[  201.262359] 
[  201.262411] CPU: 1 UID: 0 PID: 3323 Comm: kunit_try_catch Tainted: G    B D W        N  6.15.0-rc3 #1 PREEMPT 
[  201.262499] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST
[  201.262529] Hardware name: linux,dummy-virt (DT)
[  201.262566] Call trace:
[  201.262600]  show_stack+0x20/0x38 (C)
[  201.262663]  dump_stack_lvl+0x8c/0xd0
[  201.262723]  print_report+0x310/0x608
[  201.262781]  kasan_report+0xdc/0x128
[  201.262834]  kasan_check_range+0x100/0x1a8
[  201.262888]  __asan_memcpy+0x3c/0x98
[  201.262972]  cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348
[  201.263036]  cs_dsp_mock_bin_add_info+0x18/0x30
[  201.263092]  bin_patch_name_and_info+0x168/0x6b0
[  201.263145]  kunit_try_run_case+0x170/0x3f0
[  201.263206]  kunit_generic_run_threadfn_adapter+0x88/0x100
[  201.263264]  kthread+0x328/0x630
[  201.263323]  ret_from_fork+0x10/0x20
[  201.263384] 
[  201.263409] The buggy address belongs to the variable:
[  201.263435]  __loc.0+0x2c0/0x3a0
[  201.263489] 
[  201.263597] The buggy address belongs to the virtual mapping at
[  201.263597]  [ffffa18756c50000, ffffa18758960000) created by:
[  201.263597]  paging_init+0x620/0x7d0
[  201.263765] 
[  201.263883] The buggy address belongs to the physical page:
[  201.264057] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44f44
[  201.264156] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff)
[  201.264299] raw: 03fffe0000002000 ffffc1ffc013d108 ffffc1ffc013d108 0000000000000000
[  201.264396] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  201.264452] page dumped because: kasan: bad access detected
[  201.264485] 
[  201.264508] Memory state around the buggy address:
[  201.264544]  ffffa18757f44c80: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9
[  201.264583]  ffffa18757f44d00: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9
[  201.264623] >ffffa18757f44d80: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9
[  201.264654]                                                           ^
[  201.264691]  ffffa18757f44e00: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
[  201.264729]  ffffa18757f44e80: 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
[  201.264763] ==================================================================

[  133.681604] ==================================================================
[  133.681904] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.1+0x198/0x33c
[  133.682029] Read of size 12 at addr ffff994f276d63c0 by task kunit_try_catch/3086
[  133.682091] 
[  133.682172] CPU: 0 UID: 0 PID: 3086 Comm: kunit_try_catch Tainted: G      D W        N  6.15.0-rc3 #1 PREEMPT 
[  133.682286] Tainted: [D]=DIE, [W]=WARN, [N]=TEST
[  133.682377] Hardware name: linux,dummy-virt (DT)
[  133.682499] Call trace:
[  133.682593]  show_stack+0x18/0x24 (C)
[  133.682724]  dump_stack_lvl+0x78/0x90
[  133.682838]  print_report+0x1d4/0x5dc
[  133.682948]  kasan_report+0x78/0xc0
[  133.683061]  kasan_check_range+0x180/0x210
[  133.683171]  memcpy+0x3c/0xa4
[  133.683286]  cs_dsp_mock_bin_add_name_or_info.isra.1+0x198/0x33c
[  133.683395]  cs_dsp_mock_bin_add_info+0x10/0x1c
[  133.683499]  bin_patch_name_and_info+0x164/0x6a8
[  133.683620]  kunit_try_run_case+0x144/0x3bc
[  133.683739]  kunit_generic_run_threadfn_adapter+0x80/0xec
[  133.683865]  kthread+0x3f0/0x744
[  133.683932]  ret_from_fork+0x10/0x20
[  133.684005] 
[  133.684073] The buggy address belongs to the variable:
[  133.684107]  __loc.44591+0x280/0x420
[  133.684169] 
[  133.684298] The buggy address belongs to the virtual mapping at
[  133.684298]  [ffff994f26600000, ffff994f27ec0000) created by:
[  133.684298]  paging_init+0x474/0x61c
[  133.684371] 
[  133.684451] The buggy address belongs to the physical page:
[  133.684791] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x442d6
[  133.684919] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff)
[  133.685385] raw: 03fffe0000002000 ffffc1ffc010b588 ffffc1ffc010b588 0000000000000000
[  133.685450] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  133.685585] page dumped because: kasan: bad access detected
[  133.685637] 
[  133.685668] Memory state around the buggy address:
[  133.685924]  ffff994f276d6280: 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
[  133.686001]  ffff994f276d6300: 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9
[  133.686061] >ffff994f276d6380: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
[  133.686111]                                               ^
[  133.686198]  ffff994f276d6400: 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 00 06 f9 f9
[  133.686240]  ffff994f276d6480: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9
[  133.686358] ==================================================================

[  111.816176] ==================================================================
[  111.816389] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338
[  111.816492] Read of size 12 at addr ffff987e568487c0 by task kunit_try_catch/3086
[  111.816535] 
[  111.816598] CPU: 0 UID: 0 PID: 3086 Comm: kunit_try_catch Tainted: G      D W        N  6.15.0-rc3 #1 PREEMPT 
[  111.816663] Tainted: [D]=DIE, [W]=WARN, [N]=TEST
[  111.816683] Hardware name: linux,dummy-virt (DT)
[  111.816710] Call trace:
[  111.816733]  show_stack+0x18/0x24 (C)
[  111.816781]  dump_stack_lvl+0x74/0x8c
[  111.816823]  print_report+0x300/0x5f4
[  111.816863]  kasan_report+0xc4/0x108
[  111.816901]  kasan_check_range+0x100/0x1a8
[  111.816941]  __asan_memcpy+0x3c/0x94
[  111.816981]  cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338
[  111.817024]  cs_dsp_mock_bin_add_info+0x10/0x1c
[  111.817078]  bin_patch_name_and_info+0x15c/0x6a0
[  111.817119]  kunit_try_run_case+0x144/0x3bc
[  111.817164]  kunit_generic_run_threadfn_adapter+0x80/0xec
[  111.817206]  kthread+0x37c/0x67c
[  111.817246]  ret_from_fork+0x10/0x20
[  111.817295] 
[  111.817354] The buggy address belongs to the variable:
[  111.817376]  __loc.0+0x2c0/0x3a0
[  111.817419] 
[  111.817499] The buggy address belongs to the virtual mapping at
[  111.817499]  [ffff987e55780000, ffff987e57040000) created by:
[  111.817499]  paging_init+0x4d4/0x640
[  111.817552] 
[  111.817613] The buggy address belongs to the physical page:
[  111.817869] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44248
[  111.817975] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff)
[  111.818302] raw: 03fffe0000002000 ffffc1ffc0109208 ffffc1ffc0109208 0000000000000000
[  111.818346] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  111.818436] page dumped because: kasan: bad access detected
[  111.818466] 
[  111.818491] Memory state around the buggy address:
[  111.818742]  ffff987e56848680: 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
[  111.818802]  ffff987e56848700: 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9
[  111.818843] >ffff987e56848780: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
[  111.818890]                                               ^
[  111.818959]  ffff987e56848800: 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[  111.818988]  ffff987e56848880: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 06 f9 f9
[  111.819046] ==================================================================

[  149.754172] ==================================================================
[  149.754950] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0
[  149.755422] Read of size 12 at addr ffffffff8b2ccd00 by task kunit_try_catch/4185
[  149.755730] 
[  149.755872] CPU: 1 UID: 0 PID: 4185 Comm: kunit_try_catch Tainted: G    B D W        N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[  149.755935] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST
[  149.755948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  149.755979] Call Trace:
[  149.755993]  <TASK>
[  149.756015]  dump_stack_lvl+0x73/0xb0
[  149.756043]  print_report+0xd1/0x650
[  149.756072]  ? __virt_addr_valid+0x1db/0x2d0
[  149.756095]  ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0
[  149.756118]  ? kasan_addr_to_slab+0x11/0xa0
[  149.756139]  ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0
[  149.756162]  kasan_report+0x141/0x180
[  149.756184]  ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0
[  149.756213]  kasan_check_range+0x10c/0x1c0
[  149.756236]  __asan_memcpy+0x27/0x70
[  149.756268]  cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0
[  149.756303]  ? __pfx_cs_dsp_mock_bin_add_name_or_info.isra.0+0x10/0x10
[  149.756328]  ? __pfx_cs_dsp_mock_reg_addr_inc_per_unpacked_word+0x10/0x10
[  149.756352]  ? __pfx__cs_dsp_remove_wrapper+0x10/0x10
[  149.756378]  cs_dsp_mock_bin_add_info+0x12/0x20
[  149.756399]  bin_patch_name_and_info+0x1a1/0x8d0
[  149.756425]  ? __pfx_bin_patch_name_and_info+0x10/0x10
[  149.756449]  ? __pfx_kfree_action_wrapper+0x10/0x10
[  149.756474]  ? kunit_add_action_or_reset+0x1d/0x40
[  149.756495]  ? __pfx_read_tsc+0x10/0x10
[  149.756515]  ? ktime_get_ts64+0x86/0x230
[  149.756542]  kunit_try_run_case+0x1a5/0x480
[  149.756563]  ? __pfx_kunit_try_run_case+0x10/0x10
[  149.756582]  ? _raw_spin_lock_irqsave+0xa1/0x100
[  149.756605]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[  149.756646]  ? __kthread_parkme+0x82/0x180
[  149.756669]  ? preempt_count_sub+0x50/0x80
[  149.756694]  ? __pfx_kunit_try_run_case+0x10/0x10
[  149.756731]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[  149.756752]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[  149.756771]  kthread+0x337/0x6f0
[  149.756792]  ? trace_preempt_on+0x20/0xc0
[  149.756816]  ? __pfx_kthread+0x10/0x10
[  149.756837]  ? _raw_spin_unlock_irq+0x47/0x80
[  149.756857]  ? calculate_sigpending+0x7b/0xa0
[  149.756878]  ? __pfx_kthread+0x10/0x10
[  149.756899]  ret_from_fork+0x41/0x80
[  149.756920]  ? __pfx_kthread+0x10/0x10
[  149.756941]  ret_from_fork_asm+0x1a/0x30
[  149.756975]  </TASK>
[  149.756987] 
[  149.766783] The buggy address belongs to the variable:
[  149.767027]  __loc.16+0x80/0x540
[  149.767234] 
[  149.767356] The buggy address belongs to the physical page:
[  149.767614] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13e2cc
[  149.767979] flags: 0x200000000002000(reserved|node=0|zone=2)
[  149.768320] raw: 0200000000002000 ffffea0004f8b308 ffffea0004f8b308 0000000000000000
[  149.768665] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  149.769014] page dumped because: kasan: bad access detected
[  149.769325] 
[  149.769450] Memory state around the buggy address:
[  149.769679]  ffffffff8b2ccc00: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
[  149.769951]  ffffffff8b2ccc80: 00 00 f9 f9 f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9
[  149.770337] >ffffffff8b2ccd00: 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00 00 07 f9 f9
[  149.770656]                       ^
[  149.770779]  ffffffff8b2ccd80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9
[  149.771025]  ffffffff8b2cce00: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9
[  149.771404] ==================================================================

[   96.316072] ==================================================================
[   96.317282] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348
[   96.318128] Read of size 12 at addr ffff800084d44de0 by task kunit_try_catch/3375
[   96.318816] 
[   96.318982] CPU: 1 UID: 0 PID: 3375 Comm: kunit_try_catch Tainted: G    B D W        N  6.15.0-rc3 #1 PREEMPT 
[   96.319028] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST
[   96.319042] Hardware name: Radxa ROCK Pi 4B (DT)
[   96.319057] Call trace:
[   96.319068]  show_stack+0x20/0x38 (C)
[   96.319102]  dump_stack_lvl+0x8c/0xd0
[   96.319133]  print_report+0x310/0x608
[   96.319163]  kasan_report+0xdc/0x128
[   96.319191]  kasan_check_range+0x100/0x1a8
[   96.319221]  __asan_memcpy+0x3c/0x98
[   96.319251]  cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348
[   96.319283]  cs_dsp_mock_bin_add_info+0x18/0x30
[   96.319311]  bin_patch_name_and_info+0x168/0x6b0
[   96.319340]  kunit_try_run_case+0x170/0x3f0
[   96.319374]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   96.319409]  kthread+0x328/0x630
[   96.319442]  ret_from_fork+0x10/0x20
[   96.319474] 
[   96.326438] The buggy address belongs to the variable:
[   96.326910]  __loc.0+0x2c0/0x3a0
[   96.327237] 
[   96.327404] The buggy address belongs to the virtual mapping at
[   96.327404]  [ffff800083a50000, ffff800085760000) created by:
[   96.327404]  paging_init+0x620/0x7d0
[   96.327670] dwmmc_rockchip fe310000.mmc: IDMAC supports 32-bit address mode.
[   96.328770] 
[   96.329436] dwmmc_rockchip fe310000.mmc: Using internal DMA controller.
[   96.329536] The buggy address belongs to the physical page:
[   96.330150] dwmmc_rockchip fe310000.mmc: Version ID is 270a
[   96.330613] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7544
[   96.331141] dwmmc_rockchip fe310000.mmc: DW MMC controller at irq 49,32 bit host data width,256 deep fifo
[   96.331790] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff)
[   96.333285] raw: 03fffe0000002000 fffffdffc01d5108 fffffdffc01d5108 0000000000000000
[   96.333995] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   96.334695] page dumped because: kasan: bad access detected
[   96.335206] 
[   96.335359] Memory state around the buggy address:
[   96.335805]  ffff800084d44c80: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9
[   96.336465]  ffff800084d44d00: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9
[   96.337126] >ffff800084d44d80: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9
[   96.337782]                                                           ^
[   96.338387]  ffff800084d44e00: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
[   96.339047]  ffff800084d44e80: 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
[   96.339703] ==================================================================