Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 23.427130] ================================================================== [ 23.427581] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 23.427735] Read of size 64 at addr fff00000c6819c84 by task kunit_try_catch/184 [ 23.427870] [ 23.427963] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.428200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.428292] Hardware name: linux,dummy-virt (DT) [ 23.428369] Call trace: [ 23.428430] show_stack+0x20/0x38 (C) [ 23.428660] dump_stack_lvl+0x8c/0xd0 [ 23.428845] print_report+0x118/0x608 [ 23.429007] kasan_report+0xdc/0x128 [ 23.429128] kasan_check_range+0x100/0x1a8 [ 23.429372] __asan_memmove+0x3c/0x98 [ 23.429530] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 23.430000] kunit_try_run_case+0x170/0x3f0 [ 23.430147] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.430345] kthread+0x328/0x630 [ 23.430607] ret_from_fork+0x10/0x20 [ 23.430962] [ 23.431011] Allocated by task 184: [ 23.431149] kasan_save_stack+0x3c/0x68 [ 23.431284] kasan_save_track+0x20/0x40 [ 23.431510] kasan_save_alloc_info+0x40/0x58 [ 23.431692] __kasan_kmalloc+0xd4/0xd8 [ 23.431780] __kmalloc_cache_noprof+0x15c/0x3c0 [ 23.431893] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 23.432142] kunit_try_run_case+0x170/0x3f0 [ 23.432268] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.432392] kthread+0x328/0x630 [ 23.432820] ret_from_fork+0x10/0x20 [ 23.433051] [ 23.433103] The buggy address belongs to the object at fff00000c6819c80 [ 23.433103] which belongs to the cache kmalloc-64 of size 64 [ 23.433589] The buggy address is located 4 bytes inside of [ 23.433589] allocated 64-byte region [fff00000c6819c80, fff00000c6819cc0) [ 23.433736] [ 23.434342] The buggy address belongs to the physical page: [ 23.434584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106819 [ 23.434749] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.434962] page_type: f5(slab) [ 23.435126] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 23.435307] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.435460] page dumped because: kasan: bad access detected [ 23.435641] [ 23.435711] Memory state around the buggy address: [ 23.436068] fff00000c6819b80: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.436351] fff00000c6819c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.436594] >fff00000c6819c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.436688] ^ [ 23.436767] fff00000c6819d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.438249] fff00000c6819d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.438745] ==================================================================
[ 11.700369] ================================================================== [ 11.700859] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.701177] Read of size 64 at addr ffff888102b3f384 by task kunit_try_catch/202 [ 11.701486] [ 11.701671] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 11.701715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.701726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.701745] Call Trace: [ 11.701756] <TASK> [ 11.701775] dump_stack_lvl+0x73/0xb0 [ 11.701799] print_report+0xd1/0x650 [ 11.701821] ? __virt_addr_valid+0x1db/0x2d0 [ 11.701842] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.701865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.701888] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.701913] kasan_report+0x141/0x180 [ 11.701935] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.701965] kasan_check_range+0x10c/0x1c0 [ 11.701989] __asan_memmove+0x27/0x70 [ 11.702009] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.702033] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.702058] ? __schedule+0x10cc/0x2b30 [ 11.702081] ? __pfx_read_tsc+0x10/0x10 [ 11.702100] ? ktime_get_ts64+0x86/0x230 [ 11.702135] kunit_try_run_case+0x1a5/0x480 [ 11.702158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.702178] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.702201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.702224] ? __kthread_parkme+0x82/0x180 [ 11.702245] ? preempt_count_sub+0x50/0x80 [ 11.702269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.702295] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.702319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.702355] kthread+0x337/0x6f0 [ 11.702375] ? trace_preempt_on+0x20/0xc0 [ 11.702570] ? __pfx_kthread+0x10/0x10 [ 11.702599] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.702621] ? calculate_sigpending+0x7b/0xa0 [ 11.702642] ? __pfx_kthread+0x10/0x10 [ 11.702664] ret_from_fork+0x41/0x80 [ 11.702685] ? __pfx_kthread+0x10/0x10 [ 11.702706] ret_from_fork_asm+0x1a/0x30 [ 11.702737] </TASK> [ 11.702748] [ 11.712763] Allocated by task 202: [ 11.712959] kasan_save_stack+0x45/0x70 [ 11.713489] kasan_save_track+0x18/0x40 [ 11.713682] kasan_save_alloc_info+0x3b/0x50 [ 11.713839] __kasan_kmalloc+0xb7/0xc0 [ 11.714104] __kmalloc_cache_noprof+0x189/0x420 [ 11.714592] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.714824] kunit_try_run_case+0x1a5/0x480 [ 11.715014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.715450] kthread+0x337/0x6f0 [ 11.715859] ret_from_fork+0x41/0x80 [ 11.716134] ret_from_fork_asm+0x1a/0x30 [ 11.716439] [ 11.716607] The buggy address belongs to the object at ffff888102b3f380 [ 11.716607] which belongs to the cache kmalloc-64 of size 64 [ 11.717088] The buggy address is located 4 bytes inside of [ 11.717088] allocated 64-byte region [ffff888102b3f380, ffff888102b3f3c0) [ 11.717755] [ 11.718035] The buggy address belongs to the physical page: [ 11.718265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3f [ 11.718680] flags: 0x200000000000000(node=0|zone=2) [ 11.718861] page_type: f5(slab) [ 11.719028] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.719348] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.719907] page dumped because: kasan: bad access detected [ 11.720092] [ 11.720237] Memory state around the buggy address: [ 11.720537] ffff888102b3f280: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 11.720884] ffff888102b3f300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.721151] >ffff888102b3f380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.721413] ^ [ 11.721656] ffff888102b3f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.722030] ffff888102b3f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.722390] ==================================================================
[ 21.608196] ================================================================== [ 21.609311] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 21.610051] Read of size 64 at addr ffff00000ff06504 by task kunit_try_catch/236 [ 21.610730] [ 21.610904] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.610958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.610974] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.610991] Call trace: [ 21.611002] show_stack+0x20/0x38 (C) [ 21.611039] dump_stack_lvl+0x8c/0xd0 [ 21.611070] print_report+0x118/0x608 [ 21.611100] kasan_report+0xdc/0x128 [ 21.611129] kasan_check_range+0x100/0x1a8 [ 21.611159] __asan_memmove+0x3c/0x98 [ 21.611191] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 21.611228] kunit_try_run_case+0x170/0x3f0 [ 21.611263] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.611303] kthread+0x328/0x630 [ 21.611337] ret_from_fork+0x10/0x20 [ 21.611369] [ 21.617295] Allocated by task 236: [ 21.617621] kasan_save_stack+0x3c/0x68 [ 21.617996] kasan_save_track+0x20/0x40 [ 21.618368] kasan_save_alloc_info+0x40/0x58 [ 21.618780] __kasan_kmalloc+0xd4/0xd8 [ 21.619142] __kmalloc_cache_noprof+0x15c/0x3c0 [ 21.619584] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 21.620063] kunit_try_run_case+0x170/0x3f0 [ 21.620470] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.620995] kthread+0x328/0x630 [ 21.621318] ret_from_fork+0x10/0x20 [ 21.621668] [ 21.621822] The buggy address belongs to the object at ffff00000ff06500 [ 21.621822] which belongs to the cache kmalloc-64 of size 64 [ 21.622940] The buggy address is located 4 bytes inside of [ 21.622940] allocated 64-byte region [ffff00000ff06500, ffff00000ff06540) [ 21.624061] [ 21.624215] The buggy address belongs to the physical page: [ 21.624731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xff06 [ 21.625456] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 21.626069] page_type: f5(slab) [ 21.626382] raw: 03fffe0000000000 ffff0000004028c0 dead000000000122 0000000000000000 [ 21.627099] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.627807] page dumped because: kasan: bad access detected [ 21.628322] [ 21.628474] Memory state around the buggy address: [ 21.628923] ffff00000ff06400: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 21.629589] ffff00000ff06480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.630256] >ffff00000ff06500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 21.630918] ^ [ 21.631414] ffff00000ff06580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.632080] ffff00000ff06600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.632742] ==================================================================