Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 23.162567] ================================================================== [ 23.162694] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 23.162805] Write of size 16 at addr fff00000c412bb40 by task kunit_try_catch/168 [ 23.162922] [ 23.163946] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 23.164143] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.164225] Hardware name: linux,dummy-virt (DT) [ 23.164439] Call trace: [ 23.164574] show_stack+0x20/0x38 (C) [ 23.164706] dump_stack_lvl+0x8c/0xd0 [ 23.164895] print_report+0x118/0x608 [ 23.165241] kasan_report+0xdc/0x128 [ 23.165424] __asan_report_store16_noabort+0x20/0x30 [ 23.165603] kmalloc_oob_16+0x3a0/0x3f8 [ 23.165920] kunit_try_run_case+0x170/0x3f0 [ 23.166122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.166306] kthread+0x328/0x630 [ 23.166605] ret_from_fork+0x10/0x20 [ 23.166746] [ 23.166868] Allocated by task 168: [ 23.167203] kasan_save_stack+0x3c/0x68 [ 23.167313] kasan_save_track+0x20/0x40 [ 23.167412] kasan_save_alloc_info+0x40/0x58 [ 23.167524] __kasan_kmalloc+0xd4/0xd8 [ 23.167733] __kmalloc_cache_noprof+0x15c/0x3c0 [ 23.167914] kmalloc_oob_16+0xb4/0x3f8 [ 23.168043] kunit_try_run_case+0x170/0x3f0 [ 23.168277] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.168476] kthread+0x328/0x630 [ 23.168606] ret_from_fork+0x10/0x20 [ 23.168701] [ 23.168752] The buggy address belongs to the object at fff00000c412bb40 [ 23.168752] which belongs to the cache kmalloc-16 of size 16 [ 23.168958] The buggy address is located 0 bytes inside of [ 23.168958] allocated 13-byte region [fff00000c412bb40, fff00000c412bb4d) [ 23.169142] [ 23.169197] The buggy address belongs to the physical page: [ 23.169277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10412b [ 23.169462] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.169675] page_type: f5(slab) [ 23.169952] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 23.170080] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.170205] page dumped because: kasan: bad access detected [ 23.170427] [ 23.170473] Memory state around the buggy address: [ 23.170617] fff00000c412ba00: 00 05 fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 23.170722] fff00000c412ba80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.170900] >fff00000c412bb00: 00 04 fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 23.171170] ^ [ 23.171356] fff00000c412bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.171472] fff00000c412bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.171632] ==================================================================
[ 11.512840] ================================================================== [ 11.513301] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.513682] Write of size 16 at addr ffff8881023b8f60 by task kunit_try_catch/186 [ 11.513951] [ 11.514061] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 11.514105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.514117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.514138] Call Trace: [ 11.514149] <TASK> [ 11.514165] dump_stack_lvl+0x73/0xb0 [ 11.514190] print_report+0xd1/0x650 [ 11.514212] ? __virt_addr_valid+0x1db/0x2d0 [ 11.514235] ? kmalloc_oob_16+0x452/0x4a0 [ 11.514255] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.514277] ? kmalloc_oob_16+0x452/0x4a0 [ 11.514298] kasan_report+0x141/0x180 [ 11.514320] ? kmalloc_oob_16+0x452/0x4a0 [ 11.514358] __asan_report_store16_noabort+0x1b/0x30 [ 11.514379] kmalloc_oob_16+0x452/0x4a0 [ 11.514513] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.514536] ? __schedule+0x10cc/0x2b30 [ 11.514560] ? __pfx_read_tsc+0x10/0x10 [ 11.514581] ? ktime_get_ts64+0x86/0x230 [ 11.514607] kunit_try_run_case+0x1a5/0x480 [ 11.514632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.514653] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.514676] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.514699] ? __kthread_parkme+0x82/0x180 [ 11.514721] ? preempt_count_sub+0x50/0x80 [ 11.514745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.514768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.514790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.514812] kthread+0x337/0x6f0 [ 11.514833] ? trace_preempt_on+0x20/0xc0 [ 11.514857] ? __pfx_kthread+0x10/0x10 [ 11.514879] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.514900] ? calculate_sigpending+0x7b/0xa0 [ 11.514922] ? __pfx_kthread+0x10/0x10 [ 11.514944] ret_from_fork+0x41/0x80 [ 11.514964] ? __pfx_kthread+0x10/0x10 [ 11.514986] ret_from_fork_asm+0x1a/0x30 [ 11.515018] </TASK> [ 11.515028] [ 11.523174] Allocated by task 186: [ 11.523313] kasan_save_stack+0x45/0x70 [ 11.523598] kasan_save_track+0x18/0x40 [ 11.523733] kasan_save_alloc_info+0x3b/0x50 [ 11.523875] __kasan_kmalloc+0xb7/0xc0 [ 11.524212] __kmalloc_cache_noprof+0x189/0x420 [ 11.524454] kmalloc_oob_16+0xa8/0x4a0 [ 11.524645] kunit_try_run_case+0x1a5/0x480 [ 11.524842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.525060] kthread+0x337/0x6f0 [ 11.525523] ret_from_fork+0x41/0x80 [ 11.525663] ret_from_fork_asm+0x1a/0x30 [ 11.525809] [ 11.525879] The buggy address belongs to the object at ffff8881023b8f60 [ 11.525879] which belongs to the cache kmalloc-16 of size 16 [ 11.526483] The buggy address is located 0 bytes inside of [ 11.526483] allocated 13-byte region [ffff8881023b8f60, ffff8881023b8f6d) [ 11.527016] [ 11.527112] The buggy address belongs to the physical page: [ 11.527382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023b8 [ 11.527852] flags: 0x200000000000000(node=0|zone=2) [ 11.528069] page_type: f5(slab) [ 11.528357] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.528833] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.529083] page dumped because: kasan: bad access detected [ 11.529251] [ 11.529319] Memory state around the buggy address: [ 11.529533] ffff8881023b8e00: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 11.529854] ffff8881023b8e80: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 11.530303] >ffff8881023b8f00: fa fb fc fc fa fb fc fc 00 05 fc fc 00 05 fc fc [ 11.530782] ^ [ 11.531042] ffff8881023b8f80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.531446] ffff8881023b9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.531658] ==================================================================
[ 21.384046] ================================================================== [ 21.385091] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 21.385742] Write of size 16 at addr ffff00000aa08600 by task kunit_try_catch/220 [ 21.386437] [ 21.386603] CPU: 3 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 21.386653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.386667] Hardware name: Radxa ROCK Pi 4B (DT) [ 21.386684] Call trace: [ 21.386696] show_stack+0x20/0x38 (C) [ 21.386729] dump_stack_lvl+0x8c/0xd0 [ 21.386760] print_report+0x118/0x608 [ 21.386790] kasan_report+0xdc/0x128 [ 21.386818] __asan_report_store16_noabort+0x20/0x30 [ 21.386853] kmalloc_oob_16+0x3a0/0x3f8 [ 21.386885] kunit_try_run_case+0x170/0x3f0 [ 21.386920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.386959] kthread+0x328/0x630 [ 21.386993] ret_from_fork+0x10/0x20 [ 21.387025] [ 21.392595] Allocated by task 220: [ 21.392921] kasan_save_stack+0x3c/0x68 [ 21.393294] kasan_save_track+0x20/0x40 [ 21.393665] kasan_save_alloc_info+0x40/0x58 [ 21.394076] __kasan_kmalloc+0xd4/0xd8 [ 21.394439] __kmalloc_cache_noprof+0x15c/0x3c0 [ 21.394880] kmalloc_oob_16+0xb4/0x3f8 [ 21.395247] kunit_try_run_case+0x170/0x3f0 [ 21.395653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.396177] kthread+0x328/0x630 [ 21.396500] ret_from_fork+0x10/0x20 [ 21.396849] [ 21.397002] The buggy address belongs to the object at ffff00000aa08600 [ 21.397002] which belongs to the cache kmalloc-16 of size 16 [ 21.398119] The buggy address is located 0 bytes inside of [ 21.398119] allocated 13-byte region [ffff00000aa08600, ffff00000aa0860d) [ 21.399239] [ 21.399392] The buggy address belongs to the physical page: [ 21.399908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaa08 [ 21.400632] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 21.401243] page_type: f5(slab) [ 21.401555] raw: 03fffe0000000000 ffff000000402640 dead000000000122 0000000000000000 [ 21.402270] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.402977] page dumped because: kasan: bad access detected [ 21.403490] [ 21.403643] Memory state around the buggy address: [ 21.404091] ffff00000aa08500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.404756] ffff00000aa08580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.405421] >ffff00000aa08600: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.406082] ^ [ 21.406416] ffff00000aa08680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.407081] ffff00000aa08700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.407742] ==================================================================