Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 22.626831] ================================================================== [ 22.626982] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 22.627108] Read of size 1 at addr fff00000c412bb1f by task kunit_try_catch/140 [ 22.627222] [ 22.627300] CPU: 0 UID: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 22.627480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.627540] Hardware name: linux,dummy-virt (DT) [ 22.627620] Call trace: [ 22.627698] show_stack+0x20/0x38 (C) [ 22.627853] dump_stack_lvl+0x8c/0xd0 [ 22.628011] print_report+0x118/0x608 [ 22.628393] kasan_report+0xdc/0x128 [ 22.628525] __asan_report_load1_noabort+0x20/0x30 [ 22.628663] kmalloc_oob_left+0x2ec/0x320 [ 22.628788] kunit_try_run_case+0x170/0x3f0 [ 22.628921] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.629084] kthread+0x328/0x630 [ 22.629216] ret_from_fork+0x10/0x20 [ 22.629348] [ 22.629424] Allocated by task 11: [ 22.629584] kasan_save_stack+0x3c/0x68 [ 22.629699] kasan_save_track+0x20/0x40 [ 22.629946] kasan_save_alloc_info+0x40/0x58 [ 22.630146] __kasan_kmalloc+0xd4/0xd8 [ 22.630312] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 22.630600] kvasprintf+0xe0/0x180 [ 22.630693] __kthread_create_on_node+0x16c/0x350 [ 22.630789] kthread_create_on_node+0xe4/0x130 [ 22.630884] create_worker+0x380/0x6b8 [ 22.631004] worker_thread+0x5dc/0xf28 [ 22.631227] kthread+0x328/0x630 [ 22.631349] ret_from_fork+0x10/0x20 [ 22.631440] [ 22.631484] The buggy address belongs to the object at fff00000c412bb00 [ 22.631484] which belongs to the cache kmalloc-16 of size 16 [ 22.631615] The buggy address is located 19 bytes to the right of [ 22.631615] allocated 12-byte region [fff00000c412bb00, fff00000c412bb0c) [ 22.631787] [ 22.631845] The buggy address belongs to the physical page: [ 22.631947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10412b [ 22.632081] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.632200] page_type: f5(slab) [ 22.632329] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 22.632463] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.632572] page dumped because: kasan: bad access detected [ 22.632655] [ 22.632704] Memory state around the buggy address: [ 22.632779] fff00000c412ba00: 00 05 fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 22.633070] fff00000c412ba80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.633177] >fff00000c412bb00: 00 04 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 22.633266] ^ [ 22.633338] fff00000c412bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.633444] fff00000c412bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.633705] ==================================================================
[ 10.911348] ================================================================== [ 10.911792] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.912070] Read of size 1 at addr ffff8881023f827f by task kunit_try_catch/158 [ 10.912391] [ 10.912501] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 10.912542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.912554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.912573] Call Trace: [ 10.912584] <TASK> [ 10.912598] dump_stack_lvl+0x73/0xb0 [ 10.912624] print_report+0xd1/0x650 [ 10.912646] ? __virt_addr_valid+0x1db/0x2d0 [ 10.912667] ? kmalloc_oob_left+0x361/0x3c0 [ 10.912688] ? kasan_complete_mode_report_info+0x64/0x200 [ 10.912709] ? kmalloc_oob_left+0x361/0x3c0 [ 10.912730] kasan_report+0x141/0x180 [ 10.912753] ? kmalloc_oob_left+0x361/0x3c0 [ 10.912779] __asan_report_load1_noabort+0x18/0x20 [ 10.912799] kmalloc_oob_left+0x361/0x3c0 [ 10.912821] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.912843] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 10.912868] ? __pfx_read_tsc+0x10/0x10 [ 10.912887] ? ktime_get_ts64+0x86/0x230 [ 10.912912] kunit_try_run_case+0x1a5/0x480 [ 10.912934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.912955] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 10.912977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.913000] ? __kthread_parkme+0x82/0x180 [ 10.913020] ? preempt_count_sub+0x50/0x80 [ 10.913044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.913066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.913087] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.913109] kthread+0x337/0x6f0 [ 10.913129] ? trace_preempt_on+0x20/0xc0 [ 10.913152] ? __pfx_kthread+0x10/0x10 [ 10.913172] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.913193] ? calculate_sigpending+0x7b/0xa0 [ 10.913214] ? __pfx_kthread+0x10/0x10 [ 10.913246] ret_from_fork+0x41/0x80 [ 10.913266] ? __pfx_kthread+0x10/0x10 [ 10.913287] ret_from_fork_asm+0x1a/0x30 [ 10.913317] </TASK> [ 10.913338] [ 10.920097] Allocated by task 9: [ 10.920263] kasan_save_stack+0x45/0x70 [ 10.920425] kasan_save_track+0x18/0x40 [ 10.920617] kasan_save_alloc_info+0x3b/0x50 [ 10.920766] __kasan_kmalloc+0xb7/0xc0 [ 10.920896] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.921073] kvasprintf+0xc5/0x150 [ 10.921197] kasprintf+0xb6/0xf0 [ 10.921368] input_devnode+0x46/0x80 [ 10.921671] device_get_devnode+0x145/0x2a0 [ 10.921875] dev_uevent+0x391/0x690 [ 10.922047] kobject_uevent_env+0x50d/0xff0 [ 10.922249] kobject_uevent+0xf/0x20 [ 10.922476] device_add+0xe4c/0x1820 [ 10.922661] cdev_device_add+0xab/0x1c0 [ 10.922800] evdev_connect+0x356/0x480 [ 10.922935] input_attach_handler.isra.0+0x117/0x1f0 [ 10.923147] input_register_device+0x722/0xe10 [ 10.924131] psmouse_connect+0x6ed/0xe30 [ 10.924319] serio_driver_probe+0x7a/0xb0 [ 10.924474] really_probe+0x1d4/0x920 [ 10.924604] __driver_probe_device+0x18f/0x3e0 [ 10.924762] driver_probe_device+0x4f/0x130 [ 10.924905] __driver_attach+0x1eb/0x4b0 [ 10.925062] bus_for_each_dev+0x10f/0x1a0 [ 10.925291] driver_attach+0x41/0x60 [ 10.925477] serio_handle_event+0x254/0x940 [ 10.925685] process_one_work+0x5ee/0xf60 [ 10.925892] worker_thread+0x725/0x1320 [ 10.926049] kthread+0x337/0x6f0 [ 10.926229] ret_from_fork+0x41/0x80 [ 10.926403] ret_from_fork_asm+0x1a/0x30 [ 10.926541] [ 10.926636] Freed by task 9: [ 10.926803] kasan_save_stack+0x45/0x70 [ 10.926999] kasan_save_track+0x18/0x40 [ 10.927217] kasan_save_free_info+0x3f/0x60 [ 10.927431] __kasan_slab_free+0x56/0x70 [ 10.927584] kfree+0x222/0x3f0 [ 10.927740] dev_uevent+0x3df/0x690 [ 10.927879] kobject_uevent_env+0x50d/0xff0 [ 10.928040] kobject_uevent+0xf/0x20 [ 10.928250] device_add+0xe4c/0x1820 [ 10.928436] cdev_device_add+0xab/0x1c0 [ 10.928616] evdev_connect+0x356/0x480 [ 10.928793] input_attach_handler.isra.0+0x117/0x1f0 [ 10.929013] input_register_device+0x722/0xe10 [ 10.929207] psmouse_connect+0x6ed/0xe30 [ 10.929351] serio_driver_probe+0x7a/0xb0 [ 10.929489] really_probe+0x1d4/0x920 [ 10.929651] __driver_probe_device+0x18f/0x3e0 [ 10.929868] driver_probe_device+0x4f/0x130 [ 10.930067] __driver_attach+0x1eb/0x4b0 [ 10.930286] bus_for_each_dev+0x10f/0x1a0 [ 10.930472] driver_attach+0x41/0x60 [ 10.930599] serio_handle_event+0x254/0x940 [ 10.930758] process_one_work+0x5ee/0xf60 [ 10.930952] worker_thread+0x725/0x1320 [ 10.931169] kthread+0x337/0x6f0 [ 10.931344] ret_from_fork+0x41/0x80 [ 10.931525] ret_from_fork_asm+0x1a/0x30 [ 10.931706] [ 10.931800] The buggy address belongs to the object at ffff8881023f8260 [ 10.931800] which belongs to the cache kmalloc-16 of size 16 [ 10.932298] The buggy address is located 15 bytes to the right of [ 10.932298] allocated 16-byte region [ffff8881023f8260, ffff8881023f8270) [ 10.932768] [ 10.932866] The buggy address belongs to the physical page: [ 10.933092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1023f8 [ 10.933446] flags: 0x200000000000000(node=0|zone=2) [ 10.933638] page_type: f5(slab) [ 10.933759] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.934074] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.934436] page dumped because: kasan: bad access detected [ 10.934687] [ 10.934773] Memory state around the buggy address: [ 10.934958] ffff8881023f8100: 00 06 fc fc 00 06 fc fc 00 00 fc fc 00 00 fc fc [ 10.935266] ffff8881023f8180: 00 02 fc fc 00 02 fc fc 00 06 fc fc 00 06 fc fc [ 10.935505] >ffff8881023f8200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 10.935714] ^ [ 10.935930] ffff8881023f8280: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.936271] ffff8881023f8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.936587] ==================================================================
[ 20.704598] ================================================================== [ 20.705648] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 20.706313] Read of size 1 at addr ffff0000025a2dff by task kunit_try_catch/192 [ 20.706992] [ 20.707158] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.707208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.707222] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.707238] Call trace: [ 20.707251] show_stack+0x20/0x38 (C) [ 20.707285] dump_stack_lvl+0x8c/0xd0 [ 20.707316] print_report+0x118/0x608 [ 20.707347] kasan_report+0xdc/0x128 [ 20.707374] __asan_report_load1_noabort+0x20/0x30 [ 20.707408] kmalloc_oob_left+0x2ec/0x320 [ 20.707441] kunit_try_run_case+0x170/0x3f0 [ 20.707476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.707515] kthread+0x328/0x630 [ 20.707549] ret_from_fork+0x10/0x20 [ 20.707581] [ 20.713149] Allocated by task 11: [ 20.713468] kasan_save_stack+0x3c/0x68 [ 20.713840] kasan_save_track+0x20/0x40 [ 20.714211] kasan_save_alloc_info+0x40/0x58 [ 20.714623] __kasan_kmalloc+0xd4/0xd8 [ 20.714986] __kmalloc_noprof+0x190/0x4d0 [ 20.715373] usb_hcd_submit_urb+0x444/0x1a58 [ 20.715789] usb_submit_urb+0x564/0x1198 [ 20.716170] usb_start_wait_urb+0x120/0x3e8 [ 20.716574] usb_control_msg+0x2b4/0x3e0 [ 20.716957] hub_ext_port_status+0x114/0x580 [ 20.717374] hub_activate+0x2a4/0x1340 [ 20.717736] hub_resume+0xa8/0x380 [ 20.718068] usb_resume_interface.isra.0+0x1f8/0x348 [ 20.718545] usb_suspend_both+0x250/0x6f0 [ 20.718936] usb_runtime_suspend+0x3c/0xf8 [ 20.719334] __rpm_callback+0xa0/0x470 [ 20.719701] rpm_callback+0x168/0x1b0 [ 20.720058] rpm_suspend+0x1bc/0xcd8 [ 20.720406] __pm_runtime_suspend+0x5c/0x1e8 [ 20.720817] usb_runtime_idle+0x48/0x68 [ 20.721193] rpm_idle+0x13c/0x708 [ 20.721519] pm_runtime_work+0x110/0x170 [ 20.721899] process_one_work+0x530/0xf98 [ 20.722288] worker_thread+0x8ac/0xf28 [ 20.722650] kthread+0x328/0x630 [ 20.722972] ret_from_fork+0x10/0x20 [ 20.723322] [ 20.723474] Freed by task 11: [ 20.723760] kasan_save_stack+0x3c/0x68 [ 20.724132] kasan_save_track+0x20/0x40 [ 20.724503] kasan_save_free_info+0x4c/0x78 [ 20.724907] __kasan_slab_free+0x6c/0x98 [ 20.725287] kfree+0x214/0x3c8 [ 20.725594] usb_hcd_submit_urb+0x518/0x1a58 [ 20.726007] usb_submit_urb+0x564/0x1198 [ 20.726387] usb_start_wait_urb+0x120/0x3e8 [ 20.726793] usb_control_msg+0x2b4/0x3e0 [ 20.727174] hub_ext_port_status+0x114/0x580 [ 20.727589] hub_activate+0x2a4/0x1340 [ 20.727951] hub_resume+0xa8/0x380 [ 20.728281] usb_resume_interface.isra.0+0x1f8/0x348 [ 20.728757] usb_suspend_both+0x250/0x6f0 [ 20.729148] usb_runtime_suspend+0x3c/0xf8 [ 20.729546] __rpm_callback+0xa0/0x470 [ 20.729911] rpm_callback+0x168/0x1b0 [ 20.730268] rpm_suspend+0x1bc/0xcd8 [ 20.730617] __pm_runtime_suspend+0x5c/0x1e8 [ 20.731028] usb_runtime_idle+0x48/0x68 [ 20.731404] rpm_idle+0x13c/0x708 [ 20.731730] pm_runtime_work+0x110/0x170 [ 20.732111] process_one_work+0x530/0xf98 [ 20.732498] worker_thread+0x8ac/0xf28 [ 20.732860] kthread+0x328/0x630 [ 20.733182] ret_from_fork+0x10/0x20 [ 20.733532] [ 20.733684] The buggy address belongs to the object at ffff0000025a2de0 [ 20.733684] which belongs to the cache kmalloc-16 of size 16 [ 20.734802] The buggy address is located 15 bytes to the right of [ 20.734802] allocated 16-byte region [ffff0000025a2de0, ffff0000025a2df0) [ 20.735975] [ 20.736129] The buggy address belongs to the physical page: [ 20.736646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25a2 [ 20.737370] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 20.737982] page_type: f5(slab) [ 20.738296] raw: 03fffe0000000000 ffff000000402640 dead000000000122 0000000000000000 [ 20.739011] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 20.739718] page dumped because: kasan: bad access detected [ 20.740232] [ 20.740384] Memory state around the buggy address: [ 20.740832] ffff0000025a2c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.741498] ffff0000025a2d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.742162] >ffff0000025a2d80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 20.742823] ^ [ 20.743479] ffff0000025a2e00: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.744144] ffff0000025a2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.744805] ==================================================================