Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 22.584663] ================================================================== [ 22.585091] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 22.585222] Write of size 1 at addr fff00000c413ca78 by task kunit_try_catch/138 [ 22.586964] [ 22.587279] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 22.588635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.588962] Hardware name: linux,dummy-virt (DT) [ 22.589179] Call trace: [ 22.589332] show_stack+0x20/0x38 (C) [ 22.589718] dump_stack_lvl+0x8c/0xd0 [ 22.589838] print_report+0x118/0x608 [ 22.589965] kasan_report+0xdc/0x128 [ 22.591310] __asan_report_store1_noabort+0x20/0x30 [ 22.591755] kmalloc_oob_right+0x538/0x660 [ 22.592017] kunit_try_run_case+0x170/0x3f0 [ 22.592508] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.592684] kthread+0x328/0x630 [ 22.592819] ret_from_fork+0x10/0x20 [ 22.592961] [ 22.593246] Allocated by task 138: [ 22.593589] kasan_save_stack+0x3c/0x68 [ 22.593721] kasan_save_track+0x20/0x40 [ 22.594191] kasan_save_alloc_info+0x40/0x58 [ 22.594419] __kasan_kmalloc+0xd4/0xd8 [ 22.594516] __kmalloc_cache_noprof+0x15c/0x3c0 [ 22.594616] kmalloc_oob_right+0xb0/0x660 [ 22.594705] kunit_try_run_case+0x170/0x3f0 [ 22.594842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.595925] kthread+0x328/0x630 [ 22.596065] ret_from_fork+0x10/0x20 [ 22.596181] [ 22.596228] The buggy address belongs to the object at fff00000c413ca00 [ 22.596228] which belongs to the cache kmalloc-128 of size 128 [ 22.596392] The buggy address is located 5 bytes to the right of [ 22.596392] allocated 115-byte region [fff00000c413ca00, fff00000c413ca73) [ 22.596559] [ 22.596625] The buggy address belongs to the physical page: [ 22.596719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10413c [ 22.597029] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.598960] page_type: f5(slab) [ 22.599098] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.599259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.599358] page dumped because: kasan: bad access detected [ 22.599952] [ 22.600147] Memory state around the buggy address: [ 22.600295] fff00000c413c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.600491] fff00000c413c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.600606] >fff00000c413ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.600693] ^ [ 22.600791] fff00000c413ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.600895] fff00000c413cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.601002] ================================================================== [ 22.574645] ================================================================== [ 22.575062] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 22.576384] Write of size 1 at addr fff00000c413ca73 by task kunit_try_catch/138 [ 22.576582] [ 22.577526] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G N 6.15.0-rc3 #1 PREEMPT [ 22.577701] Tainted: [N]=TEST [ 22.577745] Hardware name: linux,dummy-virt (DT) [ 22.578038] Call trace: [ 22.578221] show_stack+0x20/0x38 (C) [ 22.578388] dump_stack_lvl+0x8c/0xd0 [ 22.578471] print_report+0x118/0x608 [ 22.578532] kasan_report+0xdc/0x128 [ 22.578586] __asan_report_store1_noabort+0x20/0x30 [ 22.578646] kmalloc_oob_right+0x5a4/0x660 [ 22.578702] kunit_try_run_case+0x170/0x3f0 [ 22.578764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.578827] kthread+0x328/0x630 [ 22.578884] ret_from_fork+0x10/0x20 [ 22.579095] [ 22.579146] Allocated by task 138: [ 22.579313] kasan_save_stack+0x3c/0x68 [ 22.579400] kasan_save_track+0x20/0x40 [ 22.579449] kasan_save_alloc_info+0x40/0x58 [ 22.579497] __kasan_kmalloc+0xd4/0xd8 [ 22.579539] __kmalloc_cache_noprof+0x15c/0x3c0 [ 22.579654] kmalloc_oob_right+0xb0/0x660 [ 22.579771] kunit_try_run_case+0x170/0x3f0 [ 22.579867] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.579990] kthread+0x328/0x630 [ 22.580076] ret_from_fork+0x10/0x20 [ 22.580205] [ 22.580283] The buggy address belongs to the object at fff00000c413ca00 [ 22.580283] which belongs to the cache kmalloc-128 of size 128 [ 22.580400] The buggy address is located 0 bytes to the right of [ 22.580400] allocated 115-byte region [fff00000c413ca00, fff00000c413ca73) [ 22.580482] [ 22.580581] The buggy address belongs to the physical page: [ 22.580826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10413c [ 22.581181] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.581522] page_type: f5(slab) [ 22.581870] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.581966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.582105] page dumped because: kasan: bad access detected [ 22.582162] [ 22.582198] Memory state around the buggy address: [ 22.582451] fff00000c413c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.582536] fff00000c413c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.582605] >fff00000c413ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.582674] ^ [ 22.582772] fff00000c413ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.582823] fff00000c413cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.582900] ================================================================== [ 22.602800] ================================================================== [ 22.602904] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 22.603044] Read of size 1 at addr fff00000c413ca80 by task kunit_try_catch/138 [ 22.603156] [ 22.603229] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 22.603410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.603472] Hardware name: linux,dummy-virt (DT) [ 22.603600] Call trace: [ 22.603678] show_stack+0x20/0x38 (C) [ 22.604023] dump_stack_lvl+0x8c/0xd0 [ 22.604518] print_report+0x118/0x608 [ 22.604678] kasan_report+0xdc/0x128 [ 22.604813] __asan_report_load1_noabort+0x20/0x30 [ 22.604974] kmalloc_oob_right+0x5d0/0x660 [ 22.605116] kunit_try_run_case+0x170/0x3f0 [ 22.605247] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.605375] kthread+0x328/0x630 [ 22.605486] ret_from_fork+0x10/0x20 [ 22.605590] [ 22.605635] Allocated by task 138: [ 22.605702] kasan_save_stack+0x3c/0x68 [ 22.605788] kasan_save_track+0x20/0x40 [ 22.605873] kasan_save_alloc_info+0x40/0x58 [ 22.606863] __kasan_kmalloc+0xd4/0xd8 [ 22.607037] __kmalloc_cache_noprof+0x15c/0x3c0 [ 22.607145] kmalloc_oob_right+0xb0/0x660 [ 22.607287] kunit_try_run_case+0x170/0x3f0 [ 22.607589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.607727] kthread+0x328/0x630 [ 22.608110] ret_from_fork+0x10/0x20 [ 22.608261] [ 22.608313] The buggy address belongs to the object at fff00000c413ca00 [ 22.608313] which belongs to the cache kmalloc-128 of size 128 [ 22.608456] The buggy address is located 13 bytes to the right of [ 22.608456] allocated 115-byte region [fff00000c413ca00, fff00000c413ca73) [ 22.608796] [ 22.608952] The buggy address belongs to the physical page: [ 22.609027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10413c [ 22.609152] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.609265] page_type: f5(slab) [ 22.609350] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.609464] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.609556] page dumped because: kasan: bad access detected [ 22.609626] [ 22.609669] Memory state around the buggy address: [ 22.609739] fff00000c413c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.609881] fff00000c413ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.610302] >fff00000c413ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.610455] ^ [ 22.610693] fff00000c413cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.611121] fff00000c413cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.611348] ==================================================================
[ 10.841889] ================================================================== [ 10.842558] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.843240] Write of size 1 at addr ffff888102734b73 by task kunit_try_catch/156 [ 10.843691] [ 10.844629] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 10.844973] Tainted: [N]=TEST [ 10.845004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.845235] Call Trace: [ 10.845301] <TASK> [ 10.845465] dump_stack_lvl+0x73/0xb0 [ 10.845551] print_report+0xd1/0x650 [ 10.845579] ? __virt_addr_valid+0x1db/0x2d0 [ 10.845603] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.845624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.845646] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.845668] kasan_report+0x141/0x180 [ 10.845690] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.845716] __asan_report_store1_noabort+0x1b/0x30 [ 10.845737] kmalloc_oob_right+0x6f0/0x7f0 [ 10.845759] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.845787] ? __schedule+0x10cc/0x2b30 [ 10.845811] ? __pfx_read_tsc+0x10/0x10 [ 10.845831] ? ktime_get_ts64+0x86/0x230 [ 10.845858] kunit_try_run_case+0x1a5/0x480 [ 10.845884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.845905] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.845928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.845951] ? __kthread_parkme+0x82/0x180 [ 10.845973] ? preempt_count_sub+0x50/0x80 [ 10.845999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.846021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.846043] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.846065] kthread+0x337/0x6f0 [ 10.846085] ? trace_preempt_on+0x20/0xc0 [ 10.846110] ? __pfx_kthread+0x10/0x10 [ 10.846131] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.846152] ? calculate_sigpending+0x7b/0xa0 [ 10.846174] ? __pfx_kthread+0x10/0x10 [ 10.846195] ret_from_fork+0x41/0x80 [ 10.846215] ? __pfx_kthread+0x10/0x10 [ 10.846236] ret_from_fork_asm+0x1a/0x30 [ 10.846291] </TASK> [ 10.846366] [ 10.856087] Allocated by task 156: [ 10.856658] kasan_save_stack+0x45/0x70 [ 10.856892] kasan_save_track+0x18/0x40 [ 10.857075] kasan_save_alloc_info+0x3b/0x50 [ 10.857542] __kasan_kmalloc+0xb7/0xc0 [ 10.857800] __kmalloc_cache_noprof+0x189/0x420 [ 10.858112] kmalloc_oob_right+0xa9/0x7f0 [ 10.858303] kunit_try_run_case+0x1a5/0x480 [ 10.858654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.858949] kthread+0x337/0x6f0 [ 10.859105] ret_from_fork+0x41/0x80 [ 10.859442] ret_from_fork_asm+0x1a/0x30 [ 10.859813] [ 10.859969] The buggy address belongs to the object at ffff888102734b00 [ 10.859969] which belongs to the cache kmalloc-128 of size 128 [ 10.860871] The buggy address is located 0 bytes to the right of [ 10.860871] allocated 115-byte region [ffff888102734b00, ffff888102734b73) [ 10.861434] [ 10.861614] The buggy address belongs to the physical page: [ 10.862237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102734 [ 10.862975] flags: 0x200000000000000(node=0|zone=2) [ 10.863724] page_type: f5(slab) [ 10.864264] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.864786] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.865183] page dumped because: kasan: bad access detected [ 10.865547] [ 10.865638] Memory state around the buggy address: [ 10.866089] ffff888102734a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.866724] ffff888102734a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.867036] >ffff888102734b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.867310] ^ [ 10.867761] ffff888102734b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.868046] ffff888102734c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.868396] ================================================================== [ 10.888083] ================================================================== [ 10.888354] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.888665] Read of size 1 at addr ffff888102734b80 by task kunit_try_catch/156 [ 10.888997] [ 10.889104] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 10.889197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.889210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.889244] Call Trace: [ 10.889259] <TASK> [ 10.889273] dump_stack_lvl+0x73/0xb0 [ 10.889297] print_report+0xd1/0x650 [ 10.889318] ? __virt_addr_valid+0x1db/0x2d0 [ 10.889349] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.889369] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.889426] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.889449] kasan_report+0x141/0x180 [ 10.889471] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.889498] __asan_report_load1_noabort+0x18/0x20 [ 10.889518] kmalloc_oob_right+0x68a/0x7f0 [ 10.889540] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.889562] ? __schedule+0x10cc/0x2b30 [ 10.889585] ? __pfx_read_tsc+0x10/0x10 [ 10.889603] ? ktime_get_ts64+0x86/0x230 [ 10.889627] kunit_try_run_case+0x1a5/0x480 [ 10.889649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.889670] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.889692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.889715] ? __kthread_parkme+0x82/0x180 [ 10.889736] ? preempt_count_sub+0x50/0x80 [ 10.889760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.889791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.889812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.889834] kthread+0x337/0x6f0 [ 10.889854] ? trace_preempt_on+0x20/0xc0 [ 10.889876] ? __pfx_kthread+0x10/0x10 [ 10.889898] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.889919] ? calculate_sigpending+0x7b/0xa0 [ 10.889940] ? __pfx_kthread+0x10/0x10 [ 10.889961] ret_from_fork+0x41/0x80 [ 10.889981] ? __pfx_kthread+0x10/0x10 [ 10.890002] ret_from_fork_asm+0x1a/0x30 [ 10.890032] </TASK> [ 10.890042] [ 10.897414] Allocated by task 156: [ 10.897588] kasan_save_stack+0x45/0x70 [ 10.897799] kasan_save_track+0x18/0x40 [ 10.897992] kasan_save_alloc_info+0x3b/0x50 [ 10.898196] __kasan_kmalloc+0xb7/0xc0 [ 10.898555] __kmalloc_cache_noprof+0x189/0x420 [ 10.898798] kmalloc_oob_right+0xa9/0x7f0 [ 10.898997] kunit_try_run_case+0x1a5/0x480 [ 10.899207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.899410] kthread+0x337/0x6f0 [ 10.899532] ret_from_fork+0x41/0x80 [ 10.899731] ret_from_fork_asm+0x1a/0x30 [ 10.899935] [ 10.900030] The buggy address belongs to the object at ffff888102734b00 [ 10.900030] which belongs to the cache kmalloc-128 of size 128 [ 10.900583] The buggy address is located 13 bytes to the right of [ 10.900583] allocated 115-byte region [ffff888102734b00, ffff888102734b73) [ 10.901069] [ 10.901209] The buggy address belongs to the physical page: [ 10.901571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102734 [ 10.901902] flags: 0x200000000000000(node=0|zone=2) [ 10.902086] page_type: f5(slab) [ 10.902295] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.902531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.902751] page dumped because: kasan: bad access detected [ 10.902979] [ 10.903242] Memory state around the buggy address: [ 10.903601] ffff888102734a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.903919] ffff888102734b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.904362] >ffff888102734b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.904681] ^ [ 10.904852] ffff888102734c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.905142] ffff888102734c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.905373] ================================================================== [ 10.869393] ================================================================== [ 10.869670] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.870242] Write of size 1 at addr ffff888102734b78 by task kunit_try_catch/156 [ 10.870794] [ 10.870897] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 10.870939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.870950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.870968] Call Trace: [ 10.870978] <TASK> [ 10.870991] dump_stack_lvl+0x73/0xb0 [ 10.871015] print_report+0xd1/0x650 [ 10.871036] ? __virt_addr_valid+0x1db/0x2d0 [ 10.871057] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.871078] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.871099] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.871120] kasan_report+0x141/0x180 [ 10.871158] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.871184] __asan_report_store1_noabort+0x1b/0x30 [ 10.871204] kmalloc_oob_right+0x6bd/0x7f0 [ 10.871226] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.871248] ? __schedule+0x10cc/0x2b30 [ 10.871270] ? __pfx_read_tsc+0x10/0x10 [ 10.871289] ? ktime_get_ts64+0x86/0x230 [ 10.871313] kunit_try_run_case+0x1a5/0x480 [ 10.871348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.871369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.871458] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.871486] ? __kthread_parkme+0x82/0x180 [ 10.871507] ? preempt_count_sub+0x50/0x80 [ 10.871531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.871554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.871576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.871598] kthread+0x337/0x6f0 [ 10.871617] ? trace_preempt_on+0x20/0xc0 [ 10.871640] ? __pfx_kthread+0x10/0x10 [ 10.871661] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.871682] ? calculate_sigpending+0x7b/0xa0 [ 10.871703] ? __pfx_kthread+0x10/0x10 [ 10.871724] ret_from_fork+0x41/0x80 [ 10.871744] ? __pfx_kthread+0x10/0x10 [ 10.871766] ret_from_fork_asm+0x1a/0x30 [ 10.871796] </TASK> [ 10.871806] [ 10.879165] Allocated by task 156: [ 10.879347] kasan_save_stack+0x45/0x70 [ 10.879633] kasan_save_track+0x18/0x40 [ 10.879818] kasan_save_alloc_info+0x3b/0x50 [ 10.879961] __kasan_kmalloc+0xb7/0xc0 [ 10.880092] __kmalloc_cache_noprof+0x189/0x420 [ 10.880245] kmalloc_oob_right+0xa9/0x7f0 [ 10.880452] kunit_try_run_case+0x1a5/0x480 [ 10.880658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.880904] kthread+0x337/0x6f0 [ 10.881074] ret_from_fork+0x41/0x80 [ 10.881369] ret_from_fork_asm+0x1a/0x30 [ 10.881506] [ 10.881574] The buggy address belongs to the object at ffff888102734b00 [ 10.881574] which belongs to the cache kmalloc-128 of size 128 [ 10.882641] The buggy address is located 5 bytes to the right of [ 10.882641] allocated 115-byte region [ffff888102734b00, ffff888102734b73) [ 10.883029] [ 10.883101] The buggy address belongs to the physical page: [ 10.883542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102734 [ 10.883898] flags: 0x200000000000000(node=0|zone=2) [ 10.884128] page_type: f5(slab) [ 10.884280] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.884634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.884931] page dumped because: kasan: bad access detected [ 10.885100] [ 10.885168] Memory state around the buggy address: [ 10.885319] ffff888102734a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.885647] ffff888102734a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.885965] >ffff888102734b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.886221] ^ [ 10.886439] ffff888102734b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.887069] ffff888102734c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.887634] ==================================================================
[ 20.628685] ================================================================== [ 20.629366] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 20.630026] Write of size 1 at addr ffff00000c9cff73 by task kunit_try_catch/190 [ 20.630714] [ 20.630880] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G N 6.15.0-rc3 #1 PREEMPT [ 20.630926] Tainted: [N]=TEST [ 20.630938] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.630955] Call trace: [ 20.630967] show_stack+0x20/0x38 (C) [ 20.631001] dump_stack_lvl+0x8c/0xd0 [ 20.631033] print_report+0x118/0x608 [ 20.631062] kasan_report+0xdc/0x128 [ 20.631090] __asan_report_store1_noabort+0x20/0x30 [ 20.631125] kmalloc_oob_right+0x5a4/0x660 [ 20.631158] kunit_try_run_case+0x170/0x3f0 [ 20.631193] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.631231] kthread+0x328/0x630 [ 20.631265] ret_from_fork+0x10/0x20 [ 20.631298] [ 20.636776] Allocated by task 190: [ 20.637106] kasan_save_stack+0x3c/0x68 [ 20.637484] kasan_save_track+0x20/0x40 [ 20.637855] kasan_save_alloc_info+0x40/0x58 [ 20.638270] __kasan_kmalloc+0xd4/0xd8 [ 20.638632] __kmalloc_cache_noprof+0x15c/0x3c0 [ 20.639073] kmalloc_oob_right+0xb0/0x660 [ 20.639466] kunit_try_run_case+0x170/0x3f0 [ 20.639873] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.640398] kthread+0x328/0x630 [ 20.640721] ret_from_fork+0x10/0x20 [ 20.641070] [ 20.641224] The buggy address belongs to the object at ffff00000c9cff00 [ 20.641224] which belongs to the cache kmalloc-128 of size 128 [ 20.642356] The buggy address is located 0 bytes to the right of [ 20.642356] allocated 115-byte region [ffff00000c9cff00, ffff00000c9cff73) [ 20.643530] [ 20.643683] The buggy address belongs to the physical page: [ 20.644200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc9cf [ 20.644924] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 20.645535] page_type: f5(slab) [ 20.645849] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 20.646565] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.647272] page dumped because: kasan: bad access detected [ 20.647786] [ 20.647938] Memory state around the buggy address: [ 20.648386] ffff00000c9cfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.649052] ffff00000c9cfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.649717] >ffff00000c9cff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.650377] ^ [ 20.651010] ffff00000c9cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.651675] ffff00000c9d0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.652336] ================================================================== [ 20.654402] ================================================================== [ 20.655057] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 20.655708] Write of size 1 at addr ffff00000c9cff78 by task kunit_try_catch/190 [ 20.656381] [ 20.656536] CPU: 4 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.656571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.656581] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.656593] Call trace: [ 20.656601] show_stack+0x20/0x38 (C) [ 20.656625] dump_stack_lvl+0x8c/0xd0 [ 20.656645] print_report+0x118/0x608 [ 20.656664] kasan_report+0xdc/0x128 [ 20.656682] __asan_report_store1_noabort+0x20/0x30 [ 20.656704] kmalloc_oob_right+0x538/0x660 [ 20.656726] kunit_try_run_case+0x170/0x3f0 [ 20.656750] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.656775] kthread+0x328/0x630 [ 20.656798] ret_from_fork+0x10/0x20 [ 20.656819] [ 20.662350] Allocated by task 190: [ 20.662667] kasan_save_stack+0x3c/0x68 [ 20.663028] kasan_save_track+0x20/0x40 [ 20.663387] kasan_save_alloc_info+0x40/0x58 [ 20.663785] __kasan_kmalloc+0xd4/0xd8 [ 20.664136] __kmalloc_cache_noprof+0x15c/0x3c0 [ 20.664561] kmalloc_oob_right+0xb0/0x660 [ 20.664939] kunit_try_run_case+0x170/0x3f0 [ 20.665330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.665838] kthread+0x328/0x630 [ 20.666147] ret_from_fork+0x10/0x20 [ 20.666484] [ 20.666630] The buggy address belongs to the object at ffff00000c9cff00 [ 20.666630] which belongs to the cache kmalloc-128 of size 128 [ 20.667746] The buggy address is located 5 bytes to the right of [ 20.667746] allocated 115-byte region [ffff00000c9cff00, ffff00000c9cff73) [ 20.668903] [ 20.669049] The buggy address belongs to the physical page: [ 20.669553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc9cf [ 20.670262] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 20.670859] page_type: f5(slab) [ 20.671158] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 20.671858] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.672552] page dumped because: kasan: bad access detected [ 20.673055] [ 20.673200] Memory state around the buggy address: [ 20.673637] ffff00000c9cfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.674289] ffff00000c9cfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.674941] >ffff00000c9cff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.675590] ^ [ 20.676233] ffff00000c9cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.676884] ffff00000c9d0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.677532] ================================================================== [ 20.678323] ================================================================== [ 20.678976] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 20.679613] Read of size 1 at addr ffff00000c9cff80 by task kunit_try_catch/190 [ 20.680276] [ 20.680425] CPU: 4 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.680457] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.680466] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.680476] Call trace: [ 20.680483] show_stack+0x20/0x38 (C) [ 20.680502] dump_stack_lvl+0x8c/0xd0 [ 20.680520] print_report+0x118/0x608 [ 20.680539] kasan_report+0xdc/0x128 [ 20.680557] __asan_report_load1_noabort+0x20/0x30 [ 20.680579] kmalloc_oob_right+0x5d0/0x660 [ 20.680600] kunit_try_run_case+0x170/0x3f0 [ 20.680623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.680648] kthread+0x328/0x630 [ 20.680669] ret_from_fork+0x10/0x20 [ 20.680688] [ 20.686211] Allocated by task 190: [ 20.686525] kasan_save_stack+0x3c/0x68 [ 20.686884] kasan_save_track+0x20/0x40 [ 20.687242] kasan_save_alloc_info+0x40/0x58 [ 20.687639] __kasan_kmalloc+0xd4/0xd8 [ 20.687989] __kmalloc_cache_noprof+0x15c/0x3c0 [ 20.688414] kmalloc_oob_right+0xb0/0x660 [ 20.688790] kunit_try_run_case+0x170/0x3f0 [ 20.689182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.689689] kthread+0x328/0x630 [ 20.689998] ret_from_fork+0x10/0x20 [ 20.690335] [ 20.690480] The buggy address belongs to the object at ffff00000c9cff00 [ 20.690480] which belongs to the cache kmalloc-128 of size 128 [ 20.691595] The buggy address is located 13 bytes to the right of [ 20.691595] allocated 115-byte region [ffff00000c9cff00, ffff00000c9cff73) [ 20.692758] [ 20.692903] The buggy address belongs to the physical page: [ 20.693407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc9cf [ 20.694114] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 20.694707] page_type: f5(slab) [ 20.695004] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 20.695703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.696397] page dumped because: kasan: bad access detected [ 20.696901] [ 20.697045] Memory state around the buggy address: [ 20.697482] ffff00000c9cfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.698134] ffff00000c9cff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 20.698785] >ffff00000c9cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.699433] ^ [ 20.699734] ffff00000c9d0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.700385] ffff00000c9d0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.701033] ==================================================================