Date
April 20, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 22.703423] ================================================================== [ 22.703517] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 22.703718] Write of size 1 at addr fff00000c413cc78 by task kunit_try_catch/144 [ 22.704321] [ 22.704488] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 22.704840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.704960] Hardware name: linux,dummy-virt (DT) [ 22.705044] Call trace: [ 22.705104] show_stack+0x20/0x38 (C) [ 22.705363] dump_stack_lvl+0x8c/0xd0 [ 22.705754] print_report+0x118/0x608 [ 22.706091] kasan_report+0xdc/0x128 [ 22.706424] __asan_report_store1_noabort+0x20/0x30 [ 22.706639] kmalloc_track_caller_oob_right+0x418/0x488 [ 22.706772] kunit_try_run_case+0x170/0x3f0 [ 22.706901] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.707079] kthread+0x328/0x630 [ 22.707589] ret_from_fork+0x10/0x20 [ 22.707964] [ 22.708024] Allocated by task 144: [ 22.708092] kasan_save_stack+0x3c/0x68 [ 22.708286] kasan_save_track+0x20/0x40 [ 22.708410] kasan_save_alloc_info+0x40/0x58 [ 22.708560] __kasan_kmalloc+0xd4/0xd8 [ 22.708653] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 22.708793] kmalloc_track_caller_oob_right+0x184/0x488 [ 22.709074] kunit_try_run_case+0x170/0x3f0 [ 22.709242] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.709460] kthread+0x328/0x630 [ 22.709682] ret_from_fork+0x10/0x20 [ 22.709772] [ 22.709867] The buggy address belongs to the object at fff00000c413cc00 [ 22.709867] which belongs to the cache kmalloc-128 of size 128 [ 22.710048] The buggy address is located 0 bytes to the right of [ 22.710048] allocated 120-byte region [fff00000c413cc00, fff00000c413cc78) [ 22.710213] [ 22.710321] The buggy address belongs to the physical page: [ 22.710631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10413c [ 22.711033] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.711176] page_type: f5(slab) [ 22.711265] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.711381] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.711473] page dumped because: kasan: bad access detected [ 22.711628] [ 22.711721] Memory state around the buggy address: [ 22.711904] fff00000c413cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.712031] fff00000c413cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.712137] >fff00000c413cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.712231] ^ [ 22.712424] fff00000c413cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.712695] fff00000c413cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.712786] ================================================================== [ 22.693287] ================================================================== [ 22.693407] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 22.693525] Write of size 1 at addr fff00000c413cb78 by task kunit_try_catch/144 [ 22.693640] [ 22.693710] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 22.693888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.693969] Hardware name: linux,dummy-virt (DT) [ 22.694043] Call trace: [ 22.694095] show_stack+0x20/0x38 (C) [ 22.694244] dump_stack_lvl+0x8c/0xd0 [ 22.694376] print_report+0x118/0x608 [ 22.694507] kasan_report+0xdc/0x128 [ 22.694946] __asan_report_store1_noabort+0x20/0x30 [ 22.695416] kmalloc_track_caller_oob_right+0x40c/0x488 [ 22.695810] kunit_try_run_case+0x170/0x3f0 [ 22.696007] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.696227] kthread+0x328/0x630 [ 22.696492] ret_from_fork+0x10/0x20 [ 22.696759] [ 22.696806] Allocated by task 144: [ 22.696982] kasan_save_stack+0x3c/0x68 [ 22.697235] kasan_save_track+0x20/0x40 [ 22.697393] kasan_save_alloc_info+0x40/0x58 [ 22.697518] __kasan_kmalloc+0xd4/0xd8 [ 22.697653] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 22.697906] kmalloc_track_caller_oob_right+0xa8/0x488 [ 22.698129] kunit_try_run_case+0x170/0x3f0 [ 22.698233] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.698354] kthread+0x328/0x630 [ 22.698454] ret_from_fork+0x10/0x20 [ 22.698737] [ 22.698901] The buggy address belongs to the object at fff00000c413cb00 [ 22.698901] which belongs to the cache kmalloc-128 of size 128 [ 22.699059] The buggy address is located 0 bytes to the right of [ 22.699059] allocated 120-byte region [fff00000c413cb00, fff00000c413cb78) [ 22.699208] [ 22.699273] The buggy address belongs to the physical page: [ 22.699435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10413c [ 22.699607] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 22.699716] page_type: f5(slab) [ 22.699830] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 22.700074] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.700173] page dumped because: kasan: bad access detected [ 22.700518] [ 22.700565] Memory state around the buggy address: [ 22.701010] fff00000c413ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.701145] fff00000c413ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.701376] >fff00000c413cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.701536] ^ [ 22.701638] fff00000c413cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.701737] fff00000c413cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.701823] ==================================================================
[ 10.982178] ================================================================== [ 10.983356] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.984145] Write of size 1 at addr ffff888102b31878 by task kunit_try_catch/162 [ 10.984471] [ 10.984561] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 10.984604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.984615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.984635] Call Trace: [ 10.984647] <TASK> [ 10.984662] dump_stack_lvl+0x73/0xb0 [ 10.984689] print_report+0xd1/0x650 [ 10.984711] ? __virt_addr_valid+0x1db/0x2d0 [ 10.984733] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.984757] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.984778] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.984803] kasan_report+0x141/0x180 [ 10.984825] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.984855] __asan_report_store1_noabort+0x1b/0x30 [ 10.984876] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.984901] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.984926] ? __schedule+0x10cc/0x2b30 [ 10.984950] ? __pfx_read_tsc+0x10/0x10 [ 10.984968] ? ktime_get_ts64+0x86/0x230 [ 10.984993] kunit_try_run_case+0x1a5/0x480 [ 10.985016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.985037] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.985060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.985083] ? __kthread_parkme+0x82/0x180 [ 10.985104] ? preempt_count_sub+0x50/0x80 [ 10.985128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.985150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.985172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.985194] kthread+0x337/0x6f0 [ 10.985213] ? trace_preempt_on+0x20/0xc0 [ 10.985237] ? __pfx_kthread+0x10/0x10 [ 10.985258] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.985279] ? calculate_sigpending+0x7b/0xa0 [ 10.985301] ? __pfx_kthread+0x10/0x10 [ 10.985334] ret_from_fork+0x41/0x80 [ 10.985354] ? __pfx_kthread+0x10/0x10 [ 10.985375] ret_from_fork_asm+0x1a/0x30 [ 10.985406] </TASK> [ 10.985416] [ 10.998023] Allocated by task 162: [ 10.998173] kasan_save_stack+0x45/0x70 [ 10.998317] kasan_save_track+0x18/0x40 [ 10.998573] kasan_save_alloc_info+0x3b/0x50 [ 10.998789] __kasan_kmalloc+0xb7/0xc0 [ 10.998975] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.999346] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.999634] kunit_try_run_case+0x1a5/0x480 [ 10.999788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.000028] kthread+0x337/0x6f0 [ 11.000312] ret_from_fork+0x41/0x80 [ 11.000512] ret_from_fork_asm+0x1a/0x30 [ 11.000709] [ 11.001050] The buggy address belongs to the object at ffff888102b31800 [ 11.001050] which belongs to the cache kmalloc-128 of size 128 [ 11.001479] The buggy address is located 0 bytes to the right of [ 11.001479] allocated 120-byte region [ffff888102b31800, ffff888102b31878) [ 11.002250] [ 11.002977] The buggy address belongs to the physical page: [ 11.003241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b31 [ 11.003819] flags: 0x200000000000000(node=0|zone=2) [ 11.004344] page_type: f5(slab) [ 11.004721] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.005486] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.006090] page dumped because: kasan: bad access detected [ 11.006733] [ 11.006930] Memory state around the buggy address: [ 11.007219] ffff888102b31700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.007467] ffff888102b31780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.008170] >ffff888102b31800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.009074] ^ [ 11.009359] ffff888102b31880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.010066] ffff888102b31900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.010357] ==================================================================
[ 20.779804] ================================================================== [ 20.780889] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.781656] Write of size 1 at addr ffff00000ea7e578 by task kunit_try_catch/196 [ 20.782344] [ 20.782509] CPU: 3 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.782558] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.782572] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.782590] Call trace: [ 20.782601] show_stack+0x20/0x38 (C) [ 20.782634] dump_stack_lvl+0x8c/0xd0 [ 20.782665] print_report+0x118/0x608 [ 20.782695] kasan_report+0xdc/0x128 [ 20.782722] __asan_report_store1_noabort+0x20/0x30 [ 20.782755] kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.782793] kunit_try_run_case+0x170/0x3f0 [ 20.782829] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.782868] kthread+0x328/0x630 [ 20.782902] ret_from_fork+0x10/0x20 [ 20.782935] [ 20.788614] Allocated by task 196: [ 20.788940] kasan_save_stack+0x3c/0x68 [ 20.789313] kasan_save_track+0x20/0x40 [ 20.789685] kasan_save_alloc_info+0x40/0x58 [ 20.790099] __kasan_kmalloc+0xd4/0xd8 [ 20.790465] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 20.790994] kmalloc_track_caller_oob_right+0xa8/0x488 [ 20.791487] kunit_try_run_case+0x170/0x3f0 [ 20.791896] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.792420] kthread+0x328/0x630 [ 20.792744] ret_from_fork+0x10/0x20 [ 20.793094] [ 20.793247] The buggy address belongs to the object at ffff00000ea7e500 [ 20.793247] which belongs to the cache kmalloc-128 of size 128 [ 20.794380] The buggy address is located 0 bytes to the right of [ 20.794380] allocated 120-byte region [ffff00000ea7e500, ffff00000ea7e578) [ 20.795554] [ 20.795708] The buggy address belongs to the physical page: [ 20.796224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xea7e [ 20.796949] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 20.797560] page_type: f5(slab) [ 20.797875] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 20.798591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.799298] page dumped because: kasan: bad access detected [ 20.799813] [ 20.799965] Memory state around the buggy address: [ 20.800413] ffff00000ea7e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.801079] ffff00000ea7e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.801744] >ffff00000ea7e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.802406] ^ [ 20.803062] ffff00000ea7e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.803728] ffff00000ea7e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.804390] ==================================================================