Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 170.737022] ================================================================== [ 170.737179] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 170.737335] Read of size 12 at addr ffff9a6056144de0 by task kunit_try_catch/3323 [ 170.737415] [ 170.737524] CPU: 1 UID: 0 PID: 3323 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc3 #1 PREEMPT [ 170.737705] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 170.737760] Hardware name: linux,dummy-virt (DT) [ 170.737827] Call trace: [ 170.737888] show_stack+0x20/0x38 (C) [ 170.737988] dump_stack_lvl+0x8c/0xd0 [ 170.738086] print_report+0x310/0x608 [ 170.738181] kasan_report+0xdc/0x128 [ 170.738267] kasan_check_range+0x100/0x1a8 [ 170.738354] __asan_memcpy+0x3c/0x98 [ 170.738439] cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 170.738524] cs_dsp_mock_bin_add_info+0x18/0x30 [ 170.738641] bin_patch_name_and_info+0x168/0x6b0 [ 170.738728] kunit_try_run_case+0x170/0x3f0 [ 170.738813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 170.738904] kthread+0x328/0x630 [ 170.738964] ret_from_fork+0x10/0x20 [ 170.739019] [ 170.739042] The buggy address belongs to the variable: [ 170.739066] __loc.0+0x2c0/0x3a0 [ 170.739113] [ 170.739192] The buggy address belongs to the virtual mapping at [ 170.739192] [ffff9a6054e50000, ffff9a6056b60000) created by: [ 170.739192] paging_init+0x620/0x7d0 [ 170.739251] [ 170.739356] The buggy address belongs to the physical page: [ 170.739415] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44f44 [ 170.739494] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 170.739626] raw: 03fffe0000002000 ffffc1ffc013d108 ffffc1ffc013d108 0000000000000000 [ 170.739692] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 170.739779] page dumped because: kasan: bad access detected [ 170.739829] [ 170.739875] Memory state around the buggy address: [ 170.739937] ffff9a6056144c80: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 [ 170.740002] ffff9a6056144d00: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 [ 170.740058] >ffff9a6056144d80: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 [ 170.740110] ^ [ 170.740159] ffff9a6056144e00: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 [ 170.740190] ffff9a6056144e80: 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 170.740219] ==================================================================
[ 150.180339] ================================================================== [ 150.180804] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 150.181046] Read of size 12 at addr ffff9a6be46487c0 by task kunit_try_catch/3086 [ 150.181162] [ 150.181291] CPU: 0 UID: 0 PID: 3086 Comm: kunit_try_catch Tainted: G D W N 6.15.0-rc3 #1 PREEMPT [ 150.181385] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 150.181413] Hardware name: linux,dummy-virt (DT) [ 150.181470] Call trace: [ 150.181503] show_stack+0x18/0x24 (C) [ 150.181573] dump_stack_lvl+0x74/0x8c [ 150.181629] print_report+0x300/0x5f4 [ 150.181685] kasan_report+0xc4/0x108 [ 150.181739] kasan_check_range+0x100/0x1a8 [ 150.181793] __asan_memcpy+0x3c/0x94 [ 150.181847] cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 150.181906] cs_dsp_mock_bin_add_info+0x10/0x1c [ 150.181963] bin_patch_name_and_info+0x15c/0x6a0 [ 150.182019] kunit_try_run_case+0x144/0x3bc [ 150.182079] kunit_generic_run_threadfn_adapter+0x80/0xec [ 150.182137] kthread+0x37c/0x67c [ 150.182193] ret_from_fork+0x10/0x20 [ 150.182260] [ 150.182331] The buggy address belongs to the variable: [ 150.182364] __loc.0+0x2c0/0x3a0 [ 150.182421] [ 150.182552] The buggy address belongs to the virtual mapping at [ 150.182552] [ffff9a6be3580000, ffff9a6be4e40000) created by: [ 150.182552] paging_init+0x4d4/0x640 [ 150.182629] [ 150.182704] The buggy address belongs to the physical page: [ 150.183088] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44248 [ 150.183226] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 150.183647] raw: 03fffe0000002000 ffffc1ffc0109208 ffffc1ffc0109208 0000000000000000 [ 150.183710] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 150.183830] page dumped because: kasan: bad access detected [ 150.183877] [ 150.183910] Memory state around the buggy address: [ 150.184180] ffff9a6be4648680: 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 [ 150.184262] ffff9a6be4648700: 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 150.184318] >ffff9a6be4648780: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 150.184373] ^ [ 150.184553] ffff9a6be4648800: 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 150.184629] ffff9a6be4648880: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 06 f9 f9 [ 150.184744] ==================================================================
[ 107.094390] ================================================================== [ 107.094637] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.1+0x198/0x33c [ 107.094732] Read of size 12 at addr ffffac6be86d63c0 by task kunit_try_catch/3086 [ 107.094777] [ 107.094843] CPU: 1 UID: 0 PID: 3086 Comm: kunit_try_catch Tainted: G D W N 6.15.0-rc3 #1 PREEMPT [ 107.094918] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 107.094943] Hardware name: linux,dummy-virt (DT) [ 107.094973] Call trace: [ 107.094997] show_stack+0x18/0x24 (C) [ 107.095065] dump_stack_lvl+0x78/0x90 [ 107.095115] print_report+0x1d4/0x5dc [ 107.095162] kasan_report+0x78/0xc0 [ 107.095205] kasan_check_range+0x180/0x210 [ 107.095250] memcpy+0x3c/0xa4 [ 107.095292] cs_dsp_mock_bin_add_name_or_info.isra.1+0x198/0x33c [ 107.095337] cs_dsp_mock_bin_add_info+0x10/0x1c [ 107.095380] bin_patch_name_and_info+0x164/0x6a8 [ 107.095423] kunit_try_run_case+0x144/0x3bc [ 107.095468] kunit_generic_run_threadfn_adapter+0x80/0xec [ 107.095518] kthread+0x3f0/0x744 [ 107.095561] ret_from_fork+0x10/0x20 [ 107.095615] [ 107.095666] The buggy address belongs to the variable: [ 107.095693] __loc.44591+0x280/0x420 [ 107.095739] [ 107.095841] The buggy address belongs to the virtual mapping at [ 107.095841] [ffffac6be7600000, ffffac6be8ec0000) created by: [ 107.095841] paging_init+0x474/0x61c [ 107.095895] [ 107.095957] The buggy address belongs to the physical page: [ 107.096227] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x442d6 [ 107.096329] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 107.096702] raw: 03fffe0000002000 ffffc1ffc010b588 ffffc1ffc010b588 0000000000000000 [ 107.096751] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 107.096840] page dumped because: kasan: bad access detected [ 107.096874] [ 107.096898] Memory state around the buggy address: [ 107.097126] ffffac6be86d6280: 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 [ 107.097183] ffffac6be86d6300: 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 107.097226] >ffffac6be86d6380: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 [ 107.097266] ^ [ 107.097338] ffffac6be86d6400: 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 00 06 f9 f9 [ 107.097370] ffffac6be86d6480: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 [ 107.097419] ==================================================================
[ 216.228965] ================================================================== [ 216.230058] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 216.230914] Read of size 12 at addr ffffffff9aeccd00 by task kunit_try_catch/4184 [ 216.231617] [ 216.231852] CPU: 1 UID: 0 PID: 4184 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 216.231980] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 216.232019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 216.232067] Call Trace: [ 216.232105] <TASK> [ 216.232177] dump_stack_lvl+0x73/0xb0 [ 216.232283] print_report+0xd1/0x650 [ 216.232369] ? __virt_addr_valid+0x1db/0x2d0 [ 216.232447] ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 216.232524] ? kasan_addr_to_slab+0x11/0xa0 [ 216.232597] ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 216.232675] kasan_report+0x141/0x180 [ 216.232752] ? cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 216.232840] kasan_check_range+0x10c/0x1c0 [ 216.232926] __asan_memcpy+0x27/0x70 [ 216.232962] cs_dsp_mock_bin_add_name_or_info.isra.0+0x1c1/0x3d0 [ 216.232998] ? __pfx_cs_dsp_mock_bin_add_name_or_info.isra.0+0x10/0x10 [ 216.233030] ? __pfx_cs_dsp_mock_reg_addr_inc_per_unpacked_word+0x10/0x10 [ 216.233059] ? __pfx__cs_dsp_remove_wrapper+0x10/0x10 [ 216.233094] cs_dsp_mock_bin_add_info+0x12/0x20 [ 216.233162] bin_patch_name_and_info+0x1a1/0x8d0 [ 216.233228] ? __pfx_bin_patch_name_and_info+0x10/0x10 [ 216.233265] ? __pfx_kfree_action_wrapper+0x10/0x10 [ 216.233309] ? kunit_add_action_or_reset+0x1d/0x40 [ 216.233338] ? __pfx_read_tsc+0x10/0x10 [ 216.233364] ? ktime_get_ts64+0x86/0x230 [ 216.233399] kunit_try_run_case+0x1a5/0x480 [ 216.233427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 216.233457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 216.233487] ? __kthread_parkme+0x82/0x180 [ 216.233516] ? preempt_count_sub+0x50/0x80 [ 216.233548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 216.233576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 216.233603] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 216.233628] kthread+0x337/0x6f0 [ 216.233657] ? trace_preempt_on+0x20/0xc0 [ 216.233690] ? __pfx_kthread+0x10/0x10 [ 216.233721] ? _raw_spin_unlock_irq+0x47/0x80 [ 216.233749] ? calculate_sigpending+0x7b/0xa0 [ 216.233777] ? __pfx_kthread+0x10/0x10 [ 216.233808] ret_from_fork+0x41/0x80 [ 216.233835] ? __pfx_kthread+0x10/0x10 [ 216.233864] ret_from_fork_asm+0x1a/0x30 [ 216.233907] </TASK> [ 216.233921] [ 216.249905] The buggy address belongs to the variable: [ 216.250373] __loc.16+0x80/0x540 [ 216.250766] [ 216.251001] The buggy address belongs to the physical page: [ 216.251568] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x596cc [ 216.252323] flags: 0x100000000002000(reserved|node=0|zone=1) [ 216.252728] raw: 0100000000002000 ffffea000165b308 ffffea000165b308 0000000000000000 [ 216.253424] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 216.254010] page dumped because: kasan: bad access detected [ 216.254476] [ 216.254713] Memory state around the buggy address: [ 216.255165] ffffffff9aeccc00: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 216.255729] ffffffff9aeccc80: 00 00 f9 f9 f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 [ 216.256294] >ffffffff9aeccd00: 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 [ 216.256800] ^ [ 216.257085] ffffffff9aeccd80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 [ 216.257804] ffffffff9aecce00: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 [ 216.258477] ==================================================================
[ 94.668110] ================================================================== [ 94.669311] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 94.670155] Read of size 12 at addr ffff800084d44de0 by task kunit_try_catch/3379 [ 94.670849] [ 94.671016] CPU: 0 UID: 0 PID: 3379 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc3 #1 PREEMPT [ 94.671061] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 94.671075] Hardware name: Radxa ROCK Pi 4B (DT) [ 94.671089] Call trace: [ 94.671101] show_stack+0x20/0x38 (C) [ 94.671136] dump_stack_lvl+0x8c/0xd0 [ 94.671166] print_report+0x310/0x608 [ 94.671196] kasan_report+0xdc/0x128 [ 94.671223] kasan_check_range+0x100/0x1a8 [ 94.671253] __asan_memcpy+0x3c/0x98 [ 94.671283] cs_dsp_mock_bin_add_name_or_info.isra.0+0x19c/0x348 [ 94.671315] cs_dsp_mock_bin_add_info+0x18/0x30 [ 94.671342] bin_patch_name_and_info+0x168/0x6b0 [ 94.671373] kunit_try_run_case+0x170/0x3f0 [ 94.671406] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 94.671441] kthread+0x328/0x630 [ 94.671475] ret_from_fork+0x10/0x20 [ 94.671506] [ 94.678469] The buggy address belongs to the variable: [ 94.678943] __loc.0+0x2c0/0x3a0 [ 94.679268] [ 94.679435] The buggy address belongs to the virtual mapping at [ 94.679435] [ffff800083a50000, ffff800085760000) created by: [ 94.679435] paging_init+0x620/0x7d0 [ 94.680808] [ 94.680885] dwmmc_rockchip fe310000.mmc: IDMAC supports 32-bit address mode. [ 94.680960] The buggy address belongs to the physical page: [ 94.681669] dwmmc_rockchip fe310000.mmc: Using internal DMA controller. [ 94.682081] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7544 [ 94.682669] dwmmc_rockchip fe310000.mmc: Version ID is 270a [ 94.683350] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 94.683897] dwmmc_rockchip fe310000.mmc: DW MMC controller at irq 49,32 bit host data width,256 deep fifo [ 94.684496] raw: 03fffe0000002000 fffffdffc01d5108 fffffdffc01d5108 0000000000000000 [ 94.686014] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 94.686714] page dumped because: kasan: bad access detected [ 94.687225] [ 94.687379] Memory state around the buggy address: [ 94.687826] ffff800084d44c80: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 [ 94.688486] ffff800084d44d00: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 [ 94.689147] >ffff800084d44d80: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 [ 94.689802] ^ [ 94.690407] ffff800084d44e00: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 [ 94.691066] ffff800084d44e80: 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 94.691722] ==================================================================