Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 17.246159] ================================================================== [ 17.246358] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 17.246496] Read of size 1 at addr fff00000c625605f by task kunit_try_catch/140 [ 17.246696] [ 17.246798] CPU: 1 UID: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.247041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.247119] Hardware name: linux,dummy-virt (DT) [ 17.247185] Call trace: [ 17.247226] show_stack+0x20/0x38 (C) [ 17.247314] dump_stack_lvl+0x8c/0xd0 [ 17.247426] print_report+0x118/0x608 [ 17.247568] kasan_report+0xdc/0x128 [ 17.247673] __asan_report_load1_noabort+0x20/0x30 [ 17.247816] kmalloc_oob_left+0x2ec/0x320 [ 17.247956] kunit_try_run_case+0x170/0x3f0 [ 17.248099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.248214] kthread+0x328/0x630 [ 17.248309] ret_from_fork+0x10/0x20 [ 17.248409] [ 17.248450] Allocated by task 26: [ 17.248514] kasan_save_stack+0x3c/0x68 [ 17.248631] kasan_save_track+0x20/0x40 [ 17.248705] kasan_save_alloc_info+0x40/0x58 [ 17.248778] __kasan_kmalloc+0xd4/0xd8 [ 17.248842] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 17.248924] kstrdup+0x54/0xc8 [ 17.248999] devtmpfs_work_loop+0x3a4/0x5d0 [ 17.249086] devtmpfsd+0x50/0x58 [ 17.249166] kthread+0x328/0x630 [ 17.249241] ret_from_fork+0x10/0x20 [ 17.249313] [ 17.249383] Freed by task 26: [ 17.249576] kasan_save_stack+0x3c/0x68 [ 17.249674] kasan_save_track+0x20/0x40 [ 17.249758] kasan_save_free_info+0x4c/0x78 [ 17.249876] __kasan_slab_free+0x6c/0x98 [ 17.249987] kfree+0x214/0x3c8 [ 17.250064] devtmpfs_work_loop+0x4a8/0x5d0 [ 17.250187] devtmpfsd+0x50/0x58 [ 17.250292] kthread+0x328/0x630 [ 17.250386] ret_from_fork+0x10/0x20 [ 17.250475] [ 17.250521] The buggy address belongs to the object at fff00000c6256040 [ 17.250521] which belongs to the cache kmalloc-16 of size 16 [ 17.250644] The buggy address is located 15 bytes to the right of [ 17.250644] allocated 16-byte region [fff00000c6256040, fff00000c6256050) [ 17.250772] [ 17.250813] The buggy address belongs to the physical page: [ 17.250905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106256 [ 17.251089] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.251220] page_type: f5(slab) [ 17.251304] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.251420] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.251517] page dumped because: kasan: bad access detected [ 17.251602] [ 17.251641] Memory state around the buggy address: [ 17.251707] fff00000c6255f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.251806] fff00000c6255f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.251887] >fff00000c6256000: 00 00 fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 17.251964] ^ [ 17.252048] fff00000c6256080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.252148] fff00000c6256100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.252226] ==================================================================
[ 16.706335] ================================================================== [ 16.707372] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 16.708279] Read of size 1 at addr ffff8881021e3e3f by task kunit_try_catch/158 [ 16.709198] [ 16.709534] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 16.709683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.709721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.709816] Call Trace: [ 16.709856] <TASK> [ 16.709905] dump_stack_lvl+0x73/0xb0 [ 16.710001] print_report+0xd1/0x650 [ 16.710090] ? __virt_addr_valid+0x1db/0x2d0 [ 16.710185] ? kmalloc_oob_left+0x361/0x3c0 [ 16.710313] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.710405] ? kmalloc_oob_left+0x361/0x3c0 [ 16.710569] kasan_report+0x141/0x180 [ 16.710648] ? kmalloc_oob_left+0x361/0x3c0 [ 16.710697] __asan_report_load1_noabort+0x18/0x20 [ 16.710734] kmalloc_oob_left+0x361/0x3c0 [ 16.710773] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 16.710812] ? __schedule+0x10cc/0x2b30 [ 16.710854] ? __pfx_read_tsc+0x10/0x10 [ 16.710889] ? ktime_get_ts64+0x86/0x230 [ 16.710932] kunit_try_run_case+0x1a5/0x480 [ 16.710974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.711010] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.711049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.711089] ? __kthread_parkme+0x82/0x180 [ 16.711126] ? preempt_count_sub+0x50/0x80 [ 16.711167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.711205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.711242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.711280] kthread+0x337/0x6f0 [ 16.711336] ? trace_preempt_on+0x20/0xc0 [ 16.711405] ? __pfx_kthread+0x10/0x10 [ 16.711499] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.711609] ? calculate_sigpending+0x7b/0xa0 [ 16.711659] ? __pfx_kthread+0x10/0x10 [ 16.711699] ret_from_fork+0x41/0x80 [ 16.711735] ? __pfx_kthread+0x10/0x10 [ 16.711774] ret_from_fork_asm+0x1a/0x30 [ 16.711825] </TASK> [ 16.711840] [ 16.728190] Allocated by task 1: [ 16.728678] kasan_save_stack+0x45/0x70 [ 16.729174] kasan_save_track+0x18/0x40 [ 16.729705] kasan_save_alloc_info+0x3b/0x50 [ 16.731631] __kasan_kmalloc+0xb7/0xc0 [ 16.732291] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 16.733130] kvasprintf+0xc5/0x150 [ 16.733873] __kthread_create_on_node+0x18b/0x3a0 [ 16.734470] kthread_create_on_node+0xab/0xe0 [ 16.735315] create_worker+0x3e5/0x7b0 [ 16.736148] alloc_unbound_pwq+0x8ea/0xdb0 [ 16.737142] apply_wqattrs_prepare+0x332/0xd20 [ 16.737548] apply_workqueue_attrs_locked+0x4d/0xa0 [ 16.737822] alloc_workqueue+0xcc7/0x1ad0 [ 16.737996] latency_fsnotify_init+0x1b/0x50 [ 16.738170] do_one_initcall+0xd8/0x370 [ 16.738329] kernel_init_freeable+0x420/0x6f0 [ 16.738533] kernel_init+0x23/0x1e0 [ 16.738879] ret_from_fork+0x41/0x80 [ 16.739199] ret_from_fork_asm+0x1a/0x30 [ 16.739713] [ 16.739947] The buggy address belongs to the object at ffff8881021e3e20 [ 16.739947] which belongs to the cache kmalloc-16 of size 16 [ 16.741149] The buggy address is located 18 bytes to the right of [ 16.741149] allocated 13-byte region [ffff8881021e3e20, ffff8881021e3e2d) [ 16.742166] [ 16.742383] The buggy address belongs to the physical page: [ 16.742856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021e3 [ 16.743400] flags: 0x200000000000000(node=0|zone=2) [ 16.743938] page_type: f5(slab) [ 16.744314] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 16.744979] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.745370] page dumped because: kasan: bad access detected [ 16.745914] [ 16.746144] Memory state around the buggy address: [ 16.746655] ffff8881021e3d00: 00 02 fc fc 00 05 fc fc 00 02 fc fc 00 02 fc fc [ 16.747290] ffff8881021e3d80: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 16.747756] >ffff8881021e3e00: fa fb fc fc 00 05 fc fc 00 07 fc fc fc fc fc fc [ 16.749671] ^ [ 16.751774] ffff8881021e3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.752350] ffff8881021e3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.752796] ==================================================================
[ 19.010665] ================================================================== [ 19.011707] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 19.012366] Read of size 1 at addr ffff000002427adf by task kunit_try_catch/196 [ 19.013041] [ 19.013205] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.013253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.013267] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.013284] Call trace: [ 19.013295] show_stack+0x20/0x38 (C) [ 19.013327] dump_stack_lvl+0x8c/0xd0 [ 19.013358] print_report+0x118/0x608 [ 19.013387] kasan_report+0xdc/0x128 [ 19.013415] __asan_report_load1_noabort+0x20/0x30 [ 19.013448] kmalloc_oob_left+0x2ec/0x320 [ 19.013482] kunit_try_run_case+0x170/0x3f0 [ 19.013519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.013557] kthread+0x328/0x630 [ 19.013592] ret_from_fork+0x10/0x20 [ 19.013626] [ 19.019294] Allocated by task 11: [ 19.019635] kasan_save_stack+0x3c/0x68 [ 19.020035] kasan_save_track+0x20/0x40 [ 19.020432] kasan_save_alloc_info+0x40/0x58 [ 19.020873] __kasan_kmalloc+0xd4/0xd8 [ 19.021262] __kmalloc_noprof+0x190/0x4d0 [ 19.021676] usb_hcd_submit_urb+0x444/0x1a58 [ 19.022121] usb_submit_urb+0x564/0x1198 [ 19.022531] usb_start_wait_urb+0x120/0x3e8 [ 19.022965] usb_control_msg+0x2b4/0x3e0 [ 19.023375] hub_ext_port_status+0x114/0x580 [ 19.023823] hub_activate+0x2a4/0x1340 [ 19.024211] hub_resume+0xa8/0x380 [ 19.024566] usb_resume_interface.isra.0+0x1f8/0x348 [ 19.025076] usb_suspend_both+0x250/0x6f0 [ 19.025496] usb_runtime_suspend+0x3c/0xf8 [ 19.025926] __rpm_callback+0xa0/0x470 [ 19.026321] rpm_callback+0x168/0x1b0 [ 19.026705] rpm_suspend+0x1bc/0xcd8 [ 19.027080] __pm_runtime_suspend+0x5c/0x1e8 [ 19.027519] usb_runtime_idle+0x48/0x68 [ 19.027926] rpm_idle+0x13c/0x708 [ 19.028277] pm_runtime_work+0x110/0x170 [ 19.028684] process_one_work+0x530/0xf98 [ 19.029099] worker_thread+0x8ac/0xf28 [ 19.029489] kthread+0x328/0x630 [ 19.029843] ret_from_fork+0x10/0x20 [ 19.030220] [ 19.030388] Freed by task 11: [ 19.030694] kasan_save_stack+0x3c/0x68 [ 19.031094] kasan_save_track+0x20/0x40 [ 19.031490] kasan_save_free_info+0x4c/0x78 [ 19.031923] __kasan_slab_free+0x6c/0x98 [ 19.032328] kfree+0x214/0x3c8 [ 19.032664] usb_hcd_submit_urb+0x518/0x1a58 [ 19.033104] usb_submit_urb+0x564/0x1198 [ 19.033513] usb_start_wait_urb+0x120/0x3e8 [ 19.033948] usb_control_msg+0x2b4/0x3e0 [ 19.034356] hub_ext_port_status+0x114/0x580 [ 19.034802] hub_activate+0x2a4/0x1340 [ 19.035190] hub_resume+0xa8/0x380 [ 19.035547] usb_resume_interface.isra.0+0x1f8/0x348 [ 19.036054] usb_suspend_both+0x250/0x6f0 [ 19.036474] usb_runtime_suspend+0x3c/0xf8 [ 19.036903] __rpm_callback+0xa0/0x470 [ 19.037294] rpm_callback+0x168/0x1b0 [ 19.037677] rpm_suspend+0x1bc/0xcd8 [ 19.038053] __pm_runtime_suspend+0x5c/0x1e8 [ 19.038491] usb_runtime_idle+0x48/0x68 [ 19.038896] rpm_idle+0x13c/0x708 [ 19.039247] pm_runtime_work+0x110/0x170 [ 19.039653] process_one_work+0x530/0xf98 [ 19.040065] worker_thread+0x8ac/0xf28 [ 19.040453] kthread+0x328/0x630 [ 19.040804] ret_from_fork+0x10/0x20 [ 19.041180] [ 19.041348] The buggy address belongs to the object at ffff000002427ac0 [ 19.041348] which belongs to the cache kmalloc-16 of size 16 [ 19.042498] The buggy address is located 15 bytes to the right of [ 19.042498] allocated 16-byte region [ffff000002427ac0, ffff000002427ad0) [ 19.043707] [ 19.043876] The buggy address belongs to the physical page: [ 19.044412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2427 [ 19.045166] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.045806] page_type: f5(slab) [ 19.046144] raw: 03fffe0000000000 ffff000000402640 dead000000000122 0000000000000000 [ 19.046890] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.047623] page dumped because: kasan: bad access detected [ 19.048158] [ 19.048326] Memory state around the buggy address: [ 19.048796] ffff000002427980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.049488] ffff000002427a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.050181] >ffff000002427a80: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 19.050866] ^ [ 19.051454] ffff000002427b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.052146] ffff000002427b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.052832] ==================================================================