Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 17.765894] ================================================================== [ 17.766062] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 17.766208] Write of size 8 at addr fff00000c62d4a71 by task kunit_try_catch/178 [ 17.766335] [ 17.766428] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.766656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.766711] Hardware name: linux,dummy-virt (DT) [ 17.766771] Call trace: [ 17.766816] show_stack+0x20/0x38 (C) [ 17.766921] dump_stack_lvl+0x8c/0xd0 [ 17.767020] print_report+0x118/0x608 [ 17.767118] kasan_report+0xdc/0x128 [ 17.767247] kasan_check_range+0x100/0x1a8 [ 17.767391] __asan_memset+0x34/0x78 [ 17.767480] kmalloc_oob_memset_8+0x150/0x2f8 [ 17.767673] kunit_try_run_case+0x170/0x3f0 [ 17.767773] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.767910] kthread+0x328/0x630 [ 17.768050] ret_from_fork+0x10/0x20 [ 17.768141] [ 17.768182] Allocated by task 178: [ 17.768313] kasan_save_stack+0x3c/0x68 [ 17.768391] kasan_save_track+0x20/0x40 [ 17.768457] kasan_save_alloc_info+0x40/0x58 [ 17.768527] __kasan_kmalloc+0xd4/0xd8 [ 17.768608] __kmalloc_cache_noprof+0x15c/0x3c0 [ 17.768694] kmalloc_oob_memset_8+0xb0/0x2f8 [ 17.768997] kunit_try_run_case+0x170/0x3f0 [ 17.769090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.769176] kthread+0x328/0x630 [ 17.769243] ret_from_fork+0x10/0x20 [ 17.769316] [ 17.769679] The buggy address belongs to the object at fff00000c62d4a00 [ 17.769679] which belongs to the cache kmalloc-128 of size 128 [ 17.769882] The buggy address is located 113 bytes inside of [ 17.769882] allocated 120-byte region [fff00000c62d4a00, fff00000c62d4a78) [ 17.770034] [ 17.770098] The buggy address belongs to the physical page: [ 17.770196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d4 [ 17.770347] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.770446] page_type: f5(slab) [ 17.770559] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.770708] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.770828] page dumped because: kasan: bad access detected [ 17.770908] [ 17.770946] Memory state around the buggy address: [ 17.771013] fff00000c62d4900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.771107] fff00000c62d4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.771200] >fff00000c62d4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.771319] ^ [ 17.771398] fff00000c62d4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.771486] fff00000c62d4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.771673] ==================================================================
[ 18.221966] ================================================================== [ 18.222851] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 18.224677] Write of size 8 at addr ffff888102968d71 by task kunit_try_catch/196 [ 18.225569] [ 18.226061] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 18.226233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.226280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.226338] Call Trace: [ 18.226382] <TASK> [ 18.226408] dump_stack_lvl+0x73/0xb0 [ 18.226553] print_report+0xd1/0x650 [ 18.226635] ? __virt_addr_valid+0x1db/0x2d0 [ 18.226683] ? kmalloc_oob_memset_8+0x166/0x330 [ 18.226716] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.226747] ? kmalloc_oob_memset_8+0x166/0x330 [ 18.226777] kasan_report+0x141/0x180 [ 18.226809] ? kmalloc_oob_memset_8+0x166/0x330 [ 18.226846] kasan_check_range+0x10c/0x1c0 [ 18.226879] __asan_memset+0x27/0x50 [ 18.226905] kmalloc_oob_memset_8+0x166/0x330 [ 18.226936] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 18.226967] ? __schedule+0x10cc/0x2b30 [ 18.227001] ? __pfx_read_tsc+0x10/0x10 [ 18.227029] ? ktime_get_ts64+0x86/0x230 [ 18.227064] kunit_try_run_case+0x1a5/0x480 [ 18.227097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.227126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.227158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.227190] ? __kthread_parkme+0x82/0x180 [ 18.227219] ? preempt_count_sub+0x50/0x80 [ 18.227252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.227283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.227312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.227342] kthread+0x337/0x6f0 [ 18.227370] ? trace_preempt_on+0x20/0xc0 [ 18.227402] ? __pfx_kthread+0x10/0x10 [ 18.227457] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.227582] ? calculate_sigpending+0x7b/0xa0 [ 18.227624] ? __pfx_kthread+0x10/0x10 [ 18.227655] ret_from_fork+0x41/0x80 [ 18.227684] ? __pfx_kthread+0x10/0x10 [ 18.227714] ret_from_fork_asm+0x1a/0x30 [ 18.227757] </TASK> [ 18.227771] [ 18.246026] Allocated by task 196: [ 18.246806] kasan_save_stack+0x45/0x70 [ 18.247210] kasan_save_track+0x18/0x40 [ 18.247852] kasan_save_alloc_info+0x3b/0x50 [ 18.248404] __kasan_kmalloc+0xb7/0xc0 [ 18.248899] __kmalloc_cache_noprof+0x189/0x420 [ 18.249350] kmalloc_oob_memset_8+0xac/0x330 [ 18.249921] kunit_try_run_case+0x1a5/0x480 [ 18.250583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.251141] kthread+0x337/0x6f0 [ 18.251850] ret_from_fork+0x41/0x80 [ 18.252325] ret_from_fork_asm+0x1a/0x30 [ 18.253137] [ 18.253320] The buggy address belongs to the object at ffff888102968d00 [ 18.253320] which belongs to the cache kmalloc-128 of size 128 [ 18.255198] The buggy address is located 113 bytes inside of [ 18.255198] allocated 120-byte region [ffff888102968d00, ffff888102968d78) [ 18.256163] [ 18.256686] The buggy address belongs to the physical page: [ 18.257189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102968 [ 18.257917] flags: 0x200000000000000(node=0|zone=2) [ 18.258695] page_type: f5(slab) [ 18.259137] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.259925] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.260510] page dumped because: kasan: bad access detected [ 18.260990] [ 18.261217] Memory state around the buggy address: [ 18.261938] ffff888102968c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.262456] ffff888102968c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.263157] >ffff888102968d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.263752] ^ [ 18.265021] ffff888102968d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.265847] ffff888102968e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.266355] ==================================================================
[ 19.838417] ================================================================== [ 19.839501] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 19.840192] Write of size 8 at addr ffff00000c98e871 by task kunit_try_catch/234 [ 19.840876] [ 19.841041] CPU: 1 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.841091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.841105] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.841123] Call trace: [ 19.841135] show_stack+0x20/0x38 (C) [ 19.841168] dump_stack_lvl+0x8c/0xd0 [ 19.841201] print_report+0x118/0x608 [ 19.841230] kasan_report+0xdc/0x128 [ 19.841259] kasan_check_range+0x100/0x1a8 [ 19.841289] __asan_memset+0x34/0x78 [ 19.841319] kmalloc_oob_memset_8+0x150/0x2f8 [ 19.841354] kunit_try_run_case+0x170/0x3f0 [ 19.841390] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.841429] kthread+0x328/0x630 [ 19.841463] ret_from_fork+0x10/0x20 [ 19.841497] [ 19.847354] Allocated by task 234: [ 19.847681] kasan_save_stack+0x3c/0x68 [ 19.848055] kasan_save_track+0x20/0x40 [ 19.848426] kasan_save_alloc_info+0x40/0x58 [ 19.848839] __kasan_kmalloc+0xd4/0xd8 [ 19.849202] __kmalloc_cache_noprof+0x15c/0x3c0 [ 19.849643] kmalloc_oob_memset_8+0xb0/0x2f8 [ 19.850060] kunit_try_run_case+0x170/0x3f0 [ 19.850467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.850992] kthread+0x328/0x630 [ 19.851315] ret_from_fork+0x10/0x20 [ 19.851665] [ 19.851817] The buggy address belongs to the object at ffff00000c98e800 [ 19.851817] which belongs to the cache kmalloc-128 of size 128 [ 19.852952] The buggy address is located 113 bytes inside of [ 19.852952] allocated 120-byte region [ffff00000c98e800, ffff00000c98e878) [ 19.854096] [ 19.854250] The buggy address belongs to the physical page: [ 19.854766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc98e [ 19.855493] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.856104] page_type: f5(slab) [ 19.856417] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 19.857133] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.857841] page dumped because: kasan: bad access detected [ 19.858357] [ 19.858509] Memory state around the buggy address: [ 19.858958] ffff00000c98e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.859625] ffff00000c98e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.860292] >ffff00000c98e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.860954] ^ [ 19.861612] ffff00000c98e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.862277] ffff00000c98e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.862940] ==================================================================