Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 17.289146] ================================================================== [ 17.289269] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.289381] Write of size 1 at addr fff00000c62d4578 by task kunit_try_catch/144 [ 17.289507] [ 17.289651] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 17.289817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.289877] Hardware name: linux,dummy-virt (DT) [ 17.289948] Call trace: [ 17.289998] show_stack+0x20/0x38 (C) [ 17.290101] dump_stack_lvl+0x8c/0xd0 [ 17.290192] print_report+0x118/0x608 [ 17.290281] kasan_report+0xdc/0x128 [ 17.290984] __asan_report_store1_noabort+0x20/0x30 [ 17.291323] kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.291467] kunit_try_run_case+0x170/0x3f0 [ 17.291714] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.291869] kthread+0x328/0x630 [ 17.291947] ret_from_fork+0x10/0x20 [ 17.292037] [ 17.292074] Allocated by task 144: [ 17.292554] kasan_save_stack+0x3c/0x68 [ 17.292749] kasan_save_track+0x20/0x40 [ 17.292968] kasan_save_alloc_info+0x40/0x58 [ 17.293171] __kasan_kmalloc+0xd4/0xd8 [ 17.293300] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 17.293588] kmalloc_track_caller_oob_right+0xa8/0x488 [ 17.293686] kunit_try_run_case+0x170/0x3f0 [ 17.293777] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.293881] kthread+0x328/0x630 [ 17.293965] ret_from_fork+0x10/0x20 [ 17.294125] [ 17.294192] The buggy address belongs to the object at fff00000c62d4500 [ 17.294192] which belongs to the cache kmalloc-128 of size 128 [ 17.294433] The buggy address is located 0 bytes to the right of [ 17.294433] allocated 120-byte region [fff00000c62d4500, fff00000c62d4578) [ 17.294584] [ 17.294626] The buggy address belongs to the physical page: [ 17.294691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d4 [ 17.294808] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.294924] page_type: f5(slab) [ 17.294998] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.295370] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.295463] page dumped because: kasan: bad access detected [ 17.295521] [ 17.295563] Memory state around the buggy address: [ 17.295643] fff00000c62d4400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.295731] fff00000c62d4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.296076] >fff00000c62d4500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.296199] ^ [ 17.296326] fff00000c62d4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.296437] fff00000c62d4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.296523] ==================================================================
[ 16.842144] ================================================================== [ 16.842810] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.843455] Write of size 1 at addr ffff888103199778 by task kunit_try_catch/162 [ 16.844952] [ 16.845478] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 16.845885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.845921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.845953] Call Trace: [ 16.845969] <TASK> [ 16.845990] dump_stack_lvl+0x73/0xb0 [ 16.846025] print_report+0xd1/0x650 [ 16.846055] ? __virt_addr_valid+0x1db/0x2d0 [ 16.846083] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.846117] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.846148] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.846183] kasan_report+0x141/0x180 [ 16.846214] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.846255] __asan_report_store1_noabort+0x1b/0x30 [ 16.846284] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 16.846321] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.846360] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.846401] kunit_try_run_case+0x1a5/0x480 [ 16.846435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.846523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.846606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.846657] ? __kthread_parkme+0x82/0x180 [ 16.846688] ? preempt_count_sub+0x50/0x80 [ 16.846722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.846753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.846783] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.846814] kthread+0x337/0x6f0 [ 16.846842] ? trace_preempt_on+0x20/0xc0 [ 16.846876] ? __pfx_kthread+0x10/0x10 [ 16.846906] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.846935] ? calculate_sigpending+0x7b/0xa0 [ 16.846964] ? __pfx_kthread+0x10/0x10 [ 16.846994] ret_from_fork+0x41/0x80 [ 16.847022] ? __pfx_kthread+0x10/0x10 [ 16.847052] ret_from_fork_asm+0x1a/0x30 [ 16.847093] </TASK> [ 16.847105] [ 16.868199] Allocated by task 162: [ 16.869313] kasan_save_stack+0x45/0x70 [ 16.869717] kasan_save_track+0x18/0x40 [ 16.870132] kasan_save_alloc_info+0x3b/0x50 [ 16.871091] __kasan_kmalloc+0xb7/0xc0 [ 16.871418] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 16.872183] kmalloc_track_caller_oob_right+0x19a/0x520 [ 16.872970] kunit_try_run_case+0x1a5/0x480 [ 16.873540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.874064] kthread+0x337/0x6f0 [ 16.875025] ret_from_fork+0x41/0x80 [ 16.875192] ret_from_fork_asm+0x1a/0x30 [ 16.875353] [ 16.875448] The buggy address belongs to the object at ffff888103199700 [ 16.875448] which belongs to the cache kmalloc-128 of size 128 [ 16.876867] The buggy address is located 0 bytes to the right of [ 16.876867] allocated 120-byte region [ffff888103199700, ffff888103199778) [ 16.878082] [ 16.878318] The buggy address belongs to the physical page: [ 16.879242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103199 [ 16.880654] flags: 0x200000000000000(node=0|zone=2) [ 16.881214] page_type: f5(slab) [ 16.882144] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.882870] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.883864] page dumped because: kasan: bad access detected [ 16.884270] [ 16.884429] Memory state around the buggy address: [ 16.885493] ffff888103199600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.886623] ffff888103199680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.887322] >ffff888103199700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.888436] ^ [ 16.889059] ffff888103199780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.889575] ffff888103199800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.890693] ================================================================== [ 16.794996] ================================================================== [ 16.796225] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.797176] Write of size 1 at addr ffff888103199678 by task kunit_try_catch/162 [ 16.798216] [ 16.798436] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 16.798780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.798984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.799016] Call Trace: [ 16.799035] <TASK> [ 16.799059] dump_stack_lvl+0x73/0xb0 [ 16.799099] print_report+0xd1/0x650 [ 16.799132] ? __virt_addr_valid+0x1db/0x2d0 [ 16.799162] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.799198] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.799230] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.799267] kasan_report+0x141/0x180 [ 16.799299] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.799342] __asan_report_store1_noabort+0x1b/0x30 [ 16.799371] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 16.799408] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.799545] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.799621] kunit_try_run_case+0x1a5/0x480 [ 16.799660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.799690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.799723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.799755] ? __kthread_parkme+0x82/0x180 [ 16.799785] ? preempt_count_sub+0x50/0x80 [ 16.799819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.799850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.799880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.799909] kthread+0x337/0x6f0 [ 16.799937] ? trace_preempt_on+0x20/0xc0 [ 16.799970] ? __pfx_kthread+0x10/0x10 [ 16.800000] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.800029] ? calculate_sigpending+0x7b/0xa0 [ 16.800057] ? __pfx_kthread+0x10/0x10 [ 16.800087] ret_from_fork+0x41/0x80 [ 16.800118] ? __pfx_kthread+0x10/0x10 [ 16.800148] ret_from_fork_asm+0x1a/0x30 [ 16.800191] </TASK> [ 16.800205] [ 16.818827] Allocated by task 162: [ 16.819370] kasan_save_stack+0x45/0x70 [ 16.820048] kasan_save_track+0x18/0x40 [ 16.820653] kasan_save_alloc_info+0x3b/0x50 [ 16.821225] __kasan_kmalloc+0xb7/0xc0 [ 16.821960] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 16.822730] kmalloc_track_caller_oob_right+0x99/0x520 [ 16.823297] kunit_try_run_case+0x1a5/0x480 [ 16.823872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.824333] kthread+0x337/0x6f0 [ 16.825426] ret_from_fork+0x41/0x80 [ 16.825861] ret_from_fork_asm+0x1a/0x30 [ 16.826209] [ 16.826440] The buggy address belongs to the object at ffff888103199600 [ 16.826440] which belongs to the cache kmalloc-128 of size 128 [ 16.827283] The buggy address is located 0 bytes to the right of [ 16.827283] allocated 120-byte region [ffff888103199600, ffff888103199678) [ 16.829008] [ 16.829319] The buggy address belongs to the physical page: [ 16.830046] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103199 [ 16.830998] flags: 0x200000000000000(node=0|zone=2) [ 16.831634] page_type: f5(slab) [ 16.832099] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.832901] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.833709] page dumped because: kasan: bad access detected [ 16.834313] [ 16.834551] Memory state around the buggy address: [ 16.835224] ffff888103199500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.836021] ffff888103199580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.836841] >ffff888103199600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.837563] ^ [ 16.838218] ffff888103199680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838901] ffff888103199700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.839685] ==================================================================
[ 19.088529] ================================================================== [ 19.089613] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 19.090387] Write of size 1 at addr ffff00000e73a078 by task kunit_try_catch/200 [ 19.091073] [ 19.091238] CPU: 2 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 19.091287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.091301] Hardware name: Radxa ROCK Pi 4B (DT) [ 19.091318] Call trace: [ 19.091329] show_stack+0x20/0x38 (C) [ 19.091362] dump_stack_lvl+0x8c/0xd0 [ 19.091393] print_report+0x118/0x608 [ 19.091422] kasan_report+0xdc/0x128 [ 19.091450] __asan_report_store1_noabort+0x20/0x30 [ 19.091484] kmalloc_track_caller_oob_right+0x40c/0x488 [ 19.091523] kunit_try_run_case+0x170/0x3f0 [ 19.091558] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.091597] kthread+0x328/0x630 [ 19.091631] ret_from_fork+0x10/0x20 [ 19.091664] [ 19.097345] Allocated by task 200: [ 19.097671] kasan_save_stack+0x3c/0x68 [ 19.098045] kasan_save_track+0x20/0x40 [ 19.098416] kasan_save_alloc_info+0x40/0x58 [ 19.098830] __kasan_kmalloc+0xd4/0xd8 [ 19.099192] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 19.099720] kmalloc_track_caller_oob_right+0xa8/0x488 [ 19.100214] kunit_try_run_case+0x170/0x3f0 [ 19.100621] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.101145] kthread+0x328/0x630 [ 19.101467] ret_from_fork+0x10/0x20 [ 19.101817] [ 19.101971] The buggy address belongs to the object at ffff00000e73a000 [ 19.101971] which belongs to the cache kmalloc-128 of size 128 [ 19.103103] The buggy address is located 0 bytes to the right of [ 19.103103] allocated 120-byte region [ffff00000e73a000, ffff00000e73a078) [ 19.104276] [ 19.104430] The buggy address belongs to the physical page: [ 19.104946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe73a [ 19.105670] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff) [ 19.106281] page_type: f5(slab) [ 19.106595] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000 [ 19.107310] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.108016] page dumped because: kasan: bad access detected [ 19.108530] [ 19.108682] Memory state around the buggy address: [ 19.109131] ffff00000e739f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.109796] ffff00000e739f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.110462] >ffff00000e73a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.111121] ^ [ 19.111776] ffff00000e73a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.112440] ffff00000e73a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.113102] ==================================================================