Date
April 22, 2025, 11:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| rk3399-rock-pi-4b |
[ 18.373713] ================================================================== [ 18.373892] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 18.374030] Read of size 1 at addr fff00000c427d0c8 by task kunit_try_catch/209 [ 18.374150] [ 18.374240] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 18.375631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.375737] Hardware name: linux,dummy-virt (DT) [ 18.375817] Call trace: [ 18.375873] show_stack+0x20/0x38 (C) [ 18.375980] dump_stack_lvl+0x8c/0xd0 [ 18.376059] print_report+0x118/0x608 [ 18.376141] kasan_report+0xdc/0x128 [ 18.376700] __asan_report_load1_noabort+0x20/0x30 [ 18.376860] kmem_cache_oob+0x344/0x430 [ 18.376968] kunit_try_run_case+0x170/0x3f0 [ 18.377115] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.377272] kthread+0x328/0x630 [ 18.377378] ret_from_fork+0x10/0x20 [ 18.377491] [ 18.377541] Allocated by task 209: [ 18.377620] kasan_save_stack+0x3c/0x68 [ 18.377741] kasan_save_track+0x20/0x40 [ 18.377819] kasan_save_alloc_info+0x40/0x58 [ 18.377921] __kasan_slab_alloc+0xa8/0xb0 [ 18.378008] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 18.378125] kmem_cache_oob+0x12c/0x430 [ 18.378243] kunit_try_run_case+0x170/0x3f0 [ 18.378328] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.378423] kthread+0x328/0x630 [ 18.378504] ret_from_fork+0x10/0x20 [ 18.378587] [ 18.378626] The buggy address belongs to the object at fff00000c427d000 [ 18.378626] which belongs to the cache test_cache of size 200 [ 18.378750] The buggy address is located 0 bytes to the right of [ 18.378750] allocated 200-byte region [fff00000c427d000, fff00000c427d0c8) [ 18.378890] [ 18.378942] The buggy address belongs to the physical page: [ 18.379013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10427d [ 18.379143] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.379264] page_type: f5(slab) [ 18.379357] raw: 0bfffe0000000000 fff00000c12883c0 dead000000000122 0000000000000000 [ 18.379458] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.379618] page dumped because: kasan: bad access detected [ 18.379690] [ 18.379729] Memory state around the buggy address: [ 18.379814] fff00000c427cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.379945] fff00000c427d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.380058] >fff00000c427d080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 18.380135] ^ [ 18.380209] fff00000c427d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.380293] fff00000c427d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.380393] ==================================================================
[ 19.233844] ================================================================== [ 19.234533] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 19.235842] Read of size 1 at addr ffff8881031b20c8 by task kunit_try_catch/227 [ 19.236321] [ 19.236627] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT(voluntary) [ 19.236755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.236781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.236813] Call Trace: [ 19.236831] <TASK> [ 19.236855] dump_stack_lvl+0x73/0xb0 [ 19.236910] print_report+0xd1/0x650 [ 19.236975] ? __virt_addr_valid+0x1db/0x2d0 [ 19.237007] ? kmem_cache_oob+0x402/0x530 [ 19.237033] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.237065] ? kmem_cache_oob+0x402/0x530 [ 19.237092] kasan_report+0x141/0x180 [ 19.237124] ? kmem_cache_oob+0x402/0x530 [ 19.237157] __asan_report_load1_noabort+0x18/0x20 [ 19.237187] kmem_cache_oob+0x402/0x530 [ 19.237213] ? trace_hardirqs_on+0x37/0xe0 [ 19.237248] ? __pfx_kmem_cache_oob+0x10/0x10 [ 19.237274] ? finish_task_switch.isra.0+0x153/0x700 [ 19.237310] ? __switch_to+0x5d9/0xf60 [ 19.237343] ? dequeue_task_fair+0x156/0x4e0 [ 19.237383] ? __pfx_read_tsc+0x10/0x10 [ 19.237411] ? ktime_get_ts64+0x86/0x230 [ 19.237555] kunit_try_run_case+0x1a5/0x480 [ 19.237657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.237725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.237797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.237871] ? __kthread_parkme+0x82/0x180 [ 19.237939] ? preempt_count_sub+0x50/0x80 [ 19.238016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.238090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.238164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.238216] kthread+0x337/0x6f0 [ 19.238249] ? trace_preempt_on+0x20/0xc0 [ 19.238281] ? __pfx_kthread+0x10/0x10 [ 19.238312] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.238344] ? calculate_sigpending+0x7b/0xa0 [ 19.238374] ? __pfx_kthread+0x10/0x10 [ 19.238404] ret_from_fork+0x41/0x80 [ 19.238451] ? __pfx_kthread+0x10/0x10 [ 19.238520] ret_from_fork_asm+0x1a/0x30 [ 19.238569] </TASK> [ 19.238584] [ 19.257389] Allocated by task 227: [ 19.258152] kasan_save_stack+0x45/0x70 [ 19.258594] kasan_save_track+0x18/0x40 [ 19.259020] kasan_save_alloc_info+0x3b/0x50 [ 19.259426] __kasan_slab_alloc+0x91/0xa0 [ 19.260176] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.260648] kmem_cache_oob+0x157/0x530 [ 19.261312] kunit_try_run_case+0x1a5/0x480 [ 19.261767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.262224] kthread+0x337/0x6f0 [ 19.262597] ret_from_fork+0x41/0x80 [ 19.263403] ret_from_fork_asm+0x1a/0x30 [ 19.263957] [ 19.264131] The buggy address belongs to the object at ffff8881031b2000 [ 19.264131] which belongs to the cache test_cache of size 200 [ 19.265374] The buggy address is located 0 bytes to the right of [ 19.265374] allocated 200-byte region [ffff8881031b2000, ffff8881031b20c8) [ 19.266890] [ 19.267001] The buggy address belongs to the physical page: [ 19.267193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031b2 [ 19.267528] flags: 0x200000000000000(node=0|zone=2) [ 19.268378] page_type: f5(slab) [ 19.269021] raw: 0200000000000000 ffff888101692780 dead000000000122 0000000000000000 [ 19.269916] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.270823] page dumped because: kasan: bad access detected [ 19.271290] [ 19.271721] Memory state around the buggy address: [ 19.271927] ffff8881031b1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.272165] ffff8881031b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.272396] >ffff8881031b2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 19.273052] ^ [ 19.274264] ffff8881031b2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.275224] ffff8881031b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.275852] ==================================================================
[ 20.389844] ================================================================== [ 20.390898] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 20.391559] Read of size 1 at addr ffff000010ae40c8 by task kunit_try_catch/265 [ 20.392247] [ 20.392420] CPU: 1 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc3 #1 PREEMPT [ 20.392481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.392499] Hardware name: Radxa ROCK Pi 4B (DT) [ 20.392520] Call trace: [ 20.392535] show_stack+0x20/0x38 (C) [ 20.392575] dump_stack_lvl+0x8c/0xd0 [ 20.392614] print_report+0x118/0x608 [ 20.392650] kasan_report+0xdc/0x128 [ 20.392685] __asan_report_load1_noabort+0x20/0x30 [ 20.392726] kmem_cache_oob+0x344/0x430 [ 20.392768] kunit_try_run_case+0x170/0x3f0 [ 20.392810] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.392858] kthread+0x328/0x630 [ 20.392901] ret_from_fork+0x10/0x20 [ 20.392941] [ 20.398529] Allocated by task 265: [ 20.398866] kasan_save_stack+0x3c/0x68 [ 20.399249] kasan_save_track+0x20/0x40 [ 20.399631] kasan_save_alloc_info+0x40/0x58 [ 20.400054] __kasan_slab_alloc+0xa8/0xb0 [ 20.400451] kmem_cache_alloc_noprof+0x10c/0x3a0 [ 20.400904] kmem_cache_oob+0x12c/0x430 [ 20.401292] kunit_try_run_case+0x170/0x3f0 [ 20.401712] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.402250] kthread+0x328/0x630 [ 20.402586] ret_from_fork+0x10/0x20 [ 20.402947] [ 20.403107] The buggy address belongs to the object at ffff000010ae4000 [ 20.403107] which belongs to the cache test_cache of size 200 [ 20.404245] The buggy address is located 0 bytes to the right of [ 20.404245] allocated 200-byte region [ffff000010ae4000, ffff000010ae40c8) [ 20.405432] [ 20.405593] The buggy address belongs to the physical page: [ 20.406117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ae4 [ 20.406859] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.407574] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff) [ 20.408237] page_type: f5(slab) [ 20.408560] raw: 03fffe0000000040 ffff000010ae2000 dead000000000122 0000000000000000 [ 20.409288] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 20.410016] head: 03fffe0000000040 ffff000010ae2000 dead000000000122 0000000000000000 [ 20.410749] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 20.411484] head: 03fffe0000000001 fffffdffc042b901 00000000ffffffff 00000000ffffffff [ 20.412218] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 20.412942] page dumped because: kasan: bad access detected [ 20.413464] [ 20.413623] Memory state around the buggy address: [ 20.414080] ffff000010ae3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.414756] ffff000010ae4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.415431] >ffff000010ae4080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 20.416102] ^ [ 20.416629] ffff000010ae4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.417306] ffff000010ae4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.417976] ==================================================================