Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 16.976887] ================================================================== [ 16.976999] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.977051] Read of size 18446744073709551614 at addr fff00000c779bd84 by task kunit_try_catch/181 [ 16.977153] [ 16.977222] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.977301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.977326] Hardware name: linux,dummy-virt (DT) [ 16.977354] Call trace: [ 16.977375] show_stack+0x20/0x38 (C) [ 16.977554] dump_stack_lvl+0x8c/0xd0 [ 16.977639] print_report+0x118/0x608 [ 16.977704] kasan_report+0xdc/0x128 [ 16.977748] kasan_check_range+0x100/0x1a8 [ 16.977802] __asan_memmove+0x3c/0x98 [ 16.977869] kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.977952] kunit_try_run_case+0x170/0x3f0 [ 16.978026] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.978077] kthread+0x328/0x630 [ 16.978116] ret_from_fork+0x10/0x20 [ 16.978161] [ 16.978183] Allocated by task 181: [ 16.978210] kasan_save_stack+0x3c/0x68 [ 16.978287] kasan_save_track+0x20/0x40 [ 16.978323] kasan_save_alloc_info+0x40/0x58 [ 16.978390] __kasan_kmalloc+0xd4/0xd8 [ 16.978426] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.978464] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 16.978502] kunit_try_run_case+0x170/0x3f0 [ 16.978538] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.978856] kthread+0x328/0x630 [ 16.978923] ret_from_fork+0x10/0x20 [ 16.978959] [ 16.979031] The buggy address belongs to the object at fff00000c779bd80 [ 16.979031] which belongs to the cache kmalloc-64 of size 64 [ 16.979207] The buggy address is located 4 bytes inside of [ 16.979207] 64-byte region [fff00000c779bd80, fff00000c779bdc0) [ 16.979313] [ 16.979367] The buggy address belongs to the physical page: [ 16.979442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10779b [ 16.979538] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.979655] page_type: f5(slab) [ 16.979719] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 16.979767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.979834] page dumped because: kasan: bad access detected [ 16.979864] [ 16.980093] Memory state around the buggy address: [ 16.980309] fff00000c779bc80: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 16.980408] fff00000c779bd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.981257] >fff00000c779bd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 16.981331] ^ [ 16.981438] fff00000c779be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.981511] fff00000c779be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.981637] ==================================================================
[ 16.936804] ================================================================== [ 16.936868] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.937261] Read of size 18446744073709551614 at addr fff00000c776cb84 by task kunit_try_catch/181 [ 16.937461] [ 16.937600] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.937747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.937771] Hardware name: linux,dummy-virt (DT) [ 16.937800] Call trace: [ 16.938156] show_stack+0x20/0x38 (C) [ 16.938425] dump_stack_lvl+0x8c/0xd0 [ 16.938535] print_report+0x118/0x608 [ 16.938641] kasan_report+0xdc/0x128 [ 16.938817] kasan_check_range+0x100/0x1a8 [ 16.938864] __asan_memmove+0x3c/0x98 [ 16.938923] kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.938972] kunit_try_run_case+0x170/0x3f0 [ 16.939019] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.939238] kthread+0x328/0x630 [ 16.939307] ret_from_fork+0x10/0x20 [ 16.939362] [ 16.939381] Allocated by task 181: [ 16.939422] kasan_save_stack+0x3c/0x68 [ 16.939471] kasan_save_track+0x20/0x40 [ 16.939508] kasan_save_alloc_info+0x40/0x58 [ 16.939555] __kasan_kmalloc+0xd4/0xd8 [ 16.939591] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.939927] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 16.939972] kunit_try_run_case+0x170/0x3f0 [ 16.940009] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.940052] kthread+0x328/0x630 [ 16.940092] ret_from_fork+0x10/0x20 [ 16.940129] [ 16.940169] The buggy address belongs to the object at fff00000c776cb80 [ 16.940169] which belongs to the cache kmalloc-64 of size 64 [ 16.940273] The buggy address is located 4 bytes inside of [ 16.940273] 64-byte region [fff00000c776cb80, fff00000c776cbc0) [ 16.940332] [ 16.940375] The buggy address belongs to the physical page: [ 16.940413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10776c [ 16.940466] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.940512] page_type: f5(slab) [ 16.940551] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 16.940601] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.940647] page dumped because: kasan: bad access detected [ 16.940680] [ 16.940697] Memory state around the buggy address: [ 16.940731] fff00000c776ca80: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 16.940783] fff00000c776cb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.940825] >fff00000c776cb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 16.940864] ^ [ 16.940891] fff00000c776cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.941642] fff00000c776cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.941721] ==================================================================
[ 13.549281] ================================================================== [ 13.549739] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 13.550355] Read of size 18446744073709551614 at addr ffff888102560004 by task kunit_try_catch/198 [ 13.550674] [ 13.551160] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.551514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.551560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.551595] Call Trace: [ 13.551632] <TASK> [ 13.551660] dump_stack_lvl+0x73/0xb0 [ 13.551717] print_report+0xd1/0x650 [ 13.551753] ? __virt_addr_valid+0x1db/0x2d0 [ 13.551794] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.551838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.551883] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.551946] kasan_report+0x141/0x180 [ 13.551967] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.551993] kasan_check_range+0x10c/0x1c0 [ 13.552013] __asan_memmove+0x27/0x70 [ 13.552030] kmalloc_memmove_negative_size+0x171/0x330 [ 13.552051] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 13.552072] ? __schedule+0x10cc/0x2b60 [ 13.552092] ? __pfx_read_tsc+0x10/0x10 [ 13.552138] ? ktime_get_ts64+0x86/0x230 [ 13.552165] kunit_try_run_case+0x1a5/0x480 [ 13.552188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.552207] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.552228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.552247] ? __kthread_parkme+0x82/0x180 [ 13.552292] ? preempt_count_sub+0x50/0x80 [ 13.552316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.552336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.552356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.552376] kthread+0x337/0x6f0 [ 13.552393] ? trace_preempt_on+0x20/0xc0 [ 13.552415] ? __pfx_kthread+0x10/0x10 [ 13.552433] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.552451] ? calculate_sigpending+0x7b/0xa0 [ 13.552472] ? __pfx_kthread+0x10/0x10 [ 13.552491] ret_from_fork+0x116/0x1d0 [ 13.552600] ? __pfx_kthread+0x10/0x10 [ 13.552639] ret_from_fork_asm+0x1a/0x30 [ 13.552669] </TASK> [ 13.552682] [ 13.564873] Allocated by task 198: [ 13.565254] kasan_save_stack+0x45/0x70 [ 13.565677] kasan_save_track+0x18/0x40 [ 13.566052] kasan_save_alloc_info+0x3b/0x50 [ 13.566455] __kasan_kmalloc+0xb7/0xc0 [ 13.567267] __kmalloc_cache_noprof+0x189/0x420 [ 13.567567] kmalloc_memmove_negative_size+0xac/0x330 [ 13.567956] kunit_try_run_case+0x1a5/0x480 [ 13.568558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.568964] kthread+0x337/0x6f0 [ 13.569456] ret_from_fork+0x116/0x1d0 [ 13.569815] ret_from_fork_asm+0x1a/0x30 [ 13.570177] [ 13.570370] The buggy address belongs to the object at ffff888102560000 [ 13.570370] which belongs to the cache kmalloc-64 of size 64 [ 13.571371] The buggy address is located 4 bytes inside of [ 13.571371] 64-byte region [ffff888102560000, ffff888102560040) [ 13.572376] [ 13.572755] The buggy address belongs to the physical page: [ 13.573191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102560 [ 13.573638] flags: 0x200000000000000(node=0|zone=2) [ 13.574080] page_type: f5(slab) [ 13.574399] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.575074] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.575384] page dumped because: kasan: bad access detected [ 13.575933] [ 13.576131] Memory state around the buggy address: [ 13.576397] ffff88810255ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.577068] ffff88810255ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.577491] >ffff888102560000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 13.578078] ^ [ 13.578401] ffff888102560080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.579155] ffff888102560100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.579715] ==================================================================
[ 13.709384] ================================================================== [ 13.710872] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 13.711436] Read of size 18446744073709551614 at addr ffff8881031b8d04 by task kunit_try_catch/197 [ 13.712148] [ 13.712251] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.712298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.712310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.712331] Call Trace: [ 13.712344] <TASK> [ 13.712360] dump_stack_lvl+0x73/0xb0 [ 13.712390] print_report+0xd1/0x650 [ 13.712412] ? __virt_addr_valid+0x1db/0x2d0 [ 13.712433] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.712457] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.712481] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.712526] kasan_report+0x141/0x180 [ 13.712547] ? kmalloc_memmove_negative_size+0x171/0x330 [ 13.712576] kasan_check_range+0x10c/0x1c0 [ 13.712600] __asan_memmove+0x27/0x70 [ 13.712619] kmalloc_memmove_negative_size+0x171/0x330 [ 13.712642] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 13.712667] ? __schedule+0x10cc/0x2b60 [ 13.712688] ? __pfx_read_tsc+0x10/0x10 [ 13.712844] ? ktime_get_ts64+0x86/0x230 [ 13.712872] kunit_try_run_case+0x1a5/0x480 [ 13.712896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.712918] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.712970] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.712992] ? __kthread_parkme+0x82/0x180 [ 13.713012] ? preempt_count_sub+0x50/0x80 [ 13.713034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.713068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.713090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.713112] kthread+0x337/0x6f0 [ 13.713131] ? trace_preempt_on+0x20/0xc0 [ 13.713154] ? __pfx_kthread+0x10/0x10 [ 13.713174] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.713194] ? calculate_sigpending+0x7b/0xa0 [ 13.713217] ? __pfx_kthread+0x10/0x10 [ 13.713238] ret_from_fork+0x116/0x1d0 [ 13.713255] ? __pfx_kthread+0x10/0x10 [ 13.713275] ret_from_fork_asm+0x1a/0x30 [ 13.713306] </TASK> [ 13.713318] [ 13.728044] Allocated by task 197: [ 13.728423] kasan_save_stack+0x45/0x70 [ 13.728879] kasan_save_track+0x18/0x40 [ 13.729045] kasan_save_alloc_info+0x3b/0x50 [ 13.729219] __kasan_kmalloc+0xb7/0xc0 [ 13.729361] __kmalloc_cache_noprof+0x189/0x420 [ 13.729532] kmalloc_memmove_negative_size+0xac/0x330 [ 13.729931] kunit_try_run_case+0x1a5/0x480 [ 13.730377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.730988] kthread+0x337/0x6f0 [ 13.731422] ret_from_fork+0x116/0x1d0 [ 13.731811] ret_from_fork_asm+0x1a/0x30 [ 13.732330] [ 13.732530] The buggy address belongs to the object at ffff8881031b8d00 [ 13.732530] which belongs to the cache kmalloc-64 of size 64 [ 13.733954] The buggy address is located 4 bytes inside of [ 13.733954] 64-byte region [ffff8881031b8d00, ffff8881031b8d40) [ 13.734365] [ 13.734446] The buggy address belongs to the physical page: [ 13.734634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031b8 [ 13.735463] flags: 0x200000000000000(node=0|zone=2) [ 13.736073] page_type: f5(slab) [ 13.736410] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.737291] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.738270] page dumped because: kasan: bad access detected [ 13.738868] [ 13.738970] Memory state around the buggy address: [ 13.739424] ffff8881031b8c00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 13.739784] ffff8881031b8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.740468] >ffff8881031b8d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 13.741063] ^ [ 13.741294] ffff8881031b8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.741535] ffff8881031b8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.741973] ==================================================================
[ 26.534895] ================================================================== [ 26.546306] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 26.553882] Read of size 18446744073709551614 at addr ffff888101438f04 by task kunit_try_catch/221 [ 26.562843] [ 26.564363] CPU: 2 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 26.564372] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 26.564387] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 26.564390] Call Trace: [ 26.564392] <TASK> [ 26.564394] dump_stack_lvl+0x73/0xb0 [ 26.564399] print_report+0xd1/0x650 [ 26.564403] ? __virt_addr_valid+0x1db/0x2d0 [ 26.564407] ? kmalloc_memmove_negative_size+0x171/0x330 [ 26.564411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.564416] ? kmalloc_memmove_negative_size+0x171/0x330 [ 26.564421] kasan_report+0x141/0x180 [ 26.564425] ? kmalloc_memmove_negative_size+0x171/0x330 [ 26.564430] kasan_check_range+0x10c/0x1c0 [ 26.564434] __asan_memmove+0x27/0x70 [ 26.564438] kmalloc_memmove_negative_size+0x171/0x330 [ 26.564442] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 26.564447] ? __schedule+0x10cc/0x2b60 [ 26.564451] ? ktime_get_ts64+0x83/0x230 [ 26.564455] kunit_try_run_case+0x1a2/0x480 [ 26.564460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.564464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.564468] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.564472] ? __kthread_parkme+0x82/0x180 [ 26.564476] ? preempt_count_sub+0x50/0x80 [ 26.564480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.564484] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 26.564488] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.564492] kthread+0x334/0x6f0 [ 26.564496] ? trace_preempt_on+0x20/0xc0 [ 26.564500] ? __pfx_kthread+0x10/0x10 [ 26.564503] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.564507] ? calculate_sigpending+0x7b/0xa0 [ 26.564511] ? __pfx_kthread+0x10/0x10 [ 26.564515] ret_from_fork+0x113/0x1d0 [ 26.564518] ? __pfx_kthread+0x10/0x10 [ 26.564522] ret_from_fork_asm+0x1a/0x30 [ 26.564528] </TASK> [ 26.564529] [ 26.737544] Allocated by task 221: [ 26.740952] kasan_save_stack+0x45/0x70 [ 26.744799] kasan_save_track+0x18/0x40 [ 26.748637] kasan_save_alloc_info+0x3b/0x50 [ 26.752910] __kasan_kmalloc+0xb7/0xc0 [ 26.756662] __kmalloc_cache_noprof+0x189/0x420 [ 26.761195] kmalloc_memmove_negative_size+0xac/0x330 [ 26.766250] kunit_try_run_case+0x1a2/0x480 [ 26.770443] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 26.775844] kthread+0x334/0x6f0 [ 26.779074] ret_from_fork+0x113/0x1d0 [ 26.782827] ret_from_fork_asm+0x1a/0x30 [ 26.786752] [ 26.788253] The buggy address belongs to the object at ffff888101438f00 [ 26.788253] which belongs to the cache kmalloc-64 of size 64 [ 26.800594] The buggy address is located 4 bytes inside of [ 26.800594] 64-byte region [ffff888101438f00, ffff888101438f40) [ 26.812070] [ 26.813569] The buggy address belongs to the physical page: [ 26.819140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101438 [ 26.827139] flags: 0x200000000000000(node=0|zone=2) [ 26.832020] page_type: f5(slab) [ 26.835166] raw: 0200000000000000 ffff8881000428c0 dead000000000122 0000000000000000 [ 26.842907] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.850654] page dumped because: kasan: bad access detected [ 26.856226] [ 26.857725] Memory state around the buggy address: [ 26.862518] ffff888101438e00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 26.869737] ffff888101438e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.876956] >ffff888101438f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 26.884175] ^ [ 26.887414] ffff888101438f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.894638] ffff888101439000: fa fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb [ 26.901863] ==================================================================