Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 16.986016] ================================================================== [ 16.986072] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 16.986160] Read of size 64 at addr fff00000c779bf84 by task kunit_try_catch/183 [ 16.986497] [ 16.986544] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.986663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.986691] Hardware name: linux,dummy-virt (DT) [ 16.986721] Call trace: [ 16.986742] show_stack+0x20/0x38 (C) [ 16.986793] dump_stack_lvl+0x8c/0xd0 [ 16.987092] print_report+0x118/0x608 [ 16.987171] kasan_report+0xdc/0x128 [ 16.987217] kasan_check_range+0x100/0x1a8 [ 16.987262] __asan_memmove+0x3c/0x98 [ 16.987304] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 16.987499] kunit_try_run_case+0x170/0x3f0 [ 16.987658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.987811] kthread+0x328/0x630 [ 16.987931] ret_from_fork+0x10/0x20 [ 16.988038] [ 16.988095] Allocated by task 183: [ 16.988143] kasan_save_stack+0x3c/0x68 [ 16.988185] kasan_save_track+0x20/0x40 [ 16.988222] kasan_save_alloc_info+0x40/0x58 [ 16.988277] __kasan_kmalloc+0xd4/0xd8 [ 16.988312] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.988360] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 16.988401] kunit_try_run_case+0x170/0x3f0 [ 16.988451] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.988503] kthread+0x328/0x630 [ 16.988542] ret_from_fork+0x10/0x20 [ 16.988586] [ 16.988605] The buggy address belongs to the object at fff00000c779bf80 [ 16.988605] which belongs to the cache kmalloc-64 of size 64 [ 16.988662] The buggy address is located 4 bytes inside of [ 16.988662] allocated 64-byte region [fff00000c779bf80, fff00000c779bfc0) [ 16.988722] [ 16.988741] The buggy address belongs to the physical page: [ 16.988771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10779b [ 16.988822] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.988882] page_type: f5(slab) [ 16.988938] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 16.989018] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.989072] page dumped because: kasan: bad access detected [ 16.989113] [ 16.989130] Memory state around the buggy address: [ 16.989183] fff00000c779be80: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.989232] fff00000c779bf00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.989282] >fff00000c779bf80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 16.989318] ^ [ 16.989360] fff00000c779c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.989403] fff00000c779c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.989441] ==================================================================
[ 16.951946] ================================================================== [ 16.952007] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 16.952061] Read of size 64 at addr fff00000c776cd84 by task kunit_try_catch/183 [ 16.952362] [ 16.952504] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.952670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.952699] Hardware name: linux,dummy-virt (DT) [ 16.952767] Call trace: [ 16.952792] show_stack+0x20/0x38 (C) [ 16.952976] dump_stack_lvl+0x8c/0xd0 [ 16.953028] print_report+0x118/0x608 [ 16.953086] kasan_report+0xdc/0x128 [ 16.953201] kasan_check_range+0x100/0x1a8 [ 16.953268] __asan_memmove+0x3c/0x98 [ 16.953311] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 16.953599] kunit_try_run_case+0x170/0x3f0 [ 16.953660] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.953713] kthread+0x328/0x630 [ 16.953760] ret_from_fork+0x10/0x20 [ 16.953940] [ 16.953968] Allocated by task 183: [ 16.954017] kasan_save_stack+0x3c/0x68 [ 16.954226] kasan_save_track+0x20/0x40 [ 16.954424] kasan_save_alloc_info+0x40/0x58 [ 16.954931] __kasan_kmalloc+0xd4/0xd8 [ 16.954993] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.955035] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 16.955076] kunit_try_run_case+0x170/0x3f0 [ 16.955973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.956030] kthread+0x328/0x630 [ 16.956188] ret_from_fork+0x10/0x20 [ 16.956231] [ 16.956263] The buggy address belongs to the object at fff00000c776cd80 [ 16.956263] which belongs to the cache kmalloc-64 of size 64 [ 16.957146] The buggy address is located 4 bytes inside of [ 16.957146] allocated 64-byte region [fff00000c776cd80, fff00000c776cdc0) [ 16.957235] [ 16.957503] The buggy address belongs to the physical page: [ 16.959988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10776c [ 16.960080] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.960131] page_type: f5(slab) [ 16.960172] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 16.960222] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.960264] page dumped because: kasan: bad access detected [ 16.964755] [ 16.964841] Memory state around the buggy address: [ 16.964952] fff00000c776cc80: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 16.964999] fff00000c776cd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.965041] >fff00000c776cd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 16.965083] ^ [ 16.965116] fff00000c776ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.965158] fff00000c776ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.965196] ==================================================================
[ 13.585715] ================================================================== [ 13.588358] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.588872] Read of size 64 at addr ffff888102aad004 by task kunit_try_catch/200 [ 13.590661] [ 13.591370] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.591464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.591485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.592006] Call Trace: [ 13.592052] <TASK> [ 13.592081] dump_stack_lvl+0x73/0xb0 [ 13.592139] print_report+0xd1/0x650 [ 13.592178] ? __virt_addr_valid+0x1db/0x2d0 [ 13.592211] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.592234] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.592257] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.592311] kasan_report+0x141/0x180 [ 13.592332] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.592358] kasan_check_range+0x10c/0x1c0 [ 13.592379] __asan_memmove+0x27/0x70 [ 13.592396] kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.592418] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 13.592440] ? __schedule+0x10cc/0x2b60 [ 13.592460] ? __pfx_read_tsc+0x10/0x10 [ 13.592479] ? ktime_get_ts64+0x86/0x230 [ 13.592506] kunit_try_run_case+0x1a5/0x480 [ 13.592539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.592568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.592600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.592674] ? __kthread_parkme+0x82/0x180 [ 13.592694] ? preempt_count_sub+0x50/0x80 [ 13.592716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.592737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.592758] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.592778] kthread+0x337/0x6f0 [ 13.592796] ? trace_preempt_on+0x20/0xc0 [ 13.592818] ? __pfx_kthread+0x10/0x10 [ 13.592836] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.592855] ? calculate_sigpending+0x7b/0xa0 [ 13.592878] ? __pfx_kthread+0x10/0x10 [ 13.592897] ret_from_fork+0x116/0x1d0 [ 13.592913] ? __pfx_kthread+0x10/0x10 [ 13.592931] ret_from_fork_asm+0x1a/0x30 [ 13.592959] </TASK> [ 13.592972] [ 13.604487] Allocated by task 200: [ 13.605101] kasan_save_stack+0x45/0x70 [ 13.605250] kasan_save_track+0x18/0x40 [ 13.605447] kasan_save_alloc_info+0x3b/0x50 [ 13.605802] __kasan_kmalloc+0xb7/0xc0 [ 13.606066] __kmalloc_cache_noprof+0x189/0x420 [ 13.606280] kmalloc_memmove_invalid_size+0xac/0x330 [ 13.606544] kunit_try_run_case+0x1a5/0x480 [ 13.606945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.607255] kthread+0x337/0x6f0 [ 13.607605] ret_from_fork+0x116/0x1d0 [ 13.607917] ret_from_fork_asm+0x1a/0x30 [ 13.608086] [ 13.608278] The buggy address belongs to the object at ffff888102aad000 [ 13.608278] which belongs to the cache kmalloc-64 of size 64 [ 13.608911] The buggy address is located 4 bytes inside of [ 13.608911] allocated 64-byte region [ffff888102aad000, ffff888102aad040) [ 13.609681] [ 13.609798] The buggy address belongs to the physical page: [ 13.610206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aad [ 13.610487] flags: 0x200000000000000(node=0|zone=2) [ 13.611314] page_type: f5(slab) [ 13.611756] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.612145] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.612430] page dumped because: kasan: bad access detected [ 13.612905] [ 13.613064] Memory state around the buggy address: [ 13.613358] ffff888102aacf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.613909] ffff888102aacf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.614266] >ffff888102aad000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 13.614720] ^ [ 13.614933] ffff888102aad080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.615372] ffff888102aad100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.615789] ==================================================================
[ 13.746379] ================================================================== [ 13.746846] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.747131] Read of size 64 at addr ffff888102c4c184 by task kunit_try_catch/199 [ 13.747415] [ 13.747537] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.747582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.747593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.747613] Call Trace: [ 13.747625] <TASK> [ 13.747640] dump_stack_lvl+0x73/0xb0 [ 13.747668] print_report+0xd1/0x650 [ 13.747690] ? __virt_addr_valid+0x1db/0x2d0 [ 13.747712] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.747735] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.747760] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.747784] kasan_report+0x141/0x180 [ 13.747805] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.747835] kasan_check_range+0x10c/0x1c0 [ 13.747859] __asan_memmove+0x27/0x70 [ 13.747878] kmalloc_memmove_invalid_size+0x16f/0x330 [ 13.747902] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 13.747927] ? __schedule+0x10cc/0x2b60 [ 13.747948] ? __pfx_read_tsc+0x10/0x10 [ 13.747969] ? ktime_get_ts64+0x86/0x230 [ 13.747995] kunit_try_run_case+0x1a5/0x480 [ 13.748019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.748040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.748520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.748545] ? __kthread_parkme+0x82/0x180 [ 13.748565] ? preempt_count_sub+0x50/0x80 [ 13.748588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.748612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.748634] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.748656] kthread+0x337/0x6f0 [ 13.748676] ? trace_preempt_on+0x20/0xc0 [ 13.748729] ? __pfx_kthread+0x10/0x10 [ 13.748763] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.748784] ? calculate_sigpending+0x7b/0xa0 [ 13.748807] ? __pfx_kthread+0x10/0x10 [ 13.748829] ret_from_fork+0x116/0x1d0 [ 13.748847] ? __pfx_kthread+0x10/0x10 [ 13.748867] ret_from_fork_asm+0x1a/0x30 [ 13.748899] </TASK> [ 13.748910] [ 13.762826] Allocated by task 199: [ 13.763199] kasan_save_stack+0x45/0x70 [ 13.763601] kasan_save_track+0x18/0x40 [ 13.763961] kasan_save_alloc_info+0x3b/0x50 [ 13.764139] __kasan_kmalloc+0xb7/0xc0 [ 13.764370] __kmalloc_cache_noprof+0x189/0x420 [ 13.764912] kmalloc_memmove_invalid_size+0xac/0x330 [ 13.765416] kunit_try_run_case+0x1a5/0x480 [ 13.765917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.766152] kthread+0x337/0x6f0 [ 13.766315] ret_from_fork+0x116/0x1d0 [ 13.766497] ret_from_fork_asm+0x1a/0x30 [ 13.766688] [ 13.766881] The buggy address belongs to the object at ffff888102c4c180 [ 13.766881] which belongs to the cache kmalloc-64 of size 64 [ 13.767443] The buggy address is located 4 bytes inside of [ 13.767443] allocated 64-byte region [ffff888102c4c180, ffff888102c4c1c0) [ 13.768073] [ 13.768179] The buggy address belongs to the physical page: [ 13.768510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c4c [ 13.769028] flags: 0x200000000000000(node=0|zone=2) [ 13.769245] page_type: f5(slab) [ 13.769458] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.769892] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.770200] page dumped because: kasan: bad access detected [ 13.770501] [ 13.770600] Memory state around the buggy address: [ 13.770965] ffff888102c4c080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.771330] ffff888102c4c100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.771728] >ffff888102c4c180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 13.772037] ^ [ 13.772301] ffff888102c4c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.772587] ffff888102c4c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.772954] ==================================================================
[ 26.909450] ================================================================== [ 26.921582] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 26.929501] Read of size 64 at addr ffff888101438f84 by task kunit_try_catch/223 [ 26.936894] [ 26.938411] CPU: 2 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 26.938420] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 26.938423] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 26.938426] Call Trace: [ 26.938428] <TASK> [ 26.938429] dump_stack_lvl+0x73/0xb0 [ 26.938434] print_report+0xd1/0x650 [ 26.938438] ? __virt_addr_valid+0x1db/0x2d0 [ 26.938442] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 26.938446] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.938451] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 26.938456] kasan_report+0x141/0x180 [ 26.938459] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 26.938465] kasan_check_range+0x10c/0x1c0 [ 26.938469] __asan_memmove+0x27/0x70 [ 26.938472] kmalloc_memmove_invalid_size+0x16f/0x330 [ 26.938477] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 26.938481] ? __schedule+0x10cc/0x2b60 [ 26.938485] ? ktime_get_ts64+0x83/0x230 [ 26.938490] kunit_try_run_case+0x1a2/0x480 [ 26.938494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.938498] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.938502] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.938506] ? __kthread_parkme+0x82/0x180 [ 26.938510] ? preempt_count_sub+0x50/0x80 [ 26.938514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.938518] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 26.938522] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.938526] kthread+0x334/0x6f0 [ 26.938530] ? trace_preempt_on+0x20/0xc0 [ 26.938534] ? __pfx_kthread+0x10/0x10 [ 26.938537] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.938541] ? calculate_sigpending+0x7b/0xa0 [ 26.938545] ? __pfx_kthread+0x10/0x10 [ 26.938549] ret_from_fork+0x113/0x1d0 [ 26.938552] ? __pfx_kthread+0x10/0x10 [ 26.938556] ret_from_fork_asm+0x1a/0x30 [ 26.938562] </TASK> [ 26.938563] [ 27.111094] Allocated by task 223: [ 27.114500] kasan_save_stack+0x45/0x70 [ 27.118361] kasan_save_track+0x18/0x40 [ 27.122232] kasan_save_alloc_info+0x3b/0x50 [ 27.126511] __kasan_kmalloc+0xb7/0xc0 [ 27.130264] __kmalloc_cache_noprof+0x189/0x420 [ 27.134797] kmalloc_memmove_invalid_size+0xac/0x330 [ 27.139772] kunit_try_run_case+0x1a2/0x480 [ 27.143959] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 27.149364] kthread+0x334/0x6f0 [ 27.152614] ret_from_fork+0x113/0x1d0 [ 27.156368] ret_from_fork_asm+0x1a/0x30 [ 27.160312] [ 27.161810] The buggy address belongs to the object at ffff888101438f80 [ 27.161810] which belongs to the cache kmalloc-64 of size 64 [ 27.174151] The buggy address is located 4 bytes inside of [ 27.174151] allocated 64-byte region [ffff888101438f80, ffff888101438fc0) [ 27.186495] [ 27.187992] The buggy address belongs to the physical page: [ 27.193566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101438 [ 27.201573] flags: 0x200000000000000(node=0|zone=2) [ 27.206454] page_type: f5(slab) [ 27.209601] raw: 0200000000000000 ffff8881000428c0 dead000000000122 0000000000000000 [ 27.217363] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.225103] page dumped because: kasan: bad access detected [ 27.230675] [ 27.232174] Memory state around the buggy address: [ 27.236968] ffff888101438e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.244187] ffff888101438f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.251408] >ffff888101438f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 27.258633] ^ [ 27.263946] ffff888101439000: fa fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb [ 27.271166] ffff888101439080: fb fb fc fc fc fc fa fb fb fb fb fb fb fc fc fc [ 27.278408] ==================================================================