Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.675206] ================================================================== [ 16.675289] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.675344] Read of size 18446744073709551614 at addr fff00000c7809204 by task kunit_try_catch/180 [ 16.675425] [ 16.675458] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.675540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.675566] Hardware name: linux,dummy-virt (DT) [ 16.675597] Call trace: [ 16.675620] show_stack+0x20/0x38 (C) [ 16.675668] dump_stack_lvl+0x8c/0xd0 [ 16.675714] print_report+0x118/0x5d0 [ 16.675781] kasan_report+0xdc/0x128 [ 16.675826] kasan_check_range+0x100/0x1a8 [ 16.675873] __asan_memmove+0x3c/0x98 [ 16.676387] kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.676566] kunit_try_run_case+0x170/0x3f0 [ 16.676630] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.676682] kthread+0x328/0x630 [ 16.677220] ret_from_fork+0x10/0x20 [ 16.677573] [ 16.677655] Allocated by task 180: [ 16.677689] kasan_save_stack+0x3c/0x68 [ 16.677734] kasan_save_track+0x20/0x40 [ 16.677771] kasan_save_alloc_info+0x40/0x58 [ 16.678054] __kasan_kmalloc+0xd4/0xd8 [ 16.678252] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.679512] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 16.679764] kunit_try_run_case+0x170/0x3f0 [ 16.680299] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.680644] kthread+0x328/0x630 [ 16.680745] ret_from_fork+0x10/0x20 [ 16.680871] [ 16.680962] The buggy address belongs to the object at fff00000c7809200 [ 16.680962] which belongs to the cache kmalloc-64 of size 64 [ 16.681343] The buggy address is located 4 bytes inside of [ 16.681343] 64-byte region [fff00000c7809200, fff00000c7809240) [ 16.681545] [ 16.681623] The buggy address belongs to the physical page: [ 16.681681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107809 [ 16.682095] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.682313] page_type: f5(slab) [ 16.682673] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 16.682992] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.683396] page dumped because: kasan: bad access detected [ 16.683557] [ 16.683651] Memory state around the buggy address: [ 16.683792] fff00000c7809100: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 16.683945] fff00000c7809180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.684172] >fff00000c7809200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 16.684369] ^ [ 16.684430] fff00000c7809280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.684591] fff00000c7809300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.684680] ==================================================================
[ 16.654065] ================================================================== [ 16.654183] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.654242] Read of size 18446744073709551614 at addr fff00000c7857f04 by task kunit_try_catch/180 [ 16.654741] [ 16.654786] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.654913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.654943] Hardware name: linux,dummy-virt (DT) [ 16.654991] Call trace: [ 16.655017] show_stack+0x20/0x38 (C) [ 16.655075] dump_stack_lvl+0x8c/0xd0 [ 16.655122] print_report+0x118/0x5d0 [ 16.655167] kasan_report+0xdc/0x128 [ 16.655211] kasan_check_range+0x100/0x1a8 [ 16.655258] __asan_memmove+0x3c/0x98 [ 16.655457] kmalloc_memmove_negative_size+0x154/0x2e0 [ 16.655698] kunit_try_run_case+0x170/0x3f0 [ 16.655791] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.655918] kthread+0x328/0x630 [ 16.656471] ret_from_fork+0x10/0x20 [ 16.656544] [ 16.656602] Allocated by task 180: [ 16.656707] kasan_save_stack+0x3c/0x68 [ 16.656771] kasan_save_track+0x20/0x40 [ 16.656849] kasan_save_alloc_info+0x40/0x58 [ 16.656893] __kasan_kmalloc+0xd4/0xd8 [ 16.657287] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.657402] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 16.657564] kunit_try_run_case+0x170/0x3f0 [ 16.657684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.657729] kthread+0x328/0x630 [ 16.657769] ret_from_fork+0x10/0x20 [ 16.657804] [ 16.657827] The buggy address belongs to the object at fff00000c7857f00 [ 16.657827] which belongs to the cache kmalloc-64 of size 64 [ 16.658073] The buggy address is located 4 bytes inside of [ 16.658073] 64-byte region [fff00000c7857f00, fff00000c7857f40) [ 16.658414] [ 16.658644] The buggy address belongs to the physical page: [ 16.658690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107857 [ 16.659088] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.659144] page_type: f5(slab) [ 16.659184] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 16.659273] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.659320] page dumped because: kasan: bad access detected [ 16.659352] [ 16.659385] Memory state around the buggy address: [ 16.659428] fff00000c7857e00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 16.659474] fff00000c7857e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.659528] >fff00000c7857f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 16.659567] ^ [ 16.659595] fff00000c7857f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.659662] fff00000c7858000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.659702] ==================================================================
[ 12.828259] ================================================================== [ 12.828770] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 12.829077] Read of size 18446744073709551614 at addr ffff88810315f404 by task kunit_try_catch/198 [ 12.829740] [ 12.829861] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.829905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.829916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.829937] Call Trace: [ 12.829950] <TASK> [ 12.829967] dump_stack_lvl+0x73/0xb0 [ 12.829997] print_report+0xd1/0x610 [ 12.830019] ? __virt_addr_valid+0x1db/0x2d0 [ 12.830053] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.830077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.830099] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.830146] kasan_report+0x141/0x180 [ 12.830169] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.830199] kasan_check_range+0x10c/0x1c0 [ 12.830223] __asan_memmove+0x27/0x70 [ 12.830242] kmalloc_memmove_negative_size+0x171/0x330 [ 12.830265] ? __kasan_check_write+0x18/0x20 [ 12.830284] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 12.830309] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.830334] ? trace_hardirqs_on+0x37/0xe0 [ 12.830356] ? __pfx_read_tsc+0x10/0x10 [ 12.830377] ? ktime_get_ts64+0x86/0x230 [ 12.830414] kunit_try_run_case+0x1a5/0x480 [ 12.830439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.830463] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.830488] ? __kthread_parkme+0x82/0x180 [ 12.830508] ? preempt_count_sub+0x50/0x80 [ 12.830532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.830556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.830578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.830668] kthread+0x337/0x6f0 [ 12.830690] ? trace_preempt_on+0x20/0xc0 [ 12.830713] ? __pfx_kthread+0x10/0x10 [ 12.830733] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.830754] ? calculate_sigpending+0x7b/0xa0 [ 12.830778] ? __pfx_kthread+0x10/0x10 [ 12.830800] ret_from_fork+0x116/0x1d0 [ 12.830818] ? __pfx_kthread+0x10/0x10 [ 12.830838] ret_from_fork_asm+0x1a/0x30 [ 12.830871] </TASK> [ 12.830882] [ 12.839350] Allocated by task 198: [ 12.839537] kasan_save_stack+0x45/0x70 [ 12.839950] kasan_save_track+0x18/0x40 [ 12.840139] kasan_save_alloc_info+0x3b/0x50 [ 12.840349] __kasan_kmalloc+0xb7/0xc0 [ 12.840504] __kmalloc_cache_noprof+0x189/0x420 [ 12.840662] kmalloc_memmove_negative_size+0xac/0x330 [ 12.840982] kunit_try_run_case+0x1a5/0x480 [ 12.841586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.841865] kthread+0x337/0x6f0 [ 12.842015] ret_from_fork+0x116/0x1d0 [ 12.842204] ret_from_fork_asm+0x1a/0x30 [ 12.842381] [ 12.842467] The buggy address belongs to the object at ffff88810315f400 [ 12.842467] which belongs to the cache kmalloc-64 of size 64 [ 12.843020] The buggy address is located 4 bytes inside of [ 12.843020] 64-byte region [ffff88810315f400, ffff88810315f440) [ 12.843357] [ 12.843442] The buggy address belongs to the physical page: [ 12.843653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315f [ 12.844016] flags: 0x200000000000000(node=0|zone=2) [ 12.844247] page_type: f5(slab) [ 12.844424] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.845138] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.845475] page dumped because: kasan: bad access detected [ 12.845770] [ 12.845867] Memory state around the buggy address: [ 12.846136] ffff88810315f300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.846442] ffff88810315f380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.846797] >ffff88810315f400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.847148] ^ [ 12.847293] ffff88810315f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.847552] ffff88810315f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.847768] ==================================================================
[ 12.960676] ================================================================== [ 12.961547] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 12.962267] Read of size 18446744073709551614 at addr ffff8881027a4e84 by task kunit_try_catch/197 [ 12.963494] [ 12.963738] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.963789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.963801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.963823] Call Trace: [ 12.963838] <TASK> [ 12.963856] dump_stack_lvl+0x73/0xb0 [ 12.963886] print_report+0xd1/0x610 [ 12.963908] ? __virt_addr_valid+0x1db/0x2d0 [ 12.963930] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.963953] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.964229] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.964283] kasan_report+0x141/0x180 [ 12.964307] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.964340] kasan_check_range+0x10c/0x1c0 [ 12.964363] __asan_memmove+0x27/0x70 [ 12.964382] kmalloc_memmove_negative_size+0x171/0x330 [ 12.964405] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 12.964431] ? __schedule+0x10c6/0x2b60 [ 12.964452] ? __pfx_read_tsc+0x10/0x10 [ 12.964473] ? ktime_get_ts64+0x86/0x230 [ 12.964496] kunit_try_run_case+0x1a5/0x480 [ 12.964520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.964541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.964563] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.964585] ? __kthread_parkme+0x82/0x180 [ 12.964605] ? preempt_count_sub+0x50/0x80 [ 12.964628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.964651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.964673] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.964695] kthread+0x337/0x6f0 [ 12.964714] ? trace_preempt_on+0x20/0xc0 [ 12.964736] ? __pfx_kthread+0x10/0x10 [ 12.964756] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.964776] ? calculate_sigpending+0x7b/0xa0 [ 12.964798] ? __pfx_kthread+0x10/0x10 [ 12.964819] ret_from_fork+0x116/0x1d0 [ 12.964836] ? __pfx_kthread+0x10/0x10 [ 12.964946] ret_from_fork_asm+0x1a/0x30 [ 12.964977] </TASK> [ 12.964987] [ 12.979925] Allocated by task 197: [ 12.980161] kasan_save_stack+0x45/0x70 [ 12.980608] kasan_save_track+0x18/0x40 [ 12.980801] kasan_save_alloc_info+0x3b/0x50 [ 12.981226] __kasan_kmalloc+0xb7/0xc0 [ 12.981592] __kmalloc_cache_noprof+0x189/0x420 [ 12.981901] kmalloc_memmove_negative_size+0xac/0x330 [ 12.982335] kunit_try_run_case+0x1a5/0x480 [ 12.982642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.982989] kthread+0x337/0x6f0 [ 12.983167] ret_from_fork+0x116/0x1d0 [ 12.983326] ret_from_fork_asm+0x1a/0x30 [ 12.983799] [ 12.983929] The buggy address belongs to the object at ffff8881027a4e80 [ 12.983929] which belongs to the cache kmalloc-64 of size 64 [ 12.984817] The buggy address is located 4 bytes inside of [ 12.984817] 64-byte region [ffff8881027a4e80, ffff8881027a4ec0) [ 12.985616] [ 12.985726] The buggy address belongs to the physical page: [ 12.986274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a4 [ 12.986633] flags: 0x200000000000000(node=0|zone=2) [ 12.986879] page_type: f5(slab) [ 12.987054] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.987807] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.988293] page dumped because: kasan: bad access detected [ 12.988836] [ 12.989183] Memory state around the buggy address: [ 12.989632] ffff8881027a4d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.990180] ffff8881027a4e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.990580] >ffff8881027a4e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.991105] ^ [ 12.991280] ffff8881027a4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.991954] ffff8881027a4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.992439] ==================================================================