Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.499720] ================================================================== [ 31.501035] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 31.502785] Read of size 18446744073709551614 at addr fff00000c58d3804 by task kunit_try_catch/169 [ 31.503973] [ 31.504558] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 31.505480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.506211] Hardware name: linux,dummy-virt (DT) [ 31.506957] Call trace: [ 31.507352] show_stack+0x20/0x38 (C) [ 31.508090] dump_stack_lvl+0x8c/0xd0 [ 31.508716] print_report+0x118/0x5e0 [ 31.509704] kasan_report+0xc8/0x118 [ 31.510347] kasan_check_range+0x100/0x1a8 [ 31.510994] __asan_memmove+0x3c/0x98 [ 31.512194] kmalloc_memmove_negative_size+0x154/0x2e0 [ 31.513253] kunit_try_run_case+0x14c/0x3d0 [ 31.513920] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.514693] kthread+0x24c/0x2d0 [ 31.515327] ret_from_fork+0x10/0x20 [ 31.515942] [ 31.516248] Allocated by task 169: [ 31.516849] kasan_save_stack+0x3c/0x68 [ 31.517661] kasan_save_track+0x20/0x40 [ 31.518128] kasan_save_alloc_info+0x40/0x58 [ 31.518723] __kasan_kmalloc+0xd4/0xd8 [ 31.519421] __kmalloc_cache_noprof+0x15c/0x3c8 [ 31.520151] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 31.520966] kunit_try_run_case+0x14c/0x3d0 [ 31.521550] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.522949] kthread+0x24c/0x2d0 [ 31.523355] ret_from_fork+0x10/0x20 [ 31.523990] [ 31.524397] The buggy address belongs to the object at fff00000c58d3800 [ 31.524397] which belongs to the cache kmalloc-64 of size 64 [ 31.526094] The buggy address is located 4 bytes inside of [ 31.526094] 64-byte region [fff00000c58d3800, fff00000c58d3840) [ 31.527627] [ 31.528008] The buggy address belongs to the physical page: [ 31.528819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d3 [ 31.529719] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.530608] page_type: f5(slab) [ 31.531544] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 31.532541] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 31.533208] page dumped because: kasan: bad access detected [ 31.533839] [ 31.534259] Memory state around the buggy address: [ 31.534990] fff00000c58d3700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.535969] fff00000c58d3780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.536962] >fff00000c58d3800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.537823] ^ [ 31.538414] fff00000c58d3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.539525] fff00000c58d3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.540760] ==================================================================
[ 31.483561] ================================================================== [ 31.484829] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 31.485483] Read of size 18446744073709551614 at addr fff00000c5e5ec04 by task kunit_try_catch/169 [ 31.487047] [ 31.487439] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 31.488786] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.489279] Hardware name: linux,dummy-virt (DT) [ 31.490018] Call trace: [ 31.490557] show_stack+0x20/0x38 (C) [ 31.491811] dump_stack_lvl+0x8c/0xd0 [ 31.492283] print_report+0x118/0x5e0 [ 31.493020] kasan_report+0xc8/0x118 [ 31.493795] kasan_check_range+0x100/0x1a8 [ 31.494849] __asan_memmove+0x3c/0x98 [ 31.495371] kmalloc_memmove_negative_size+0x154/0x2e0 [ 31.496124] kunit_try_run_case+0x14c/0x3d0 [ 31.496848] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.497617] kthread+0x24c/0x2d0 [ 31.498113] ret_from_fork+0x10/0x20 [ 31.498806] [ 31.499153] Allocated by task 169: [ 31.499712] kasan_save_stack+0x3c/0x68 [ 31.500391] kasan_save_track+0x20/0x40 [ 31.500999] kasan_save_alloc_info+0x40/0x58 [ 31.501618] __kasan_kmalloc+0xd4/0xd8 [ 31.502232] __kmalloc_cache_noprof+0x15c/0x3c8 [ 31.503689] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 31.504508] kunit_try_run_case+0x14c/0x3d0 [ 31.505321] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.506520] kthread+0x24c/0x2d0 [ 31.507037] ret_from_fork+0x10/0x20 [ 31.507575] [ 31.507937] The buggy address belongs to the object at fff00000c5e5ec00 [ 31.507937] which belongs to the cache kmalloc-64 of size 64 [ 31.509554] The buggy address is located 4 bytes inside of [ 31.509554] 64-byte region [fff00000c5e5ec00, fff00000c5e5ec40) [ 31.510687] [ 31.511052] The buggy address belongs to the physical page: [ 31.512650] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e5e [ 31.513352] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.514491] page_type: f5(slab) [ 31.515119] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 31.515898] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 31.516718] page dumped because: kasan: bad access detected [ 31.518073] [ 31.518427] Memory state around the buggy address: [ 31.519156] fff00000c5e5eb00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.520747] fff00000c5e5eb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.521556] >fff00000c5e5ec00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.522903] ^ [ 31.523401] fff00000c5e5ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.524276] fff00000c5e5ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.525076] ==================================================================
[ 25.629901] ================================================================== [ 25.630430] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x172/0x330 [ 25.630430] Read of size 18446744073709551614 at addr ffff8881028dbf04 by task kunit_try_catch/189 [ 25.630430] [ 25.630430] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 25.630430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.630430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.630430] Call Trace: [ 25.630430] <TASK> [ 25.630430] dump_stack_lvl+0x73/0xb0 [ 25.630430] print_report+0xd1/0x640 [ 25.630430] ? __virt_addr_valid+0x1db/0x2d0 [ 25.630430] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.630430] kasan_report+0x102/0x140 [ 25.630430] ? kmalloc_memmove_negative_size+0x172/0x330 [ 25.630430] ? kmalloc_memmove_negative_size+0x172/0x330 [ 25.630430] kasan_check_range+0x10c/0x1c0 [ 25.630430] __asan_memmove+0x27/0x70 [ 25.630430] kmalloc_memmove_negative_size+0x172/0x330 [ 25.630430] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.630430] ? __schedule+0xc3e/0x2790 [ 25.630430] ? ktime_get_ts64+0x84/0x230 [ 25.630430] kunit_try_run_case+0x1b3/0x490 [ 25.630430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.630430] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.630430] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.630430] ? __kthread_parkme+0x82/0x160 [ 25.630430] ? preempt_count_sub+0x50/0x80 [ 25.630430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.630430] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.630430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.630430] kthread+0x257/0x310 [ 25.630430] ? __pfx_kthread+0x10/0x10 [ 25.630430] ret_from_fork+0x41/0x80 [ 25.630430] ? __pfx_kthread+0x10/0x10 [ 25.630430] ret_from_fork_asm+0x1a/0x30 [ 25.630430] </TASK> [ 25.630430] [ 25.630430] Allocated by task 189: [ 25.630430] kasan_save_stack+0x3d/0x60 [ 25.630430] kasan_save_track+0x18/0x40 [ 25.630430] kasan_save_alloc_info+0x3b/0x50 [ 25.630430] __kasan_kmalloc+0xb7/0xc0 [ 25.630430] __kmalloc_cache_noprof+0x184/0x410 [ 25.630430] kmalloc_memmove_negative_size+0xad/0x330 [ 25.630430] kunit_try_run_case+0x1b3/0x490 [ 25.630430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.630430] kthread+0x257/0x310 [ 25.630430] ret_from_fork+0x41/0x80 [ 25.630430] ret_from_fork_asm+0x1a/0x30 [ 25.630430] [ 25.630430] The buggy address belongs to the object at ffff8881028dbf00 [ 25.630430] which belongs to the cache kmalloc-64 of size 64 [ 25.630430] The buggy address is located 4 bytes inside of [ 25.630430] 64-byte region [ffff8881028dbf00, ffff8881028dbf40) [ 25.630430] [ 25.630430] The buggy address belongs to the physical page: [ 25.630430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028db [ 25.630430] flags: 0x200000000000000(node=0|zone=2) [ 25.630430] page_type: f5(slab) [ 25.630430] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.630430] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 25.630430] page dumped because: kasan: bad access detected [ 25.630430] [ 25.630430] Memory state around the buggy address: [ 25.630430] ffff8881028dbe00: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc [ 25.630430] ffff8881028dbe80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.630430] >ffff8881028dbf00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.630430] ^ [ 25.630430] ffff8881028dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.630430] ffff8881028dc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.630430] ==================================================================
[ 20.670551] ================================================================== [ 20.671610] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x172/0x330 [ 20.672004] Read of size 18446744073709551614 at addr ffff8881028b9184 by task kunit_try_catch/187 [ 20.673399] [ 20.673698] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 20.674448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.674825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.675673] Call Trace: [ 20.676770] <TASK> [ 20.677201] dump_stack_lvl+0x73/0xb0 [ 20.677481] print_report+0xd1/0x640 [ 20.678311] ? __virt_addr_valid+0x1db/0x2d0 [ 20.678886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.680030] kasan_report+0x102/0x140 [ 20.680801] ? kmalloc_memmove_negative_size+0x172/0x330 [ 20.681386] ? kmalloc_memmove_negative_size+0x172/0x330 [ 20.681885] kasan_check_range+0x10c/0x1c0 [ 20.682290] __asan_memmove+0x27/0x70 [ 20.683411] kmalloc_memmove_negative_size+0x172/0x330 [ 20.684326] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 20.685104] ? __schedule+0x1ba9/0x2790 [ 20.685730] ? __pfx_read_tsc+0x10/0x10 [ 20.686378] ? ktime_get_ts64+0x84/0x230 [ 20.686831] kunit_try_run_case+0x1b3/0x490 [ 20.687546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.688282] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.688748] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.689144] ? __kthread_parkme+0x82/0x160 [ 20.689777] ? preempt_count_sub+0x50/0x80 [ 20.690369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.690913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.691791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.692524] kthread+0x257/0x310 [ 20.692901] ? __pfx_kthread+0x10/0x10 [ 20.693453] ret_from_fork+0x41/0x80 [ 20.693918] ? __pfx_kthread+0x10/0x10 [ 20.694429] ret_from_fork_asm+0x1a/0x30 [ 20.695354] </TASK> [ 20.695723] [ 20.695920] Allocated by task 187: [ 20.696311] kasan_save_stack+0x3d/0x60 [ 20.696853] kasan_save_track+0x18/0x40 [ 20.697399] kasan_save_alloc_info+0x3b/0x50 [ 20.698008] __kasan_kmalloc+0xb7/0xc0 [ 20.698419] __kmalloc_cache_noprof+0x184/0x410 [ 20.699694] kmalloc_memmove_negative_size+0xad/0x330 [ 20.699992] kunit_try_run_case+0x1b3/0x490 [ 20.700850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.701609] kthread+0x257/0x310 [ 20.702217] ret_from_fork+0x41/0x80 [ 20.702750] ret_from_fork_asm+0x1a/0x30 [ 20.703645] [ 20.703863] The buggy address belongs to the object at ffff8881028b9180 [ 20.703863] which belongs to the cache kmalloc-64 of size 64 [ 20.704645] The buggy address is located 4 bytes inside of [ 20.704645] 64-byte region [ffff8881028b9180, ffff8881028b91c0) [ 20.706266] [ 20.706531] The buggy address belongs to the physical page: [ 20.707174] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028b9 [ 20.708523] flags: 0x200000000000000(node=0|zone=2) [ 20.709236] page_type: f5(slab) [ 20.709829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 20.710719] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [ 20.711830] page dumped because: kasan: bad access detected [ 20.712287] [ 20.712451] Memory state around the buggy address: [ 20.712819] ffff8881028b9080: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 20.713376] ffff8881028b9100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 20.714107] >ffff8881028b9180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 20.714889] ^ [ 20.715353] ffff8881028b9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.715876] ffff8881028b9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.716296] ==================================================================