lkft/linux-next-master - next-20250529 - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size

Date

May 29, 2025, 7:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   21.776861] ==================================================================
[   21.777067] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0
[   21.777231] Read of size 18446744073709551614 at addr fff00000c5e38504 by task kunit_try_catch/180
[   21.780664] 
[   21.781355] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.782288] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.782408] Hardware name: linux,dummy-virt (DT)
[   21.782481] Call trace:
[   21.782528]  show_stack+0x20/0x38 (C)
[   21.782669]  dump_stack_lvl+0x8c/0xd0
[   21.784263]  print_report+0x118/0x608
[   21.784976]  kasan_report+0xdc/0x128
[   21.785100]  kasan_check_range+0x100/0x1a8
[   21.785851]  __asan_memmove+0x3c/0x98
[   21.786230]  kmalloc_memmove_negative_size+0x154/0x2e0
[   21.786355]  kunit_try_run_case+0x170/0x3f0
[   21.786976]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.787075]  kthread+0x328/0x630
[   21.787164]  ret_from_fork+0x10/0x20
[   21.787278] 
[   21.787330] Allocated by task 180:
[   21.788929]  kasan_save_stack+0x3c/0x68
[   21.789065]  kasan_save_track+0x20/0x40
[   21.789825]  kasan_save_alloc_info+0x40/0x58
[   21.790200]  __kasan_kmalloc+0xd4/0xd8
[   21.790491]  __kmalloc_cache_noprof+0x15c/0x3c0
[   21.791100]  kmalloc_memmove_negative_size+0xb0/0x2e0
[   21.791537]  kunit_try_run_case+0x170/0x3f0
[   21.791918]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.792134]  kthread+0x328/0x630
[   21.792214]  ret_from_fork+0x10/0x20
[   21.795067] 
[   21.795134] The buggy address belongs to the object at fff00000c5e38500
[   21.795134]  which belongs to the cache kmalloc-64 of size 64
[   21.795286] The buggy address is located 4 bytes inside of
[   21.795286]  64-byte region [fff00000c5e38500, fff00000c5e38540)
[   21.795418] 
[   21.795466] The buggy address belongs to the physical page:
[   21.795530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e38
[   21.795627] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   21.795738] page_type: f5(slab)
[   21.795837] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   21.795965] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   21.796069] page dumped because: kasan: bad access detected
[   21.796151] 
[   21.796196] Memory state around the buggy address:
[   21.796284]  fff00000c5e38400: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc
[   21.796395]  fff00000c5e38480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   21.796523] >fff00000c5e38500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   21.796637]                    ^
[   21.796711]  fff00000c5e38580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.796823]  fff00000c5e38600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.796921] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xlB4GuTqktDwlee71Jnb1NJfRI

job_id

TEST:linaro@lkft#2xlB9kSwL581IJhu7BHNzCfQT8M

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xlB9kSwL581IJhu7BHNzCfQT8M

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB5itkvUcoORKx6U0GB9mAQ6f/Image.gz
sha256sum	27519c64f4a22ec72b96feedf830a0a926ae1ffcb90bd853992b3cfb83707592

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB5itkvUcoORKx6U0GB9mAQ6f/modules.tar.xz
sha256sum	b608f80e2ffe2d76ee59982bb5280be82af49763b122cef01f6e5492f96dd429

durations

tests

boot	0
kunit	310.48

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.057299] ==================================================================
[   11.057804] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330
[   11.058146] Read of size 18446744073709551614 at addr ffff8881028a0404 by task kunit_try_catch/197
[   11.058552] 
[   11.058676] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   11.058720] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.058733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.058754] Call Trace:
[   11.058765]  <TASK>
[   11.058780]  dump_stack_lvl+0x73/0xb0
[   11.058806]  print_report+0xd1/0x650
[   11.058828]  ? __virt_addr_valid+0x1db/0x2d0
[   11.059070]  ? kmalloc_memmove_negative_size+0x171/0x330
[   11.059095]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.059117]  ? kmalloc_memmove_negative_size+0x171/0x330
[   11.059163]  kasan_report+0x141/0x180
[   11.059186]  ? kmalloc_memmove_negative_size+0x171/0x330
[   11.059216]  kasan_check_range+0x10c/0x1c0
[   11.059240]  __asan_memmove+0x27/0x70
[   11.059260]  kmalloc_memmove_negative_size+0x171/0x330
[   11.059285]  ? __pfx_kmalloc_memmove_negative_size+0x10/0x10
[   11.059311]  ? __schedule+0x10cc/0x2b60
[   11.059334]  ? __pfx_read_tsc+0x10/0x10
[   11.059355]  ? ktime_get_ts64+0x86/0x230
[   11.059380]  kunit_try_run_case+0x1a5/0x480
[   11.059401]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.059420]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.059443]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.059468]  ? __kthread_parkme+0x82/0x180
[   11.059488]  ? preempt_count_sub+0x50/0x80
[   11.059511]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.059532]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.059555]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.059579]  kthread+0x337/0x6f0
[   11.059599]  ? trace_preempt_on+0x20/0xc0
[   11.059636]  ? __pfx_kthread+0x10/0x10
[   11.059656]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.059678]  ? calculate_sigpending+0x7b/0xa0
[   11.059703]  ? __pfx_kthread+0x10/0x10
[   11.059724]  ret_from_fork+0x116/0x1d0
[   11.059742]  ? __pfx_kthread+0x10/0x10
[   11.059824]  ret_from_fork_asm+0x1a/0x30
[   11.059855]  </TASK>
[   11.059865] 
[   11.067303] Allocated by task 197:
[   11.067440]  kasan_save_stack+0x45/0x70
[   11.067701]  kasan_save_track+0x18/0x40
[   11.067910]  kasan_save_alloc_info+0x3b/0x50
[   11.068057]  __kasan_kmalloc+0xb7/0xc0
[   11.068190]  __kmalloc_cache_noprof+0x189/0x420
[   11.068343]  kmalloc_memmove_negative_size+0xac/0x330
[   11.068512]  kunit_try_run_case+0x1a5/0x480
[   11.068667]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.068843]  kthread+0x337/0x6f0
[   11.068965]  ret_from_fork+0x116/0x1d0
[   11.069097]  ret_from_fork_asm+0x1a/0x30
[   11.069235] 
[   11.069320] The buggy address belongs to the object at ffff8881028a0400
[   11.069320]  which belongs to the cache kmalloc-64 of size 64
[   11.069983] The buggy address is located 4 bytes inside of
[   11.069983]  64-byte region [ffff8881028a0400, ffff8881028a0440)
[   11.070712] 
[   11.070820] The buggy address belongs to the physical page:
[   11.071090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028a0
[   11.071443] flags: 0x200000000000000(node=0|zone=2)
[   11.071701] page_type: f5(slab)
[   11.071872] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   11.072357] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   11.072588] page dumped because: kasan: bad access detected
[   11.072950] 
[   11.073134] Memory state around the buggy address:
[   11.073414]  ffff8881028a0300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   11.073838]  ffff8881028a0380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   11.074161] >ffff8881028a0400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   11.074377]                    ^
[   11.074496]  ffff8881028a0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.074782]  ffff8881028a0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.075140] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xlB4GuTqktDwlee71Jnb1NJfRI

job_id

TEST:linaro@lkft#2xlBAyWnEAFxkkNPj7qJWrTtgaT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xlBAyWnEAFxkkNPj7qJWrTtgaT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB7JyggRDdiWlLTNR3RGHKw4x/bzImage
sha256sum	813ee3b065558370ed659c97e0f76fa13c53689c6a88e9ed6ce06540be4fba08

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB7JyggRDdiWlLTNR3RGHKw4x/modules.tar.xz
sha256sum	d821f741da2dacad362fb409ee36ce859b32a19bbacfcc6c2f316531b9b4ec5f

durations

tests

boot	0
kunit	207.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned