Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 38.747182] ================================================================== [ 38.759443] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 38.767464] Read of size 64 at addr ffff000080acfd04 by task kunit_try_catch/280 [ 38.774956] [ 38.776496] CPU: 3 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 38.776527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.776538] Hardware name: Thundercomm Dragonboard 845c (DT) [ 38.776549] Call trace: [ 38.776556] show_stack+0x20/0x38 (C) [ 38.776575] dump_stack_lvl+0x8c/0xd0 [ 38.776598] print_report+0x118/0x608 [ 38.776618] kasan_report+0xdc/0x128 [ 38.776640] kasan_check_range+0x100/0x1a8 [ 38.776661] __asan_memmove+0x3c/0x98 [ 38.776677] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 38.776696] kunit_try_run_case+0x170/0x3f0 [ 38.776716] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.776738] kthread+0x328/0x630 [ 38.776753] ret_from_fork+0x10/0x20 [ 38.776770] [ 38.846346] Allocated by task 280: [ 38.849805] kasan_save_stack+0x3c/0x68 [ 38.853716] kasan_save_track+0x20/0x40 [ 38.857627] kasan_save_alloc_info+0x40/0x58 [ 38.861968] __kasan_kmalloc+0xd4/0xd8 [ 38.865789] __kmalloc_cache_noprof+0x16c/0x3c0 [ 38.870393] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 38.875433] kunit_try_run_case+0x170/0x3f0 [ 38.879685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 38.885260] kthread+0x328/0x630 [ 38.888551] ret_from_fork+0x10/0x20 [ 38.892189] [ 38.893720] The buggy address belongs to the object at ffff000080acfd00 [ 38.893720] which belongs to the cache kmalloc-64 of size 64 [ 38.906212] The buggy address is located 4 bytes inside of [ 38.906212] allocated 64-byte region [ffff000080acfd00, ffff000080acfd40) [ 38.918697] [ 38.920233] The buggy address belongs to the physical page: [ 38.925885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100acf [ 38.933990] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 38.940614] page_type: f5(slab) [ 38.943818] raw: 0bfffe0000000000 ffff0000800028c0 dead000000000122 0000000000000000 [ 38.951667] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 38.959508] page dumped because: kasan: bad access detected [ 38.965158] [ 38.966687] Memory state around the buggy address: [ 38.971549] ffff000080acfc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 38.978866] ffff000080acfc80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 38.986179] >ffff000080acfd00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 38.993501] ^ [ 38.998887] ffff000080acfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.006202] ffff000080acfe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.013515] ==================================================================
[ 33.147147] ================================================================== [ 33.148215] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 33.148380] Read of size 64 at addr fff00000c7735304 by task kunit_try_catch/193 [ 33.148877] [ 33.149875] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 33.151313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.151403] Hardware name: linux,dummy-virt (DT) [ 33.151500] Call trace: [ 33.151564] show_stack+0x20/0x38 (C) [ 33.152346] dump_stack_lvl+0x8c/0xd0 [ 33.152843] print_report+0x118/0x608 [ 33.153225] kasan_report+0xdc/0x128 [ 33.153341] kasan_check_range+0x100/0x1a8 [ 33.153459] __asan_memmove+0x3c/0x98 [ 33.153564] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 33.153684] kunit_try_run_case+0x170/0x3f0 [ 33.154072] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.155246] kthread+0x328/0x630 [ 33.155517] ret_from_fork+0x10/0x20 [ 33.156413] [ 33.156656] Allocated by task 193: [ 33.157042] kasan_save_stack+0x3c/0x68 [ 33.157179] kasan_save_track+0x20/0x40 [ 33.157553] kasan_save_alloc_info+0x40/0x58 [ 33.157959] __kasan_kmalloc+0xd4/0xd8 [ 33.158323] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.158491] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 33.158594] kunit_try_run_case+0x170/0x3f0 [ 33.158694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.159295] kthread+0x328/0x630 [ 33.159421] ret_from_fork+0x10/0x20 [ 33.160002] [ 33.160056] The buggy address belongs to the object at fff00000c7735300 [ 33.160056] which belongs to the cache kmalloc-64 of size 64 [ 33.160457] The buggy address is located 4 bytes inside of [ 33.160457] allocated 64-byte region [fff00000c7735300, fff00000c7735340) [ 33.161115] [ 33.161427] The buggy address belongs to the physical page: [ 33.161636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107735 [ 33.162033] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.162168] page_type: f5(slab) [ 33.162743] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 33.162898] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 33.163241] page dumped because: kasan: bad access detected [ 33.163442] [ 33.163563] Memory state around the buggy address: [ 33.163650] fff00000c7735200: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 33.163769] fff00000c7735280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 33.163874] >fff00000c7735300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 33.164060] ^ [ 33.164153] fff00000c7735380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.164254] fff00000c7735400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.164991] ==================================================================
[ 29.286568] ================================================================== [ 29.287834] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.288531] Read of size 64 at addr ffff888102ddc784 by task kunit_try_catch/212 [ 29.289723] [ 29.290715] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 29.290854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.290889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.290942] Call Trace: [ 29.290977] <TASK> [ 29.291017] dump_stack_lvl+0x73/0xb0 [ 29.291093] print_report+0xd1/0x650 [ 29.291148] ? __virt_addr_valid+0x1db/0x2d0 [ 29.291199] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291232] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.291267] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291299] kasan_report+0x141/0x180 [ 29.291328] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291365] kasan_check_range+0x10c/0x1c0 [ 29.291395] __asan_memmove+0x27/0x70 [ 29.291426] kmalloc_memmove_invalid_size+0x16f/0x330 [ 29.291457] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 29.291489] ? __schedule+0x10cc/0x2b60 [ 29.291522] ? __pfx_read_tsc+0x10/0x10 [ 29.291577] ? ktime_get_ts64+0x86/0x230 [ 29.291613] kunit_try_run_case+0x1a5/0x480 [ 29.291649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.291679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.291715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.291772] ? __kthread_parkme+0x82/0x180 [ 29.291801] ? preempt_count_sub+0x50/0x80 [ 29.291845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.291878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.291909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.291940] kthread+0x337/0x6f0 [ 29.291966] ? trace_preempt_on+0x20/0xc0 [ 29.291998] ? __pfx_kthread+0x10/0x10 [ 29.292025] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.292062] ? calculate_sigpending+0x7b/0xa0 [ 29.292145] ? __pfx_kthread+0x10/0x10 [ 29.292193] ret_from_fork+0x116/0x1d0 [ 29.292236] ? __pfx_kthread+0x10/0x10 [ 29.292280] ret_from_fork_asm+0x1a/0x30 [ 29.292349] </TASK> [ 29.292372] [ 29.308190] Allocated by task 212: [ 29.308505] kasan_save_stack+0x45/0x70 [ 29.309003] kasan_save_track+0x18/0x40 [ 29.309904] kasan_save_alloc_info+0x3b/0x50 [ 29.310449] __kasan_kmalloc+0xb7/0xc0 [ 29.310831] __kmalloc_cache_noprof+0x189/0x420 [ 29.311488] kmalloc_memmove_invalid_size+0xac/0x330 [ 29.312046] kunit_try_run_case+0x1a5/0x480 [ 29.312511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.313107] kthread+0x337/0x6f0 [ 29.313523] ret_from_fork+0x116/0x1d0 [ 29.313932] ret_from_fork_asm+0x1a/0x30 [ 29.314833] [ 29.315037] The buggy address belongs to the object at ffff888102ddc780 [ 29.315037] which belongs to the cache kmalloc-64 of size 64 [ 29.316163] The buggy address is located 4 bytes inside of [ 29.316163] allocated 64-byte region [ffff888102ddc780, ffff888102ddc7c0) [ 29.316999] [ 29.317363] The buggy address belongs to the physical page: [ 29.317919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ddc [ 29.318723] flags: 0x200000000000000(node=0|zone=2) [ 29.319002] page_type: f5(slab) [ 29.319881] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.320526] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.321002] page dumped because: kasan: bad access detected [ 29.321392] [ 29.321717] Memory state around the buggy address: [ 29.322121] ffff888102ddc680: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.322668] ffff888102ddc700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.323165] >ffff888102ddc780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.323636] ^ [ 29.324387] ffff888102ddc800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.325075] ffff888102ddc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.325823] ==================================================================