Date
July 2, 2025, 11:10 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 30.904537] ================================================================== [ 30.904609] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 30.904662] Read of size 64 at addr fff00000c91ed704 by task kunit_try_catch/215 [ 30.904970] [ 30.905362] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 30.905480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.905508] Hardware name: linux,dummy-virt (DT) [ 30.905620] Call trace: [ 30.905647] show_stack+0x20/0x38 (C) [ 30.905700] dump_stack_lvl+0x8c/0xd0 [ 30.905748] print_report+0x118/0x608 [ 30.906275] kasan_report+0xdc/0x128 [ 30.906385] kasan_check_range+0x100/0x1a8 [ 30.906479] __asan_memmove+0x3c/0x98 [ 30.906618] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 30.906745] kunit_try_run_case+0x170/0x3f0 [ 30.906832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.906889] kthread+0x328/0x630 [ 30.907228] ret_from_fork+0x10/0x20 [ 30.907312] [ 30.907343] Allocated by task 215: [ 30.907408] kasan_save_stack+0x3c/0x68 [ 30.907499] kasan_save_track+0x20/0x40 [ 30.907538] kasan_save_alloc_info+0x40/0x58 [ 30.907892] __kasan_kmalloc+0xd4/0xd8 [ 30.908039] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.908130] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 30.908370] kunit_try_run_case+0x170/0x3f0 [ 30.908589] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.908689] kthread+0x328/0x630 [ 30.908760] ret_from_fork+0x10/0x20 [ 30.908859] [ 30.908907] The buggy address belongs to the object at fff00000c91ed700 [ 30.908907] which belongs to the cache kmalloc-64 of size 64 [ 30.908993] The buggy address is located 4 bytes inside of [ 30.908993] allocated 64-byte region [fff00000c91ed700, fff00000c91ed740) [ 30.909189] [ 30.909246] The buggy address belongs to the physical page: [ 30.909290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091ed [ 30.909348] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.909398] page_type: f5(slab) [ 30.909436] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.909496] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.909548] page dumped because: kasan: bad access detected [ 30.909581] [ 30.909615] Memory state around the buggy address: [ 30.909663] fff00000c91ed600: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 30.909710] fff00000c91ed680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.909753] >fff00000c91ed700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 30.909803] ^ [ 30.909838] fff00000c91ed780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.909886] fff00000c91ed800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.909944] ==================================================================
[ 32.661070] ================================================================== [ 32.661135] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 32.661249] Read of size 64 at addr fff00000c990b584 by task kunit_try_catch/213 [ 32.661316] [ 32.661365] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT [ 32.661454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.661485] Hardware name: linux,dummy-virt (DT) [ 32.661764] Call trace: [ 32.661825] show_stack+0x20/0x38 (C) [ 32.661881] dump_stack_lvl+0x8c/0xd0 [ 32.661968] print_report+0x118/0x608 [ 32.662025] kasan_report+0xdc/0x128 [ 32.662071] kasan_check_range+0x100/0x1a8 [ 32.662135] __asan_memmove+0x3c/0x98 [ 32.662221] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 32.662279] kunit_try_run_case+0x170/0x3f0 [ 32.662331] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.662396] kthread+0x328/0x630 [ 32.662475] ret_from_fork+0x10/0x20 [ 32.662532] [ 32.662561] Allocated by task 213: [ 32.662599] kasan_save_stack+0x3c/0x68 [ 32.662640] kasan_save_track+0x20/0x40 [ 32.662728] kasan_save_alloc_info+0x40/0x58 [ 32.662765] __kasan_kmalloc+0xd4/0xd8 [ 32.662804] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.662851] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 32.662894] kunit_try_run_case+0x170/0x3f0 [ 32.663053] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.663104] kthread+0x328/0x630 [ 32.663231] ret_from_fork+0x10/0x20 [ 32.663296] [ 32.663363] The buggy address belongs to the object at fff00000c990b580 [ 32.663363] which belongs to the cache kmalloc-64 of size 64 [ 32.663431] The buggy address is located 4 bytes inside of [ 32.663431] allocated 64-byte region [fff00000c990b580, fff00000c990b5c0) [ 32.663525] [ 32.663566] The buggy address belongs to the physical page: [ 32.663647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10990b [ 32.663725] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.663797] page_type: f5(slab) [ 32.663899] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 32.663975] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 32.664026] page dumped because: kasan: bad access detected [ 32.664080] [ 32.664099] Memory state around the buggy address: [ 32.664130] fff00000c990b480: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 32.664183] fff00000c990b500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.664226] >fff00000c990b580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 32.664264] ^ [ 32.664298] fff00000c990b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.664341] fff00000c990b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.664379] ==================================================================
[ 23.261469] ================================================================== [ 23.262237] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.262632] Read of size 64 at addr ffff888105fdff04 by task kunit_try_catch/230 [ 23.263004] [ 23.263126] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.263173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.263186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.263206] Call Trace: [ 23.263218] <TASK> [ 23.263233] dump_stack_lvl+0x73/0xb0 [ 23.263261] print_report+0xd1/0x650 [ 23.263283] ? __virt_addr_valid+0x1db/0x2d0 [ 23.263317] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.263366] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263389] kasan_report+0x141/0x180 [ 23.263411] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263438] kasan_check_range+0x10c/0x1c0 [ 23.263482] __asan_memmove+0x27/0x70 [ 23.263517] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263540] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.263564] ? __schedule+0x10cc/0x2b60 [ 23.263585] ? __pfx_read_tsc+0x10/0x10 [ 23.263623] ? ktime_get_ts64+0x86/0x230 [ 23.263648] kunit_try_run_case+0x1a5/0x480 [ 23.263672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.263756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.263778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.263800] ? __kthread_parkme+0x82/0x180 [ 23.263821] ? preempt_count_sub+0x50/0x80 [ 23.263844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.263869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.263892] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.263916] kthread+0x337/0x6f0 [ 23.263935] ? trace_preempt_on+0x20/0xc0 [ 23.263959] ? __pfx_kthread+0x10/0x10 [ 23.263979] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.264002] ? calculate_sigpending+0x7b/0xa0 [ 23.264025] ? __pfx_kthread+0x10/0x10 [ 23.264046] ret_from_fork+0x116/0x1d0 [ 23.264064] ? __pfx_kthread+0x10/0x10 [ 23.264085] ret_from_fork_asm+0x1a/0x30 [ 23.264115] </TASK> [ 23.264126] [ 23.272946] Allocated by task 230: [ 23.273361] kasan_save_stack+0x45/0x70 [ 23.273610] kasan_save_track+0x18/0x40 [ 23.273893] kasan_save_alloc_info+0x3b/0x50 [ 23.274076] __kasan_kmalloc+0xb7/0xc0 [ 23.274254] __kmalloc_cache_noprof+0x189/0x420 [ 23.274469] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.275061] kunit_try_run_case+0x1a5/0x480 [ 23.275354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.275674] kthread+0x337/0x6f0 [ 23.275911] ret_from_fork+0x116/0x1d0 [ 23.276237] ret_from_fork_asm+0x1a/0x30 [ 23.276479] [ 23.276588] The buggy address belongs to the object at ffff888105fdff00 [ 23.276588] which belongs to the cache kmalloc-64 of size 64 [ 23.277361] The buggy address is located 4 bytes inside of [ 23.277361] allocated 64-byte region [ffff888105fdff00, ffff888105fdff40) [ 23.278390] [ 23.278470] The buggy address belongs to the physical page: [ 23.279066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fdf [ 23.279394] flags: 0x200000000000000(node=0|zone=2) [ 23.279854] page_type: f5(slab) [ 23.280037] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.280460] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.280933] page dumped because: kasan: bad access detected [ 23.281194] [ 23.281288] Memory state around the buggy address: [ 23.281669] ffff888105fdfe00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.282058] ffff888105fdfe80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.282381] >ffff888105fdff00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.282972] ^ [ 23.283162] ffff888105fdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.283667] ffff888105fe0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.284059] ==================================================================
[ 23.545520] ================================================================== [ 23.547113] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.547684] Read of size 64 at addr ffff888106053e04 by task kunit_try_catch/231 [ 23.547909] [ 23.547998] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.548052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.548080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.548104] Call Trace: [ 23.548120] <TASK> [ 23.548140] dump_stack_lvl+0x73/0xb0 [ 23.548254] print_report+0xd1/0x650 [ 23.548388] ? __virt_addr_valid+0x1db/0x2d0 [ 23.548426] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.548475] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548499] kasan_report+0x141/0x180 [ 23.548520] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548547] kasan_check_range+0x10c/0x1c0 [ 23.548570] __asan_memmove+0x27/0x70 [ 23.548624] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.548648] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.548674] ? __schedule+0x10cc/0x2b60 [ 23.548739] ? __pfx_read_tsc+0x10/0x10 [ 23.548763] ? ktime_get_ts64+0x86/0x230 [ 23.548799] kunit_try_run_case+0x1a5/0x480 [ 23.548826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.548849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.548871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.548893] ? __kthread_parkme+0x82/0x180 [ 23.548915] ? preempt_count_sub+0x50/0x80 [ 23.548954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.548978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.549001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.549025] kthread+0x337/0x6f0 [ 23.549045] ? trace_preempt_on+0x20/0xc0 [ 23.549079] ? __pfx_kthread+0x10/0x10 [ 23.549099] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.549123] ? calculate_sigpending+0x7b/0xa0 [ 23.549146] ? __pfx_kthread+0x10/0x10 [ 23.549167] ret_from_fork+0x116/0x1d0 [ 23.549273] ? __pfx_kthread+0x10/0x10 [ 23.549298] ret_from_fork_asm+0x1a/0x30 [ 23.549329] </TASK> [ 23.549341] [ 23.562405] Allocated by task 231: [ 23.562675] kasan_save_stack+0x45/0x70 [ 23.563031] kasan_save_track+0x18/0x40 [ 23.563173] kasan_save_alloc_info+0x3b/0x50 [ 23.563642] __kasan_kmalloc+0xb7/0xc0 [ 23.564039] __kmalloc_cache_noprof+0x189/0x420 [ 23.564393] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.564752] kunit_try_run_case+0x1a5/0x480 [ 23.565104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.565570] kthread+0x337/0x6f0 [ 23.565699] ret_from_fork+0x116/0x1d0 [ 23.565842] ret_from_fork_asm+0x1a/0x30 [ 23.566114] [ 23.566289] The buggy address belongs to the object at ffff888106053e00 [ 23.566289] which belongs to the cache kmalloc-64 of size 64 [ 23.567616] The buggy address is located 4 bytes inside of [ 23.567616] allocated 64-byte region [ffff888106053e00, ffff888106053e40) [ 23.568641] [ 23.568717] The buggy address belongs to the physical page: [ 23.568888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106053 [ 23.569671] flags: 0x200000000000000(node=0|zone=2) [ 23.570277] page_type: f5(slab) [ 23.570688] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.571308] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.571783] page dumped because: kasan: bad access detected [ 23.572000] [ 23.572180] Memory state around the buggy address: [ 23.572682] ffff888106053d00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.573426] ffff888106053d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.573830] >ffff888106053e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.574464] ^ [ 23.574936] ffff888106053e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.575502] ffff888106053f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.575718] ==================================================================