Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 45.975989] ================================================================== [ 45.986516] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 45.994408] Read of size 64 at addr ffff0008083ca904 by task kunit_try_catch/266 [ 46.001787] [ 46.003274] CPU: 2 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 46.003333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.003351] Hardware name: WinLink E850-96 board (DT) [ 46.003373] Call trace: [ 46.003386] show_stack+0x20/0x38 (C) [ 46.003422] dump_stack_lvl+0x8c/0xd0 [ 46.003455] print_report+0x118/0x5d0 [ 46.003487] kasan_report+0xdc/0x128 [ 46.003515] kasan_check_range+0x100/0x1a8 [ 46.003544] __asan_memmove+0x3c/0x98 [ 46.003573] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 46.003608] kunit_try_run_case+0x170/0x3f0 [ 46.003646] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.003680] kthread+0x328/0x630 [ 46.003712] ret_from_fork+0x10/0x20 [ 46.003745] [ 46.071143] Allocated by task 266: [ 46.074531] kasan_save_stack+0x3c/0x68 [ 46.078347] kasan_save_track+0x20/0x40 [ 46.082167] kasan_save_alloc_info+0x40/0x58 [ 46.086420] __kasan_kmalloc+0xd4/0xd8 [ 46.090153] __kmalloc_cache_noprof+0x16c/0x3c0 [ 46.094666] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 46.099614] kunit_try_run_case+0x170/0x3f0 [ 46.103781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.109249] kthread+0x328/0x630 [ 46.112461] ret_from_fork+0x10/0x20 [ 46.116020] [ 46.117497] The buggy address belongs to the object at ffff0008083ca900 [ 46.117497] which belongs to the cache kmalloc-64 of size 64 [ 46.129823] The buggy address is located 4 bytes inside of [ 46.129823] allocated 64-byte region [ffff0008083ca900, ffff0008083ca940) [ 46.142150] [ 46.143626] The buggy address belongs to the physical page: [ 46.149183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8883ca [ 46.157169] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 46.163676] page_type: f5(slab) [ 46.166814] raw: 0bfffe0000000000 ffff0008000028c0 dead000000000122 0000000000000000 [ 46.174534] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 46.182253] page dumped because: kasan: bad access detected [ 46.187807] [ 46.189283] Memory state around the buggy address: [ 46.194064] ffff0008083ca800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 46.201265] ffff0008083ca880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 46.208473] >ffff0008083ca900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 46.215672] ^ [ 46.220970] ffff0008083ca980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.228176] ffff0008083caa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.235376] ==================================================================
[ 30.473136] ================================================================== [ 30.473205] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 30.473875] Read of size 64 at addr fff00000c9ac9784 by task kunit_try_catch/213 [ 30.473928] [ 30.474112] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.474226] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.474337] Hardware name: linux,dummy-virt (DT) [ 30.474396] Call trace: [ 30.474420] show_stack+0x20/0x38 (C) [ 30.474510] dump_stack_lvl+0x8c/0xd0 [ 30.474907] print_report+0x118/0x5d0 [ 30.475003] kasan_report+0xdc/0x128 [ 30.475056] kasan_check_range+0x100/0x1a8 [ 30.475101] __asan_memmove+0x3c/0x98 [ 30.475355] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 30.475492] kunit_try_run_case+0x170/0x3f0 [ 30.475543] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.475592] kthread+0x328/0x630 [ 30.475635] ret_from_fork+0x10/0x20 [ 30.475960] [ 30.475982] Allocated by task 213: [ 30.476069] kasan_save_stack+0x3c/0x68 [ 30.476140] kasan_save_track+0x20/0x40 [ 30.476198] kasan_save_alloc_info+0x40/0x58 [ 30.476504] __kasan_kmalloc+0xd4/0xd8 [ 30.476777] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.476831] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 30.476911] kunit_try_run_case+0x170/0x3f0 [ 30.477138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.477247] kthread+0x328/0x630 [ 30.477279] ret_from_fork+0x10/0x20 [ 30.477348] [ 30.477432] The buggy address belongs to the object at fff00000c9ac9780 [ 30.477432] which belongs to the cache kmalloc-64 of size 64 [ 30.477492] The buggy address is located 4 bytes inside of [ 30.477492] allocated 64-byte region [fff00000c9ac9780, fff00000c9ac97c0) [ 30.477563] [ 30.477627] The buggy address belongs to the physical page: [ 30.477660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ac9 [ 30.477737] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.477788] page_type: f5(slab) [ 30.477868] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 30.478077] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.478217] page dumped because: kasan: bad access detected [ 30.478284] [ 30.478301] Memory state around the buggy address: [ 30.478349] fff00000c9ac9680: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 30.478393] fff00000c9ac9700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.478445] >fff00000c9ac9780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 30.478482] ^ [ 30.478516] fff00000c9ac9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.478926] fff00000c9ac9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.479156] ==================================================================
[ 23.974036] ================================================================== [ 23.974454] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.974707] Read of size 64 at addr ffff888104cb3904 by task kunit_try_catch/232 [ 23.975771] [ 23.976202] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.976468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.976511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.976536] Call Trace: [ 23.976550] <TASK> [ 23.976571] dump_stack_lvl+0x73/0xb0 [ 23.976607] print_report+0xd1/0x610 [ 23.976629] ? __virt_addr_valid+0x1db/0x2d0 [ 23.976654] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.976703] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976727] kasan_report+0x141/0x180 [ 23.976759] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976787] kasan_check_range+0x10c/0x1c0 [ 23.976810] __asan_memmove+0x27/0x70 [ 23.976833] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976857] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.976881] ? __schedule+0x10cc/0x2b60 [ 23.976906] ? __pfx_read_tsc+0x10/0x10 [ 23.976929] ? ktime_get_ts64+0x86/0x230 [ 23.976956] kunit_try_run_case+0x1a5/0x480 [ 23.976979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.976999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.977022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.977045] ? __kthread_parkme+0x82/0x180 [ 23.977066] ? preempt_count_sub+0x50/0x80 [ 23.977090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.977111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.977136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.977160] kthread+0x337/0x6f0 [ 23.977181] ? trace_preempt_on+0x20/0xc0 [ 23.977204] ? __pfx_kthread+0x10/0x10 [ 23.977225] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.977246] ? calculate_sigpending+0x7b/0xa0 [ 23.977277] ? __pfx_kthread+0x10/0x10 [ 23.977298] ret_from_fork+0x116/0x1d0 [ 23.977318] ? __pfx_kthread+0x10/0x10 [ 23.977338] ret_from_fork_asm+0x1a/0x30 [ 23.977368] </TASK> [ 23.977380] [ 23.994440] Allocated by task 232: [ 23.994986] kasan_save_stack+0x45/0x70 [ 23.995575] kasan_save_track+0x18/0x40 [ 23.996088] kasan_save_alloc_info+0x3b/0x50 [ 23.996701] __kasan_kmalloc+0xb7/0xc0 [ 23.997247] __kmalloc_cache_noprof+0x189/0x420 [ 23.997964] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.998220] kunit_try_run_case+0x1a5/0x480 [ 23.998363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.999155] kthread+0x337/0x6f0 [ 23.999401] ret_from_fork+0x116/0x1d0 [ 23.999613] ret_from_fork_asm+0x1a/0x30 [ 24.000099] [ 24.000178] The buggy address belongs to the object at ffff888104cb3900 [ 24.000178] which belongs to the cache kmalloc-64 of size 64 [ 24.001320] The buggy address is located 4 bytes inside of [ 24.001320] allocated 64-byte region [ffff888104cb3900, ffff888104cb3940) [ 24.001966] [ 24.002040] The buggy address belongs to the physical page: [ 24.002211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cb3 [ 24.002938] flags: 0x200000000000000(node=0|zone=2) [ 24.003447] page_type: f5(slab) [ 24.003744] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.004434] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.004708] page dumped because: kasan: bad access detected [ 24.005185] [ 24.005511] Memory state around the buggy address: [ 24.005876] ffff888104cb3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.006089] ffff888104cb3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.006480] >ffff888104cb3900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.007088] ^ [ 24.007649] ffff888104cb3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.008243] ffff888104cb3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.008611] ==================================================================