Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 44.629385] ================================================================== [ 44.639865] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 44.647761] Read of size 64 at addr ffff000804a47804 by task kunit_try_catch/266 [ 44.655139] [ 44.656625] CPU: 2 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 44.656679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 44.656699] Hardware name: WinLink E850-96 board (DT) [ 44.656721] Call trace: [ 44.656733] show_stack+0x20/0x38 (C) [ 44.656766] dump_stack_lvl+0x8c/0xd0 [ 44.656797] print_report+0x118/0x5d0 [ 44.656825] kasan_report+0xdc/0x128 [ 44.656852] kasan_check_range+0x100/0x1a8 [ 44.656882] __asan_memmove+0x3c/0x98 [ 44.656913] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 44.656950] kunit_try_run_case+0x170/0x3f0 [ 44.656987] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.657020] kthread+0x328/0x630 [ 44.657049] ret_from_fork+0x10/0x20 [ 44.657083] [ 44.724497] Allocated by task 266: [ 44.727885] kasan_save_stack+0x3c/0x68 [ 44.731700] kasan_save_track+0x20/0x40 [ 44.735520] kasan_save_alloc_info+0x40/0x58 [ 44.739773] __kasan_kmalloc+0xd4/0xd8 [ 44.743506] __kmalloc_cache_noprof+0x16c/0x3c0 [ 44.748020] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 44.752969] kunit_try_run_case+0x170/0x3f0 [ 44.757134] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.762603] kthread+0x328/0x630 [ 44.765815] ret_from_fork+0x10/0x20 [ 44.769375] [ 44.770850] The buggy address belongs to the object at ffff000804a47800 [ 44.770850] which belongs to the cache kmalloc-64 of size 64 [ 44.783179] The buggy address is located 4 bytes inside of [ 44.783179] allocated 64-byte region [ffff000804a47800, ffff000804a47840) [ 44.795501] [ 44.796980] The buggy address belongs to the physical page: [ 44.802537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x884a47 [ 44.810521] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 44.817032] page_type: f5(slab) [ 44.820167] raw: 0bfffe0000000000 ffff0008000028c0 dead000000000122 0000000000000000 [ 44.827886] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 44.835605] page dumped because: kasan: bad access detected [ 44.841161] [ 44.842636] Memory state around the buggy address: [ 44.847416] ffff000804a47700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.854619] ffff000804a47780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.861825] >ffff000804a47800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 44.869025] ^ [ 44.874324] ffff000804a47880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.881528] ffff000804a47900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.888731] ==================================================================
[ 29.719963] ================================================================== [ 29.720355] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 29.720473] Read of size 64 at addr fff00000c9ad9d04 by task kunit_try_catch/213 [ 29.720525] [ 29.720565] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.720652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.720679] Hardware name: linux,dummy-virt (DT) [ 29.720924] Call trace: [ 29.721044] show_stack+0x20/0x38 (C) [ 29.721206] dump_stack_lvl+0x8c/0xd0 [ 29.721254] print_report+0x118/0x5d0 [ 29.721298] kasan_report+0xdc/0x128 [ 29.721341] kasan_check_range+0x100/0x1a8 [ 29.721652] __asan_memmove+0x3c/0x98 [ 29.721714] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 29.721773] kunit_try_run_case+0x170/0x3f0 [ 29.722005] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.722207] kthread+0x328/0x630 [ 29.722352] ret_from_fork+0x10/0x20 [ 29.722730] [ 29.722818] Allocated by task 213: [ 29.722893] kasan_save_stack+0x3c/0x68 [ 29.722955] kasan_save_track+0x20/0x40 [ 29.722995] kasan_save_alloc_info+0x40/0x58 [ 29.723042] __kasan_kmalloc+0xd4/0xd8 [ 29.723091] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.723212] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 29.723539] kunit_try_run_case+0x170/0x3f0 [ 29.723586] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.723864] kthread+0x328/0x630 [ 29.724014] ret_from_fork+0x10/0x20 [ 29.724113] [ 29.724135] The buggy address belongs to the object at fff00000c9ad9d00 [ 29.724135] which belongs to the cache kmalloc-64 of size 64 [ 29.724194] The buggy address is located 4 bytes inside of [ 29.724194] allocated 64-byte region [fff00000c9ad9d00, fff00000c9ad9d40) [ 29.724265] [ 29.724287] The buggy address belongs to the physical page: [ 29.724319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ad9 [ 29.724717] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.724918] page_type: f5(slab) [ 29.724973] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 29.725023] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.725265] page dumped because: kasan: bad access detected [ 29.725303] [ 29.725555] Memory state around the buggy address: [ 29.725597] fff00000c9ad9c00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 29.725653] fff00000c9ad9c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.725697] >fff00000c9ad9d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 29.725735] ^ [ 29.725805] fff00000c9ad9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.725937] fff00000c9ad9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.726181] ==================================================================
[ 24.503033] ================================================================== [ 24.503617] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.504140] Read of size 64 at addr ffff88810510bb84 by task kunit_try_catch/231 [ 24.504768] [ 24.504950] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.505018] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.505031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.505055] Call Trace: [ 24.505068] <TASK> [ 24.505087] dump_stack_lvl+0x73/0xb0 [ 24.505121] print_report+0xd1/0x610 [ 24.505144] ? __virt_addr_valid+0x1db/0x2d0 [ 24.505168] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.505215] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505238] kasan_report+0x141/0x180 [ 24.505259] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505286] kasan_check_range+0x10c/0x1c0 [ 24.505308] __asan_memmove+0x27/0x70 [ 24.505330] kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505353] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 24.505377] ? __schedule+0x10cc/0x2b60 [ 24.505400] ? __pfx_read_tsc+0x10/0x10 [ 24.505422] ? ktime_get_ts64+0x86/0x230 [ 24.505448] kunit_try_run_case+0x1a5/0x480 [ 24.505471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.505491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.505513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.505535] ? __kthread_parkme+0x82/0x180 [ 24.505556] ? preempt_count_sub+0x50/0x80 [ 24.505579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.505600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.505624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.505648] kthread+0x337/0x6f0 [ 24.505679] ? trace_preempt_on+0x20/0xc0 [ 24.505703] ? __pfx_kthread+0x10/0x10 [ 24.505723] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.505744] ? calculate_sigpending+0x7b/0xa0 [ 24.505768] ? __pfx_kthread+0x10/0x10 [ 24.505788] ret_from_fork+0x116/0x1d0 [ 24.505806] ? __pfx_kthread+0x10/0x10 [ 24.505826] ret_from_fork_asm+0x1a/0x30 [ 24.505857] </TASK> [ 24.505867] [ 24.521914] Allocated by task 231: [ 24.522168] kasan_save_stack+0x45/0x70 [ 24.522674] kasan_save_track+0x18/0x40 [ 24.523100] kasan_save_alloc_info+0x3b/0x50 [ 24.523255] __kasan_kmalloc+0xb7/0xc0 [ 24.523385] __kmalloc_cache_noprof+0x189/0x420 [ 24.523545] kmalloc_memmove_invalid_size+0xac/0x330 [ 24.523744] kunit_try_run_case+0x1a5/0x480 [ 24.523944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.524239] kthread+0x337/0x6f0 [ 24.524434] ret_from_fork+0x116/0x1d0 [ 24.524585] ret_from_fork_asm+0x1a/0x30 [ 24.524786] [ 24.524852] The buggy address belongs to the object at ffff88810510bb80 [ 24.524852] which belongs to the cache kmalloc-64 of size 64 [ 24.525328] The buggy address is located 4 bytes inside of [ 24.525328] allocated 64-byte region [ffff88810510bb80, ffff88810510bbc0) [ 24.525749] [ 24.525842] The buggy address belongs to the physical page: [ 24.526105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10510b [ 24.526397] flags: 0x200000000000000(node=0|zone=2) [ 24.526632] page_type: f5(slab) [ 24.527258] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.527560] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.528016] page dumped because: kasan: bad access detected [ 24.528221] [ 24.528306] Memory state around the buggy address: [ 24.528543] ffff88810510ba80: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.528857] ffff88810510bb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.529225] >ffff88810510bb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.529532] ^ [ 24.529797] ffff88810510bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.530163] ffff88810510bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.530477] ==================================================================