Hay
Sign in
Date
June 2, 2025, 2:13 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   18.928119] ==================================================================
[   18.928805] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0
[   18.929822] Read of size 18446744073709551614 at addr fff00000c65a7d84 by task kunit_try_catch/170
[   18.931174] 
[   18.931847] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.931997] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.932064] Hardware name: linux,dummy-virt (DT)
[   18.932228] Call trace:
[   18.932306]  show_stack+0x20/0x38 (C)
[   18.932411]  dump_stack_lvl+0x8c/0xd0
[   18.932467]  print_report+0x118/0x608
[   18.932521]  kasan_report+0xdc/0x128
[   18.932572]  kasan_check_range+0x100/0x1a8
[   18.932621]  __asan_memmove+0x3c/0x98
[   18.932669]  kmalloc_memmove_negative_size+0x154/0x2e0
[   18.932723]  kunit_try_run_case+0x170/0x3f0
[   18.932776]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.932831]  kthread+0x318/0x620
[   18.932881]  ret_from_fork+0x10/0x20
[   18.932936] 
[   18.938170] Allocated by task 170:
[   18.938757]  kasan_save_stack+0x3c/0x68
[   18.939294]  kasan_save_track+0x20/0x40
[   18.939774]  kasan_save_alloc_info+0x40/0x58
[   18.940415]  __kasan_kmalloc+0xd4/0xd8
[   18.940946]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.941582]  kmalloc_memmove_negative_size+0xb0/0x2e0
[   18.942417]  kunit_try_run_case+0x170/0x3f0
[   18.942822]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.943627]  kthread+0x318/0x620
[   18.944183]  ret_from_fork+0x10/0x20
[   18.944710] 
[   18.945104] The buggy address belongs to the object at fff00000c65a7d80
[   18.945104]  which belongs to the cache kmalloc-64 of size 64
[   18.947088] The buggy address is located 4 bytes inside of
[   18.947088]  64-byte region [fff00000c65a7d80, fff00000c65a7dc0)
[   18.948255] 
[   18.948518] The buggy address belongs to the physical page:
[   18.948843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a7
[   18.949706] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.950372] page_type: f5(slab)
[   18.950769] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   18.951353] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   18.951907] page dumped because: kasan: bad access detected
[   18.952959] 
[   18.953400] Memory state around the buggy address:
[   18.953697]  fff00000c65a7c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   18.954748]  fff00000c65a7d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   18.955283] >fff00000c65a7d80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   18.955788]                    ^
[   18.956640]  fff00000c65a7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.956899]  fff00000c65a7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.957108] ==================================================================
Metadata Full log Test run details 

[   12.888393] ==================================================================
[   12.888926] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x172/0x330
[   12.889336] Read of size 18446744073709551614 at addr ffff888101bdcc04 by task kunit_try_catch/188
[   12.889716] 
[   12.889816] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.889855] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.889866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.889885] Call Trace:
[   12.889897]  <TASK>
[   12.889911]  dump_stack_lvl+0x73/0xb0
[   12.889936]  print_report+0xd1/0x650
[   12.889958]  ? __virt_addr_valid+0x1db/0x2d0
[   12.889980]  ? kmalloc_memmove_negative_size+0x172/0x330
[   12.890003]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.890049]  ? kmalloc_memmove_negative_size+0x172/0x330
[   12.890090]  kasan_report+0x140/0x180
[   12.890111]  ? kmalloc_memmove_negative_size+0x172/0x330
[   12.890139]  kasan_check_range+0x10c/0x1c0
[   12.890161]  __asan_memmove+0x27/0x70
[   12.890183]  kmalloc_memmove_negative_size+0x172/0x330
[   12.890206]  ? __pfx_kmalloc_memmove_negative_size+0x10/0x10
[   12.890232]  ? __pfx_kmalloc_memmove_negative_size+0x10/0x10
[   12.890259]  kunit_try_run_case+0x1a6/0x480
[   12.890282]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.890303]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.890326]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.890349]  ? __kthread_parkme+0x82/0x160
[   12.890371]  ? preempt_count_sub+0x50/0x80
[   12.890395]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.890417]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.890442]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.890467]  kthread+0x324/0x6e0
[   12.890487]  ? trace_preempt_on+0x20/0xc0
[   12.890510]  ? __pfx_kthread+0x10/0x10
[   12.890531]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.890552]  ? calculate_sigpending+0x7b/0xa0
[   12.890573]  ? __pfx_kthread+0x10/0x10
[   12.890595]  ret_from_fork+0x41/0x80
[   12.890613]  ? __pfx_kthread+0x10/0x10
[   12.890635]  ret_from_fork_asm+0x1a/0x30
[   12.890665]  </TASK>
[   12.890675] 
[   12.899046] Allocated by task 188:
[   12.899237]  kasan_save_stack+0x45/0x70
[   12.899427]  kasan_save_track+0x18/0x40
[   12.899585]  kasan_save_alloc_info+0x3b/0x50
[   12.899834]  __kasan_kmalloc+0xb7/0xc0
[   12.900052]  __kmalloc_cache_noprof+0x18a/0x420
[   12.900242]  kmalloc_memmove_negative_size+0xad/0x330
[   12.900474]  kunit_try_run_case+0x1a6/0x480
[   12.900665]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.900841]  kthread+0x324/0x6e0
[   12.901008]  ret_from_fork+0x41/0x80
[   12.901304]  ret_from_fork_asm+0x1a/0x30
[   12.901490] 
[   12.901561] The buggy address belongs to the object at ffff888101bdcc00
[   12.901561]  which belongs to the cache kmalloc-64 of size 64
[   12.901993] The buggy address is located 4 bytes inside of
[   12.901993]  64-byte region [ffff888101bdcc00, ffff888101bdcc40)
[   12.902529] 
[   12.902651] The buggy address belongs to the physical page:
[   12.902880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bdc
[   12.903185] flags: 0x200000000000000(node=0|zone=2)
[   12.903379] page_type: f5(slab)
[   12.903547] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   12.903883] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   12.904206] page dumped because: kasan: bad access detected
[   12.904406] 
[   12.904497] Memory state around the buggy address:
[   12.904809]  ffff888101bdcb00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc
[   12.905094]  ffff888101bdcb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.905365] >ffff888101bdcc00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   12.905686]                    ^
[   12.905805]  ffff888101bdcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.906094]  ffff888101bdcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.906302] ==================================================================
Metadata Full log Test run details