Date
June 24, 2025, 12:47 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 24.015205] ================================================================== [ 24.015335] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 24.015495] Read of size 18446744073709551614 at addr fff00000c59e9b04 by task kunit_try_catch/182 [ 24.015691] [ 24.015772] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT [ 24.016013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.016114] Hardware name: linux,dummy-virt (DT) [ 24.016199] Call trace: [ 24.016263] show_stack+0x20/0x38 (C) [ 24.016581] dump_stack_lvl+0x8c/0xd0 [ 24.016770] print_report+0x118/0x608 [ 24.016985] kasan_report+0xdc/0x128 [ 24.017223] kasan_check_range+0x100/0x1a8 [ 24.017347] __asan_memmove+0x3c/0x98 [ 24.017498] kmalloc_memmove_negative_size+0x154/0x2e0 [ 24.017690] kunit_try_run_case+0x170/0x3f0 [ 24.017831] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.018025] kthread+0x328/0x630 [ 24.018157] ret_from_fork+0x10/0x20 [ 24.018289] [ 24.018334] Allocated by task 182: [ 24.018425] kasan_save_stack+0x3c/0x68 [ 24.018522] kasan_save_track+0x20/0x40 [ 24.018726] kasan_save_alloc_info+0x40/0x58 [ 24.018893] __kasan_kmalloc+0xd4/0xd8 [ 24.019168] __kmalloc_cache_noprof+0x16c/0x3c0 [ 24.019270] kmalloc_memmove_negative_size+0xb0/0x2e0 [ 24.019605] kunit_try_run_case+0x170/0x3f0 [ 24.020292] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.020439] kthread+0x328/0x630 [ 24.020573] ret_from_fork+0x10/0x20 [ 24.020709] [ 24.020758] The buggy address belongs to the object at fff00000c59e9b00 [ 24.020758] which belongs to the cache kmalloc-64 of size 64 [ 24.020923] The buggy address is located 4 bytes inside of [ 24.020923] 64-byte region [fff00000c59e9b00, fff00000c59e9b40) [ 24.021076] [ 24.021191] The buggy address belongs to the physical page: [ 24.021272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059e9 [ 24.021411] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.021573] page_type: f5(slab) [ 24.021670] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 24.022004] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.022117] page dumped because: kasan: bad access detected [ 24.022298] [ 24.022346] Memory state around the buggy address: [ 24.022449] fff00000c59e9a00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 24.022575] fff00000c59e9a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.022719] >fff00000c59e9b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.022861] ^ [ 24.022940] fff00000c59e9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.023074] fff00000c59e9c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.023184] ==================================================================
[ 11.943065] ================================================================== [ 11.943801] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.944666] Read of size 18446744073709551614 at addr ffff8881039db904 by task kunit_try_catch/200 [ 11.945452] [ 11.945739] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc2 #1 PREEMPT(voluntary) [ 11.945872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.945899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.945963] Call Trace: [ 11.945995] <TASK> [ 11.946032] dump_stack_lvl+0x73/0xb0 [ 11.946174] print_report+0xd1/0x650 [ 11.946231] ? __virt_addr_valid+0x1db/0x2d0 [ 11.946270] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.946474] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.946512] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.946584] kasan_report+0x141/0x180 [ 11.946612] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.946661] kasan_check_range+0x10c/0x1c0 [ 11.946682] __asan_memmove+0x27/0x70 [ 11.946702] kmalloc_memmove_negative_size+0x171/0x330 [ 11.946723] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.946744] ? __schedule+0x10cc/0x2b60 [ 11.946767] ? __pfx_read_tsc+0x10/0x10 [ 11.946788] ? ktime_get_ts64+0x86/0x230 [ 11.946814] kunit_try_run_case+0x1a5/0x480 [ 11.946839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.946860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.946884] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.946907] ? __kthread_parkme+0x82/0x180 [ 11.946929] ? preempt_count_sub+0x50/0x80 [ 11.946954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.946977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.946999] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.947021] kthread+0x337/0x6f0 [ 11.947038] ? trace_preempt_on+0x20/0xc0 [ 11.947060] ? __pfx_kthread+0x10/0x10 [ 11.947077] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.947097] ? calculate_sigpending+0x7b/0xa0 [ 11.947117] ? __pfx_kthread+0x10/0x10 [ 11.947134] ret_from_fork+0x41/0x80 [ 11.947153] ? __pfx_kthread+0x10/0x10 [ 11.947170] ret_from_fork_asm+0x1a/0x30 [ 11.947199] </TASK> [ 11.947212] [ 11.956441] Allocated by task 200: [ 11.956820] kasan_save_stack+0x45/0x70 [ 11.957156] kasan_save_track+0x18/0x40 [ 11.957589] kasan_save_alloc_info+0x3b/0x50 [ 11.957964] __kasan_kmalloc+0xb7/0xc0 [ 11.958271] __kmalloc_cache_noprof+0x189/0x420 [ 11.958720] kmalloc_memmove_negative_size+0xac/0x330 [ 11.958922] kunit_try_run_case+0x1a5/0x480 [ 11.959105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.959267] kthread+0x337/0x6f0 [ 11.959714] ret_from_fork+0x41/0x80 [ 11.959864] ret_from_fork_asm+0x1a/0x30 [ 11.960008] [ 11.960156] The buggy address belongs to the object at ffff8881039db900 [ 11.960156] which belongs to the cache kmalloc-64 of size 64 [ 11.961152] The buggy address is located 4 bytes inside of [ 11.961152] 64-byte region [ffff8881039db900, ffff8881039db940) [ 11.962022] [ 11.962206] The buggy address belongs to the physical page: [ 11.962661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039db [ 11.962943] flags: 0x200000000000000(node=0|zone=2) [ 11.963128] page_type: f5(slab) [ 11.963374] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.964141] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.964687] page dumped because: kasan: bad access detected [ 11.965056] [ 11.965208] Memory state around the buggy address: [ 11.965552] ffff8881039db800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.965913] ffff8881039db880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.966158] >ffff8881039db900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.966608] ^ [ 11.967468] ffff8881039db980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.968015] ffff8881039dba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.968605] ==================================================================