Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.784517] ================================================================== [ 26.795062] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 26.802958] Read of size 64 at addr ffff000803afaa04 by task kunit_try_catch/231 [ 26.810335] [ 26.811821] CPU: 2 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 26.811877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.811895] Hardware name: WinLink E850-96 board (DT) [ 26.811917] Call trace: [ 26.811929] show_stack+0x20/0x38 (C) [ 26.811965] dump_stack_lvl+0x8c/0xd0 [ 26.811999] print_report+0x118/0x608 [ 26.812033] kasan_report+0xdc/0x128 [ 26.812063] kasan_check_range+0x100/0x1a8 [ 26.812096] __asan_memmove+0x3c/0x98 [ 26.812126] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 26.812161] kunit_try_run_case+0x170/0x3f0 [ 26.812196] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.812235] kthread+0x328/0x630 [ 26.812268] ret_from_fork+0x10/0x20 [ 26.812301] [ 26.878475] Allocated by task 231: [ 26.881864] kasan_save_stack+0x3c/0x68 [ 26.885679] kasan_save_track+0x20/0x40 [ 26.889500] kasan_save_alloc_info+0x40/0x58 [ 26.893752] __kasan_kmalloc+0xd4/0xd8 [ 26.897485] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.902000] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 26.906947] kunit_try_run_case+0x170/0x3f0 [ 26.911113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.916582] kthread+0x328/0x630 [ 26.919794] ret_from_fork+0x10/0x20 [ 26.923353] [ 26.924830] The buggy address belongs to the object at ffff000803afaa00 [ 26.924830] which belongs to the cache kmalloc-64 of size 64 [ 26.937158] The buggy address is located 4 bytes inside of [ 26.937158] allocated 64-byte region [ffff000803afaa00, ffff000803afaa40) [ 26.949481] [ 26.950959] The buggy address belongs to the physical page: [ 26.956517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883afa [ 26.964500] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.971010] page_type: f5(slab) [ 26.974148] raw: 0bfffe0000000000 ffff0008000028c0 dead000000000122 0000000000000000 [ 26.981867] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.989586] page dumped because: kasan: bad access detected [ 26.995140] [ 26.996615] Memory state around the buggy address: [ 27.001397] ffff000803afa900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.008598] ffff000803afa980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.015804] >ffff000803afaa00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 27.023004] ^ [ 27.028303] ffff000803afaa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.035507] ffff000803afab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.042710] ==================================================================
[ 15.646689] ================================================================== [ 15.646750] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 15.647077] Read of size 64 at addr fff00000c636b584 by task kunit_try_catch/187 [ 15.647226] [ 15.647263] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.647446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.647513] Hardware name: linux,dummy-virt (DT) [ 15.647643] Call trace: [ 15.647668] show_stack+0x20/0x38 (C) [ 15.648037] dump_stack_lvl+0x8c/0xd0 [ 15.648129] print_report+0x118/0x608 [ 15.648366] kasan_report+0xdc/0x128 [ 15.648549] kasan_check_range+0x100/0x1a8 [ 15.648794] __asan_memmove+0x3c/0x98 [ 15.648842] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 15.649028] kunit_try_run_case+0x170/0x3f0 [ 15.649150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.649214] kthread+0x328/0x630 [ 15.649442] ret_from_fork+0x10/0x20 [ 15.649593] [ 15.649683] Allocated by task 187: [ 15.649773] kasan_save_stack+0x3c/0x68 [ 15.649912] kasan_save_track+0x20/0x40 [ 15.649976] kasan_save_alloc_info+0x40/0x58 [ 15.650045] __kasan_kmalloc+0xd4/0xd8 [ 15.650321] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.650505] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 15.650680] kunit_try_run_case+0x170/0x3f0 [ 15.650754] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.650845] kthread+0x328/0x630 [ 15.650897] ret_from_fork+0x10/0x20 [ 15.651147] [ 15.651356] The buggy address belongs to the object at fff00000c636b580 [ 15.651356] which belongs to the cache kmalloc-64 of size 64 [ 15.651574] The buggy address is located 4 bytes inside of [ 15.651574] allocated 64-byte region [fff00000c636b580, fff00000c636b5c0) [ 15.651688] [ 15.651770] The buggy address belongs to the physical page: [ 15.651827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636b [ 15.651920] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.652139] page_type: f5(slab) [ 15.652201] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 15.652260] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.652299] page dumped because: kasan: bad access detected [ 15.652359] [ 15.652484] Memory state around the buggy address: [ 15.652574] fff00000c636b480: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 15.652756] fff00000c636b500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.652926] >fff00000c636b580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 15.652974] ^ [ 15.653033] fff00000c636b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.653076] fff00000c636b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.653111] ==================================================================
[ 14.523745] ================================================================== [ 14.524239] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 14.525006] Read of size 64 at addr ffff8881025fcc04 by task kunit_try_catch/203 [ 14.526564] [ 14.526877] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 14.527019] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.527050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.527109] Call Trace: [ 14.527142] <TASK> [ 14.527247] dump_stack_lvl+0x73/0xb0 [ 14.527315] print_report+0xd1/0x650 [ 14.527373] ? __virt_addr_valid+0x1db/0x2d0 [ 14.527413] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 14.527448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.527484] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 14.527517] kasan_report+0x141/0x180 [ 14.527554] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 14.527598] kasan_check_range+0x10c/0x1c0 [ 14.527632] __asan_memmove+0x27/0x70 [ 14.527661] kmalloc_memmove_invalid_size+0x16f/0x330 [ 14.527684] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 14.527708] ? __schedule+0x10cc/0x2b60 [ 14.527734] ? __pfx_read_tsc+0x10/0x10 [ 14.527756] ? ktime_get_ts64+0x86/0x230 [ 14.527786] kunit_try_run_case+0x1a5/0x480 [ 14.527816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.527839] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.527866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.527891] ? __kthread_parkme+0x82/0x180 [ 14.527916] ? preempt_count_sub+0x50/0x80 [ 14.527944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.527969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.527994] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.528019] kthread+0x337/0x6f0 [ 14.528038] ? trace_preempt_on+0x20/0xc0 [ 14.528066] ? __pfx_kthread+0x10/0x10 [ 14.528095] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.528120] ? calculate_sigpending+0x7b/0xa0 [ 14.528144] ? __pfx_kthread+0x10/0x10 [ 14.528164] ret_from_fork+0x41/0x80 [ 14.528186] ? __pfx_kthread+0x10/0x10 [ 14.528210] ret_from_fork_asm+0x1a/0x30 [ 14.528263] </TASK> [ 14.528283] [ 14.542438] Allocated by task 203: [ 14.542686] kasan_save_stack+0x45/0x70 [ 14.543182] kasan_save_track+0x18/0x40 [ 14.543607] kasan_save_alloc_info+0x3b/0x50 [ 14.544015] __kasan_kmalloc+0xb7/0xc0 [ 14.544676] __kmalloc_cache_noprof+0x189/0x420 [ 14.545120] kmalloc_memmove_invalid_size+0xac/0x330 [ 14.545752] kunit_try_run_case+0x1a5/0x480 [ 14.546107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.546815] kthread+0x337/0x6f0 [ 14.547104] ret_from_fork+0x41/0x80 [ 14.547740] ret_from_fork_asm+0x1a/0x30 [ 14.547940] [ 14.548439] The buggy address belongs to the object at ffff8881025fcc00 [ 14.548439] which belongs to the cache kmalloc-64 of size 64 [ 14.549702] The buggy address is located 4 bytes inside of [ 14.549702] allocated 64-byte region [ffff8881025fcc00, ffff8881025fcc40) [ 14.550010] [ 14.550514] The buggy address belongs to the physical page: [ 14.551041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025fc [ 14.552024] flags: 0x200000000000000(node=0|zone=2) [ 14.552679] page_type: f5(slab) [ 14.552885] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.553630] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.554281] page dumped because: kasan: bad access detected [ 14.554809] [ 14.554933] Memory state around the buggy address: [ 14.555449] ffff8881025fcb00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.555722] ffff8881025fcb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.556763] >ffff8881025fcc00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 14.557024] ^ [ 14.557714] ffff8881025fcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.558616] ffff8881025fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.559415] ==================================================================