Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 179.838851] ================================================================== [ 179.840859] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xe0/0x1f8 [ 179.842494] Read of size 64 at addr ffff0000c600c884 by task kunit_try_catch/160 [ 179.844329] [ 179.844970] CPU: 1 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 179.847447] Hardware name: linux,dummy-virt (DT) [ 179.848333] Call trace: [ 179.849217] dump_backtrace+0x9c/0x128 [ 179.851062] show_stack+0x20/0x38 [ 179.852161] dump_stack_lvl+0x60/0xb0 [ 179.853603] print_report+0xf8/0x5d8 [ 179.854787] kasan_report+0xc8/0x118 [ 179.855907] kasan_check_range+0xe8/0x190 [ 179.857128] __asan_memmove+0x3c/0x98 [ 179.858511] kmalloc_memmove_invalid_size+0xe0/0x1f8 [ 179.859810] kunit_try_run_case+0xf8/0x260 [ 179.861069] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 179.862616] kthread+0x18c/0x1a8 [ 179.863418] ret_from_fork+0x10/0x20 [ 179.864688] [ 179.865461] Allocated by task 160: [ 179.866475] kasan_save_stack+0x3c/0x68 [ 179.867488] kasan_set_track+0x2c/0x40 [ 179.869797] kasan_save_alloc_info+0x24/0x38 [ 179.871031] __kasan_kmalloc+0xd4/0xd8 [ 179.872091] kmalloc_trace+0x68/0x130 [ 179.873431] kmalloc_memmove_invalid_size+0xa0/0x1f8 [ 179.874651] kunit_try_run_case+0xf8/0x260 [ 179.875843] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 179.877358] kthread+0x18c/0x1a8 [ 179.878704] ret_from_fork+0x10/0x20 [ 179.879800] [ 179.880339] The buggy address belongs to the object at ffff0000c600c880 [ 179.880339] which belongs to the cache kmalloc-64 of size 64 [ 179.882796] The buggy address is located 4 bytes inside of [ 179.882796] allocated 64-byte region [ffff0000c600c880, ffff0000c600c8c0) [ 179.885656] [ 179.886377] The buggy address belongs to the physical page: [ 179.887709] page:000000007a3032c1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10600c [ 179.889728] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff) [ 179.891404] page_type: 0xffffffff() [ 179.892463] raw: 0bfffc0000000800 ffff0000c0001640 dead000000000122 0000000000000000 [ 179.894622] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 179.896208] page dumped because: kasan: bad access detected [ 179.897448] [ 179.898023] Memory state around the buggy address: [ 179.899442] ffff0000c600c780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 179.900883] ffff0000c600c800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 179.902657] >ffff0000c600c880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 179.904220] ^ [ 179.906242] ffff0000c600c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 179.907492] ffff0000c600c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 179.909925] ==================================================================