Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.806804] ================================================================== [ 105.807684] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xe4/0x1fc [ 105.808412] Read of size 18446744073709551614 at addr ffff0000c66f6504 by task kunit_try_catch/225 [ 105.809775] [ 105.810007] CPU: 1 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.810767] Hardware name: linux,dummy-virt (DT) [ 105.811190] Call trace: [ 105.811465] dump_backtrace+0xe0/0x134 [ 105.811931] show_stack+0x20/0x2c [ 105.812339] dump_stack_lvl+0x88/0xb4 [ 105.812780] print_report+0x158/0x44c [ 105.813195] kasan_report+0xc8/0x180 [ 105.813588] kasan_check_range+0xe4/0x190 [ 105.814036] memmove+0x44/0xc0 [ 105.814421] kmalloc_memmove_negative_size+0xe4/0x1fc [ 105.815300] kunit_try_run_case+0x8c/0x124 [ 105.815783] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.816361] kthread+0x15c/0x170 [ 105.817114] ret_from_fork+0x10/0x20 [ 105.817545] [ 105.817734] Allocated by task 225: [ 105.818100] kasan_save_stack+0x3c/0x70 [ 105.818565] kasan_set_track+0x2c/0x40 [ 105.818981] kasan_save_alloc_info+0x24/0x34 [ 105.819438] __kasan_kmalloc+0xd4/0xe0 [ 105.819900] kmalloc_trace+0x8c/0x150 [ 105.820324] kmalloc_memmove_negative_size+0xa0/0x1fc [ 105.821225] kunit_try_run_case+0x8c/0x124 [ 105.821668] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.822249] kthread+0x15c/0x170 [ 105.822675] ret_from_fork+0x10/0x20 [ 105.823119] [ 105.823304] The buggy address belongs to the object at ffff0000c66f6500 [ 105.823304] which belongs to the cache kmalloc-128 of size 128 [ 105.824251] The buggy address is located 4 bytes inside of [ 105.824251] 128-byte region [ffff0000c66f6500, ffff0000c66f6580) [ 105.825528] [ 105.825762] The buggy address belongs to the physical page: [ 105.826243] page:000000008cb3a959 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066f6 [ 105.827031] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.827708] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.828364] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.829007] page dumped because: kasan: bad access detected [ 105.829488] [ 105.829683] Memory state around the buggy address: [ 105.830124] ffff0000c66f6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 105.831121] ffff0000c66f6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.831730] >ffff0000c66f6500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 105.832332] ^ [ 105.833055] ffff0000c66f6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.833659] ffff0000c66f6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.834267] ==================================================================
[ 75.560813] ================================================================== [ 75.561579] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xb4/0x164 [ 75.562650] Read of size 18446744073709551614 at addr ffff0000c5a76f04 by task kunit_try_catch/141 [ 75.563279] [ 75.563477] CPU: 0 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.564112] Hardware name: linux,dummy-virt (DT) [ 75.564573] Call trace: [ 75.565272] dump_backtrace+0xf8/0x118 [ 75.565779] show_stack+0x18/0x24 [ 75.566215] __dump_stack+0x28/0x38 [ 75.566615] dump_stack_lvl+0x54/0x6c [ 75.567065] print_address_description+0x7c/0x1ec [ 75.567587] print_report+0x50/0x68 [ 75.568037] kasan_report+0xac/0x100 [ 75.568515] kasan_check_range+0x260/0x2a0 [ 75.569043] memmove+0x48/0x90 [ 75.569447] kmalloc_memmove_negative_size+0xb4/0x164 [ 75.569979] kunit_try_run_case+0x80/0x184 [ 75.570442] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.571494] kthread+0x16c/0x21c [ 75.571937] ret_from_fork+0x10/0x20 [ 75.572388] [ 75.572573] Allocated by task 141: [ 75.573144] kasan_set_track+0x4c/0x80 [ 75.573650] kasan_save_alloc_info+0x28/0x34 [ 75.574149] __kasan_kmalloc+0x88/0xa0 [ 75.574589] kmalloc_trace+0x54/0x68 [ 75.575038] kmalloc_memmove_negative_size+0x48/0x164 [ 75.575585] kunit_try_run_case+0x80/0x184 [ 75.576039] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.577079] kthread+0x16c/0x21c [ 75.577512] ret_from_fork+0x10/0x20 [ 75.577955] [ 75.578145] The buggy address belongs to the object at ffff0000c5a76f00 [ 75.578145] which belongs to the cache kmalloc-128 of size 128 [ 75.579105] The buggy address is located 4 bytes inside of [ 75.579105] 128-byte region [ffff0000c5a76f00, ffff0000c5a76f80) [ 75.580023] [ 75.580252] The buggy address belongs to the physical page: [ 75.580700] page:00000000e5b61371 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a76 [ 75.581709] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.582394] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.583067] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.583652] page dumped because: kasan: bad access detected [ 75.584142] [ 75.584359] Memory state around the buggy address: [ 75.585281] ffff0000c5a76e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.585901] ffff0000c5a76e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.586524] >ffff0000c5a76f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 75.587140] ^ [ 75.587489] ffff0000c5a76f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.588129] ffff0000c5a77000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.589072] ==================================================================
[ 74.598943] ================================================================== [ 74.599692] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xb4/0x164 [ 74.601381] Read of size 18446744073709551614 at addr ffff0000c5a09e04 by task kunit_try_catch/141 [ 74.602954] [ 74.603415] CPU: 0 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.604690] Hardware name: linux,dummy-virt (DT) [ 74.605058] Call trace: [ 74.605294] dump_backtrace+0xf4/0x114 [ 74.605728] show_stack+0x18/0x24 [ 74.606700] __dump_stack+0x28/0x38 [ 74.607531] dump_stack_lvl+0x50/0x68 [ 74.608465] print_address_description+0x7c/0x1ec [ 74.609575] print_report+0x50/0x68 [ 74.610333] kasan_report+0xac/0xfc [ 74.611164] kasan_check_range+0x258/0x290 [ 74.612130] memmove+0x48/0x90 [ 74.613012] kmalloc_memmove_negative_size+0xb4/0x164 [ 74.613925] kunit_try_run_case+0x80/0x184 [ 74.614849] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.616170] kthread+0x16c/0x21c [ 74.616939] ret_from_fork+0x10/0x20 [ 74.617906] [ 74.618393] Allocated by task 141: [ 74.618825] kasan_set_track+0x4c/0x80 [ 74.619254] kasan_save_alloc_info+0x28/0x34 [ 74.619871] __kasan_kmalloc+0x88/0xa0 [ 74.620706] kmalloc_trace+0x54/0x68 [ 74.621610] kmalloc_memmove_negative_size+0x48/0x164 [ 74.622704] kunit_try_run_case+0x80/0x184 [ 74.623609] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.624776] kthread+0x16c/0x21c [ 74.625587] ret_from_fork+0x10/0x20 [ 74.626456] [ 74.626893] The buggy address belongs to the object at ffff0000c5a09e00 [ 74.626893] which belongs to the cache kmalloc-128 of size 128 [ 74.628829] The buggy address is located 4 bytes inside of [ 74.628829] 128-byte region [ffff0000c5a09e00, ffff0000c5a09e80) [ 74.630092] [ 74.630288] The buggy address belongs to the physical page: [ 74.630658] page:000000009f2754ee refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a09 [ 74.631886] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.633198] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.634207] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.635136] page dumped because: kasan: bad access detected [ 74.635899] [ 74.636205] Memory state around the buggy address: [ 74.636990] ffff0000c5a09d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.637569] ffff0000c5a09d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.638078] >ffff0000c5a09e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 74.638545] ^ [ 74.638862] ffff0000c5a09e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.639504] ffff0000c5a09f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.640092] ==================================================================
[ 73.193216] ================================================================== [ 73.194866] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xdc/0x1f0 [ 73.196478] Read of size 18446744073709551614 at addr ffff0000c589d304 by task kunit_try_catch/141 [ 73.197747] [ 73.197951] CPU: 1 PID: 141 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.199055] Hardware name: linux,dummy-virt (DT) [ 73.199843] Call trace: [ 73.200472] dump_backtrace.part.0+0xdc/0xf0 [ 73.201571] show_stack+0x18/0x30 [ 73.202177] dump_stack_lvl+0x64/0x80 [ 73.202648] print_report+0x158/0x438 [ 73.203091] kasan_report+0xb4/0xf4 [ 73.203533] kasan_check_range+0xe4/0x190 [ 73.203982] memmove+0x44/0xc0 [ 73.204361] kmalloc_memmove_negative_size+0xdc/0x1f0 [ 73.205425] kunit_try_run_case+0x84/0x120 [ 73.205861] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.206747] kthread+0x180/0x190 [ 73.207134] ret_from_fork+0x10/0x20 [ 73.207567] [ 73.207755] Allocated by task 141: [ 73.208076] kasan_save_stack+0x3c/0x70 [ 73.208514] kasan_set_track+0x2c/0x40 [ 73.208942] kasan_save_alloc_info+0x24/0x34 [ 73.209386] __kasan_kmalloc+0xb8/0xc0 [ 73.210373] kmalloc_trace+0x58/0x6c [ 73.210790] kmalloc_memmove_negative_size+0x98/0x1f0 [ 73.211336] kunit_try_run_case+0x84/0x120 [ 73.211812] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.212342] kthread+0x180/0x190 [ 73.212713] ret_from_fork+0x10/0x20 [ 73.213113] [ 73.213318] The buggy address belongs to the object at ffff0000c589d300 [ 73.213318] which belongs to the cache kmalloc-128 of size 128 [ 73.214420] The buggy address is located 4 bytes inside of [ 73.214420] 128-byte region [ffff0000c589d300, ffff0000c589d380) [ 73.215324] [ 73.215517] The buggy address belongs to the physical page: [ 73.216054] page:00000000b8b1210d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10589d [ 73.217018] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.217712] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.218850] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.219444] page dumped because: kasan: bad access detected [ 73.219900] [ 73.220098] Memory state around the buggy address: [ 73.220523] ffff0000c589d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.221105] ffff0000c589d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.221724] >ffff0000c589d300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 73.222565] ^ [ 73.222913] ffff0000c589d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.223512] ffff0000c589d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.224066] ==================================================================
[ 64.720376] ================================================================== [ 64.721164] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xf0/0x1f8 [ 64.722433] Read of size 18446744073709551614 at addr ffff0000c59aaa04 by task kunit_try_catch/139 [ 64.723001] [ 64.723176] CPU: 1 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.724157] Hardware name: linux,dummy-virt (DT) [ 64.724715] Call trace: [ 64.725062] dump_backtrace+0x110/0x120 [ 64.726286] show_stack+0x18/0x28 [ 64.726770] dump_stack_lvl+0x68/0x84 [ 64.727272] print_report+0x158/0x484 [ 64.727708] kasan_report+0x98/0xe0 [ 64.728075] kasan_check_range+0x160/0x1d8 [ 64.728668] memmove+0x44/0xb0 [ 64.729091] kmalloc_memmove_negative_size+0xf0/0x1f8 [ 64.729805] kunit_try_run_case+0x7c/0x120 [ 64.730334] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.730940] kthread+0x1a4/0x1b8 [ 64.731291] ret_from_fork+0x10/0x20 [ 64.731706] [ 64.731873] Allocated by task 139: [ 64.732161] kasan_save_stack+0x2c/0x58 [ 64.732561] kasan_set_track+0x2c/0x40 [ 64.732888] kasan_save_alloc_info+0x24/0x38 [ 64.733334] __kasan_kmalloc+0xa0/0xb8 [ 64.733730] kmalloc_trace+0x50/0x68 [ 64.734059] kmalloc_memmove_negative_size+0xa8/0x1f8 [ 64.734547] kunit_try_run_case+0x7c/0x120 [ 64.734994] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.735506] kthread+0x1a4/0x1b8 [ 64.735855] ret_from_fork+0x10/0x20 [ 64.736212] [ 64.736437] The buggy address belongs to the object at ffff0000c59aaa00 [ 64.736437] which belongs to the cache kmalloc-128 of size 128 [ 64.737261] The buggy address is located 4 bytes inside of [ 64.737261] 128-byte region [ffff0000c59aaa00, ffff0000c59aaa80) [ 64.738160] [ 64.738371] The buggy address belongs to the physical page: [ 64.738849] page:000000007750314d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa [ 64.739707] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.740311] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.740937] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.741504] page dumped because: kasan: bad access detected [ 64.741944] [ 64.742192] Memory state around the buggy address: [ 64.742650] ffff0000c59aa900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.743252] ffff0000c59aa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.743853] >ffff0000c59aaa00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 64.744526] ^ [ 64.744819] ffff0000c59aaa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.745359] ffff0000c59aab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.745994] ==================================================================
[ 31.014512] ================================================================== [ 31.015634] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.016058] Read of size 18446744073709551614 at addr ffff8881030dcc04 by task kunit_try_catch/245 [ 31.016903] [ 31.017107] CPU: 1 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.018074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.019013] Call Trace: [ 31.019352] <TASK> [ 31.019475] dump_stack_lvl+0x49/0x62 [ 31.019675] print_report+0x189/0x492 [ 31.019857] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.020077] ? kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.020398] kasan_report+0x10c/0x190 [ 31.020596] ? kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.021074] kasan_check_range+0x10b/0x1c0 [ 31.021359] memmove+0x23/0x70 [ 31.021575] kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.021948] ? kmalloc_memmove_invalid_size+0x1e0/0x1e0 [ 31.022251] ? __kunit_add_resource+0xd1/0x100 [ 31.022581] kunit_try_run_case+0x8f/0xd0 [ 31.022846] ? kunit_catch_run_case+0x80/0x80 [ 31.023078] ? kunit_try_catch_throw+0x40/0x40 [ 31.023439] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.023743] kthread+0x17b/0x1b0 [ 31.023952] ? kthread_complete_and_exit+0x30/0x30 [ 31.024182] ret_from_fork+0x22/0x30 [ 31.024523] </TASK> [ 31.024657] [ 31.024754] Allocated by task 245: [ 31.024955] kasan_save_stack+0x41/0x70 [ 31.025206] kasan_set_track+0x25/0x40 [ 31.025749] kasan_save_alloc_info+0x1e/0x30 [ 31.025969] __kasan_kmalloc+0xb6/0xc0 [ 31.026213] kmalloc_trace+0x48/0xb0 [ 31.026410] kmalloc_memmove_negative_size+0x9b/0x1e0 [ 31.026788] kunit_try_run_case+0x8f/0xd0 [ 31.027038] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.027442] kthread+0x17b/0x1b0 [ 31.027650] ret_from_fork+0x22/0x30 [ 31.027842] [ 31.027956] The buggy address belongs to the object at ffff8881030dcc00 [ 31.027956] which belongs to the cache kmalloc-64 of size 64 [ 31.028576] The buggy address is located 4 bytes inside of [ 31.028576] 64-byte region [ffff8881030dcc00, ffff8881030dcc40) [ 31.029088] [ 31.029214] The buggy address belongs to the physical page: [ 31.029575] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030dc [ 31.029986] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.030352] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041640 [ 31.030707] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.031034] page dumped because: kasan: bad access detected [ 31.031625] [ 31.031745] Memory state around the buggy address: [ 31.031999] ffff8881030dcb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.032425] ffff8881030dcb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.032756] >ffff8881030dcc00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.033085] ^ [ 31.033263] ffff8881030dcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.033694] ffff8881030dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.034003] ==================================================================