Date
July 15, 2025, 2:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 105.843045] ================================================================== [ 105.843980] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xe4/0x1e4 [ 105.844788] Read of size 64 at addr ffff0000c67cdf04 by task kunit_try_catch/226 [ 105.845347] [ 105.845601] CPU: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 105.846320] Hardware name: linux,dummy-virt (DT) [ 105.846719] Call trace: [ 105.847973] dump_backtrace+0xe0/0x134 [ 105.848422] show_stack+0x20/0x2c [ 105.849066] dump_stack_lvl+0x88/0xb4 [ 105.849516] print_report+0x158/0x44c [ 105.849954] kasan_report+0xc8/0x180 [ 105.850385] kasan_check_range+0xe4/0x190 [ 105.850838] memmove+0x44/0xc0 [ 105.851250] kmalloc_memmove_invalid_size+0xe4/0x1e4 [ 105.851809] kunit_try_run_case+0x8c/0x124 [ 105.852290] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.853063] kthread+0x15c/0x170 [ 105.853489] ret_from_fork+0x10/0x20 [ 105.853917] [ 105.854105] Allocated by task 226: [ 105.854467] kasan_save_stack+0x3c/0x70 [ 105.854937] kasan_set_track+0x2c/0x40 [ 105.855386] kasan_save_alloc_info+0x24/0x34 [ 105.855850] __kasan_kmalloc+0xd4/0xe0 [ 105.856299] kmalloc_trace+0x8c/0x150 [ 105.856905] kmalloc_memmove_invalid_size+0xa0/0x1e4 [ 105.857451] kunit_try_run_case+0x8c/0x124 [ 105.857931] kunit_generic_run_threadfn_adapter+0x38/0x54 [ 105.858491] kthread+0x15c/0x170 [ 105.858924] ret_from_fork+0x10/0x20 [ 105.859369] [ 105.859569] The buggy address belongs to the object at ffff0000c67cdf00 [ 105.859569] which belongs to the cache kmalloc-128 of size 128 [ 105.860479] The buggy address is located 4 bytes inside of [ 105.860479] 128-byte region [ffff0000c67cdf00, ffff0000c67cdf80) [ 105.861513] [ 105.861763] The buggy address belongs to the physical page: [ 105.862214] page:00000000e8cb511a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067cd [ 105.863703] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 105.864390] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 105.865241] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 105.865853] page dumped because: kasan: bad access detected [ 105.866366] [ 105.866564] Memory state around the buggy address: [ 105.867021] ffff0000c67cde00: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.867660] ffff0000c67cde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.868281] >ffff0000c67cdf00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 105.869074] ^ [ 105.869561] ffff0000c67cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.870204] ffff0000c67ce000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.870814] ==================================================================
[ 75.595895] ================================================================== [ 75.597068] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xb8/0x160 [ 75.597814] Read of size 64 at addr ffff0000c5a46804 by task kunit_try_catch/142 [ 75.598397] [ 75.598604] CPU: 1 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 75.599366] Hardware name: linux,dummy-virt (DT) [ 75.599804] Call trace: [ 75.600080] dump_backtrace+0xf8/0x118 [ 75.600574] show_stack+0x18/0x24 [ 75.601034] __dump_stack+0x28/0x38 [ 75.601511] dump_stack_lvl+0x54/0x6c [ 75.601973] print_address_description+0x7c/0x1ec [ 75.602502] print_report+0x50/0x68 [ 75.603151] kasan_report+0xac/0x100 [ 75.603604] kasan_check_range+0x260/0x2a0 [ 75.604108] memmove+0x48/0x90 [ 75.604499] kmalloc_memmove_invalid_size+0xb8/0x160 [ 75.605170] kunit_try_run_case+0x80/0x184 [ 75.605643] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.606210] kthread+0x16c/0x21c [ 75.606622] ret_from_fork+0x10/0x20 [ 75.607056] [ 75.607254] Allocated by task 142: [ 75.607613] kasan_set_track+0x4c/0x80 [ 75.608138] kasan_save_alloc_info+0x28/0x34 [ 75.608587] __kasan_kmalloc+0x88/0xa0 [ 75.609201] kmalloc_trace+0x54/0x68 [ 75.609608] kmalloc_memmove_invalid_size+0x48/0x160 [ 75.610180] kunit_try_run_case+0x80/0x184 [ 75.610625] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 75.611212] kthread+0x16c/0x21c [ 75.611616] ret_from_fork+0x10/0x20 [ 75.612019] [ 75.612238] The buggy address belongs to the object at ffff0000c5a46800 [ 75.612238] which belongs to the cache kmalloc-128 of size 128 [ 75.613460] The buggy address is located 4 bytes inside of [ 75.613460] 128-byte region [ffff0000c5a46800, ffff0000c5a46880) [ 75.614351] [ 75.614546] The buggy address belongs to the physical page: [ 75.614989] page:00000000e850444c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a46 [ 75.615807] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 75.616504] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 75.617711] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.618352] page dumped because: kasan: bad access detected [ 75.618850] [ 75.619054] Memory state around the buggy address: [ 75.619507] ffff0000c5a46700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.620151] ffff0000c5a46780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.620843] >ffff0000c5a46800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 75.621552] ^ [ 75.622059] ffff0000c5a46880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.622676] ffff0000c5a46900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.623244] ==================================================================
[ 74.643094] ================================================================== [ 74.644249] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xb8/0x160 [ 74.645201] Read of size 64 at addr ffff0000c5a09f04 by task kunit_try_catch/142 [ 74.645882] [ 74.646148] CPU: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 74.646919] Hardware name: linux,dummy-virt (DT) [ 74.647356] Call trace: [ 74.647653] dump_backtrace+0xf4/0x114 [ 74.648289] show_stack+0x18/0x24 [ 74.649189] __dump_stack+0x28/0x38 [ 74.649676] dump_stack_lvl+0x50/0x68 [ 74.650125] print_address_description+0x7c/0x1ec [ 74.650685] print_report+0x50/0x68 [ 74.651151] kasan_report+0xac/0xfc [ 74.651613] kasan_check_range+0x258/0x290 [ 74.652125] memmove+0x48/0x90 [ 74.652530] kmalloc_memmove_invalid_size+0xb8/0x160 [ 74.653060] kunit_try_run_case+0x80/0x184 [ 74.653595] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.654188] kthread+0x16c/0x21c [ 74.654623] ret_from_fork+0x10/0x20 [ 74.655063] [ 74.655255] Allocated by task 142: [ 74.655612] kasan_set_track+0x4c/0x80 [ 74.656106] kasan_save_alloc_info+0x28/0x34 [ 74.656592] __kasan_kmalloc+0x88/0xa0 [ 74.657057] kmalloc_trace+0x54/0x68 [ 74.657484] kmalloc_memmove_invalid_size+0x48/0x160 [ 74.658506] kunit_try_run_case+0x80/0x184 [ 74.659045] kunit_generic_run_threadfn_adapter+0x30/0x4c [ 74.659629] kthread+0x16c/0x21c [ 74.660090] ret_from_fork+0x10/0x20 [ 74.660546] [ 74.660748] The buggy address belongs to the object at ffff0000c5a09f00 [ 74.660748] which belongs to the cache kmalloc-128 of size 128 [ 74.661690] The buggy address is located 4 bytes inside of [ 74.661690] 128-byte region [ffff0000c5a09f00, ffff0000c5a09f80) [ 74.662638] [ 74.662884] The buggy address belongs to the physical page: [ 74.663326] page:000000009f2754ee refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a09 [ 74.664768] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 74.665478] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 74.666147] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 74.666784] page dumped because: kasan: bad access detected [ 74.667268] [ 74.667467] Memory state around the buggy address: [ 74.667913] ffff0000c5a09e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.668553] ffff0000c5a09e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.669194] >ffff0000c5a09f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 74.669933] ^ [ 74.670609] ffff0000c5a09f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.671493] ffff0000c5a0a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.673423] ==================================================================
[ 73.231542] ================================================================== [ 73.232300] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xdc/0x1e0 [ 73.232920] Read of size 64 at addr ffff0000c5915c04 by task kunit_try_catch/142 [ 73.233381] [ 73.234061] CPU: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 73.235807] Hardware name: linux,dummy-virt (DT) [ 73.236454] Call trace: [ 73.236866] dump_backtrace.part.0+0xdc/0xf0 [ 73.237591] show_stack+0x18/0x30 [ 73.238262] dump_stack_lvl+0x64/0x80 [ 73.238877] print_report+0x158/0x438 [ 73.239489] kasan_report+0xb4/0xf4 [ 73.240037] kasan_check_range+0xe4/0x190 [ 73.240649] memmove+0x44/0xc0 [ 73.241163] kmalloc_memmove_invalid_size+0xdc/0x1e0 [ 73.241960] kunit_try_run_case+0x84/0x120 [ 73.242635] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.243422] kthread+0x180/0x190 [ 73.243948] ret_from_fork+0x10/0x20 [ 73.244515] [ 73.244795] Allocated by task 142: [ 73.245270] kasan_save_stack+0x3c/0x70 [ 73.245905] kasan_set_track+0x2c/0x40 [ 73.246506] kasan_save_alloc_info+0x24/0x34 [ 73.247152] __kasan_kmalloc+0xb8/0xc0 [ 73.247715] kmalloc_trace+0x58/0x6c [ 73.248280] kmalloc_memmove_invalid_size+0x98/0x1e0 [ 73.248809] kunit_try_run_case+0x84/0x120 [ 73.249185] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 73.249865] kthread+0x180/0x190 [ 73.250248] ret_from_fork+0x10/0x20 [ 73.250808] [ 73.251083] The buggy address belongs to the object at ffff0000c5915c00 [ 73.251083] which belongs to the cache kmalloc-128 of size 128 [ 73.251917] The buggy address is located 4 bytes inside of [ 73.251917] 128-byte region [ffff0000c5915c00, ffff0000c5915c80) [ 73.252586] [ 73.252755] The buggy address belongs to the physical page: [ 73.253106] page:0000000033330a0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105915 [ 73.255194] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 73.256100] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 73.257327] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 73.258782] page dumped because: kasan: bad access detected [ 73.259157] [ 73.259325] Memory state around the buggy address: [ 73.259695] ffff0000c5915b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.260161] ffff0000c5915b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.261942] >ffff0000c5915c00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 73.263423] ^ [ 73.264313] ffff0000c5915c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.265588] ffff0000c5915d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.266952] ==================================================================
[ 64.748850] ================================================================== [ 64.750542] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xf0/0x1e8 [ 64.751929] Read of size 64 at addr ffff0000c58b8f04 by task kunit_try_catch/140 [ 64.753169] [ 64.753515] CPU: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 64.754613] Hardware name: linux,dummy-virt (DT) [ 64.755115] Call trace: [ 64.755336] dump_backtrace+0x110/0x120 [ 64.755700] show_stack+0x18/0x28 [ 64.756026] dump_stack_lvl+0x68/0x84 [ 64.756648] print_report+0x158/0x484 [ 64.757202] kasan_report+0x98/0xe0 [ 64.757838] kasan_check_range+0x160/0x1d8 [ 64.758527] memmove+0x44/0xb0 [ 64.759032] kmalloc_memmove_invalid_size+0xf0/0x1e8 [ 64.759744] kunit_try_run_case+0x7c/0x120 [ 64.760356] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.761089] kthread+0x1a4/0x1b8 [ 64.761609] ret_from_fork+0x10/0x20 [ 64.762199] [ 64.762481] Allocated by task 140: [ 64.762932] kasan_save_stack+0x2c/0x58 [ 64.763482] kasan_set_track+0x2c/0x40 [ 64.764028] kasan_save_alloc_info+0x24/0x38 [ 64.764651] __kasan_kmalloc+0xa0/0xb8 [ 64.765167] kmalloc_trace+0x50/0x68 [ 64.765737] kmalloc_memmove_invalid_size+0xa8/0x1e8 [ 64.766485] kunit_try_run_case+0x7c/0x120 [ 64.767150] kunit_generic_run_threadfn_adapter+0x30/0x50 [ 64.767914] kthread+0x1a4/0x1b8 [ 64.768414] ret_from_fork+0x10/0x20 [ 64.768932] [ 64.769199] The buggy address belongs to the object at ffff0000c58b8f00 [ 64.769199] which belongs to the cache kmalloc-128 of size 128 [ 64.770703] The buggy address is located 4 bytes inside of [ 64.770703] 128-byte region [ffff0000c58b8f00, ffff0000c58b8f80) [ 64.771501] [ 64.771662] The buggy address belongs to the physical page: [ 64.771987] page:0000000079d9b0ef refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058b8 [ 64.772509] flags: 0xbfffc0000000200(slab|node=0|zone=2|lastcpupid=0xffff) [ 64.772992] raw: 0bfffc0000000200 0000000000000000 dead000000000122 ffff0000c0002300 [ 64.773729] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 64.774168] page dumped because: kasan: bad access detected [ 64.774518] [ 64.774671] Memory state around the buggy address: [ 64.774984] ffff0000c58b8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.775529] ffff0000c58b8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.776157] >ffff0000c58b8f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 64.776716] ^ [ 64.777168] ffff0000c58b8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.777697] ffff0000c58b9000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.778437] ==================================================================
[ 31.037298] ================================================================== [ 31.037795] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.039270] Read of size 64 at addr ffff8881030dcc84 by task kunit_try_catch/246 [ 31.039874] [ 31.039991] CPU: 1 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.040402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.040859] Call Trace: [ 31.041035] <TASK> [ 31.041196] dump_stack_lvl+0x49/0x62 [ 31.041454] print_report+0x189/0x492 [ 31.041782] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.042138] ? kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.042586] kasan_report+0x10c/0x190 [ 31.042817] ? kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.043104] kasan_check_range+0x10b/0x1c0 [ 31.043597] memmove+0x23/0x70 [ 31.043852] kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.044125] ? kmem_cache_accounted+0x140/0x140 [ 31.044538] ? __kunit_add_resource+0xd1/0x100 [ 31.044838] kunit_try_run_case+0x8f/0xd0 [ 31.045104] ? kunit_catch_run_case+0x80/0x80 [ 31.045419] ? kunit_try_catch_throw+0x40/0x40 [ 31.045644] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.045950] kthread+0x17b/0x1b0 [ 31.046176] ? kthread_complete_and_exit+0x30/0x30 [ 31.046418] ret_from_fork+0x22/0x30 [ 31.046747] </TASK> [ 31.047083] [ 31.047368] Allocated by task 246: [ 31.047531] kasan_save_stack+0x41/0x70 [ 31.047961] kasan_set_track+0x25/0x40 [ 31.048420] kasan_save_alloc_info+0x1e/0x30 [ 31.048769] __kasan_kmalloc+0xb6/0xc0 [ 31.049109] kmalloc_trace+0x48/0xb0 [ 31.049445] kmalloc_memmove_invalid_size+0x9b/0x1e0 [ 31.049706] kunit_try_run_case+0x8f/0xd0 [ 31.049918] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.050223] kthread+0x17b/0x1b0 [ 31.050839] ret_from_fork+0x22/0x30 [ 31.051030] [ 31.051338] The buggy address belongs to the object at ffff8881030dcc80 [ 31.051338] which belongs to the cache kmalloc-64 of size 64 [ 31.052243] The buggy address is located 4 bytes inside of [ 31.052243] 64-byte region [ffff8881030dcc80, ffff8881030dccc0) [ 31.053177] [ 31.053448] The buggy address belongs to the physical page: [ 31.053846] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030dc [ 31.054345] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.054780] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041640 [ 31.055150] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.055522] page dumped because: kasan: bad access detected [ 31.055879] [ 31.056056] Memory state around the buggy address: [ 31.056320] ffff8881030dcb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.056613] ffff8881030dcc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.056956] >ffff8881030dcc80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.057311] ^ [ 31.057514] ffff8881030dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.057841] ffff8881030dcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.058169] ==================================================================