lkft/linux-mainline-master - v6.16-rc1 - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size

Date

June 8, 2025, 11:09 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   28.548604] ==================================================================
[   28.558185] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0
[   28.565734] Read of size 18446744073709551614 at addr ffff000800c2e904 by task kunit_try_catch/227
[   28.574674] 
[   28.576161] CPU: 5 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   28.576214] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.576229] Hardware name: WinLink E850-96 board (DT)
[   28.576249] Call trace:
[   28.576264]  show_stack+0x20/0x38 (C)
[   28.576301]  dump_stack_lvl+0x8c/0xd0
[   28.576339]  print_report+0x118/0x608
[   28.576372]  kasan_report+0xdc/0x128
[   28.576403]  kasan_check_range+0x100/0x1a8
[   28.576439]  __asan_memmove+0x3c/0x98
[   28.576465]  kmalloc_memmove_negative_size+0x154/0x2e0
[   28.576499]  kunit_try_run_case+0x170/0x3f0
[   28.576535]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.576571]  kthread+0x328/0x630
[   28.576601]  ret_from_fork+0x10/0x20
[   28.576636] 
[   28.642901] Allocated by task 227:
[   28.646290]  kasan_save_stack+0x3c/0x68
[   28.650109]  kasan_save_track+0x20/0x40
[   28.653927]  kasan_save_alloc_info+0x40/0x58
[   28.658179]  __kasan_kmalloc+0xd4/0xd8
[   28.661913]  __kmalloc_cache_noprof+0x16c/0x3c0
[   28.666426]  kmalloc_memmove_negative_size+0xb0/0x2e0
[   28.671459]  kunit_try_run_case+0x170/0x3f0
[   28.675627]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   28.681097]  kthread+0x328/0x630
[   28.684307]  ret_from_fork+0x10/0x20
[   28.687866] 
[   28.689344] The buggy address belongs to the object at ffff000800c2e900
[   28.689344]  which belongs to the cache kmalloc-64 of size 64
[   28.701671] The buggy address is located 4 bytes inside of
[   28.701671]  64-byte region [ffff000800c2e900, ffff000800c2e940)
[   28.713126] 
[   28.714606] The buggy address belongs to the physical page:
[   28.720162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880c2e
[   28.728145] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   28.734656] page_type: f5(slab)
[   28.737793] raw: 0bfffe0000000000 ffff0008000028c0 dead000000000122 0000000000000000
[   28.745511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   28.753231] page dumped because: kasan: bad access detected
[   28.758785] 
[   28.760260] Memory state around the buggy address:
[   28.765042]  ffff000800c2e800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   28.772244]  ffff000800c2e880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   28.779448] >ffff000800c2e900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   28.786649]                    ^
[   28.789865]  ffff000800c2e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.797071]  ffff000800c2ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.804273] ==================================================================

Metadata Full log Test run details

[   25.481988] ==================================================================
[   25.483026] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0
[   25.483406] Read of size 18446744073709551614 at addr fff00000c6418084 by task kunit_try_catch/180
[   25.483599] 
[   25.483676] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   25.483868] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.483951] Hardware name: linux,dummy-virt (DT)
[   25.484029] Call trace:
[   25.484093]  show_stack+0x20/0x38 (C)
[   25.484252]  dump_stack_lvl+0x8c/0xd0
[   25.484567]  print_report+0x118/0x608
[   25.484688]  kasan_report+0xdc/0x128
[   25.484800]  kasan_check_range+0x100/0x1a8
[   25.484988]  __asan_memmove+0x3c/0x98
[   25.485160]  kmalloc_memmove_negative_size+0x154/0x2e0
[   25.485358]  kunit_try_run_case+0x170/0x3f0
[   25.485629]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.485786]  kthread+0x328/0x630
[   25.485924]  ret_from_fork+0x10/0x20
[   25.486435] 
[   25.486820] Allocated by task 180:
[   25.486915]  kasan_save_stack+0x3c/0x68
[   25.487317]  kasan_save_track+0x20/0x40
[   25.487426]  kasan_save_alloc_info+0x40/0x58
[   25.487807]  __kasan_kmalloc+0xd4/0xd8
[   25.488090]  __kmalloc_cache_noprof+0x16c/0x3c0
[   25.488216]  kmalloc_memmove_negative_size+0xb0/0x2e0
[   25.488691]  kunit_try_run_case+0x170/0x3f0
[   25.489354]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.489468]  kthread+0x328/0x630
[   25.489556]  ret_from_fork+0x10/0x20
[   25.491245] 
[   25.491743] The buggy address belongs to the object at fff00000c6418080
[   25.491743]  which belongs to the cache kmalloc-64 of size 64
[   25.492476] The buggy address is located 4 bytes inside of
[   25.492476]  64-byte region [fff00000c6418080, fff00000c64180c0)
[   25.493181] 
[   25.493255] The buggy address belongs to the physical page:
[   25.493366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106418
[   25.493715] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   25.493859] page_type: f5(slab)
[   25.494023] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   25.494214] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   25.494339] page dumped because: kasan: bad access detected
[   25.494552] 
[   25.494599] Memory state around the buggy address:
[   25.494670]  fff00000c6417f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.495638]  fff00000c6418000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   25.495800] >fff00000c6418080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   25.495901]                    ^
[   25.495991]  fff00000c6418100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.496140]  fff00000c6418180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.496309] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yFJa8MDv2TKZH7YEtxmNb0q7fa

job_id

TEST:linaro@lkft#2yFJfB7nqGGQ0BOO2Fr7r1DuNhN

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJfB7nqGGQ0BOO2Fr7r1DuNhN

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJbaP5mjK3Q4DY2od3U1h5Zql/Image.gz
sha256sum	e48c449af0245b84ea38e96b0c6b723dbc25142e5e781b9edd4c7d94ebdee581

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJbaP5mjK3Q4DY2od3U1h5Zql/modules.tar.xz
sha256sum	79b68a12222df4872b24c47a36ac8bbeddae8e3eaf3f47e0765853c296e40d78

durations

tests

boot	0
kunit	291.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.720407] ==================================================================
[   25.720541] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0
[   25.720653] Read of size 18446744073709551614 at addr fff00000c7742d04 by task kunit_try_catch/180
[   25.720853] 
[   25.720933] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   25.721425] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.721495] Hardware name: linux,dummy-virt (DT)
[   25.721575] Call trace:
[   25.721637]  show_stack+0x20/0x38 (C)
[   25.722120]  dump_stack_lvl+0x8c/0xd0
[   25.722261]  print_report+0x118/0x608
[   25.722386]  kasan_report+0xdc/0x128
[   25.722514]  kasan_check_range+0x100/0x1a8
[   25.722689]  __asan_memmove+0x3c/0x98
[   25.722808]  kmalloc_memmove_negative_size+0x154/0x2e0
[   25.723374]  kunit_try_run_case+0x170/0x3f0
[   25.723715]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.723997]  kthread+0x328/0x630
[   25.724225]  ret_from_fork+0x10/0x20
[   25.724356] 
[   25.724423] Allocated by task 180:
[   25.724563]  kasan_save_stack+0x3c/0x68
[   25.724668]  kasan_save_track+0x20/0x40
[   25.724763]  kasan_save_alloc_info+0x40/0x58
[   25.724894]  __kasan_kmalloc+0xd4/0xd8
[   25.725008]  __kmalloc_cache_noprof+0x16c/0x3c0
[   25.725515]  kmalloc_memmove_negative_size+0xb0/0x2e0
[   25.726099]  kunit_try_run_case+0x170/0x3f0
[   25.726339]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.726454]  kthread+0x328/0x630
[   25.726714]  ret_from_fork+0x10/0x20
[   25.726816] 
[   25.726884] The buggy address belongs to the object at fff00000c7742d00
[   25.726884]  which belongs to the cache kmalloc-64 of size 64
[   25.727312] The buggy address is located 4 bytes inside of
[   25.727312]  64-byte region [fff00000c7742d00, fff00000c7742d40)
[   25.727507] 
[   25.727557] The buggy address belongs to the physical page:
[   25.727629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107742
[   25.727769] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   25.728098] page_type: f5(slab)
[   25.728377] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   25.728599] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   25.728769] page dumped because: kasan: bad access detected
[   25.728945] 
[   25.728990] Memory state around the buggy address:
[   25.729066]  fff00000c7742c00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc
[   25.730097]  fff00000c7742c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   25.730232] >fff00000c7742d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   25.730442]                    ^
[   25.730637]  fff00000c7742d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.730810]  fff00000c7742e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.731169] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yFIyzTag0Ggqc7NC7MKm1oGAHs

job_id

TEST:linaro@lkft#2yFJ3eo3dWtn7gzN4VcfAWfYuEj

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJ3eo3dWtn7gzN4VcfAWfYuEj

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ0I1543Nxnik5n8pgc66MutA/Image.gz
sha256sum	889328485ce4e89d5eb8e5130490b4a2a590b3795ae0f0671929bdd85b74f546

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ0I1543Nxnik5n8pgc66MutA/modules.tar.xz
sha256sum	e39b0964aaeba30017e819e58cd9411178f00e934bf8ddd85903ea0ffe7ad361

durations

tests

boot	0
kunit	291.56

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   19.138865] ==================================================================
[   19.139905] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330
[   19.141536] Read of size 18446744073709551614 at addr ffff888102b89e04 by task kunit_try_catch/198
[   19.142722] 
[   19.143008] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT(voluntary) 
[   19.143133] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.143169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.143222] Call Trace:
[   19.143426]  <TASK>
[   19.143483]  dump_stack_lvl+0x73/0xb0
[   19.143717]  print_report+0xd1/0x650
[   19.143757]  ? __virt_addr_valid+0x1db/0x2d0
[   19.143793]  ? kmalloc_memmove_negative_size+0x171/0x330
[   19.143829]  ? kasan_complete_mode_report_info+0x2a/0x200
[   19.143860]  ? kmalloc_memmove_negative_size+0x171/0x330
[   19.143928]  kasan_report+0x141/0x180
[   19.143968]  ? kmalloc_memmove_negative_size+0x171/0x330
[   19.144012]  kasan_check_range+0x10c/0x1c0
[   19.144047]  __asan_memmove+0x27/0x70
[   19.144075]  kmalloc_memmove_negative_size+0x171/0x330
[   19.144111]  ? __pfx_kmalloc_memmove_negative_size+0x10/0x10
[   19.144151]  ? __pfx_kmalloc_memmove_negative_size+0x10/0x10
[   19.144193]  kunit_try_run_case+0x1a5/0x480
[   19.144253]  ? __pfx_kunit_try_run_case+0x10/0x10
[   19.144303]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   19.144341]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   19.144377]  ? __kthread_parkme+0x82/0x180
[   19.144406]  ? preempt_count_sub+0x50/0x80
[   19.144437]  ? __pfx_kunit_try_run_case+0x10/0x10
[   19.144474]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.144541]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   19.144867]  kthread+0x337/0x6f0
[   19.144902]  ? trace_preempt_on+0x20/0xc0
[   19.144939]  ? __pfx_kthread+0x10/0x10
[   19.144969]  ? _raw_spin_unlock_irq+0x47/0x80
[   19.145000]  ? calculate_sigpending+0x7b/0xa0
[   19.145035]  ? __pfx_kthread+0x10/0x10
[   19.145065]  ret_from_fork+0x116/0x1d0
[   19.145091]  ? __pfx_kthread+0x10/0x10
[   19.145119]  ret_from_fork_asm+0x1a/0x30
[   19.145161]  </TASK>
[   19.145178] 
[   19.166371] Allocated by task 198:
[   19.167195]  kasan_save_stack+0x45/0x70
[   19.167997]  kasan_save_track+0x18/0x40
[   19.168782]  kasan_save_alloc_info+0x3b/0x50
[   19.168990]  __kasan_kmalloc+0xb7/0xc0
[   19.169154]  __kmalloc_cache_noprof+0x189/0x420
[   19.169567]  kmalloc_memmove_negative_size+0xac/0x330
[   19.169967]  kunit_try_run_case+0x1a5/0x480
[   19.170323]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.172375]  kthread+0x337/0x6f0
[   19.173050]  ret_from_fork+0x116/0x1d0
[   19.173782]  ret_from_fork_asm+0x1a/0x30
[   19.174209] 
[   19.174471] The buggy address belongs to the object at ffff888102b89e00
[   19.174471]  which belongs to the cache kmalloc-64 of size 64
[   19.175678] The buggy address is located 4 bytes inside of
[   19.175678]  64-byte region [ffff888102b89e00, ffff888102b89e40)
[   19.176459] 
[   19.176907] The buggy address belongs to the physical page:
[   19.177701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b89
[   19.178773] flags: 0x200000000000000(node=0|zone=2)
[   19.179706] page_type: f5(slab)
[   19.180513] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   19.181457] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   19.182148] page dumped because: kasan: bad access detected
[   19.182671] 
[   19.182889] Memory state around the buggy address:
[   19.183318]  ffff888102b89d00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc
[   19.184867]  ffff888102b89d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   19.185124] >ffff888102b89e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   19.185559]                    ^
[   19.185857]  ffff888102b89e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.186310]  ffff888102b89f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.186843] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yFIyzTag0Ggqc7NC7MKm1oGAHs

job_id

TEST:linaro@lkft#2yFJ4iKeLmbcU1CApdjYkPQUbT8

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJ4iKeLmbcU1CApdjYkPQUbT8

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ1Zkam0aZbTFyCvwdUTLsqrR/bzImage
sha256sum	f05dd4faa0ada92a047f3b35a42ad3c00b699dc7365852668932705a69d3192e

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ1Zkam0aZbTFyCvwdUTLsqrR/modules.tar.xz
sha256sum	4c91a216e7eda9f27ccb87e39bf63b1a8c5021c956ffe71abea1b04111d9e7ed

durations

tests

boot	0
kunit	496.04

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.192303] ==================================================================
[   18.193522] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330
[   18.194057] Read of size 18446744073709551614 at addr ffff888103302304 by task kunit_try_catch/198
[   18.195669] 
[   18.195969] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT(voluntary) 
[   18.196079] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.196101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.196152] Call Trace:
[   18.196169]  <TASK>
[   18.196189]  dump_stack_lvl+0x73/0xb0
[   18.196232]  print_report+0xd1/0x650
[   18.196264]  ? __virt_addr_valid+0x1db/0x2d0
[   18.196295]  ? kmalloc_memmove_negative_size+0x171/0x330
[   18.196330]  ? kasan_complete_mode_report_info+0x2a/0x200
[   18.196361]  ? kmalloc_memmove_negative_size+0x171/0x330
[   18.196420]  kasan_report+0x141/0x180
[   18.196455]  ? kmalloc_memmove_negative_size+0x171/0x330
[   18.196497]  kasan_check_range+0x10c/0x1c0
[   18.196928]  __asan_memmove+0x27/0x70
[   18.197073]  kmalloc_memmove_negative_size+0x171/0x330
[   18.197222]  ? __pfx_kmalloc_memmove_negative_size+0x10/0x10
[   18.197268]  ? __schedule+0x10cc/0x2b60
[   18.197304]  ? __pfx_read_tsc+0x10/0x10
[   18.197333]  ? ktime_get_ts64+0x86/0x230
[   18.197367]  kunit_try_run_case+0x1a5/0x480
[   18.197403]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.197436]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.197468]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.197501]  ? __kthread_parkme+0x82/0x180
[   18.197654]  ? preempt_count_sub+0x50/0x80
[   18.197695]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.197732]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.197766]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.197800]  kthread+0x337/0x6f0
[   18.197827]  ? trace_preempt_on+0x20/0xc0
[   18.197859]  ? __pfx_kthread+0x10/0x10
[   18.197915]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.197949]  ? calculate_sigpending+0x7b/0xa0
[   18.197984]  ? __pfx_kthread+0x10/0x10
[   18.198013]  ret_from_fork+0x116/0x1d0
[   18.198038]  ? __pfx_kthread+0x10/0x10
[   18.198066]  ret_from_fork_asm+0x1a/0x30
[   18.198116]  </TASK>
[   18.198150] 
[   18.217745] Allocated by task 198:
[   18.218496]  kasan_save_stack+0x45/0x70
[   18.219026]  kasan_save_track+0x18/0x40
[   18.219469]  kasan_save_alloc_info+0x3b/0x50
[   18.219957]  __kasan_kmalloc+0xb7/0xc0
[   18.220390]  __kmalloc_cache_noprof+0x189/0x420
[   18.220748]  kmalloc_memmove_negative_size+0xac/0x330
[   18.222016]  kunit_try_run_case+0x1a5/0x480
[   18.222562]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.223046]  kthread+0x337/0x6f0
[   18.223419]  ret_from_fork+0x116/0x1d0
[   18.224017]  ret_from_fork_asm+0x1a/0x30
[   18.224463] 
[   18.224862] The buggy address belongs to the object at ffff888103302300
[   18.224862]  which belongs to the cache kmalloc-64 of size 64
[   18.226338] The buggy address is located 4 bytes inside of
[   18.226338]  64-byte region [ffff888103302300, ffff888103302340)
[   18.227239] 
[   18.227456] The buggy address belongs to the physical page:
[   18.228195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103302
[   18.228995] flags: 0x200000000000000(node=0|zone=2)
[   18.229355] page_type: f5(slab)
[   18.229841] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   18.230972] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   18.231918] page dumped because: kasan: bad access detected
[   18.232750] 
[   18.233015] Memory state around the buggy address:
[   18.233787]  ffff888103302200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   18.234304]  ffff888103302280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   18.235264] >ffff888103302300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   18.235986]                    ^
[   18.236845]  ffff888103302380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.237451]  ffff888103302400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.238141] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yFJa8MDv2TKZH7YEtxmNb0q7fa

job_id

TEST:linaro@lkft#2yFJg6evKCJULvhuKONQXkmKNuR

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJg6evKCJULvhuKONQXkmKNuR

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJckhfK3YrLD08LOXKoRhVmur/bzImage
sha256sum	29478c4c320d34ff021412c955555f504dfce41fdd7a0c526c5823fd4fbe6c3d

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJckhfK3YrLD08LOXKoRhVmur/modules.tar.xz
sha256sum	31704dd31b4a615f97eb1ad9c83226bc02c998ac6fbf99f15f8bf3a95894cad5

durations

tests

boot	0
kunit	340.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   20.646950] ==================================================================
[   20.648011] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0
[   20.648720] Read of size 18446744073709551614 at addr ffff00000e2e8a84 by task kunit_try_catch/233
[   20.649551] 
[   20.649719] CPU: 3 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   20.649770] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.649786] Hardware name: Radxa ROCK Pi 4B (DT)
[   20.649803] Call trace:
[   20.649814]  show_stack+0x20/0x38 (C)
[   20.649852]  dump_stack_lvl+0x8c/0xd0
[   20.649888]  print_report+0x118/0x608
[   20.649923]  kasan_report+0xdc/0x128
[   20.649954]  kasan_check_range+0x100/0x1a8
[   20.649990]  __asan_memmove+0x3c/0x98
[   20.650016]  kmalloc_memmove_negative_size+0x154/0x2e0
[   20.650050]  kunit_try_run_case+0x170/0x3f0
[   20.650084]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.650121]  kthread+0x328/0x630
[   20.650148]  ret_from_fork+0x10/0x20
[   20.650179] 
[   20.656109] Allocated by task 233:
[   20.656435]  kasan_save_stack+0x3c/0x68
[   20.656814]  kasan_save_track+0x20/0x40
[   20.657189]  kasan_save_alloc_info+0x40/0x58
[   20.657605]  __kasan_kmalloc+0xd4/0xd8
[   20.657971]  __kmalloc_cache_noprof+0x16c/0x3c0
[   20.658408]  kmalloc_memmove_negative_size+0xb0/0x2e0
[   20.658890]  kunit_try_run_case+0x170/0x3f0
[   20.659297]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.659820]  kthread+0x328/0x630
[   20.660136]  ret_from_fork+0x10/0x20
[   20.660488] 
[   20.660641] The buggy address belongs to the object at ffff00000e2e8a80
[   20.660641]  which belongs to the cache kmalloc-64 of size 64
[   20.661758] The buggy address is located 4 bytes inside of
[   20.661758]  64-byte region [ffff00000e2e8a80, ffff00000e2e8ac0)
[   20.662801] 
[   20.662956] The buggy address belongs to the physical page:
[   20.663470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe2e8
[   20.664196] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff)
[   20.664807] page_type: f5(slab)
[   20.665119] raw: 03fffe0000000000 ffff0000004028c0 dead000000000122 0000000000000000
[   20.665835] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   20.666542] page dumped because: kasan: bad access detected
[   20.667056] 
[   20.667210] Memory state around the buggy address:
[   20.667658]  ffff00000e2e8980: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc
[   20.668323]  ffff00000e2e8a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   20.668989] >ffff00000e2e8a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   20.669650]                    ^
[   20.669960]  ffff00000e2e8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.670625]  ffff00000e2e8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.671286] ==================================================================

Metadata Full log Test run details

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit