Hay
Sign in
Date
July 18, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.485045] ==================================================================
[   15.485106] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0
[   15.485157] Read of size 64 at addr fff00000c3f54404 by task kunit_try_catch/182
[   15.485209] 
[   15.485240] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.485367] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.485426] Hardware name: linux,dummy-virt (DT)
[   15.485978] Call trace:
[   15.486025]  show_stack+0x20/0x38 (C)
[   15.486083]  dump_stack_lvl+0x8c/0xd0
[   15.486132]  print_report+0x118/0x5d0
[   15.486351]  kasan_report+0xdc/0x128
[   15.486736]  kasan_check_range+0x100/0x1a8
[   15.486892]  __asan_memmove+0x3c/0x98
[   15.487099]  kmalloc_memmove_invalid_size+0x154/0x2e0
[   15.487177]  kunit_try_run_case+0x170/0x3f0
[   15.487409]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.487743]  kthread+0x328/0x630
[   15.487826]  ret_from_fork+0x10/0x20
[   15.487997] 
[   15.488057] Allocated by task 182:
[   15.488258]  kasan_save_stack+0x3c/0x68
[   15.488522]  kasan_save_track+0x20/0x40
[   15.488719]  kasan_save_alloc_info+0x40/0x58
[   15.488952]  __kasan_kmalloc+0xd4/0xd8
[   15.489129]  __kmalloc_cache_noprof+0x16c/0x3c0
[   15.489216]  kmalloc_memmove_invalid_size+0xb0/0x2e0
[   15.489301]  kunit_try_run_case+0x170/0x3f0
[   15.489441]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.489668]  kthread+0x328/0x630
[   15.489937]  ret_from_fork+0x10/0x20
[   15.490057] 
[   15.490154] The buggy address belongs to the object at fff00000c3f54400
[   15.490154]  which belongs to the cache kmalloc-64 of size 64
[   15.490307] The buggy address is located 4 bytes inside of
[   15.490307]  allocated 64-byte region [fff00000c3f54400, fff00000c3f54440)
[   15.490439] 
[   15.490497] The buggy address belongs to the physical page:
[   15.490603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f54
[   15.490702] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   15.490904] page_type: f5(slab)
[   15.491114] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   15.491272] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   15.491369] page dumped because: kasan: bad access detected
[   15.491476] 
[   15.491519] Memory state around the buggy address:
[   15.491601]  fff00000c3f54300: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   15.491718]  fff00000c3f54380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   15.491764] >fff00000c3f54400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   15.491837]                                            ^
[   15.492061]  fff00000c3f54480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.492266]  fff00000c3f54500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.492424] ==================================================================
Metadata Full log Test run details 

[   12.398986] ==================================================================
[   12.399850] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330
[   12.400577] Read of size 64 at addr ffff8881029d4684 by task kunit_try_catch/201
[   12.400979] 
[   12.401075] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.401120] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.401132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.401152] Call Trace:
[   12.401164]  <TASK>
[   12.401179]  dump_stack_lvl+0x73/0xb0
[   12.401454]  print_report+0xd1/0x610
[   12.401492]  ? __virt_addr_valid+0x1db/0x2d0
[   12.401515]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   12.401540]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.401561]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   12.401586]  kasan_report+0x141/0x180
[   12.401607]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   12.401635]  kasan_check_range+0x10c/0x1c0
[   12.401658]  __asan_memmove+0x27/0x70
[   12.401677]  kmalloc_memmove_invalid_size+0x16f/0x330
[   12.401701]  ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10
[   12.401726]  ? __schedule+0x10cc/0x2b60
[   12.401749]  ? __pfx_read_tsc+0x10/0x10
[   12.401769]  ? ktime_get_ts64+0x86/0x230
[   12.401792]  kunit_try_run_case+0x1a5/0x480
[   12.401816]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.401838]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.401861]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.401885]  ? __kthread_parkme+0x82/0x180
[   12.401905]  ? preempt_count_sub+0x50/0x80
[   12.401929]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.401952]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.401975]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.401998]  kthread+0x337/0x6f0
[   12.402016]  ? trace_preempt_on+0x20/0xc0
[   12.402039]  ? __pfx_kthread+0x10/0x10
[   12.402058]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.402079]  ? calculate_sigpending+0x7b/0xa0
[   12.402103]  ? __pfx_kthread+0x10/0x10
[   12.402123]  ret_from_fork+0x116/0x1d0
[   12.402140]  ? __pfx_kthread+0x10/0x10
[   12.402160]  ret_from_fork_asm+0x1a/0x30
[   12.402190]  </TASK>
[   12.402199] 
[   12.412907] Allocated by task 201:
[   12.413314]  kasan_save_stack+0x45/0x70
[   12.413657]  kasan_save_track+0x18/0x40
[   12.413843]  kasan_save_alloc_info+0x3b/0x50
[   12.414295]  __kasan_kmalloc+0xb7/0xc0
[   12.414445]  __kmalloc_cache_noprof+0x189/0x420
[   12.414681]  kmalloc_memmove_invalid_size+0xac/0x330
[   12.414911]  kunit_try_run_case+0x1a5/0x480
[   12.415626]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.415879]  kthread+0x337/0x6f0
[   12.416020]  ret_from_fork+0x116/0x1d0
[   12.416430]  ret_from_fork_asm+0x1a/0x30
[   12.416642] 
[   12.416724] The buggy address belongs to the object at ffff8881029d4680
[   12.416724]  which belongs to the cache kmalloc-64 of size 64
[   12.417218] The buggy address is located 4 bytes inside of
[   12.417218]  allocated 64-byte region [ffff8881029d4680, ffff8881029d46c0)
[   12.417968] 
[   12.418066] The buggy address belongs to the physical page:
[   12.418341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d4
[   12.418923] flags: 0x200000000000000(node=0|zone=2)
[   12.419307] page_type: f5(slab)
[   12.419478] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   12.419943] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   12.420545] page dumped because: kasan: bad access detected
[   12.420762] 
[   12.420958] Memory state around the buggy address:
[   12.421215]  ffff8881029d4580: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   12.421547]  ffff8881029d4600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   12.421841] >ffff8881029d4680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   12.422137]                                            ^
[   12.422374]  ffff8881029d4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.423066]  ffff8881029d4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.423342] ==================================================================
Metadata Full log Test run details