Hay
Date
July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.904537] ==================================================================
[   30.904609] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0
[   30.904662] Read of size 64 at addr fff00000c91ed704 by task kunit_try_catch/215
[   30.904970] 
[   30.905362] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   30.905480] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.905508] Hardware name: linux,dummy-virt (DT)
[   30.905620] Call trace:
[   30.905647]  show_stack+0x20/0x38 (C)
[   30.905700]  dump_stack_lvl+0x8c/0xd0
[   30.905748]  print_report+0x118/0x608
[   30.906275]  kasan_report+0xdc/0x128
[   30.906385]  kasan_check_range+0x100/0x1a8
[   30.906479]  __asan_memmove+0x3c/0x98
[   30.906618]  kmalloc_memmove_invalid_size+0x154/0x2e0
[   30.906745]  kunit_try_run_case+0x170/0x3f0
[   30.906832]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.906889]  kthread+0x328/0x630
[   30.907228]  ret_from_fork+0x10/0x20
[   30.907312] 
[   30.907343] Allocated by task 215:
[   30.907408]  kasan_save_stack+0x3c/0x68
[   30.907499]  kasan_save_track+0x20/0x40
[   30.907538]  kasan_save_alloc_info+0x40/0x58
[   30.907892]  __kasan_kmalloc+0xd4/0xd8
[   30.908039]  __kmalloc_cache_noprof+0x16c/0x3c0
[   30.908130]  kmalloc_memmove_invalid_size+0xb0/0x2e0
[   30.908370]  kunit_try_run_case+0x170/0x3f0
[   30.908589]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.908689]  kthread+0x328/0x630
[   30.908760]  ret_from_fork+0x10/0x20
[   30.908859] 
[   30.908907] The buggy address belongs to the object at fff00000c91ed700
[   30.908907]  which belongs to the cache kmalloc-64 of size 64
[   30.908993] The buggy address is located 4 bytes inside of
[   30.908993]  allocated 64-byte region [fff00000c91ed700, fff00000c91ed740)
[   30.909189] 
[   30.909246] The buggy address belongs to the physical page:
[   30.909290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091ed
[   30.909348] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.909398] page_type: f5(slab)
[   30.909436] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   30.909496] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   30.909548] page dumped because: kasan: bad access detected
[   30.909581] 
[   30.909615] Memory state around the buggy address:
[   30.909663]  fff00000c91ed600: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   30.909710]  fff00000c91ed680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   30.909753] >fff00000c91ed700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   30.909803]                                            ^
[   30.909838]  fff00000c91ed780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.909886]  fff00000c91ed800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.909944] ==================================================================

[   32.661070] ==================================================================
[   32.661135] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0
[   32.661249] Read of size 64 at addr fff00000c990b584 by task kunit_try_catch/213
[   32.661316] 
[   32.661365] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   32.661454] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.661485] Hardware name: linux,dummy-virt (DT)
[   32.661764] Call trace:
[   32.661825]  show_stack+0x20/0x38 (C)
[   32.661881]  dump_stack_lvl+0x8c/0xd0
[   32.661968]  print_report+0x118/0x608
[   32.662025]  kasan_report+0xdc/0x128
[   32.662071]  kasan_check_range+0x100/0x1a8
[   32.662135]  __asan_memmove+0x3c/0x98
[   32.662221]  kmalloc_memmove_invalid_size+0x154/0x2e0
[   32.662279]  kunit_try_run_case+0x170/0x3f0
[   32.662331]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.662396]  kthread+0x328/0x630
[   32.662475]  ret_from_fork+0x10/0x20
[   32.662532] 
[   32.662561] Allocated by task 213:
[   32.662599]  kasan_save_stack+0x3c/0x68
[   32.662640]  kasan_save_track+0x20/0x40
[   32.662728]  kasan_save_alloc_info+0x40/0x58
[   32.662765]  __kasan_kmalloc+0xd4/0xd8
[   32.662804]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.662851]  kmalloc_memmove_invalid_size+0xb0/0x2e0
[   32.662894]  kunit_try_run_case+0x170/0x3f0
[   32.663053]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.663104]  kthread+0x328/0x630
[   32.663231]  ret_from_fork+0x10/0x20
[   32.663296] 
[   32.663363] The buggy address belongs to the object at fff00000c990b580
[   32.663363]  which belongs to the cache kmalloc-64 of size 64
[   32.663431] The buggy address is located 4 bytes inside of
[   32.663431]  allocated 64-byte region [fff00000c990b580, fff00000c990b5c0)
[   32.663525] 
[   32.663566] The buggy address belongs to the physical page:
[   32.663647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10990b
[   32.663725] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.663797] page_type: f5(slab)
[   32.663899] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   32.663975] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   32.664026] page dumped because: kasan: bad access detected
[   32.664080] 
[   32.664099] Memory state around the buggy address:
[   32.664130]  fff00000c990b480: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   32.664183]  fff00000c990b500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.664226] >fff00000c990b580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   32.664264]                                            ^
[   32.664298]  fff00000c990b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.664341]  fff00000c990b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.664379] ==================================================================

[   23.261469] ==================================================================
[   23.262237] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330
[   23.262632] Read of size 64 at addr ffff888105fdff04 by task kunit_try_catch/230
[   23.263004] 
[   23.263126] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   23.263173] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.263186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.263206] Call Trace:
[   23.263218]  <TASK>
[   23.263233]  dump_stack_lvl+0x73/0xb0
[   23.263261]  print_report+0xd1/0x650
[   23.263283]  ? __virt_addr_valid+0x1db/0x2d0
[   23.263317]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   23.263340]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.263366]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   23.263389]  kasan_report+0x141/0x180
[   23.263411]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   23.263438]  kasan_check_range+0x10c/0x1c0
[   23.263482]  __asan_memmove+0x27/0x70
[   23.263517]  kmalloc_memmove_invalid_size+0x16f/0x330
[   23.263540]  ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10
[   23.263564]  ? __schedule+0x10cc/0x2b60
[   23.263585]  ? __pfx_read_tsc+0x10/0x10
[   23.263623]  ? ktime_get_ts64+0x86/0x230
[   23.263648]  kunit_try_run_case+0x1a5/0x480
[   23.263672]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.263756]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.263778]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.263800]  ? __kthread_parkme+0x82/0x180
[   23.263821]  ? preempt_count_sub+0x50/0x80
[   23.263844]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.263869]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.263892]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.263916]  kthread+0x337/0x6f0
[   23.263935]  ? trace_preempt_on+0x20/0xc0
[   23.263959]  ? __pfx_kthread+0x10/0x10
[   23.263979]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.264002]  ? calculate_sigpending+0x7b/0xa0
[   23.264025]  ? __pfx_kthread+0x10/0x10
[   23.264046]  ret_from_fork+0x116/0x1d0
[   23.264064]  ? __pfx_kthread+0x10/0x10
[   23.264085]  ret_from_fork_asm+0x1a/0x30
[   23.264115]  </TASK>
[   23.264126] 
[   23.272946] Allocated by task 230:
[   23.273361]  kasan_save_stack+0x45/0x70
[   23.273610]  kasan_save_track+0x18/0x40
[   23.273893]  kasan_save_alloc_info+0x3b/0x50
[   23.274076]  __kasan_kmalloc+0xb7/0xc0
[   23.274254]  __kmalloc_cache_noprof+0x189/0x420
[   23.274469]  kmalloc_memmove_invalid_size+0xac/0x330
[   23.275061]  kunit_try_run_case+0x1a5/0x480
[   23.275354]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.275674]  kthread+0x337/0x6f0
[   23.275911]  ret_from_fork+0x116/0x1d0
[   23.276237]  ret_from_fork_asm+0x1a/0x30
[   23.276479] 
[   23.276588] The buggy address belongs to the object at ffff888105fdff00
[   23.276588]  which belongs to the cache kmalloc-64 of size 64
[   23.277361] The buggy address is located 4 bytes inside of
[   23.277361]  allocated 64-byte region [ffff888105fdff00, ffff888105fdff40)
[   23.278390] 
[   23.278470] The buggy address belongs to the physical page:
[   23.279066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fdf
[   23.279394] flags: 0x200000000000000(node=0|zone=2)
[   23.279854] page_type: f5(slab)
[   23.280037] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   23.280460] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   23.280933] page dumped because: kasan: bad access detected
[   23.281194] 
[   23.281288] Memory state around the buggy address:
[   23.281669]  ffff888105fdfe00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   23.282058]  ffff888105fdfe80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   23.282381] >ffff888105fdff00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   23.282972]                                            ^
[   23.283162]  ffff888105fdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.283667]  ffff888105fe0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.284059] ==================================================================

[   23.545520] ==================================================================
[   23.547113] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330
[   23.547684] Read of size 64 at addr ffff888106053e04 by task kunit_try_catch/231
[   23.547909] 
[   23.547998] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   23.548052] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.548080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.548104] Call Trace:
[   23.548120]  <TASK>
[   23.548140]  dump_stack_lvl+0x73/0xb0
[   23.548254]  print_report+0xd1/0x650
[   23.548388]  ? __virt_addr_valid+0x1db/0x2d0
[   23.548426]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   23.548450]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.548475]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   23.548499]  kasan_report+0x141/0x180
[   23.548520]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   23.548547]  kasan_check_range+0x10c/0x1c0
[   23.548570]  __asan_memmove+0x27/0x70
[   23.548624]  kmalloc_memmove_invalid_size+0x16f/0x330
[   23.548648]  ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10
[   23.548674]  ? __schedule+0x10cc/0x2b60
[   23.548739]  ? __pfx_read_tsc+0x10/0x10
[   23.548763]  ? ktime_get_ts64+0x86/0x230
[   23.548799]  kunit_try_run_case+0x1a5/0x480
[   23.548826]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.548849]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.548871]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.548893]  ? __kthread_parkme+0x82/0x180
[   23.548915]  ? preempt_count_sub+0x50/0x80
[   23.548954]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.548978]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.549001]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.549025]  kthread+0x337/0x6f0
[   23.549045]  ? trace_preempt_on+0x20/0xc0
[   23.549079]  ? __pfx_kthread+0x10/0x10
[   23.549099]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.549123]  ? calculate_sigpending+0x7b/0xa0
[   23.549146]  ? __pfx_kthread+0x10/0x10
[   23.549167]  ret_from_fork+0x116/0x1d0
[   23.549273]  ? __pfx_kthread+0x10/0x10
[   23.549298]  ret_from_fork_asm+0x1a/0x30
[   23.549329]  </TASK>
[   23.549341] 
[   23.562405] Allocated by task 231:
[   23.562675]  kasan_save_stack+0x45/0x70
[   23.563031]  kasan_save_track+0x18/0x40
[   23.563173]  kasan_save_alloc_info+0x3b/0x50
[   23.563642]  __kasan_kmalloc+0xb7/0xc0
[   23.564039]  __kmalloc_cache_noprof+0x189/0x420
[   23.564393]  kmalloc_memmove_invalid_size+0xac/0x330
[   23.564752]  kunit_try_run_case+0x1a5/0x480
[   23.565104]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.565570]  kthread+0x337/0x6f0
[   23.565699]  ret_from_fork+0x116/0x1d0
[   23.565842]  ret_from_fork_asm+0x1a/0x30
[   23.566114] 
[   23.566289] The buggy address belongs to the object at ffff888106053e00
[   23.566289]  which belongs to the cache kmalloc-64 of size 64
[   23.567616] The buggy address is located 4 bytes inside of
[   23.567616]  allocated 64-byte region [ffff888106053e00, ffff888106053e40)
[   23.568641] 
[   23.568717] The buggy address belongs to the physical page:
[   23.568888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106053
[   23.569671] flags: 0x200000000000000(node=0|zone=2)
[   23.570277] page_type: f5(slab)
[   23.570688] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   23.571308] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   23.571783] page dumped because: kasan: bad access detected
[   23.572000] 
[   23.572180] Memory state around the buggy address:
[   23.572682]  ffff888106053d00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   23.573426]  ffff888106053d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   23.573830] >ffff888106053e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   23.574464]                                            ^
[   23.574936]  ffff888106053e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.575502]  ffff888106053f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.575718] ==================================================================