Hay
Sign in
Date
July 1, 2025, 3:08 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   17.054420] ==================================================================
[   17.054482] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0
[   17.054535] Read of size 64 at addr fff00000c57c9b04 by task kunit_try_catch/183
[   17.054599] 
[   17.054631] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.054712] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.054738] Hardware name: linux,dummy-virt (DT)
[   17.054769] Call trace:
[   17.054791]  show_stack+0x20/0x38 (C)
[   17.054839]  dump_stack_lvl+0x8c/0xd0
[   17.054939]  print_report+0x118/0x608
[   17.054990]  kasan_report+0xdc/0x128
[   17.055035]  kasan_check_range+0x100/0x1a8
[   17.055084]  __asan_memmove+0x3c/0x98
[   17.055127]  kmalloc_memmove_invalid_size+0x154/0x2e0
[   17.055177]  kunit_try_run_case+0x170/0x3f0
[   17.055224]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.055275]  kthread+0x328/0x630
[   17.055316]  ret_from_fork+0x10/0x20
[   17.055363] 
[   17.055381] Allocated by task 183:
[   17.055408]  kasan_save_stack+0x3c/0x68
[   17.055448]  kasan_save_track+0x20/0x40
[   17.055484]  kasan_save_alloc_info+0x40/0x58
[   17.055523]  __kasan_kmalloc+0xd4/0xd8
[   17.055559]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.055608]  kmalloc_memmove_invalid_size+0xb0/0x2e0
[   17.055647]  kunit_try_run_case+0x170/0x3f0
[   17.055683]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.055726]  kthread+0x328/0x630
[   17.055757]  ret_from_fork+0x10/0x20
[   17.055792] 
[   17.055810] The buggy address belongs to the object at fff00000c57c9b00
[   17.055810]  which belongs to the cache kmalloc-64 of size 64
[   17.055925] The buggy address is located 4 bytes inside of
[   17.055925]  allocated 64-byte region [fff00000c57c9b00, fff00000c57c9b40)
[   17.055994] 
[   17.056086] The buggy address belongs to the physical page:
[   17.056117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057c9
[   17.056171] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.056219] page_type: f5(slab)
[   17.056257] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000
[   17.056500] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   17.056541] page dumped because: kasan: bad access detected
[   17.056584] 
[   17.056604] Memory state around the buggy address:
[   17.056638]  fff00000c57c9a00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   17.056683]  fff00000c57c9a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   17.056727] >fff00000c57c9b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   17.056767]                                            ^
[   17.056820]  fff00000c57c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.056864]  fff00000c57c9c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.057082] ==================================================================
Metadata Full log Test run details 

[   11.823042] ==================================================================
[   11.823605] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330
[   11.824152] Read of size 64 at addr ffff8881033ab484 by task kunit_try_catch/199
[   11.824622] 
[   11.824810] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.824859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.824871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.824892] Call Trace:
[   11.824904]  <TASK>
[   11.824924]  dump_stack_lvl+0x73/0xb0
[   11.824955]  print_report+0xd1/0x650
[   11.824979]  ? __virt_addr_valid+0x1db/0x2d0
[   11.825003]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   11.825044]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.825065]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   11.825099]  kasan_report+0x141/0x180
[   11.825120]  ? kmalloc_memmove_invalid_size+0x16f/0x330
[   11.825147]  kasan_check_range+0x10c/0x1c0
[   11.825169]  __asan_memmove+0x27/0x70
[   11.825188]  kmalloc_memmove_invalid_size+0x16f/0x330
[   11.825219]  ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10
[   11.825242]  ? __schedule+0x10cc/0x2b60
[   11.825265]  ? __pfx_read_tsc+0x10/0x10
[   11.825296]  ? ktime_get_ts64+0x86/0x230
[   11.825319]  kunit_try_run_case+0x1a5/0x480
[   11.825342]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.825363]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.825394]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.825416]  ? __kthread_parkme+0x82/0x180
[   11.825435]  ? preempt_count_sub+0x50/0x80
[   11.825469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.825491]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.825512]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.825534]  kthread+0x337/0x6f0
[   11.825552]  ? trace_preempt_on+0x20/0xc0
[   11.825575]  ? __pfx_kthread+0x10/0x10
[   11.825594]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.825614]  ? calculate_sigpending+0x7b/0xa0
[   11.825636]  ? __pfx_kthread+0x10/0x10
[   11.825713]  ret_from_fork+0x116/0x1d0
[   11.825734]  ? __pfx_kthread+0x10/0x10
[   11.825754]  ret_from_fork_asm+0x1a/0x30
[   11.825784]  </TASK>
[   11.825795] 
[   11.836406] Allocated by task 199:
[   11.836752]  kasan_save_stack+0x45/0x70
[   11.836973]  kasan_save_track+0x18/0x40
[   11.837386]  kasan_save_alloc_info+0x3b/0x50
[   11.837736]  __kasan_kmalloc+0xb7/0xc0
[   11.838014]  __kmalloc_cache_noprof+0x189/0x420
[   11.838332]  kmalloc_memmove_invalid_size+0xac/0x330
[   11.838559]  kunit_try_run_case+0x1a5/0x480
[   11.838944]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.839523]  kthread+0x337/0x6f0
[   11.839679]  ret_from_fork+0x116/0x1d0
[   11.840230]  ret_from_fork_asm+0x1a/0x30
[   11.840423] 
[   11.840523] The buggy address belongs to the object at ffff8881033ab480
[   11.840523]  which belongs to the cache kmalloc-64 of size 64
[   11.841248] The buggy address is located 4 bytes inside of
[   11.841248]  allocated 64-byte region [ffff8881033ab480, ffff8881033ab4c0)
[   11.842112] 
[   11.842207] The buggy address belongs to the physical page:
[   11.842517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033ab
[   11.843000] flags: 0x200000000000000(node=0|zone=2)
[   11.843250] page_type: f5(slab)
[   11.843409] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000
[   11.844126] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   11.844439] page dumped because: kasan: bad access detected
[   11.844750] 
[   11.845001] Memory state around the buggy address:
[   11.845236]  ffff8881033ab380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   11.845665]  ffff8881033ab400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   11.846120] >ffff8881033ab480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   11.846428]                                            ^
[   11.846804]  ffff8881033ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.847125]  ffff8881033ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.847419] ==================================================================
Metadata Full log Test run details