Hay
Sign in
Date
July 3, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   22.545108] ==================================================================
[   22.545250] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8
[   22.545741] Read of size 1 at addr fff00000c6376b18 by task kunit_try_catch/257
[   22.545866] 
[   22.545956] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   22.546159] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.546520] Hardware name: linux,dummy-virt (DT)
[   22.547247] Call trace:
[   22.547328]  show_stack+0x20/0x38 (C)
[   22.547455]  dump_stack_lvl+0x8c/0xd0
[   22.547563]  print_report+0x118/0x608
[   22.547665]  kasan_report+0xdc/0x128
[   22.548397]  __asan_report_load1_noabort+0x20/0x30
[   22.549242]  memcmp+0x198/0x1d8
[   22.549491]  kasan_memcmp+0x16c/0x300
[   22.549614]  kunit_try_run_case+0x170/0x3f0
[   22.549974]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.550237]  kthread+0x328/0x630
[   22.550368]  ret_from_fork+0x10/0x20
[   22.550553] 
[   22.550605] Allocated by task 257:
[   22.550683]  kasan_save_stack+0x3c/0x68
[   22.551035]  kasan_save_track+0x20/0x40
[   22.551126]  kasan_save_alloc_info+0x40/0x58
[   22.551277]  __kasan_kmalloc+0xd4/0xd8
[   22.551458]  __kmalloc_cache_noprof+0x16c/0x3c0
[   22.551575]  kasan_memcmp+0xbc/0x300
[   22.551745]  kunit_try_run_case+0x170/0x3f0
[   22.551914]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.552038]  kthread+0x328/0x630
[   22.552115]  ret_from_fork+0x10/0x20
[   22.552431] 
[   22.552674] The buggy address belongs to the object at fff00000c6376b00
[   22.552674]  which belongs to the cache kmalloc-32 of size 32
[   22.552926] The buggy address is located 0 bytes to the right of
[   22.552926]  allocated 24-byte region [fff00000c6376b00, fff00000c6376b18)
[   22.553203] 
[   22.553470] The buggy address belongs to the physical page:
[   22.553714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106376
[   22.553874] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.553975] page_type: f5(slab)
[   22.554442] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   22.554765] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   22.554873] page dumped because: kasan: bad access detected
[   22.555057] 
[   22.555107] Memory state around the buggy address:
[   22.555212]  fff00000c6376a00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   22.555510]  fff00000c6376a80: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc
[   22.555740] >fff00000c6376b00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.555918]                             ^
[   22.556007]  fff00000c6376b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.556202]  fff00000c6376c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.556297] ==================================================================
Metadata Full log Test run details 

[   13.467819] ==================================================================
[   13.468893] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0
[   13.469449] Read of size 1 at addr ffff88810319c458 by task kunit_try_catch/274
[   13.470111] 
[   13.470358] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.470418] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.470431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.470453] Call Trace:
[   13.470466]  <TASK>
[   13.470483]  dump_stack_lvl+0x73/0xb0
[   13.470540]  print_report+0xd1/0x650
[   13.470567]  ? __virt_addr_valid+0x1db/0x2d0
[   13.470590]  ? memcmp+0x1b4/0x1d0
[   13.470620]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.470642]  ? memcmp+0x1b4/0x1d0
[   13.470660]  kasan_report+0x141/0x180
[   13.470682]  ? memcmp+0x1b4/0x1d0
[   13.470703]  __asan_report_load1_noabort+0x18/0x20
[   13.470726]  memcmp+0x1b4/0x1d0
[   13.470746]  kasan_memcmp+0x18f/0x390
[   13.470766]  ? trace_hardirqs_on+0x37/0xe0
[   13.470789]  ? __pfx_kasan_memcmp+0x10/0x10
[   13.470808]  ? finish_task_switch.isra.0+0x153/0x700
[   13.470832]  ? __switch_to+0x47/0xf50
[   13.470861]  ? __pfx_read_tsc+0x10/0x10
[   13.470880]  ? ktime_get_ts64+0x86/0x230
[   13.470904]  kunit_try_run_case+0x1a5/0x480
[   13.470928]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.470949]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.470972]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.470994]  ? __kthread_parkme+0x82/0x180
[   13.471016]  ? preempt_count_sub+0x50/0x80
[   13.471038]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.471061]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.471083]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.471106]  kthread+0x337/0x6f0
[   13.471134]  ? trace_preempt_on+0x20/0xc0
[   13.471155]  ? __pfx_kthread+0x10/0x10
[   13.471175]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.471195]  ? calculate_sigpending+0x7b/0xa0
[   13.471218]  ? __pfx_kthread+0x10/0x10
[   13.471239]  ret_from_fork+0x116/0x1d0
[   13.471257]  ? __pfx_kthread+0x10/0x10
[   13.471277]  ret_from_fork_asm+0x1a/0x30
[   13.471306]  </TASK>
[   13.471317] 
[   13.484981] Allocated by task 274:
[   13.485326]  kasan_save_stack+0x45/0x70
[   13.485741]  kasan_save_track+0x18/0x40
[   13.486463]  kasan_save_alloc_info+0x3b/0x50
[   13.487071]  __kasan_kmalloc+0xb7/0xc0
[   13.487502]  __kmalloc_cache_noprof+0x189/0x420
[   13.487939]  kasan_memcmp+0xb7/0x390
[   13.488390]  kunit_try_run_case+0x1a5/0x480
[   13.488796]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.489299]  kthread+0x337/0x6f0
[   13.489677]  ret_from_fork+0x116/0x1d0
[   13.490096]  ret_from_fork_asm+0x1a/0x30
[   13.490460] 
[   13.490536] The buggy address belongs to the object at ffff88810319c440
[   13.490536]  which belongs to the cache kmalloc-32 of size 32
[   13.490936] The buggy address is located 0 bytes to the right of
[   13.490936]  allocated 24-byte region [ffff88810319c440, ffff88810319c458)
[   13.492297] 
[   13.492464] The buggy address belongs to the physical page:
[   13.493017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10319c
[   13.493540] flags: 0x200000000000000(node=0|zone=2)
[   13.494067] page_type: f5(slab)
[   13.494438] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   13.494735] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   13.495112] page dumped because: kasan: bad access detected
[   13.495691] 
[   13.495879] Memory state around the buggy address:
[   13.496407]  ffff88810319c300: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc
[   13.497192]  ffff88810319c380: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[   13.497871] >ffff88810319c400: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   13.498434]                                                     ^
[   13.498904]  ffff88810319c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.499136]  ffff88810319c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.499350] ==================================================================
Metadata Full log Test run details