Hay
Sign in
Date
July 5, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   21.909996] ==================================================================
[   21.910180] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8
[   21.910303] Read of size 1 at addr fff00000c79e2758 by task kunit_try_catch/258
[   21.910423] 
[   21.910507] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   21.910906] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.911018] Hardware name: linux,dummy-virt (DT)
[   21.911125] Call trace:
[   21.911179]  show_stack+0x20/0x38 (C)
[   21.911335]  dump_stack_lvl+0x8c/0xd0
[   21.911504]  print_report+0x118/0x608
[   21.911634]  kasan_report+0xdc/0x128
[   21.911805]  __asan_report_load1_noabort+0x20/0x30
[   21.911926]  memcmp+0x198/0x1d8
[   21.912016]  kasan_memcmp+0x16c/0x300
[   21.912222]  kunit_try_run_case+0x170/0x3f0
[   21.912583]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.912736]  kthread+0x328/0x630
[   21.912924]  ret_from_fork+0x10/0x20
[   21.913091] 
[   21.913135] Allocated by task 258:
[   21.913204]  kasan_save_stack+0x3c/0x68
[   21.913301]  kasan_save_track+0x20/0x40
[   21.913406]  kasan_save_alloc_info+0x40/0x58
[   21.913505]  __kasan_kmalloc+0xd4/0xd8
[   21.913588]  __kmalloc_cache_noprof+0x16c/0x3c0
[   21.913691]  kasan_memcmp+0xbc/0x300
[   21.913779]  kunit_try_run_case+0x170/0x3f0
[   21.913874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.914015]  kthread+0x328/0x630
[   21.914095]  ret_from_fork+0x10/0x20
[   21.914170] 
[   21.914216] The buggy address belongs to the object at fff00000c79e2740
[   21.914216]  which belongs to the cache kmalloc-32 of size 32
[   21.914404] The buggy address is located 0 bytes to the right of
[   21.914404]  allocated 24-byte region [fff00000c79e2740, fff00000c79e2758)
[   21.915016] 
[   21.915244] The buggy address belongs to the physical page:
[   21.915325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079e2
[   21.915493] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   21.915621] page_type: f5(slab)
[   21.915752] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   21.915927] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   21.916076] page dumped because: kasan: bad access detected
[   21.916168] 
[   21.916242] Memory state around the buggy address:
[   21.916347]  fff00000c79e2600: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[   21.916462]  fff00000c79e2680: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   21.916560] >fff00000c79e2700: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   21.916870]                                                     ^
[   21.917078]  fff00000c79e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.917187]  fff00000c79e2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.917287] ==================================================================
Metadata Full log Test run details 

[   15.737000] ==================================================================
[   15.738700] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0
[   15.740240] Read of size 1 at addr ffff888103347998 by task kunit_try_catch/275
[   15.741304] 
[   15.741432] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   15.741495] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.741510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.741538] Call Trace:
[   15.741555]  <TASK>
[   15.741578]  dump_stack_lvl+0x73/0xb0
[   15.741617]  print_report+0xd1/0x650
[   15.741668]  ? __virt_addr_valid+0x1db/0x2d0
[   15.741698]  ? memcmp+0x1b4/0x1d0
[   15.741720]  ? kasan_complete_mode_report_info+0x2a/0x200
[   15.741746]  ? memcmp+0x1b4/0x1d0
[   15.741776]  kasan_report+0x141/0x180
[   15.741802]  ? memcmp+0x1b4/0x1d0
[   15.741828]  __asan_report_load1_noabort+0x18/0x20
[   15.741856]  memcmp+0x1b4/0x1d0
[   15.741880]  kasan_memcmp+0x18f/0x390
[   15.741904]  ? trace_hardirqs_on+0x37/0xe0
[   15.741933]  ? __pfx_kasan_memcmp+0x10/0x10
[   15.741957]  ? finish_task_switch.isra.0+0x153/0x700
[   15.741986]  ? __switch_to+0x47/0xf50
[   15.742021]  ? __pfx_read_tsc+0x10/0x10
[   15.742047]  ? ktime_get_ts64+0x86/0x230
[   15.742076]  kunit_try_run_case+0x1a5/0x480
[   15.742107]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.742134]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.742163]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.742190]  ? __kthread_parkme+0x82/0x180
[   15.742215]  ? preempt_count_sub+0x50/0x80
[   15.742242]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.742269]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.742297]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.742324]  kthread+0x337/0x6f0
[   15.742347]  ? trace_preempt_on+0x20/0xc0
[   15.742373]  ? __pfx_kthread+0x10/0x10
[   15.742397]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.742427]  ? calculate_sigpending+0x7b/0xa0
[   15.742456]  ? __pfx_kthread+0x10/0x10
[   15.742481]  ret_from_fork+0x116/0x1d0
[   15.742503]  ? __pfx_kthread+0x10/0x10
[   15.742527]  ret_from_fork_asm+0x1a/0x30
[   15.742564]  </TASK>
[   15.742578] 
[   15.762135] Allocated by task 275:
[   15.762910]  kasan_save_stack+0x45/0x70
[   15.763566]  kasan_save_track+0x18/0x40
[   15.764518]  kasan_save_alloc_info+0x3b/0x50
[   15.765255]  __kasan_kmalloc+0xb7/0xc0
[   15.765722]  __kmalloc_cache_noprof+0x189/0x420
[   15.766446]  kasan_memcmp+0xb7/0x390
[   15.766909]  kunit_try_run_case+0x1a5/0x480
[   15.767326]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.767698]  kthread+0x337/0x6f0
[   15.767857]  ret_from_fork+0x116/0x1d0
[   15.768023]  ret_from_fork_asm+0x1a/0x30
[   15.768191] 
[   15.768283] The buggy address belongs to the object at ffff888103347980
[   15.768283]  which belongs to the cache kmalloc-32 of size 32
[   15.768754] The buggy address is located 0 bytes to the right of
[   15.768754]  allocated 24-byte region [ffff888103347980, ffff888103347998)
[   15.769367] 
[   15.769571] The buggy address belongs to the physical page:
[   15.770464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103347
[   15.771546] flags: 0x200000000000000(node=0|zone=2)
[   15.772203] page_type: f5(slab)
[   15.772875] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   15.773746] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   15.774633] page dumped because: kasan: bad access detected
[   15.775396] 
[   15.775590] Memory state around the buggy address:
[   15.776236]  ffff888103347880: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   15.777195]  ffff888103347900: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc
[   15.777488] >ffff888103347980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.777999]                             ^
[   15.778480]  ffff888103347a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.779340]  ffff888103347a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.780059] ==================================================================
Metadata Full log Test run details