Hay
Sign in
Date
June 24, 2025, 12:47 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   27.364556] ==================================================================
[   27.365975] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8
[   27.366501] Read of size 1 at addr fff00000c5a7cc98 by task kunit_try_catch/259
[   27.366654] 
[   27.367582] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   27.368010] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.368084] Hardware name: linux,dummy-virt (DT)
[   27.368648] Call trace:
[   27.368812]  show_stack+0x20/0x38 (C)
[   27.369010]  dump_stack_lvl+0x8c/0xd0
[   27.369148]  print_report+0x118/0x608
[   27.369374]  kasan_report+0xdc/0x128
[   27.369581]  __asan_report_load1_noabort+0x20/0x30
[   27.369744]  memcmp+0x198/0x1d8
[   27.370053]  kasan_memcmp+0x16c/0x300
[   27.370453]  kunit_try_run_case+0x170/0x3f0
[   27.370622]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.370766]  kthread+0x328/0x630
[   27.370886]  ret_from_fork+0x10/0x20
[   27.371016] 
[   27.371063] Allocated by task 259:
[   27.371148]  kasan_save_stack+0x3c/0x68
[   27.371417]  kasan_save_track+0x20/0x40
[   27.371573]  kasan_save_alloc_info+0x40/0x58
[   27.371730]  __kasan_kmalloc+0xd4/0xd8
[   27.371843]  __kmalloc_cache_noprof+0x16c/0x3c0
[   27.371969]  kasan_memcmp+0xbc/0x300
[   27.372104]  kunit_try_run_case+0x170/0x3f0
[   27.372625]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.372773]  kthread+0x328/0x630
[   27.372881]  ret_from_fork+0x10/0x20
[   27.373763] 
[   27.374006] The buggy address belongs to the object at fff00000c5a7cc80
[   27.374006]  which belongs to the cache kmalloc-32 of size 32
[   27.374472] The buggy address is located 0 bytes to the right of
[   27.374472]  allocated 24-byte region [fff00000c5a7cc80, fff00000c5a7cc98)
[   27.375206] 
[   27.375264] The buggy address belongs to the physical page:
[   27.375346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7c
[   27.376145] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   27.376415] page_type: f5(slab)
[   27.376676] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   27.376817] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   27.376930] page dumped because: kasan: bad access detected
[   27.377025] 
[   27.377076] Memory state around the buggy address:
[   27.377608]  fff00000c5a7cb80: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[   27.378184]  fff00000c5a7cc00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   27.378588] >fff00000c5a7cc80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.379299]                             ^
[   27.379400]  fff00000c5a7cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.379520]  fff00000c5a7cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.380106] ==================================================================
Metadata Full log Test run details 

[   13.913522] ==================================================================
[   13.914054] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0
[   13.914552] Read of size 1 at addr ffff8881039efa58 by task kunit_try_catch/277
[   13.914935] 
[   13.915088] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   13.915176] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.915199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.915239] Call Trace:
[   13.915268]  <TASK>
[   13.915303]  dump_stack_lvl+0x73/0xb0
[   13.915355]  print_report+0xd1/0x650
[   13.915400]  ? __virt_addr_valid+0x1db/0x2d0
[   13.915444]  ? memcmp+0x1b4/0x1d0
[   13.915482]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.915527]  ? memcmp+0x1b4/0x1d0
[   13.915557]  kasan_report+0x141/0x180
[   13.915646]  ? memcmp+0x1b4/0x1d0
[   13.915692]  __asan_report_load1_noabort+0x18/0x20
[   13.915736]  memcmp+0x1b4/0x1d0
[   13.915779]  kasan_memcmp+0x18f/0x390
[   13.915821]  ? trace_hardirqs_on+0x37/0xe0
[   13.915871]  ? __pfx_kasan_memcmp+0x10/0x10
[   13.915913]  ? finish_task_switch.isra.0+0x153/0x700
[   13.915960]  ? __switch_to+0x5d9/0xf60
[   13.915995]  ? dequeue_task_fair+0x166/0x4e0
[   13.916034]  ? __pfx_read_tsc+0x10/0x10
[   13.916062]  ? ktime_get_ts64+0x86/0x230
[   13.916094]  kunit_try_run_case+0x1a5/0x480
[   13.916127]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.916153]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.916178]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.916201]  ? __kthread_parkme+0x82/0x180
[   13.916222]  ? preempt_count_sub+0x50/0x80
[   13.916246]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.916269]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.916291]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.916313]  kthread+0x337/0x6f0
[   13.916329]  ? trace_preempt_on+0x20/0xc0
[   13.916350]  ? __pfx_kthread+0x10/0x10
[   13.916367]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.916388]  ? calculate_sigpending+0x7b/0xa0
[   13.916409]  ? __pfx_kthread+0x10/0x10
[   13.916426]  ret_from_fork+0x41/0x80
[   13.916445]  ? __pfx_kthread+0x10/0x10
[   13.916462]  ret_from_fork_asm+0x1a/0x30
[   13.916493]  </TASK>
[   13.916505] 
[   13.925403] Allocated by task 277:
[   13.925650]  kasan_save_stack+0x45/0x70
[   13.925880]  kasan_save_track+0x18/0x40
[   13.926063]  kasan_save_alloc_info+0x3b/0x50
[   13.926243]  __kasan_kmalloc+0xb7/0xc0
[   13.926407]  __kmalloc_cache_noprof+0x189/0x420
[   13.926770]  kasan_memcmp+0xb7/0x390
[   13.927102]  kunit_try_run_case+0x1a5/0x480
[   13.927443]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.927876]  kthread+0x337/0x6f0
[   13.928197]  ret_from_fork+0x41/0x80
[   13.928545]  ret_from_fork_asm+0x1a/0x30
[   13.928995] 
[   13.929228] The buggy address belongs to the object at ffff8881039efa40
[   13.929228]  which belongs to the cache kmalloc-32 of size 32
[   13.930228] The buggy address is located 0 bytes to the right of
[   13.930228]  allocated 24-byte region [ffff8881039efa40, ffff8881039efa58)
[   13.930918] 
[   13.931099] The buggy address belongs to the physical page:
[   13.931408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ef
[   13.931955] flags: 0x200000000000000(node=0|zone=2)
[   13.932153] page_type: f5(slab)
[   13.932383] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   13.933113] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   13.933511] page dumped because: kasan: bad access detected
[   13.933808] 
[   13.934031] Memory state around the buggy address:
[   13.934277]  ffff8881039ef900: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   13.934853]  ffff8881039ef980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   13.935252] >ffff8881039efa00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   13.935667]                                                     ^
[   13.935995]  ffff8881039efa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.936240]  ffff8881039efb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.936475] ==================================================================
Metadata Full log Test run details