Hay
Sign in
Date
June 17, 2025, 3:39 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   94.546405] ==================================================================
[   94.547854] BUG: KASAN: slab-out-of-bounds in memcmp+0x44/0xd0
[   94.549036] Read of size 1 at addr ffff0000c5ec1cd8 by task kunit_try_catch/203
[   94.550376] 
[   94.550904] CPU: 1 PID: 203 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   94.552141] Hardware name: linux,dummy-virt (DT)
[   94.552963] Call trace:
[   94.553502]  dump_backtrace+0x9c/0x128
[   94.554256]  show_stack+0x20/0x38
[   94.555285]  dump_stack_lvl+0x60/0xb0
[   94.556021]  print_report+0xf8/0x5e8
[   94.556774]  kasan_report+0xdc/0x128
[   94.558027]  __asan_load1+0x60/0x70
[   94.558870]  memcmp+0x44/0xd0
[   94.559574]  kasan_memcmp+0xf0/0x208
[   94.560197]  kunit_try_run_case+0x114/0x298
[   94.561125]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   94.562159]  kthread+0x18c/0x1a8
[   94.562918]  ret_from_fork+0x10/0x20
[   94.563675] 
[   94.564092] Allocated by task 203:
[   94.564753]  kasan_save_stack+0x3c/0x68
[   94.565585]  kasan_set_track+0x2c/0x40
[   94.566379]  kasan_save_alloc_info+0x24/0x38
[   94.567201]  __kasan_kmalloc+0xd4/0xd8
[   94.568007]  kmalloc_trace+0x68/0x130
[   94.568793]  kasan_memcmp+0xac/0x208
[   94.569527]  kunit_try_run_case+0x114/0x298
[   94.570355]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   94.571442]  kthread+0x18c/0x1a8
[   94.572177]  ret_from_fork+0x10/0x20
[   94.572987] 
[   94.573377] The buggy address belongs to the object at ffff0000c5ec1cc0
[   94.573377]  which belongs to the cache kmalloc-32 of size 32
[   94.574916] The buggy address is located 0 bytes to the right of
[   94.574916]  allocated 24-byte region [ffff0000c5ec1cc0, ffff0000c5ec1cd8)
[   94.576654] 
[   94.577085] The buggy address belongs to the physical page:
[   94.577993] page:000000009bc72880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec1
[   94.579274] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[   94.580361] page_type: 0xffffffff()
[   94.581117] raw: 0bfffc0000000800 ffff0000c0001500 dead000000000122 0000000000000000
[   94.582246] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[   94.583344] page dumped because: kasan: bad access detected
[   94.584221] 
[   94.584623] Memory state around the buggy address:
[   94.585336]  ffff0000c5ec1b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   94.586398]  ffff0000c5ec1c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   94.587475] >ffff0000c5ec1c80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   94.588600]                                                     ^
[   94.589537]  ffff0000c5ec1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.590567]  ffff0000c5ec1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.591535] ==================================================================
Metadata Full log Test run details 

[   35.461797] ==================================================================
[   35.462431] BUG: KASAN: slab-out-of-bounds in memcmp+0x3d/0xb0
[   35.463112] Read of size 1 at addr ffff8881028693d8 by task kunit_try_catch/218
[   35.463771] 
[   35.463926] CPU: 0 PID: 218 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   35.464858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   35.465608] Call Trace:
[   35.465889]  <TASK>
[   35.466115]  dump_stack_lvl+0x4e/0x90
[   35.466637]  print_report+0xd2/0x650
[   35.466934]  ? __virt_addr_valid+0x156/0x1e0
[   35.467295]  ? memcmp+0x3d/0xb0
[   35.467980]  ? kasan_complete_mode_report_info+0x2a/0x200
[   35.468377]  ? memcmp+0x3d/0xb0
[   35.468642]  kasan_report+0x147/0x180
[   35.469087]  ? memcmp+0x3d/0xb0
[   35.469579]  __asan_load1+0x66/0x70
[   35.469914]  memcmp+0x3d/0xb0
[   35.470174]  kasan_memcmp+0x100/0x230
[   35.470556]  ? __pfx_kasan_memcmp+0x10/0x10
[   35.470890]  ? finish_task_switch.isra.0+0xc8/0x3e0
[   35.471283]  ? ktime_get_ts64+0x118/0x140
[   35.471682]  kunit_try_run_case+0x120/0x290
[   35.472046]  ? __pfx_kunit_try_run_case+0x10/0x10
[   35.472779]  ? __kasan_check_write+0x18/0x20
[   35.473092]  ? trace_preempt_on+0x20/0xa0
[   35.473382]  ? __kthread_parkme+0x4f/0xd0
[   35.473808]  ? preempt_count_sub+0x50/0x80
[   35.474161]  ? __pfx_kunit_try_run_case+0x10/0x10
[   35.474631]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   35.475044]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   35.475522]  kthread+0x19e/0x1e0
[   35.475799]  ? __pfx_kthread+0x10/0x10
[   35.476133]  ret_from_fork+0x41/0x70
[   35.476346]  ? __pfx_kthread+0x10/0x10
[   35.476717]  ret_from_fork_asm+0x1b/0x30
[   35.477186]  </TASK>
[   35.477422] 
[   35.477937] Allocated by task 218:
[   35.478125]  kasan_save_stack+0x44/0x70
[   35.478491]  kasan_set_track+0x29/0x40
[   35.478756]  kasan_save_alloc_info+0x22/0x30
[   35.479162]  __kasan_kmalloc+0xb7/0xc0
[   35.479548]  kmalloc_trace+0x4c/0xb0
[   35.479888]  kasan_memcmp+0xb0/0x230
[   35.480160]  kunit_try_run_case+0x120/0x290
[   35.480453]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   35.481036]  kthread+0x19e/0x1e0
[   35.481257]  ret_from_fork+0x41/0x70
[   35.481622]  ret_from_fork_asm+0x1b/0x30
[   35.482017] 
[   35.482159] The buggy address belongs to the object at ffff8881028693c0
[   35.482159]  which belongs to the cache kmalloc-32 of size 32
[   35.483325] The buggy address is located 0 bytes to the right of
[   35.483325]  allocated 24-byte region [ffff8881028693c0, ffff8881028693d8)
[   35.484201] 
[   35.484341] The buggy address belongs to the physical page:
[   35.484937] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102869
[   35.485579] flags: 0x200000000000800(slab|node=0|zone=2)
[   35.486020] page_type: 0xffffffff()
[   35.486294] raw: 0200000000000800 ffff888100041500 dead000000000122 0000000000000000
[   35.486958] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[   35.487556] page dumped because: kasan: bad access detected
[   35.488202] 
[   35.488347] Memory state around the buggy address:
[   35.488747]  ffff888102869280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   35.489314]  ffff888102869300: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc
[   35.489893] >ffff888102869380: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   35.490331]                                                     ^
[   35.490829]  ffff888102869400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.491276]  ffff888102869480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.491755] ==================================================================
Metadata Full log Test run details