Hay
Sign in
Date
July 8, 2025, 7:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   21.585626] ==================================================================
[   21.585951] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8
[   21.586047] Read of size 1 at addr fff00000c571ef58 by task kunit_try_catch/257
[   21.586109] 
[   21.586145] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   21.586520] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.586611] Hardware name: linux,dummy-virt (DT)
[   21.586674] Call trace:
[   21.586702]  show_stack+0x20/0x38 (C)
[   21.586897]  dump_stack_lvl+0x8c/0xd0
[   21.586953]  print_report+0x118/0x608
[   21.587025]  kasan_report+0xdc/0x128
[   21.587233]  __asan_report_load1_noabort+0x20/0x30
[   21.587424]  memcmp+0x198/0x1d8
[   21.587479]  kasan_memcmp+0x16c/0x300
[   21.587664]  kunit_try_run_case+0x170/0x3f0
[   21.587775]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.588006]  kthread+0x328/0x630
[   21.588261]  ret_from_fork+0x10/0x20
[   21.588462] 
[   21.588585] Allocated by task 257:
[   21.588677]  kasan_save_stack+0x3c/0x68
[   21.588766]  kasan_save_track+0x20/0x40
[   21.589011]  kasan_save_alloc_info+0x40/0x58
[   21.589182]  __kasan_kmalloc+0xd4/0xd8
[   21.589369]  __kmalloc_cache_noprof+0x16c/0x3c0
[   21.589601]  kasan_memcmp+0xbc/0x300
[   21.589646]  kunit_try_run_case+0x170/0x3f0
[   21.589902]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.590210]  kthread+0x328/0x630
[   21.590385]  ret_from_fork+0x10/0x20
[   21.590477] 
[   21.590608] The buggy address belongs to the object at fff00000c571ef40
[   21.590608]  which belongs to the cache kmalloc-32 of size 32
[   21.590996] The buggy address is located 0 bytes to the right of
[   21.590996]  allocated 24-byte region [fff00000c571ef40, fff00000c571ef58)
[   21.591236] 
[   21.591364] The buggy address belongs to the physical page:
[   21.591494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10571e
[   21.591588] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   21.591640] page_type: f5(slab)
[   21.592005] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000
[   21.592274] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   21.592412] page dumped because: kasan: bad access detected
[   21.592470] 
[   21.592604] Memory state around the buggy address:
[   21.592663]  fff00000c571ee00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   21.593143]  fff00000c571ee80: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[   21.593307] >fff00000c571ef00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   21.593529]                                                     ^
[   21.593885]  fff00000c571ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.594071]  fff00000c571f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.594116] ==================================================================
Metadata Full log Test run details 

[   14.905682] ==================================================================
[   14.906470] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0
[   14.906752] Read of size 1 at addr ffff88810261dbd8 by task kunit_try_catch/274
[   14.907081] 
[   14.907494] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   14.907546] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.907801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.907827] Call Trace:
[   14.907840]  <TASK>
[   14.907857]  dump_stack_lvl+0x73/0xb0
[   14.907886]  print_report+0xd1/0x650
[   14.907911]  ? __virt_addr_valid+0x1db/0x2d0
[   14.907934]  ? memcmp+0x1b4/0x1d0
[   14.907951]  ? kasan_complete_mode_report_info+0x2a/0x200
[   14.907976]  ? memcmp+0x1b4/0x1d0
[   14.907994]  kasan_report+0x141/0x180
[   14.908015]  ? memcmp+0x1b4/0x1d0
[   14.908038]  __asan_report_load1_noabort+0x18/0x20
[   14.908123]  memcmp+0x1b4/0x1d0
[   14.908143]  kasan_memcmp+0x18f/0x390
[   14.908164]  ? trace_hardirqs_on+0x37/0xe0
[   14.908187]  ? __pfx_kasan_memcmp+0x10/0x10
[   14.908208]  ? __kasan_check_write+0x18/0x20
[   14.908226]  ? queued_spin_lock_slowpath+0x116/0xb40
[   14.908252]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   14.908276]  ? __pfx_read_tsc+0x10/0x10
[   14.908296]  ? ktime_get_ts64+0x86/0x230
[   14.908320]  kunit_try_run_case+0x1a5/0x480
[   14.908344]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.908365]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   14.908386]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.908410]  ? __kthread_parkme+0x82/0x180
[   14.908430]  ? preempt_count_sub+0x50/0x80
[   14.908454]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.908478]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.908501]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.908523]  kthread+0x337/0x6f0
[   14.908542]  ? trace_preempt_on+0x20/0xc0
[   14.908563]  ? __pfx_kthread+0x10/0x10
[   14.908583]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.908604]  ? calculate_sigpending+0x7b/0xa0
[   14.908627]  ? __pfx_kthread+0x10/0x10
[   14.908648]  ret_from_fork+0x116/0x1d0
[   14.908666]  ? __pfx_kthread+0x10/0x10
[   14.908686]  ret_from_fork_asm+0x1a/0x30
[   14.908718]  </TASK>
[   14.908730] 
[   14.922062] Allocated by task 274:
[   14.922311]  kasan_save_stack+0x45/0x70
[   14.922587]  kasan_save_track+0x18/0x40
[   14.922760]  kasan_save_alloc_info+0x3b/0x50
[   14.922969]  __kasan_kmalloc+0xb7/0xc0
[   14.923490]  __kmalloc_cache_noprof+0x189/0x420
[   14.923684]  kasan_memcmp+0xb7/0x390
[   14.923974]  kunit_try_run_case+0x1a5/0x480
[   14.924371]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.924879]  kthread+0x337/0x6f0
[   14.925060]  ret_from_fork+0x116/0x1d0
[   14.925420]  ret_from_fork_asm+0x1a/0x30
[   14.925670] 
[   14.925766] The buggy address belongs to the object at ffff88810261dbc0
[   14.925766]  which belongs to the cache kmalloc-32 of size 32
[   14.926634] The buggy address is located 0 bytes to the right of
[   14.926634]  allocated 24-byte region [ffff88810261dbc0, ffff88810261dbd8)
[   14.927571] 
[   14.927679] The buggy address belongs to the physical page:
[   14.927884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10261d
[   14.928674] flags: 0x200000000000000(node=0|zone=2)
[   14.928909] page_type: f5(slab)
[   14.929271] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000
[   14.929823] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   14.930441] page dumped because: kasan: bad access detected
[   14.930929] 
[   14.931053] Memory state around the buggy address:
[   14.931505]  ffff88810261da80: 00 00 07 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   14.931822]  ffff88810261db00: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[   14.932585] >ffff88810261db80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   14.933012]                                                     ^
[   14.933529]  ffff88810261dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.933955]  ffff88810261dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.934329] ==================================================================
Metadata Full log Test run details