Date
July 4, 2025, 11:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.293087] ================================================================== [ 20.293160] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 20.293230] Read of size 1 at addr fff00000c639a398 by task kunit_try_catch/257 [ 20.293284] [ 20.293324] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 20.293409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.293440] Hardware name: linux,dummy-virt (DT) [ 20.293479] Call trace: [ 20.293505] show_stack+0x20/0x38 (C) [ 20.293559] dump_stack_lvl+0x8c/0xd0 [ 20.293609] print_report+0x118/0x608 [ 20.293660] kasan_report+0xdc/0x128 [ 20.293708] __asan_report_load1_noabort+0x20/0x30 [ 20.293762] memcmp+0x198/0x1d8 [ 20.293825] kasan_memcmp+0x16c/0x300 [ 20.293873] kunit_try_run_case+0x170/0x3f0 [ 20.293925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.293981] kthread+0x328/0x630 [ 20.294869] ret_from_fork+0x10/0x20 [ 20.296141] [ 20.296199] Allocated by task 257: [ 20.296247] kasan_save_stack+0x3c/0x68 [ 20.296302] kasan_save_track+0x20/0x40 [ 20.296347] kasan_save_alloc_info+0x40/0x58 [ 20.296389] __kasan_kmalloc+0xd4/0xd8 [ 20.296922] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.296979] kasan_memcmp+0xbc/0x300 [ 20.297015] kunit_try_run_case+0x170/0x3f0 [ 20.297141] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.297188] kthread+0x328/0x630 [ 20.297287] ret_from_fork+0x10/0x20 [ 20.297497] [ 20.297642] The buggy address belongs to the object at fff00000c639a380 [ 20.297642] which belongs to the cache kmalloc-32 of size 32 [ 20.297792] The buggy address is located 0 bytes to the right of [ 20.297792] allocated 24-byte region [fff00000c639a380, fff00000c639a398) [ 20.297918] [ 20.298491] page_type: f5(slab) [ 20.299602] fff00000c639a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.316237] # kasan_strings: EXPECTATION FAILED at mm/kasan/kasan_test_c.c:1612 [ 20.316237] KASAN failure expected in \"kasan_ptr_result = strrchr(ptr, '1')\", but none occurred [ 20.321908] __kasan_slab_free+0x6c/0x98 [ 20.323240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10639a [ 20.324208] fff00000c639a400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.327408] __asan_report_load1_noabort+0x20/0x30 [ 20.329834] kasan_strings+0xc8/0xb00 [ 20.331155] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.331784] The buggy address belongs to the physical page: [ 20.332436] fff00000c639a400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.335456] dump_stack_lvl+0x8c/0xd0 [ 20.337050] [ 20.337713] kthread+0x328/0x630 [ 20.338875] [ 20.339389] fff00000c639a580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.341512] Call trace: [ 20.343063] kasan_save_alloc_info+0x40/0x58 [ 20.343509] Freed by task 259: [ 20.344166] The buggy address is located 16 bytes inside of [ 20.344166] freed 32-byte region [fff00000c639a540, fff00000c639a560) [ 20.355379] Call trace: [ 20.356718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.358540] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.359188] The buggy address is located 8 bytes inside of [ 20.359188] allocated 9-byte region [fff00000c46e6be0, fff00000c46e6be9) [ 20.360299] fff00000c46e6a80: fa fb fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 20.361043] fff00000c46e6c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.361937] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 20.363772] __asan_report_load8_noabort+0x20/0x30 [ 20.365273] kasan_save_track+0x20/0x40 [ 20.365355] kasan_save_alloc_info+0x40/0x58 [ 20.365675] kunit_try_run_case+0x170/0x3f0 [ 20.366382] [ 20.366436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e6 [ 20.367471] >fff00000c46e6b80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 20.368124] ==================================================================
[ 13.877395] ================================================================== [ 13.878867] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.879740] Read of size 1 at addr ffff8881039947d8 by task kunit_try_catch/274 [ 13.880087] [ 13.880235] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.880288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.880301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.880326] Call Trace: [ 13.880341] <TASK> [ 13.880917] dump_stack_lvl+0x73/0xb0 [ 13.880970] print_report+0xd1/0x650 [ 13.880997] ? __virt_addr_valid+0x1db/0x2d0 [ 13.881021] ? memcmp+0x1b4/0x1d0 [ 13.881040] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.881062] ? memcmp+0x1b4/0x1d0 [ 13.881079] kasan_report+0x141/0x180 [ 13.881100] ? memcmp+0x1b4/0x1d0 [ 13.881121] __asan_report_load1_noabort+0x18/0x20 [ 13.881144] memcmp+0x1b4/0x1d0 [ 13.881164] kasan_memcmp+0x18f/0x390 [ 13.881183] ? trace_hardirqs_on+0x37/0xe0 [ 13.881519] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.881544] ? finish_task_switch.isra.0+0x153/0x700 [ 13.881568] ? __switch_to+0x47/0xf50 [ 13.881597] ? __pfx_read_tsc+0x10/0x10 [ 13.881618] ? ktime_get_ts64+0x86/0x230 [ 13.881641] kunit_try_run_case+0x1a5/0x480 [ 13.881668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.881689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.881713] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.881734] ? __kthread_parkme+0x82/0x180 [ 13.881757] ? preempt_count_sub+0x50/0x80 [ 13.881779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.881801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.881823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.881845] kthread+0x337/0x6f0 [ 13.881864] ? trace_preempt_on+0x20/0xc0 [ 13.881885] ? __pfx_kthread+0x10/0x10 [ 13.881905] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.881925] ? calculate_sigpending+0x7b/0xa0 [ 13.881948] ? __pfx_kthread+0x10/0x10 [ 13.881968] ret_from_fork+0x116/0x1d0 [ 13.881986] ? __pfx_kthread+0x10/0x10 [ 13.882006] ret_from_fork_asm+0x1a/0x30 [ 13.882036] </TASK> [ 13.882048] [ 13.892924] Allocated by task 274: [ 13.893342] kasan_save_stack+0x45/0x70 [ 13.894113] kasan_save_track+0x18/0x40 [ 13.894576] kasan_save_alloc_info+0x3b/0x50 [ 13.894968] __kasan_kmalloc+0xb7/0xc0 [ 13.895346] __kmalloc_cache_noprof+0x189/0x420 [ 13.895918] kasan_memcmp+0xb7/0x390 [ 13.896373] kunit_try_run_case+0x1a5/0x480 [ 13.896754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.897562] kthread+0x337/0x6f0 [ 13.897870] ret_from_fork+0x116/0x1d0 [ 13.898216] ret_from_fork_asm+0x1a/0x30 [ 13.898675] [ 13.898840] The buggy address belongs to the object at ffff8881039947c0 [ 13.898840] which belongs to the cache kmalloc-32 of size 32 [ 13.899921] The buggy address is located 0 bytes to the right of [ 13.899921] allocated 24-byte region [ffff8881039947c0, ffff8881039947d8) [ 13.900911] [ 13.901091] The buggy address belongs to the physical page: [ 13.901584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103994 [ 13.902272] flags: 0x200000000000000(node=0|zone=2) [ 13.902732] page_type: f5(slab) [ 13.903025] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.903681] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.903914] page dumped because: kasan: bad access detected [ 13.904088] [ 13.904157] Memory state around the buggy address: [ 13.904627] ffff888103994680: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.905569] ffff888103994700: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.906168] >ffff888103994780: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.906905] ^ [ 13.907558] ffff888103994800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.908300] ffff888103994880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.908522] ==================================================================