Date
July 19, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.464665] ================================================================== [ 17.464778] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 17.464837] Read of size 1 at addr ffff800080b57b4a by task kunit_try_catch/253 [ 17.464888] [ 17.464920] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 17.465152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.465222] Hardware name: linux,dummy-virt (DT) [ 17.465411] Call trace: [ 17.465444] show_stack+0x20/0x38 (C) [ 17.465523] dump_stack_lvl+0x8c/0xd0 [ 17.465596] print_report+0x310/0x5d0 [ 17.465677] kasan_report+0xdc/0x128 [ 17.465762] __asan_report_load1_noabort+0x20/0x30 [ 17.465843] kasan_alloca_oob_right+0x2dc/0x340 [ 17.465944] kunit_try_run_case+0x170/0x3f0 [ 17.465995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.466051] kthread+0x328/0x630 [ 17.466093] ret_from_fork+0x10/0x20 [ 17.466211] [ 17.466237] The buggy address belongs to stack of task kunit_try_catch/253 [ 17.466292] [ 17.466332] The buggy address ffff800080b57b4a belongs to a vmalloc virtual mapping [ 17.466397] The buggy address belongs to the physical page: [ 17.466702] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c7 [ 17.466798] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.466931] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 17.467005] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 17.467050] page dumped because: kasan: bad access detected [ 17.467104] [ 17.467142] Memory state around the buggy address: [ 17.467199] ffff800080b57a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.467264] ffff800080b57a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.467339] >ffff800080b57b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 17.467382] ^ [ 17.467420] ffff800080b57b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 17.473762] # kasan_memchr: EXPECTATION FAILED at mm/kasan/kasan_test_c.c:1535 [ 17.473762] KASAN failure expected in \"kasan_ptr_result = memchr(ptr, '1', size + 1)\", but none occurred [ 17.483144] fff00000c7914000: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 17.491387] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 17.492606] Allocated by task 259: [ 17.492799] __kasan_kmalloc+0xd4/0xd8 [ 17.493481] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.493891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107914 [ 17.494551] fff00000c7914300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 17.496855] kthread+0x328/0x630 [ 17.498228] kasan_save_track+0x20/0x40 [ 17.499723] The buggy address is located 16 bytes inside of [ 17.499723] freed 32-byte region [fff00000c7914240, fff00000c7914260) [ 17.504866] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 17.505540] dump_stack_lvl+0x8c/0xd0 [ 17.507161] kunit_try_run_case+0x170/0x3f0 [ 17.507788] kasan_save_free_info+0x4c/0x78 [ 17.508623] [ 17.509573] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 17.512461] kasan_report+0xdc/0x128 [ 17.513203] kasan_save_stack+0x3c/0x68 [ 17.514641] The buggy address is located 16 bytes inside of [ 17.514641] freed 32-byte region [fff00000c7914240, fff00000c7914260) [ 17.521248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.521739] kasan_bitops_generic+0x110/0x1c8 [ 17.522621] [ 17.523515] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.523971] fff00000c61b2700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.526207] Call trace: [ 17.526849] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.527861] The buggy address is located 8 bytes inside of [ 17.527861] allocated 9-byte region [fff00000c61b27a0, fff00000c61b27a9) [ 17.530224] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 17.531413] kasan_bitops_generic+0x110/0x1c8 [ 17.534791] ret_from_fork+0x10/0x20 [ 17.536184] page dumped because: kasan: bad access detected [ 17.537467] fff00000c61b2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.541044] __asan_report_load8_noabort+0x20/0x30 [ 17.542949] The buggy address is located 8 bytes inside of [ 17.542949] allocated 9-byte region [fff00000c61b27a0, fff00000c61b27a9) [ 17.544817] Write of size 8 at addr fff00000c61b27a8 by task kunit_try_catch/261 [ 17.548336] kunit_try_run_case+0x170/0x3f0 [ 17.550542] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.552533] fff00000c61b2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.555774] dump_stack_lvl+0x8c/0xd0 [ 17.558000] [ 17.558797] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.559501] [ 17.559565] fff00000c61b2680: 00 05 fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 17.562194] Read of size 8 at addr fff00000c61b27a8 by task kunit_try_catch/261 [ 17.566495] The buggy address is located 8 bytes inside of [ 17.566495] allocated 9-byte region [fff00000c61b27a0, fff00000c61b27a9) [ 17.569836] [ 17.570980] kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 17.573483] [ 17.574265] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.574867] fff00000c61b2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.576115] __kasan_check_write+0x20/0x30 [ 17.581353] page_type: f5(slab) [ 17.582724] >fff00000c61b2780: 00 04 fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 17.585418] Read of size 8 at addr fff00000c61b27a8 by task kunit_try_catch/261 [ 17.587422] kasan_bitops_generic+0x110/0x1c8 [ 17.592219] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.594789] Hardware name: linux,dummy-virt (DT) [ 17.598545] The buggy address is located 8 bytes inside of [ 17.598545] allocated 9-byte region [fff00000c61b27a0, fff00000c61b27a9) [ 17.602471] Read of size 8 at addr fff00000c61b27a8 by task kunit_try_catch/261 [ 17.604492] kthread+0x328/0x630 [ 17.609207] fff00000c61b2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.611730] dump_stack_lvl+0x8c/0xd0 [ 17.615017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.617077] >fff00000c61b2780: 00 04 fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 17.620714] show_stack+0x20/0x38 (C) [ 17.624103] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.625354] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.626915] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 17.632900] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.634647] fff00000c61b2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.638649] kthread+0x328/0x630 [ 17.640836] The buggy address belongs to the object at fff00000c61b27a0 [ 17.640836] which belongs to the cache kmalloc-16 of size 16 [ 17.643570] fff00000c61b2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.646518] [ 17.647496] [ 17.647695] ^ [ 17.649914] Read of size 8 at addr fff00000c61b27a8 by task kunit_try_catch/261 [ 17.654856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b2 [ 17.656707] ^ [ 17.658404] Read of size 8 at addr fff00000c61b27a8 by task kunit_try_catch/261 [ 17.661509] ret_from_fork+0x10/0x20 [ 17.663737] ^ [ 17.675280] ok 64 kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 17.681857] kasan_atomics_helper+0x40a8/0x4858 [ 17.685235] page_type: f5(slab) [ 17.686286] fff00000c7915580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.687601] [ 17.688697] kasan_atomics_helper+0x3f7c/0x4858 [ 17.690788] kunit_try_run_case+0x170/0x3f0 [ 17.691710] The buggy address belongs to the physical page: [ 17.693117] fff00000c7915480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.694591] ==================================================================
[ 13.840460] ================================================================== [ 13.842111] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.843217] Read of size 1 at addr ffff888103aafc4a by task kunit_try_catch/270 [ 13.844075] [ 13.844189] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 13.844339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.844355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.844430] Call Trace: [ 13.844444] <TASK> [ 13.844458] dump_stack_lvl+0x73/0xb0 [ 13.844490] print_report+0xd1/0x610 [ 13.844511] ? __virt_addr_valid+0x1db/0x2d0 [ 13.844532] ? kasan_alloca_oob_right+0x329/0x390 [ 13.844553] ? kasan_addr_to_slab+0x11/0xa0 [ 13.844573] ? kasan_alloca_oob_right+0x329/0x390 [ 13.844595] kasan_report+0x141/0x180 [ 13.844616] ? kasan_alloca_oob_right+0x329/0x390 [ 13.844642] __asan_report_load1_noabort+0x18/0x20 [ 13.844665] kasan_alloca_oob_right+0x329/0x390 [ 13.844685] ? __kasan_check_write+0x18/0x20 [ 13.844704] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.844725] ? finish_task_switch.isra.0+0x153/0x700 [ 13.844746] ? rt_mutex_adjust_prio_chain+0x195e/0x20e0 [ 13.844768] ? trace_hardirqs_on+0x37/0xe0 [ 13.844792] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.844815] ? __schedule+0x10cc/0x2b60 [ 13.844836] ? __pfx_read_tsc+0x10/0x10 [ 13.844856] ? ktime_get_ts64+0x86/0x230 [ 13.844878] kunit_try_run_case+0x1a5/0x480 [ 13.844902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.844923] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.844945] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.844973] ? __kthread_parkme+0x82/0x180 [ 13.844993] ? preempt_count_sub+0x50/0x80 [ 13.845027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.845050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.845072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.845095] kthread+0x337/0x6f0 [ 13.845113] ? trace_preempt_on+0x20/0xc0 [ 13.845134] ? __pfx_kthread+0x10/0x10 [ 13.845154] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.845175] ? calculate_sigpending+0x7b/0xa0 [ 13.845197] ? __pfx_kthread+0x10/0x10 [ 13.845218] ret_from_fork+0x116/0x1d0 [ 13.845235] ? __pfx_kthread+0x10/0x10 [ 13.845255] ret_from_fork_asm+0x1a/0x30 [ 13.845284] </TASK> [ 13.845294] [ 13.854643] The buggy address belongs to stack of task kunit_try_catch/270 [ 13.855119] [ 13.855194] The buggy address belongs to the physical page: [ 13.855367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaf [ 13.855725] flags: 0x200000000000000(node=0|zone=2) [ 13.856047] raw: 0200000000000000 ffffea00040eabc8 ffffea00040eabc8 0000000000000000 [ 13.856435] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.856689] page dumped because: kasan: bad access detected [ 13.856861] [ 13.856933] Memory state around the buggy address: [ 13.857201] ffff888103aafb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.857659] ffff888103aafb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.857980] >ffff888103aafc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.858242] ^ [ 13.858525] ffff888103aafc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.859115] ffff888103aafd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.859435] ==================================================================