Date
July 13, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.083816] ================================================================== [ 18.084418] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 18.084488] Read of size 1 at addr fff00000c58cb0d8 by task kunit_try_catch/258 [ 18.084541] [ 18.084575] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.084659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.084686] Hardware name: linux,dummy-virt (DT) [ 18.084719] Call trace: [ 18.084742] show_stack+0x20/0x38 (C) [ 18.084793] dump_stack_lvl+0x8c/0xd0 [ 18.084888] print_report+0x118/0x5d0 [ 18.084935] kasan_report+0xdc/0x128 [ 18.085031] __asan_report_load1_noabort+0x20/0x30 [ 18.085162] memcmp+0x198/0x1d8 [ 18.085283] kasan_memcmp+0x16c/0x300 [ 18.085359] kunit_try_run_case+0x170/0x3f0 [ 18.085423] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.085479] kthread+0x328/0x630 [ 18.085544] ret_from_fork+0x10/0x20 [ 18.085595] [ 18.085615] Allocated by task 258: [ 18.085671] kasan_save_stack+0x3c/0x68 [ 18.085802] kasan_save_track+0x20/0x40 [ 18.085906] kasan_save_alloc_info+0x40/0x58 [ 18.085972] __kasan_kmalloc+0xd4/0xd8 [ 18.086046] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.086123] kasan_memcmp+0xbc/0x300 [ 18.086194] kunit_try_run_case+0x170/0x3f0 [ 18.086298] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.086387] kthread+0x328/0x630 [ 18.086476] ret_from_fork+0x10/0x20 [ 18.086596] [ 18.086665] The buggy address belongs to the object at fff00000c58cb0c0 [ 18.086665] which belongs to the cache kmalloc-32 of size 32 [ 18.086804] The buggy address is located 0 bytes to the right of [ 18.086804] allocated 24-byte region [fff00000c58cb0c0, fff00000c58cb0d8) [ 18.086884] [ 18.087130] The buggy address belongs to the physical page: [ 18.087306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058cb [ 18.087528] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.087586] page_type: f5(slab) [ 18.087645] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 18.087708] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 18.087754] page dumped because: kasan: bad access detected [ 18.087787] [ 18.087817] Memory state around the buggy address: [ 18.087861] fff00000c58caf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.087910] fff00000c58cb000: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 18.087956] >fff00000c58cb080: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 18.088006] ^ [ 18.088047] fff00000c58cb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.088102] fff00000c58cb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.088173] ==================================================================
[ 18.866937] ================================================================== [ 18.867001] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 18.867057] Read of size 1 at addr fff00000c5ae3a98 by task kunit_try_catch/258 [ 18.867110] [ 18.867145] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT [ 18.867797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.868206] Hardware name: linux,dummy-virt (DT) [ 18.868465] Call trace: [ 18.868740] show_stack+0x20/0x38 (C) [ 18.868830] dump_stack_lvl+0x8c/0xd0 [ 18.869197] print_report+0x118/0x5d0 [ 18.869394] kasan_report+0xdc/0x128 [ 18.869557] __asan_report_load1_noabort+0x20/0x30 [ 18.869661] memcmp+0x198/0x1d8 [ 18.869740] kasan_memcmp+0x16c/0x300 [ 18.870196] kunit_try_run_case+0x170/0x3f0 [ 18.870307] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.870422] kthread+0x328/0x630 [ 18.870586] ret_from_fork+0x10/0x20 [ 18.872175] [ 18.872330] Allocated by task 258: [ 18.872461] kasan_save_stack+0x3c/0x68 [ 18.872558] kasan_save_track+0x20/0x40 [ 18.872690] kasan_save_alloc_info+0x40/0x58 [ 18.872777] __kasan_kmalloc+0xd4/0xd8 [ 18.872886] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.873253] kasan_memcmp+0xbc/0x300 [ 18.874226] kunit_try_run_case+0x170/0x3f0 [ 18.874294] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.874344] kthread+0x328/0x630 [ 18.874474] ret_from_fork+0x10/0x20 [ 18.874675] [ 18.874721] The buggy address belongs to the object at fff00000c5ae3a80 [ 18.874721] which belongs to the cache kmalloc-32 of size 32 [ 18.874794] The buggy address is located 0 bytes to the right of [ 18.874794] allocated 24-byte region [fff00000c5ae3a80, fff00000c5ae3a98) [ 18.874976] [ 18.875102] The buggy address belongs to the physical page: [ 18.875162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ae3 [ 18.875261] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.875337] page_type: f5(slab) [ 18.875420] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 18.875476] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 18.875526] page dumped because: kasan: bad access detected [ 18.875560] [ 18.875579] Memory state around the buggy address: [ 18.875615] fff00000c5ae3980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 18.875660] fff00000c5ae3a00: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 18.875706] >fff00000c5ae3a80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.875748] ^ [ 18.875780] fff00000c5ae3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.875850] fff00000c5ae3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.875978] ==================================================================
[ 14.522497] ================================================================== [ 14.523314] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 14.523951] Read of size 1 at addr ffff8881026d0c58 by task kunit_try_catch/275 [ 14.524274] [ 14.524389] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.524778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.524794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.524816] Call Trace: [ 14.524829] <TASK> [ 14.524845] dump_stack_lvl+0x73/0xb0 [ 14.524875] print_report+0xd1/0x610 [ 14.524908] ? __virt_addr_valid+0x1db/0x2d0 [ 14.524932] ? memcmp+0x1b4/0x1d0 [ 14.524950] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.524975] ? memcmp+0x1b4/0x1d0 [ 14.524993] kasan_report+0x141/0x180 [ 14.525015] ? memcmp+0x1b4/0x1d0 [ 14.525038] __asan_report_load1_noabort+0x18/0x20 [ 14.525064] memcmp+0x1b4/0x1d0 [ 14.525084] kasan_memcmp+0x18f/0x390 [ 14.525104] ? trace_hardirqs_on+0x37/0xe0 [ 14.525129] ? __pfx_kasan_memcmp+0x10/0x10 [ 14.525150] ? finish_task_switch.isra.0+0x153/0x700 [ 14.525174] ? __switch_to+0x47/0xf50 [ 14.525204] ? __pfx_read_tsc+0x10/0x10 [ 14.525225] ? ktime_get_ts64+0x86/0x230 [ 14.525250] kunit_try_run_case+0x1a5/0x480 [ 14.525276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.525301] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.525326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.525351] ? __kthread_parkme+0x82/0x180 [ 14.525372] ? preempt_count_sub+0x50/0x80 [ 14.525396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.525466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.525493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.525519] kthread+0x337/0x6f0 [ 14.525539] ? trace_preempt_on+0x20/0xc0 [ 14.525563] ? __pfx_kthread+0x10/0x10 [ 14.525584] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.525607] ? calculate_sigpending+0x7b/0xa0 [ 14.525633] ? __pfx_kthread+0x10/0x10 [ 14.525656] ret_from_fork+0x116/0x1d0 [ 14.525676] ? __pfx_kthread+0x10/0x10 [ 14.525698] ret_from_fork_asm+0x1a/0x30 [ 14.525730] </TASK> [ 14.525741] [ 14.536234] Allocated by task 275: [ 14.536749] kasan_save_stack+0x45/0x70 [ 14.537031] kasan_save_track+0x18/0x40 [ 14.537326] kasan_save_alloc_info+0x3b/0x50 [ 14.537721] __kasan_kmalloc+0xb7/0xc0 [ 14.538034] __kmalloc_cache_noprof+0x189/0x420 [ 14.538262] kasan_memcmp+0xb7/0x390 [ 14.538653] kunit_try_run_case+0x1a5/0x480 [ 14.538903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.539265] kthread+0x337/0x6f0 [ 14.539637] ret_from_fork+0x116/0x1d0 [ 14.539889] ret_from_fork_asm+0x1a/0x30 [ 14.540086] [ 14.540179] The buggy address belongs to the object at ffff8881026d0c40 [ 14.540179] which belongs to the cache kmalloc-32 of size 32 [ 14.541030] The buggy address is located 0 bytes to the right of [ 14.541030] allocated 24-byte region [ffff8881026d0c40, ffff8881026d0c58) [ 14.541910] [ 14.542012] The buggy address belongs to the physical page: [ 14.542250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026d0 [ 14.542959] flags: 0x200000000000000(node=0|zone=2) [ 14.543276] page_type: f5(slab) [ 14.543599] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.543923] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.544230] page dumped because: kasan: bad access detected [ 14.544686] [ 14.544918] Memory state around the buggy address: [ 14.545248] ffff8881026d0b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.545929] ffff8881026d0b80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.546356] >ffff8881026d0c00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.546898] ^ [ 14.547164] ffff8881026d0c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.547688] ffff8881026d0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.548215] ==================================================================
[ 14.743482] ================================================================== [ 14.744952] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 14.745267] Read of size 1 at addr ffff8881025b0358 by task kunit_try_catch/275 [ 14.745574] [ 14.745668] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6 #1 PREEMPT(voluntary) [ 14.745712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.745725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.745748] Call Trace: [ 14.745761] <TASK> [ 14.745777] dump_stack_lvl+0x73/0xb0 [ 14.745805] print_report+0xd1/0x610 [ 14.745829] ? __virt_addr_valid+0x1db/0x2d0 [ 14.745853] ? memcmp+0x1b4/0x1d0 [ 14.745871] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.745895] ? memcmp+0x1b4/0x1d0 [ 14.745914] kasan_report+0x141/0x180 [ 14.745937] ? memcmp+0x1b4/0x1d0 [ 14.745959] __asan_report_load1_noabort+0x18/0x20 [ 14.745985] memcmp+0x1b4/0x1d0 [ 14.746005] kasan_memcmp+0x18f/0x390 [ 14.746026] ? trace_hardirqs_on+0x37/0xe0 [ 14.746062] ? __pfx_kasan_memcmp+0x10/0x10 [ 14.746084] ? finish_task_switch.isra.0+0x153/0x700 [ 14.746108] ? __switch_to+0x47/0xf50 [ 14.746138] ? __pfx_read_tsc+0x10/0x10 [ 14.746160] ? ktime_get_ts64+0x86/0x230 [ 14.746184] kunit_try_run_case+0x1a5/0x480 [ 14.746211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.746235] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.746260] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.746285] ? __kthread_parkme+0x82/0x180 [ 14.746307] ? preempt_count_sub+0x50/0x80 [ 14.746330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.746356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.746382] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.746408] kthread+0x337/0x6f0 [ 14.746428] ? trace_preempt_on+0x20/0xc0 [ 14.746451] ? __pfx_kthread+0x10/0x10 [ 14.746473] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.746494] ? calculate_sigpending+0x7b/0xa0 [ 14.746520] ? __pfx_kthread+0x10/0x10 [ 14.746542] ret_from_fork+0x116/0x1d0 [ 14.746562] ? __pfx_kthread+0x10/0x10 [ 14.746583] ret_from_fork_asm+0x1a/0x30 [ 14.746614] </TASK> [ 14.746625] [ 14.757484] Allocated by task 275: [ 14.757722] kasan_save_stack+0x45/0x70 [ 14.757945] kasan_save_track+0x18/0x40 [ 14.758122] kasan_save_alloc_info+0x3b/0x50 [ 14.758275] __kasan_kmalloc+0xb7/0xc0 [ 14.758460] __kmalloc_cache_noprof+0x189/0x420 [ 14.758868] kasan_memcmp+0xb7/0x390 [ 14.759080] kunit_try_run_case+0x1a5/0x480 [ 14.759345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.759585] kthread+0x337/0x6f0 [ 14.759830] ret_from_fork+0x116/0x1d0 [ 14.760026] ret_from_fork_asm+0x1a/0x30 [ 14.760270] [ 14.760350] The buggy address belongs to the object at ffff8881025b0340 [ 14.760350] which belongs to the cache kmalloc-32 of size 32 [ 14.760780] The buggy address is located 0 bytes to the right of [ 14.760780] allocated 24-byte region [ffff8881025b0340, ffff8881025b0358) [ 14.761263] [ 14.761338] The buggy address belongs to the physical page: [ 14.761648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025b0 [ 14.762037] flags: 0x200000000000000(node=0|zone=2) [ 14.762395] page_type: f5(slab) [ 14.762518] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.762939] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.763357] page dumped because: kasan: bad access detected [ 14.763616] [ 14.763710] Memory state around the buggy address: [ 14.763935] ffff8881025b0200: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 14.764311] ffff8881025b0280: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 14.764597] >ffff8881025b0300: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.764904] ^ [ 14.765188] ffff8881025b0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.765407] ffff8881025b0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.765717] ==================================================================