Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 18.800908] ================================================================== [ 18.800992] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 18.801099] Read of size 1 at addr fff00000c79c3918 by task kunit_try_catch/257 [ 18.801152] [ 18.801188] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 18.801339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.801601] Hardware name: linux,dummy-virt (DT) [ 18.801744] Call trace: [ 18.801771] show_stack+0x20/0x38 (C) [ 18.801971] dump_stack_lvl+0x8c/0xd0 [ 18.802023] print_report+0x118/0x5d0 [ 18.802091] kasan_report+0xdc/0x128 [ 18.802141] __asan_report_load1_noabort+0x20/0x30 [ 18.802195] memcmp+0x198/0x1d8 [ 18.802240] kasan_memcmp+0x16c/0x300 [ 18.802288] kunit_try_run_case+0x170/0x3f0 [ 18.802339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.802398] kthread+0x328/0x630 [ 18.802443] ret_from_fork+0x10/0x20 [ 18.802493] [ 18.802515] Allocated by task 257: [ 18.802547] kasan_save_stack+0x3c/0x68 [ 18.802591] kasan_save_track+0x20/0x40 [ 18.802640] kasan_save_alloc_info+0x40/0x58 [ 18.802682] __kasan_kmalloc+0xd4/0xd8 [ 18.803217] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.803268] kasan_memcmp+0xbc/0x300 [ 18.803306] kunit_try_run_case+0x170/0x3f0 [ 18.803464] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.803511] kthread+0x328/0x630 [ 18.803548] ret_from_fork+0x10/0x20 [ 18.803659] [ 18.803715] The buggy address belongs to the object at fff00000c79c3900 [ 18.803715] which belongs to the cache kmalloc-32 of size 32 [ 18.803781] The buggy address is located 0 bytes to the right of [ 18.803781] allocated 24-byte region [fff00000c79c3900, fff00000c79c3918) [ 18.803850] [ 18.803908] The buggy address belongs to the physical page: [ 18.803978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079c3 [ 18.804043] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.804096] page_type: f5(slab) [ 18.804139] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 18.804351] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 18.804400] page dumped because: kasan: bad access detected [ 18.804435] [ 18.804464] Memory state around the buggy address: [ 18.804616] fff00000c79c3800: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 18.804664] fff00000c79c3880: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 18.804709] >fff00000c79c3900: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.804753] ^ [ 18.804785] fff00000c79c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.805085] fff00000c79c3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.805515] ==================================================================
[ 19.015817] ================================================================== [ 19.015886] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 19.015948] Read of size 1 at addr fff00000c5b41158 by task kunit_try_catch/257 [ 19.016004] [ 19.016045] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 19.016669] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.016714] Hardware name: linux,dummy-virt (DT) [ 19.016754] Call trace: [ 19.016781] show_stack+0x20/0x38 (C) [ 19.017364] dump_stack_lvl+0x8c/0xd0 [ 19.017448] print_report+0x118/0x5d0 [ 19.017610] kasan_report+0xdc/0x128 [ 19.017970] __asan_report_load1_noabort+0x20/0x30 [ 19.018098] memcmp+0x198/0x1d8 [ 19.018431] kasan_memcmp+0x16c/0x300 [ 19.018789] kunit_try_run_case+0x170/0x3f0 [ 19.019122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.019396] kthread+0x328/0x630 [ 19.019633] ret_from_fork+0x10/0x20 [ 19.019695] [ 19.019717] Allocated by task 257: [ 19.019752] kasan_save_stack+0x3c/0x68 [ 19.019820] kasan_save_track+0x20/0x40 [ 19.019863] kasan_save_alloc_info+0x40/0x58 [ 19.019905] __kasan_kmalloc+0xd4/0xd8 [ 19.019945] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.020027] kasan_memcmp+0xbc/0x300 [ 19.020065] kunit_try_run_case+0x170/0x3f0 [ 19.020110] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.020248] kthread+0x328/0x630 [ 19.020284] ret_from_fork+0x10/0x20 [ 19.020740] [ 19.020830] The buggy address belongs to the object at fff00000c5b41140 [ 19.020830] which belongs to the cache kmalloc-32 of size 32 [ 19.021024] The buggy address is located 0 bytes to the right of [ 19.021024] allocated 24-byte region [fff00000c5b41140, fff00000c5b41158) [ 19.021100] [ 19.021306] The buggy address belongs to the physical page: [ 19.021357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b41 [ 19.021448] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.021688] page_type: f5(slab) [ 19.021878] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.021942] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.021988] page dumped because: kasan: bad access detected [ 19.022703] [ 19.022729] Memory state around the buggy address: [ 19.022769] fff00000c5b41000: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.023118] fff00000c5b41080: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 19.023466] >fff00000c5b41100: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.023712] ^ [ 19.023858] fff00000c5b41180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.023918] fff00000c5b41200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.023961] ==================================================================
[ 14.587547] ================================================================== [ 14.588133] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 14.588829] Read of size 1 at addr ffff888103951458 by task kunit_try_catch/275 [ 14.589609] [ 14.589851] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.589968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.589982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.590003] Call Trace: [ 14.590017] <TASK> [ 14.590037] dump_stack_lvl+0x73/0xb0 [ 14.590070] print_report+0xd1/0x610 [ 14.590096] ? __virt_addr_valid+0x1db/0x2d0 [ 14.590121] ? memcmp+0x1b4/0x1d0 [ 14.590141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.590164] ? memcmp+0x1b4/0x1d0 [ 14.590184] kasan_report+0x141/0x180 [ 14.590206] ? memcmp+0x1b4/0x1d0 [ 14.590232] __asan_report_load1_noabort+0x18/0x20 [ 14.590256] memcmp+0x1b4/0x1d0 [ 14.590278] kasan_memcmp+0x18f/0x390 [ 14.590298] ? trace_hardirqs_on+0x37/0xe0 [ 14.590324] ? __pfx_kasan_memcmp+0x10/0x10 [ 14.590345] ? finish_task_switch.isra.0+0x153/0x700 [ 14.590368] ? __switch_to+0x47/0xf50 [ 14.590412] ? __pfx_read_tsc+0x10/0x10 [ 14.590434] ? ktime_get_ts64+0x86/0x230 [ 14.590459] kunit_try_run_case+0x1a5/0x480 [ 14.590486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.590509] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.590533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.590558] ? __kthread_parkme+0x82/0x180 [ 14.590580] ? preempt_count_sub+0x50/0x80 [ 14.590607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.590632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.590656] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.590680] kthread+0x337/0x6f0 [ 14.590700] ? trace_preempt_on+0x20/0xc0 [ 14.590722] ? __pfx_kthread+0x10/0x10 [ 14.590744] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.590766] ? calculate_sigpending+0x7b/0xa0 [ 14.590792] ? __pfx_kthread+0x10/0x10 [ 14.590814] ret_from_fork+0x116/0x1d0 [ 14.590834] ? __pfx_kthread+0x10/0x10 [ 14.590855] ret_from_fork_asm+0x1a/0x30 [ 14.590889] </TASK> [ 14.590900] [ 14.604218] Allocated by task 275: [ 14.604497] kasan_save_stack+0x45/0x70 [ 14.604694] kasan_save_track+0x18/0x40 [ 14.604935] kasan_save_alloc_info+0x3b/0x50 [ 14.605304] __kasan_kmalloc+0xb7/0xc0 [ 14.605582] __kmalloc_cache_noprof+0x189/0x420 [ 14.605846] kasan_memcmp+0xb7/0x390 [ 14.606006] kunit_try_run_case+0x1a5/0x480 [ 14.606326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.606665] kthread+0x337/0x6f0 [ 14.606804] ret_from_fork+0x116/0x1d0 [ 14.606939] ret_from_fork_asm+0x1a/0x30 [ 14.607191] [ 14.607574] The buggy address belongs to the object at ffff888103951440 [ 14.607574] which belongs to the cache kmalloc-32 of size 32 [ 14.608084] The buggy address is located 0 bytes to the right of [ 14.608084] allocated 24-byte region [ffff888103951440, ffff888103951458) [ 14.608554] [ 14.608801] The buggy address belongs to the physical page: [ 14.609136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103951 [ 14.609799] flags: 0x200000000000000(node=0|zone=2) [ 14.610057] page_type: f5(slab) [ 14.610332] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.610728] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.611008] page dumped because: kasan: bad access detected [ 14.611268] [ 14.611475] Memory state around the buggy address: [ 14.611806] ffff888103951300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.612074] ffff888103951380: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.612577] >ffff888103951400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.613150] ^ [ 14.613606] ffff888103951480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.613956] ffff888103951500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.614379] ==================================================================
[ 14.673311] ================================================================== [ 14.674581] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 14.675478] Read of size 1 at addr ffff8881039bc1d8 by task kunit_try_catch/275 [ 14.675913] [ 14.676013] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.676064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.676076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.676100] Call Trace: [ 14.676115] <TASK> [ 14.676134] dump_stack_lvl+0x73/0xb0 [ 14.676179] print_report+0xd1/0x610 [ 14.676206] ? __virt_addr_valid+0x1db/0x2d0 [ 14.676230] ? memcmp+0x1b4/0x1d0 [ 14.676248] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.676270] ? memcmp+0x1b4/0x1d0 [ 14.676288] kasan_report+0x141/0x180 [ 14.676309] ? memcmp+0x1b4/0x1d0 [ 14.676336] __asan_report_load1_noabort+0x18/0x20 [ 14.676360] memcmp+0x1b4/0x1d0 [ 14.676379] kasan_memcmp+0x18f/0x390 [ 14.676399] ? trace_hardirqs_on+0x37/0xe0 [ 14.676424] ? __pfx_kasan_memcmp+0x10/0x10 [ 14.676444] ? finish_task_switch.isra.0+0x153/0x700 [ 14.676467] ? __switch_to+0x47/0xf50 [ 14.676496] ? __pfx_read_tsc+0x10/0x10 [ 14.676519] ? ktime_get_ts64+0x86/0x230 [ 14.676543] kunit_try_run_case+0x1a5/0x480 [ 14.676570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.676592] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.676617] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.676640] ? __kthread_parkme+0x82/0x180 [ 14.676661] ? preempt_count_sub+0x50/0x80 [ 14.676683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.676707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.676730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.676754] kthread+0x337/0x6f0 [ 14.676773] ? trace_preempt_on+0x20/0xc0 [ 14.676795] ? __pfx_kthread+0x10/0x10 [ 14.676815] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.676836] ? calculate_sigpending+0x7b/0xa0 [ 14.676873] ? __pfx_kthread+0x10/0x10 [ 14.676895] ret_from_fork+0x116/0x1d0 [ 14.676913] ? __pfx_kthread+0x10/0x10 [ 14.676933] ret_from_fork_asm+0x1a/0x30 [ 14.676965] </TASK> [ 14.676976] [ 14.690117] Allocated by task 275: [ 14.690272] kasan_save_stack+0x45/0x70 [ 14.690635] kasan_save_track+0x18/0x40 [ 14.691027] kasan_save_alloc_info+0x3b/0x50 [ 14.691478] __kasan_kmalloc+0xb7/0xc0 [ 14.691912] __kmalloc_cache_noprof+0x189/0x420 [ 14.692195] kasan_memcmp+0xb7/0x390 [ 14.692349] kunit_try_run_case+0x1a5/0x480 [ 14.692716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.693289] kthread+0x337/0x6f0 [ 14.693686] ret_from_fork+0x116/0x1d0 [ 14.694094] ret_from_fork_asm+0x1a/0x30 [ 14.694573] [ 14.694655] The buggy address belongs to the object at ffff8881039bc1c0 [ 14.694655] which belongs to the cache kmalloc-32 of size 32 [ 14.695380] The buggy address is located 0 bytes to the right of [ 14.695380] allocated 24-byte region [ffff8881039bc1c0, ffff8881039bc1d8) [ 14.696636] [ 14.696717] The buggy address belongs to the physical page: [ 14.697003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039bc [ 14.697799] flags: 0x200000000000000(node=0|zone=2) [ 14.698348] page_type: f5(slab) [ 14.698551] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.698798] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.699606] page dumped because: kasan: bad access detected [ 14.700095] [ 14.700274] Memory state around the buggy address: [ 14.700857] ffff8881039bc080: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 14.701437] ffff8881039bc100: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 14.702119] >ffff8881039bc180: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.702581] ^ [ 14.703183] ffff8881039bc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.703621] ffff8881039bc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.703840] ==================================================================