Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 51.685462] ================================================================== [ 51.696584] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 51.702678] Read of size 1 at addr ffff0000937e3758 by task kunit_try_catch/343 [ 51.710085] [ 51.711623] CPU: 6 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 51.711657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.711665] Hardware name: Thundercomm Dragonboard 845c (DT) [ 51.711679] Call trace: [ 51.711686] show_stack+0x20/0x38 (C) [ 51.711706] dump_stack_lvl+0x8c/0xd0 [ 51.711725] print_report+0x118/0x608 [ 51.711744] kasan_report+0xdc/0x128 [ 51.711762] __asan_report_load1_noabort+0x20/0x30 [ 51.711778] memcmp+0x198/0x1d8 [ 51.711792] kasan_memcmp+0x16c/0x300 [ 51.711808] kunit_try_run_case+0x170/0x3f0 [ 51.711826] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 51.711847] kthread+0x328/0x630 [ 51.711860] ret_from_fork+0x10/0x20 [ 51.711879] [ 51.780175] Allocated by task 343: [ 51.783632] kasan_save_stack+0x3c/0x68 [ 51.787538] kasan_save_track+0x20/0x40 [ 51.791442] kasan_save_alloc_info+0x40/0x58 [ 51.795776] __kasan_kmalloc+0xd4/0xd8 [ 51.799594] __kmalloc_cache_noprof+0x16c/0x3c0 [ 51.804195] kasan_memcmp+0xbc/0x300 [ 51.807826] kunit_try_run_case+0x170/0x3f0 [ 51.812075] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 51.817640] kthread+0x328/0x630 [ 51.820923] ret_from_fork+0x10/0x20 [ 51.824555] [ 51.826078] The buggy address belongs to the object at ffff0000937e3740 [ 51.826078] which belongs to the cache kmalloc-32 of size 32 [ 51.838559] The buggy address is located 0 bytes to the right of [ 51.838559] allocated 24-byte region [ffff0000937e3740, ffff0000937e3758) [ 51.851562] [ 51.853086] The buggy address belongs to the physical page: [ 51.858730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1137e3 [ 51.866833] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 51.873445] page_type: f5(slab) [ 51.876645] raw: 0bfffe0000000000 ffff000080002780 dead000000000122 0000000000000000 [ 51.884489] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 51.892324] page dumped because: kasan: bad access detected [ 51.897968] [ 51.899497] Memory state around the buggy address: [ 51.904349] ffff0000937e3600: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 51.911664] ffff0000937e3680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 51.918974] >ffff0000937e3700: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 51.926279] ^ [ 51.932453] ffff0000937e3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.939760] ffff0000937e3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.947068] ==================================================================
[ 29.066360] ================================================================== [ 29.066422] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 29.066478] Read of size 1 at addr fff00000c5770618 by task kunit_try_catch/269 [ 29.066531] [ 29.066565] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 29.066669] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.066698] Hardware name: linux,dummy-virt (DT) [ 29.066741] Call trace: [ 29.066765] show_stack+0x20/0x38 (C) [ 29.067159] dump_stack_lvl+0x8c/0xd0 [ 29.067339] print_report+0x118/0x608 [ 29.067393] kasan_report+0xdc/0x128 [ 29.067448] __asan_report_load1_noabort+0x20/0x30 [ 29.067573] memcmp+0x198/0x1d8 [ 29.067668] kasan_memcmp+0x16c/0x300 [ 29.067739] kunit_try_run_case+0x170/0x3f0 [ 29.067853] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.067927] kthread+0x328/0x630 [ 29.067976] ret_from_fork+0x10/0x20 [ 29.068026] [ 29.068048] Allocated by task 269: [ 29.068352] kasan_save_stack+0x3c/0x68 [ 29.068596] kasan_save_track+0x20/0x40 [ 29.068672] kasan_save_alloc_info+0x40/0x58 [ 29.068812] __kasan_kmalloc+0xd4/0xd8 [ 29.068924] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.069035] kasan_memcmp+0xbc/0x300 [ 29.069131] kunit_try_run_case+0x170/0x3f0 [ 29.069297] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.069343] kthread+0x328/0x630 [ 29.069716] ret_from_fork+0x10/0x20 [ 29.069878] [ 29.069948] The buggy address belongs to the object at fff00000c5770600 [ 29.069948] which belongs to the cache kmalloc-32 of size 32 [ 29.070131] The buggy address is located 0 bytes to the right of [ 29.070131] allocated 24-byte region [fff00000c5770600, fff00000c5770618) [ 29.070260] [ 29.070367] The buggy address belongs to the physical page: [ 29.070437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105770 [ 29.070534] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.070853] page_type: f5(slab) [ 29.071042] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 29.071218] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 29.071316] page dumped because: kasan: bad access detected [ 29.071368] [ 29.071495] Memory state around the buggy address: [ 29.071619] fff00000c5770500: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 29.071765] fff00000c5770580: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 29.071822] >fff00000c5770600: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.071863] ^ [ 29.072047] fff00000c5770680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.072207] fff00000c5770700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.072373] ==================================================================
[ 24.014736] ================================================================== [ 24.015440] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 24.015738] Read of size 1 at addr ffff8881024e4cd8 by task kunit_try_catch/286 [ 24.016039] [ 24.016313] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) [ 24.016368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.016380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.016404] Call Trace: [ 24.016417] <TASK> [ 24.016438] dump_stack_lvl+0x73/0xb0 [ 24.016467] print_report+0xd1/0x650 [ 24.016492] ? __virt_addr_valid+0x1db/0x2d0 [ 24.016516] ? memcmp+0x1b4/0x1d0 [ 24.016536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.016562] ? memcmp+0x1b4/0x1d0 [ 24.016582] kasan_report+0x141/0x180 [ 24.016603] ? memcmp+0x1b4/0x1d0 [ 24.016627] __asan_report_load1_noabort+0x18/0x20 [ 24.016650] memcmp+0x1b4/0x1d0 [ 24.016671] kasan_memcmp+0x18f/0x390 [ 24.016691] ? trace_hardirqs_on+0x37/0xe0 [ 24.016714] ? __pfx_kasan_memcmp+0x10/0x10 [ 24.016733] ? finish_task_switch.isra.0+0x153/0x700 [ 24.016755] ? __switch_to+0x47/0xf50 [ 24.016784] ? __pfx_read_tsc+0x10/0x10 [ 24.016806] ? ktime_get_ts64+0x86/0x230 [ 24.016830] kunit_try_run_case+0x1a5/0x480 [ 24.016854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.016876] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.016901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.016925] ? __kthread_parkme+0x82/0x180 [ 24.016946] ? preempt_count_sub+0x50/0x80 [ 24.016968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.016991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.017013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.017057] kthread+0x337/0x6f0 [ 24.017077] ? trace_preempt_on+0x20/0xc0 [ 24.017099] ? __pfx_kthread+0x10/0x10 [ 24.017120] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.017148] ? calculate_sigpending+0x7b/0xa0 [ 24.017172] ? __pfx_kthread+0x10/0x10 [ 24.017193] ret_from_fork+0x116/0x1d0 [ 24.017212] ? __pfx_kthread+0x10/0x10 [ 24.017242] ret_from_fork_asm+0x1a/0x30 [ 24.017273] </TASK> [ 24.017285] [ 24.026458] Allocated by task 286: [ 24.026641] kasan_save_stack+0x45/0x70 [ 24.026920] kasan_save_track+0x18/0x40 [ 24.027180] kasan_save_alloc_info+0x3b/0x50 [ 24.027477] __kasan_kmalloc+0xb7/0xc0 [ 24.027636] __kmalloc_cache_noprof+0x189/0x420 [ 24.027847] kasan_memcmp+0xb7/0x390 [ 24.027995] kunit_try_run_case+0x1a5/0x480 [ 24.028438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.028750] kthread+0x337/0x6f0 [ 24.028888] ret_from_fork+0x116/0x1d0 [ 24.029076] ret_from_fork_asm+0x1a/0x30 [ 24.029481] [ 24.029561] The buggy address belongs to the object at ffff8881024e4cc0 [ 24.029561] which belongs to the cache kmalloc-32 of size 32 [ 24.030179] The buggy address is located 0 bytes to the right of [ 24.030179] allocated 24-byte region [ffff8881024e4cc0, ffff8881024e4cd8) [ 24.030782] [ 24.030862] The buggy address belongs to the physical page: [ 24.031118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024e4 [ 24.031690] flags: 0x200000000000000(node=0|zone=2) [ 24.031985] page_type: f5(slab) [ 24.032130] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.032579] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.032964] page dumped because: kasan: bad access detected [ 24.033210] [ 24.033414] Memory state around the buggy address: [ 24.033670] ffff8881024e4b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.034138] ffff8881024e4c00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.034526] >ffff8881024e4c80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.034866] ^ [ 24.035129] ffff8881024e4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.035556] ffff8881024e4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.035857] ==================================================================