Date
July 3, 2025, 10:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 |
[ 52.517957] ================================================================== [ 52.529102] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 52.535207] Read of size 1 at addr ffff000085584198 by task kunit_try_catch/366 [ 52.542624] [ 52.544164] CPU: 3 UID: 0 PID: 366 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 52.544197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 52.544207] Hardware name: Thundercomm Dragonboard 845c (DT) [ 52.544219] Call trace: [ 52.544227] show_stack+0x20/0x38 (C) [ 52.544248] dump_stack_lvl+0x8c/0xd0 [ 52.544272] print_report+0x118/0x608 [ 52.544294] kasan_report+0xdc/0x128 [ 52.544314] __asan_report_load1_noabort+0x20/0x30 [ 52.544333] memcmp+0x198/0x1d8 [ 52.544351] kasan_memcmp+0x16c/0x300 [ 52.544369] kunit_try_run_case+0x170/0x3f0 [ 52.544388] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.544411] kthread+0x328/0x630 [ 52.544427] ret_from_fork+0x10/0x20 [ 52.544446] [ 52.612808] Allocated by task 366: [ 52.616271] kasan_save_stack+0x3c/0x68 [ 52.620183] kasan_save_track+0x20/0x40 [ 52.624095] kasan_save_alloc_info+0x40/0x58 [ 52.628435] __kasan_kmalloc+0xd4/0xd8 [ 52.632258] __kmalloc_cache_noprof+0x16c/0x3c0 [ 52.636874] kasan_memcmp+0xbc/0x300 [ 52.640511] kunit_try_run_case+0x170/0x3f0 [ 52.644767] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 52.650342] kthread+0x328/0x630 [ 52.653633] ret_from_fork+0x10/0x20 [ 52.657272] [ 52.658803] The buggy address belongs to the object at ffff000085584180 [ 52.658803] which belongs to the cache kmalloc-32 of size 32 [ 52.671294] The buggy address is located 0 bytes to the right of [ 52.671294] allocated 24-byte region [ffff000085584180, ffff000085584198) [ 52.684315] [ 52.685847] The buggy address belongs to the physical page: [ 52.691495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105584 [ 52.699606] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 52.706224] page_type: f5(slab) [ 52.709430] raw: 0bfffe0000000000 ffff000080002780 dead000000000122 0000000000000000 [ 52.717276] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 52.725118] page dumped because: kasan: bad access detected [ 52.730769] [ 52.732304] Memory state around the buggy address: [ 52.737169] ffff000085584080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 52.744494] ffff000085584100: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 52.751810] >ffff000085584180: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.759125] ^ [ 52.763203] ffff000085584200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.770519] ffff000085584280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.777842] ==================================================================
[ 33.277181] ================================================================== [ 33.277253] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 33.277463] Read of size 1 at addr fff00000c5a8aad8 by task kunit_try_catch/289 [ 33.277795] [ 33.278077] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT [ 33.278273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.278339] Hardware name: linux,dummy-virt (DT) [ 33.278610] Call trace: [ 33.278772] show_stack+0x20/0x38 (C) [ 33.278945] dump_stack_lvl+0x8c/0xd0 [ 33.279084] print_report+0x118/0x608 [ 33.279139] kasan_report+0xdc/0x128 [ 33.279190] __asan_report_load1_noabort+0x20/0x30 [ 33.279248] memcmp+0x198/0x1d8 [ 33.279464] kasan_memcmp+0x16c/0x300 [ 33.279563] kunit_try_run_case+0x170/0x3f0 [ 33.279623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.279685] kthread+0x328/0x630 [ 33.279924] ret_from_fork+0x10/0x20 [ 33.280052] [ 33.280073] Allocated by task 289: [ 33.280106] kasan_save_stack+0x3c/0x68 [ 33.280157] kasan_save_track+0x20/0x40 [ 33.280354] kasan_save_alloc_info+0x40/0x58 [ 33.280395] __kasan_kmalloc+0xd4/0xd8 [ 33.280635] __kmalloc_cache_noprof+0x16c/0x3c0 [ 33.280984] kasan_memcmp+0xbc/0x300 [ 33.281031] kunit_try_run_case+0x170/0x3f0 [ 33.281099] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.281149] kthread+0x328/0x630 [ 33.281184] ret_from_fork+0x10/0x20 [ 33.281258] [ 33.281282] The buggy address belongs to the object at fff00000c5a8aac0 [ 33.281282] which belongs to the cache kmalloc-32 of size 32 [ 33.281417] The buggy address is located 0 bytes to the right of [ 33.281417] allocated 24-byte region [fff00000c5a8aac0, fff00000c5a8aad8) [ 33.281693] [ 33.281767] The buggy address belongs to the physical page: [ 33.281803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a8a [ 33.281923] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.282043] page_type: f5(slab) [ 33.282089] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 33.282333] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 33.282563] page dumped because: kasan: bad access detected [ 33.282599] [ 33.282620] Memory state around the buggy address: [ 33.282746] fff00000c5a8a980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.282960] fff00000c5a8aa00: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 33.283005] >fff00000c5a8aa80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.283102] ^ [ 33.283144] fff00000c5a8ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.283190] fff00000c5a8ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.283261] ==================================================================