Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 56.915088] ================================================================== [ 56.925355] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 56.931342] Read of size 1 at addr ffff00080851c558 by task kunit_try_catch/338 [ 56.938631] [ 56.940117] CPU: 2 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 56.940176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 56.940193] Hardware name: WinLink E850-96 board (DT) [ 56.940215] Call trace: [ 56.940229] show_stack+0x20/0x38 (C) [ 56.940265] dump_stack_lvl+0x8c/0xd0 [ 56.940299] print_report+0x118/0x5d0 [ 56.940329] kasan_report+0xdc/0x128 [ 56.940357] __asan_report_load1_noabort+0x20/0x30 [ 56.940394] memcmp+0x198/0x1d8 [ 56.940421] kasan_memcmp+0x16c/0x300 [ 56.940456] kunit_try_run_case+0x170/0x3f0 [ 56.940490] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 56.940527] kthread+0x328/0x630 [ 56.940557] ret_from_fork+0x10/0x20 [ 56.940594] [ 57.006778] Allocated by task 338: [ 57.010162] kasan_save_stack+0x3c/0x68 [ 57.013979] kasan_save_track+0x20/0x40 [ 57.017797] kasan_save_alloc_info+0x40/0x58 [ 57.022050] __kasan_kmalloc+0xd4/0xd8 [ 57.025783] __kmalloc_cache_noprof+0x16c/0x3c0 [ 57.030297] kasan_memcmp+0xbc/0x300 [ 57.033857] kunit_try_run_case+0x170/0x3f0 [ 57.038023] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 57.043491] kthread+0x328/0x630 [ 57.046703] ret_from_fork+0x10/0x20 [ 57.050262] [ 57.051741] The buggy address belongs to the object at ffff00080851c540 [ 57.051741] which belongs to the cache kmalloc-32 of size 32 [ 57.064067] The buggy address is located 0 bytes to the right of [ 57.064067] allocated 24-byte region [ffff00080851c540, ffff00080851c558) [ 57.076911] [ 57.078389] The buggy address belongs to the physical page: [ 57.083947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88851c [ 57.091930] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 57.098441] page_type: f5(slab) [ 57.101576] raw: 0bfffe0000000000 ffff000800002780 dead000000000122 0000000000000000 [ 57.109295] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 57.117017] page dumped because: kasan: bad access detected [ 57.122569] [ 57.124045] Memory state around the buggy address: [ 57.128827] ffff00080851c400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 57.136030] ffff00080851c480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 57.143233] >ffff00080851c500: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 57.150434] ^ [ 57.156514] ffff00080851c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.163720] ffff00080851c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.170921] ==================================================================
[ 32.916099] ================================================================== [ 32.916410] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 32.916611] Read of size 1 at addr fff00000c64fac98 by task kunit_try_catch/289 [ 32.916717] [ 32.916792] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 32.917055] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.917250] Hardware name: linux,dummy-virt (DT) [ 32.917295] Call trace: [ 32.917323] show_stack+0x20/0x38 (C) [ 32.917456] dump_stack_lvl+0x8c/0xd0 [ 32.917508] print_report+0x118/0x5d0 [ 32.917562] kasan_report+0xdc/0x128 [ 32.917609] __asan_report_load1_noabort+0x20/0x30 [ 32.917784] memcmp+0x198/0x1d8 [ 32.917829] kasan_memcmp+0x16c/0x300 [ 32.917884] kunit_try_run_case+0x170/0x3f0 [ 32.918102] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.918290] kthread+0x328/0x630 [ 32.918344] ret_from_fork+0x10/0x20 [ 32.918662] [ 32.918852] Allocated by task 289: [ 32.918993] kasan_save_stack+0x3c/0x68 [ 32.919177] kasan_save_track+0x20/0x40 [ 32.919261] kasan_save_alloc_info+0x40/0x58 [ 32.919345] __kasan_kmalloc+0xd4/0xd8 [ 32.919641] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.919891] kasan_memcmp+0xbc/0x300 [ 32.920078] kunit_try_run_case+0x170/0x3f0 [ 32.920175] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.920457] kthread+0x328/0x630 [ 32.920644] ret_from_fork+0x10/0x20 [ 32.920782] [ 32.920864] The buggy address belongs to the object at fff00000c64fac80 [ 32.920864] which belongs to the cache kmalloc-32 of size 32 [ 32.921037] The buggy address is located 0 bytes to the right of [ 32.921037] allocated 24-byte region [fff00000c64fac80, fff00000c64fac98) [ 32.921110] [ 32.921132] The buggy address belongs to the physical page: [ 32.921429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064fa [ 32.922233] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.922325] page_type: f5(slab) [ 32.922382] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 32.922447] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 32.922509] page dumped because: kasan: bad access detected [ 32.922550] [ 32.922571] Memory state around the buggy address: [ 32.922627] fff00000c64fab80: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 32.922706] fff00000c64fac00: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 32.922761] >fff00000c64fac80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.922802] ^ [ 32.922835] fff00000c64fad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.922899] fff00000c64fad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.922939] ==================================================================
[ 25.966558] ================================================================== [ 25.968129] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 25.969447] Read of size 1 at addr ffff8881060af298 by task kunit_try_catch/305 [ 25.971250] [ 25.971508] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.971577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.971590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.971960] Call Trace: [ 25.971978] <TASK> [ 25.971998] dump_stack_lvl+0x73/0xb0 [ 25.972031] print_report+0xd1/0x610 [ 25.972057] ? __virt_addr_valid+0x1db/0x2d0 [ 25.972083] ? memcmp+0x1b4/0x1d0 [ 25.972105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.972132] ? memcmp+0x1b4/0x1d0 [ 25.972154] kasan_report+0x141/0x180 [ 25.972176] ? memcmp+0x1b4/0x1d0 [ 25.972202] __asan_report_load1_noabort+0x18/0x20 [ 25.972226] memcmp+0x1b4/0x1d0 [ 25.972249] kasan_memcmp+0x18f/0x390 [ 25.972270] ? trace_hardirqs_on+0x37/0xe0 [ 25.972294] ? __pfx_kasan_memcmp+0x10/0x10 [ 25.972314] ? finish_task_switch.isra.0+0x153/0x700 [ 25.972337] ? __switch_to+0x47/0xf80 [ 25.972367] ? __pfx_read_tsc+0x10/0x10 [ 25.972389] ? ktime_get_ts64+0x86/0x230 [ 25.972414] kunit_try_run_case+0x1a5/0x480 [ 25.972439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.972460] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.972483] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.972505] ? __kthread_parkme+0x82/0x180 [ 25.972540] ? preempt_count_sub+0x50/0x80 [ 25.972571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.972594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.972637] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.972671] kthread+0x337/0x6f0 [ 25.972692] ? trace_preempt_on+0x20/0xc0 [ 25.972714] ? __pfx_kthread+0x10/0x10 [ 25.972734] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.972769] ? calculate_sigpending+0x7b/0xa0 [ 25.972793] ? __pfx_kthread+0x10/0x10 [ 25.972815] ret_from_fork+0x116/0x1d0 [ 25.972834] ? __pfx_kthread+0x10/0x10 [ 25.972854] ret_from_fork_asm+0x1a/0x30 [ 25.972886] </TASK> [ 25.972897] [ 25.986610] Allocated by task 305: [ 25.986868] kasan_save_stack+0x45/0x70 [ 25.987284] kasan_save_track+0x18/0x40 [ 25.987694] kasan_save_alloc_info+0x3b/0x50 [ 25.987871] __kasan_kmalloc+0xb7/0xc0 [ 25.988288] __kmalloc_cache_noprof+0x189/0x420 [ 25.988756] kasan_memcmp+0xb7/0x390 [ 25.988951] kunit_try_run_case+0x1a5/0x480 [ 25.989420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.989684] kthread+0x337/0x6f0 [ 25.990027] ret_from_fork+0x116/0x1d0 [ 25.990456] ret_from_fork_asm+0x1a/0x30 [ 25.990825] [ 25.991037] The buggy address belongs to the object at ffff8881060af280 [ 25.991037] which belongs to the cache kmalloc-32 of size 32 [ 25.991856] The buggy address is located 0 bytes to the right of [ 25.991856] allocated 24-byte region [ffff8881060af280, ffff8881060af298) [ 25.993046] [ 25.993277] The buggy address belongs to the physical page: [ 25.993695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060af [ 25.994243] flags: 0x200000000000000(node=0|zone=2) [ 25.994773] page_type: f5(slab) [ 25.995198] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.995915] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.996318] page dumped because: kasan: bad access detected [ 25.996901] [ 25.996988] Memory state around the buggy address: [ 25.997558] ffff8881060af180: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.997923] ffff8881060af200: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.998151] >ffff8881060af280: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.998662] ^ [ 25.998993] ffff8881060af300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.999443] ffff8881060af380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.999794] ==================================================================