Date
July 23, 2025, 3:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.800524] ================================================================== [ 32.800694] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 32.800758] Read of size 1 at addr fff00000c9c2ca98 by task kunit_try_catch/290 [ 32.800810] [ 32.800849] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250723 #1 PREEMPT [ 32.800958] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.800991] Hardware name: linux,dummy-virt (DT) [ 32.801025] Call trace: [ 32.801051] show_stack+0x20/0x38 (C) [ 32.801104] dump_stack_lvl+0x8c/0xd0 [ 32.801152] print_report+0x118/0x5e8 [ 32.801197] kasan_report+0xdc/0x128 [ 32.801243] __asan_report_load1_noabort+0x20/0x30 [ 32.801292] memcmp+0x198/0x1d8 [ 32.801340] kasan_memcmp+0x16c/0x300 [ 32.801388] kunit_try_run_case+0x170/0x3f0 [ 32.801437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.801491] kthread+0x328/0x630 [ 32.801534] ret_from_fork+0x10/0x20 [ 32.801584] [ 32.801604] Allocated by task 290: [ 32.801636] kasan_save_stack+0x3c/0x68 [ 32.801678] kasan_save_track+0x20/0x40 [ 32.801714] kasan_save_alloc_info+0x40/0x58 [ 32.801754] __kasan_kmalloc+0xd4/0xd8 [ 32.801789] __kmalloc_cache_noprof+0x16c/0x3c0 [ 32.801834] kasan_memcmp+0xbc/0x300 [ 32.801872] kunit_try_run_case+0x170/0x3f0 [ 32.801921] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.801967] kthread+0x328/0x630 [ 32.802000] ret_from_fork+0x10/0x20 [ 32.802038] [ 32.802059] The buggy address belongs to the object at fff00000c9c2ca80 [ 32.802059] which belongs to the cache kmalloc-32 of size 32 [ 32.802119] The buggy address is located 0 bytes to the right of [ 32.802119] allocated 24-byte region [fff00000c9c2ca80, fff00000c9c2ca98) [ 32.802184] [ 32.802205] The buggy address belongs to the physical page: [ 32.802243] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109c2c [ 32.802299] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.802356] page_type: f5(slab) [ 32.802396] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 32.802447] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 32.802489] page dumped because: kasan: bad access detected [ 32.802522] [ 32.802541] Memory state around the buggy address: [ 32.802574] fff00000c9c2c980: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 32.802620] fff00000c9c2ca00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 32.802665] >fff00000c9c2ca80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.802706] ^ [ 32.802740] fff00000c9c2cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.802784] fff00000c9c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.802825] ==================================================================
[ 27.174703] ================================================================== [ 27.175292] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 27.175802] Read of size 1 at addr ffff8881060ae098 by task kunit_try_catch/306 [ 27.176175] [ 27.176269] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.176323] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.176337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.176360] Call Trace: [ 27.176373] <TASK> [ 27.176390] dump_stack_lvl+0x73/0xb0 [ 27.176419] print_report+0xd1/0x640 [ 27.176446] ? __virt_addr_valid+0x1db/0x2d0 [ 27.176474] ? memcmp+0x1b4/0x1d0 [ 27.176495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.176647] ? memcmp+0x1b4/0x1d0 [ 27.176674] kasan_report+0x141/0x180 [ 27.176698] ? memcmp+0x1b4/0x1d0 [ 27.176723] __asan_report_load1_noabort+0x18/0x20 [ 27.176748] memcmp+0x1b4/0x1d0 [ 27.176770] kasan_memcmp+0x18f/0x390 [ 27.176793] ? __pfx_kasan_memcmp+0x10/0x10 [ 27.176814] ? __schedule+0x2070/0x2b60 [ 27.176838] ? schedule+0x7c/0x2e0 [ 27.176860] ? trace_hardirqs_on+0x37/0xe0 [ 27.176888] ? __pfx_read_tsc+0x10/0x10 [ 27.176911] ? ktime_get_ts64+0x86/0x230 [ 27.176937] kunit_try_run_case+0x1a5/0x480 [ 27.176963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.176986] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.177014] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.177039] ? __kthread_parkme+0x82/0x180 [ 27.177060] ? preempt_count_sub+0x50/0x80 [ 27.177083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.177107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.177130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.177169] kthread+0x337/0x6f0 [ 27.177192] ? trace_preempt_on+0x20/0xc0 [ 27.177215] ? __pfx_kthread+0x10/0x10 [ 27.177237] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.177261] ? calculate_sigpending+0x7b/0xa0 [ 27.177285] ? __pfx_kthread+0x10/0x10 [ 27.177306] ret_from_fork+0x116/0x1d0 [ 27.177326] ? __pfx_kthread+0x10/0x10 [ 27.177346] ret_from_fork_asm+0x1a/0x30 [ 27.177377] </TASK> [ 27.177389] [ 27.185245] Allocated by task 306: [ 27.185465] kasan_save_stack+0x45/0x70 [ 27.185664] kasan_save_track+0x18/0x40 [ 27.185947] kasan_save_alloc_info+0x3b/0x50 [ 27.186173] __kasan_kmalloc+0xb7/0xc0 [ 27.186357] __kmalloc_cache_noprof+0x189/0x420 [ 27.186619] kasan_memcmp+0xb7/0x390 [ 27.186746] kunit_try_run_case+0x1a5/0x480 [ 27.186907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.187206] kthread+0x337/0x6f0 [ 27.187374] ret_from_fork+0x116/0x1d0 [ 27.187711] ret_from_fork_asm+0x1a/0x30 [ 27.187898] [ 27.187981] The buggy address belongs to the object at ffff8881060ae080 [ 27.187981] which belongs to the cache kmalloc-32 of size 32 [ 27.188785] The buggy address is located 0 bytes to the right of [ 27.188785] allocated 24-byte region [ffff8881060ae080, ffff8881060ae098) [ 27.189274] [ 27.189424] The buggy address belongs to the physical page: [ 27.189678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ae [ 27.189929] flags: 0x200000000000000(node=0|zone=2) [ 27.190356] page_type: f5(slab) [ 27.190577] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.190913] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.191284] page dumped because: kasan: bad access detected [ 27.191525] [ 27.191634] Memory state around the buggy address: [ 27.191854] ffff8881060adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.192175] ffff8881060ae000: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.192660] >ffff8881060ae080: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.192867] ^ [ 27.192999] ffff8881060ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.193503] ffff8881060ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.193862] ==================================================================