Date
July 22, 2025, 2:40 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.417274] ================================================================== [ 19.417638] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 19.418074] Read of size 1 at addr fff00000c6fc49d8 by task kunit_try_catch/259 [ 19.418416] [ 19.418735] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT [ 19.419198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.419231] Hardware name: linux,dummy-virt (DT) [ 19.419266] Call trace: [ 19.419436] show_stack+0x20/0x38 (C) [ 19.419497] dump_stack_lvl+0x8c/0xd0 [ 19.419551] print_report+0x118/0x5d0 [ 19.419822] kasan_report+0xdc/0x128 [ 19.420012] __asan_report_load1_noabort+0x20/0x30 [ 19.420115] memcmp+0x198/0x1d8 [ 19.420167] kasan_memcmp+0x16c/0x300 [ 19.420216] kunit_try_run_case+0x170/0x3f0 [ 19.420694] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.420994] kthread+0x328/0x630 [ 19.421320] ret_from_fork+0x10/0x20 [ 19.421718] [ 19.421743] Allocated by task 259: [ 19.421775] kasan_save_stack+0x3c/0x68 [ 19.421858] kasan_save_track+0x20/0x40 [ 19.421996] kasan_save_alloc_info+0x40/0x58 [ 19.422035] __kasan_kmalloc+0xd4/0xd8 [ 19.422073] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.422113] kasan_memcmp+0xbc/0x300 [ 19.422150] kunit_try_run_case+0x170/0x3f0 [ 19.422198] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.422473] kthread+0x328/0x630 [ 19.422563] ret_from_fork+0x10/0x20 [ 19.423109] [ 19.423176] The buggy address belongs to the object at fff00000c6fc49c0 [ 19.423176] which belongs to the cache kmalloc-32 of size 32 [ 19.423240] The buggy address is located 0 bytes to the right of [ 19.423240] allocated 24-byte region [fff00000c6fc49c0, fff00000c6fc49d8) [ 19.423802] [ 19.424248] The buggy address belongs to the physical page: [ 19.424651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fc4 [ 19.425163] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.425607] page_type: f5(slab) [ 19.426013] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.426068] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.426111] page dumped because: kasan: bad access detected [ 19.426851] [ 19.426873] Memory state around the buggy address: [ 19.426995] fff00000c6fc4880: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 19.427531] fff00000c6fc4900: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.427719] >fff00000c6fc4980: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.427779] ^ [ 19.429189] fff00000c6fc4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.429540] fff00000c6fc4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.429591] ==================================================================
[ 13.055912] ================================================================== [ 13.056401] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.056976] Read of size 1 at addr ffff8881028ca6d8 by task kunit_try_catch/277 [ 13.057774] [ 13.057925] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.15.8-rc1 #1 PREEMPT(voluntary) [ 13.058122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.058137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.058159] Call Trace: [ 13.058172] <TASK> [ 13.058188] dump_stack_lvl+0x73/0xb0 [ 13.058216] print_report+0xd1/0x610 [ 13.058251] ? __virt_addr_valid+0x1db/0x2d0 [ 13.058272] ? memcmp+0x1b4/0x1d0 [ 13.058292] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.058315] ? memcmp+0x1b4/0x1d0 [ 13.058334] kasan_report+0x141/0x180 [ 13.058367] ? memcmp+0x1b4/0x1d0 [ 13.058392] __asan_report_load1_noabort+0x18/0x20 [ 13.058414] memcmp+0x1b4/0x1d0 [ 13.058434] kasan_memcmp+0x18f/0x390 [ 13.058457] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.058478] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.058505] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.058530] kunit_try_run_case+0x1a5/0x480 [ 13.058552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.058571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.058592] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.058617] ? __kthread_parkme+0x82/0x180 [ 13.058638] ? preempt_count_sub+0x50/0x80 [ 13.058679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.058701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.058725] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.058749] kthread+0x337/0x6f0 [ 13.058767] ? trace_preempt_on+0x20/0xc0 [ 13.058794] ? __pfx_kthread+0x10/0x10 [ 13.058812] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.058836] ? calculate_sigpending+0x7b/0xa0 [ 13.058858] ? __pfx_kthread+0x10/0x10 [ 13.058876] ret_from_fork+0x41/0x80 [ 13.058898] ? __pfx_kthread+0x10/0x10 [ 13.058915] ret_from_fork_asm+0x1a/0x30 [ 13.058947] </TASK> [ 13.058958] [ 13.070064] Allocated by task 277: [ 13.070553] kasan_save_stack+0x45/0x70 [ 13.070896] kasan_save_track+0x18/0x40 [ 13.071164] kasan_save_alloc_info+0x3b/0x50 [ 13.071551] __kasan_kmalloc+0xb7/0xc0 [ 13.072063] __kmalloc_cache_noprof+0x189/0x420 [ 13.072298] kasan_memcmp+0xb7/0x390 [ 13.072493] kunit_try_run_case+0x1a5/0x480 [ 13.072735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.073259] kthread+0x337/0x6f0 [ 13.073456] ret_from_fork+0x41/0x80 [ 13.073652] ret_from_fork_asm+0x1a/0x30 [ 13.074082] [ 13.074159] The buggy address belongs to the object at ffff8881028ca6c0 [ 13.074159] which belongs to the cache kmalloc-32 of size 32 [ 13.075057] The buggy address is located 0 bytes to the right of [ 13.075057] allocated 24-byte region [ffff8881028ca6c0, ffff8881028ca6d8) [ 13.075739] [ 13.075840] The buggy address belongs to the physical page: [ 13.076328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ca [ 13.076673] flags: 0x200000000000000(node=0|zone=2) [ 13.076903] page_type: f5(slab) [ 13.077073] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.077484] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.077983] page dumped because: kasan: bad access detected [ 13.078246] [ 13.078340] Memory state around the buggy address: [ 13.078676] ffff8881028ca580: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.079070] ffff8881028ca600: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.079371] >ffff8881028ca680: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.079729] ^ [ 13.080149] ffff8881028ca700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.080501] ffff8881028ca780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.080904] ==================================================================