Date
June 17, 2025, 3:39 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 94.477528] ================================================================== [ 94.478801] BUG: KASAN: slab-out-of-bounds in memchr+0x28/0x78 [ 94.479759] Read of size 1 at addr ffff0000c5ec1c98 by task kunit_try_catch/201 [ 94.481003] [ 94.481488] CPU: 1 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 94.482919] Hardware name: linux,dummy-virt (DT) [ 94.483836] Call trace: [ 94.484459] dump_backtrace+0x9c/0x128 [ 94.485379] show_stack+0x20/0x38 [ 94.486191] dump_stack_lvl+0x60/0xb0 [ 94.487079] print_report+0xf8/0x5e8 [ 94.487907] kasan_report+0xdc/0x128 [ 94.488862] __asan_load1+0x60/0x70 [ 94.489715] memchr+0x28/0x78 [ 94.490438] kasan_memchr+0xd4/0x1f0 [ 94.491309] kunit_try_run_case+0x114/0x298 [ 94.492272] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 94.492926] kthread+0x18c/0x1a8 [ 94.493247] ret_from_fork+0x10/0x20 [ 94.493932] [ 94.494338] Allocated by task 201: [ 94.495134] kasan_save_stack+0x3c/0x68 [ 94.496066] kasan_set_track+0x2c/0x40 [ 94.496856] kasan_save_alloc_info+0x24/0x38 [ 94.497727] __kasan_kmalloc+0xd4/0xd8 [ 94.498526] kmalloc_trace+0x68/0x130 [ 94.499252] kasan_memchr+0xa0/0x1f0 [ 94.500183] kunit_try_run_case+0x114/0x298 [ 94.501197] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 94.502085] kthread+0x18c/0x1a8 [ 94.502613] ret_from_fork+0x10/0x20 [ 94.503321] [ 94.503672] The buggy address belongs to the object at ffff0000c5ec1c80 [ 94.503672] which belongs to the cache kmalloc-32 of size 32 [ 94.505591] The buggy address is located 0 bytes to the right of [ 94.505591] allocated 24-byte region [ffff0000c5ec1c80, ffff0000c5ec1c98) [ 94.506784] [ 94.507246] The buggy address belongs to the physical page: [ 94.508212] page:000000009bc72880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec1 [ 94.509776] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff) [ 94.510824] page_type: 0xffffffff() [ 94.512344] raw: 0bfffc0000000800 ffff0000c0001500 dead000000000122 0000000000000000 [ 94.513702] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 94.514571] page dumped because: kasan: bad access detected [ 94.515531] [ 94.516102] Memory state around the buggy address: [ 94.516814] ffff0000c5ec1b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 94.517996] ffff0000c5ec1c00: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 94.519036] >ffff0000c5ec1c80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.520364] ^ [ 94.521485] ffff0000c5ec1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.522518] ffff0000c5ec1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.523739] ==================================================================
[ 35.426853] ================================================================== [ 35.427725] BUG: KASAN: slab-out-of-bounds in memchr+0x27/0x60 [ 35.428323] Read of size 1 at addr ffff888102869398 by task kunit_try_catch/216 [ 35.428682] [ 35.428925] CPU: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.6.94-rc1 #1 [ 35.429734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.430292] Call Trace: [ 35.430518] <TASK> [ 35.430902] dump_stack_lvl+0x4e/0x90 [ 35.431218] print_report+0xd2/0x650 [ 35.431685] ? __virt_addr_valid+0x156/0x1e0 [ 35.432052] ? memchr+0x27/0x60 [ 35.432342] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.433043] ? memchr+0x27/0x60 [ 35.433334] kasan_report+0x147/0x180 [ 35.433701] ? memchr+0x27/0x60 [ 35.434009] __asan_load1+0x66/0x70 [ 35.434332] memchr+0x27/0x60 [ 35.434731] kasan_memchr+0xdd/0x1f0 [ 35.435065] ? __pfx_kasan_memchr+0x10/0x10 [ 35.435507] ? __schedule+0x715/0x11a0 [ 35.435792] ? ktime_get_ts64+0x118/0x140 [ 35.436124] kunit_try_run_case+0x120/0x290 [ 35.436558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.436920] ? __kasan_check_write+0x18/0x20 [ 35.437244] ? trace_preempt_on+0x20/0xa0 [ 35.437778] ? __kthread_parkme+0x4f/0xd0 [ 35.438062] ? preempt_count_sub+0x50/0x80 [ 35.438359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.438648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.439168] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 35.439655] kthread+0x19e/0x1e0 [ 35.440056] ? __pfx_kthread+0x10/0x10 [ 35.440382] ret_from_fork+0x41/0x70 [ 35.440729] ? __pfx_kthread+0x10/0x10 [ 35.441152] ret_from_fork_asm+0x1b/0x30 [ 35.441605] </TASK> [ 35.441825] [ 35.441965] Allocated by task 216: [ 35.442231] kasan_save_stack+0x44/0x70 [ 35.442590] kasan_set_track+0x29/0x40 [ 35.443065] kasan_save_alloc_info+0x22/0x30 [ 35.443537] __kasan_kmalloc+0xb7/0xc0 [ 35.443856] kmalloc_trace+0x4c/0xb0 [ 35.444149] kasan_memchr+0x9f/0x1f0 [ 35.444434] kunit_try_run_case+0x120/0x290 [ 35.444853] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 35.445258] kthread+0x19e/0x1e0 [ 35.445535] ret_from_fork+0x41/0x70 [ 35.446009] ret_from_fork_asm+0x1b/0x30 [ 35.446341] [ 35.446557] The buggy address belongs to the object at ffff888102869380 [ 35.446557] which belongs to the cache kmalloc-32 of size 32 [ 35.447430] The buggy address is located 0 bytes to the right of [ 35.447430] allocated 24-byte region [ffff888102869380, ffff888102869398) [ 35.448642] [ 35.448788] The buggy address belongs to the physical page: [ 35.449177] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102869 [ 35.449831] flags: 0x200000000000800(slab|node=0|zone=2) [ 35.450290] page_type: 0xffffffff() [ 35.450728] raw: 0200000000000800 ffff888100041500 dead000000000122 0000000000000000 [ 35.451234] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 35.451882] page dumped because: kasan: bad access detected [ 35.452253] [ 35.452393] Memory state around the buggy address: [ 35.452929] ffff888102869280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 35.453464] ffff888102869300: 00 00 07 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 35.453916] >ffff888102869380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.454334] ^ [ 35.454794] ffff888102869400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.455230] ffff888102869480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.455697] ==================================================================