Date
July 6, 2025, 11:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 17.419825] ================================================================== [ 17.419887] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 17.419941] Read of size 1 at addr fff00000c77a60c8 by task kunit_try_catch/208 [ 17.420024] [ 17.420059] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.420140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.420166] Hardware name: linux,dummy-virt (DT) [ 17.420197] Call trace: [ 17.420219] show_stack+0x20/0x38 (C) [ 17.420419] dump_stack_lvl+0x8c/0xd0 [ 17.420570] print_report+0x118/0x608 [ 17.420638] kasan_report+0xdc/0x128 [ 17.420683] __asan_report_load1_noabort+0x20/0x30 [ 17.420734] kmem_cache_oob+0x344/0x430 [ 17.420778] kunit_try_run_case+0x170/0x3f0 [ 17.420842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.420915] kthread+0x328/0x630 [ 17.420962] ret_from_fork+0x10/0x20 [ 17.421048] [ 17.421087] Allocated by task 208: [ 17.421133] kasan_save_stack+0x3c/0x68 [ 17.421182] kasan_save_track+0x20/0x40 [ 17.421238] kasan_save_alloc_info+0x40/0x58 [ 17.421294] __kasan_slab_alloc+0xa8/0xb0 [ 17.421332] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.421378] kmem_cache_oob+0x12c/0x430 [ 17.421413] kunit_try_run_case+0x170/0x3f0 [ 17.421451] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.421498] kthread+0x328/0x630 [ 17.421530] ret_from_fork+0x10/0x20 [ 17.421566] [ 17.421584] The buggy address belongs to the object at fff00000c77a6000 [ 17.421584] which belongs to the cache test_cache of size 200 [ 17.421802] The buggy address is located 0 bytes to the right of [ 17.421802] allocated 200-byte region [fff00000c77a6000, fff00000c77a60c8) [ 17.421873] [ 17.421921] The buggy address belongs to the physical page: [ 17.421953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077a6 [ 17.422045] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.422096] page_type: f5(slab) [ 17.422170] raw: 0bfffe0000000000 fff00000c5d09140 dead000000000122 0000000000000000 [ 17.422222] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.422279] page dumped because: kasan: bad access detected [ 17.422320] [ 17.422358] Memory state around the buggy address: [ 17.422406] fff00000c77a5f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.422450] fff00000c77a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.422493] >fff00000c77a6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 17.422530] ^ [ 17.422754] fff00000c77a6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.422830] fff00000c77a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.422968] ==================================================================
[ 17.211740] ================================================================== [ 17.212783] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 17.213180] Read of size 1 at addr fff00000c77db0c8 by task kunit_try_catch/208 [ 17.213304] [ 17.213404] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.213491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.213519] Hardware name: linux,dummy-virt (DT) [ 17.213592] Call trace: [ 17.213666] show_stack+0x20/0x38 (C) [ 17.213759] dump_stack_lvl+0x8c/0xd0 [ 17.213817] print_report+0x118/0x608 [ 17.214276] kasan_report+0xdc/0x128 [ 17.214394] __asan_report_load1_noabort+0x20/0x30 [ 17.214531] kmem_cache_oob+0x344/0x430 [ 17.216931] kunit_try_run_case+0x170/0x3f0 [ 17.217008] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.218177] kthread+0x328/0x630 [ 17.218250] ret_from_fork+0x10/0x20 [ 17.218300] [ 17.218319] Allocated by task 208: [ 17.218351] kasan_save_stack+0x3c/0x68 [ 17.218390] kasan_save_track+0x20/0x40 [ 17.218428] kasan_save_alloc_info+0x40/0x58 [ 17.218467] __kasan_slab_alloc+0xa8/0xb0 [ 17.218504] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.218543] kmem_cache_oob+0x12c/0x430 [ 17.218578] kunit_try_run_case+0x170/0x3f0 [ 17.218613] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.218657] kthread+0x328/0x630 [ 17.218687] ret_from_fork+0x10/0x20 [ 17.218723] [ 17.218742] The buggy address belongs to the object at fff00000c77db000 [ 17.218742] which belongs to the cache test_cache of size 200 [ 17.218798] The buggy address is located 0 bytes to the right of [ 17.218798] allocated 200-byte region [fff00000c77db000, fff00000c77db0c8) [ 17.218863] [ 17.218884] The buggy address belongs to the physical page: [ 17.219149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077db [ 17.219218] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.219268] page_type: f5(slab) [ 17.219309] raw: 0bfffe0000000000 fff00000c77d9000 dead000000000122 0000000000000000 [ 17.220622] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.223931] page dumped because: kasan: bad access detected [ 17.224057] [ 17.224179] Memory state around the buggy address: [ 17.224346] fff00000c77daf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.224421] fff00000c77db000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.224523] >fff00000c77db080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 17.224644] ^ [ 17.224744] fff00000c77db100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.224796] fff00000c77db180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.224834] ==================================================================
[ 14.089207] ================================================================== [ 14.089457] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 14.090032] Read of size 1 at addr ffff888102ab20c8 by task kunit_try_catch/225 [ 14.090387] [ 14.090567] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.090660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.090682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.090721] Call Trace: [ 14.090746] <TASK> [ 14.090774] dump_stack_lvl+0x73/0xb0 [ 14.090830] print_report+0xd1/0x650 [ 14.090864] ? __virt_addr_valid+0x1db/0x2d0 [ 14.090902] ? kmem_cache_oob+0x402/0x530 [ 14.090941] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.090986] ? kmem_cache_oob+0x402/0x530 [ 14.091024] kasan_report+0x141/0x180 [ 14.091061] ? kmem_cache_oob+0x402/0x530 [ 14.091110] __asan_report_load1_noabort+0x18/0x20 [ 14.091148] kmem_cache_oob+0x402/0x530 [ 14.091182] ? trace_hardirqs_on+0x37/0xe0 [ 14.091225] ? __pfx_kmem_cache_oob+0x10/0x10 [ 14.091266] ? finish_task_switch.isra.0+0x153/0x700 [ 14.091304] ? __switch_to+0x47/0xf50 [ 14.091354] ? __pfx_read_tsc+0x10/0x10 [ 14.091386] ? ktime_get_ts64+0x86/0x230 [ 14.091427] kunit_try_run_case+0x1a5/0x480 [ 14.091467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.091499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.091538] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.091575] ? __kthread_parkme+0x82/0x180 [ 14.091608] ? preempt_count_sub+0x50/0x80 [ 14.091805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.091851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.091892] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.091925] kthread+0x337/0x6f0 [ 14.091946] ? trace_preempt_on+0x20/0xc0 [ 14.091968] ? __pfx_kthread+0x10/0x10 [ 14.091986] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.092006] ? calculate_sigpending+0x7b/0xa0 [ 14.092028] ? __pfx_kthread+0x10/0x10 [ 14.092047] ret_from_fork+0x116/0x1d0 [ 14.092063] ? __pfx_kthread+0x10/0x10 [ 14.092081] ret_from_fork_asm+0x1a/0x30 [ 14.092130] </TASK> [ 14.092146] [ 14.102451] Allocated by task 225: [ 14.102769] kasan_save_stack+0x45/0x70 [ 14.103083] kasan_save_track+0x18/0x40 [ 14.103342] kasan_save_alloc_info+0x3b/0x50 [ 14.103644] __kasan_slab_alloc+0x91/0xa0 [ 14.103828] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.104147] kmem_cache_oob+0x157/0x530 [ 14.104461] kunit_try_run_case+0x1a5/0x480 [ 14.104903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.105265] kthread+0x337/0x6f0 [ 14.105461] ret_from_fork+0x116/0x1d0 [ 14.105857] ret_from_fork_asm+0x1a/0x30 [ 14.106084] [ 14.106268] The buggy address belongs to the object at ffff888102ab2000 [ 14.106268] which belongs to the cache test_cache of size 200 [ 14.106843] The buggy address is located 0 bytes to the right of [ 14.106843] allocated 200-byte region [ffff888102ab2000, ffff888102ab20c8) [ 14.108686] [ 14.109165] The buggy address belongs to the physical page: [ 14.110082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab2 [ 14.111702] flags: 0x200000000000000(node=0|zone=2) [ 14.111961] page_type: f5(slab) [ 14.112098] raw: 0200000000000000 ffff888100a55b40 dead000000000122 0000000000000000 [ 14.113852] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 14.115306] page dumped because: kasan: bad access detected [ 14.116448] [ 14.116728] Memory state around the buggy address: [ 14.116911] ffff888102ab1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.117138] ffff888102ab2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.117359] >ffff888102ab2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 14.117566] ^ [ 14.117762] ffff888102ab2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.118005] ffff888102ab2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.118201] ==================================================================
[ 14.242383] ================================================================== [ 14.243318] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 14.244079] Read of size 1 at addr ffff8881031c90c8 by task kunit_try_catch/224 [ 14.245016] [ 14.245331] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.245383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.245395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.245416] Call Trace: [ 14.245429] <TASK> [ 14.245447] dump_stack_lvl+0x73/0xb0 [ 14.245479] print_report+0xd1/0x650 [ 14.245502] ? __virt_addr_valid+0x1db/0x2d0 [ 14.245529] ? kmem_cache_oob+0x402/0x530 [ 14.245552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.245577] ? kmem_cache_oob+0x402/0x530 [ 14.245600] kasan_report+0x141/0x180 [ 14.245623] ? kmem_cache_oob+0x402/0x530 [ 14.245651] __asan_report_load1_noabort+0x18/0x20 [ 14.245675] kmem_cache_oob+0x402/0x530 [ 14.245916] ? trace_hardirqs_on+0x37/0xe0 [ 14.245973] ? __pfx_kmem_cache_oob+0x10/0x10 [ 14.245998] ? finish_task_switch.isra.0+0x153/0x700 [ 14.246020] ? __switch_to+0x47/0xf50 [ 14.246061] ? __pfx_read_tsc+0x10/0x10 [ 14.246083] ? ktime_get_ts64+0x86/0x230 [ 14.246108] kunit_try_run_case+0x1a5/0x480 [ 14.246134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.246156] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.246180] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.246203] ? __kthread_parkme+0x82/0x180 [ 14.246222] ? preempt_count_sub+0x50/0x80 [ 14.246245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.246268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.246290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.246313] kthread+0x337/0x6f0 [ 14.246333] ? trace_preempt_on+0x20/0xc0 [ 14.246355] ? __pfx_kthread+0x10/0x10 [ 14.246376] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.246396] ? calculate_sigpending+0x7b/0xa0 [ 14.246420] ? __pfx_kthread+0x10/0x10 [ 14.246441] ret_from_fork+0x116/0x1d0 [ 14.246459] ? __pfx_kthread+0x10/0x10 [ 14.246480] ret_from_fork_asm+0x1a/0x30 [ 14.246511] </TASK> [ 14.246523] [ 14.263060] Allocated by task 224: [ 14.263702] kasan_save_stack+0x45/0x70 [ 14.264270] kasan_save_track+0x18/0x40 [ 14.264622] kasan_save_alloc_info+0x3b/0x50 [ 14.265269] __kasan_slab_alloc+0x91/0xa0 [ 14.265809] kmem_cache_alloc_noprof+0x123/0x3f0 [ 14.266272] kmem_cache_oob+0x157/0x530 [ 14.266458] kunit_try_run_case+0x1a5/0x480 [ 14.267105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.267679] kthread+0x337/0x6f0 [ 14.268079] ret_from_fork+0x116/0x1d0 [ 14.268469] ret_from_fork_asm+0x1a/0x30 [ 14.268616] [ 14.268689] The buggy address belongs to the object at ffff8881031c9000 [ 14.268689] which belongs to the cache test_cache of size 200 [ 14.270261] The buggy address is located 0 bytes to the right of [ 14.270261] allocated 200-byte region [ffff8881031c9000, ffff8881031c90c8) [ 14.271347] [ 14.271488] The buggy address belongs to the physical page: [ 14.272032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c9 [ 14.272427] flags: 0x200000000000000(node=0|zone=2) [ 14.272598] page_type: f5(slab) [ 14.272722] raw: 0200000000000000 ffff888101985500 dead000000000122 0000000000000000 [ 14.272980] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 14.273214] page dumped because: kasan: bad access detected [ 14.273386] [ 14.273457] Memory state around the buggy address: [ 14.273619] ffff8881031c8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.274296] ffff8881031c9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.275017] >ffff8881031c9080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 14.275885] ^ [ 14.276488] ffff8881031c9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.277200] ffff8881031c9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.277965] ==================================================================
[ 32.745574] ================================================================== [ 32.756420] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 32.763121] Read of size 1 at addr ffff88810561e0c8 by task kunit_try_catch/248 [ 32.770426] [ 32.771928] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G S B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 32.771936] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 32.771939] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 32.771943] Call Trace: [ 32.771944] <TASK> [ 32.771946] dump_stack_lvl+0x73/0xb0 [ 32.771951] print_report+0xd1/0x650 [ 32.771955] ? __virt_addr_valid+0x1db/0x2d0 [ 32.771959] ? kmem_cache_oob+0x402/0x530 [ 32.771963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 32.771968] ? kmem_cache_oob+0x402/0x530 [ 32.771973] kasan_report+0x141/0x180 [ 32.771977] ? kmem_cache_oob+0x402/0x530 [ 32.771982] __asan_report_load1_noabort+0x18/0x20 [ 32.771986] kmem_cache_oob+0x402/0x530 [ 32.771990] ? trace_hardirqs_on+0x37/0xe0 [ 32.771994] ? __pfx_kmem_cache_oob+0x10/0x10 [ 32.771998] ? finish_task_switch.isra.0+0x153/0x700 [ 32.772002] ? __switch_to+0x544/0xf50 [ 32.772009] ? ktime_get_ts64+0x83/0x230 [ 32.772013] kunit_try_run_case+0x1a2/0x480 [ 32.772017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.772021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 32.772026] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 32.772030] ? __kthread_parkme+0x82/0x180 [ 32.772033] ? preempt_count_sub+0x50/0x80 [ 32.772037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 32.772042] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 32.772046] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 32.772050] kthread+0x334/0x6f0 [ 32.772053] ? trace_preempt_on+0x20/0xc0 [ 32.772057] ? __pfx_kthread+0x10/0x10 [ 32.772061] ? _raw_spin_unlock_irq+0x47/0x80 [ 32.772065] ? calculate_sigpending+0x7b/0xa0 [ 32.772069] ? __pfx_kthread+0x10/0x10 [ 32.772073] ret_from_fork+0x113/0x1d0 [ 32.772076] ? __pfx_kthread+0x10/0x10 [ 32.772080] ret_from_fork_asm+0x1a/0x30 [ 32.772086] </TASK> [ 32.772087] [ 32.944558] Allocated by task 248: [ 32.947964] kasan_save_stack+0x45/0x70 [ 32.951802] kasan_save_track+0x18/0x40 [ 32.955641] kasan_save_alloc_info+0x3b/0x50 [ 32.959916] __kasan_slab_alloc+0x91/0xa0 [ 32.963928] kmem_cache_alloc_noprof+0x123/0x3f0 [ 32.968547] kmem_cache_oob+0x157/0x530 [ 32.972414] kunit_try_run_case+0x1a2/0x480 [ 32.976605] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 32.982006] kthread+0x334/0x6f0 [ 32.985237] ret_from_fork+0x113/0x1d0 [ 32.988991] ret_from_fork_asm+0x1a/0x30 [ 32.992915] [ 32.994429] The buggy address belongs to the object at ffff88810561e000 [ 32.994429] which belongs to the cache test_cache of size 200 [ 33.006853] The buggy address is located 0 bytes to the right of [ 33.006853] allocated 200-byte region [ffff88810561e000, ffff88810561e0c8) [ 33.019800] [ 33.021301] The buggy address belongs to the physical page: [ 33.026875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10561e [ 33.034880] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 33.042533] flags: 0x200000000000040(head|node=0|zone=2) [ 33.047847] page_type: f5(slab) [ 33.050993] raw: 0200000000000040 ffff888105612500 dead000000000122 0000000000000000 [ 33.058741] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.066489] head: 0200000000000040 ffff888105612500 dead000000000122 0000000000000000 [ 33.074314] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 33.082176] head: 0200000000000001 ffffea0004158781 00000000ffffffff 00000000ffffffff [ 33.090010] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 33.097834] page dumped because: kasan: bad access detected [ 33.103422] [ 33.104917] Memory state around the buggy address: [ 33.109708] ffff88810561df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.116928] ffff88810561e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.124147] >ffff88810561e080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 33.131378] ^ [ 33.136983] ffff88810561e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.144202] ffff88810561e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.151426] ==================================================================