Date
July 20, 2025, 11:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.048323] ================================================================== [ 17.048393] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 17.048457] Read of size 1 at addr fff00000c78770c8 by task kunit_try_catch/207 [ 17.048509] [ 17.048544] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 17.048632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.048660] Hardware name: linux,dummy-virt (DT) [ 17.050024] Call trace: [ 17.050184] show_stack+0x20/0x38 (C) [ 17.050242] dump_stack_lvl+0x8c/0xd0 [ 17.050317] print_report+0x118/0x5d0 [ 17.050504] kasan_report+0xdc/0x128 [ 17.050555] __asan_report_load1_noabort+0x20/0x30 [ 17.050609] kmem_cache_oob+0x344/0x430 [ 17.050662] kunit_try_run_case+0x170/0x3f0 [ 17.051432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.051572] kthread+0x328/0x630 [ 17.051619] ret_from_fork+0x10/0x20 [ 17.051673] [ 17.051692] Allocated by task 207: [ 17.052385] kasan_save_stack+0x3c/0x68 [ 17.052596] kasan_save_track+0x20/0x40 [ 17.052858] kasan_save_alloc_info+0x40/0x58 [ 17.053137] __kasan_slab_alloc+0xa8/0xb0 [ 17.053318] kmem_cache_alloc_noprof+0x10c/0x398 [ 17.053725] kmem_cache_oob+0x12c/0x430 [ 17.053863] kunit_try_run_case+0x170/0x3f0 [ 17.053914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.054152] kthread+0x328/0x630 [ 17.054190] ret_from_fork+0x10/0x20 [ 17.054542] [ 17.054720] The buggy address belongs to the object at fff00000c7877000 [ 17.054720] which belongs to the cache test_cache of size 200 [ 17.054782] The buggy address is located 0 bytes to the right of [ 17.054782] allocated 200-byte region [fff00000c7877000, fff00000c78770c8) [ 17.054846] [ 17.055373] The buggy address belongs to the physical page: [ 17.055594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107877 [ 17.056000] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.056196] page_type: f5(slab) [ 17.056353] raw: 0bfffe0000000000 fff00000c5905a00 dead000000000122 0000000000000000 [ 17.056575] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 17.056819] page dumped because: kasan: bad access detected [ 17.056854] [ 17.056979] Memory state around the buggy address: [ 17.057300] fff00000c7876f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.057542] fff00000c7877000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.057750] >fff00000c7877080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 17.058062] ^ [ 17.058105] fff00000c7877100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.058151] fff00000c7877180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.058496] ==================================================================
[ 16.964307] ================================================================== [ 16.964391] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 16.964486] Read of size 1 at addr fff00000c788f0c8 by task kunit_try_catch/207 [ 16.964669] [ 16.964831] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT [ 16.964944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.964975] Hardware name: linux,dummy-virt (DT) [ 16.965035] Call trace: [ 16.965087] show_stack+0x20/0x38 (C) [ 16.965143] dump_stack_lvl+0x8c/0xd0 [ 16.965192] print_report+0x118/0x5d0 [ 16.965240] kasan_report+0xdc/0x128 [ 16.965450] __asan_report_load1_noabort+0x20/0x30 [ 16.965557] kmem_cache_oob+0x344/0x430 [ 16.965750] kunit_try_run_case+0x170/0x3f0 [ 16.965838] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.965948] kthread+0x328/0x630 [ 16.965994] ret_from_fork+0x10/0x20 [ 16.966367] [ 16.966450] Allocated by task 207: [ 16.966590] kasan_save_stack+0x3c/0x68 [ 16.968679] kasan_save_track+0x20/0x40 [ 16.968718] kasan_save_alloc_info+0x40/0x58 [ 16.968757] __kasan_slab_alloc+0xa8/0xb0 [ 16.968795] kmem_cache_alloc_noprof+0x10c/0x398 [ 16.968834] kmem_cache_oob+0x12c/0x430 [ 16.968871] kunit_try_run_case+0x170/0x3f0 [ 16.968908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.968962] kthread+0x328/0x630 [ 16.968995] ret_from_fork+0x10/0x20 [ 16.969037] [ 16.969057] The buggy address belongs to the object at fff00000c788f000 [ 16.969057] which belongs to the cache test_cache of size 200 [ 16.969115] The buggy address is located 0 bytes to the right of [ 16.969115] allocated 200-byte region [fff00000c788f000, fff00000c788f0c8) [ 16.969179] [ 16.969201] The buggy address belongs to the physical page: [ 16.969232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788f [ 16.969347] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.969405] page_type: f5(slab) [ 16.969447] raw: 0bfffe0000000000 fff00000c19dcc80 dead000000000122 0000000000000000 [ 16.969508] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 16.969549] page dumped because: kasan: bad access detected [ 16.969581] [ 16.969598] Memory state around the buggy address: [ 16.969641] fff00000c788ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.969687] fff00000c788f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.969731] >fff00000c788f080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 16.969779] ^ [ 16.969815] fff00000c788f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.969858] fff00000c788f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.969902] ==================================================================
[ 13.314429] ================================================================== [ 13.314863] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 13.315241] Read of size 1 at addr ffff8881031500c8 by task kunit_try_catch/225 [ 13.315539] [ 13.315686] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.315733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.315745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.315766] Call Trace: [ 13.315780] <TASK> [ 13.315798] dump_stack_lvl+0x73/0xb0 [ 13.315830] print_report+0xd1/0x610 [ 13.315852] ? __virt_addr_valid+0x1db/0x2d0 [ 13.315877] ? kmem_cache_oob+0x402/0x530 [ 13.315900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.315922] ? kmem_cache_oob+0x402/0x530 [ 13.315945] kasan_report+0x141/0x180 [ 13.315967] ? kmem_cache_oob+0x402/0x530 [ 13.315995] __asan_report_load1_noabort+0x18/0x20 [ 13.316019] kmem_cache_oob+0x402/0x530 [ 13.316039] ? trace_hardirqs_on+0x37/0xe0 [ 13.316064] ? __pfx_kmem_cache_oob+0x10/0x10 [ 13.316085] ? finish_task_switch.isra.0+0x153/0x700 [ 13.316108] ? __switch_to+0x47/0xf50 [ 13.316139] ? __pfx_read_tsc+0x10/0x10 [ 13.316161] ? ktime_get_ts64+0x86/0x230 [ 13.316186] kunit_try_run_case+0x1a5/0x480 [ 13.316212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.316234] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.316258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.316281] ? __kthread_parkme+0x82/0x180 [ 13.316302] ? preempt_count_sub+0x50/0x80 [ 13.316325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.316348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.316371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.316406] kthread+0x337/0x6f0 [ 13.316426] ? trace_preempt_on+0x20/0xc0 [ 13.316448] ? __pfx_kthread+0x10/0x10 [ 13.316469] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.316489] ? calculate_sigpending+0x7b/0xa0 [ 13.316514] ? __pfx_kthread+0x10/0x10 [ 13.316535] ret_from_fork+0x116/0x1d0 [ 13.316554] ? __pfx_kthread+0x10/0x10 [ 13.316575] ret_from_fork_asm+0x1a/0x30 [ 13.316786] </TASK> [ 13.316799] [ 13.324463] Allocated by task 225: [ 13.324599] kasan_save_stack+0x45/0x70 [ 13.324819] kasan_save_track+0x18/0x40 [ 13.325011] kasan_save_alloc_info+0x3b/0x50 [ 13.325219] __kasan_slab_alloc+0x91/0xa0 [ 13.325426] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.325646] kmem_cache_oob+0x157/0x530 [ 13.325839] kunit_try_run_case+0x1a5/0x480 [ 13.326013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.326189] kthread+0x337/0x6f0 [ 13.326533] ret_from_fork+0x116/0x1d0 [ 13.326866] ret_from_fork_asm+0x1a/0x30 [ 13.327161] [ 13.327241] The buggy address belongs to the object at ffff888103150000 [ 13.327241] which belongs to the cache test_cache of size 200 [ 13.327775] The buggy address is located 0 bytes to the right of [ 13.327775] allocated 200-byte region [ffff888103150000, ffff8881031500c8) [ 13.328284] [ 13.328446] The buggy address belongs to the physical page: [ 13.328626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103150 [ 13.328877] flags: 0x200000000000000(node=0|zone=2) [ 13.329046] page_type: f5(slab) [ 13.329239] raw: 0200000000000000 ffff888100eebc80 dead000000000122 0000000000000000 [ 13.329612] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.329946] page dumped because: kasan: bad access detected [ 13.330448] [ 13.330542] Memory state around the buggy address: [ 13.331144] ffff88810314ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.331429] ffff888103150000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.331743] >ffff888103150080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.331965] ^ [ 13.332144] ffff888103150100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.332562] ffff888103150180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.333148] ==================================================================
[ 13.414994] ================================================================== [ 13.415425] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 13.415731] Read of size 1 at addr ffff8881027b40c8 by task kunit_try_catch/224 [ 13.416154] [ 13.416266] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.416316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.416332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.416354] Call Trace: [ 13.416366] <TASK> [ 13.416386] dump_stack_lvl+0x73/0xb0 [ 13.416417] print_report+0xd1/0x610 [ 13.416439] ? __virt_addr_valid+0x1db/0x2d0 [ 13.416462] ? kmem_cache_oob+0x402/0x530 [ 13.416483] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.416504] ? kmem_cache_oob+0x402/0x530 [ 13.416527] kasan_report+0x141/0x180 [ 13.416548] ? kmem_cache_oob+0x402/0x530 [ 13.416574] __asan_report_load1_noabort+0x18/0x20 [ 13.416597] kmem_cache_oob+0x402/0x530 [ 13.416617] ? trace_hardirqs_on+0x37/0xe0 [ 13.416640] ? __pfx_kmem_cache_oob+0x10/0x10 [ 13.416669] ? finish_task_switch.isra.0+0x153/0x700 [ 13.416692] ? __switch_to+0x47/0xf50 [ 13.416720] ? __pfx_read_tsc+0x10/0x10 [ 13.416741] ? ktime_get_ts64+0x86/0x230 [ 13.416765] kunit_try_run_case+0x1a5/0x480 [ 13.416790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.416811] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.416834] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.416857] ? __kthread_parkme+0x82/0x180 [ 13.416877] ? preempt_count_sub+0x50/0x80 [ 13.416899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.416922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.416953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.416976] kthread+0x337/0x6f0 [ 13.416995] ? trace_preempt_on+0x20/0xc0 [ 13.417016] ? __pfx_kthread+0x10/0x10 [ 13.417036] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.417056] ? calculate_sigpending+0x7b/0xa0 [ 13.417080] ? __pfx_kthread+0x10/0x10 [ 13.417100] ret_from_fork+0x116/0x1d0 [ 13.417118] ? __pfx_kthread+0x10/0x10 [ 13.417138] ret_from_fork_asm+0x1a/0x30 [ 13.417178] </TASK> [ 13.417190] [ 13.425271] Allocated by task 224: [ 13.425502] kasan_save_stack+0x45/0x70 [ 13.425709] kasan_save_track+0x18/0x40 [ 13.425974] kasan_save_alloc_info+0x3b/0x50 [ 13.426176] __kasan_slab_alloc+0x91/0xa0 [ 13.426399] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.426601] kmem_cache_oob+0x157/0x530 [ 13.426772] kunit_try_run_case+0x1a5/0x480 [ 13.426921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.427098] kthread+0x337/0x6f0 [ 13.427237] ret_from_fork+0x116/0x1d0 [ 13.427527] ret_from_fork_asm+0x1a/0x30 [ 13.427723] [ 13.427818] The buggy address belongs to the object at ffff8881027b4000 [ 13.427818] which belongs to the cache test_cache of size 200 [ 13.428525] The buggy address is located 0 bytes to the right of [ 13.428525] allocated 200-byte region [ffff8881027b4000, ffff8881027b40c8) [ 13.429191] [ 13.429301] The buggy address belongs to the physical page: [ 13.429516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b4 [ 13.429848] flags: 0x200000000000000(node=0|zone=2) [ 13.430105] page_type: f5(slab) [ 13.430277] raw: 0200000000000000 ffff888101d4bc80 dead000000000122 0000000000000000 [ 13.430654] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.431018] page dumped because: kasan: bad access detected [ 13.431228] [ 13.431301] Memory state around the buggy address: [ 13.431461] ffff8881027b3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.431680] ffff8881027b4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.431898] >ffff8881027b4080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.432512] ^ [ 13.433132] ffff8881027b4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.433632] ffff8881027b4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.434032] ==================================================================