Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 50.462033] ================================================================== [ 50.471582] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 50.478260] Read of size 1 at addr ffff000803b960c8 by task kunit_try_catch/291 [ 50.485550] [ 50.487035] CPU: 5 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 50.487096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.487112] Hardware name: WinLink E850-96 board (DT) [ 50.487136] Call trace: [ 50.487154] show_stack+0x20/0x38 (C) [ 50.487188] dump_stack_lvl+0x8c/0xd0 [ 50.487220] print_report+0x118/0x5d0 [ 50.487248] kasan_report+0xdc/0x128 [ 50.487275] __asan_report_load1_noabort+0x20/0x30 [ 50.487307] kmem_cache_oob+0x344/0x430 [ 50.487339] kunit_try_run_case+0x170/0x3f0 [ 50.487380] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.487415] kthread+0x328/0x630 [ 50.487444] ret_from_fork+0x10/0x20 [ 50.487478] [ 50.550740] Allocated by task 291: [ 50.554127] kasan_save_stack+0x3c/0x68 [ 50.557943] kasan_save_track+0x20/0x40 [ 50.561763] kasan_save_alloc_info+0x40/0x58 [ 50.566016] __kasan_slab_alloc+0xa8/0xb0 [ 50.570009] kmem_cache_alloc_noprof+0x10c/0x398 [ 50.574610] kmem_cache_oob+0x12c/0x430 [ 50.578429] kunit_try_run_case+0x170/0x3f0 [ 50.582596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.588064] kthread+0x328/0x630 [ 50.591276] ret_from_fork+0x10/0x20 [ 50.594835] [ 50.596313] The buggy address belongs to the object at ffff000803b96000 [ 50.596313] which belongs to the cache test_cache of size 200 [ 50.608726] The buggy address is located 0 bytes to the right of [ 50.608726] allocated 200-byte region [ffff000803b96000, ffff000803b960c8) [ 50.621658] [ 50.623136] The buggy address belongs to the physical page: [ 50.628693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883b96 [ 50.636676] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.644317] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 50.651259] page_type: f5(slab) [ 50.654397] raw: 0bfffe0000000040 ffff000801e597c0 dead000000000122 0000000000000000 [ 50.662116] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 50.669843] head: 0bfffe0000000040 ffff000801e597c0 dead000000000122 0000000000000000 [ 50.677653] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 50.685466] head: 0bfffe0000000001 fffffdffe00ee581 00000000ffffffff 00000000ffffffff [ 50.693278] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 50.701084] page dumped because: kasan: bad access detected [ 50.706639] [ 50.708115] Memory state around the buggy address: [ 50.712894] ffff000803b95f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.720099] ffff000803b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.727306] >ffff000803b96080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 50.734503] ^ [ 50.740063] ffff000803b96100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.747267] ffff000803b96180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.754470] ==================================================================
[ 30.864154] ================================================================== [ 30.864344] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 30.864416] Read of size 1 at addr fff00000c9a000c8 by task kunit_try_catch/238 [ 30.864482] [ 30.864521] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.864619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.864648] Hardware name: linux,dummy-virt (DT) [ 30.864683] Call trace: [ 30.864716] show_stack+0x20/0x38 (C) [ 30.864769] dump_stack_lvl+0x8c/0xd0 [ 30.864816] print_report+0x118/0x5d0 [ 30.864860] kasan_report+0xdc/0x128 [ 30.864910] __asan_report_load1_noabort+0x20/0x30 [ 30.864967] kmem_cache_oob+0x344/0x430 [ 30.865017] kunit_try_run_case+0x170/0x3f0 [ 30.865069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.865133] kthread+0x328/0x630 [ 30.865177] ret_from_fork+0x10/0x20 [ 30.865228] [ 30.865246] Allocated by task 238: [ 30.865276] kasan_save_stack+0x3c/0x68 [ 30.865330] kasan_save_track+0x20/0x40 [ 30.865370] kasan_save_alloc_info+0x40/0x58 [ 30.865410] __kasan_slab_alloc+0xa8/0xb0 [ 30.865450] kmem_cache_alloc_noprof+0x10c/0x398 [ 30.865496] kmem_cache_oob+0x12c/0x430 [ 30.865534] kunit_try_run_case+0x170/0x3f0 [ 30.865598] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.865666] kthread+0x328/0x630 [ 30.865700] ret_from_fork+0x10/0x20 [ 30.865737] [ 30.865756] The buggy address belongs to the object at fff00000c9a00000 [ 30.865756] which belongs to the cache test_cache of size 200 [ 30.865825] The buggy address is located 0 bytes to the right of [ 30.865825] allocated 200-byte region [fff00000c9a00000, fff00000c9a000c8) [ 30.865902] [ 30.865923] The buggy address belongs to the physical page: [ 30.865974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a00 [ 30.866066] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.866135] page_type: f5(slab) [ 30.866177] raw: 0bfffe0000000000 fff00000c3e183c0 dead000000000122 0000000000000000 [ 30.866235] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 30.866282] page dumped because: kasan: bad access detected [ 30.866316] [ 30.866345] Memory state around the buggy address: [ 30.866379] fff00000c99fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.866463] fff00000c9a00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.866528] >fff00000c9a00080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 30.866628] ^ [ 30.866730] fff00000c9a00100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.866824] fff00000c9a00180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.866920] ==================================================================
[ 24.417373] ================================================================== [ 24.417832] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 24.418125] Read of size 1 at addr ffff888104cbe0c8 by task kunit_try_catch/257 [ 24.418375] [ 24.418535] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.418586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.418598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.418620] Call Trace: [ 24.418633] <TASK> [ 24.418653] dump_stack_lvl+0x73/0xb0 [ 24.418698] print_report+0xd1/0x610 [ 24.418743] ? __virt_addr_valid+0x1db/0x2d0 [ 24.418774] ? kmem_cache_oob+0x402/0x530 [ 24.418796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.418822] ? kmem_cache_oob+0x402/0x530 [ 24.418844] kasan_report+0x141/0x180 [ 24.418866] ? kmem_cache_oob+0x402/0x530 [ 24.418893] __asan_report_load1_noabort+0x18/0x20 [ 24.418916] kmem_cache_oob+0x402/0x530 [ 24.418937] ? trace_hardirqs_on+0x37/0xe0 [ 24.418960] ? __pfx_kmem_cache_oob+0x10/0x10 [ 24.418983] ? __kasan_check_write+0x18/0x20 [ 24.419006] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.419030] ? irqentry_exit+0x2a/0x60 [ 24.419054] ? trace_hardirqs_on+0x37/0xe0 [ 24.419084] ? __pfx_read_tsc+0x10/0x10 [ 24.419106] ? ktime_get_ts64+0x86/0x230 [ 24.419131] kunit_try_run_case+0x1a5/0x480 [ 24.419154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.419176] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.419198] ? __kthread_parkme+0x82/0x180 [ 24.419220] ? preempt_count_sub+0x50/0x80 [ 24.419243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.419264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.419288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.419313] kthread+0x337/0x6f0 [ 24.419333] ? trace_preempt_on+0x20/0xc0 [ 24.419364] ? __pfx_kthread+0x10/0x10 [ 24.419384] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.419406] ? calculate_sigpending+0x7b/0xa0 [ 24.419432] ? __pfx_kthread+0x10/0x10 [ 24.419454] ret_from_fork+0x116/0x1d0 [ 24.419473] ? __pfx_kthread+0x10/0x10 [ 24.419494] ret_from_fork_asm+0x1a/0x30 [ 24.419524] </TASK> [ 24.419536] [ 24.427032] Allocated by task 257: [ 24.427215] kasan_save_stack+0x45/0x70 [ 24.427463] kasan_save_track+0x18/0x40 [ 24.427660] kasan_save_alloc_info+0x3b/0x50 [ 24.427882] __kasan_slab_alloc+0x91/0xa0 [ 24.428061] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.428246] kmem_cache_oob+0x157/0x530 [ 24.428485] kunit_try_run_case+0x1a5/0x480 [ 24.428650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.428914] kthread+0x337/0x6f0 [ 24.429065] ret_from_fork+0x116/0x1d0 [ 24.429202] ret_from_fork_asm+0x1a/0x30 [ 24.429583] [ 24.429671] The buggy address belongs to the object at ffff888104cbe000 [ 24.429671] which belongs to the cache test_cache of size 200 [ 24.430158] The buggy address is located 0 bytes to the right of [ 24.430158] allocated 200-byte region [ffff888104cbe000, ffff888104cbe0c8) [ 24.430752] [ 24.430845] The buggy address belongs to the physical page: [ 24.431044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cbe [ 24.431441] flags: 0x200000000000000(node=0|zone=2) [ 24.431720] page_type: f5(slab) [ 24.431859] raw: 0200000000000000 ffff88815a88c000 dead000000000122 0000000000000000 [ 24.432136] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.432360] page dumped because: kasan: bad access detected [ 24.432524] [ 24.432587] Memory state around the buggy address: [ 24.432744] ffff888104cbdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.433018] ffff888104cbe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.433611] >ffff888104cbe080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.434102] ^ [ 24.434364] ffff888104cbe100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.434891] ffff888104cbe180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.435096] ==================================================================