Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 50.350922] ================================================================== [ 50.360462] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 50.367141] Read of size 1 at addr ffff0008024560c8 by task kunit_try_catch/288 [ 50.374432] [ 50.375918] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 50.375972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.375988] Hardware name: WinLink E850-96 board (DT) [ 50.376009] Call trace: [ 50.376022] show_stack+0x20/0x38 (C) [ 50.376057] dump_stack_lvl+0x8c/0xd0 [ 50.376092] print_report+0x118/0x5d0 [ 50.376120] kasan_report+0xdc/0x128 [ 50.376149] __asan_report_load1_noabort+0x20/0x30 [ 50.376180] kmem_cache_oob+0x344/0x430 [ 50.376209] kunit_try_run_case+0x170/0x3f0 [ 50.376239] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.376274] kthread+0x328/0x630 [ 50.376302] ret_from_fork+0x10/0x20 [ 50.376335] [ 50.439625] Allocated by task 288: [ 50.443011] kasan_save_stack+0x3c/0x68 [ 50.446827] kasan_save_track+0x20/0x40 [ 50.450646] kasan_save_alloc_info+0x40/0x58 [ 50.454899] __kasan_slab_alloc+0xa8/0xb0 [ 50.458892] kmem_cache_alloc_noprof+0x10c/0x398 [ 50.463493] kmem_cache_oob+0x12c/0x430 [ 50.467312] kunit_try_run_case+0x170/0x3f0 [ 50.471479] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.476949] kthread+0x328/0x630 [ 50.480159] ret_from_fork+0x10/0x20 [ 50.483718] [ 50.485196] The buggy address belongs to the object at ffff000802456000 [ 50.485196] which belongs to the cache test_cache of size 200 [ 50.497609] The buggy address is located 0 bytes to the right of [ 50.497609] allocated 200-byte region [ffff000802456000, ffff0008024560c8) [ 50.510541] [ 50.512021] The buggy address belongs to the physical page: [ 50.517577] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882456 [ 50.525560] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.533201] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 50.540143] page_type: f5(slab) [ 50.543279] raw: 0bfffe0000000040 ffff000802435cc0 dead000000000122 0000000000000000 [ 50.550998] raw: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 50.558727] head: 0bfffe0000000040 ffff000802435cc0 dead000000000122 0000000000000000 [ 50.566536] head: 0000000000000000 00000000801f001f 00000000f5000000 0000000000000000 [ 50.574349] head: 0bfffe0000000001 fffffdffe0091581 00000000ffffffff 00000000ffffffff [ 50.582161] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 50.589968] page dumped because: kasan: bad access detected [ 50.595522] [ 50.596997] Memory state around the buggy address: [ 50.601778] ffff000802455f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.608982] ffff000802456000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.616185] >ffff000802456080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 50.623386] ^ [ 50.628947] ffff000802456100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.636151] ffff000802456180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.643351] ==================================================================
[ 31.017115] ================================================================== [ 31.017210] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 31.017593] Read of size 1 at addr fff00000c65270c8 by task kunit_try_catch/239 [ 31.018046] [ 31.018303] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 31.018396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.018422] Hardware name: linux,dummy-virt (DT) [ 31.018465] Call trace: [ 31.019078] show_stack+0x20/0x38 (C) [ 31.019754] dump_stack_lvl+0x8c/0xd0 [ 31.020811] print_report+0x118/0x5d0 [ 31.020928] kasan_report+0xdc/0x128 [ 31.021497] __asan_report_load1_noabort+0x20/0x30 [ 31.021685] kmem_cache_oob+0x344/0x430 [ 31.022050] kunit_try_run_case+0x170/0x3f0 [ 31.022115] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.022169] kthread+0x328/0x630 [ 31.022218] ret_from_fork+0x10/0x20 [ 31.022430] [ 31.022522] Allocated by task 239: [ 31.022996] kasan_save_stack+0x3c/0x68 [ 31.023318] kasan_save_track+0x20/0x40 [ 31.023540] kasan_save_alloc_info+0x40/0x58 [ 31.023628] __kasan_slab_alloc+0xa8/0xb0 [ 31.024084] kmem_cache_alloc_noprof+0x10c/0x398 [ 31.024155] kmem_cache_oob+0x12c/0x430 [ 31.024432] kunit_try_run_case+0x170/0x3f0 [ 31.024482] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.024775] kthread+0x328/0x630 [ 31.025031] ret_from_fork+0x10/0x20 [ 31.025186] [ 31.025213] The buggy address belongs to the object at fff00000c6527000 [ 31.025213] which belongs to the cache test_cache of size 200 [ 31.025272] The buggy address is located 0 bytes to the right of [ 31.025272] allocated 200-byte region [fff00000c6527000, fff00000c65270c8) [ 31.025969] [ 31.025994] The buggy address belongs to the physical page: [ 31.026071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106527 [ 31.026133] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.026650] page_type: f5(slab) [ 31.026694] raw: 0bfffe0000000000 fff00000c5c5c780 dead000000000122 0000000000000000 [ 31.026745] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 31.026786] page dumped because: kasan: bad access detected [ 31.026817] [ 31.026834] Memory state around the buggy address: [ 31.027655] fff00000c6526f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.028056] fff00000c6527000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.028112] >fff00000c6527080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.028151] ^ [ 31.028187] fff00000c6527100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.028229] fff00000c6527180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.028267] ==================================================================
[ 24.672265] ================================================================== [ 24.672820] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 24.673273] Read of size 1 at addr ffff8881059150c8 by task kunit_try_catch/255 [ 24.673575] [ 24.674143] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.674204] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.674218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.674243] Call Trace: [ 24.674259] <TASK> [ 24.674279] dump_stack_lvl+0x73/0xb0 [ 24.674453] print_report+0xd1/0x610 [ 24.674488] ? __virt_addr_valid+0x1db/0x2d0 [ 24.674530] ? kmem_cache_oob+0x402/0x530 [ 24.674557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.674607] ? kmem_cache_oob+0x402/0x530 [ 24.674636] kasan_report+0x141/0x180 [ 24.674663] ? kmem_cache_oob+0x402/0x530 [ 24.674697] __asan_report_load1_noabort+0x18/0x20 [ 24.674725] kmem_cache_oob+0x402/0x530 [ 24.674751] ? trace_hardirqs_on+0x37/0xe0 [ 24.674781] ? __pfx_kmem_cache_oob+0x10/0x10 [ 24.674807] ? finish_task_switch.isra.0+0x153/0x700 [ 24.674834] ? __switch_to+0x47/0xf80 [ 24.674872] ? __pfx_read_tsc+0x10/0x10 [ 24.674898] ? ktime_get_ts64+0x86/0x230 [ 24.674929] kunit_try_run_case+0x1a5/0x480 [ 24.674958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.674983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.675011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.675038] ? __kthread_parkme+0x82/0x180 [ 24.675062] ? preempt_count_sub+0x50/0x80 [ 24.675091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.675119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.675149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.675180] kthread+0x337/0x6f0 [ 24.675204] ? trace_preempt_on+0x20/0xc0 [ 24.675231] ? __pfx_kthread+0x10/0x10 [ 24.675256] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.675285] ? calculate_sigpending+0x7b/0xa0 [ 24.675314] ? __pfx_kthread+0x10/0x10 [ 24.675341] ret_from_fork+0x116/0x1d0 [ 24.675364] ? __pfx_kthread+0x10/0x10 [ 24.675389] ret_from_fork_asm+0x1a/0x30 [ 24.675429] </TASK> [ 24.675442] [ 24.688171] Allocated by task 255: [ 24.688341] kasan_save_stack+0x45/0x70 [ 24.688895] kasan_save_track+0x18/0x40 [ 24.689206] kasan_save_alloc_info+0x3b/0x50 [ 24.689544] __kasan_slab_alloc+0x91/0xa0 [ 24.689949] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.690327] kmem_cache_oob+0x157/0x530 [ 24.690794] kunit_try_run_case+0x1a5/0x480 [ 24.691004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.691238] kthread+0x337/0x6f0 [ 24.691410] ret_from_fork+0x116/0x1d0 [ 24.691600] ret_from_fork_asm+0x1a/0x30 [ 24.692136] [ 24.692212] The buggy address belongs to the object at ffff888105915000 [ 24.692212] which belongs to the cache test_cache of size 200 [ 24.693395] The buggy address is located 0 bytes to the right of [ 24.693395] allocated 200-byte region [ffff888105915000, ffff8881059150c8) [ 24.694387] [ 24.694504] The buggy address belongs to the physical page: [ 24.695063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105915 [ 24.695548] flags: 0x200000000000000(node=0|zone=2) [ 24.696068] page_type: f5(slab) [ 24.696228] raw: 0200000000000000 ffff8881017428c0 dead000000000122 0000000000000000 [ 24.696943] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.697258] page dumped because: kasan: bad access detected [ 24.697764] [ 24.697986] Memory state around the buggy address: [ 24.698358] ffff888105914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.698914] ffff888105915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.699388] >ffff888105915080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.699889] ^ [ 24.700287] ffff888105915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.700578] ffff888105915180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.701231] ==================================================================