Hay
Sign in
Date
July 10, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.386767] ==================================================================
[   16.387158] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430
[   16.387265] Read of size 1 at addr fff00000c64150c8 by task kunit_try_catch/207
[   16.387683] 
[   16.387914] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.388356] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.388392] Hardware name: linux,dummy-virt (DT)
[   16.388686] Call trace:
[   16.389093]  show_stack+0x20/0x38 (C)
[   16.389258]  dump_stack_lvl+0x8c/0xd0
[   16.389509]  print_report+0x118/0x608
[   16.389701]  kasan_report+0xdc/0x128
[   16.389759]  __asan_report_load1_noabort+0x20/0x30
[   16.389963]  kmem_cache_oob+0x344/0x430
[   16.390041]  kunit_try_run_case+0x170/0x3f0
[   16.390122]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.390465]  kthread+0x328/0x630
[   16.390618]  ret_from_fork+0x10/0x20
[   16.390816] 
[   16.391036] Allocated by task 207:
[   16.391159]  kasan_save_stack+0x3c/0x68
[   16.391207]  kasan_save_track+0x20/0x40
[   16.391385]  kasan_save_alloc_info+0x40/0x58
[   16.391480]  __kasan_slab_alloc+0xa8/0xb0
[   16.391717]  kmem_cache_alloc_noprof+0x10c/0x398
[   16.391760]  kmem_cache_oob+0x12c/0x430
[   16.392291]  kunit_try_run_case+0x170/0x3f0
[   16.392678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.392955]  kthread+0x328/0x630
[   16.393003]  ret_from_fork+0x10/0x20
[   16.393213] 
[   16.393282] The buggy address belongs to the object at fff00000c6415000
[   16.393282]  which belongs to the cache test_cache of size 200
[   16.393575] The buggy address is located 0 bytes to the right of
[   16.393575]  allocated 200-byte region [fff00000c6415000, fff00000c64150c8)
[   16.393951] 
[   16.393983] The buggy address belongs to the physical page:
[   16.394047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106415
[   16.394117] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.394173] page_type: f5(slab)
[   16.394648] raw: 0bfffe0000000000 fff00000c5696280 dead000000000122 0000000000000000
[   16.394894] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   16.395195] page dumped because: kasan: bad access detected
[   16.395253] 
[   16.395482] Memory state around the buggy address:
[   16.395521]  fff00000c6414f80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   16.396063]  fff00000c6415000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.396133] >fff00000c6415080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   16.396182]                                               ^
[   16.396223]  fff00000c6415100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.396408]  fff00000c6415180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.396457] ==================================================================
Metadata Full log Test run details 

[   13.359052] ==================================================================
[   13.359979] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530
[   13.360216] Read of size 1 at addr ffff8881027b70c8 by task kunit_try_catch/224
[   13.360464] 
[   13.360596] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.360640] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.360651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.360682] Call Trace:
[   13.360712]  <TASK>
[   13.360728]  dump_stack_lvl+0x73/0xb0
[   13.361007]  print_report+0xd1/0x650
[   13.361030]  ? __virt_addr_valid+0x1db/0x2d0
[   13.361052]  ? kmem_cache_oob+0x402/0x530
[   13.361074]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.361097]  ? kmem_cache_oob+0x402/0x530
[   13.361119]  kasan_report+0x141/0x180
[   13.361140]  ? kmem_cache_oob+0x402/0x530
[   13.361166]  __asan_report_load1_noabort+0x18/0x20
[   13.361191]  kmem_cache_oob+0x402/0x530
[   13.361211]  ? trace_hardirqs_on+0x37/0xe0
[   13.361235]  ? __pfx_kmem_cache_oob+0x10/0x10
[   13.361257]  ? finish_task_switch.isra.0+0x153/0x700
[   13.361280]  ? __switch_to+0x47/0xf50
[   13.361307]  ? __pfx_read_tsc+0x10/0x10
[   13.361328]  ? ktime_get_ts64+0x86/0x230
[   13.361352]  kunit_try_run_case+0x1a5/0x480
[   13.361413]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.361436]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.361482]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.361506]  ? __kthread_parkme+0x82/0x180
[   13.361525]  ? preempt_count_sub+0x50/0x80
[   13.361548]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.361572]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.361596]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.361620]  kthread+0x337/0x6f0
[   13.361638]  ? trace_preempt_on+0x20/0xc0
[   13.361660]  ? __pfx_kthread+0x10/0x10
[   13.361680]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.361701]  ? calculate_sigpending+0x7b/0xa0
[   13.361724]  ? __pfx_kthread+0x10/0x10
[   13.361745]  ret_from_fork+0x116/0x1d0
[   13.361763]  ? __pfx_kthread+0x10/0x10
[   13.361783]  ret_from_fork_asm+0x1a/0x30
[   13.361813]  </TASK>
[   13.361823] 
[   13.369743] Allocated by task 224:
[   13.369924]  kasan_save_stack+0x45/0x70
[   13.370125]  kasan_save_track+0x18/0x40
[   13.370388]  kasan_save_alloc_info+0x3b/0x50
[   13.370763]  __kasan_slab_alloc+0x91/0xa0
[   13.371024]  kmem_cache_alloc_noprof+0x123/0x3f0
[   13.371260]  kmem_cache_oob+0x157/0x530
[   13.371625]  kunit_try_run_case+0x1a5/0x480
[   13.371854]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.372119]  kthread+0x337/0x6f0
[   13.372257]  ret_from_fork+0x116/0x1d0
[   13.372400]  ret_from_fork_asm+0x1a/0x30
[   13.372540] 
[   13.372708] The buggy address belongs to the object at ffff8881027b7000
[   13.372708]  which belongs to the cache test_cache of size 200
[   13.373295] The buggy address is located 0 bytes to the right of
[   13.373295]  allocated 200-byte region [ffff8881027b7000, ffff8881027b70c8)
[   13.373833] 
[   13.373961] The buggy address belongs to the physical page:
[   13.374441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b7
[   13.374765] flags: 0x200000000000000(node=0|zone=2)
[   13.374945] page_type: f5(slab)
[   13.375065] raw: 0200000000000000 ffff88810130ddc0 dead000000000122 0000000000000000
[   13.375293] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   13.375617] page dumped because: kasan: bad access detected
[   13.375867] 
[   13.375959] Memory state around the buggy address:
[   13.376182]  ffff8881027b6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.376800]  ffff8881027b7000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.377138] >ffff8881027b7080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   13.377605]                                               ^
[   13.377857]  ffff8881027b7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.378193]  ffff8881027b7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.378655] ==================================================================
Metadata Full log Test run details