Hay
Sign in
Date
July 8, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.819084] ==================================================================
[   19.819148] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430
[   19.819744] Read of size 1 at addr fff00000c63e50c8 by task kunit_try_catch/207
[   19.820487] 
[   19.820538] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.820798] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.820862] Hardware name: linux,dummy-virt (DT)
[   19.820930] Call trace:
[   19.821032]  show_stack+0x20/0x38 (C)
[   19.821089]  dump_stack_lvl+0x8c/0xd0
[   19.821587]  print_report+0x118/0x608
[   19.821808]  kasan_report+0xdc/0x128
[   19.821857]  __asan_report_load1_noabort+0x20/0x30
[   19.822441]  kmem_cache_oob+0x344/0x430
[   19.822767]  kunit_try_run_case+0x170/0x3f0
[   19.823203]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.823694]  kthread+0x328/0x630
[   19.824022]  ret_from_fork+0x10/0x20
[   19.824101] 
[   19.824120] Allocated by task 207:
[   19.824502]  kasan_save_stack+0x3c/0x68
[   19.824559]  kasan_save_track+0x20/0x40
[   19.824925]  kasan_save_alloc_info+0x40/0x58
[   19.824969]  __kasan_slab_alloc+0xa8/0xb0
[   19.825528]  kmem_cache_alloc_noprof+0x10c/0x398
[   19.825701]  kmem_cache_oob+0x12c/0x430
[   19.825812]  kunit_try_run_case+0x170/0x3f0
[   19.826087]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.826387]  kthread+0x328/0x630
[   19.826439]  ret_from_fork+0x10/0x20
[   19.826787] 
[   19.826814] The buggy address belongs to the object at fff00000c63e5000
[   19.826814]  which belongs to the cache test_cache of size 200
[   19.827124] The buggy address is located 0 bytes to the right of
[   19.827124]  allocated 200-byte region [fff00000c63e5000, fff00000c63e50c8)
[   19.827642] 
[   19.827664] The buggy address belongs to the physical page:
[   19.827697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063e5
[   19.827796] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.827852] page_type: f5(slab)
[   19.827897] raw: 0bfffe0000000000 fff00000c63df000 dead000000000122 0000000000000000
[   19.828114] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   19.828167] page dumped because: kasan: bad access detected
[   19.828604] 
[   19.828628] Memory state around the buggy address:
[   19.828673]  fff00000c63e4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.828720]  fff00000c63e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.828763] >fff00000c63e5080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   19.829245]                                               ^
[   19.829532]  fff00000c63e5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.829984]  fff00000c63e5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.830502] ==================================================================
Metadata Full log Test run details 

[   13.179627] ==================================================================
[   13.180305] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530
[   13.180670] Read of size 1 at addr ffff888102b8f0c8 by task kunit_try_catch/225
[   13.181075] 
[   13.181187] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.181233] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.181244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.181266] Call Trace:
[   13.181279]  <TASK>
[   13.181297]  dump_stack_lvl+0x73/0xb0
[   13.181331]  print_report+0xd1/0x650
[   13.181354]  ? __virt_addr_valid+0x1db/0x2d0
[   13.181379]  ? kmem_cache_oob+0x402/0x530
[   13.181402]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.181425]  ? kmem_cache_oob+0x402/0x530
[   13.181447]  kasan_report+0x141/0x180
[   13.181469]  ? kmem_cache_oob+0x402/0x530
[   13.181496]  __asan_report_load1_noabort+0x18/0x20
[   13.181521]  kmem_cache_oob+0x402/0x530
[   13.181542]  ? trace_hardirqs_on+0x37/0xe0
[   13.181567]  ? __pfx_kmem_cache_oob+0x10/0x10
[   13.181594]  ? __kasan_check_write+0x18/0x20
[   13.181626]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.181662]  ? irqentry_exit+0x2a/0x60
[   13.181686]  ? trace_hardirqs_on+0x37/0xe0
[   13.181715]  ? __pfx_read_tsc+0x10/0x10
[   13.181738]  ? ktime_get_ts64+0x86/0x230
[   13.181764]  kunit_try_run_case+0x1a5/0x480
[   13.181790]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.181815]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.181838]  ? __kthread_parkme+0x82/0x180
[   13.181861]  ? preempt_count_sub+0x50/0x80
[   13.181886]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.181910]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.181934]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.181960]  kthread+0x337/0x6f0
[   13.181987]  ? trace_preempt_on+0x20/0xc0
[   13.182009]  ? __pfx_kthread+0x10/0x10
[   13.182029]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.182050]  ? calculate_sigpending+0x7b/0xa0
[   13.182075]  ? __pfx_kthread+0x10/0x10
[   13.182096]  ret_from_fork+0x116/0x1d0
[   13.182114]  ? __pfx_kthread+0x10/0x10
[   13.182134]  ret_from_fork_asm+0x1a/0x30
[   13.182168]  </TASK>
[   13.182178] 
[   13.189808] Allocated by task 225:
[   13.190012]  kasan_save_stack+0x45/0x70
[   13.190200]  kasan_save_track+0x18/0x40
[   13.190380]  kasan_save_alloc_info+0x3b/0x50
[   13.190622]  __kasan_slab_alloc+0x91/0xa0
[   13.190764]  kmem_cache_alloc_noprof+0x123/0x3f0
[   13.190919]  kmem_cache_oob+0x157/0x530
[   13.191120]  kunit_try_run_case+0x1a5/0x480
[   13.191537]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.191773]  kthread+0x337/0x6f0
[   13.191937]  ret_from_fork+0x116/0x1d0
[   13.192112]  ret_from_fork_asm+0x1a/0x30
[   13.192251] 
[   13.192321] The buggy address belongs to the object at ffff888102b8f000
[   13.192321]  which belongs to the cache test_cache of size 200
[   13.192688] The buggy address is located 0 bytes to the right of
[   13.192688]  allocated 200-byte region [ffff888102b8f000, ffff888102b8f0c8)
[   13.193230] 
[   13.193327] The buggy address belongs to the physical page:
[   13.193819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b8f
[   13.194281] flags: 0x200000000000000(node=0|zone=2)
[   13.194448] page_type: f5(slab)
[   13.194569] raw: 0200000000000000 ffff888101270dc0 dead000000000122 0000000000000000
[   13.194810] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   13.195035] page dumped because: kasan: bad access detected
[   13.195293] 
[   13.195384] Memory state around the buggy address:
[   13.195620]  ffff888102b8ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.195946]  ffff888102b8f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.196270] >ffff888102b8f080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   13.196918]                                               ^
[   13.197091]  ffff888102b8f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.197382]  ffff888102b8f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.197713] ==================================================================
Metadata Full log Test run details