Date
June 20, 2025, 12:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.827329] ================================================================== [ 32.827550] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 32.828234] Read of size 1 at addr fff00000c59f60c8 by task kunit_try_catch/218 [ 32.828819] [ 32.829212] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT [ 32.829805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.829876] Hardware name: linux,dummy-virt (DT) [ 32.829959] Call trace: [ 32.830018] show_stack+0x20/0x38 (C) [ 32.830184] dump_stack_lvl+0x8c/0xd0 [ 32.830311] print_report+0x118/0x608 [ 32.830428] kasan_report+0xdc/0x128 [ 32.830545] __asan_report_load1_noabort+0x20/0x30 [ 32.831483] kmem_cache_oob+0x344/0x430 [ 32.831844] kunit_try_run_case+0x170/0x3f0 [ 32.831974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.832567] kthread+0x328/0x630 [ 32.832802] ret_from_fork+0x10/0x20 [ 32.833008] [ 32.833056] Allocated by task 218: [ 32.833115] kasan_save_stack+0x3c/0x68 [ 32.833196] kasan_save_track+0x20/0x40 [ 32.833277] kasan_save_alloc_info+0x40/0x58 [ 32.833368] __kasan_slab_alloc+0xa8/0xb0 [ 32.834037] kmem_cache_alloc_noprof+0x10c/0x398 [ 32.834304] kmem_cache_oob+0x12c/0x430 [ 32.834413] kunit_try_run_case+0x170/0x3f0 [ 32.834505] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.834604] kthread+0x328/0x630 [ 32.835135] ret_from_fork+0x10/0x20 [ 32.835248] [ 32.835540] The buggy address belongs to the object at fff00000c59f6000 [ 32.835540] which belongs to the cache test_cache of size 200 [ 32.836133] The buggy address is located 0 bytes to the right of [ 32.836133] allocated 200-byte region [fff00000c59f6000, fff00000c59f60c8) [ 32.836388] [ 32.836555] The buggy address belongs to the physical page: [ 32.836662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059f6 [ 32.836899] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.837019] page_type: f5(slab) [ 32.837607] raw: 0bfffe0000000000 fff00000c59f3000 dead000000000122 0000000000000000 [ 32.837841] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 32.838050] page dumped because: kasan: bad access detected [ 32.838290] [ 32.838359] Memory state around the buggy address: [ 32.838445] fff00000c59f5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.838736] fff00000c59f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.838857] >fff00000c59f6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 32.838966] ^ [ 32.839065] fff00000c59f6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.840335] fff00000c59f6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.840798] ==================================================================
[ 26.355284] ================================================================== [ 26.355792] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 26.356328] Read of size 1 at addr ffff888102ab00c8 by task kunit_try_catch/236 [ 26.356760] [ 26.356900] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) [ 26.356960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.356974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.356999] Call Trace: [ 26.357016] <TASK> [ 26.357039] dump_stack_lvl+0x73/0xb0 [ 26.357091] print_report+0xd1/0x650 [ 26.357118] ? __virt_addr_valid+0x1db/0x2d0 [ 26.357156] ? kmem_cache_oob+0x402/0x530 [ 26.357183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.357209] ? kmem_cache_oob+0x402/0x530 [ 26.357233] kasan_report+0x141/0x180 [ 26.357255] ? kmem_cache_oob+0x402/0x530 [ 26.357283] __asan_report_load1_noabort+0x18/0x20 [ 26.357307] kmem_cache_oob+0x402/0x530 [ 26.357331] ? __pfx_kmem_cache_oob+0x10/0x10 [ 26.357353] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.357384] ? __pfx_kmem_cache_oob+0x10/0x10 [ 26.357411] kunit_try_run_case+0x1a5/0x480 [ 26.357438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.357472] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.357497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.357521] ? __kthread_parkme+0x82/0x180 [ 26.357544] ? preempt_count_sub+0x50/0x80 [ 26.357570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.357595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.357624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.357655] kthread+0x337/0x6f0 [ 26.357676] ? trace_preempt_on+0x20/0xc0 [ 26.357701] ? __pfx_kthread+0x10/0x10 [ 26.357723] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.357744] ? calculate_sigpending+0x7b/0xa0 [ 26.357769] ? __pfx_kthread+0x10/0x10 [ 26.357791] ret_from_fork+0x116/0x1d0 [ 26.357812] ? __pfx_kthread+0x10/0x10 [ 26.357833] ret_from_fork_asm+0x1a/0x30 [ 26.357865] </TASK> [ 26.357878] [ 26.367495] Allocated by task 236: [ 26.367809] kasan_save_stack+0x45/0x70 [ 26.368122] kasan_save_track+0x18/0x40 [ 26.368389] kasan_save_alloc_info+0x3b/0x50 [ 26.368778] __kasan_slab_alloc+0x91/0xa0 [ 26.368975] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.369286] kmem_cache_oob+0x157/0x530 [ 26.369457] kunit_try_run_case+0x1a5/0x480 [ 26.369843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.370065] kthread+0x337/0x6f0 [ 26.370376] ret_from_fork+0x116/0x1d0 [ 26.370516] ret_from_fork_asm+0x1a/0x30 [ 26.370788] [ 26.370958] The buggy address belongs to the object at ffff888102ab0000 [ 26.370958] which belongs to the cache test_cache of size 200 [ 26.371529] The buggy address is located 0 bytes to the right of [ 26.371529] allocated 200-byte region [ffff888102ab0000, ffff888102ab00c8) [ 26.372231] [ 26.372310] The buggy address belongs to the physical page: [ 26.372708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab0 [ 26.373134] flags: 0x200000000000000(node=0|zone=2) [ 26.373410] page_type: f5(slab) [ 26.373731] raw: 0200000000000000 ffff888101a68280 dead000000000122 0000000000000000 [ 26.374073] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.374518] page dumped because: kasan: bad access detected [ 26.374870] [ 26.374928] Memory state around the buggy address: [ 26.375306] ffff888102aaff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.375743] ffff888102ab0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.376216] >ffff888102ab0080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.376751] ^ [ 26.376902] ffff888102ab0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.377348] ffff888102ab0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.377647] ==================================================================