Hay
Sign in
Date
June 25, 2025, 8:08 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   27.254693] ==================================================================
[   27.254922] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430
[   27.254995] Read of size 1 at addr fff00000c78160c8 by task kunit_try_catch/219
[   27.255045] 
[   27.255149] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   27.255385] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.255421] Hardware name: linux,dummy-virt (DT)
[   27.255454] Call trace:
[   27.255477]  show_stack+0x20/0x38 (C)
[   27.255599]  dump_stack_lvl+0x8c/0xd0
[   27.255705]  print_report+0x118/0x608
[   27.255754]  kasan_report+0xdc/0x128
[   27.255829]  __asan_report_load1_noabort+0x20/0x30
[   27.255908]  kmem_cache_oob+0x344/0x430
[   27.255958]  kunit_try_run_case+0x170/0x3f0
[   27.256060]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.256126]  kthread+0x328/0x630
[   27.256170]  ret_from_fork+0x10/0x20
[   27.256234] 
[   27.256252] Allocated by task 219:
[   27.256283]  kasan_save_stack+0x3c/0x68
[   27.256325]  kasan_save_track+0x20/0x40
[   27.256364]  kasan_save_alloc_info+0x40/0x58
[   27.256483]  __kasan_slab_alloc+0xa8/0xb0
[   27.256555]  kmem_cache_alloc_noprof+0x10c/0x398
[   27.256633]  kmem_cache_oob+0x12c/0x430
[   27.256717]  kunit_try_run_case+0x170/0x3f0
[   27.256900]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.256943]  kthread+0x328/0x630
[   27.256975]  ret_from_fork+0x10/0x20
[   27.257010] 
[   27.257029] The buggy address belongs to the object at fff00000c7816000
[   27.257029]  which belongs to the cache test_cache of size 200
[   27.257142] The buggy address is located 0 bytes to the right of
[   27.257142]  allocated 200-byte region [fff00000c7816000, fff00000c78160c8)
[   27.257493] 
[   27.257619] The buggy address belongs to the physical page:
[   27.257705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107816
[   27.257789] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   27.257858] page_type: f5(slab)
[   27.257899] raw: 0bfffe0000000000 fff00000c3ef9c80 dead000000000122 0000000000000000
[   27.258217] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   27.258540] page dumped because: kasan: bad access detected
[   27.258576] 
[   27.258655] Memory state around the buggy address:
[   27.258700]  fff00000c7815f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.258763]  fff00000c7816000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.258807] >fff00000c7816080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   27.258848]                                               ^
[   27.258885]  fff00000c7816100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.259290]  fff00000c7816180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.259403] ==================================================================
Metadata Full log Test run details 

[   22.512580] ==================================================================
[   22.513610] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530
[   22.514538] Read of size 1 at addr ffff888103ae50c8 by task kunit_try_catch/236
[   22.514814] 
[   22.514901] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   22.514959] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.515130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.515178] Call Trace:
[   22.515192]  <TASK>
[   22.515209]  dump_stack_lvl+0x73/0xb0
[   22.515238]  print_report+0xd1/0x650
[   22.515265]  ? __virt_addr_valid+0x1db/0x2d0
[   22.515289]  ? kmem_cache_oob+0x402/0x530
[   22.515309]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.515333]  ? kmem_cache_oob+0x402/0x530
[   22.515354]  kasan_report+0x141/0x180
[   22.515374]  ? kmem_cache_oob+0x402/0x530
[   22.515399]  __asan_report_load1_noabort+0x18/0x20
[   22.515421]  kmem_cache_oob+0x402/0x530
[   22.515440]  ? trace_hardirqs_on+0x37/0xe0
[   22.515462]  ? __pfx_kmem_cache_oob+0x10/0x10
[   22.515482]  ? finish_task_switch.isra.0+0x153/0x700
[   22.515504]  ? __switch_to+0x47/0xf50
[   22.515531]  ? __pfx_read_tsc+0x10/0x10
[   22.515551]  ? ktime_get_ts64+0x86/0x230
[   22.515575]  kunit_try_run_case+0x1a5/0x480
[   22.515600]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.515621]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.515641]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.515665]  ? __kthread_parkme+0x82/0x180
[   22.515684]  ? preempt_count_sub+0x50/0x80
[   22.515705]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.515727]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.515748]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.515770]  kthread+0x337/0x6f0
[   22.515788]  ? trace_preempt_on+0x20/0xc0
[   22.515836]  ? __pfx_kthread+0x10/0x10
[   22.515857]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.515878]  ? calculate_sigpending+0x7b/0xa0
[   22.515902]  ? __pfx_kthread+0x10/0x10
[   22.515922]  ret_from_fork+0x116/0x1d0
[   22.515949]  ? __pfx_kthread+0x10/0x10
[   22.515967]  ret_from_fork_asm+0x1a/0x30
[   22.515996]  </TASK>
[   22.516006] 
[   22.528823] Allocated by task 236:
[   22.528975]  kasan_save_stack+0x45/0x70
[   22.529127]  kasan_save_track+0x18/0x40
[   22.529302]  kasan_save_alloc_info+0x3b/0x50
[   22.529504]  __kasan_slab_alloc+0x91/0xa0
[   22.529644]  kmem_cache_alloc_noprof+0x123/0x3f0
[   22.529843]  kmem_cache_oob+0x157/0x530
[   22.530071]  kunit_try_run_case+0x1a5/0x480
[   22.530313]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.530529]  kthread+0x337/0x6f0
[   22.530679]  ret_from_fork+0x116/0x1d0
[   22.530849]  ret_from_fork_asm+0x1a/0x30
[   22.531074] 
[   22.531138] The buggy address belongs to the object at ffff888103ae5000
[   22.531138]  which belongs to the cache test_cache of size 200
[   22.531685] The buggy address is located 0 bytes to the right of
[   22.531685]  allocated 200-byte region [ffff888103ae5000, ffff888103ae50c8)
[   22.532324] 
[   22.532398] The buggy address belongs to the physical page:
[   22.532643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ae5
[   22.533356] flags: 0x200000000000000(node=0|zone=2)
[   22.534155] page_type: f5(slab)
[   22.534446] raw: 0200000000000000 ffff888100fdcdc0 dead000000000122 0000000000000000
[   22.534768] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   22.535300] page dumped because: kasan: bad access detected
[   22.535625] 
[   22.535721] Memory state around the buggy address:
[   22.535913]  ffff888103ae4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.536429]  ffff888103ae5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.536861] >ffff888103ae5080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   22.537324]                                               ^
[   22.537672]  ffff888103ae5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.537975]  ffff888103ae5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.538446] ==================================================================
Metadata Full log Test run details