Hay
Sign in
Date
July 23, 2025, 3:10 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   31.547355] ==================================================================
[   31.547487] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430
[   31.547615] Read of size 1 at addr fff00000c99c30c8 by task kunit_try_catch/240
[   31.547705] 
[   31.547751] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   31.548088] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   31.548145] Hardware name: linux,dummy-virt (DT)
[   31.548181] Call trace:
[   31.548252]  show_stack+0x20/0x38 (C)
[   31.548316]  dump_stack_lvl+0x8c/0xd0
[   31.548369]  print_report+0x118/0x5e8
[   31.548430]  kasan_report+0xdc/0x128
[   31.548502]  __asan_report_load1_noabort+0x20/0x30
[   31.548664]  kmem_cache_oob+0x344/0x430
[   31.548713]  kunit_try_run_case+0x170/0x3f0
[   31.548886]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.548966]  kthread+0x328/0x630
[   31.549111]  ret_from_fork+0x10/0x20
[   31.549300] 
[   31.549349] Allocated by task 240:
[   31.549418]  kasan_save_stack+0x3c/0x68
[   31.549469]  kasan_save_track+0x20/0x40
[   31.549731]  kasan_save_alloc_info+0x40/0x58
[   31.549837]  __kasan_slab_alloc+0xa8/0xb0
[   31.550033]  kmem_cache_alloc_noprof+0x10c/0x398
[   31.550406]  kmem_cache_oob+0x12c/0x430
[   31.550485]  kunit_try_run_case+0x170/0x3f0
[   31.550550]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.550833]  kthread+0x328/0x630
[   31.550933]  ret_from_fork+0x10/0x20
[   31.551054] 
[   31.551084] The buggy address belongs to the object at fff00000c99c3000
[   31.551084]  which belongs to the cache test_cache of size 200
[   31.551157] The buggy address is located 0 bytes to the right of
[   31.551157]  allocated 200-byte region [fff00000c99c3000, fff00000c99c30c8)
[   31.551400] 
[   31.551656] The buggy address belongs to the physical page:
[   31.551704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099c3
[   31.551789] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.551866] page_type: f5(slab)
[   31.551937] raw: 0bfffe0000000000 fff00000c5c24500 dead000000000122 0000000000000000
[   31.552003] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   31.552043] page dumped because: kasan: bad access detected
[   31.552082] 
[   31.552108] Memory state around the buggy address:
[   31.552142]  fff00000c99c2f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   31.552185]  fff00000c99c3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.552228] >fff00000c99c3080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   31.552266]                                               ^
[   31.552305]  fff00000c99c3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.552359]  fff00000c99c3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.552397] ==================================================================
Metadata Full log Test run details 

[   25.855277] ==================================================================
[   25.856068] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530
[   25.856534] Read of size 1 at addr ffff88810609c0c8 by task kunit_try_catch/256
[   25.856753] 
[   25.856864] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   25.856917] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.856930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.857053] Call Trace:
[   25.857071]  <TASK>
[   25.857092]  dump_stack_lvl+0x73/0xb0
[   25.857125]  print_report+0xd1/0x640
[   25.857190]  ? __virt_addr_valid+0x1db/0x2d0
[   25.857247]  ? kmem_cache_oob+0x402/0x530
[   25.857270]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.857317]  ? kmem_cache_oob+0x402/0x530
[   25.857340]  kasan_report+0x141/0x180
[   25.857363]  ? kmem_cache_oob+0x402/0x530
[   25.857444]  __asan_report_load1_noabort+0x18/0x20
[   25.857471]  kmem_cache_oob+0x402/0x530
[   25.857492]  ? trace_hardirqs_on+0x37/0xe0
[   25.857518]  ? __pfx_kmem_cache_oob+0x10/0x10
[   25.857540]  ? finish_task_switch.isra.0+0x153/0x700
[   25.857583]  ? __switch_to+0x47/0xf80
[   25.857613]  ? __pfx_read_tsc+0x10/0x10
[   25.857649]  ? ktime_get_ts64+0x86/0x230
[   25.857675]  kunit_try_run_case+0x1a5/0x480
[   25.857702]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.857734]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.857761]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.857797]  ? __kthread_parkme+0x82/0x180
[   25.857818]  ? preempt_count_sub+0x50/0x80
[   25.857840]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.857864]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.857887]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.857910]  kthread+0x337/0x6f0
[   25.857931]  ? trace_preempt_on+0x20/0xc0
[   25.857962]  ? __pfx_kthread+0x10/0x10
[   25.857983]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.858006]  ? calculate_sigpending+0x7b/0xa0
[   25.858031]  ? __pfx_kthread+0x10/0x10
[   25.858052]  ret_from_fork+0x116/0x1d0
[   25.858072]  ? __pfx_kthread+0x10/0x10
[   25.858092]  ret_from_fork_asm+0x1a/0x30
[   25.858124]  </TASK>
[   25.858135] 
[   25.868135] Allocated by task 256:
[   25.868454]  kasan_save_stack+0x45/0x70
[   25.868820]  kasan_save_track+0x18/0x40
[   25.868979]  kasan_save_alloc_info+0x3b/0x50
[   25.869118]  __kasan_slab_alloc+0x91/0xa0
[   25.869439]  kmem_cache_alloc_noprof+0x123/0x3f0
[   25.869673]  kmem_cache_oob+0x157/0x530
[   25.870031]  kunit_try_run_case+0x1a5/0x480
[   25.870298]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.870571]  kthread+0x337/0x6f0
[   25.871027]  ret_from_fork+0x116/0x1d0
[   25.871182]  ret_from_fork_asm+0x1a/0x30
[   25.871490] 
[   25.871731] The buggy address belongs to the object at ffff88810609c000
[   25.871731]  which belongs to the cache test_cache of size 200
[   25.872330] The buggy address is located 0 bytes to the right of
[   25.872330]  allocated 200-byte region [ffff88810609c000, ffff88810609c0c8)
[   25.872966] 
[   25.873205] The buggy address belongs to the physical page:
[   25.873418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10609c
[   25.873735] flags: 0x200000000000000(node=0|zone=2)
[   25.873980] page_type: f5(slab)
[   25.874297] raw: 0200000000000000 ffff888101242780 dead000000000122 0000000000000000
[   25.874816] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   25.875191] page dumped because: kasan: bad access detected
[   25.875562] 
[   25.875722] Memory state around the buggy address:
[   25.876237]  ffff88810609bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.876621]  ffff88810609c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.876969] >ffff88810609c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   25.877287]                                               ^
[   25.877672]  ffff88810609c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.878056]  ffff88810609c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.878367] ==================================================================
Metadata Full log Test run details