Hay
Sign in
Date
May 12, 2025, 6:12 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.485889] ==================================================================
[   19.486621] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x33c/0x428
[   19.487399] Read of size 1 at addr fff00000c656f0c8 by task kunit_try_catch/196
[   19.487953] 
[   19.488335] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   19.488528] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.488593] Hardware name: linux,dummy-virt (DT)
[   19.488666] Call trace:
[   19.488721]  show_stack+0x20/0x38 (C)
[   19.488860]  dump_stack_lvl+0x8c/0xd0
[   19.488982]  print_report+0x118/0x608
[   19.489064]  kasan_report+0xdc/0x128
[   19.489121]  __asan_report_load1_noabort+0x20/0x30
[   19.489206]  kmem_cache_oob+0x33c/0x428
[   19.489323]  kunit_try_run_case+0x170/0x3f0
[   19.489445]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.489520]  kthread+0x318/0x620
[   19.489575]  ret_from_fork+0x10/0x20
[   19.489633] 
[   19.494366] Allocated by task 196:
[   19.495338]  kasan_save_stack+0x3c/0x68
[   19.495992]  kasan_save_track+0x20/0x40
[   19.496556]  kasan_save_alloc_info+0x40/0x58
[   19.497181]  __kasan_slab_alloc+0xa8/0xb0
[   19.497681]  kmem_cache_alloc_noprof+0x10c/0x3a0
[   19.498250]  kmem_cache_oob+0x12c/0x428
[   19.499118]  kunit_try_run_case+0x170/0x3f0
[   19.499400]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.500062]  kthread+0x318/0x620
[   19.500350]  ret_from_fork+0x10/0x20
[   19.500656] 
[   19.500926] The buggy address belongs to the object at fff00000c656f000
[   19.500926]  which belongs to the cache test_cache of size 200
[   19.501798] The buggy address is located 0 bytes to the right of
[   19.501798]  allocated 200-byte region [fff00000c656f000, fff00000c656f0c8)
[   19.502197] 
[   19.502304] The buggy address belongs to the physical page:
[   19.502926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656f
[   19.503959] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.504494] page_type: f5(slab)
[   19.504839] raw: 0bfffe0000000000 fff00000c656d000 dead000000000122 0000000000000000
[   19.505423] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   19.506863] page dumped because: kasan: bad access detected
[   19.507212] 
[   19.507672] Memory state around the buggy address:
[   19.507988]  fff00000c656ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.508757]  fff00000c656f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.509501] >fff00000c656f080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   19.510252]                                               ^
[   19.511072]  fff00000c656f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.512051]  fff00000c656f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.512759] ==================================================================
Metadata Full log Test run details 

[   13.065448] ==================================================================
[   13.066094] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x404/0x530
[   13.066561] Read of size 1 at addr ffff888102ae20c8 by task kunit_try_catch/215
[   13.067009] 
[   13.067115] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   13.067166] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.067178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.067201] Call Trace:
[   13.067215]  <TASK>
[   13.067237]  dump_stack_lvl+0x73/0xb0
[   13.067551]  print_report+0xd1/0x650
[   13.067577]  ? __virt_addr_valid+0x1db/0x2d0
[   13.067601]  ? kmem_cache_oob+0x404/0x530
[   13.067622]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.067648]  ? kmem_cache_oob+0x404/0x530
[   13.067669]  kasan_report+0x140/0x180
[   13.067690]  ? kmem_cache_oob+0x404/0x530
[   13.067716]  __asan_report_load1_noabort+0x18/0x20
[   13.067738]  kmem_cache_oob+0x404/0x530
[   13.067758]  ? trace_hardirqs_on+0x37/0xe0
[   13.067783]  ? __pfx_kmem_cache_oob+0x10/0x10
[   13.067805]  ? __kasan_check_write+0x18/0x20
[   13.067826]  ? queued_spin_lock_slowpath+0x117/0xb40
[   13.067863]  ? irqentry_exit+0x2a/0x60
[   13.067884]  ? trace_hardirqs_on+0x37/0xe0
[   13.067905]  ? __pfx_read_tsc+0x10/0x10
[   13.067927]  ? ktime_get_ts64+0x86/0x230
[   13.067954]  kunit_try_run_case+0x1a6/0x480
[   13.067978]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.068000]  ? queued_spin_lock_slowpath+0x117/0xb40
[   13.068021]  ? __kthread_parkme+0x82/0x160
[   13.068257]  ? preempt_count_sub+0x50/0x80
[   13.068293]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.068317]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.068342]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.068367]  kthread+0x324/0x6e0
[   13.068389]  ? trace_preempt_on+0x20/0xc0
[   13.068412]  ? __pfx_kthread+0x10/0x10
[   13.068434]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.068458]  ? calculate_sigpending+0x7b/0xa0
[   13.068480]  ? __pfx_kthread+0x10/0x10
[   13.068502]  ret_from_fork+0x41/0x80
[   13.068521]  ? __pfx_kthread+0x10/0x10
[   13.068543]  ret_from_fork_asm+0x1a/0x30
[   13.068575]  </TASK>
[   13.068587] 
[   13.080020] Allocated by task 215:
[   13.080712]  kasan_save_stack+0x45/0x70
[   13.081190]  kasan_save_track+0x18/0x40
[   13.081360]  kasan_save_alloc_info+0x3b/0x50
[   13.081766]  __kasan_slab_alloc+0x91/0xa0
[   13.082061]  kmem_cache_alloc_noprof+0x124/0x400
[   13.082512]  kmem_cache_oob+0x158/0x530
[   13.082802]  kunit_try_run_case+0x1a6/0x480
[   13.083116]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.083360]  kthread+0x324/0x6e0
[   13.083520]  ret_from_fork+0x41/0x80
[   13.083696]  ret_from_fork_asm+0x1a/0x30
[   13.083900] 
[   13.083986] The buggy address belongs to the object at ffff888102ae2000
[   13.083986]  which belongs to the cache test_cache of size 200
[   13.085118] The buggy address is located 0 bytes to the right of
[   13.085118]  allocated 200-byte region [ffff888102ae2000, ffff888102ae20c8)
[   13.085502] 
[   13.085580] The buggy address belongs to the physical page:
[   13.085762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae2
[   13.086781] flags: 0x200000000000000(node=0|zone=2)
[   13.087417] page_type: f5(slab)
[   13.088108] raw: 0200000000000000 ffff8881011e9a00 dead000000000122 0000000000000000
[   13.088816] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   13.089645] page dumped because: kasan: bad access detected
[   13.090237] 
[   13.090608] Memory state around the buggy address:
[   13.091137]  ffff888102ae1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.091359]  ffff888102ae2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.091575] >ffff888102ae2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   13.091787]                                               ^
[   13.091987]  ffff888102ae2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.092489]  ffff888102ae2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.092776] ==================================================================
Metadata Full log Test run details