Hay
Sign in
Date
June 2, 2025, 2:13 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.551044] ==================================================================
[   19.551448] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x33c/0x428
[   19.551779] Read of size 1 at addr fff00000c3f220c8 by task kunit_try_catch/197
[   19.552033] 
[   19.552174] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   19.552272] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.552302] Hardware name: linux,dummy-virt (DT)
[   19.552342] Call trace:
[   19.552366]  show_stack+0x20/0x38 (C)
[   19.552442]  dump_stack_lvl+0x8c/0xd0
[   19.552495]  print_report+0x118/0x608
[   19.552548]  kasan_report+0xdc/0x128
[   19.552597]  __asan_report_load1_noabort+0x20/0x30
[   19.552650]  kmem_cache_oob+0x33c/0x428
[   19.552698]  kunit_try_run_case+0x170/0x3f0
[   19.552751]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.552806]  kthread+0x318/0x620
[   19.552856]  ret_from_fork+0x10/0x20
[   19.552910] 
[   19.557151] Allocated by task 197:
[   19.557341]  kasan_save_stack+0x3c/0x68
[   19.557688]  kasan_save_track+0x20/0x40
[   19.557987]  kasan_save_alloc_info+0x40/0x58
[   19.558303]  __kasan_slab_alloc+0xa8/0xb0
[   19.559554]  kmem_cache_alloc_noprof+0x10c/0x398
[   19.559860]  kmem_cache_oob+0x12c/0x428
[   19.560021]  kunit_try_run_case+0x170/0x3f0
[   19.560243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.560494]  kthread+0x318/0x620
[   19.560679]  ret_from_fork+0x10/0x20
[   19.560864] 
[   19.560993] The buggy address belongs to the object at fff00000c3f22000
[   19.560993]  which belongs to the cache test_cache of size 200
[   19.562735] The buggy address is located 0 bytes to the right of
[   19.562735]  allocated 200-byte region [fff00000c3f22000, fff00000c3f220c8)
[   19.563328] 
[   19.563491] The buggy address belongs to the physical page:
[   19.563762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f22
[   19.564594] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.564934] page_type: f5(slab)
[   19.565201] raw: 0bfffe0000000000 fff00000c463bdc0 dead000000000122 0000000000000000
[   19.565704] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   19.566658] page dumped because: kasan: bad access detected
[   19.566961] 
[   19.567066] Memory state around the buggy address:
[   19.567527]  fff00000c3f21f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.568280]  fff00000c3f22000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.568670] >fff00000c3f22080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   19.569316]                                               ^
[   19.569581]  fff00000c3f22100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.570022]  fff00000c3f22180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.570345] ==================================================================
Metadata Full log Test run details 

[   13.326878] ==================================================================
[   13.327342] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x404/0x530
[   13.327804] Read of size 1 at addr ffff888102a310c8 by task kunit_try_catch/215
[   13.328098] 
[   13.328209] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   13.328247] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.328258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.328277] Call Trace:
[   13.328289]  <TASK>
[   13.328304]  dump_stack_lvl+0x73/0xb0
[   13.328333]  print_report+0xd1/0x650
[   13.328358]  ? __virt_addr_valid+0x1db/0x2d0
[   13.328383]  ? kmem_cache_oob+0x404/0x530
[   13.328406]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.328435]  ? kmem_cache_oob+0x404/0x530
[   13.328459]  kasan_report+0x140/0x180
[   13.328483]  ? kmem_cache_oob+0x404/0x530
[   13.328512]  __asan_report_load1_noabort+0x18/0x20
[   13.328538]  kmem_cache_oob+0x404/0x530
[   13.328561]  ? trace_hardirqs_on+0x37/0xe0
[   13.328587]  ? __pfx_kmem_cache_oob+0x10/0x10
[   13.328613]  ? __kasan_check_write+0x18/0x20
[   13.328638]  ? queued_spin_lock_slowpath+0x117/0xb40
[   13.328664]  ? irqentry_exit+0x2a/0x60
[   13.328687]  ? trace_hardirqs_on+0x37/0xe0
[   13.328713]  ? __pfx_read_tsc+0x10/0x10
[   13.328736]  ? ktime_get_ts64+0x86/0x230
[   13.328765]  kunit_try_run_case+0x1a6/0x480
[   13.328791]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.328817]  ? queued_spin_lock_slowpath+0x117/0xb40
[   13.328843]  ? __kthread_parkme+0x82/0x160
[   13.328868]  ? preempt_count_sub+0x50/0x80
[   13.328895]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.328920]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.328949]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.328977]  kthread+0x324/0x6e0
[   13.329001]  ? trace_preempt_on+0x20/0xc0
[   13.329035]  ? __pfx_kthread+0x10/0x10
[   13.329060]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.329084]  ? calculate_sigpending+0x7b/0xa0
[   13.329108]  ? __pfx_kthread+0x10/0x10
[   13.329133]  ret_from_fork+0x41/0x80
[   13.329154]  ? __pfx_kthread+0x10/0x10
[   13.329178]  ret_from_fork_asm+0x1a/0x30
[   13.329212]  </TASK>
[   13.329222] 
[   13.340167] Allocated by task 215:
[   13.340314]  kasan_save_stack+0x45/0x70
[   13.340503]  kasan_save_track+0x18/0x40
[   13.341031]  kasan_save_alloc_info+0x3b/0x50
[   13.341341]  __kasan_slab_alloc+0x91/0xa0
[   13.341748]  kmem_cache_alloc_noprof+0x124/0x400
[   13.342217]  kmem_cache_oob+0x158/0x530
[   13.342369]  kunit_try_run_case+0x1a6/0x480
[   13.342519]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.342706]  kthread+0x324/0x6e0
[   13.342832]  ret_from_fork+0x41/0x80
[   13.342961]  ret_from_fork_asm+0x1a/0x30
[   13.343113] 
[   13.343185] The buggy address belongs to the object at ffff888102a31000
[   13.343185]  which belongs to the cache test_cache of size 200
[   13.343536] The buggy address is located 0 bytes to the right of
[   13.343536]  allocated 200-byte region [ffff888102a31000, ffff888102a310c8)
[   13.343892] 
[   13.343963] The buggy address belongs to the physical page:
[   13.344591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a31
[   13.345522] flags: 0x200000000000000(node=0|zone=2)
[   13.345986] page_type: f5(slab)
[   13.346331] raw: 0200000000000000 ffff888101689b40 dead000000000122 0000000000000000
[   13.347152] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   13.347937] page dumped because: kasan: bad access detected
[   13.348449] 
[   13.348645] Memory state around the buggy address:
[   13.349132]  ffff888102a30f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.349817]  ffff888102a31000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.350487] >ffff888102a31080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   13.351291]                                               ^
[   13.351846]  ffff888102a31100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.352606]  ffff888102a31180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.353228] ==================================================================
Metadata Full log Test run details