Hay
Sign in
Date
Feb. 5, 2025, 2:09 p.m.

Environment
qemu-armv7
qemu-x86_64 

[  145.783822] ==================================================================
[  145.784865] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xd4/0x248
[  145.785999] Read of size 1 at addr c4fd20c8 by task kunit_try_catch/169
[  145.786738] 
[  145.787083] CPU: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  145.788067] Hardware name: Generic DT based system
[  145.788614]  unwind_backtrace from show_stack+0x18/0x1c
[  145.789281]  show_stack from dump_stack_lvl+0x58/0x70
[  145.790070]  dump_stack_lvl from print_report+0x164/0x51c
[  145.790937]  print_report from kasan_report+0xc8/0x104
[  145.791803]  kasan_report from kmem_cache_oob+0xd4/0x248
[  145.792598]  kmem_cache_oob from kunit_try_run_case+0x11c/0x2e4
[  145.793622]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48
[  145.794618]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[  145.795470]  kthread from ret_from_fork+0x14/0x30
[  145.796233] Exception stack(0xfa03bfb0 to 0xfa03bff8)
[  145.796940] bfa0:                                     00000000 00000000 00000000 00000000
[  145.797949] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  145.798923] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  145.799675] 
[  145.799932] Allocated by task 169:
[  145.800328]  kasan_set_track+0x3c/0x5c
[  145.800837]  __kasan_slab_alloc+0x60/0x68
[  145.801491]  kmem_cache_alloc+0x1dc/0x574
[  145.802124]  kmem_cache_oob+0xb0/0x248
[  145.802641]  kunit_try_run_case+0x11c/0x2e4
[  145.803269]  kunit_generic_run_threadfn_adapter+0x2c/0x48
[  145.803960]  kthread+0x184/0x1a8
[  145.804441]  ret_from_fork+0x14/0x30
[  145.804879] 
[  145.805204] The buggy address belongs to the object at c4fd2000
[  145.805204]  which belongs to the cache test_cache of size 200
[  145.806550] The buggy address is located 0 bytes to the right of
[  145.806550]  allocated 200-byte region [c4fd2000, c4fd20c8)
[  145.807740] 
[  145.808017] The buggy address belongs to the physical page:
[  145.808691] page:0829f097 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44fd2
[  145.809859] flags: 0x800(slab|zone=0)
[  145.810481] page_type: 0xffffffff()
[  145.811196] raw: 00000800 c4fc5700 00000122 00000000 00000000 800f000f ffffffff 00000001
[  145.812218] raw: 00000000
[  145.812599] page dumped because: kasan: bad access detected
[  145.813322] 
[  145.813711] Memory state around the buggy address:
[  145.814398]  c4fd1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.815129]  c4fd2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  145.816467] >c4fd2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  145.817292]                                       ^
[  145.817905]  c4fd2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.818608]  c4fd2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.819315] ==================================================================
Metadata Full log Test run details 

[   48.691512] ==================================================================
[   48.692512] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xdd/0x260
[   48.693034] Read of size 1 at addr ffff8881029470c8 by task kunit_try_catch/192
[   48.693855] 
[   48.694188] CPU: 1 PID: 192 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[   48.694845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.695816] Call Trace:
[   48.696303]  <TASK>
[   48.696634]  dump_stack_lvl+0x4e/0x90
[   48.697701]  print_report+0xd2/0x660
[   48.698906]  ? __virt_addr_valid+0x156/0x1e0
[   48.699458]  ? kasan_complete_mode_report_info+0x2a/0x200
[   48.700075]  kasan_report+0xff/0x140
[   48.700599]  ? kmem_cache_oob+0xdd/0x260
[   48.701190]  ? kmem_cache_oob+0xdd/0x260
[   48.701700]  __asan_load1+0x66/0x70
[   48.702506]  kmem_cache_oob+0xdd/0x260
[   48.703158]  ? __pfx_kmem_cache_oob+0x10/0x10
[   48.703841]  ? __schedule+0x70b/0x1190
[   48.704360]  ? ktime_get_ts64+0x118/0x140
[   48.705135]  kunit_try_run_case+0x126/0x290
[   48.705769]  ? __pfx_kunit_try_run_case+0x10/0x10
[   48.706537]  ? __kasan_check_write+0x18/0x20
[   48.707472]  ? trace_preempt_on+0x20/0xa0
[   48.708182]  ? __kthread_parkme+0x4f/0xd0
[   48.708866]  ? preempt_count_sub+0x50/0x80
[   48.709359]  ? __pfx_kunit_try_run_case+0x10/0x10
[   48.709917]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   48.710645]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   48.711253]  kthread+0x19e/0x1e0
[   48.711795]  ? __pfx_kthread+0x10/0x10
[   48.712367]  ret_from_fork+0x41/0x70
[   48.712982]  ? __pfx_kthread+0x10/0x10
[   48.713493]  ret_from_fork_asm+0x1b/0x30
[   48.714042]  </TASK>
[   48.714389] 
[   48.714664] Allocated by task 192:
[   48.715162]  kasan_save_stack+0x3c/0x60
[   48.716105]  kasan_set_track+0x29/0x40
[   48.716493]  kasan_save_alloc_info+0x22/0x30
[   48.717314]  __kasan_slab_alloc+0x91/0xa0
[   48.717872]  kmem_cache_alloc+0x180/0x3b0
[   48.718491]  kmem_cache_oob+0xb6/0x260
[   48.719107]  kunit_try_run_case+0x126/0x290
[   48.719820]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   48.721151]  kthread+0x19e/0x1e0
[   48.721589]  ret_from_fork+0x41/0x70
[   48.722201]  ret_from_fork_asm+0x1b/0x30
[   48.722791] 
[   48.723094] The buggy address belongs to the object at ffff888102947000
[   48.723094]  which belongs to the cache test_cache of size 200
[   48.724926] The buggy address is located 0 bytes to the right of
[   48.724926]  allocated 200-byte region [ffff888102947000, ffff8881029470c8)
[   48.726055] 
[   48.726345] The buggy address belongs to the physical page:
[   48.726978] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102947
[   48.727884] flags: 0x200000000000800(slab|node=0|zone=2)
[   48.729241] page_type: 0xffffffff()
[   48.729674] raw: 0200000000000800 ffff888101585dc0 dead000000000122 0000000000000000
[   48.730444] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[   48.731217] page dumped because: kasan: bad access detected
[   48.731840] 
[   48.732129] Memory state around the buggy address:
[   48.732904]  ffff888102946f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.734168]  ffff888102947000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.734803] >ffff888102947080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   48.735555]                                               ^
[   48.736174]  ffff888102947100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.736961]  ffff888102947180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.737591] ==================================================================
Metadata Full log Test run details