Hay
Sign in
Date
July 23, 2025, 2:10 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.007546] ==================================================================
[   16.008295] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430
[   16.008362] Read of size 1 at addr fff00000c3f9a0c8 by task kunit_try_catch/207
[   16.008416] 
[   16.008451] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   16.008535] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.008562] Hardware name: linux,dummy-virt (DT)
[   16.008595] Call trace:
[   16.008618]  show_stack+0x20/0x38 (C)
[   16.009230]  dump_stack_lvl+0x8c/0xd0
[   16.009281]  print_report+0x118/0x5d0
[   16.009329]  kasan_report+0xdc/0x128
[   16.009376]  __asan_report_load1_noabort+0x20/0x30
[   16.009427]  kmem_cache_oob+0x344/0x430
[   16.009471]  kunit_try_run_case+0x170/0x3f0
[   16.009520]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.009572]  kthread+0x328/0x630
[   16.009614]  ret_from_fork+0x10/0x20
[   16.009663] 
[   16.009681] Allocated by task 207:
[   16.009711]  kasan_save_stack+0x3c/0x68
[   16.009751]  kasan_save_track+0x20/0x40
[   16.009789]  kasan_save_alloc_info+0x40/0x58
[   16.009827]  __kasan_slab_alloc+0xa8/0xb0
[   16.009876]  kmem_cache_alloc_noprof+0x10c/0x398
[   16.009916]  kmem_cache_oob+0x12c/0x430
[   16.009952]  kunit_try_run_case+0x170/0x3f0
[   16.009990]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.010032]  kthread+0x328/0x630
[   16.010064]  ret_from_fork+0x10/0x20
[   16.010099] 
[   16.010117] The buggy address belongs to the object at fff00000c3f9a000
[   16.010117]  which belongs to the cache test_cache of size 200
[   16.010177] The buggy address is located 0 bytes to the right of
[   16.010177]  allocated 200-byte region [fff00000c3f9a000, fff00000c3f9a0c8)
[   16.010243] 
[   16.010264] The buggy address belongs to the physical page:
[   16.010294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f9a
[   16.010351] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.010402] page_type: f5(slab)
[   16.010446] raw: 0bfffe0000000000 fff00000c3f17140 dead000000000122 0000000000000000
[   16.010497] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   16.010538] page dumped because: kasan: bad access detected
[   16.011141] 
[   16.011257] Memory state around the buggy address:
[   16.011314]  fff00000c3f99f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.011518]  fff00000c3f9a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.011568] >fff00000c3f9a080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   16.011609]                                               ^
[   16.011655]  fff00000c3f9a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.011700]  fff00000c3f9a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.011738] ==================================================================
Metadata Full log Test run details 

[   13.240100] ==================================================================
[   13.240632] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530
[   13.240957] Read of size 1 at addr ffff8881025d70c8 by task kunit_try_catch/224
[   13.241506] 
[   13.241603] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   13.241649] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.241687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.241709] Call Trace:
[   13.241721]  <TASK>
[   13.241737]  dump_stack_lvl+0x73/0xb0
[   13.241769]  print_report+0xd1/0x610
[   13.241792]  ? __virt_addr_valid+0x1db/0x2d0
[   13.241827]  ? kmem_cache_oob+0x402/0x530
[   13.241849]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.241871]  ? kmem_cache_oob+0x402/0x530
[   13.241893]  kasan_report+0x141/0x180
[   13.241914]  ? kmem_cache_oob+0x402/0x530
[   13.241960]  __asan_report_load1_noabort+0x18/0x20
[   13.241983]  kmem_cache_oob+0x402/0x530
[   13.242004]  ? trace_hardirqs_on+0x37/0xe0
[   13.242027]  ? __pfx_kmem_cache_oob+0x10/0x10
[   13.242050]  ? __kasan_check_write+0x18/0x20
[   13.242068]  ? queued_spin_lock_slowpath+0x116/0xb40
[   13.242097]  ? __pfx_read_tsc+0x10/0x10
[   13.242117]  ? ktime_get_ts64+0x86/0x230
[   13.242141]  kunit_try_run_case+0x1a5/0x480
[   13.242166]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.242188]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   13.242222]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.242245]  ? __kthread_parkme+0x82/0x180
[   13.242265]  ? preempt_count_sub+0x50/0x80
[   13.242288]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.242311]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.242333]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.242356]  kthread+0x337/0x6f0
[   13.242375]  ? trace_preempt_on+0x20/0xc0
[   13.242396]  ? __pfx_kthread+0x10/0x10
[   13.242415]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.242436]  ? calculate_sigpending+0x7b/0xa0
[   13.242460]  ? __pfx_kthread+0x10/0x10
[   13.242480]  ret_from_fork+0x116/0x1d0
[   13.242498]  ? __pfx_kthread+0x10/0x10
[   13.242518]  ret_from_fork_asm+0x1a/0x30
[   13.242547]  </TASK>
[   13.242558] 
[   13.251052] Allocated by task 224:
[   13.251413]  kasan_save_stack+0x45/0x70
[   13.251563]  kasan_save_track+0x18/0x40
[   13.251698]  kasan_save_alloc_info+0x3b/0x50
[   13.251870]  __kasan_slab_alloc+0x91/0xa0
[   13.252065]  kmem_cache_alloc_noprof+0x123/0x3f0
[   13.252299]  kmem_cache_oob+0x157/0x530
[   13.252476]  kunit_try_run_case+0x1a5/0x480
[   13.252859]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.253130]  kthread+0x337/0x6f0
[   13.253303]  ret_from_fork+0x116/0x1d0
[   13.253431]  ret_from_fork_asm+0x1a/0x30
[   13.253565] 
[   13.253636] The buggy address belongs to the object at ffff8881025d7000
[   13.253636]  which belongs to the cache test_cache of size 200
[   13.254234] The buggy address is located 0 bytes to the right of
[   13.254234]  allocated 200-byte region [ffff8881025d7000, ffff8881025d70c8)
[   13.254882] 
[   13.255042] The buggy address belongs to the physical page:
[   13.255548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025d7
[   13.256178] flags: 0x200000000000000(node=0|zone=2)
[   13.256526] page_type: f5(slab)
[   13.256655] raw: 0200000000000000 ffff8881025d4000 dead000000000122 0000000000000000
[   13.256902] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[   13.257462] page dumped because: kasan: bad access detected
[   13.257715] 
[   13.257797] Memory state around the buggy address:
[   13.258032]  ffff8881025d6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.258385]  ffff8881025d7000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.258722] >ffff8881025d7080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   13.259055]                                               ^
[   13.259549]  ffff8881025d7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.260018]  ffff8881025d7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.261155] ==================================================================
Metadata Full log Test run details