lkft/linux-mainline-master - v6.15-rc3-1-g9d7a0577c9db - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right

Date

April 20, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   22.765886] ==================================================================
[   22.766150] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   22.766356] Write of size 1 at addr fff00000c76c600a by task kunit_try_catch/148
[   22.766660] 
[   22.766771] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   22.767169] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.767253] Hardware name: linux,dummy-virt (DT)
[   22.767326] Call trace:
[   22.767387]  show_stack+0x20/0x38 (C)
[   22.767545]  dump_stack_lvl+0x8c/0xd0
[   22.767713]  print_report+0x118/0x608
[   22.767837]  kasan_report+0xdc/0x128
[   22.767969]  __asan_report_store1_noabort+0x20/0x30
[   22.768180]  kmalloc_large_oob_right+0x278/0x2b8
[   22.768309]  kunit_try_run_case+0x170/0x3f0
[   22.768477]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.768553]  kthread+0x328/0x630
[   22.768613]  ret_from_fork+0x10/0x20
[   22.768671] 
[   22.768716] The buggy address belongs to the physical page:
[   22.768756] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c4
[   22.768817] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.768870] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.768962] page_type: f8(unknown)
[   22.769058] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.769213] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.769370] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.769488] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.769604] head: 0bfffe0000000002 ffffc1ffc31db101 00000000ffffffff 00000000ffffffff
[   22.769722] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.769833] page dumped because: kasan: bad access detected
[   22.769920] 
[   22.770056] Memory state around the buggy address:
[   22.770144]  fff00000c76c5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.770247]  fff00000c76c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.770422] >fff00000c76c6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.770513]                       ^
[   22.770580]  fff00000c76c6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.770701]  fff00000c76c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.771081] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2w0twD46JnbM3uuwFzFr96Mv09c

job_id

TEST:linaro@lkft#2w0u011gxc9rP28xjZn2LW9dmkk

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w0u011gxc9rP28xjZn2LW9dmkk

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0txFB8nKL1zwrJEbIPml6sHmA/Image.gz
sha256sum	640e60b3f9e880e210b277ab8a14be609af2709a64df1bea735a73952e0c6d8f

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	6e7d093e93027c909f889e69aec109c9a1b0ec1ca5f1beffa4bce78be31bff20

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0txFB8nKL1zwrJEbIPml6sHmA/modules.tar.xz
sha256sum	34ed11929e5ab442ddd8b3a4d64f3a51c04d9299dcf90df066391ed31be24330

durations

tests

boot	0
kunit	130.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   11.069914] ==================================================================
[   11.070704] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330
[   11.071632] Write of size 1 at addr ffff888102a0200a by task kunit_try_catch/166
[   11.072026] 
[   11.072121] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   11.072166] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.072178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.072205] Call Trace:
[   11.072219]  <TASK>
[   11.072236]  dump_stack_lvl+0x73/0xb0
[   11.072264]  print_report+0xd1/0x650
[   11.072286]  ? __virt_addr_valid+0x1db/0x2d0
[   11.072308]  ? kmalloc_large_oob_right+0x2e9/0x330
[   11.072340]  ? kasan_addr_to_slab+0x11/0xa0
[   11.072360]  ? kmalloc_large_oob_right+0x2e9/0x330
[   11.072382]  kasan_report+0x141/0x180
[   11.072404]  ? kmalloc_large_oob_right+0x2e9/0x330
[   11.072431]  __asan_report_store1_noabort+0x1b/0x30
[   11.072451]  kmalloc_large_oob_right+0x2e9/0x330
[   11.072473]  ? __pfx_kmalloc_large_oob_right+0x10/0x10
[   11.072495]  ? __schedule+0x10cc/0x2b30
[   11.072518]  ? __pfx_read_tsc+0x10/0x10
[   11.072537]  ? ktime_get_ts64+0x86/0x230
[   11.072563]  kunit_try_run_case+0x1a5/0x480
[   11.072586]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.072607]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.072630]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.072652]  ? __kthread_parkme+0x82/0x180
[   11.072674]  ? preempt_count_sub+0x50/0x80
[   11.072698]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.072720]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.072742]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.072763]  kthread+0x337/0x6f0
[   11.072783]  ? trace_preempt_on+0x20/0xc0
[   11.072806]  ? __pfx_kthread+0x10/0x10
[   11.072828]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.072848]  ? calculate_sigpending+0x7b/0xa0
[   11.072869]  ? __pfx_kthread+0x10/0x10
[   11.072890]  ret_from_fork+0x41/0x80
[   11.072910]  ? __pfx_kthread+0x10/0x10
[   11.072932]  ret_from_fork_asm+0x1a/0x30
[   11.072963]  </TASK>
[   11.073022] 
[   11.081689] The buggy address belongs to the physical page:
[   11.081979] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a00
[   11.082506] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.082864] flags: 0x200000000000040(head|node=0|zone=2)
[   11.083065] page_type: f8(unknown)
[   11.083194] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.083565] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.084079] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.084870] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.085196] head: 0200000000000002 ffffea00040a8001 00000000ffffffff 00000000ffffffff
[   11.085783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.086126] page dumped because: kasan: bad access detected
[   11.086394] 
[   11.086559] Memory state around the buggy address:
[   11.086892]  ffff888102a01f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.087189]  ffff888102a01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.087703] >ffff888102a02000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.087986]                       ^
[   11.088216]  ffff888102a02080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.088711]  ffff888102a02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.089216] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2w0twD46JnbM3uuwFzFr96Mv09c

job_id

TEST:linaro@lkft#2w0u14eQR7px5dmrFCgo4vyETYO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w0u14eQR7px5dmrFCgo4vyETYO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0tyFt71oC7hJPjO2Lp1z5eNSk/bzImage
sha256sum	e1a0a670e3284fb549fd95960a226bdbc1a4af89130c9d16d29bf73d85314532

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	46d08c6812c5a56498fb2daa39090f5328578b27d1cc7e901eb03c5578fd0198

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w0tyFt71oC7hJPjO2Lp1z5eNSk/modules.tar.xz
sha256sum	da9e898c86df01bfb1c22097602c3f24707b53ff8e5ee0c9842a12edfaa298c0

durations

tests

boot	0
kunit	26.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   20.855668] ==================================================================
[   20.856747] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   20.857459] Write of size 1 at addr ffff00000d73600a by task kunit_try_catch/200
[   20.858143] 
[   20.858308] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   20.858358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.858372] Hardware name: Radxa ROCK Pi 4B (DT)
[   20.858390] Call trace:
[   20.858401]  show_stack+0x20/0x38 (C)
[   20.858434]  dump_stack_lvl+0x8c/0xd0
[   20.858465]  print_report+0x118/0x608
[   20.858495]  kasan_report+0xdc/0x128
[   20.858522]  __asan_report_store1_noabort+0x20/0x30
[   20.858556]  kmalloc_large_oob_right+0x278/0x2b8
[   20.858591]  kunit_try_run_case+0x170/0x3f0
[   20.858626]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.858665]  kthread+0x328/0x630
[   20.858699]  ret_from_fork+0x10/0x20
[   20.858731] 
[   20.864361] The buggy address belongs to the physical page:
[   20.864878] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd734
[   20.865601] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.866306] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   20.866957] page_type: f8(unknown)
[   20.867293] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.868008] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.868722] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.869444] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.870167] head: 03fffe0000000002 fffffdffc035cd01 00000000ffffffff 00000000ffffffff
[   20.870890] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.871604] page dumped because: kasan: bad access detected
[   20.872118] 
[   20.872271] Memory state around the buggy address:
[   20.872719]  ffff00000d735f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.873384]  ffff00000d735f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.874049] >ffff00000d736000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.874710]                       ^
[   20.875045]  ffff00000d736080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.875710]  ffff00000d736100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.876371] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit