lkft/linux-mainline-master - v6.16-rc1 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right

Date

June 8, 2025, 11:09 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   20.394489] ==================================================================
[   20.404316] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488
[   20.412385] Write of size 1 at addr ffff000801dea278 by task kunit_try_catch/189
[   20.419761] 
[   20.421247] CPU: 5 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   20.421306] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.421324] Hardware name: WinLink E850-96 board (DT)
[   20.421346] Call trace:
[   20.421360]  show_stack+0x20/0x38 (C)
[   20.421398]  dump_stack_lvl+0x8c/0xd0
[   20.421436]  print_report+0x118/0x608
[   20.421473]  kasan_report+0xdc/0x128
[   20.421507]  __asan_report_store1_noabort+0x20/0x30
[   20.421540]  kmalloc_track_caller_oob_right+0x40c/0x488
[   20.421576]  kunit_try_run_case+0x170/0x3f0
[   20.421616]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.421653]  kthread+0x328/0x630
[   20.421681]  ret_from_fork+0x10/0x20
[   20.421715] 
[   20.485213] Allocated by task 189:
[   20.488600]  kasan_save_stack+0x3c/0x68
[   20.492417]  kasan_save_track+0x20/0x40
[   20.496238]  kasan_save_alloc_info+0x40/0x58
[   20.500489]  __kasan_kmalloc+0xd4/0xd8
[   20.504221]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   20.509777]  kmalloc_track_caller_oob_right+0xa8/0x488
[   20.514899]  kunit_try_run_case+0x170/0x3f0
[   20.519066]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.524534]  kthread+0x328/0x630
[   20.527745]  ret_from_fork+0x10/0x20
[   20.531304] 
[   20.532781] The buggy address belongs to the object at ffff000801dea200
[   20.532781]  which belongs to the cache kmalloc-128 of size 128
[   20.545282] The buggy address is located 0 bytes to the right of
[   20.545282]  allocated 120-byte region [ffff000801dea200, ffff000801dea278)
[   20.558213] 
[   20.559692] The buggy address belongs to the physical page:
[   20.565249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881dea
[   20.573233] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.580871] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.587814] page_type: f5(slab)
[   20.590952] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   20.598672] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   20.606398] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   20.614209] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   20.622022] head: 0bfffe0000000001 fffffdffe0077a81 00000000ffffffff 00000000ffffffff
[   20.629834] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.637640] page dumped because: kasan: bad access detected
[   20.643195] 
[   20.644670] Memory state around the buggy address:
[   20.649452]  ffff000801dea100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.656654]  ffff000801dea180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.663860] >ffff000801dea200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   20.671059]                                                                 ^
[   20.678181]  ffff000801dea280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.685386]  ffff000801dea300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.692590] ==================================================================

Metadata Full log Test run details

[   24.669057] ==================================================================
[   24.669178] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488
[   24.669331] Write of size 1 at addr fff00000c6507278 by task kunit_try_catch/142
[   24.669490] 
[   24.669566] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   24.669797] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.669867] Hardware name: linux,dummy-virt (DT)
[   24.669961] Call trace:
[   24.670064]  show_stack+0x20/0x38 (C)
[   24.670913]  dump_stack_lvl+0x8c/0xd0
[   24.671096]  print_report+0x118/0x608
[   24.671318]  kasan_report+0xdc/0x128
[   24.671460]  __asan_report_store1_noabort+0x20/0x30
[   24.671732]  kmalloc_track_caller_oob_right+0x40c/0x488
[   24.671887]  kunit_try_run_case+0x170/0x3f0
[   24.672066]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.672221]  kthread+0x328/0x630
[   24.672408]  ret_from_fork+0x10/0x20
[   24.672721] 
[   24.672776] Allocated by task 142:
[   24.672856]  kasan_save_stack+0x3c/0x68
[   24.673059]  kasan_save_track+0x20/0x40
[   24.673254]  kasan_save_alloc_info+0x40/0x58
[   24.673363]  __kasan_kmalloc+0xd4/0xd8
[   24.673461]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   24.673591]  kmalloc_track_caller_oob_right+0xa8/0x488
[   24.673869]  kunit_try_run_case+0x170/0x3f0
[   24.674043]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.674245]  kthread+0x328/0x630
[   24.674344]  ret_from_fork+0x10/0x20
[   24.674433] 
[   24.674480] The buggy address belongs to the object at fff00000c6507200
[   24.674480]  which belongs to the cache kmalloc-128 of size 128
[   24.674673] The buggy address is located 0 bytes to the right of
[   24.674673]  allocated 120-byte region [fff00000c6507200, fff00000c6507278)
[   24.675154] 
[   24.675219] The buggy address belongs to the physical page:
[   24.675425] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106507
[   24.675568] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.675795] page_type: f5(slab)
[   24.675901] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   24.676117] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.676377] page dumped because: kasan: bad access detected
[   24.676454] 
[   24.676496] Memory state around the buggy address:
[   24.676604]  fff00000c6507100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.676744]  fff00000c6507180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.676906] >fff00000c6507200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   24.677071]                                                                 ^
[   24.677287]  fff00000c6507280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.677429]  fff00000c6507300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.677575] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yFJa8MDv2TKZH7YEtxmNb0q7fa

job_id

TEST:linaro@lkft#2yFJfB7nqGGQ0BOO2Fr7r1DuNhN

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJfB7nqGGQ0BOO2Fr7r1DuNhN

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJbaP5mjK3Q4DY2od3U1h5Zql/Image.gz
sha256sum	e48c449af0245b84ea38e96b0c6b723dbc25142e5e781b9edd4c7d94ebdee581

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJbaP5mjK3Q4DY2od3U1h5Zql/modules.tar.xz
sha256sum	79b68a12222df4872b24c47a36ac8bbeddae8e3eaf3f47e0765853c296e40d78

durations

tests

boot	0
kunit	291.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.820181] ==================================================================
[   24.820408] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488
[   24.820517] Write of size 1 at addr fff00000c7747178 by task kunit_try_catch/142
[   24.820631] 
[   24.820699] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   24.820904] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.820969] Hardware name: linux,dummy-virt (DT)
[   24.821039] Call trace:
[   24.821092]  show_stack+0x20/0x38 (C)
[   24.821210]  dump_stack_lvl+0x8c/0xd0
[   24.821332]  print_report+0x118/0x608
[   24.821448]  kasan_report+0xdc/0x128
[   24.821558]  __asan_report_store1_noabort+0x20/0x30
[   24.821674]  kmalloc_track_caller_oob_right+0x418/0x488
[   24.821796]  kunit_try_run_case+0x170/0x3f0
[   24.821954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.822109]  kthread+0x328/0x630
[   24.822291]  ret_from_fork+0x10/0x20
[   24.822560] 
[   24.822720] Allocated by task 142:
[   24.823157]  kasan_save_stack+0x3c/0x68
[   24.823358]  kasan_save_track+0x20/0x40
[   24.823812]  kasan_save_alloc_info+0x40/0x58
[   24.824393]  __kasan_kmalloc+0xd4/0xd8
[   24.824700]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   24.824848]  kmalloc_track_caller_oob_right+0x184/0x488
[   24.824956]  kunit_try_run_case+0x170/0x3f0
[   24.825107]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.825233]  kthread+0x328/0x630
[   24.825559]  ret_from_fork+0x10/0x20
[   24.825848] 
[   24.825908] The buggy address belongs to the object at fff00000c7747100
[   24.825908]  which belongs to the cache kmalloc-128 of size 128
[   24.826326] The buggy address is located 0 bytes to the right of
[   24.826326]  allocated 120-byte region [fff00000c7747100, fff00000c7747178)
[   24.826489] 
[   24.826607] The buggy address belongs to the physical page:
[   24.826720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107747
[   24.826924] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.827130] page_type: f5(slab)
[   24.827238] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   24.827366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.827462] page dumped because: kasan: bad access detected
[   24.827533] 
[   24.827595] Memory state around the buggy address:
[   24.827685]  fff00000c7747000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.827966]  fff00000c7747080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.828139] >fff00000c7747100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   24.828396]                                                                 ^
[   24.828497]  fff00000c7747180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.828599]  fff00000c7747200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.828689] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yFIyzTag0Ggqc7NC7MKm1oGAHs

job_id

TEST:linaro@lkft#2yFJ3eo3dWtn7gzN4VcfAWfYuEj

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJ3eo3dWtn7gzN4VcfAWfYuEj

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ0I1543Nxnik5n8pgc66MutA/Image.gz
sha256sum	889328485ce4e89d5eb8e5130490b4a2a590b3795ae0f0671929bdd85b74f546

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ0I1543Nxnik5n8pgc66MutA/modules.tar.xz
sha256sum	e39b0964aaeba30017e819e58cd9411178f00e934bf8ddd85903ea0ffe7ad361

durations

tests

boot	0
kunit	291.56

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.480151] ==================================================================
[   17.481975] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520
[   17.482931] Write of size 1 at addr ffff888102b80e78 by task kunit_try_catch/160
[   17.483774] 
[   17.484108] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT(voluntary) 
[   17.484256] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.484295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.484353] Call Trace:
[   17.484400]  <TASK>
[   17.484451]  dump_stack_lvl+0x73/0xb0
[   17.484574]  print_report+0xd1/0x650
[   17.484656]  ? __virt_addr_valid+0x1db/0x2d0
[   17.484840]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   17.484923]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.484997]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   17.485055]  kasan_report+0x141/0x180
[   17.485092]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   17.485136]  __asan_report_store1_noabort+0x1b/0x30
[   17.485174]  kmalloc_track_caller_oob_right+0x4c8/0x520
[   17.485210]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   17.485285]  ? __schedule+0x10cc/0x2b60
[   17.485326]  ? __pfx_read_tsc+0x10/0x10
[   17.485358]  ? ktime_get_ts64+0x86/0x230
[   17.485395]  kunit_try_run_case+0x1a5/0x480
[   17.485435]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.485470]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.485531]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.485572]  ? __kthread_parkme+0x82/0x180
[   17.485602]  ? preempt_count_sub+0x50/0x80
[   17.485654]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.485693]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.485726]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.485760]  kthread+0x337/0x6f0
[   17.485787]  ? trace_preempt_on+0x20/0xc0
[   17.485821]  ? __pfx_kthread+0x10/0x10
[   17.485850]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.485881]  ? calculate_sigpending+0x7b/0xa0
[   17.485915]  ? __pfx_kthread+0x10/0x10
[   17.485944]  ret_from_fork+0x116/0x1d0
[   17.485969]  ? __pfx_kthread+0x10/0x10
[   17.485997]  ret_from_fork_asm+0x1a/0x30
[   17.486040]  </TASK>
[   17.486055] 
[   17.505278] Allocated by task 160:
[   17.505720]  kasan_save_stack+0x45/0x70
[   17.506217]  kasan_save_track+0x18/0x40
[   17.506736]  kasan_save_alloc_info+0x3b/0x50
[   17.507300]  __kasan_kmalloc+0xb7/0xc0
[   17.507723]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   17.508292]  kmalloc_track_caller_oob_right+0x99/0x520
[   17.508816]  kunit_try_run_case+0x1a5/0x480
[   17.509308]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.509800]  kthread+0x337/0x6f0
[   17.510302]  ret_from_fork+0x116/0x1d0
[   17.510769]  ret_from_fork_asm+0x1a/0x30
[   17.511151] 
[   17.511434] The buggy address belongs to the object at ffff888102b80e00
[   17.511434]  which belongs to the cache kmalloc-128 of size 128
[   17.512553] The buggy address is located 0 bytes to the right of
[   17.512553]  allocated 120-byte region [ffff888102b80e00, ffff888102b80e78)
[   17.513572] 
[   17.513846] The buggy address belongs to the physical page:
[   17.514360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b80
[   17.515108] flags: 0x200000000000000(node=0|zone=2)
[   17.515627] page_type: f5(slab)
[   17.516049] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   17.516809] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.517533] page dumped because: kasan: bad access detected
[   17.518079] 
[   17.518417] Memory state around the buggy address:
[   17.518842]  ffff888102b80d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.519574]  ffff888102b80d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.520196] >ffff888102b80e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   17.520904]                                                                 ^
[   17.521462]  ffff888102b80e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.522154]  ffff888102b80f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.522870] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yFIyzTag0Ggqc7NC7MKm1oGAHs

job_id

TEST:linaro@lkft#2yFJ4iKeLmbcU1CApdjYkPQUbT8

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJ4iKeLmbcU1CApdjYkPQUbT8

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ1Zkam0aZbTFyCvwdUTLsqrR/bzImage
sha256sum	f05dd4faa0ada92a047f3b35a42ad3c00b699dc7365852668932705a69d3192e

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJ1Zkam0aZbTFyCvwdUTLsqrR/modules.tar.xz
sha256sum	4c91a216e7eda9f27ccb87e39bf63b1a8c5021c956ffe71abea1b04111d9e7ed

durations

tests

boot	0
kunit	496.04

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.642312] ==================================================================
[   16.643650] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520
[   16.645091] Write of size 1 at addr ffff8881038d5078 by task kunit_try_catch/160
[   16.645744] 
[   16.645868] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT(voluntary) 
[   16.646006] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.646284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.646354] Call Trace:
[   16.646385]  <TASK>
[   16.646424]  dump_stack_lvl+0x73/0xb0
[   16.646472]  print_report+0xd1/0x650
[   16.646508]  ? __virt_addr_valid+0x1db/0x2d0
[   16.646724]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   16.646789]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.646824]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   16.646895]  kasan_report+0x141/0x180
[   16.646939]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   16.646996]  __asan_report_store1_noabort+0x1b/0x30
[   16.647039]  kmalloc_track_caller_oob_right+0x4c8/0x520
[   16.647092]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   16.647133]  ? __schedule+0x10cc/0x2b60
[   16.647182]  ? __pfx_read_tsc+0x10/0x10
[   16.647256]  ? ktime_get_ts64+0x86/0x230
[   16.647296]  kunit_try_run_case+0x1a5/0x480
[   16.647381]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.647419]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.647454]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.647487]  ? __kthread_parkme+0x82/0x180
[   16.647524]  ? preempt_count_sub+0x50/0x80
[   16.647642]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.647679]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.647712]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.647745]  kthread+0x337/0x6f0
[   16.647773]  ? trace_preempt_on+0x20/0xc0
[   16.647806]  ? __pfx_kthread+0x10/0x10
[   16.647834]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.647863]  ? calculate_sigpending+0x7b/0xa0
[   16.647925]  ? __pfx_kthread+0x10/0x10
[   16.647956]  ret_from_fork+0x116/0x1d0
[   16.647982]  ? __pfx_kthread+0x10/0x10
[   16.648010]  ret_from_fork_asm+0x1a/0x30
[   16.648051]  </TASK>
[   16.648066] 
[   16.671191] Allocated by task 160:
[   16.671519]  kasan_save_stack+0x45/0x70
[   16.672013]  kasan_save_track+0x18/0x40
[   16.672682]  kasan_save_alloc_info+0x3b/0x50
[   16.673119]  __kasan_kmalloc+0xb7/0xc0
[   16.673449]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   16.673866]  kmalloc_track_caller_oob_right+0x99/0x520
[   16.674967]  kunit_try_run_case+0x1a5/0x480
[   16.675774]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.676445]  kthread+0x337/0x6f0
[   16.677335]  ret_from_fork+0x116/0x1d0
[   16.678315]  ret_from_fork_asm+0x1a/0x30
[   16.678676] 
[   16.679035] The buggy address belongs to the object at ffff8881038d5000
[   16.679035]  which belongs to the cache kmalloc-128 of size 128
[   16.680682] The buggy address is located 0 bytes to the right of
[   16.680682]  allocated 120-byte region [ffff8881038d5000, ffff8881038d5078)
[   16.681913] 
[   16.682183] The buggy address belongs to the physical page:
[   16.682874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5
[   16.683750] flags: 0x200000000000000(node=0|zone=2)
[   16.684523] page_type: f5(slab)
[   16.684977] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.686386] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.687012] page dumped because: kasan: bad access detected
[   16.687629] 
[   16.687859] Memory state around the buggy address:
[   16.688378]  ffff8881038d4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.689335]  ffff8881038d4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.690121] >ffff8881038d5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.691047]                                                                 ^
[   16.692081]  ffff8881038d5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.692851]  ffff8881038d5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.693722] ==================================================================
[   16.695906] ==================================================================
[   16.696528] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520
[   16.697437] Write of size 1 at addr ffff8881038d5178 by task kunit_try_catch/160
[   16.698245] 
[   16.698539] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT(voluntary) 
[   16.698660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.698697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.698756] Call Trace:
[   16.698791]  <TASK>
[   16.698836]  dump_stack_lvl+0x73/0xb0
[   16.698942]  print_report+0xd1/0x650
[   16.699021]  ? __virt_addr_valid+0x1db/0x2d0
[   16.699080]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   16.699178]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.699256]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   16.699332]  kasan_report+0x141/0x180
[   16.699404]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   16.699491]  __asan_report_store1_noabort+0x1b/0x30
[   16.699572]  kmalloc_track_caller_oob_right+0x4b1/0x520
[   16.699657]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   16.699720]  ? __schedule+0x10cc/0x2b60
[   16.699755]  ? __pfx_read_tsc+0x10/0x10
[   16.699786]  ? ktime_get_ts64+0x86/0x230
[   16.699818]  kunit_try_run_case+0x1a5/0x480
[   16.699854]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.699914]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.699951]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.699985]  ? __kthread_parkme+0x82/0x180
[   16.700013]  ? preempt_count_sub+0x50/0x80
[   16.700044]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.700078]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.700110]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.700145]  kthread+0x337/0x6f0
[   16.700172]  ? trace_preempt_on+0x20/0xc0
[   16.700222]  ? __pfx_kthread+0x10/0x10
[   16.700264]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.700297]  ? calculate_sigpending+0x7b/0xa0
[   16.700332]  ? __pfx_kthread+0x10/0x10
[   16.700361]  ret_from_fork+0x116/0x1d0
[   16.700386]  ? __pfx_kthread+0x10/0x10
[   16.700414]  ret_from_fork_asm+0x1a/0x30
[   16.700453]  </TASK>
[   16.700468] 
[   16.722370] Allocated by task 160:
[   16.722994]  kasan_save_stack+0x45/0x70
[   16.723874]  kasan_save_track+0x18/0x40
[   16.724627]  kasan_save_alloc_info+0x3b/0x50
[   16.725251]  __kasan_kmalloc+0xb7/0xc0
[   16.725843]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   16.726459]  kmalloc_track_caller_oob_right+0x19a/0x520
[   16.726964]  kunit_try_run_case+0x1a5/0x480
[   16.727869]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.728478]  kthread+0x337/0x6f0
[   16.729313]  ret_from_fork+0x116/0x1d0
[   16.729857]  ret_from_fork_asm+0x1a/0x30
[   16.730705] 
[   16.730873] The buggy address belongs to the object at ffff8881038d5100
[   16.730873]  which belongs to the cache kmalloc-128 of size 128
[   16.731918] The buggy address is located 0 bytes to the right of
[   16.731918]  allocated 120-byte region [ffff8881038d5100, ffff8881038d5178)
[   16.733735] 
[   16.733912] The buggy address belongs to the physical page:
[   16.734966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5
[   16.735679] flags: 0x200000000000000(node=0|zone=2)
[   16.736095] page_type: f5(slab)
[   16.736586] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.737700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.738466] page dumped because: kasan: bad access detected
[   16.739435] 
[   16.739697] Memory state around the buggy address:
[   16.740539]  ffff8881038d5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.741075]  ffff8881038d5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.741611] >ffff8881038d5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.742822]                                                                 ^
[   16.743979]  ffff8881038d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.744791]  ffff8881038d5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.745413] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yFJa8MDv2TKZH7YEtxmNb0q7fa

job_id

TEST:linaro@lkft#2yFJg6evKCJULvhuKONQXkmKNuR

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yFJg6evKCJULvhuKONQXkmKNuR

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJckhfK3YrLD08LOXKoRhVmur/bzImage
sha256sum	29478c4c320d34ff021412c955555f504dfce41fdd7a0c526c5823fd4fbe6c3d

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yFJckhfK3YrLD08LOXKoRhVmur/modules.tar.xz
sha256sum	31704dd31b4a615f97eb1ad9c83226bc02c998ac6fbf99f15f8bf3a95894cad5

durations

tests

boot	0
kunit	340.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   19.818710] ==================================================================
[   19.819784] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488
[   19.820557] Write of size 1 at addr ffff00000ba33c78 by task kunit_try_catch/195
[   19.821256] 
[   19.821428] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   19.821488] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.821506] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.821525] Call trace:
[   19.821539]  show_stack+0x20/0x38 (C)
[   19.821582]  dump_stack_lvl+0x8c/0xd0
[   19.821624]  print_report+0x118/0x608
[   19.821666]  kasan_report+0xdc/0x128
[   19.821704]  __asan_report_store1_noabort+0x20/0x30
[   19.821740]  kmalloc_track_caller_oob_right+0x40c/0x488
[   19.821782]  kunit_try_run_case+0x170/0x3f0
[   19.821823]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.821868]  kthread+0x328/0x630
[   19.821900]  ret_from_fork+0x10/0x20
[   19.821939] 
[   19.827651] Allocated by task 195:
[   19.827981]  kasan_save_stack+0x3c/0x68
[   19.828368]  kasan_save_track+0x20/0x40
[   19.828753]  kasan_save_alloc_info+0x40/0x58
[   19.829178]  __kasan_kmalloc+0xd4/0xd8
[   19.829554]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   19.830096]  kmalloc_track_caller_oob_right+0xa8/0x488
[   19.830597]  kunit_try_run_case+0x170/0x3f0
[   19.831012]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.831545]  kthread+0x328/0x630
[   19.831869]  ret_from_fork+0x10/0x20
[   19.832228] 
[   19.832387] The buggy address belongs to the object at ffff00000ba33c00
[   19.832387]  which belongs to the cache kmalloc-128 of size 128
[   19.833529] The buggy address is located 0 bytes to the right of
[   19.833529]  allocated 120-byte region [ffff00000ba33c00, ffff00000ba33c78)
[   19.834713] 
[   19.834873] The buggy address belongs to the physical page:
[   19.835394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xba33
[   19.836125] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff)
[   19.836745] page_type: f5(slab)
[   19.837083] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000
[   19.837830] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.838563] page dumped because: kasan: bad access detected
[   19.839097] 
[   19.839264] Memory state around the buggy address:
[   19.839734]  ffff00000ba33b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.840425]  ffff00000ba33b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.841118] >ffff00000ba33c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   19.841802]                                                                 ^
[   19.842481]  ffff00000ba33c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.843173]  ffff00000ba33d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.843858] ==================================================================
[   19.844834] ==================================================================
[   19.845534] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488
[   19.846322] Write of size 1 at addr ffff00000ba33d78 by task kunit_try_catch/195
[   19.847035] 
[   19.847217] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc1 #1 PREEMPT 
[   19.847294] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.847316] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.847342] Call trace:
[   19.847360]  show_stack+0x20/0x38 (C)
[   19.847412]  dump_stack_lvl+0x8c/0xd0
[   19.847468]  print_report+0x118/0x608
[   19.847522]  kasan_report+0xdc/0x128
[   19.847573]  __asan_report_store1_noabort+0x20/0x30
[   19.847622]  kmalloc_track_caller_oob_right+0x418/0x488
[   19.847678]  kunit_try_run_case+0x170/0x3f0
[   19.847732]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.847793]  kthread+0x328/0x630
[   19.847835]  ret_from_fork+0x10/0x20
[   19.847885] 
[   19.853672] Allocated by task 195:
[   19.854016]  kasan_save_stack+0x3c/0x68
[   19.854421]  kasan_save_track+0x20/0x40
[   19.854823]  kasan_save_alloc_info+0x40/0x58
[   19.855270]  __kasan_kmalloc+0xd4/0xd8
[   19.855666]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   19.856228]  kmalloc_track_caller_oob_right+0x184/0x488
[   19.856756]  kunit_try_run_case+0x170/0x3f0
[   19.857192]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.857747]  kthread+0x328/0x630
[   19.858086]  ret_from_fork+0x10/0x20
[   19.858462] 
[   19.858631] The buggy address belongs to the object at ffff00000ba33d00
[   19.858631]  which belongs to the cache kmalloc-128 of size 128
[   19.859793] The buggy address is located 0 bytes to the right of
[   19.859793]  allocated 120-byte region [ffff00000ba33d00, ffff00000ba33d78)
[   19.861001] 
[   19.861170] The buggy address belongs to the physical page:
[   19.861703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xba33
[   19.862455] flags: 0x3fffe0000000000(node=0|zone=0|lastcpupid=0x1ffff)
[   19.863092] page_type: f5(slab)
[   19.863428] raw: 03fffe0000000000 ffff000000402a00 dead000000000122 0000000000000000
[   19.864172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.864903] page dumped because: kasan: bad access detected
[   19.865437] 
[   19.865604] Memory state around the buggy address:
[   19.866072]  ffff00000ba33c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.866764]  ffff00000ba33c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.867455] >ffff00000ba33d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   19.868139]                                                                 ^
[   19.868819]  ffff00000ba33d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.869510]  ffff00000ba33e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.870194] ==================================================================

Metadata Full log Test run details

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit