lkft/linux-mainline-master - v6.16-rc4-286-gc435a4f487e8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right

Date

July 4, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.746064] ==================================================================
[   17.746125] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488
[   17.746183] Write of size 1 at addr fff00000c638e878 by task kunit_try_catch/142
[   17.746388] 
[   17.746427] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.746888] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.746967] Hardware name: linux,dummy-virt (DT)
[   17.747027] Call trace:
[   17.747069]  show_stack+0x20/0x38 (C)
[   17.747137]  dump_stack_lvl+0x8c/0xd0
[   17.747189]  print_report+0x118/0x608
[   17.747235]  kasan_report+0xdc/0x128
[   17.747279]  __asan_report_store1_noabort+0x20/0x30
[   17.747325]  kmalloc_track_caller_oob_right+0x40c/0x488
[   17.747498]  kunit_try_run_case+0x170/0x3f0
[   17.747717]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.747860]  kthread+0x328/0x630
[   17.747963]  ret_from_fork+0x10/0x20
[   17.748393] 
[   17.748452] Allocated by task 142:
[   17.748574]  kasan_save_stack+0x3c/0x68
[   17.748660]  kasan_save_track+0x20/0x40
[   17.748713]  kasan_save_alloc_info+0x40/0x58
[   17.748996]  __kasan_kmalloc+0xd4/0xd8
[   17.749055]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   17.749107]  kmalloc_track_caller_oob_right+0xa8/0x488
[   17.749475]  kunit_try_run_case+0x170/0x3f0
[   17.749621]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.749701]  kthread+0x328/0x630
[   17.749878]  ret_from_fork+0x10/0x20
[   17.750063] 
[   17.750131] The buggy address belongs to the object at fff00000c638e800
[   17.750131]  which belongs to the cache kmalloc-128 of size 128
[   17.750326] The buggy address is located 0 bytes to the right of
[   17.750326]  allocated 120-byte region [fff00000c638e800, fff00000c638e878)
[   17.750518] 
[   17.750562] The buggy address belongs to the physical page:
[   17.750656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638e
[   17.750766] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.750974] page_type: f5(slab)
[   17.751209] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.751406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.751469] page dumped because: kasan: bad access detected
[   17.751655] 
[   17.751756] Memory state around the buggy address:
[   17.751850]  fff00000c638e700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.751938]  fff00000c638e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.751980] >fff00000c638e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   17.752016]                                                                 ^
[   17.752065]  fff00000c638e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.752111]  fff00000c638e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.752149] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkRTcOxNG0RjFqEvXKm3x6sPC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkRTcOxNG0RjFqEvXKm3x6sPC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/Image.gz
sha256sum	5fbd8c3970ae36e29a834ce01bc6e4bd25f6cdde84c4785eddd5944e7fac6f3e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/modules.tar.xz
sha256sum	dab8e8682ec9a5cba2412ad5c71233241414072bbb9a1ce395053c4d1adb684f

durations

tests

boot	0
kunit	176.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.245851] ==================================================================
[   11.246343] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520
[   11.246700] Write of size 1 at addr ffff88810262f878 by task kunit_try_catch/159
[   11.247013] 
[   11.247137] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.247184] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.247196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.247277] Call Trace:
[   11.247292]  <TASK>
[   11.247323]  dump_stack_lvl+0x73/0xb0
[   11.247369]  print_report+0xd1/0x650
[   11.247407]  ? __virt_addr_valid+0x1db/0x2d0
[   11.247432]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   11.247455]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.247476]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   11.247499]  kasan_report+0x141/0x180
[   11.247529]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   11.247557]  __asan_report_store1_noabort+0x1b/0x30
[   11.247576]  kmalloc_track_caller_oob_right+0x4c8/0x520
[   11.247610]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   11.247634]  ? __schedule+0x10cc/0x2b60
[   11.247655]  ? __pfx_read_tsc+0x10/0x10
[   11.247676]  ? ktime_get_ts64+0x86/0x230
[   11.247700]  kunit_try_run_case+0x1a5/0x480
[   11.247725]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.247745]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.247768]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.247789]  ? __kthread_parkme+0x82/0x180
[   11.247809]  ? preempt_count_sub+0x50/0x80
[   11.247832]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.247853]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.247874]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.247895]  kthread+0x337/0x6f0
[   11.247913]  ? trace_preempt_on+0x20/0xc0
[   11.247935]  ? __pfx_kthread+0x10/0x10
[   11.247954]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.247974]  ? calculate_sigpending+0x7b/0xa0
[   11.247997]  ? __pfx_kthread+0x10/0x10
[   11.248016]  ret_from_fork+0x116/0x1d0
[   11.248033]  ? __pfx_kthread+0x10/0x10
[   11.248052]  ret_from_fork_asm+0x1a/0x30
[   11.248082]  </TASK>
[   11.248093] 
[   11.260259] Allocated by task 159:
[   11.260987]  kasan_save_stack+0x45/0x70
[   11.261736]  kasan_save_track+0x18/0x40
[   11.262487]  kasan_save_alloc_info+0x3b/0x50
[   11.263187]  __kasan_kmalloc+0xb7/0xc0
[   11.263346]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   11.263529]  kmalloc_track_caller_oob_right+0x99/0x520
[   11.263699]  kunit_try_run_case+0x1a5/0x480
[   11.263844]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.264014]  kthread+0x337/0x6f0
[   11.264133]  ret_from_fork+0x116/0x1d0
[   11.265056]  ret_from_fork_asm+0x1a/0x30
[   11.265975] 
[   11.266078] The buggy address belongs to the object at ffff88810262f800
[   11.266078]  which belongs to the cache kmalloc-128 of size 128
[   11.266695] The buggy address is located 0 bytes to the right of
[   11.266695]  allocated 120-byte region [ffff88810262f800, ffff88810262f878)
[   11.267358] 
[   11.267463] The buggy address belongs to the physical page:
[   11.267714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f
[   11.268077] flags: 0x200000000000000(node=0|zone=2)
[   11.268425] page_type: f5(slab)
[   11.268611] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   11.268963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.269369] page dumped because: kasan: bad access detected
[   11.269609] 
[   11.269704] Memory state around the buggy address:
[   11.269900]  ffff88810262f700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.270190]  ffff88810262f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.271019] >ffff88810262f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   11.271438]                                                                 ^
[   11.271783]  ffff88810262f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.272082]  ffff88810262f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.272486] ==================================================================
[   11.273738] ==================================================================
[   11.274069] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520
[   11.274811] Write of size 1 at addr ffff88810262f978 by task kunit_try_catch/159
[   11.275122] 
[   11.275366] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.275426] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.275438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.275461] Call Trace:
[   11.275486]  <TASK>
[   11.275505]  dump_stack_lvl+0x73/0xb0
[   11.275540]  print_report+0xd1/0x650
[   11.275563]  ? __virt_addr_valid+0x1db/0x2d0
[   11.275585]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   11.275608]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.275629]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   11.275651]  kasan_report+0x141/0x180
[   11.275672]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   11.275699]  __asan_report_store1_noabort+0x1b/0x30
[   11.275718]  kmalloc_track_caller_oob_right+0x4b1/0x520
[   11.275741]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   11.275764]  ? __schedule+0x10cc/0x2b60
[   11.275785]  ? __pfx_read_tsc+0x10/0x10
[   11.275805]  ? ktime_get_ts64+0x86/0x230
[   11.275828]  kunit_try_run_case+0x1a5/0x480
[   11.275851]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.275882]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.275904]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.275925]  ? __kthread_parkme+0x82/0x180
[   11.275956]  ? preempt_count_sub+0x50/0x80
[   11.275979]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.276009]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.276030]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.276051]  kthread+0x337/0x6f0
[   11.276069]  ? trace_preempt_on+0x20/0xc0
[   11.276102]  ? __pfx_kthread+0x10/0x10
[   11.276121]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.276140]  ? calculate_sigpending+0x7b/0xa0
[   11.276163]  ? __pfx_kthread+0x10/0x10
[   11.276273]  ret_from_fork+0x116/0x1d0
[   11.276296]  ? __pfx_kthread+0x10/0x10
[   11.276316]  ret_from_fork_asm+0x1a/0x30
[   11.276345]  </TASK>
[   11.276357] 
[   11.284961] Allocated by task 159:
[   11.285265]  kasan_save_stack+0x45/0x70
[   11.285475]  kasan_save_track+0x18/0x40
[   11.285667]  kasan_save_alloc_info+0x3b/0x50
[   11.285815]  __kasan_kmalloc+0xb7/0xc0
[   11.285996]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   11.286363]  kmalloc_track_caller_oob_right+0x19a/0x520
[   11.286589]  kunit_try_run_case+0x1a5/0x480
[   11.286799]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.287056]  kthread+0x337/0x6f0
[   11.287337]  ret_from_fork+0x116/0x1d0
[   11.287479]  ret_from_fork_asm+0x1a/0x30
[   11.287636] 
[   11.287746] The buggy address belongs to the object at ffff88810262f900
[   11.287746]  which belongs to the cache kmalloc-128 of size 128
[   11.288725] The buggy address is located 0 bytes to the right of
[   11.288725]  allocated 120-byte region [ffff88810262f900, ffff88810262f978)
[   11.289363] 
[   11.289455] The buggy address belongs to the physical page:
[   11.289681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f
[   11.289989] flags: 0x200000000000000(node=0|zone=2)
[   11.290227] page_type: f5(slab)
[   11.290350] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   11.290689] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.290944] page dumped because: kasan: bad access detected
[   11.291195] 
[   11.291485] Memory state around the buggy address:
[   11.291679]  ffff88810262f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.292011]  ffff88810262f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.292427] >ffff88810262f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   11.292730]                                                                 ^
[   11.293053]  ffff88810262f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.293467]  ffff88810262fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.293795] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkSQgslXQ0Ma2lkWOt6lQxZV2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkSQgslXQ0Ma2lkWOt6lQxZV2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/bzImage
sha256sum	5c9564af88356106f181c7ebae8640f61710877fc0d04924c2c06faa7f0185e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/modules.tar.xz
sha256sum	61c61d46d81ee697a25111ed181eb7917f8709c9a7ef58842accb53e5ed282f2

durations

tests

boot	0
kunit	245.23

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit