lkft/linux-mainline-master - v6.16-rc5-224-g379f604cc3dc - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right

Date

July 12, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.136581] ==================================================================
[   22.137102] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270
[   22.137325] Read of size 1 at addr ffff9c38cc34f58d by task kunit_try_catch/246
[   22.137656] 
[   22.138064] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   22.138349] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.138414] Hardware name: linux,dummy-virt (DT)
[   22.138568] Call trace:
[   22.138655]  show_stack+0x20/0x38 (C)
[   22.138987]  dump_stack_lvl+0x8c/0xd0
[   22.139114]  print_report+0x310/0x608
[   22.139235]  kasan_report+0xdc/0x128
[   22.139341]  __asan_report_load1_noabort+0x20/0x30
[   22.139464]  kasan_global_oob_right+0x230/0x270
[   22.139576]  kunit_try_run_case+0x170/0x3f0
[   22.139686]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.139803]  kthread+0x328/0x630
[   22.140257]  ret_from_fork+0x10/0x20
[   22.140582] 
[   22.140811] The buggy address belongs to the variable:
[   22.141029]  global_array+0xd/0x40
[   22.141286] 
[   22.141692] The buggy address belongs to the virtual mapping at
[   22.141692]  [ffff9c38ca500000, ffff9c38cc401000) created by:
[   22.141692]  paging_init+0x66c/0x7d0
[   22.142017] 
[   22.142469] The buggy address belongs to the physical page:
[   22.142557] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47d4f
[   22.143198] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff)
[   22.143373] raw: 03fffe0000002000 ffffc1ffc01f53c8 ffffc1ffc01f53c8 0000000000000000
[   22.143625] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.143767] page dumped because: kasan: bad access detected
[   22.143848] 
[   22.143888] Memory state around the buggy address:
[   22.143962]  ffff9c38cc34f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.144106]  ffff9c38cc34f500: 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9
[   22.144239] >ffff9c38cc34f580: 00 02 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
[   22.144329]                       ^
[   22.144394]  ffff9c38cc34f600: 00 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
[   22.144506]  ffff9c38cc34f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.144646] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlverRb5fPdptEkZ6zMvlyzm1I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlverRb5fPdptEkZ6zMvlyzm1I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/Image.gz
sha256sum	c9e48236e89d2de4ae2e1bd084878fc8548c676082f395c1121631c860b60412

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/modules.tar.xz
sha256sum	e24d92e515f54e515d26355283c0915768fc78096b724afb30cb660de602c681

durations

tests

boot	0
kunit	290.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   14.424281] ==================================================================
[   14.424996] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0
[   14.425551] Read of size 1 at addr ffffffff89a63e8d by task kunit_try_catch/263
[   14.425932] 
[   14.426277] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   14.426330] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.426499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.426522] Call Trace:
[   14.426534]  <TASK>
[   14.426562]  dump_stack_lvl+0x73/0xb0
[   14.426593]  print_report+0xd1/0x650
[   14.426615]  ? __virt_addr_valid+0x1db/0x2d0
[   14.426670]  ? kasan_global_oob_right+0x286/0x2d0
[   14.426692]  ? kasan_addr_to_slab+0x11/0xa0
[   14.426713]  ? kasan_global_oob_right+0x286/0x2d0
[   14.426737]  kasan_report+0x141/0x180
[   14.426771]  ? kasan_global_oob_right+0x286/0x2d0
[   14.426798]  __asan_report_load1_noabort+0x18/0x20
[   14.426824]  kasan_global_oob_right+0x286/0x2d0
[   14.426845]  ? __pfx_kasan_global_oob_right+0x10/0x10
[   14.426872]  ? __schedule+0x10cc/0x2b60
[   14.426896]  ? __pfx_read_tsc+0x10/0x10
[   14.426917]  ? ktime_get_ts64+0x86/0x230
[   14.426943]  kunit_try_run_case+0x1a5/0x480
[   14.426967]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.426991]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.427013]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.427038]  ? __kthread_parkme+0x82/0x180
[   14.427059]  ? preempt_count_sub+0x50/0x80
[   14.427083]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.427108]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.427133]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.427159]  kthread+0x337/0x6f0
[   14.427178]  ? trace_preempt_on+0x20/0xc0
[   14.427202]  ? __pfx_kthread+0x10/0x10
[   14.427224]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.427245]  ? calculate_sigpending+0x7b/0xa0
[   14.427270]  ? __pfx_kthread+0x10/0x10
[   14.427292]  ret_from_fork+0x116/0x1d0
[   14.427311]  ? __pfx_kthread+0x10/0x10
[   14.427332]  ret_from_fork_asm+0x1a/0x30
[   14.427363]  </TASK>
[   14.427373] 
[   14.435457] The buggy address belongs to the variable:
[   14.435678]  global_array+0xd/0x40
[   14.435837] 
[   14.435926] The buggy address belongs to the physical page:
[   14.436134] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ea63
[   14.436702] flags: 0x200000000002000(reserved|node=0|zone=2)
[   14.436917] raw: 0200000000002000 ffffea0004fa98c8 ffffea0004fa98c8 0000000000000000
[   14.437146] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   14.437932] page dumped because: kasan: bad access detected
[   14.438171] 
[   14.438356] Memory state around the buggy address:
[   14.438580]  ffffffff89a63d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.439177]  ffffffff89a63e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.439486] >ffffffff89a63e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
[   14.439704]                       ^
[   14.439907]  ffffffff89a63f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9
[   14.440395]  ffffffff89a63f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
[   14.440877] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlvfyTmTyminRKXkr1Gwqf6AqT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlvfyTmTyminRKXkr1Gwqf6AqT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/bzImage
sha256sum	f2525a42db3db7704392b60a0a7b6300b86c21d1b4e3f0c9a4ee165428e9e2ac

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/modules.tar.xz
sha256sum	3e7e7b5cd868a19ceea397cd34a8ca08bcda09aac07bf76e95a38de35372b59a

durations

tests

boot	0
kunit	211.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit