lkft/linux-mainline-master - v6.16-rc5-224-g379f604cc3dc - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right

Date

July 12, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   18.854411] ==================================================================
[   18.854661] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488
[   18.854868] Write of size 1 at addr fff00000c4569a78 by task kunit_try_catch/143
[   18.854973] 
[   18.855089] CPU: 0 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.855328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.855399] Hardware name: linux,dummy-virt (DT)
[   18.855486] Call trace:
[   18.855541]  show_stack+0x20/0x38 (C)
[   18.855676]  dump_stack_lvl+0x8c/0xd0
[   18.855800]  print_report+0x118/0x608
[   18.855929]  kasan_report+0xdc/0x128
[   18.856061]  __asan_report_store1_noabort+0x20/0x30
[   18.856168]  kmalloc_track_caller_oob_right+0x40c/0x488
[   18.856317]  kunit_try_run_case+0x170/0x3f0
[   18.856446]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.856554]  kthread+0x328/0x630
[   18.856632]  ret_from_fork+0x10/0x20
[   18.856729] 
[   18.856767] Allocated by task 143:
[   18.856845]  kasan_save_stack+0x3c/0x68
[   18.856951]  kasan_save_track+0x20/0x40
[   18.857072]  kasan_save_alloc_info+0x40/0x58
[   18.857210]  __kasan_kmalloc+0xd4/0xd8
[   18.857261]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   18.857320]  kmalloc_track_caller_oob_right+0xa8/0x488
[   18.857438]  kunit_try_run_case+0x170/0x3f0
[   18.857634]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.857840]  kthread+0x328/0x630
[   18.857916]  ret_from_fork+0x10/0x20
[   18.857986] 
[   18.858025] The buggy address belongs to the object at fff00000c4569a00
[   18.858025]  which belongs to the cache kmalloc-128 of size 128
[   18.858157] The buggy address is located 0 bytes to the right of
[   18.858157]  allocated 120-byte region [fff00000c4569a00, fff00000c4569a78)
[   18.858760] 
[   18.859070] The buggy address belongs to the physical page:
[   18.859162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104569
[   18.859494] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.859788] page_type: f5(slab)
[   18.859968] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.860351] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.860524] page dumped because: kasan: bad access detected
[   18.860725] 
[   18.860782] Memory state around the buggy address:
[   18.860871]  fff00000c4569900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.861998]  fff00000c4569980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.862070] >fff00000c4569a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   18.862115]                                                                 ^
[   18.862164]  fff00000c4569a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.862210]  fff00000c4569b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.862250] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlverRb5fPdptEkZ6zMvlyzm1I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlverRb5fPdptEkZ6zMvlyzm1I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/Image.gz
sha256sum	c9e48236e89d2de4ae2e1bd084878fc8548c676082f395c1121631c860b60412

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/modules.tar.xz
sha256sum	e24d92e515f54e515d26355283c0915768fc78096b724afb30cb660de602c681

durations

tests

boot	0
kunit	290.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.065475] ==================================================================
[   12.066024] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.066372] Write of size 1 at addr ffff888102655178 by task kunit_try_catch/160
[   12.066662] 
[   12.067286] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.067336] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.067348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.067368] Call Trace:
[   12.067382]  <TASK>
[   12.067398]  dump_stack_lvl+0x73/0xb0
[   12.067428]  print_report+0xd1/0x650
[   12.067450]  ? __virt_addr_valid+0x1db/0x2d0
[   12.067473]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.067498]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.067521]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.067547]  kasan_report+0x141/0x180
[   12.067568]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.067599]  __asan_report_store1_noabort+0x1b/0x30
[   12.067624]  kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.067661]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   12.067706]  ? __schedule+0x10cc/0x2b60
[   12.067730]  ? __pfx_read_tsc+0x10/0x10
[   12.067763]  ? ktime_get_ts64+0x86/0x230
[   12.067788]  kunit_try_run_case+0x1a5/0x480
[   12.067813]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.067836]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.067859]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.067883]  ? __kthread_parkme+0x82/0x180
[   12.067903]  ? preempt_count_sub+0x50/0x80
[   12.067927]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.067951]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.067975]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.068000]  kthread+0x337/0x6f0
[   12.068019]  ? trace_preempt_on+0x20/0xc0
[   12.068042]  ? __pfx_kthread+0x10/0x10
[   12.068062]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.068083]  ? calculate_sigpending+0x7b/0xa0
[   12.068107]  ? __pfx_kthread+0x10/0x10
[   12.068128]  ret_from_fork+0x116/0x1d0
[   12.068146]  ? __pfx_kthread+0x10/0x10
[   12.068167]  ret_from_fork_asm+0x1a/0x30
[   12.068197]  </TASK>
[   12.068207] 
[   12.079827] Allocated by task 160:
[   12.080000]  kasan_save_stack+0x45/0x70
[   12.080365]  kasan_save_track+0x18/0x40
[   12.080699]  kasan_save_alloc_info+0x3b/0x50
[   12.080956]  __kasan_kmalloc+0xb7/0xc0
[   12.081134]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   12.081365]  kmalloc_track_caller_oob_right+0x99/0x520
[   12.081610]  kunit_try_run_case+0x1a5/0x480
[   12.082160]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.082472]  kthread+0x337/0x6f0
[   12.082856]  ret_from_fork+0x116/0x1d0
[   12.083154]  ret_from_fork_asm+0x1a/0x30
[   12.083449] 
[   12.083634] The buggy address belongs to the object at ffff888102655100
[   12.083634]  which belongs to the cache kmalloc-128 of size 128
[   12.084506] The buggy address is located 0 bytes to the right of
[   12.084506]  allocated 120-byte region [ffff888102655100, ffff888102655178)
[   12.085560] 
[   12.085789] The buggy address belongs to the physical page:
[   12.086044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102655
[   12.086344] flags: 0x200000000000000(node=0|zone=2)
[   12.086588] page_type: f5(slab)
[   12.087179] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.087487] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.088167] page dumped because: kasan: bad access detected
[   12.088551] 
[   12.088627] Memory state around the buggy address:
[   12.089121]  ffff888102655000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.089544]  ffff888102655080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.090032] >ffff888102655100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.090438]                                                                 ^
[   12.090955]  ffff888102655180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.091361]  ffff888102655200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.091970] ==================================================================
[   12.092840] ==================================================================
[   12.093763] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.094115] Write of size 1 at addr ffff888102655278 by task kunit_try_catch/160
[   12.094433] 
[   12.094522] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.094562] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.094572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.094591] Call Trace:
[   12.094601]  <TASK>
[   12.094616]  dump_stack_lvl+0x73/0xb0
[   12.094642]  print_report+0xd1/0x650
[   12.095247]  ? __virt_addr_valid+0x1db/0x2d0
[   12.095272]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.095297]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.095320]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.095346]  kasan_report+0x141/0x180
[   12.095367]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.095398]  __asan_report_store1_noabort+0x1b/0x30
[   12.095422]  kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.095448]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   12.095474]  ? __schedule+0x10cc/0x2b60
[   12.095496]  ? __pfx_read_tsc+0x10/0x10
[   12.095517]  ? ktime_get_ts64+0x86/0x230
[   12.095541]  kunit_try_run_case+0x1a5/0x480
[   12.095564]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.095587]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.095610]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.095633]  ? __kthread_parkme+0x82/0x180
[   12.095666]  ? preempt_count_sub+0x50/0x80
[   12.095689]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.095713]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.095737]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.095773]  kthread+0x337/0x6f0
[   12.095792]  ? trace_preempt_on+0x20/0xc0
[   12.095815]  ? __pfx_kthread+0x10/0x10
[   12.095835]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.095856]  ? calculate_sigpending+0x7b/0xa0
[   12.095880]  ? __pfx_kthread+0x10/0x10
[   12.095901]  ret_from_fork+0x116/0x1d0
[   12.095919]  ? __pfx_kthread+0x10/0x10
[   12.095939]  ret_from_fork_asm+0x1a/0x30
[   12.095969]  </TASK>
[   12.095979] 
[   12.107361] Allocated by task 160:
[   12.107783]  kasan_save_stack+0x45/0x70
[   12.108057]  kasan_save_track+0x18/0x40
[   12.108400]  kasan_save_alloc_info+0x3b/0x50
[   12.108695]  __kasan_kmalloc+0xb7/0xc0
[   12.109120]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   12.109525]  kmalloc_track_caller_oob_right+0x19a/0x520
[   12.109868]  kunit_try_run_case+0x1a5/0x480
[   12.110225]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.110491]  kthread+0x337/0x6f0
[   12.110933]  ret_from_fork+0x116/0x1d0
[   12.111124]  ret_from_fork_asm+0x1a/0x30
[   12.111370] 
[   12.111473] The buggy address belongs to the object at ffff888102655200
[   12.111473]  which belongs to the cache kmalloc-128 of size 128
[   12.112235] The buggy address is located 0 bytes to the right of
[   12.112235]  allocated 120-byte region [ffff888102655200, ffff888102655278)
[   12.112791] 
[   12.112875] The buggy address belongs to the physical page:
[   12.113621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102655
[   12.114130] flags: 0x200000000000000(node=0|zone=2)
[   12.114455] page_type: f5(slab)
[   12.114640] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.115200] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.115555] page dumped because: kasan: bad access detected
[   12.116105] 
[   12.116317] Memory state around the buggy address:
[   12.116557]  ffff888102655100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.117222]  ffff888102655180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.117645] >ffff888102655200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.118093]                                                                 ^
[   12.118410]  ffff888102655280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.118967]  ffff888102655300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.119223] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlvfyTmTyminRKXkr1Gwqf6AqT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlvfyTmTyminRKXkr1Gwqf6AqT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/bzImage
sha256sum	f2525a42db3db7704392b60a0a7b6300b86c21d1b4e3f0c9a4ee165428e9e2ac

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/modules.tar.xz
sha256sum	3e7e7b5cd868a19ceea397cd34a8ca08bcda09aac07bf76e95a38de35372b59a

durations

tests

boot	0
kunit	211.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit