lkft/linux-mainline-master - v6.16-rc6-279-gbf61759db409 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left

Date

July 19, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   14.975440] ==================================================================
[   14.975524] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   14.975574] Read of size 1 at addr fff00000c5eb7b9f by task kunit_try_catch/138
[   14.975621] 
[   14.975654] CPU: 1 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   14.975751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.975778] Hardware name: linux,dummy-virt (DT)
[   14.975825] Call trace:
[   14.975854]  show_stack+0x20/0x38 (C)
[   14.975902]  dump_stack_lvl+0x8c/0xd0
[   14.975948]  print_report+0x118/0x5d0
[   14.976016]  kasan_report+0xdc/0x128
[   14.976064]  __asan_report_load1_noabort+0x20/0x30
[   14.976115]  kmalloc_oob_left+0x2ec/0x320
[   14.976199]  kunit_try_run_case+0x170/0x3f0
[   14.976271]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   14.976323]  kthread+0x328/0x630
[   14.976371]  ret_from_fork+0x10/0x20
[   14.976417] 
[   14.976435] Allocated by task 26:
[   14.976464]  kasan_save_stack+0x3c/0x68
[   14.976503]  kasan_save_track+0x20/0x40
[   14.976539]  kasan_save_alloc_info+0x40/0x58
[   14.976617]  __kasan_kmalloc+0xd4/0xd8
[   14.976700]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   14.976766]  kstrdup+0x54/0xc8
[   14.976847]  devtmpfs_work_loop+0x6f8/0xa58
[   14.976947]  devtmpfsd+0x50/0x58
[   14.977024]  kthread+0x328/0x630
[   14.977133]  ret_from_fork+0x10/0x20
[   14.977221] 
[   14.977366] Freed by task 26:
[   14.977438]  kasan_save_stack+0x3c/0x68
[   14.977475]  kasan_save_track+0x20/0x40
[   14.977511]  kasan_save_free_info+0x4c/0x78
[   14.977548]  __kasan_slab_free+0x6c/0x98
[   14.977763]  kfree+0x214/0x3c8
[   14.977799]  devtmpfs_work_loop+0x804/0xa58
[   14.977834]  devtmpfsd+0x50/0x58
[   14.977886]  kthread+0x328/0x630
[   14.977917]  ret_from_fork+0x10/0x20
[   14.977962] 
[   14.977985] The buggy address belongs to the object at fff00000c5eb7b80
[   14.977985]  which belongs to the cache kmalloc-16 of size 16
[   14.978070] The buggy address is located 15 bytes to the right of
[   14.978070]  allocated 16-byte region [fff00000c5eb7b80, fff00000c5eb7b90)
[   14.978183] 
[   14.978217] The buggy address belongs to the physical page:
[   14.978247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eb7
[   14.978343] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   14.978485] page_type: f5(slab)
[   14.978619] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   14.978754] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   14.978855] page dumped because: kasan: bad access detected
[   14.978958] 
[   14.979037] Memory state around the buggy address:
[   14.979114]  fff00000c5eb7a80: fa fb fc fc fa fb fc fc 00 01 fc fc 00 01 fc fc
[   14.979176]  fff00000c5eb7b00: fa fb fc fc 00 01 fc fc 00 01 fc fc fa fb fc fc
[   14.979218] >fff00000c5eb7b80: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc
[   14.979385]                             ^
[   14.979417]  fff00000c5eb7c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.979459]  fff00000c5eb7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.979532] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077NNFJrWWkcAy8IID5ILATusq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077NNFJrWWkcAy8IID5ILATusq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/Image.gz
sha256sum	4fb6bfc3e42cafc0ebb4a145f4b0e856366a60f4ad09bf55eaf187601ba57254

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/modules.tar.xz
sha256sum	e970ffe65eabeeb4747aabb09f86153746494bc2902552f8c3f7db6a8fa892c6

durations

tests

boot	0
kunit	180.80

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   11.342711] ==================================================================
[   11.343761] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   11.343993] Read of size 1 at addr ffff888101ccd27f by task kunit_try_catch/155
[   11.344239] 
[   11.344329] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.344372] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.344382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.344404] Call Trace:
[   11.344416]  <TASK>
[   11.344430]  dump_stack_lvl+0x73/0xb0
[   11.344456]  print_report+0xd1/0x610
[   11.344476]  ? __virt_addr_valid+0x1db/0x2d0
[   11.344607]  ? kmalloc_oob_left+0x361/0x3c0
[   11.344627]  ? kasan_complete_mode_report_info+0x64/0x200
[   11.344647]  ? kmalloc_oob_left+0x361/0x3c0
[   11.344668]  kasan_report+0x141/0x180
[   11.344691]  ? kmalloc_oob_left+0x361/0x3c0
[   11.344717]  __asan_report_load1_noabort+0x18/0x20
[   11.344740]  kmalloc_oob_left+0x361/0x3c0
[   11.344760]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   11.344780]  ? __schedule+0x10cc/0x2b60
[   11.344801]  ? __pfx_read_tsc+0x10/0x10
[   11.344820]  ? ktime_get_ts64+0x86/0x230
[   11.344843]  kunit_try_run_case+0x1a5/0x480
[   11.344865]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.344886]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.344907]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.344929]  ? __kthread_parkme+0x82/0x180
[   11.344947]  ? preempt_count_sub+0x50/0x80
[   11.344985]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.345017]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.345039]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.345060]  kthread+0x337/0x6f0
[   11.345079]  ? trace_preempt_on+0x20/0xc0
[   11.345100]  ? __pfx_kthread+0x10/0x10
[   11.345120]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.345139]  ? calculate_sigpending+0x7b/0xa0
[   11.345162]  ? __pfx_kthread+0x10/0x10
[   11.345182]  ret_from_fork+0x116/0x1d0
[   11.345198]  ? __pfx_kthread+0x10/0x10
[   11.345228]  ret_from_fork_asm+0x1a/0x30
[   11.345257]  </TASK>
[   11.345267] 
[   11.358620] Allocated by task 9:
[   11.358945]  kasan_save_stack+0x45/0x70
[   11.359218]  kasan_save_track+0x18/0x40
[   11.359604]  kasan_save_alloc_info+0x3b/0x50
[   11.359758]  __kasan_kmalloc+0xb7/0xc0
[   11.359888]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   11.360080]  kvasprintf+0xc5/0x150
[   11.360207]  kasprintf+0xb6/0xf0
[   11.360324]  input_devnode+0x46/0x80
[   11.360553]  device_get_devnode+0x145/0x2a0
[   11.360703]  dev_uevent+0x41c/0x730
[   11.360940]  kobject_uevent_env+0x50d/0xff0
[   11.361176]  kobject_uevent+0xf/0x20
[   11.361313]  device_add+0xe4c/0x1820
[   11.361595]  cdev_device_add+0xab/0x1c0
[   11.361739]  evdev_connect+0x356/0x480
[   11.361886]  input_attach_handler.isra.0+0x117/0x1f0
[   11.362116]  input_register_device+0x722/0xe10
[   11.362422]  atkbd_connect+0x53b/0x940
[   11.362623]  serio_driver_probe+0x7a/0xb0
[   11.362796]  really_probe+0x1d4/0x920
[   11.362927]  __driver_probe_device+0x18f/0x3e0
[   11.363176]  driver_probe_device+0x4f/0x130
[   11.363418]  __driver_attach+0x1eb/0x4b0
[   11.363758]  bus_for_each_dev+0x10f/0x1a0
[   11.363988]  driver_attach+0x41/0x60
[   11.364173]  serio_handle_event+0x254/0x940
[   11.364321]  process_one_work+0x5ee/0xf60
[   11.364639]  worker_thread+0x758/0x1220
[   11.364995]  kthread+0x337/0x6f0
[   11.365151]  ret_from_fork+0x116/0x1d0
[   11.365282]  ret_from_fork_asm+0x1a/0x30
[   11.365420] 
[   11.365535] Freed by task 9:
[   11.365701]  kasan_save_stack+0x45/0x70
[   11.365997]  kasan_save_track+0x18/0x40
[   11.366203]  kasan_save_free_info+0x3f/0x60
[   11.366488]  __kasan_slab_free+0x56/0x70
[   11.366639]  kfree+0x222/0x3f0
[   11.366755]  dev_uevent+0x466/0x730
[   11.366963]  kobject_uevent_env+0x50d/0xff0
[   11.367178]  kobject_uevent+0xf/0x20
[   11.367372]  device_add+0xe4c/0x1820
[   11.367618]  cdev_device_add+0xab/0x1c0
[   11.367822]  evdev_connect+0x356/0x480
[   11.367988]  input_attach_handler.isra.0+0x117/0x1f0
[   11.368229]  input_register_device+0x722/0xe10
[   11.368554]  atkbd_connect+0x53b/0x940
[   11.368723]  serio_driver_probe+0x7a/0xb0
[   11.368928]  really_probe+0x1d4/0x920
[   11.369075]  __driver_probe_device+0x18f/0x3e0
[   11.369223]  driver_probe_device+0x4f/0x130
[   11.369456]  __driver_attach+0x1eb/0x4b0
[   11.369677]  bus_for_each_dev+0x10f/0x1a0
[   11.369874]  driver_attach+0x41/0x60
[   11.370064]  serio_handle_event+0x254/0x940
[   11.370234]  process_one_work+0x5ee/0xf60
[   11.370442]  worker_thread+0x758/0x1220
[   11.370637]  kthread+0x337/0x6f0
[   11.370806]  ret_from_fork+0x116/0x1d0
[   11.370985]  ret_from_fork_asm+0x1a/0x30
[   11.371203] 
[   11.371305] The buggy address belongs to the object at ffff888101ccd260
[   11.371305]  which belongs to the cache kmalloc-16 of size 16
[   11.371760] The buggy address is located 15 bytes to the right of
[   11.371760]  allocated 16-byte region [ffff888101ccd260, ffff888101ccd270)
[   11.372565] 
[   11.372730] The buggy address belongs to the physical page:
[   11.373205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ccd
[   11.373983] flags: 0x200000000000000(node=0|zone=2)
[   11.374491] page_type: f5(slab)
[   11.374615] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   11.374844] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   11.375216] page dumped because: kasan: bad access detected
[   11.375825] 
[   11.376012] Memory state around the buggy address:
[   11.376536]  ffff888101ccd100: 00 02 fc fc 00 02 fc fc 00 06 fc fc 00 06 fc fc
[   11.377179]  ffff888101ccd180: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[   11.377871] >ffff888101ccd200: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[   11.378255]                                                                 ^
[   11.378801]  ffff888101ccd280: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.379030]  ffff888101ccd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.379240] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077OUKeH4klMzGPpiURQkIkRoq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077OUKeH4klMzGPpiURQkIkRoq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/bzImage
sha256sum	688f7e44f740c230bc3dd9986a1dcb2217f21e43e087467b257af26e6d1daa91

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/modules.tar.xz
sha256sum	42f1ae1d624ca92b080f0b1da8d82c9161e8e8c5828ad9bdb8670b6bf906480e

durations

tests

boot	0
kunit	203.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit