lkft/linux-next-master - next-20250512 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset

Date

May 12, 2025, 11:48 a.m.

Environment
qemu-arm64
qemu-x86_64

[   16.663555] ==================================================================
[   16.663674] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0
[   16.664297] Write of size 128 at addr fff00000c1094f00 by task kunit_try_catch/170
[   16.664464] 
[   16.664568] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.664772] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.664840] Hardware name: linux,dummy-virt (DT)
[   16.664930] Call trace:
[   16.664995]  show_stack+0x20/0x38 (C)
[   16.665122]  dump_stack_lvl+0x8c/0xd0
[   16.665223]  print_report+0x118/0x608
[   16.665318]  kasan_report+0xdc/0x128
[   16.665410]  kasan_check_range+0x100/0x1a8
[   16.665508]  __asan_memset+0x34/0x78
[   16.665602]  kmalloc_oob_in_memset+0x144/0x2d0
[   16.665709]  kunit_try_run_case+0x170/0x3f0
[   16.665808]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.665914]  kthread+0x328/0x630
[   16.665996]  ret_from_fork+0x10/0x20
[   16.666108] 
[   16.666151] Allocated by task 170:
[   16.666210]  kasan_save_stack+0x3c/0x68
[   16.666401]  kasan_save_track+0x20/0x40
[   16.666472]  kasan_save_alloc_info+0x40/0x58
[   16.666551]  __kasan_kmalloc+0xd4/0xd8
[   16.666635]  __kmalloc_cache_noprof+0x15c/0x3c0
[   16.666727]  kmalloc_oob_in_memset+0xb0/0x2d0
[   16.666848]  kunit_try_run_case+0x170/0x3f0
[   16.666946]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.667079]  kthread+0x328/0x630
[   16.667154]  ret_from_fork+0x10/0x20
[   16.667233] 
[   16.667277] The buggy address belongs to the object at fff00000c1094f00
[   16.667277]  which belongs to the cache kmalloc-128 of size 128
[   16.667390] The buggy address is located 0 bytes inside of
[   16.667390]  allocated 120-byte region [fff00000c1094f00, fff00000c1094f78)
[   16.667713] 
[   16.667832] The buggy address belongs to the physical page:
[   16.668208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101094
[   16.668520] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.668640] page_type: f5(slab)
[   16.668992] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.669509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.669804] page dumped because: kasan: bad access detected
[   16.669989] 
[   16.670072] Memory state around the buggy address:
[   16.670178]  fff00000c1094e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.670308]  fff00000c1094e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.670545] >fff00000c1094f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.670655]                                                                 ^
[   16.670734]  fff00000c1094f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.670817]  fff00000c1095000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.670893] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzht4TVw0WlfY69jnhMqjXElSg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzht4TVw0WlfY69jnhMqjXElSg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/Image.gz
sha256sum	70b1e536f53e9eb91aae94372b64952481bbf47e27b20cb5870c7e3e80457074

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/modules.tar.xz
sha256sum	95c3dca0f224e5b598c2e0728f570672c34de953e709490ceb7378a1ba9035be

durations

tests

boot	0
kunit	235.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

[   16.653796] ==================================================================
[   16.654562] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320
[   16.655293] Write of size 128 at addr ffff888102b42400 by task kunit_try_catch/187
[   16.655695] 
[   16.656201] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.656323] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.656352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.656396] Call Trace:
[   16.656424]  <TASK>
[   16.656456]  dump_stack_lvl+0x73/0xb0
[   16.656513]  print_report+0xd1/0x650
[   16.656584]  ? __virt_addr_valid+0x1db/0x2d0
[   16.656628]  ? kmalloc_oob_in_memset+0x15f/0x320
[   16.656697]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.656742]  ? kmalloc_oob_in_memset+0x15f/0x320
[   16.656787]  kasan_report+0x141/0x180
[   16.656820]  ? kmalloc_oob_in_memset+0x15f/0x320
[   16.656847]  kasan_check_range+0x10c/0x1c0
[   16.656873]  __asan_memset+0x27/0x50
[   16.656894]  kmalloc_oob_in_memset+0x15f/0x320
[   16.656917]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   16.656941]  ? __schedule+0x10cc/0x2b60
[   16.656964]  ? __pfx_read_tsc+0x10/0x10
[   16.656985]  ? ktime_get_ts64+0x86/0x230
[   16.657012]  kunit_try_run_case+0x1a5/0x480
[   16.657058]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.657183]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.657209]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.657232]  ? __kthread_parkme+0x82/0x180
[   16.657253]  ? preempt_count_sub+0x50/0x80
[   16.657300]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.657325]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.657349]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.657372]  kthread+0x337/0x6f0
[   16.657392]  ? trace_preempt_on+0x20/0xc0
[   16.657417]  ? __pfx_kthread+0x10/0x10
[   16.657438]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.657459]  ? calculate_sigpending+0x7b/0xa0
[   16.657484]  ? __pfx_kthread+0x10/0x10
[   16.657506]  ret_from_fork+0x116/0x1d0
[   16.657526]  ? __pfx_kthread+0x10/0x10
[   16.657547]  ret_from_fork_asm+0x1a/0x30
[   16.657579]  </TASK>
[   16.657593] 
[   16.668245] Allocated by task 187:
[   16.668591]  kasan_save_stack+0x45/0x70
[   16.669078]  kasan_save_track+0x18/0x40
[   16.669429]  kasan_save_alloc_info+0x3b/0x50
[   16.669941]  __kasan_kmalloc+0xb7/0xc0
[   16.670442]  __kmalloc_cache_noprof+0x189/0x420
[   16.670772]  kmalloc_oob_in_memset+0xac/0x320
[   16.671017]  kunit_try_run_case+0x1a5/0x480
[   16.671440]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.671673]  kthread+0x337/0x6f0
[   16.671853]  ret_from_fork+0x116/0x1d0
[   16.672357]  ret_from_fork_asm+0x1a/0x30
[   16.672715] 
[   16.672918] The buggy address belongs to the object at ffff888102b42400
[   16.672918]  which belongs to the cache kmalloc-128 of size 128
[   16.673552] The buggy address is located 0 bytes inside of
[   16.673552]  allocated 120-byte region [ffff888102b42400, ffff888102b42478)
[   16.673972] 
[   16.674324] The buggy address belongs to the physical page:
[   16.674535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b42
[   16.675112] flags: 0x200000000000000(node=0|zone=2)
[   16.675554] page_type: f5(slab)
[   16.676167] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.676749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.677250] page dumped because: kasan: bad access detected
[   16.677612] 
[   16.677826] Memory state around the buggy address:
[   16.678118]  ffff888102b42300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.678468]  ffff888102b42380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.678878] >ffff888102b42400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.679148]                                                                 ^
[   16.679743]  ffff888102b42480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.680302]  ffff888102b42500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.680921] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzhu6iaWdJjc5OBxEyTCXoH7hg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzhu6iaWdJjc5OBxEyTCXoH7hg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/bzImage
sha256sum	a903e4e22fae7c9fda402890fe1753d53b5e12289f993655dd063c1cd604c332

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/modules.tar.xz
sha256sum	5e08ec47b0a73d33001c0f25787e3eb58851b97c569c3621f07d2da65a7a22ff

durations

tests

boot	0
kunit	361.27

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit