lkft/linux-next-master - next-20250616 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4

Date

June 16, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.301530] ==================================================================
[   19.301907] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300
[   19.302098] Write of size 4 at addr fff00000c6399f75 by task kunit_try_catch/183
[   19.302254] 
[   19.302374] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.302600] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.302686] Hardware name: linux,dummy-virt (DT)
[   19.302790] Call trace:
[   19.303056]  show_stack+0x20/0x38 (C)
[   19.303458]  dump_stack_lvl+0x8c/0xd0
[   19.303569]  print_report+0x118/0x608
[   19.304003]  kasan_report+0xdc/0x128
[   19.304109]  kasan_check_range+0x100/0x1a8
[   19.304219]  __asan_memset+0x34/0x78
[   19.304316]  kmalloc_oob_memset_4+0x150/0x300
[   19.304423]  kunit_try_run_case+0x170/0x3f0
[   19.304529]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.304643]  kthread+0x328/0x630
[   19.304731]  ret_from_fork+0x10/0x20
[   19.304855] 
[   19.304901] Allocated by task 183:
[   19.305168]  kasan_save_stack+0x3c/0x68
[   19.305382]  kasan_save_track+0x20/0x40
[   19.305559]  kasan_save_alloc_info+0x40/0x58
[   19.305660]  __kasan_kmalloc+0xd4/0xd8
[   19.305756]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.306581]  kmalloc_oob_memset_4+0xb0/0x300
[   19.306848]  kunit_try_run_case+0x170/0x3f0
[   19.307027]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.307241]  kthread+0x328/0x630
[   19.307365]  ret_from_fork+0x10/0x20
[   19.307534] 
[   19.307584] The buggy address belongs to the object at fff00000c6399f00
[   19.307584]  which belongs to the cache kmalloc-128 of size 128
[   19.308034] The buggy address is located 117 bytes inside of
[   19.308034]  allocated 120-byte region [fff00000c6399f00, fff00000c6399f78)
[   19.308221] 
[   19.308280] The buggy address belongs to the physical page:
[   19.308358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106399
[   19.308579] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.308844] page_type: f5(slab)
[   19.309065] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.309394] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.309507] page dumped because: kasan: bad access detected
[   19.309600] 
[   19.309646] Memory state around the buggy address:
[   19.309730]  fff00000c6399e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.310897]  fff00000c6399e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.311021] >fff00000c6399f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   19.311124]                                                                 ^
[   19.311499]  fff00000c6399f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.311610]  fff00000c639a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.311830] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya0zPCLTsXcgMlhuwl4B74eGRP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya0zPCLTsXcgMlhuwl4B74eGRP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/Image.gz
sha256sum	a07f652b6ef2a3b23147f3c325e2115d921a305a0923eab0aef242be63afbe4f

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/modules.tar.xz
sha256sum	793787324999d0aa7d217eac21d3f904d0017c4f6b9bafdc8cd21afd90a18cf2

durations

tests

boot	0
kunit	252.96

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.534860] ==================================================================
[   11.535710] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330
[   11.536351] Write of size 4 at addr ffff8881028e2475 by task kunit_try_catch/199
[   11.536738] 
[   11.536833] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.536881] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.536891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.536912] Call Trace:
[   11.536924]  <TASK>
[   11.536956]  dump_stack_lvl+0x73/0xb0
[   11.536985]  print_report+0xd1/0x650
[   11.537007]  ? __virt_addr_valid+0x1db/0x2d0
[   11.537029]  ? kmalloc_oob_memset_4+0x166/0x330
[   11.537049]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.537070]  ? kmalloc_oob_memset_4+0x166/0x330
[   11.537090]  kasan_report+0x141/0x180
[   11.537111]  ? kmalloc_oob_memset_4+0x166/0x330
[   11.537136]  kasan_check_range+0x10c/0x1c0
[   11.537158]  __asan_memset+0x27/0x50
[   11.537176]  kmalloc_oob_memset_4+0x166/0x330
[   11.537197]  ? __pfx_kmalloc_oob_memset_4+0x10/0x10
[   11.537219]  ? __schedule+0x10cc/0x2b60
[   11.537240]  ? __pfx_read_tsc+0x10/0x10
[   11.537260]  ? ktime_get_ts64+0x86/0x230
[   11.537286]  kunit_try_run_case+0x1a5/0x480
[   11.537309]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.537330]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.537352]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.537373]  ? __kthread_parkme+0x82/0x180
[   11.537547]  ? preempt_count_sub+0x50/0x80
[   11.537570]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.537592]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.537614]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.537635]  kthread+0x337/0x6f0
[   11.537654]  ? trace_preempt_on+0x20/0xc0
[   11.537677]  ? __pfx_kthread+0x10/0x10
[   11.537704]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.537723]  ? calculate_sigpending+0x7b/0xa0
[   11.537746]  ? __pfx_kthread+0x10/0x10
[   11.537767]  ret_from_fork+0x116/0x1d0
[   11.537784]  ? __pfx_kthread+0x10/0x10
[   11.537803]  ret_from_fork_asm+0x1a/0x30
[   11.537834]  </TASK>
[   11.537844] 
[   11.548389] Allocated by task 199:
[   11.548568]  kasan_save_stack+0x45/0x70
[   11.548764]  kasan_save_track+0x18/0x40
[   11.548944]  kasan_save_alloc_info+0x3b/0x50
[   11.549132]  __kasan_kmalloc+0xb7/0xc0
[   11.549296]  __kmalloc_cache_noprof+0x189/0x420
[   11.550117]  kmalloc_oob_memset_4+0xac/0x330
[   11.550296]  kunit_try_run_case+0x1a5/0x480
[   11.550698]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.551466]  kthread+0x337/0x6f0
[   11.551953]  ret_from_fork+0x116/0x1d0
[   11.552601]  ret_from_fork_asm+0x1a/0x30
[   11.553002] 
[   11.553076] The buggy address belongs to the object at ffff8881028e2400
[   11.553076]  which belongs to the cache kmalloc-128 of size 128
[   11.553807] The buggy address is located 117 bytes inside of
[   11.553807]  allocated 120-byte region [ffff8881028e2400, ffff8881028e2478)
[   11.555442] 
[   11.555835] The buggy address belongs to the physical page:
[   11.556354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2
[   11.557192] flags: 0x200000000000000(node=0|zone=2)
[   11.557456] page_type: f5(slab)
[   11.557846] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   11.558531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.558755] page dumped because: kasan: bad access detected
[   11.558915] 
[   11.558992] Memory state around the buggy address:
[   11.559138]  ffff8881028e2300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.559339]  ffff8881028e2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.560421] >ffff8881028e2400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   11.561135]                                                                 ^
[   11.561817]  ffff8881028e2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.562616]  ffff8881028e2500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.563256] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya10TrtOeZqMJoigZUQQpnbsgW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya10TrtOeZqMJoigZUQQpnbsgW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/bzImage
sha256sum	4d3d55ec68ee13601f4cba6535beaaa179877198316f6d49c7d2754d39d25d99

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/modules.tar.xz
sha256sum	6a0e4a1142b545d837c764528373cb157bd626a8fd062931e1825203c7bce58f

durations

tests

boot	0
kunit	134.01

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit