lkft/linux-next-master - next-20250617 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user

Date

June 17, 2025, 6:35 a.m.

Environment
qemu-x86_64

[   24.741576] ==================================================================
[   24.742121] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70
[   24.742736] Read of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312
[   24.743422] 
[   24.743683] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   24.743814] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.743875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.743940] Call Trace:
[   24.743980]  <TASK>
[   24.744031]  dump_stack_lvl+0x73/0xb0
[   24.744115]  print_report+0xd1/0x650
[   24.744281]  ? __virt_addr_valid+0x1db/0x2d0
[   24.744354]  ? _copy_to_user+0x3c/0x70
[   24.744422]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.744494]  ? _copy_to_user+0x3c/0x70
[   24.744560]  kasan_report+0x141/0x180
[   24.744636]  ? _copy_to_user+0x3c/0x70
[   24.744712]  kasan_check_range+0x10c/0x1c0
[   24.744785]  __kasan_check_read+0x15/0x20
[   24.744816]  _copy_to_user+0x3c/0x70
[   24.744874]  copy_user_test_oob+0x364/0x10f0
[   24.744914]  ? __pfx_copy_user_test_oob+0x10/0x10
[   24.744947]  ? finish_task_switch.isra.0+0x153/0x700
[   24.744983]  ? __switch_to+0x47/0xf50
[   24.745020]  ? __schedule+0x10cc/0x2b60
[   24.745048]  ? __pfx_read_tsc+0x10/0x10
[   24.745079]  ? ktime_get_ts64+0x86/0x230
[   24.745113]  kunit_try_run_case+0x1a5/0x480
[   24.745148]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.745181]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.745211]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.745274]  ? __kthread_parkme+0x82/0x180
[   24.745306]  ? preempt_count_sub+0x50/0x80
[   24.745337]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.745371]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.745404]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.745437]  kthread+0x337/0x6f0
[   24.745465]  ? trace_preempt_on+0x20/0xc0
[   24.745501]  ? __pfx_kthread+0x10/0x10
[   24.745531]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.745565]  ? calculate_sigpending+0x7b/0xa0
[   24.745600]  ? __pfx_kthread+0x10/0x10
[   24.745630]  ret_from_fork+0x116/0x1d0
[   24.745658]  ? __pfx_kthread+0x10/0x10
[   24.745687]  ret_from_fork_asm+0x1a/0x30
[   24.745729]  </TASK>
[   24.745746] 
[   24.761613] Allocated by task 312:
[   24.762040]  kasan_save_stack+0x45/0x70
[   24.762615]  kasan_save_track+0x18/0x40
[   24.763125]  kasan_save_alloc_info+0x3b/0x50
[   24.763591]  __kasan_kmalloc+0xb7/0xc0
[   24.764126]  __kmalloc_noprof+0x1c9/0x500
[   24.764636]  kunit_kmalloc_array+0x25/0x60
[   24.765033]  copy_user_test_oob+0xab/0x10f0
[   24.765606]  kunit_try_run_case+0x1a5/0x480
[   24.766129]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.766706]  kthread+0x337/0x6f0
[   24.767130]  ret_from_fork+0x116/0x1d0
[   24.767558]  ret_from_fork_asm+0x1a/0x30
[   24.768092] 
[   24.768299] The buggy address belongs to the object at ffff8881033b2200
[   24.768299]  which belongs to the cache kmalloc-128 of size 128
[   24.769423] The buggy address is located 0 bytes inside of
[   24.769423]  allocated 120-byte region [ffff8881033b2200, ffff8881033b2278)
[   24.770610] 
[   24.770799] The buggy address belongs to the physical page:
[   24.771409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2
[   24.772111] flags: 0x200000000000000(node=0|zone=2)
[   24.772563] page_type: f5(slab)
[   24.772977] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.773819] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.774647] page dumped because: kasan: bad access detected
[   24.775025] 
[   24.775323] Memory state around the buggy address:
[   24.776077]  ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.778203]  ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.779065] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   24.779739]                                                                 ^
[   24.780308]  ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.781189]  ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.781914] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmHIv4OjqzuY4se718cLGQLXs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmHIv4OjqzuY4se718cLGQLXs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/bzImage
sha256sum	e8ff53ed1294ecb6e3942f69c9702cf67245fcd535135359b70f78a45efa657a

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/modules.tar.xz
sha256sum	4b7f7ee9385141e7d851b6b43f3ef6c0857845282181ddc6cfac1e13c3ff02a7

durations

tests

boot	0
kunit	223.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit