lkft/linux-next-master - next-20250620 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right

Date

June 20, 2025, 12:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   31.185866] ==================================================================
[   31.186374] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488
[   31.186559] Write of size 1 at addr fff00000c44df478 by task kunit_try_catch/153
[   31.186820] 
[   31.186918] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.187119] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.187580] Hardware name: linux,dummy-virt (DT)
[   31.187730] Call trace:
[   31.187836]  show_stack+0x20/0x38 (C)
[   31.187980]  dump_stack_lvl+0x8c/0xd0
[   31.188094]  print_report+0x118/0x608
[   31.188207]  kasan_report+0xdc/0x128
[   31.188319]  __asan_report_store1_noabort+0x20/0x30
[   31.188444]  kmalloc_track_caller_oob_right+0x40c/0x488
[   31.188569]  kunit_try_run_case+0x170/0x3f0
[   31.188701]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.188830]  kthread+0x328/0x630
[   31.188936]  ret_from_fork+0x10/0x20
[   31.189088] 
[   31.189130] Allocated by task 153:
[   31.189195]  kasan_save_stack+0x3c/0x68
[   31.189292]  kasan_save_track+0x20/0x40
[   31.189382]  kasan_save_alloc_info+0x40/0x58
[   31.189480]  __kasan_kmalloc+0xd4/0xd8
[   31.189558]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   31.189680]  kmalloc_track_caller_oob_right+0xa8/0x488
[   31.189770]  kunit_try_run_case+0x170/0x3f0
[   31.189862]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.189944]  kthread+0x328/0x630
[   31.190000]  ret_from_fork+0x10/0x20
[   31.190071] 
[   31.190110] The buggy address belongs to the object at fff00000c44df400
[   31.190110]  which belongs to the cache kmalloc-128 of size 128
[   31.190216] The buggy address is located 0 bytes to the right of
[   31.190216]  allocated 120-byte region [fff00000c44df400, fff00000c44df478)
[   31.190896] 
[   31.190951] The buggy address belongs to the physical page:
[   31.191256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044df
[   31.191406] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.191619] page_type: f5(slab)
[   31.191721] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   31.191929] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.192053] page dumped because: kasan: bad access detected
[   31.192191] 
[   31.192240] Memory state around the buggy address:
[   31.192362]  fff00000c44df300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.192470]  fff00000c44df380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.193088] >fff00000c44df400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   31.193203]                                                                 ^
[   31.193376]  fff00000c44df480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.193990]  fff00000c44df500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.194124] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ylxeu6IO0JXwDBBfpeBJndyVOz

job_id

TEST:linaro@lkft#2ylxknDmzqBc7l7AJ73lkzQwChd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ylxknDmzqBc7l7AJ73lkzQwChd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxgYId6JcqlbNdF5Ou1na1u7V/Image.gz
sha256sum	16e81c2ed2a17916f19db760d3a7c856b75ce2c5efeb6f59660648808e3ea09c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxgYId6JcqlbNdF5Ou1na1u7V/modules.tar.xz
sha256sum	cec40e0efa28ebd64355a818786c4419f9e1a0e9c486afe0449163fd13fe0a7d

durations

tests

boot	0
kunit	348.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.735766] ==================================================================
[   24.736310] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520
[   24.737688] Write of size 1 at addr ffff88810231cd78 by task kunit_try_catch/171
[   24.738087] 
[   24.738308] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   24.738483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.738514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.738559] Call Trace:
[   24.738589]  <TASK>
[   24.738627]  dump_stack_lvl+0x73/0xb0
[   24.738751]  print_report+0xd1/0x650
[   24.738815]  ? __virt_addr_valid+0x1db/0x2d0
[   24.738863]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   24.738907]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.738938]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   24.738964]  kasan_report+0x141/0x180
[   24.738987]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   24.739018]  __asan_report_store1_noabort+0x1b/0x30
[   24.739044]  kmalloc_track_caller_oob_right+0x4c8/0x520
[   24.739070]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   24.739098]  ? __schedule+0x10cc/0x2b60
[   24.739123]  ? __pfx_read_tsc+0x10/0x10
[   24.739153]  ? ktime_get_ts64+0x86/0x230
[   24.739197]  kunit_try_run_case+0x1a5/0x480
[   24.739226]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.739250]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.739274]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.739298]  ? __kthread_parkme+0x82/0x180
[   24.739322]  ? preempt_count_sub+0x50/0x80
[   24.739347]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.739372]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.739397]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.739421]  kthread+0x337/0x6f0
[   24.739464]  ? trace_preempt_on+0x20/0xc0
[   24.739494]  ? __pfx_kthread+0x10/0x10
[   24.739517]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.739539]  ? calculate_sigpending+0x7b/0xa0
[   24.739566]  ? __pfx_kthread+0x10/0x10
[   24.739589]  ret_from_fork+0x116/0x1d0
[   24.739611]  ? __pfx_kthread+0x10/0x10
[   24.739633]  ret_from_fork_asm+0x1a/0x30
[   24.739668]  </TASK>
[   24.739682] 
[   24.747518] Allocated by task 171:
[   24.747801]  kasan_save_stack+0x45/0x70
[   24.748109]  kasan_save_track+0x18/0x40
[   24.748453]  kasan_save_alloc_info+0x3b/0x50
[   24.748675]  __kasan_kmalloc+0xb7/0xc0
[   24.748842]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   24.749061]  kmalloc_track_caller_oob_right+0x99/0x520
[   24.749269]  kunit_try_run_case+0x1a5/0x480
[   24.749642]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.750079]  kthread+0x337/0x6f0
[   24.750354]  ret_from_fork+0x116/0x1d0
[   24.750691]  ret_from_fork_asm+0x1a/0x30
[   24.751035] 
[   24.751207] The buggy address belongs to the object at ffff88810231cd00
[   24.751207]  which belongs to the cache kmalloc-128 of size 128
[   24.751894] The buggy address is located 0 bytes to the right of
[   24.751894]  allocated 120-byte region [ffff88810231cd00, ffff88810231cd78)
[   24.752606] 
[   24.754544] The buggy address belongs to the physical page:
[   24.754947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10231c
[   24.755653] flags: 0x200000000000000(node=0|zone=2)
[   24.756008] page_type: f5(slab)
[   24.756279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.756938] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.757360] page dumped because: kasan: bad access detected
[   24.757889] 
[   24.758081] Memory state around the buggy address:
[   24.758385]  ffff88810231cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.759014]  ffff88810231cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.759358] >ffff88810231cd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   24.759913]                                                                 ^
[   24.760555]  ffff88810231cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.761069]  ffff88810231ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.761427] ==================================================================
[   24.763456] ==================================================================
[   24.764053] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520
[   24.764620] Write of size 1 at addr ffff88810231ce78 by task kunit_try_catch/171
[   24.765066] 
[   24.765350] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   24.765476] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.765663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.765856] Call Trace:
[   24.765906]  <TASK>
[   24.765991]  dump_stack_lvl+0x73/0xb0
[   24.766061]  print_report+0xd1/0x650
[   24.766090]  ? __virt_addr_valid+0x1db/0x2d0
[   24.766117]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   24.766162]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.766205]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   24.766232]  kasan_report+0x141/0x180
[   24.766255]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   24.766285]  __asan_report_store1_noabort+0x1b/0x30
[   24.766312]  kmalloc_track_caller_oob_right+0x4b1/0x520
[   24.766339]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   24.766366]  ? __schedule+0x10cc/0x2b60
[   24.766390]  ? __pfx_read_tsc+0x10/0x10
[   24.766415]  ? ktime_get_ts64+0x86/0x230
[   24.766462]  kunit_try_run_case+0x1a5/0x480
[   24.766494]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.766518]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.766543]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.766567]  ? __kthread_parkme+0x82/0x180
[   24.766590]  ? preempt_count_sub+0x50/0x80
[   24.766615]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.766640]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.766664]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.766689]  kthread+0x337/0x6f0
[   24.766710]  ? trace_preempt_on+0x20/0xc0
[   24.766736]  ? __pfx_kthread+0x10/0x10
[   24.766758]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.766780]  ? calculate_sigpending+0x7b/0xa0
[   24.766806]  ? __pfx_kthread+0x10/0x10
[   24.766829]  ret_from_fork+0x116/0x1d0
[   24.766850]  ? __pfx_kthread+0x10/0x10
[   24.766872]  ret_from_fork_asm+0x1a/0x30
[   24.766905]  </TASK>
[   24.766918] 
[   24.778155] Allocated by task 171:
[   24.778548]  kasan_save_stack+0x45/0x70
[   24.778940]  kasan_save_track+0x18/0x40
[   24.779315]  kasan_save_alloc_info+0x3b/0x50
[   24.779706]  __kasan_kmalloc+0xb7/0xc0
[   24.779889]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   24.780096]  kmalloc_track_caller_oob_right+0x19a/0x520
[   24.780337]  kunit_try_run_case+0x1a5/0x480
[   24.780531]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.780730]  kthread+0x337/0x6f0
[   24.780888]  ret_from_fork+0x116/0x1d0
[   24.781107]  ret_from_fork_asm+0x1a/0x30
[   24.781293] 
[   24.781399] The buggy address belongs to the object at ffff88810231ce00
[   24.781399]  which belongs to the cache kmalloc-128 of size 128
[   24.782150] The buggy address is located 0 bytes to the right of
[   24.782150]  allocated 120-byte region [ffff88810231ce00, ffff88810231ce78)
[   24.782841] 
[   24.783009] The buggy address belongs to the physical page:
[   24.783450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10231c
[   24.783866] flags: 0x200000000000000(node=0|zone=2)
[   24.784211] page_type: f5(slab)
[   24.784504] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.784896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.785405] page dumped because: kasan: bad access detected
[   24.785762] 
[   24.785910] Memory state around the buggy address:
[   24.786188]  ffff88810231cd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.786693]  ffff88810231cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.787124] >ffff88810231ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   24.787396]                                                                 ^
[   24.787885]  ffff88810231ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.788262]  ffff88810231cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.788625] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ylxeu6IO0JXwDBBfpeBJndyVOz

job_id

TEST:linaro@lkft#2ylxlwz5RxcyLOfJc85DXMJ1ZHa

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ylxlwz5RxcyLOfJc85DXMJ1ZHa

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxi8VBQbEeX7ahh6RQozQ3qEa/bzImage
sha256sum	45bde6c06931535c0358c3b45a949b96cf4ed89bcf19cfa2091d7ba61a28678f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxi8VBQbEeX7ahh6RQozQ3qEa/modules.tar.xz
sha256sum	78c646c5a5ca97c0ac59bb4022d308a7d957fff2cd7cba95f35c1aa1de7ed757

durations

tests

boot	0
kunit	261.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit