lkft/linux-next-master - next-20250623 - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob

Date

June 23, 2025, 7:07 a.m.

Environment
qemu-arm64

[   37.109345] ==================================================================
[   37.109444] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   37.109555] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/281
[   37.109670] 
[   37.109735] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   37.109925] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.109995] Hardware name: linux,dummy-virt (DT)
[   37.110108] Call trace:
[   37.110183]  show_stack+0x20/0x38 (C)
[   37.110326]  dump_stack_lvl+0x8c/0xd0
[   37.110468]  print_report+0x310/0x608
[   37.110666]  kasan_report+0xdc/0x128
[   37.110824]  __asan_report_load1_noabort+0x20/0x30
[   37.111000]  vmalloc_oob+0x51c/0x5d0
[   37.111240]  kunit_try_run_case+0x170/0x3f0
[   37.111372]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.111566]  kthread+0x328/0x630
[   37.111700]  ret_from_fork+0x10/0x20
[   37.111842] 
[   37.111906] The buggy address belongs to the virtual mapping at
[   37.111906]  [ffff8000800fe000, ffff800080100000) created by:
[   37.111906]  vmalloc_oob+0x98/0x5d0
[   37.112102] 
[   37.112212] The buggy address belongs to the physical page:
[   37.112329] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107807
[   37.112482] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   37.112811] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   37.112937] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   37.113057] page dumped because: kasan: bad access detected
[   37.113140] 
[   37.113219] Memory state around the buggy address:
[   37.113301]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.113418]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.113526] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   37.113657]                                                                 ^
[   37.113940]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   37.114073]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   37.114186] ==================================================================
[   37.103098] ==================================================================
[   37.103253] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   37.103515] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/281
[   37.103729] 
[   37.103914] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   37.104243] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.104326] Hardware name: linux,dummy-virt (DT)
[   37.104416] Call trace:
[   37.104489]  show_stack+0x20/0x38 (C)
[   37.104634]  dump_stack_lvl+0x8c/0xd0
[   37.104769]  print_report+0x310/0x608
[   37.104951]  kasan_report+0xdc/0x128
[   37.105103]  __asan_report_load1_noabort+0x20/0x30
[   37.105229]  vmalloc_oob+0x578/0x5d0
[   37.105340]  kunit_try_run_case+0x170/0x3f0
[   37.105465]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.105603]  kthread+0x328/0x630
[   37.105715]  ret_from_fork+0x10/0x20
[   37.105851] 
[   37.105937] The buggy address belongs to the virtual mapping at
[   37.105937]  [ffff8000800fe000, ffff800080100000) created by:
[   37.105937]  vmalloc_oob+0x98/0x5d0
[   37.106154] 
[   37.106223] The buggy address belongs to the physical page:
[   37.106328] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107807
[   37.106588] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   37.106774] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   37.106915] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   37.107043] page dumped because: kasan: bad access detected
[   37.107158] 
[   37.107212] Memory state around the buggy address:
[   37.107290]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.107516]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.107699] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   37.107800]                                                              ^
[   37.107906]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   37.108006]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   37.108136] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmtaMTLcPEn4w4FcozR6WSC8v

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmtaMTLcPEn4w4FcozR6WSC8v

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/Image.gz
sha256sum	8babb9b25d008158739b204767b25f2683bd6714a94fb69277dbb95712e03026

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/modules.tar.xz
sha256sum	6a716a814d9729621b3aef13f694d9d6b53e23d3c12c6a026a54d81f80d3f12c

durations

tests

boot	0
kunit	290.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit