lkft/linux-next-master - next-20250626 - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob

Date

June 26, 2025, 9:10 a.m.

Environment
dragonboard-845c
juno-r2
qemu-arm64

[   76.149071] ==================================================================
[   76.156393] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   76.163184] Read of size 1 at addr ffff80008029d7f8 by task kunit_try_catch/355
[   76.170595] 
[   76.172136] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   76.172166] Tainted: [B]=BAD_PAGE, [N]=TEST
[   76.172174] Hardware name: Thundercomm Dragonboard 845c (DT)
[   76.172186] Call trace:
[   76.172193]  show_stack+0x20/0x38 (C)
[   76.172211]  dump_stack_lvl+0x8c/0xd0
[   76.172230]  print_report+0x310/0x608
[   76.172250]  kasan_report+0xdc/0x128
[   76.172269]  __asan_report_load1_noabort+0x20/0x30
[   76.172289]  vmalloc_oob+0x51c/0x5d0
[   76.172305]  kunit_try_run_case+0x170/0x3f0
[   76.172325]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   76.172348]  kthread+0x328/0x630
[   76.172364]  ret_from_fork+0x10/0x20
[   76.172381] 
[   76.237470] The buggy address belongs to the virtual mapping at
[   76.237470]  [ffff80008029d000, ffff80008029f000) created by:
[   76.237470]  vmalloc_oob+0x98/0x5d0
[   76.252770] 
[   76.254305] The buggy address belongs to the physical page:
[   76.259950] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116f1f
[   76.268061] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   76.274682] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   76.282526] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   76.290365] page dumped because: kasan: bad access detected
[   76.296011] 
[   76.297539] Memory state around the buggy address:
[   76.302401]  ffff80008029d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.309723]  ffff80008029d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.317046] >ffff80008029d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   76.324367]                                                                 ^
[   76.331595]  ffff80008029d800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   76.338917]  ffff80008029d880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   76.346235] ==================================================================
[   75.936637] ==================================================================
[   75.951974] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   75.958772] Read of size 1 at addr ffff80008029d7f3 by task kunit_try_catch/355
[   75.966182] 
[   75.967717] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   75.967747] Tainted: [B]=BAD_PAGE, [N]=TEST
[   75.967758] Hardware name: Thundercomm Dragonboard 845c (DT)
[   75.967772] Call trace:
[   75.967781]  show_stack+0x20/0x38 (C)
[   75.967801]  dump_stack_lvl+0x8c/0xd0
[   75.967821]  print_report+0x310/0x608
[   75.967843]  kasan_report+0xdc/0x128
[   75.967862]  __asan_report_load1_noabort+0x20/0x30
[   75.967880]  vmalloc_oob+0x578/0x5d0
[   75.967897]  kunit_try_run_case+0x170/0x3f0
[   75.967918]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   75.967941]  kthread+0x328/0x630
[   75.967957]  ret_from_fork+0x10/0x20
[   75.967975] 
[   76.033097] The buggy address belongs to the virtual mapping at
[   76.033097]  [ffff80008029d000, ffff80008029f000) created by:
[   76.033097]  vmalloc_oob+0x98/0x5d0
[   76.048392] 
[   76.049925] The buggy address belongs to the physical page:
[   76.055572] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116f1f
[   76.063681] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   76.070308] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   76.078152] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   76.086000] page dumped because: kasan: bad access detected
[   76.091649] 
[   76.093181] Memory state around the buggy address:
[   76.098043]  ffff80008029d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.105364]  ffff80008029d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   76.112687] >ffff80008029d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   76.120000]                                                              ^
[   76.126967]  ffff80008029d800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   76.134291]  ffff80008029d880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   76.141612] ==================================================================

Metadata Full log Test run details

[ 1525.445675] ==================================================================
[ 1525.445698] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[ 1525.445729] Read of size 1 at addr ffff800087c5d7f8 by task kunit_try_catch/340
[ 1525.445764] 
[ 1525.445779] CPU: 4 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1525.445839] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1525.445859] Hardware name: ARM Juno development board (r2) (DT)
[ 1525.445882] Call trace:
[ 1525.445894]  show_stack+0x20/0x38 (C)
[ 1525.445931]  dump_stack_lvl+0x8c/0xd0
[ 1525.445970]  print_report+0x310/0x608
[ 1525.446011]  kasan_report+0xdc/0x128
[ 1525.446051]  __asan_report_load1_noabort+0x20/0x30
[ 1525.446089]  vmalloc_oob+0x51c/0x5d0
[ 1525.446125]  kunit_try_run_case+0x170/0x3f0
[ 1525.446165]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1525.446212]  kthread+0x328/0x630
[ 1525.446244]  ret_from_fork+0x10/0x20
[ 1525.446282] 
[ 1525.446296] The buggy address belongs to the virtual mapping at
[ 1525.446296]  [ffff800087c5d000, ffff800087c5f000) created by:
[ 1525.446296]  vmalloc_oob+0x98/0x5d0
[ 1525.446354] 
[ 1525.446364] The buggy address belongs to the physical page:
[ 1525.446384] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a79b2
[ 1525.446419] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 1525.446461] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[ 1525.446497] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 1525.446526] page dumped because: kasan: bad access detected
[ 1525.446544] 
[ 1525.446554] Memory state around the buggy address:
[ 1525.446575]  ffff800087c5d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1525.446605]  ffff800087c5d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1525.446635] >ffff800087c5d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[ 1525.446661]                                                                 ^
[ 1525.446688]  ffff800087c5d800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1525.446719]  ffff800087c5d880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1525.446745] ==================================================================
[ 1525.444553] ==================================================================
[ 1525.444581] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[ 1525.444620] Read of size 1 at addr ffff800087c5d7f3 by task kunit_try_catch/340
[ 1525.444655] 
[ 1525.444673] CPU: 4 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1525.444736] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1525.444756] Hardware name: ARM Juno development board (r2) (DT)
[ 1525.444780] Call trace:
[ 1525.444793]  show_stack+0x20/0x38 (C)
[ 1525.444830]  dump_stack_lvl+0x8c/0xd0
[ 1525.444871]  print_report+0x310/0x608
[ 1525.444913]  kasan_report+0xdc/0x128
[ 1525.444953]  __asan_report_load1_noabort+0x20/0x30
[ 1525.444991]  vmalloc_oob+0x578/0x5d0
[ 1525.445026]  kunit_try_run_case+0x170/0x3f0
[ 1525.445067]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1525.445113]  kthread+0x328/0x630
[ 1525.445145]  ret_from_fork+0x10/0x20
[ 1525.445183] 
[ 1525.445195] The buggy address belongs to the virtual mapping at
[ 1525.445195]  [ffff800087c5d000, ffff800087c5f000) created by:
[ 1525.445195]  vmalloc_oob+0x98/0x5d0
[ 1525.445252] 
[ 1525.445264] The buggy address belongs to the physical page:
[ 1525.445283] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a79b2
[ 1525.445318] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 1525.445362] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[ 1525.445398] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 1525.445425] page dumped because: kasan: bad access detected
[ 1525.445445] 
[ 1525.445455] Memory state around the buggy address:
[ 1525.445476]  ffff800087c5d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1525.445506]  ffff800087c5d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1525.445537] >ffff800087c5d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[ 1525.445563]                                                              ^
[ 1525.445590]  ffff800087c5d800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1525.445620]  ffff800087c5d880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1525.445646] ==================================================================

Metadata Full log Test run details

[   29.923553] ==================================================================
[   29.923603] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   29.924189] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/281
[   29.924321] 
[   29.924521] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   29.924768] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.924937] Hardware name: linux,dummy-virt (DT)
[   29.925027] Call trace:
[   29.925189]  show_stack+0x20/0x38 (C)
[   29.925293]  dump_stack_lvl+0x8c/0xd0
[   29.925344]  print_report+0x310/0x608
[   29.925710]  kasan_report+0xdc/0x128
[   29.925907]  __asan_report_load1_noabort+0x20/0x30
[   29.926109]  vmalloc_oob+0x51c/0x5d0
[   29.926168]  kunit_try_run_case+0x170/0x3f0
[   29.926218]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.926273]  kthread+0x328/0x630
[   29.926316]  ret_from_fork+0x10/0x20
[   29.926367] 
[   29.926457] The buggy address belongs to the virtual mapping at
[   29.926457]  [ffff8000800fe000, ffff800080100000) created by:
[   29.926457]  vmalloc_oob+0x98/0x5d0
[   29.926558] 
[   29.926587] The buggy address belongs to the physical page:
[   29.926621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105783
[   29.926686] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   29.926754] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   29.926817] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.926870] page dumped because: kasan: bad access detected
[   29.926911] 
[   29.926942] Memory state around the buggy address:
[   29.926977]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.927030]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.927087] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   29.927126]                                                                 ^
[   29.927169]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   29.927223]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   29.927264] ==================================================================
[   29.915731] ==================================================================
[   29.916043] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   29.916128] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/281
[   29.916430] 
[   29.916538] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   29.916684] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.916794] Hardware name: linux,dummy-virt (DT)
[   29.916931] Call trace:
[   29.917007]  show_stack+0x20/0x38 (C)
[   29.917375]  dump_stack_lvl+0x8c/0xd0
[   29.917592]  print_report+0x310/0x608
[   29.917806]  kasan_report+0xdc/0x128
[   29.917879]  __asan_report_load1_noabort+0x20/0x30
[   29.918106]  vmalloc_oob+0x578/0x5d0
[   29.918303]  kunit_try_run_case+0x170/0x3f0
[   29.918816]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.918983]  kthread+0x328/0x630
[   29.919350]  ret_from_fork+0x10/0x20
[   29.919514] 
[   29.919614] The buggy address belongs to the virtual mapping at
[   29.919614]  [ffff8000800fe000, ffff800080100000) created by:
[   29.919614]  vmalloc_oob+0x98/0x5d0
[   29.919696] 
[   29.919727] The buggy address belongs to the physical page:
[   29.920013] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105783
[   29.920255] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   29.920399] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   29.920677] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   29.920997] page dumped because: kasan: bad access detected
[   29.921108] 
[   29.921170] Memory state around the buggy address:
[   29.921282]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.921468]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.921691] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   29.921738]                                                              ^
[   29.921962]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   29.922268]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   29.922448] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VBWOwNE7tln7ibBWNJtNgCdd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VBWOwNE7tln7ibBWNJtNgCdd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/Image.gz
sha256sum	42e36f6e4a060d5f9a1060b857a02a69294fe7d2a27b0731adb370bcbc85f1e6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/modules.tar.xz
sha256sum	890b3fa8e09fb90f169b09d75de24714d8b16adf2b500a29a27124602d4970e9

durations

tests

boot	0
kunit	167.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - juno-r2 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit