lkft/linux-next-master - next-20250702 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.789738] ==================================================================
[   30.789803] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   30.790442] Write of size 16 at addr fff00000c919c720 by task kunit_try_catch/199
[   30.790567] 
[   30.790603] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   30.790751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.790812] Hardware name: linux,dummy-virt (DT)
[   30.790846] Call trace:
[   30.790878]  show_stack+0x20/0x38 (C)
[   30.790981]  dump_stack_lvl+0x8c/0xd0
[   30.791049]  print_report+0x118/0x608
[   30.791146]  kasan_report+0xdc/0x128
[   30.791202]  __asan_report_store16_noabort+0x20/0x30
[   30.791258]  kmalloc_oob_16+0x3a0/0x3f8
[   30.791336]  kunit_try_run_case+0x170/0x3f0
[   30.791393]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.791446]  kthread+0x328/0x630
[   30.791496]  ret_from_fork+0x10/0x20
[   30.791657] 
[   30.791686] Allocated by task 199:
[   30.791806]  kasan_save_stack+0x3c/0x68
[   30.791974]  kasan_save_track+0x20/0x40
[   30.792250]  kasan_save_alloc_info+0x40/0x58
[   30.792352]  __kasan_kmalloc+0xd4/0xd8
[   30.792526]  __kmalloc_cache_noprof+0x16c/0x3c0
[   30.792644]  kmalloc_oob_16+0xb4/0x3f8
[   30.792712]  kunit_try_run_case+0x170/0x3f0
[   30.792828]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.792906]  kthread+0x328/0x630
[   30.792951]  ret_from_fork+0x10/0x20
[   30.793102] 
[   30.793266] The buggy address belongs to the object at fff00000c919c720
[   30.793266]  which belongs to the cache kmalloc-16 of size 16
[   30.793326] The buggy address is located 0 bytes inside of
[   30.793326]  allocated 13-byte region [fff00000c919c720, fff00000c919c72d)
[   30.793624] 
[   30.793710] The buggy address belongs to the physical page:
[   30.793759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c919c6c0 pfn:0x10919c
[   30.794063] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.794218] page_type: f5(slab)
[   30.794304] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   30.794389] raw: fff00000c919c6c0 000000008080007f 00000000f5000000 0000000000000000
[   30.794575] page dumped because: kasan: bad access detected
[   30.794742] 
[   30.794834] Memory state around the buggy address:
[   30.794893]  fff00000c919c600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.795258]  fff00000c919c680: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   30.795328] >fff00000c919c700: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc
[   30.795409]                                   ^
[   30.795464]  fff00000c919c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.795515]  fff00000c919c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.795775] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   32.569251] ==================================================================
[   32.569462] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   32.569613] Write of size 16 at addr fff00000c5788920 by task kunit_try_catch/197
[   32.569764] 
[   32.569795] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   32.569879] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.569905] Hardware name: linux,dummy-virt (DT)
[   32.569947] Call trace:
[   32.569969]  show_stack+0x20/0x38 (C)
[   32.570018]  dump_stack_lvl+0x8c/0xd0
[   32.570300]  print_report+0x118/0x608
[   32.570437]  kasan_report+0xdc/0x128
[   32.570483]  __asan_report_store16_noabort+0x20/0x30
[   32.570548]  kmalloc_oob_16+0x3a0/0x3f8
[   32.570593]  kunit_try_run_case+0x170/0x3f0
[   32.570642]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.570896]  kthread+0x328/0x630
[   32.570944]  ret_from_fork+0x10/0x20
[   32.570992] 
[   32.571010] Allocated by task 197:
[   32.571037]  kasan_save_stack+0x3c/0x68
[   32.571077]  kasan_save_track+0x20/0x40
[   32.571114]  kasan_save_alloc_info+0x40/0x58
[   32.571170]  __kasan_kmalloc+0xd4/0xd8
[   32.571207]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.571246]  kmalloc_oob_16+0xb4/0x3f8
[   32.571280]  kunit_try_run_case+0x170/0x3f0
[   32.571544]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.571758]  kthread+0x328/0x630
[   32.571794]  ret_from_fork+0x10/0x20
[   32.571855] 
[   32.571875] The buggy address belongs to the object at fff00000c5788920
[   32.571875]  which belongs to the cache kmalloc-16 of size 16
[   32.571932] The buggy address is located 0 bytes inside of
[   32.571932]  allocated 13-byte region [fff00000c5788920, fff00000c578892d)
[   32.572067] 
[   32.572090] The buggy address belongs to the physical page:
[   32.572127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105788
[   32.572238] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.572383] page_type: f5(slab)
[   32.572452] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122
[   32.572502] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   32.572541] page dumped because: kasan: bad access detected
[   32.572571] 
[   32.572588] Memory state around the buggy address:
[   32.572617]  fff00000c5788800: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   32.572659]  fff00000c5788880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   32.572756] >fff00000c5788900: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc
[   32.572894]                                   ^
[   32.572925]  fff00000c5788980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.572972]  fff00000c5788a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.573047] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgVNbTMWSdgH2toga97GQ1Q7f

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgVNbTMWSdgH2toga97GQ1Q7f

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/Image.gz
sha256sum	0bc9f899cfd087a8afeca5d2e97cbfde074f219701c595cf032b0638edac4ebb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/modules.tar.xz
sha256sum	a7c57519c6dd39ab91f2f3c11d9473bcddc038b16e47bd1dafe42a18ff05f66f

durations

tests

boot	0
kunit	166.37

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.054954] ==================================================================
[   23.055379] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0
[   23.055629] Write of size 16 at addr ffff8881048b6320 by task kunit_try_catch/214
[   23.056018] 
[   23.056131] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   23.056180] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.056193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.056213] Call Trace:
[   23.056226]  <TASK>
[   23.056242]  dump_stack_lvl+0x73/0xb0
[   23.056271]  print_report+0xd1/0x650
[   23.056292]  ? __virt_addr_valid+0x1db/0x2d0
[   23.056328]  ? kmalloc_oob_16+0x452/0x4a0
[   23.056348]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.056373]  ? kmalloc_oob_16+0x452/0x4a0
[   23.056394]  kasan_report+0x141/0x180
[   23.056415]  ? kmalloc_oob_16+0x452/0x4a0
[   23.056440]  __asan_report_store16_noabort+0x1b/0x30
[   23.056464]  kmalloc_oob_16+0x452/0x4a0
[   23.056484]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   23.056518]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   23.056543]  kunit_try_run_case+0x1a5/0x480
[   23.056568]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.056591]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.056612]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.056633]  ? __kthread_parkme+0x82/0x180
[   23.056653]  ? preempt_count_sub+0x50/0x80
[   23.056686]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.056711]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.056734]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.056758]  kthread+0x337/0x6f0
[   23.056778]  ? trace_preempt_on+0x20/0xc0
[   23.056801]  ? __pfx_kthread+0x10/0x10
[   23.056821]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.056845]  ? calculate_sigpending+0x7b/0xa0
[   23.056868]  ? __pfx_kthread+0x10/0x10
[   23.056889]  ret_from_fork+0x116/0x1d0
[   23.056908]  ? __pfx_kthread+0x10/0x10
[   23.056928]  ret_from_fork_asm+0x1a/0x30
[   23.056958]  </TASK>
[   23.056969] 
[   23.063120] Allocated by task 214:
[   23.063275]  kasan_save_stack+0x45/0x70
[   23.063468]  kasan_save_track+0x18/0x40
[   23.064088]  kasan_save_alloc_info+0x3b/0x50
[   23.064262]  __kasan_kmalloc+0xb7/0xc0
[   23.064454]  __kmalloc_cache_noprof+0x189/0x420
[   23.064688]  kmalloc_oob_16+0xa8/0x4a0
[   23.064937]  kunit_try_run_case+0x1a5/0x480
[   23.065095]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.065297]  kthread+0x337/0x6f0
[   23.065444]  ret_from_fork+0x116/0x1d0
[   23.065666]  ret_from_fork_asm+0x1a/0x30
[   23.065863] 
[   23.065945] The buggy address belongs to the object at ffff8881048b6320
[   23.065945]  which belongs to the cache kmalloc-16 of size 16
[   23.066394] The buggy address is located 0 bytes inside of
[   23.066394]  allocated 13-byte region [ffff8881048b6320, ffff8881048b632d)
[   23.066813] 
[   23.066891] The buggy address belongs to the physical page:
[   23.067198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048b6
[   23.067555] flags: 0x200000000000000(node=0|zone=2)
[   23.067713] page_type: f5(slab)
[   23.067856] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122
[   23.068485] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   23.068794] page dumped because: kasan: bad access detected
[   23.069077] 
[   23.069153] Memory state around the buggy address:
[   23.069302]  ffff8881048b6200: 00 06 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   23.069838]  ffff8881048b6280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   23.070086] >ffff8881048b6300: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc
[   23.070290]                                   ^
[   23.070511]  ffff8881048b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.070837]  ffff8881048b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.071039] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjbo5vUf6Wgav2dNg23QBILve

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjbo5vUf6Wgav2dNg23QBILve

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/bzImage
sha256sum	4acfb3ef7d1c5960d9bb8d8c6946992d600ffa1a2e100775f86dbb73a7e052b1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/modules.tar.xz
sha256sum	9d3b3583400db11d5b102f8eb0fbef431a8d5f7a81319fa4c86c7d93acce21b0

durations

tests

boot	0
kunit	219.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.310932] ==================================================================
[   23.311432] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0
[   23.311730] Write of size 16 at addr ffff8881049ad500 by task kunit_try_catch/215
[   23.312322] 
[   23.312452] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   23.312506] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.312519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.312542] Call Trace:
[   23.312556]  <TASK>
[   23.312577]  dump_stack_lvl+0x73/0xb0
[   23.312613]  print_report+0xd1/0x650
[   23.312637]  ? __virt_addr_valid+0x1db/0x2d0
[   23.312662]  ? kmalloc_oob_16+0x452/0x4a0
[   23.312682]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.312708]  ? kmalloc_oob_16+0x452/0x4a0
[   23.312728]  kasan_report+0x141/0x180
[   23.312749]  ? kmalloc_oob_16+0x452/0x4a0
[   23.312773]  __asan_report_store16_noabort+0x1b/0x30
[   23.312797]  kmalloc_oob_16+0x452/0x4a0
[   23.312817]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   23.312839]  ? __schedule+0x10cc/0x2b60
[   23.312860]  ? __pfx_read_tsc+0x10/0x10
[   23.312883]  ? ktime_get_ts64+0x86/0x230
[   23.312910]  kunit_try_run_case+0x1a5/0x480
[   23.312960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.312982]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.313005]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.313027]  ? __kthread_parkme+0x82/0x180
[   23.313048]  ? preempt_count_sub+0x50/0x80
[   23.313082]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.313106]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.313131]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.313154]  kthread+0x337/0x6f0
[   23.313235]  ? trace_preempt_on+0x20/0xc0
[   23.313264]  ? __pfx_kthread+0x10/0x10
[   23.313285]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.313309]  ? calculate_sigpending+0x7b/0xa0
[   23.313334]  ? __pfx_kthread+0x10/0x10
[   23.313356]  ret_from_fork+0x116/0x1d0
[   23.313375]  ? __pfx_kthread+0x10/0x10
[   23.313396]  ret_from_fork_asm+0x1a/0x30
[   23.313427]  </TASK>
[   23.313440] 
[   23.320402] Allocated by task 215:
[   23.320542]  kasan_save_stack+0x45/0x70
[   23.320688]  kasan_save_track+0x18/0x40
[   23.320818]  kasan_save_alloc_info+0x3b/0x50
[   23.321050]  __kasan_kmalloc+0xb7/0xc0
[   23.321316]  __kmalloc_cache_noprof+0x189/0x420
[   23.321542]  kmalloc_oob_16+0xa8/0x4a0
[   23.321726]  kunit_try_run_case+0x1a5/0x480
[   23.321938]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.322357]  kthread+0x337/0x6f0
[   23.322530]  ret_from_fork+0x116/0x1d0
[   23.322702]  ret_from_fork_asm+0x1a/0x30
[   23.322882] 
[   23.323716] The buggy address belongs to the object at ffff8881049ad500
[   23.323716]  which belongs to the cache kmalloc-16 of size 16
[   23.324537] The buggy address is located 0 bytes inside of
[   23.324537]  allocated 13-byte region [ffff8881049ad500, ffff8881049ad50d)
[   23.325013] 
[   23.325118] The buggy address belongs to the physical page:
[   23.325359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ad
[   23.325690] flags: 0x200000000000000(node=0|zone=2)
[   23.325920] page_type: f5(slab)
[   23.326542] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122
[   23.327144] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   23.327885] page dumped because: kasan: bad access detected
[   23.328358] 
[   23.328628] Memory state around the buggy address:
[   23.328914]  ffff8881049ad400: 00 06 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   23.329458]  ffff8881049ad480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   23.329744] >ffff8881049ad500: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc
[   23.330403]                       ^
[   23.330709]  ffff8881049ad580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.331412]  ffff8881049ad600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.331717] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgWLiLp1SzPvoGOQl1Sc7c2xD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgWLiLp1SzPvoGOQl1Sc7c2xD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/bzImage
sha256sum	c63ce0944f5600b46c12779e7ee07bd3abac22ab6ab0025102b975f86834f461

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/modules.tar.xz
sha256sum	6bde680c4711a679bf6c233af89c66b0048bd800f61fd1fce42662ca56dcc624

durations

tests

boot	0
kunit	249.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit