lkft/linux-next-master - next-20250702 - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64

[   33.897429] ==================================================================
[   33.897762] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   33.898069] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/302
[   33.898124] 
[   33.898194] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.898308] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.898409] Hardware name: linux,dummy-virt (DT)
[   33.898447] Call trace:
[   33.898474]  show_stack+0x20/0x38 (C)
[   33.898544]  dump_stack_lvl+0x8c/0xd0
[   33.898602]  print_report+0x310/0x608
[   33.898650]  kasan_report+0xdc/0x128
[   33.898920]  __asan_report_load1_noabort+0x20/0x30
[   33.899292]  vmalloc_oob+0x51c/0x5d0
[   33.899439]  kunit_try_run_case+0x170/0x3f0
[   33.899519]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.899644]  kthread+0x328/0x630
[   33.899715]  ret_from_fork+0x10/0x20
[   33.899798] 
[   33.899854] The buggy address belongs to the virtual mapping at
[   33.899854]  [ffff8000800fe000, ffff800080100000) created by:
[   33.899854]  vmalloc_oob+0x98/0x5d0
[   33.900093] 
[   33.900137] The buggy address belongs to the physical page:
[   33.900372] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091fa
[   33.900461] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.900814] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   33.901030] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.901135] page dumped because: kasan: bad access detected
[   33.901214] 
[   33.901307] Memory state around the buggy address:
[   33.901387]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.901435]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.901641] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   33.901798]                                                                 ^
[   33.902208]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.902276]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.902505] ==================================================================
[   33.890504] ==================================================================
[   33.890579] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   33.890640] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/302
[   33.890695] 
[   33.890733] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   33.890835] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.890864] Hardware name: linux,dummy-virt (DT)
[   33.890897] Call trace:
[   33.890923]  show_stack+0x20/0x38 (C)
[   33.891533]  dump_stack_lvl+0x8c/0xd0
[   33.891973]  print_report+0x310/0x608
[   33.892077]  kasan_report+0xdc/0x128
[   33.892367]  __asan_report_load1_noabort+0x20/0x30
[   33.892458]  vmalloc_oob+0x578/0x5d0
[   33.892509]  kunit_try_run_case+0x170/0x3f0
[   33.892944]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.893047]  kthread+0x328/0x630
[   33.893103]  ret_from_fork+0x10/0x20
[   33.893458] 
[   33.893505] The buggy address belongs to the virtual mapping at
[   33.893505]  [ffff8000800fe000, ffff800080100000) created by:
[   33.893505]  vmalloc_oob+0x98/0x5d0
[   33.893595] 
[   33.893621] The buggy address belongs to the physical page:
[   33.893988] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091fa
[   33.894118] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.894204] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   33.894639] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.895012] page dumped because: kasan: bad access detected
[   33.895131] 
[   33.895235] Memory state around the buggy address:
[   33.895301]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.895356]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.895754] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   33.895971]                                                              ^
[   33.896149]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.896201]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.896493] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   35.455496] ==================================================================
[   35.455592] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   35.455651] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/300
[   35.455704] 
[   35.455742] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   35.455840] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.455871] Hardware name: linux,dummy-virt (DT)
[   35.455904] Call trace:
[   35.456143]  show_stack+0x20/0x38 (C)
[   35.456250]  dump_stack_lvl+0x8c/0xd0
[   35.456370]  print_report+0x310/0x608
[   35.456437]  kasan_report+0xdc/0x128
[   35.456516]  __asan_report_load1_noabort+0x20/0x30
[   35.456569]  vmalloc_oob+0x578/0x5d0
[   35.456829]  kunit_try_run_case+0x170/0x3f0
[   35.456944]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.457032]  kthread+0x328/0x630
[   35.457104]  ret_from_fork+0x10/0x20
[   35.457219] 
[   35.457287] The buggy address belongs to the virtual mapping at
[   35.457287]  [ffff8000800fe000, ffff800080100000) created by:
[   35.457287]  vmalloc_oob+0x98/0x5d0
[   35.457385] 
[   35.457409] The buggy address belongs to the physical page:
[   35.457445] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   35.457662] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   35.457813] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   35.457909] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   35.457966] page dumped because: kasan: bad access detected
[   35.458198] 
[   35.458260] Memory state around the buggy address:
[   35.458318]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.458386]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.458432] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   35.458472]                                                              ^
[   35.458516]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   35.458559]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   35.458602] ==================================================================
[   35.459626] ==================================================================
[   35.459700] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   35.459752] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/300
[   35.459811] 
[   35.459842] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   35.459937] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.459984] Hardware name: linux,dummy-virt (DT)
[   35.460148] Call trace:
[   35.460306]  show_stack+0x20/0x38 (C)
[   35.460384]  dump_stack_lvl+0x8c/0xd0
[   35.460452]  print_report+0x310/0x608
[   35.460508]  kasan_report+0xdc/0x128
[   35.460591]  __asan_report_load1_noabort+0x20/0x30
[   35.460644]  vmalloc_oob+0x51c/0x5d0
[   35.460702]  kunit_try_run_case+0x170/0x3f0
[   35.460752]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.460807]  kthread+0x328/0x630
[   35.460867]  ret_from_fork+0x10/0x20
[   35.460918] 
[   35.460944] The buggy address belongs to the virtual mapping at
[   35.460944]  [ffff8000800fe000, ffff800080100000) created by:
[   35.460944]  vmalloc_oob+0x98/0x5d0
[   35.461019] 
[   35.461041] The buggy address belongs to the physical page:
[   35.461075] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   35.461230] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   35.461298] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   35.461353] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   35.461578] page dumped because: kasan: bad access detected
[   35.461629] 
[   35.461670] Memory state around the buggy address:
[   35.461716]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.461920]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.461980] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   35.462022]                                                                 ^
[   35.462248]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   35.462310]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   35.462357] ==================================================================