lkft/linux-next-master - next-20250703 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right

Date

July 3, 2025, 10:10 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64

[   33.022254] ==================================================================
[   33.033729] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   33.041313] Write of size 1 at addr ffff00009558a00a by task kunit_try_catch/255
[   33.048805] 
[   33.050335] CPU: 4 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   33.050365] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.050374] Hardware name: Thundercomm Dragonboard 845c (DT)
[   33.050385] Call trace:
[   33.050391]  show_stack+0x20/0x38 (C)
[   33.050409]  dump_stack_lvl+0x8c/0xd0
[   33.050429]  print_report+0x118/0x608
[   33.050449]  kasan_report+0xdc/0x128
[   33.050466]  __asan_report_store1_noabort+0x20/0x30
[   33.050483]  kmalloc_large_oob_right+0x278/0x2b8
[   33.050500]  kunit_try_run_case+0x170/0x3f0
[   33.050517]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.050537]  kthread+0x328/0x630
[   33.050549]  ret_from_fork+0x10/0x20
[   33.050567] 
[   33.116774] The buggy address belongs to the physical page:
[   33.122417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115588
[   33.130525] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.138273] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.145327] page_type: f8(unknown)
[   33.148795] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.156633] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.164469] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.172394] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.180315] head: 0bfffe0000000002 fffffdffc2556201 00000000ffffffff 00000000ffffffff
[   33.188239] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.196156] page dumped because: kasan: bad access detected
[   33.201796] 
[   33.203327] Memory state around the buggy address:
[   33.208185]  ffff000095589f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.215498]  ffff000095589f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.222806] >ffff00009558a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.230116]                       ^
[   33.233665]  ffff00009558a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.240976]  ffff00009558a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.248286] ==================================================================

Metadata Full log Test run details

[   30.757249] ==================================================================
[   30.757417] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   30.757481] Write of size 1 at addr fff00000c9bc200a by task kunit_try_catch/178
[   30.757530] 
[   30.757817] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT 
[   30.757927] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.758054] Hardware name: linux,dummy-virt (DT)
[   30.758132] Call trace:
[   30.758157]  show_stack+0x20/0x38 (C)
[   30.758515]  dump_stack_lvl+0x8c/0xd0
[   30.758599]  print_report+0x118/0x608
[   30.758935]  kasan_report+0xdc/0x128
[   30.759195]  __asan_report_store1_noabort+0x20/0x30
[   30.759280]  kmalloc_large_oob_right+0x278/0x2b8
[   30.759334]  kunit_try_run_case+0x170/0x3f0
[   30.759538]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.759607]  kthread+0x328/0x630
[   30.759761]  ret_from_fork+0x10/0x20
[   30.759815] 
[   30.759910] The buggy address belongs to the physical page:
[   30.759963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bc0
[   30.760038] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.760084] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.760319] page_type: f8(unknown)
[   30.760538] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.760676] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.760796] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.760860] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.760910] head: 0bfffe0000000002 ffffc1ffc326f001 00000000ffffffff 00000000ffffffff
[   30.761405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.761467] page dumped because: kasan: bad access detected
[   30.761584] 
[   30.761684] Memory state around the buggy address:
[   30.761742]  fff00000c9bc1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.761792]  fff00000c9bc1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.761888] >fff00000c9bc2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.761929]                       ^
[   30.761974]  fff00000c9bc2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.762025]  fff00000c9bc2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.762063] ==================================================================

Metadata Full log Test run details

[   22.646542] ==================================================================
[   22.647011] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330
[   22.647698] Write of size 1 at addr ffff888105eae00a by task kunit_try_catch/195
[   22.648010] 
[   22.648117] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) 
[   22.648163] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.648185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.648207] Call Trace:
[   22.648219]  <TASK>
[   22.648237]  dump_stack_lvl+0x73/0xb0
[   22.648279]  print_report+0xd1/0x650
[   22.648300]  ? __virt_addr_valid+0x1db/0x2d0
[   22.648366]  ? kmalloc_large_oob_right+0x2e9/0x330
[   22.648387]  ? kasan_addr_to_slab+0x11/0xa0
[   22.648472]  ? kmalloc_large_oob_right+0x2e9/0x330
[   22.648499]  kasan_report+0x141/0x180
[   22.648520]  ? kmalloc_large_oob_right+0x2e9/0x330
[   22.648546]  __asan_report_store1_noabort+0x1b/0x30
[   22.648570]  kmalloc_large_oob_right+0x2e9/0x330
[   22.648591]  ? __pfx_kmalloc_large_oob_right+0x10/0x10
[   22.648612]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   22.648636]  ? trace_hardirqs_on+0x37/0xe0
[   22.648668]  ? __pfx_read_tsc+0x10/0x10
[   22.648689]  ? ktime_get_ts64+0x86/0x230
[   22.648713]  kunit_try_run_case+0x1a5/0x480
[   22.648750]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.648774]  ? queued_spin_lock_slowpath+0x116/0xb40
[   22.648797]  ? __kthread_parkme+0x82/0x180
[   22.648816]  ? preempt_count_sub+0x50/0x80
[   22.648839]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.648863]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.648886]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.648909]  kthread+0x337/0x6f0
[   22.648937]  ? trace_preempt_on+0x20/0xc0
[   22.648959]  ? __pfx_kthread+0x10/0x10
[   22.648979]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.649015]  ? calculate_sigpending+0x7b/0xa0
[   22.649039]  ? __pfx_kthread+0x10/0x10
[   22.649060]  ret_from_fork+0x116/0x1d0
[   22.649079]  ? __pfx_kthread+0x10/0x10
[   22.649099]  ret_from_fork_asm+0x1a/0x30
[   22.649130]  </TASK>
[   22.649142] 
[   22.659545] The buggy address belongs to the physical page:
[   22.659818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eac
[   22.660154] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.660591] flags: 0x200000000000040(head|node=0|zone=2)
[   22.660855] page_type: f8(unknown)
[   22.661026] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.661250] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   22.661487] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   22.662716] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   22.663012] head: 0200000000000002 ffffea000417ab01 00000000ffffffff 00000000ffffffff
[   22.663577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.663871] page dumped because: kasan: bad access detected
[   22.664117] 
[   22.664294] Memory state around the buggy address:
[   22.664486]  ffff888105eadf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.664825]  ffff888105eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.665060] >ffff888105eae000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.665583]                       ^
[   22.665760]  ffff888105eae080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.666064]  ffff888105eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.666466] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zMOF8s2A2UwjPib0KeBbIV61UG

job_id

TEST:linaro@lkft#2zMOKhbfzWPDwh45umdhdhUF4H1

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMOKhbfzWPDwh45umdhdhUF4H1

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMOHOWFJIfy24rIK923z4Yrl7h/bzImage
sha256sum	e44a7e50f99d7a9802d66068185b6905dcc4c9fd4182e425a09649a677927cc3

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMOHOWFJIfy24rIK923z4Yrl7h/modules.tar.xz
sha256sum	dfdae765b4e29de5ab27efcfb47c5d1a2a4b5c6ed3c786764ae66cbe24c85522

durations

tests

boot	0
kunit	215.40

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit