lkft/linux-next-master - next-20250714 - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob

Date

July 14, 2025, 10:38 a.m.

Environment
e850-96
qemu-arm64

[   79.485248] ==================================================================
[   79.499710] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   79.506390] Read of size 1 at addr ffff800087c7d7f3 by task kunit_try_catch/353
[   79.513683] 
[   79.515168] CPU: 6 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   79.515222] Tainted: [B]=BAD_PAGE, [N]=TEST
[   79.515239] Hardware name: WinLink E850-96 board (DT)
[   79.515262] Call trace:
[   79.515280]  show_stack+0x20/0x38 (C)
[   79.515317]  dump_stack_lvl+0x8c/0xd0
[   79.515351]  print_report+0x310/0x5d0
[   79.515381]  kasan_report+0xdc/0x128
[   79.515411]  __asan_report_load1_noabort+0x20/0x30
[   79.515446]  vmalloc_oob+0x578/0x5d0
[   79.515479]  kunit_try_run_case+0x170/0x3f0
[   79.515517]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   79.515552]  kthread+0x328/0x630
[   79.515585]  ret_from_fork+0x10/0x20
[   79.515623] 
[   79.578614] The buggy address ffff800087c7d7f3 belongs to a vmalloc virtual mapping
[   79.586253] The buggy address belongs to the physical page:
[   79.591810] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8847c6
[   79.599793] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   79.606314] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   79.614034] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   79.621753] page dumped because: kasan: bad access detected
[   79.627308] 
[   79.628783] Memory state around the buggy address:
[   79.633565]  ffff800087c7d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.640766]  ffff800087c7d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.647972] >ffff800087c7d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   79.655172]                                                              ^
[   79.662035]  ffff800087c7d800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   79.669238]  ffff800087c7d880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   79.676440] ==================================================================
[   79.683837] ==================================================================
[   79.690853] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   79.697534] Read of size 1 at addr ffff800087c7d7f8 by task kunit_try_catch/353
[   79.704824] 
[   79.706309] CPU: 6 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   79.706362] Tainted: [B]=BAD_PAGE, [N]=TEST
[   79.706379] Hardware name: WinLink E850-96 board (DT)
[   79.706399] Call trace:
[   79.706413]  show_stack+0x20/0x38 (C)
[   79.706447]  dump_stack_lvl+0x8c/0xd0
[   79.706480]  print_report+0x310/0x5d0
[   79.706508]  kasan_report+0xdc/0x128
[   79.706535]  __asan_report_load1_noabort+0x20/0x30
[   79.706572]  vmalloc_oob+0x51c/0x5d0
[   79.706607]  kunit_try_run_case+0x170/0x3f0
[   79.706644]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   79.706677]  kthread+0x328/0x630
[   79.706708]  ret_from_fork+0x10/0x20
[   79.706744] 
[   79.769756] The buggy address ffff800087c7d7f8 belongs to a vmalloc virtual mapping
[   79.777395] The buggy address belongs to the physical page:
[   79.782949] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8847c6
[   79.790937] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   79.797456] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   79.805176] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   79.812895] page dumped because: kasan: bad access detected
[   79.818451] 
[   79.819926] Memory state around the buggy address:
[   79.824705]  ffff800087c7d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.831909]  ffff800087c7d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.839114] >ffff800087c7d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   79.846315]                                                                 ^
[   79.853438]  ffff800087c7d800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   79.860641]  ffff800087c7d880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   79.867842] ==================================================================

Metadata Full log Test run details

[   32.731467] ==================================================================
[   32.732147] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   32.732751] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/300
[   32.733133] 
[   32.733257] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   32.733641] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.733753] Hardware name: linux,dummy-virt (DT)
[   32.733838] Call trace:
[   32.733864]  show_stack+0x20/0x38 (C)
[   32.734247]  dump_stack_lvl+0x8c/0xd0
[   32.734360]  print_report+0x310/0x5d0
[   32.734428]  kasan_report+0xdc/0x128
[   32.734753]  __asan_report_load1_noabort+0x20/0x30
[   32.734928]  vmalloc_oob+0x578/0x5d0
[   32.735109]  kunit_try_run_case+0x170/0x3f0
[   32.735221]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.735548]  kthread+0x328/0x630
[   32.735860]  ret_from_fork+0x10/0x20
[   32.736032] 
[   32.736072] The buggy address ffff8000800fe7f3 belongs to a vmalloc virtual mapping
[   32.736227] The buggy address belongs to the physical page:
[   32.736394] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a89
[   32.736735] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.736852] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   32.736933] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   32.737424] page dumped because: kasan: bad access detected
[   32.737467] 
[   32.737596] Memory state around the buggy address:
[   32.737791]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.738168]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.738308] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   32.738352]                                                              ^
[   32.738416]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   32.738752]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   32.739065] ==================================================================
[   32.741815] ==================================================================
[   32.741873] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   32.741934] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/300
[   32.741986] 
[   32.742064] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   32.742154] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.742181] Hardware name: linux,dummy-virt (DT)
[   32.742224] Call trace:
[   32.742250]  show_stack+0x20/0x38 (C)
[   32.742304]  dump_stack_lvl+0x8c/0xd0
[   32.742353]  print_report+0x310/0x5d0
[   32.742396]  kasan_report+0xdc/0x128
[   32.742441]  __asan_report_load1_noabort+0x20/0x30
[   32.742489]  vmalloc_oob+0x51c/0x5d0
[   32.742535]  kunit_try_run_case+0x170/0x3f0
[   32.742593]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.742647]  kthread+0x328/0x630
[   32.742689]  ret_from_fork+0x10/0x20
[   32.742736] 
[   32.742760] The buggy address ffff8000800fe7f8 belongs to a vmalloc virtual mapping
[   32.742804] The buggy address belongs to the physical page:
[   32.742848] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a89
[   32.742907] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.742968] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   32.743019] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   32.743070] page dumped because: kasan: bad access detected
[   32.743103] 
[   32.743131] Memory state around the buggy address:
[   32.743165]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.743210]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.743260] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   32.743301]                                                                 ^
[   32.743343]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   32.743387]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   32.743426] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW4gkgpPvPvyu1JhrLI5SfZ9n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW4gkgpPvPvyu1JhrLI5SfZ9n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/Image.gz
sha256sum	f1b1de68ab66795221ea7af2c885166039edc905709ae2b868dbc429ffb32d0d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/modules.tar.xz
sha256sum	94a5b5b8edfcc1ec8f65ff9d692207a782ba849df77dd9baa05c20bf5972d8f6

durations

tests

boot	0
kunit	174.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit