lkft/linux-next-master - next-20250715 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right

Date

July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   38.191889] ==================================================================
[   38.201443] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   38.208905] Write of size 1 at addr ffff00080506200a by task kunit_try_catch/227
[   38.216281] 
[   38.217768] CPU: 3 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   38.217823] Tainted: [B]=BAD_PAGE, [N]=TEST
[   38.217841] Hardware name: WinLink E850-96 board (DT)
[   38.217861] Call trace:
[   38.217877]  show_stack+0x20/0x38 (C)
[   38.217912]  dump_stack_lvl+0x8c/0xd0
[   38.217946]  print_report+0x118/0x5d0
[   38.217974]  kasan_report+0xdc/0x128
[   38.218001]  __asan_report_store1_noabort+0x20/0x30
[   38.218032]  kmalloc_large_oob_right+0x278/0x2b8
[   38.218063]  kunit_try_run_case+0x170/0x3f0
[   38.218093]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   38.218129]  kthread+0x328/0x630
[   38.218157]  ret_from_fork+0x10/0x20
[   38.218193] 
[   38.282343] The buggy address belongs to the physical page:
[   38.287899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885060
[   38.295883] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   38.303523] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   38.310465] page_type: f8(unknown)
[   38.313862] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   38.321581] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   38.329309] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   38.337119] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   38.344932] head: 0bfffe0000000002 fffffdffe0141801 00000000ffffffff 00000000ffffffff
[   38.352744] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   38.360551] page dumped because: kasan: bad access detected
[   38.366105] 
[   38.367581] Memory state around the buggy address:
[   38.372362]  ffff000805061f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   38.379564]  ffff000805061f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   38.386768] >ffff000805062000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   38.393969]                       ^
[   38.397445]  ffff000805062080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   38.404650]  ffff000805062100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   38.411853] ==================================================================

Metadata Full log Test run details

[   30.352015] ==================================================================
[   30.352134] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   30.352551] Write of size 1 at addr fff00000c92fe00a by task kunit_try_catch/178
[   30.352622] 
[   30.352690] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.353125] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.353161] Hardware name: linux,dummy-virt (DT)
[   30.353289] Call trace:
[   30.353510]  show_stack+0x20/0x38 (C)
[   30.353616]  dump_stack_lvl+0x8c/0xd0
[   30.353764]  print_report+0x118/0x5d0
[   30.353811]  kasan_report+0xdc/0x128
[   30.353853]  __asan_report_store1_noabort+0x20/0x30
[   30.353901]  kmalloc_large_oob_right+0x278/0x2b8
[   30.354364]  kunit_try_run_case+0x170/0x3f0
[   30.354488]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.354603]  kthread+0x328/0x630
[   30.354771]  ret_from_fork+0x10/0x20
[   30.354876] 
[   30.355113] The buggy address belongs to the physical page:
[   30.355197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1092fc
[   30.355496] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.355647] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.355744] page_type: f8(unknown)
[   30.355851] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.356143] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.356297] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.356378] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.356649] head: 0bfffe0000000002 ffffc1ffc324bf01 00000000ffffffff 00000000ffffffff
[   30.356816] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.356957] page dumped because: kasan: bad access detected
[   30.357197] 
[   30.357245] Memory state around the buggy address:
[   30.357415]  fff00000c92fdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.357719]  fff00000c92fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.357789] >fff00000c92fe000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.357852]                       ^
[   30.357937]  fff00000c92fe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.357995]  fff00000c92fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.358068] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSB6ZD0TprNwndx8osoZfzNbs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSB6ZD0TprNwndx8osoZfzNbs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/Image.gz
sha256sum	118b4ece9a238a43bf808c098cf2bf253d887d33e129eb81e3c965d23e20b8c5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/modules.tar.xz
sha256sum	01435f1d178968cd8186d4f9b9cf47e1273301cd5c54bfdff2cd2593d26e1adb

durations

tests

boot	0
kunit	165.28

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.577692] ==================================================================
[   23.578292] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330
[   23.578783] Write of size 1 at addr ffff88810493e00a by task kunit_try_catch/194
[   23.579578] 
[   23.579971] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.580031] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.580045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.580068] Call Trace:
[   23.580084]  <TASK>
[   23.580103]  dump_stack_lvl+0x73/0xb0
[   23.580139]  print_report+0xd1/0x610
[   23.580167]  ? __virt_addr_valid+0x1db/0x2d0
[   23.580198]  ? kmalloc_large_oob_right+0x2e9/0x330
[   23.580226]  ? kasan_addr_to_slab+0x11/0xa0
[   23.580252]  ? kmalloc_large_oob_right+0x2e9/0x330
[   23.580279]  kasan_report+0x141/0x180
[   23.580306]  ? kmalloc_large_oob_right+0x2e9/0x330
[   23.580340]  __asan_report_store1_noabort+0x1b/0x30
[   23.580369]  kmalloc_large_oob_right+0x2e9/0x330
[   23.580396]  ? __pfx_kmalloc_large_oob_right+0x10/0x10
[   23.580424]  ? __schedule+0x10cc/0x2b60
[   23.580451]  ? __pfx_read_tsc+0x10/0x10
[   23.580478]  ? ktime_get_ts64+0x86/0x230
[   23.580509]  kunit_try_run_case+0x1a5/0x480
[   23.580554]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.580663]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.580694]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.580722]  ? __kthread_parkme+0x82/0x180
[   23.580748]  ? preempt_count_sub+0x50/0x80
[   23.580778]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.580806]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.580837]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.580868]  kthread+0x337/0x6f0
[   23.580892]  ? trace_preempt_on+0x20/0xc0
[   23.580921]  ? __pfx_kthread+0x10/0x10
[   23.580947]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.580976]  ? calculate_sigpending+0x7b/0xa0
[   23.581005]  ? __pfx_kthread+0x10/0x10
[   23.581032]  ret_from_fork+0x116/0x1d0
[   23.581056]  ? __pfx_kthread+0x10/0x10
[   23.581081]  ret_from_fork_asm+0x1a/0x30
[   23.581122]  </TASK>
[   23.581134] 
[   23.592163] The buggy address belongs to the physical page:
[   23.592420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10493c
[   23.593041] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.593479] flags: 0x200000000000040(head|node=0|zone=2)
[   23.594122] page_type: f8(unknown)
[   23.594303] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.594748] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.595032] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.595389] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.595722] head: 0200000000000002 ffffea0004124f01 00000000ffffffff 00000000ffffffff
[   23.596116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.596864] page dumped because: kasan: bad access detected
[   23.597082] 
[   23.597167] Memory state around the buggy address:
[   23.597545]  ffff88810493df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.598063]  ffff88810493df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.598479] >ffff88810493e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.599146]                       ^
[   23.599301]  ffff88810493e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.599866]  ffff88810493e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.600222] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSCDmb4DEQtYONUdNKA0gDr4g

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSCDmb4DEQtYONUdNKA0gDr4g

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/bzImage
sha256sum	c1e74129e828139d1503e1b2906d7bf3cc50987150c7e120efde5dc3ba3dece2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/modules.tar.xz
sha256sum	c033def305798e90a1dd43392f34d6ac3a5642caf58a41fa7d2b499626275ec8

durations

tests

boot	0
kunit	244.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit