lkft/linux-next-master - next-20250717 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2

Date

July 17, 2025, 10:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.566166] ==================================================================
[   29.566538] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8
[   29.566622] Write of size 2 at addr fff00000c59f9f77 by task kunit_try_catch/203
[   29.566671] 
[   29.566706] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.567045] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.567165] Hardware name: linux,dummy-virt (DT)
[   29.567223] Call trace:
[   29.567249]  show_stack+0x20/0x38 (C)
[   29.567386]  dump_stack_lvl+0x8c/0xd0
[   29.567456]  print_report+0x118/0x5d0
[   29.567506]  kasan_report+0xdc/0x128
[   29.567771]  kasan_check_range+0x100/0x1a8
[   29.567848]  __asan_memset+0x34/0x78
[   29.567967]  kmalloc_oob_memset_2+0x150/0x2f8
[   29.568039]  kunit_try_run_case+0x170/0x3f0
[   29.568165]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.568219]  kthread+0x328/0x630
[   29.568475]  ret_from_fork+0x10/0x20
[   29.568721] 
[   29.568779] Allocated by task 203:
[   29.568902]  kasan_save_stack+0x3c/0x68
[   29.569023]  kasan_save_track+0x20/0x40
[   29.569350]  kasan_save_alloc_info+0x40/0x58
[   29.569452]  __kasan_kmalloc+0xd4/0xd8
[   29.569579]  __kmalloc_cache_noprof+0x16c/0x3c0
[   29.569705]  kmalloc_oob_memset_2+0xb0/0x2f8
[   29.569825]  kunit_try_run_case+0x170/0x3f0
[   29.570013]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.570079]  kthread+0x328/0x630
[   29.570118]  ret_from_fork+0x10/0x20
[   29.570260] 
[   29.570335] The buggy address belongs to the object at fff00000c59f9f00
[   29.570335]  which belongs to the cache kmalloc-128 of size 128
[   29.570668] The buggy address is located 119 bytes inside of
[   29.570668]  allocated 120-byte region [fff00000c59f9f00, fff00000c59f9f78)
[   29.570835] 
[   29.570903] The buggy address belongs to the physical page:
[   29.570995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059f9
[   29.571083] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   29.571304] page_type: f5(slab)
[   29.571484] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122
[   29.571679] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.571790] page dumped because: kasan: bad access detected
[   29.571849] 
[   29.571868] Memory state around the buggy address:
[   29.571910]  fff00000c59f9e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.571951]  fff00000c59f9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.572013] >fff00000c59f9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   29.572049]                                                                 ^
[   29.572107]  fff00000c59f9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.572148]  fff00000c59fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.572184] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwI23tpQTBG8fCn9UxRxbb3tr

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwI23tpQTBG8fCn9UxRxbb3tr

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/Image.gz
sha256sum	96fb88d4d7e7c3e6152876915e22498e21d41ed7aff45eb77676039904c4d08c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/modules.tar.xz
sha256sum	dcc013962c933691dd3d8528b3dca35a1d1690294b48c5891b1bcdd298eff6aa

durations

tests

boot	0
kunit	174.13

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.757844] ==================================================================
[   25.758448] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330
[   25.758763] Write of size 2 at addr ffff888105f2fb77 by task kunit_try_catch/221
[   25.759019] 
[   25.759127] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.759173] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.759185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.759204] Call Trace:
[   25.759216]  <TASK>
[   25.759229]  dump_stack_lvl+0x73/0xb0
[   25.759311]  print_report+0xd1/0x610
[   25.759333]  ? __virt_addr_valid+0x1db/0x2d0
[   25.759355]  ? kmalloc_oob_memset_2+0x166/0x330
[   25.759375]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.759400]  ? kmalloc_oob_memset_2+0x166/0x330
[   25.759421]  kasan_report+0x141/0x180
[   25.759442]  ? kmalloc_oob_memset_2+0x166/0x330
[   25.759467]  kasan_check_range+0x10c/0x1c0
[   25.759489]  __asan_memset+0x27/0x50
[   25.759512]  kmalloc_oob_memset_2+0x166/0x330
[   25.759534]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   25.759556]  ? __schedule+0x10c6/0x2b60
[   25.759578]  ? __pfx_read_tsc+0x10/0x10
[   25.759598]  ? ktime_get_ts64+0x86/0x230
[   25.759621]  kunit_try_run_case+0x1a5/0x480
[   25.759643]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.759664]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.759686]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.759708]  ? __kthread_parkme+0x82/0x180
[   25.759731]  ? preempt_count_sub+0x50/0x80
[   25.759753]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.759776]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.759797]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.759819]  kthread+0x337/0x6f0
[   25.759837]  ? trace_preempt_on+0x20/0xc0
[   25.759860]  ? __pfx_kthread+0x10/0x10
[   25.759879]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.759899]  ? calculate_sigpending+0x7b/0xa0
[   25.759921]  ? __pfx_kthread+0x10/0x10
[   25.759941]  ret_from_fork+0x116/0x1d0
[   25.759959]  ? __pfx_kthread+0x10/0x10
[   25.759979]  ret_from_fork_asm+0x1a/0x30
[   25.760009]  </TASK>
[   25.760019] 
[   25.766407] Allocated by task 221:
[   25.766648]  kasan_save_stack+0x45/0x70
[   25.766791]  kasan_save_track+0x18/0x40
[   25.766919]  kasan_save_alloc_info+0x3b/0x50
[   25.767058]  __kasan_kmalloc+0xb7/0xc0
[   25.767190]  __kmalloc_cache_noprof+0x189/0x420
[   25.769385]  kmalloc_oob_memset_2+0xac/0x330
[   25.769623]  kunit_try_run_case+0x1a5/0x480
[   25.769838]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.770013]  kthread+0x337/0x6f0
[   25.770142]  ret_from_fork+0x116/0x1d0
[   25.770498]  ret_from_fork_asm+0x1a/0x30
[   25.770707] 
[   25.770799] The buggy address belongs to the object at ffff888105f2fb00
[   25.770799]  which belongs to the cache kmalloc-128 of size 128
[   25.771257] The buggy address is located 119 bytes inside of
[   25.771257]  allocated 120-byte region [ffff888105f2fb00, ffff888105f2fb78)
[   25.771701] 
[   25.771772] The buggy address belongs to the physical page:
[   25.771936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f2f
[   25.772274] flags: 0x200000000000000(node=0|zone=2)
[   25.772959] page_type: f5(slab)
[   25.773154] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.773525] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.773733] page dumped because: kasan: bad access detected
[   25.775283] 
[   25.775359] Memory state around the buggy address:
[   25.775507]  ffff888105f2fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.775708]  ffff888105f2fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.775907] >ffff888105f2fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   25.776287]                                                                 ^
[   25.776508]  ffff888105f2fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.776763]  ffff888105f2fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.777066] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwJ32YYH3rsbvUvNRbDDLdWs9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwJ32YYH3rsbvUvNRbDDLdWs9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/bzImage
sha256sum	07a1e7c475fbe0d7581a28da7be9cafbb328e6becefa6ecbfcd42fdce3b22356

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/modules.tar.xz
sha256sum	651adbeb72ad9ee19188d99d2b877df4dd037d2a48b86a8a968b1eb4c3477806

durations

tests

boot	0
kunit	236.22

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit