lkft/linux-next-master - next-20250722 - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob

Date

July 22, 2025, 5:13 a.m.

Environment
qemu-arm64

[   33.372870] ==================================================================
[   33.372941] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0
[   33.373149] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/300
[   33.373477] 
[   33.373587] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   33.373730] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   33.373843] Hardware name: linux,dummy-virt (DT)
[   33.373914] Call trace:
[   33.373940]  show_stack+0x20/0x38 (C)
[   33.374190]  dump_stack_lvl+0x8c/0xd0
[   33.374304]  print_report+0x310/0x5e8
[   33.374408]  kasan_report+0xdc/0x128
[   33.374494]  __asan_report_load1_noabort+0x20/0x30
[   33.374598]  vmalloc_oob+0x578/0x5d0
[   33.374689]  kunit_try_run_case+0x170/0x3f0
[   33.374740]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.374995]  kthread+0x328/0x630
[   33.375120]  ret_from_fork+0x10/0x20
[   33.375205] 
[   33.375249] The buggy address belongs to a 1-page vmalloc region starting at 0xffff8000800fe000 allocated at vmalloc_oob+0x98/0x5d0
[   33.375626] The buggy address belongs to the physical page:
[   33.375703] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095ea
[   33.375838] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.375991] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   33.376054] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.376098] page dumped because: kasan: bad access detected
[   33.376273] 
[   33.376413] Memory state around the buggy address:
[   33.376503]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.376576]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.376966] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   33.377065]                                                              ^
[   33.377157]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.377257]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.377347] ==================================================================
[   33.377985] ==================================================================
[   33.378035] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0
[   33.378087] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/300
[   33.378138] 
[   33.378175] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   33.378265] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   33.378305] Hardware name: linux,dummy-virt (DT)
[   33.378338] Call trace:
[   33.378361]  show_stack+0x20/0x38 (C)
[   33.378426]  dump_stack_lvl+0x8c/0xd0
[   33.378473]  print_report+0x310/0x5e8
[   33.378519]  kasan_report+0xdc/0x128
[   33.378562]  __asan_report_load1_noabort+0x20/0x30
[   33.378612]  vmalloc_oob+0x51c/0x5d0
[   33.378659]  kunit_try_run_case+0x170/0x3f0
[   33.378706]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.378759]  kthread+0x328/0x630
[   33.378810]  ret_from_fork+0x10/0x20
[   33.378882] 
[   33.378912] The buggy address belongs to a 1-page vmalloc region starting at 0xffff8000800fe000 allocated at vmalloc_oob+0x98/0x5d0
[   33.379000] The buggy address belongs to the physical page:
[   33.379043] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1095ea
[   33.379100] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.379161] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   33.379213] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.379255] page dumped because: kasan: bad access detected
[   33.379287] 
[   33.379316] Memory state around the buggy address:
[   33.379350]  ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.379395]  ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.379440] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
[   33.379480]                                                                 ^
[   33.379522]  ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.379566]  ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   33.379606] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30DTUf0OK0VH9qRRuXmJxNbWT3c

job_id

TEST:linaro@lkft#30DTZX2OzvYa7G43GSjb9LZqhSf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30DTZX2OzvYa7G43GSjb9LZqhSf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/Image.gz
sha256sum	d1cc5806bf2ddfbb3802a0a4fd0f8138bf5c842af834ddb398ed867c7a51e5d1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/modules.tar.xz
sha256sum	452c7cc5a7d7fdc2801beb99bb9725c2d2534c879c8c3f4ae12898cd8ccb0426

durations

tests

boot	0
kunit	164.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit