lkft/linux-next-master - next-20250725 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset

Date

July 25, 2025, 3:13 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.382463] ==================================================================
[   32.382520] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0
[   32.382571] Write of size 128 at addr fff00000c9726400 by task kunit_try_catch/202
[   32.382633] 
[   32.382679] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   32.382765] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.382794] Hardware name: linux,dummy-virt (DT)
[   32.382833] Call trace:
[   32.382856]  show_stack+0x20/0x38 (C)
[   32.382901]  dump_stack_lvl+0x8c/0xd0
[   32.382946]  print_report+0x118/0x5e8
[   32.382988]  kasan_report+0xdc/0x128
[   32.383030]  kasan_check_range+0x100/0x1a8
[   32.383109]  __asan_memset+0x34/0x78
[   32.383153]  kmalloc_oob_in_memset+0x144/0x2d0
[   32.383535]  kunit_try_run_case+0x170/0x3f0
[   32.383718]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.383813]  kthread+0x328/0x630
[   32.383910]  ret_from_fork+0x10/0x20
[   32.384051] 
[   32.384089] Allocated by task 202:
[   32.384117]  kasan_save_stack+0x3c/0x68
[   32.384155]  kasan_save_track+0x20/0x40
[   32.384190]  kasan_save_alloc_info+0x40/0x58
[   32.384364]  __kasan_kmalloc+0xd4/0xd8
[   32.384470]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.384579]  kmalloc_oob_in_memset+0xb0/0x2d0
[   32.384733]  kunit_try_run_case+0x170/0x3f0
[   32.384800]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.384864]  kthread+0x328/0x630
[   32.384941]  ret_from_fork+0x10/0x20
[   32.384977] 
[   32.384997] The buggy address belongs to the object at fff00000c9726400
[   32.384997]  which belongs to the cache kmalloc-128 of size 128
[   32.385108] The buggy address is located 0 bytes inside of
[   32.385108]  allocated 120-byte region [fff00000c9726400, fff00000c9726478)
[   32.385240] 
[   32.385298] The buggy address belongs to the physical page:
[   32.385446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109726
[   32.385588] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.385634] page_type: f5(slab)
[   32.385711] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.385771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.385808] page dumped because: kasan: bad access detected
[   32.385837] 
[   32.385890] Memory state around the buggy address:
[   32.386087]  fff00000c9726300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.386194]  fff00000c9726380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.386309] >fff00000c9726400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.386406]                                                                 ^
[   32.386446]  fff00000c9726480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.386506]  fff00000c9726500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.386637] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30LiGXj2ae9l37rDh9ES2ygGLcy

job_id

TEST:linaro@lkft#30LiLIPqWNQvRNRqDtBDxUwGxZz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30LiLIPqWNQvRNRqDtBDxUwGxZz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiHjVcRKNbgRBrU4jkvDoxC50/Image.gz
sha256sum	1f162015f4a75f9e6216abaa8065e831691a375e1ff18255465960f4188e179e

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/arm64/rootfs.ext4.xz
sha256sum	4416595f610fe19a3fb374a6dd0942354bf27ddb827c7f1e8e5524ec95492466

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiHjVcRKNbgRBrU4jkvDoxC50/modules.tar.xz
sha256sum	874d5b7c11e52abbdf6f386f72a342d5a69f5ce0dd54af8193144a32e6d2a204

durations

tests

boot	0
kunit	181.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   25.775451] ==================================================================
[   25.775837] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320
[   25.776240] Write of size 128 at addr ffff888105800200 by task kunit_try_catch/219
[   25.776486] 
[   25.776566] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   25.776611] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.776623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.776643] Call Trace:
[   25.776655]  <TASK>
[   25.776670]  dump_stack_lvl+0x73/0xb0
[   25.776698]  print_report+0xd1/0x640
[   25.776721]  ? __virt_addr_valid+0x1db/0x2d0
[   25.776744]  ? kmalloc_oob_in_memset+0x15f/0x320
[   25.776766]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.776916]  ? kmalloc_oob_in_memset+0x15f/0x320
[   25.776982]  kasan_report+0x141/0x180
[   25.777005]  ? kmalloc_oob_in_memset+0x15f/0x320
[   25.777032]  kasan_check_range+0x10c/0x1c0
[   25.777056]  __asan_memset+0x27/0x50
[   25.777080]  kmalloc_oob_in_memset+0x15f/0x320
[   25.777103]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   25.777131]  ? __schedule+0x10da/0x2b60
[   25.777152]  ? __pfx_read_tsc+0x10/0x10
[   25.777174]  ? ktime_get_ts64+0x86/0x230
[   25.777198]  kunit_try_run_case+0x1a5/0x480
[   25.777223]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.777278]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.777300]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.777326]  ? __kthread_parkme+0x82/0x180
[   25.777380]  ? preempt_count_sub+0x50/0x80
[   25.777438]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.777463]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.777487]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.777511]  kthread+0x337/0x6f0
[   25.777532]  ? trace_preempt_on+0x20/0xc0
[   25.777555]  ? __pfx_kthread+0x10/0x10
[   25.777576]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.777601]  ? calculate_sigpending+0x7b/0xa0
[   25.777624]  ? __pfx_kthread+0x10/0x10
[   25.777646]  ret_from_fork+0x116/0x1d0
[   25.777665]  ? __pfx_kthread+0x10/0x10
[   25.777686]  ret_from_fork_asm+0x1a/0x30
[   25.777717]  </TASK>
[   25.777728] 
[   25.792420] Allocated by task 219:
[   25.792654]  kasan_save_stack+0x45/0x70
[   25.793165]  kasan_save_track+0x18/0x40
[   25.793384]  kasan_save_alloc_info+0x3b/0x50
[   25.793536]  __kasan_kmalloc+0xb7/0xc0
[   25.793667]  __kmalloc_cache_noprof+0x189/0x420
[   25.793992]  kmalloc_oob_in_memset+0xac/0x320
[   25.794496]  kunit_try_run_case+0x1a5/0x480
[   25.794911]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.795507]  kthread+0x337/0x6f0
[   25.795909]  ret_from_fork+0x116/0x1d0
[   25.796362]  ret_from_fork_asm+0x1a/0x30
[   25.796816] 
[   25.796990] The buggy address belongs to the object at ffff888105800200
[   25.796990]  which belongs to the cache kmalloc-128 of size 128
[   25.797809] The buggy address is located 0 bytes inside of
[   25.797809]  allocated 120-byte region [ffff888105800200, ffff888105800278)
[   25.798560] 
[   25.798761] The buggy address belongs to the physical page:
[   25.799381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800
[   25.800148] flags: 0x200000000000000(node=0|zone=2)
[   25.800656] page_type: f5(slab)
[   25.800991] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.802097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.802486] page dumped because: kasan: bad access detected
[   25.803073] 
[   25.803234] Memory state around the buggy address:
[   25.803687]  ffff888105800100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.803920]  ffff888105800180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.804488] >ffff888105800200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   25.805252]                                                                 ^
[   25.805970]  ffff888105800280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.806682]  ffff888105800300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.807264] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30LiGXj2ae9l37rDh9ES2ygGLcy

job_id

TEST:linaro@lkft#30LiMSmAFBIdZSnFjQilSiHXbFX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30LiMSmAFBIdZSnFjQilSiHXbFX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiIkEIWzwcOizdgCfJhHvoQ2t/bzImage
sha256sum	cb04a09100e7bb1b25ec1cd9eb8a6652066b7b698c4172d9166a486dc8b0154b

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/amd64/rootfs.ext4.xz
sha256sum	f011d4ee6daca8ff6eb107b3ab1eb085d1f77f9019361779f04403719dd7a135

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiIkEIWzwcOizdgCfJhHvoQ2t/modules.tar.xz
sha256sum	3b07c3dc3b89c919b40bced1758d16b0994c9e96155d8408ee1a634b63ef2280

durations

tests

boot	0
kunit	227.73

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit