lkft/linux-stable-rc-linux-6.14.y - v6.14.6-198-g4f7f8fb4f8e3 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user

Date

May 12, 2025, 6:12 p.m.

Environment
qemu-x86_64

[   16.241871] ==================================================================
[   16.242477] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90
[   16.242832] Write of size 121 at addr ffff888102adde00 by task kunit_try_catch/293
[   16.243124] 
[   16.243686] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   16.243746] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.243760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.243786] Call Trace:
[   16.243804]  <TASK>
[   16.243829]  dump_stack_lvl+0x73/0xb0
[   16.243876]  print_report+0xd1/0x650
[   16.244019]  ? __virt_addr_valid+0x1db/0x2d0
[   16.244055]  ? _copy_from_user+0x32/0x90
[   16.244076]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.244103]  ? _copy_from_user+0x32/0x90
[   16.244123]  kasan_report+0x140/0x180
[   16.244146]  ? _copy_from_user+0x32/0x90
[   16.244171]  kasan_check_range+0x10c/0x1c0
[   16.244195]  __kasan_check_write+0x18/0x20
[   16.244220]  _copy_from_user+0x32/0x90
[   16.244242]  copy_user_test_oob+0x2bf/0x10f0
[   16.244269]  ? __pfx_copy_user_test_oob+0x10/0x10
[   16.244292]  ? finish_task_switch.isra.0+0x153/0x700
[   16.244319]  ? __switch_to+0x5d9/0xf60
[   16.244348]  ? __schedule+0xce8/0x2840
[   16.244376]  ? __pfx_read_tsc+0x10/0x10
[   16.244399]  ? ktime_get_ts64+0x86/0x230
[   16.244428]  kunit_try_run_case+0x1a6/0x480
[   16.244453]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.244476]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   16.244498]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.244524]  ? __kthread_parkme+0x82/0x160
[   16.244549]  ? preempt_count_sub+0x50/0x80
[   16.244573]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.244597]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.244625]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.244652]  kthread+0x324/0x6e0
[   16.244675]  ? trace_preempt_on+0x20/0xc0
[   16.244702]  ? __pfx_kthread+0x10/0x10
[   16.244725]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.244749]  ? calculate_sigpending+0x7b/0xa0
[   16.244773]  ? __pfx_kthread+0x10/0x10
[   16.244797]  ret_from_fork+0x41/0x80
[   16.244817]  ? __pfx_kthread+0x10/0x10
[   16.244852]  ret_from_fork_asm+0x1a/0x30
[   16.244885]  </TASK>
[   16.244899] 
[   16.254582] Allocated by task 293:
[   16.254780]  kasan_save_stack+0x45/0x70
[   16.255023]  kasan_save_track+0x18/0x40
[   16.255512]  kasan_save_alloc_info+0x3b/0x50
[   16.255729]  __kasan_kmalloc+0xb7/0xc0
[   16.256025]  __kmalloc_noprof+0x1ca/0x500
[   16.256246]  kunit_kmalloc_array+0x25/0x60
[   16.256440]  copy_user_test_oob+0xac/0x10f0
[   16.256628]  kunit_try_run_case+0x1a6/0x480
[   16.256822]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.257070]  kthread+0x324/0x6e0
[   16.257507]  ret_from_fork+0x41/0x80
[   16.257661]  ret_from_fork_asm+0x1a/0x30
[   16.258003] 
[   16.258122] The buggy address belongs to the object at ffff888102adde00
[   16.258122]  which belongs to the cache kmalloc-128 of size 128
[   16.258826] The buggy address is located 0 bytes inside of
[   16.258826]  allocated 120-byte region [ffff888102adde00, ffff888102adde78)
[   16.259449] 
[   16.259541] The buggy address belongs to the physical page:
[   16.259930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102add
[   16.260368] flags: 0x200000000000000(node=0|zone=2)
[   16.260646] page_type: f5(slab)
[   16.260817] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.261268] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.261643] page dumped because: kasan: bad access detected
[   16.261963] 
[   16.262044] Memory state around the buggy address:
[   16.262333]  ffff888102addd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.262773]  ffff888102addd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.263178] >ffff888102adde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.263536]                                                                 ^
[   16.263858]  ffff888102adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.264272]  ffff888102addf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.264544] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x0SPsCc3D4dL5Fs7f4y5KqWbP1

job_id

TEST:linaro@lkft#2x0SVwltlsrm2T0d5Ba3sftzBJV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x0SVwltlsrm2T0d5Ba3sftzBJV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SS2Hw3iq0iQlsLeAo2dcc2s8/bzImage
sha256sum	7bc2976d5bc54a2548ad80d58c51f55eeb790da9ccb30ecb5948e73bb43c003b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SS2Hw3iq0iQlsLeAo2dcc2s8/modules.tar.xz
sha256sum	64a9a8df2a58f3013b4dda0c48e7d525f20040a72fb28fa3604f8eafd96b0610

durations

tests

boot	0
kunit	240.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit