lkft/linux-stable-rc-linux-6.15.y - v6.15-50-g86677b94d603 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right

Date

June 2, 2025, 2:11 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   19.090022] ==================================================================
[   19.099585] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   19.107048] Write of size 1 at addr ffff0008031fa00a by task kunit_try_catch/193
[   19.114421] 
[   19.115907] CPU: 5 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   19.115958] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.115974] Hardware name: WinLink E850-96 board (DT)
[   19.115995] Call trace:
[   19.116007]  show_stack+0x20/0x38 (C)
[   19.116040]  dump_stack_lvl+0x8c/0xd0
[   19.116076]  print_report+0x118/0x608
[   19.116107]  kasan_report+0xdc/0x128
[   19.116135]  __asan_report_store1_noabort+0x20/0x30
[   19.116169]  kmalloc_large_oob_right+0x278/0x2b8
[   19.116203]  kunit_try_run_case+0x170/0x3f0
[   19.116238]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.116276]  kthread+0x328/0x630
[   19.116312]  ret_from_fork+0x10/0x20
[   19.116346] 
[   19.179267] The buggy address belongs to the physical page:
[   19.184824] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8831f8
[   19.192809] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.200448] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.207390] page_type: f8(unknown)
[   19.210785] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.218506] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.226232] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.234043] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.241857] head: 0bfffe0000000002 fffffdffe00c7e01 00000000ffffffff 00000000ffffffff
[   19.249669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.257475] page dumped because: kasan: bad access detected
[   19.263031] 
[   19.264507] Memory state around the buggy address:
[   19.269286]  ffff0008031f9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.276488]  ffff0008031f9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.283693] >ffff0008031fa000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.290894]                       ^
[   19.294370]  ffff0008031fa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.301575]  ffff0008031fa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.308777] ==================================================================

Metadata Full log Test run details

[   17.416223] ==================================================================
[   17.416296] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8
[   17.416401] Write of size 1 at addr fff00000c65a200a by task kunit_try_catch/149
[   17.416450] 
[   17.416485] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   17.416567] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.416592] Hardware name: linux,dummy-virt (DT)
[   17.416623] Call trace:
[   17.416647]  show_stack+0x20/0x38 (C)
[   17.416698]  dump_stack_lvl+0x8c/0xd0
[   17.416746]  print_report+0x118/0x608
[   17.416791]  kasan_report+0xdc/0x128
[   17.416834]  __asan_report_store1_noabort+0x20/0x30
[   17.416884]  kmalloc_large_oob_right+0x278/0x2b8
[   17.416935]  kunit_try_run_case+0x170/0x3f0
[   17.416983]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.417037]  kthread+0x328/0x630
[   17.417083]  ret_from_fork+0x10/0x20
[   17.417132] 
[   17.417164] The buggy address belongs to the physical page:
[   17.420861] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   17.420933] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.420983] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.421053] page_type: f8(unknown)
[   17.421097] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.421151] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.421199] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.421246] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.421294] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   17.421340] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.421389] page dumped because: kasan: bad access detected
[   17.421420] 
[   17.421438] Memory state around the buggy address:
[   17.422535]  fff00000c65a1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.422584]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.422626] >fff00000c65a2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.422662]                       ^
[   17.422693]  fff00000c65a2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.422733]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.422770] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxImRmF075dm0nsBZ5X666mMHe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxImRmF075dm0nsBZ5X666mMHe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/Image.gz
sha256sum	b9a9fd4a9b1eed9b2355eb855fcee61950b1feb6d9174198b03424c9d229f427

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/modules.tar.xz
sha256sum	369c25ed9d51a74f47b283fc088bebcc674124ca3658d6e259bf0d14f2ebcf1f

durations

tests

boot	0
kunit	197.32

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.743424] ==================================================================
[   15.743946] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330
[   15.744553] Write of size 1 at addr ffff888102a8200a by task kunit_try_catch/167
[   15.745087] 
[   15.745302] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   15.745405] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.745432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.745480] Call Trace:
[   15.745510]  <TASK>
[   15.745547]  dump_stack_lvl+0x73/0xb0
[   15.745876]  print_report+0xd1/0x650
[   15.745929]  ? __virt_addr_valid+0x1db/0x2d0
[   15.745982]  ? kmalloc_large_oob_right+0x2e9/0x330
[   15.746034]  ? kasan_addr_to_slab+0x11/0xa0
[   15.746076]  ? kmalloc_large_oob_right+0x2e9/0x330
[   15.746120]  kasan_report+0x141/0x180
[   15.746163]  ? kmalloc_large_oob_right+0x2e9/0x330
[   15.746217]  __asan_report_store1_noabort+0x1b/0x30
[   15.746254]  kmalloc_large_oob_right+0x2e9/0x330
[   15.746294]  ? __pfx_kmalloc_large_oob_right+0x10/0x10
[   15.746332]  ? __schedule+0x10cc/0x2b30
[   15.746368]  ? __pfx_read_tsc+0x10/0x10
[   15.746402]  ? ktime_get_ts64+0x86/0x230
[   15.746445]  kunit_try_run_case+0x1a5/0x480
[   15.746483]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.746516]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.746682]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.746722]  ? __kthread_parkme+0x82/0x180
[   15.746776]  ? preempt_count_sub+0x50/0x80
[   15.746821]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.746862]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.746905]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.746946]  kthread+0x337/0x6f0
[   15.746976]  ? trace_preempt_on+0x20/0xc0
[   15.747017]  ? __pfx_kthread+0x10/0x10
[   15.747050]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.747092]  ? calculate_sigpending+0x7b/0xa0
[   15.747136]  ? __pfx_kthread+0x10/0x10
[   15.747170]  ret_from_fork+0x41/0x80
[   15.747209]  ? __pfx_kthread+0x10/0x10
[   15.747250]  ret_from_fork_asm+0x1a/0x30
[   15.747306]  </TASK>
[   15.747328] 
[   15.761740] The buggy address belongs to the physical page:
[   15.762543] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a80
[   15.763455] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.763989] flags: 0x200000000000040(head|node=0|zone=2)
[   15.764459] page_type: f8(unknown)
[   15.764806] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.765703] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.766295] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.766733] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.766981] head: 0200000000000002 ffffea00040aa001 00000000ffffffff 00000000ffffffff
[   15.767893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.768797] page dumped because: kasan: bad access detected
[   15.769101] 
[   15.769223] Memory state around the buggy address:
[   15.769712]  ffff888102a81f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.770789]  ffff888102a81f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.771210] >ffff888102a82000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.771674]                       ^
[   15.771941]  ffff888102a82080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.772268]  ffff888102a82100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.772742] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxInfPddVDXGngffC9JR7X5Cmc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxInfPddVDXGngffC9JR7X5Cmc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/bzImage
sha256sum	fa931e11017c8ca987af58467ceac4cfbdb749e86f43584874b54f325b4fc4f3

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/modules.tar.xz
sha256sum	7c34359c003080a3ab3b531ece9044002fd87f98de8d7cd8150985fcf69c24ac

durations

tests

boot	0
kunit	459.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit