lkft/linux-stable-rc-linux-6.15.y - v6.15.1-35-g04e133874a24 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64

[   21.793318] ==================================================================
[   21.793520] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   21.793678] Read of size 1 at addr fff00000c57222ff by task kunit_try_catch/142
[   21.793802] 
[   21.793932] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   21.794176] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.794255] Hardware name: linux,dummy-virt (DT)
[   21.794415] Call trace:
[   21.794487]  show_stack+0x20/0x38 (C)
[   21.794586]  dump_stack_lvl+0x8c/0xd0
[   21.794669]  print_report+0x118/0x608
[   21.794722]  kasan_report+0xdc/0x128
[   21.794783]  __asan_report_load1_noabort+0x20/0x30
[   21.794927]  kmalloc_oob_left+0x2ec/0x320
[   21.795154]  kunit_try_run_case+0x170/0x3f0
[   21.795653]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.795789]  kthread+0x328/0x630
[   21.796026]  ret_from_fork+0x10/0x20
[   21.796317] 
[   21.796369] Allocated by task 24:
[   21.796448]  kasan_save_stack+0x3c/0x68
[   21.796530]  kasan_save_track+0x20/0x40
[   21.796604]  kasan_save_alloc_info+0x40/0x58
[   21.796689]  __kasan_kmalloc+0xd4/0xd8
[   21.796768]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   21.796873]  kvasprintf+0xe0/0x180
[   21.796952]  __kthread_create_on_node+0x16c/0x350
[   21.797045]  kthread_create_on_node+0xe4/0x130
[   21.797643]  create_worker+0x380/0x6b8
[   21.797843]  worker_thread+0x808/0xf38
[   21.798017]  kthread+0x328/0x630
[   21.798155]  ret_from_fork+0x10/0x20
[   21.798300] 
[   21.798472] The buggy address belongs to the object at fff00000c57222e0
[   21.798472]  which belongs to the cache kmalloc-16 of size 16
[   21.799071] The buggy address is located 19 bytes to the right of
[   21.799071]  allocated 12-byte region [fff00000c57222e0, fff00000c57222ec)
[   21.799314] 
[   21.799411] The buggy address belongs to the physical page:
[   21.799533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105722
[   21.799716] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   21.799824] page_type: f5(slab)
[   21.800134] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   21.800252] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   21.800340] page dumped because: kasan: bad access detected
[   21.800446] 
[   21.800503] Memory state around the buggy address:
[   21.800584]  fff00000c5722180: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 05 fc fc
[   21.800701]  fff00000c5722200: fa fb fc fc 00 02 fc fc fa fb fc fc fa fb fc fc
[   21.800846] >fff00000c5722280: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   21.800959]                                                                 ^
[   21.801161]  fff00000c5722300: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.801361]  fff00000c5722380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.801511] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0l1lM4PPUPWLjAP2OyhEuEu2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0l1lM4PPUPWLjAP2OyhEuEu2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/Image.gz
sha256sum	1b531226140e142190e4cd0e4f3862050b0e2c45e059974a53d69b2b25304bf8

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/modules.tar.xz
sha256sum	96aed9ab36b698bb4c9bf06650847db2adf83170cdf96c9ed9e744a15d7b27ec

durations

tests

boot	0
kunit	362.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.788335] ==================================================================
[   12.788818] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   12.789356] Read of size 1 at addr ffff8881026ac8df by task kunit_try_catch/158
[   12.789592] 
[   12.789723] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   12.789804] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.789825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.789861] Call Trace:
[   12.789886]  <TASK>
[   12.789917]  dump_stack_lvl+0x73/0xb0
[   12.789966]  print_report+0xd1/0x650
[   12.790005]  ? __virt_addr_valid+0x1db/0x2d0
[   12.790042]  ? kmalloc_oob_left+0x361/0x3c0
[   12.790078]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.790117]  ? kmalloc_oob_left+0x361/0x3c0
[   12.790156]  kasan_report+0x141/0x180
[   12.790188]  ? kmalloc_oob_left+0x361/0x3c0
[   12.790232]  __asan_report_load1_noabort+0x18/0x20
[   12.790272]  kmalloc_oob_left+0x361/0x3c0
[   12.790309]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   12.790348]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   12.790387]  kunit_try_run_case+0x1a5/0x480
[   12.790427]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.790463]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.790507]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.790545]  ? __kthread_parkme+0x82/0x180
[   12.790645]  ? preempt_count_sub+0x50/0x80
[   12.790690]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.790730]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.790771]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.790811]  kthread+0x337/0x6f0
[   12.790842]  ? trace_preempt_on+0x20/0xc0
[   12.790887]  ? __pfx_kthread+0x10/0x10
[   12.790919]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.790958]  ? calculate_sigpending+0x7b/0xa0
[   12.790997]  ? __pfx_kthread+0x10/0x10
[   12.791030]  ret_from_fork+0x41/0x80
[   12.791069]  ? __pfx_kthread+0x10/0x10
[   12.791100]  ret_from_fork_asm+0x1a/0x30
[   12.791168]  </TASK>
[   12.791196] 
[   12.799673] Allocated by task 45:
[   12.800015]  kasan_save_stack+0x45/0x70
[   12.800379]  kasan_save_track+0x18/0x40
[   12.800570]  kasan_save_alloc_info+0x3b/0x50
[   12.800860]  __kasan_kmalloc+0xb7/0xc0
[   12.801275]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   12.801720]  kvasprintf+0xc5/0x150
[   12.801975]  __kthread_create_on_node+0x18b/0x3a0
[   12.802304]  kthread_create_on_node+0xab/0xe0
[   12.802492]  create_worker+0x3e5/0x7b0
[   12.802657]  worker_thread+0x992/0x1220
[   12.802842]  kthread+0x337/0x6f0
[   12.803159]  ret_from_fork+0x41/0x80
[   12.803475]  ret_from_fork_asm+0x1a/0x30
[   12.803769] 
[   12.804000] The buggy address belongs to the object at ffff8881026ac8c0
[   12.804000]  which belongs to the cache kmalloc-16 of size 16
[   12.804534] The buggy address is located 19 bytes to the right of
[   12.804534]  allocated 12-byte region [ffff8881026ac8c0, ffff8881026ac8cc)
[   12.805050] 
[   12.805321] The buggy address belongs to the physical page:
[   12.805586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ac
[   12.806051] flags: 0x200000000000000(node=0|zone=2)
[   12.806441] page_type: f5(slab)
[   12.806716] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.807239] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.807834] page dumped because: kasan: bad access detected
[   12.808041] 
[   12.808162] Memory state around the buggy address:
[   12.808399]  ffff8881026ac780: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc
[   12.808671]  ffff8881026ac800: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc
[   12.809144] >ffff8881026ac880: fa fb fc fc fa fb fc fc 00 04 fc fc 00 07 fc fc
[   12.809514]                                                     ^
[   12.809740]  ffff8881026ac900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.810392]  ffff8881026ac980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.810991] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0mjaDXA0CwqutKjQjRIFyOIe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0mjaDXA0CwqutKjQjRIFyOIe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/bzImage
sha256sum	47ba1de281267f956a3a48f9181f4c477feef4bcb70a0c3d7e92edaf4b0c05cf

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/modules.tar.xz
sha256sum	8e7e333ca033c5e02b3a17a5149fd9967683e83e27203dc8ee3885518ea01f50

durations

tests

boot	0
kunit	394.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit