lkft/linux-stable-rc-linux-6.15.y - v6.15.3-593-gde19bfa00d6f - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left

Date

June 23, 2025, 1:39 p.m.

Environment
qemu-arm64
qemu-x86_64

[   23.923731] ==================================================================
[   23.923871] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   23.924006] Read of size 1 at addr fff00000c5e9dd1f by task kunit_try_catch/140
[   23.924121] 
[   23.924203] CPU: 0 UID: 0 PID: 140 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   23.924413] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.924479] Hardware name: linux,dummy-virt (DT)
[   23.924553] Call trace:
[   23.924609]  show_stack+0x20/0x38 (C)
[   23.924830]  dump_stack_lvl+0x8c/0xd0
[   23.924964]  print_report+0x118/0x608
[   23.925110]  kasan_report+0xdc/0x128
[   23.925240]  __asan_report_load1_noabort+0x20/0x30
[   23.926581]  kmalloc_oob_left+0x2ec/0x320
[   23.926743]  kunit_try_run_case+0x170/0x3f0
[   23.926811]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.926876]  kthread+0x328/0x630
[   23.927029]  ret_from_fork+0x10/0x20
[   23.927153] 
[   23.927198] Allocated by task 9:
[   23.927269]  kasan_save_stack+0x3c/0x68
[   23.927366]  kasan_save_track+0x20/0x40
[   23.927545]  kasan_save_alloc_info+0x40/0x58
[   23.927694]  __kasan_kmalloc+0xd4/0xd8
[   23.927790]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   23.927935]  kvasprintf+0xe0/0x180
[   23.928124]  __kthread_create_on_node+0x16c/0x350
[   23.928234]  kthread_create_on_node+0xe4/0x130
[   23.928435]  create_worker+0x380/0x6b8
[   23.928669]  worker_thread+0x808/0xf38
[   23.928914]  kthread+0x328/0x630
[   23.929066]  ret_from_fork+0x10/0x20
[   23.929233] 
[   23.929318] The buggy address belongs to the object at fff00000c5e9dd00
[   23.929318]  which belongs to the cache kmalloc-16 of size 16
[   23.929550] The buggy address is located 19 bytes to the right of
[   23.929550]  allocated 12-byte region [fff00000c5e9dd00, fff00000c5e9dd0c)
[   23.929714] 
[   23.929854] The buggy address belongs to the physical page:
[   23.930007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e9d
[   23.930197] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   23.930706] page_type: f5(slab)
[   23.930822] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   23.930955] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   23.932269] page dumped because: kasan: bad access detected
[   23.932352] 
[   23.932449] Memory state around the buggy address:
[   23.932536]  fff00000c5e9dc00: 00 05 fc fc fa fb fc fc 00 02 fc fc fa fb fc fc
[   23.932647]  fff00000c5e9dc80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   23.932753] >fff00000c5e9dd00: 00 04 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc
[   23.932844]                             ^
[   23.932950]  fff00000c5e9dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.933104]  fff00000c5e9de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.933374] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYT6Pinx8XSymaWNp6cpzl3Cl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYT6Pinx8XSymaWNp6cpzl3Cl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/Image.gz
sha256sum	57e05c75085917e237c36a1c6300a885b5a4018f7a22df0831ee3761434117fe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/modules.tar.xz
sha256sum	08df30bc44d3238a22959b8095bcf790b77fb8886fd1b3a26e269eaac34e9502

durations

tests

boot	0
kunit	345.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.925332] ==================================================================
[   15.926367] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   15.926963] Read of size 1 at addr ffff88810217521f by task kunit_try_catch/159
[   15.927942] 
[   15.928445] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   15.928568] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.928743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.928847] Call Trace:
[   15.928889]  <TASK>
[   15.928951]  dump_stack_lvl+0x73/0xb0
[   15.929031]  print_report+0xd1/0x650
[   15.929091]  ? __virt_addr_valid+0x1db/0x2d0
[   15.929127]  ? kmalloc_oob_left+0x361/0x3c0
[   15.929158]  ? kasan_complete_mode_report_info+0x2a/0x200
[   15.929191]  ? kmalloc_oob_left+0x361/0x3c0
[   15.929235]  kasan_report+0x141/0x180
[   15.929288]  ? kmalloc_oob_left+0x361/0x3c0
[   15.929328]  __asan_report_load1_noabort+0x18/0x20
[   15.929357]  kmalloc_oob_left+0x361/0x3c0
[   15.929389]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   15.929420]  ? __schedule+0x10cc/0x2b60
[   15.929453]  ? __pfx_read_tsc+0x10/0x10
[   15.929480]  ? ktime_get_ts64+0x86/0x230
[   15.929516]  kunit_try_run_case+0x1a5/0x480
[   15.929552]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.929585]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.929673]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.929766]  ? __kthread_parkme+0x82/0x180
[   15.929845]  ? preempt_count_sub+0x50/0x80
[   15.929920]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.929958]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.929992]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.930025]  kthread+0x337/0x6f0
[   15.930048]  ? trace_preempt_on+0x20/0xc0
[   15.930082]  ? __pfx_kthread+0x10/0x10
[   15.930106]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.930136]  ? calculate_sigpending+0x7b/0xa0
[   15.930166]  ? __pfx_kthread+0x10/0x10
[   15.930189]  ret_from_fork+0x41/0x80
[   15.930230]  ? __pfx_kthread+0x10/0x10
[   15.930276]  ret_from_fork_asm+0x1a/0x30
[   15.930320]  </TASK>
[   15.930334] 
[   15.949002] Allocated by task 24:
[   15.949554]  kasan_save_stack+0x45/0x70
[   15.950437]  kasan_save_track+0x18/0x40
[   15.951139]  kasan_save_alloc_info+0x3b/0x50
[   15.951567]  __kasan_kmalloc+0xb7/0xc0
[   15.951977]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   15.952642]  kvasprintf+0xc5/0x150
[   15.953427]  __kthread_create_on_node+0x18b/0x3a0
[   15.954571]  kthread_create_on_node+0xab/0xe0
[   15.955282]  create_worker+0x3e5/0x7b0
[   15.955665]  worker_thread+0x992/0x1220
[   15.956176]  kthread+0x337/0x6f0
[   15.956573]  ret_from_fork+0x41/0x80
[   15.957357]  ret_from_fork_asm+0x1a/0x30
[   15.957742] 
[   15.957982] The buggy address belongs to the object at ffff888102175200
[   15.957982]  which belongs to the cache kmalloc-16 of size 16
[   15.958896] The buggy address is located 19 bytes to the right of
[   15.958896]  allocated 12-byte region [ffff888102175200, ffff88810217520c)
[   15.959857] 
[   15.960201] The buggy address belongs to the physical page:
[   15.960737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102175
[   15.961494] flags: 0x200000000000000(node=0|zone=2)
[   15.962288] page_type: f5(slab)
[   15.962819] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   15.963649] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   15.964748] page dumped because: kasan: bad access detected
[   15.965418] 
[   15.966081] Memory state around the buggy address:
[   15.966892]  ffff888102175100: 00 06 fc fc 00 04 fc fc 00 00 fc fc 00 04 fc fc
[   15.967562]  ffff888102175180: 00 04 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[   15.968650] >ffff888102175200: 00 04 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc
[   15.969733]                             ^
[   15.970092]  ffff888102175280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.970650]  ffff888102175300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.972182] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYUHT0D3sQNOGwBtcXKr5K4Y5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYUHT0D3sQNOGwBtcXKr5K4Y5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/bzImage
sha256sum	464d852aa65e55fe849c2032fadc39c92d3f1038148deeeb5153bf785edfb3cb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/modules.tar.xz
sha256sum	48ba027071f05b733fc6db58a63b00001d03de4c8de4a7d017582fc3ae9eedfe

durations

tests

boot	0
kunit	357.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit