lkft/linux-stable-rc-linux-6.15.y - v6.15.3-593-gde19bfa00d6f - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4

Date

June 23, 2025, 1:39 p.m.

Environment
qemu-arm64
qemu-x86_64

[   24.730238] ==================================================================
[   24.730528] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300
[   24.730774] Write of size 4 at addr fff00000c76cf075 by task kunit_try_catch/176
[   24.730912] 
[   24.731063] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   24.731450] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.731610] Hardware name: linux,dummy-virt (DT)
[   24.731869] Call trace:
[   24.731938]  show_stack+0x20/0x38 (C)
[   24.732249]  dump_stack_lvl+0x8c/0xd0
[   24.732604]  print_report+0x118/0x608
[   24.732778]  kasan_report+0xdc/0x128
[   24.733074]  kasan_check_range+0x100/0x1a8
[   24.733202]  __asan_memset+0x34/0x78
[   24.733325]  kmalloc_oob_memset_4+0x150/0x300
[   24.733508]  kunit_try_run_case+0x170/0x3f0
[   24.733686]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.733834]  kthread+0x328/0x630
[   24.733964]  ret_from_fork+0x10/0x20
[   24.734084] 
[   24.734197] Allocated by task 176:
[   24.734236]  kasan_save_stack+0x3c/0x68
[   24.734288]  kasan_save_track+0x20/0x40
[   24.734417]  kasan_save_alloc_info+0x40/0x58
[   24.734596]  __kasan_kmalloc+0xd4/0xd8
[   24.734774]  __kmalloc_cache_noprof+0x16c/0x3c0
[   24.735219]  kmalloc_oob_memset_4+0xb0/0x300
[   24.735346]  kunit_try_run_case+0x170/0x3f0
[   24.735989]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.736123]  kthread+0x328/0x630
[   24.736435]  ret_from_fork+0x10/0x20
[   24.736536] 
[   24.736628] The buggy address belongs to the object at fff00000c76cf000
[   24.736628]  which belongs to the cache kmalloc-128 of size 128
[   24.736826] The buggy address is located 117 bytes inside of
[   24.736826]  allocated 120-byte region [fff00000c76cf000, fff00000c76cf078)
[   24.737045] 
[   24.737430] The buggy address belongs to the physical page:
[   24.737521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076cf
[   24.737644] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.738049] page_type: f5(slab)
[   24.738220] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   24.738338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.738831] page dumped because: kasan: bad access detected
[   24.738944] 
[   24.739257] Memory state around the buggy address:
[   24.739340]  fff00000c76cef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.739970]  fff00000c76cef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.740336] >fff00000c76cf000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   24.740476]                                                                 ^
[   24.740572]  fff00000c76cf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.740675]  fff00000c76cf100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.740765] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYT6Pinx8XSymaWNp6cpzl3Cl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYT6Pinx8XSymaWNp6cpzl3Cl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/Image.gz
sha256sum	57e05c75085917e237c36a1c6300a885b5a4018f7a22df0831ee3761434117fe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/modules.tar.xz
sha256sum	08df30bc44d3238a22959b8095bcf790b77fb8886fd1b3a26e269eaac34e9502

durations

tests

boot	0
kunit	345.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.316001] ==================================================================
[   17.317198] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330
[   17.317926] Write of size 4 at addr ffff888102a13275 by task kunit_try_catch/195
[   17.318886] 
[   17.319177] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   17.319329] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.319365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.319830] Call Trace:
[   17.319876]  <TASK>
[   17.319936]  dump_stack_lvl+0x73/0xb0
[   17.320016]  print_report+0xd1/0x650
[   17.320089]  ? __virt_addr_valid+0x1db/0x2d0
[   17.320170]  ? kmalloc_oob_memset_4+0x166/0x330
[   17.320244]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.320300]  ? kmalloc_oob_memset_4+0x166/0x330
[   17.320335]  kasan_report+0x141/0x180
[   17.320368]  ? kmalloc_oob_memset_4+0x166/0x330
[   17.320407]  kasan_check_range+0x10c/0x1c0
[   17.320434]  __asan_memset+0x27/0x50
[   17.320463]  kmalloc_oob_memset_4+0x166/0x330
[   17.320496]  ? __pfx_kmalloc_oob_memset_4+0x10/0x10
[   17.320532]  ? __pfx_kmalloc_oob_memset_4+0x10/0x10
[   17.320570]  kunit_try_run_case+0x1a5/0x480
[   17.320642]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.320721]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.320768]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.320802]  ? __kthread_parkme+0x82/0x180
[   17.320836]  ? preempt_count_sub+0x50/0x80
[   17.320874]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.320909]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.320941]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.320974]  kthread+0x337/0x6f0
[   17.320996]  ? trace_preempt_on+0x20/0xc0
[   17.321031]  ? __pfx_kthread+0x10/0x10
[   17.321055]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.321086]  ? calculate_sigpending+0x7b/0xa0
[   17.321119]  ? __pfx_kthread+0x10/0x10
[   17.321144]  ret_from_fork+0x41/0x80
[   17.321175]  ? __pfx_kthread+0x10/0x10
[   17.321199]  ret_from_fork_asm+0x1a/0x30
[   17.321268]  </TASK>
[   17.321285] 
[   17.342120] Allocated by task 195:
[   17.342835]  kasan_save_stack+0x45/0x70
[   17.343657]  kasan_save_track+0x18/0x40
[   17.343967]  kasan_save_alloc_info+0x3b/0x50
[   17.344937]  __kasan_kmalloc+0xb7/0xc0
[   17.345387]  __kmalloc_cache_noprof+0x189/0x420
[   17.345990]  kmalloc_oob_memset_4+0xac/0x330
[   17.346474]  kunit_try_run_case+0x1a5/0x480
[   17.347076]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.347833]  kthread+0x337/0x6f0
[   17.348193]  ret_from_fork+0x41/0x80
[   17.348648]  ret_from_fork_asm+0x1a/0x30
[   17.349193] 
[   17.349418] The buggy address belongs to the object at ffff888102a13200
[   17.349418]  which belongs to the cache kmalloc-128 of size 128
[   17.350563] The buggy address is located 117 bytes inside of
[   17.350563]  allocated 120-byte region [ffff888102a13200, ffff888102a13278)
[   17.351869] 
[   17.352093] The buggy address belongs to the physical page:
[   17.352641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a13
[   17.353507] flags: 0x200000000000000(node=0|zone=2)
[   17.354137] page_type: f5(slab)
[   17.354529] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   17.355362] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.356254] page dumped because: kasan: bad access detected
[   17.356897] 
[   17.357088] Memory state around the buggy address:
[   17.357729]  ffff888102a13100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.358425]  ffff888102a13180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.359372] >ffff888102a13200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   17.360141]                                                                 ^
[   17.360804]  ffff888102a13280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.361299]  ffff888102a13300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.362449] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYUHT0D3sQNOGwBtcXKr5K4Y5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYUHT0D3sQNOGwBtcXKr5K4Y5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/bzImage
sha256sum	464d852aa65e55fe849c2032fadc39c92d3f1038148deeeb5153bf785edfb3cb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/modules.tar.xz
sha256sum	48ba027071f05b733fc6db58a63b00001d03de4c8de4a7d017582fc3ae9eedfe

durations

tests

boot	0
kunit	357.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit