lkft/linux-stable-rc-linux-6.15.y - v6.15.6-193-ge6001d5f7944 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2

Date

July 15, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.905096] ==================================================================
[   17.905171] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8
[   17.905240] Write of size 2 at addr fff00000c47f9f77 by task kunit_try_catch/174
[   17.905431] 
[   17.905947] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   17.906135] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.906165] Hardware name: linux,dummy-virt (DT)
[   17.906239] Call trace:
[   17.906428]  show_stack+0x20/0x38 (C)
[   17.906642]  dump_stack_lvl+0x8c/0xd0
[   17.906859]  print_report+0x118/0x5d0
[   17.907003]  kasan_report+0xdc/0x128
[   17.907144]  kasan_check_range+0x100/0x1a8
[   17.907260]  __asan_memset+0x34/0x78
[   17.907329]  kmalloc_oob_memset_2+0x150/0x2f8
[   17.907588]  kunit_try_run_case+0x170/0x3f0
[   17.907923]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.908226]  kthread+0x328/0x630
[   17.908470]  ret_from_fork+0x10/0x20
[   17.908757] 
[   17.908818] Allocated by task 174:
[   17.908868]  kasan_save_stack+0x3c/0x68
[   17.909037]  kasan_save_track+0x20/0x40
[   17.909288]  kasan_save_alloc_info+0x40/0x58
[   17.909338]  __kasan_kmalloc+0xd4/0xd8
[   17.909508]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.909603]  kmalloc_oob_memset_2+0xb0/0x2f8
[   17.909771]  kunit_try_run_case+0x170/0x3f0
[   17.909923]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.910031]  kthread+0x328/0x630
[   17.910369]  ret_from_fork+0x10/0x20
[   17.910494] 
[   17.910563] The buggy address belongs to the object at fff00000c47f9f00
[   17.910563]  which belongs to the cache kmalloc-128 of size 128
[   17.910733] The buggy address is located 119 bytes inside of
[   17.910733]  allocated 120-byte region [fff00000c47f9f00, fff00000c47f9f78)
[   17.910830] 
[   17.911050] The buggy address belongs to the physical page:
[   17.911305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047f9
[   17.911400] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.911720] page_type: f5(slab)
[   17.911769] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.911981] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.912447] page dumped because: kasan: bad access detected
[   17.912666] 
[   17.912909] Memory state around the buggy address:
[   17.912970]  fff00000c47f9e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.913369]  fff00000c47f9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.913522] >fff00000c47f9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   17.913563]                                                                 ^
[   17.913607]  fff00000c47f9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.913694]  fff00000c47fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.913744] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukwdBCddr8O80gGskAZRJ92TK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukwdBCddr8O80gGskAZRJ92TK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/Image.gz
sha256sum	b0e860f17b10076c4d346cc4e669f0a4314b9c47de014734fef43b203ae0e34e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/modules.tar.xz
sha256sum	ba72242d720b0973d3bbe494c38fcb449b610f739295df61530720aaf0f78e60

durations

tests

boot	0
kunit	190.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.074848] ==================================================================
[   11.075351] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330
[   11.075587] Write of size 2 at addr ffff888102f2ab77 by task kunit_try_catch/191
[   11.076702] 
[   11.077133] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   11.077190] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.077201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.077221] Call Trace:
[   11.077233]  <TASK>
[   11.077247]  dump_stack_lvl+0x73/0xb0
[   11.077273]  print_report+0xd1/0x610
[   11.077295]  ? __virt_addr_valid+0x1db/0x2d0
[   11.077315]  ? kmalloc_oob_memset_2+0x166/0x330
[   11.077336]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.077357]  ? kmalloc_oob_memset_2+0x166/0x330
[   11.077379]  kasan_report+0x141/0x180
[   11.077400]  ? kmalloc_oob_memset_2+0x166/0x330
[   11.077426]  kasan_check_range+0x10c/0x1c0
[   11.077445]  __asan_memset+0x27/0x50
[   11.077464]  kmalloc_oob_memset_2+0x166/0x330
[   11.077487]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   11.077509]  ? __schedule+0x10cc/0x2b60
[   11.077532]  ? __pfx_read_tsc+0x10/0x10
[   11.077550]  ? ktime_get_ts64+0x86/0x230
[   11.077574]  kunit_try_run_case+0x1a5/0x480
[   11.077594]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.077611]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.077635]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.077657]  ? __kthread_parkme+0x82/0x180
[   11.077678]  ? preempt_count_sub+0x50/0x80
[   11.077702]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.077721]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.077743]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.077766]  kthread+0x337/0x6f0
[   11.077959]  ? trace_preempt_on+0x20/0xc0
[   11.077987]  ? __pfx_kthread+0x10/0x10
[   11.078005]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.078027]  ? calculate_sigpending+0x7b/0xa0
[   11.078048]  ? __pfx_kthread+0x10/0x10
[   11.078102]  ret_from_fork+0x41/0x80
[   11.078122]  ? __pfx_kthread+0x10/0x10
[   11.078139]  ret_from_fork_asm+0x1a/0x30
[   11.078169]  </TASK>
[   11.078179] 
[   11.092973] Allocated by task 191:
[   11.093398]  kasan_save_stack+0x45/0x70
[   11.093920]  kasan_save_track+0x18/0x40
[   11.094064]  kasan_save_alloc_info+0x3b/0x50
[   11.094209]  __kasan_kmalloc+0xb7/0xc0
[   11.094339]  __kmalloc_cache_noprof+0x189/0x420
[   11.094488]  kmalloc_oob_memset_2+0xac/0x330
[   11.094633]  kunit_try_run_case+0x1a5/0x480
[   11.094794]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.094977]  kthread+0x337/0x6f0
[   11.095216]  ret_from_fork+0x41/0x80
[   11.095345]  ret_from_fork_asm+0x1a/0x30
[   11.095480] 
[   11.095657] The buggy address belongs to the object at ffff888102f2ab00
[   11.095657]  which belongs to the cache kmalloc-128 of size 128
[   11.096857] The buggy address is located 119 bytes inside of
[   11.096857]  allocated 120-byte region [ffff888102f2ab00, ffff888102f2ab78)
[   11.097641] 
[   11.097828] The buggy address belongs to the physical page:
[   11.098565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f2a
[   11.099183] flags: 0x200000000000000(node=0|zone=2)
[   11.099351] page_type: f5(slab)
[   11.099472] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   11.099704] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.099940] page dumped because: kasan: bad access detected
[   11.100279] 
[   11.100376] Memory state around the buggy address:
[   11.100577]  ffff888102f2aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.100923]  ffff888102f2aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.101242] >ffff888102f2ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   11.101563]                                                                 ^
[   11.102074]  ffff888102f2ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.102369]  ffff888102f2ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.102654] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukxmzNrsaISlcQpWi8gxQVWk6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukxmzNrsaISlcQpWi8gxQVWk6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/bzImage
sha256sum	6359b76b264b4bf459aa8408711bf0e517a07721ad97f1471de243ff17baef19

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/modules.tar.xz
sha256sum	f6ea602678cc1fbeece7230b895aa5bbae863bca90c89576af624930df349f2a

durations

tests

boot	0
kunit	210.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit