lkft/linux-stable-rc-linux-6.6.y - v6.6.74-439-g3b8d2f9dc632 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right

Date

Feb. 5, 2025, 2:09 p.m.

Environment
qemu-arm64

[  177.078463] ==================================================================
[  177.079636] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xf0/0x308
[  177.082140] Write of size 1 at addr ffff0000c5f5a378 by task kunit_try_catch/116
[  177.083355] 
[  177.083793] CPU: 1 PID: 116 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  177.085967] Hardware name: linux,dummy-virt (DT)
[  177.087069] Call trace:
[  177.087768]  dump_backtrace+0x9c/0x128
[  177.088868]  show_stack+0x20/0x38
[  177.089923]  dump_stack_lvl+0x60/0xb0
[  177.091141]  print_report+0xf8/0x5d8
[  177.092436]  kasan_report+0xc8/0x118
[  177.093420]  __asan_store1+0x60/0x70
[  177.094753]  kmalloc_oob_right+0xf0/0x308
[  177.096166]  kunit_try_run_case+0xf8/0x260
[  177.097619]  kunit_generic_run_threadfn_adapter+0x38/0x60
[  177.099151]  kthread+0x18c/0x1a8
[  177.100254]  ret_from_fork+0x10/0x20
[  177.101638] 
[  177.102257] Allocated by task 116:
[  177.103203]  kasan_save_stack+0x3c/0x68
[  177.104471]  kasan_set_track+0x2c/0x40
[  177.106018]  kasan_save_alloc_info+0x24/0x38
[  177.107535]  __kasan_kmalloc+0xd4/0xd8
[  177.108887]  kmalloc_trace+0x68/0x130
[  177.110317]  kmalloc_oob_right+0xa0/0x308
[  177.111773]  kunit_try_run_case+0xf8/0x260
[  177.113093]  kunit_generic_run_threadfn_adapter+0x38/0x60
[  177.114747]  kthread+0x18c/0x1a8
[  177.115899]  ret_from_fork+0x10/0x20
[  177.117057] 
[  177.118300] The buggy address belongs to the object at ffff0000c5f5a300
[  177.118300]  which belongs to the cache kmalloc-128 of size 128
[  177.120690] The buggy address is located 5 bytes to the right of
[  177.120690]  allocated 115-byte region [ffff0000c5f5a300, ffff0000c5f5a373)
[  177.123613] 
[  177.124273] The buggy address belongs to the physical page:
[  177.125873] page:00000000585cab0c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f5a
[  177.128062] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[  177.129679] page_type: 0xffffffff()
[  177.131369] raw: 0bfffc0000000800 ffff0000c00018c0 dead000000000122 0000000000000000
[  177.133205] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  177.134851] page dumped because: kasan: bad access detected
[  177.136048] 
[  177.136836] Memory state around the buggy address:
[  177.138041]  ffff0000c5f5a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  177.140102]  ffff0000c5f5a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.141859] >ffff0000c5f5a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[  177.143479]                                                                 ^
[  177.145219]  ffff0000c5f5a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.146798]  ffff0000c5f5a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.149146] ==================================================================
[  176.998278] ==================================================================
[  177.000499] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xc8/0x308
[  177.003285] Write of size 1 at addr ffff0000c5f5a373 by task kunit_try_catch/116
[  177.004805] 
[  177.006156] CPU: 1 PID: 116 Comm: kunit_try_catch Tainted: G                 N 6.6.76-rc1 #1
[  177.008331] Hardware name: linux,dummy-virt (DT)
[  177.010125] Call trace:
[  177.010816]  dump_backtrace+0x9c/0x128
[  177.011790]  show_stack+0x20/0x38
[  177.012325]  dump_stack_lvl+0x60/0xb0
[  177.013962]  print_report+0xf8/0x5d8
[  177.015153]  kasan_report+0xc8/0x118
[  177.016163]  __asan_store1+0x60/0x70
[  177.017310]  kmalloc_oob_right+0xc8/0x308
[  177.018649]  kunit_try_run_case+0xf8/0x260
[  177.019873]  kunit_generic_run_threadfn_adapter+0x38/0x60
[  177.021711]  kthread+0x18c/0x1a8
[  177.022588]  ret_from_fork+0x10/0x20
[  177.023915] 
[  177.024502] Allocated by task 116:
[  177.026091]  kasan_save_stack+0x3c/0x68
[  177.027300]  kasan_set_track+0x2c/0x40
[  177.028455]  kasan_save_alloc_info+0x24/0x38
[  177.029864]  __kasan_kmalloc+0xd4/0xd8
[  177.031167]  kmalloc_trace+0x68/0x130
[  177.032416]  kmalloc_oob_right+0xa0/0x308
[  177.033759]  kunit_try_run_case+0xf8/0x260
[  177.035171]  kunit_generic_run_threadfn_adapter+0x38/0x60
[  177.036638]  kthread+0x18c/0x1a8
[  177.037842]  ret_from_fork+0x10/0x20
[  177.039111] 
[  177.039756] The buggy address belongs to the object at ffff0000c5f5a300
[  177.039756]  which belongs to the cache kmalloc-128 of size 128
[  177.042894] The buggy address is located 0 bytes to the right of
[  177.042894]  allocated 115-byte region [ffff0000c5f5a300, ffff0000c5f5a373)
[  177.045894] 
[  177.046865] The buggy address belongs to the physical page:
[  177.048417] page:00000000585cab0c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f5a
[  177.051193] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[  177.053050] page_type: 0xffffffff()
[  177.054957] raw: 0bfffc0000000800 ffff0000c00018c0 dead000000000122 0000000000000000
[  177.056666] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  177.058948] page dumped because: kasan: bad access detected
[  177.060084] 
[  177.060696] Memory state around the buggy address:
[  177.062643]  ffff0000c5f5a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  177.064250]  ffff0000c5f5a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.066297] >ffff0000c5f5a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[  177.067895]                                                              ^
[  177.069785]  ffff0000c5f5a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.071434]  ffff0000c5f5a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.073918] ==================================================================
[  177.152289] ==================================================================
[  177.154090] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x118/0x308
[  177.155314] Read of size 1 at addr ffff0000c5f5a380 by task kunit_try_catch/116
[  177.157361] 
[  177.159277] CPU: 1 PID: 116 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  177.161253] Hardware name: linux,dummy-virt (DT)
[  177.163411] Call trace:
[  177.164519]  dump_backtrace+0x9c/0x128
[  177.165778]  show_stack+0x20/0x38
[  177.166887]  dump_stack_lvl+0x60/0xb0
[  177.168081]  print_report+0xf8/0x5d8
[  177.169334]  kasan_report+0xc8/0x118
[  177.170559]  __asan_load1+0x60/0x70
[  177.171532]  kmalloc_oob_right+0x118/0x308
[  177.173049]  kunit_try_run_case+0xf8/0x260
[  177.174604]  kunit_generic_run_threadfn_adapter+0x38/0x60
[  177.176043]  kthread+0x18c/0x1a8
[  177.177589]  ret_from_fork+0x10/0x20
[  177.179115] 
[  177.179698] Allocated by task 116:
[  177.180642]  kasan_save_stack+0x3c/0x68
[  177.181799]  kasan_set_track+0x2c/0x40
[  177.183162]  kasan_save_alloc_info+0x24/0x38
[  177.184439]  __kasan_kmalloc+0xd4/0xd8
[  177.185621]  kmalloc_trace+0x68/0x130
[  177.186765]  kmalloc_oob_right+0xa0/0x308
[  177.188016]  kunit_try_run_case+0xf8/0x260
[  177.189197]  kunit_generic_run_threadfn_adapter+0x38/0x60
[  177.191146]  kthread+0x18c/0x1a8
[  177.192155]  ret_from_fork+0x10/0x20
[  177.193489] 
[  177.193982] The buggy address belongs to the object at ffff0000c5f5a300
[  177.193982]  which belongs to the cache kmalloc-128 of size 128
[  177.196530] The buggy address is located 13 bytes to the right of
[  177.196530]  allocated 115-byte region [ffff0000c5f5a300, ffff0000c5f5a373)
[  177.199920] 
[  177.200411] The buggy address belongs to the physical page:
[  177.202357] page:00000000585cab0c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f5a
[  177.203986] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[  177.205934] page_type: 0xffffffff()
[  177.207221] raw: 0bfffc0000000800 ffff0000c00018c0 dead000000000122 0000000000000000
[  177.208922] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  177.210838] page dumped because: kasan: bad access detected
[  177.211869] 
[  177.212296] Memory state around the buggy address:
[  177.214034]  ffff0000c5f5a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.216040]  ffff0000c5f5a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[  177.217856] >ffff0000c5f5a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.219516]                    ^
[  177.220619]  ffff0000c5f5a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.222497]  ffff0000c5f5a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  177.224020] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2scp7HAa1iha7YmHo9amhA3Zoaf

job_id

TEST:linaro@lkft#2scpB413ETJoclX4AbSK487g0B2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2scpB413ETJoclX4AbSK487g0B2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2scp859D1gQDvwueOeOLhXen96W/Image.gz
sha256sum	8ef350f1ff8c0b86754f9c49d9758f2abfe5f560fd1f13969fb3ac6b6ee5b243

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	f592205e64add7389d8a1055c235aa3685e13c7cfdfdbe5f212ab22afdbeb656

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2scp859D1gQDvwueOeOLhXen96W/modules.tar.xz
sha256sum	3823bf9cd7c260091e1cf80cd35f8dbf1c699d0fd388a80fcb6df9ba8db081d6

durations

tests

boot	1583.73
kunit	0

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.0+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE