lkft/sashal-linus-next - v6.13-rc7-43420-g0bb7ecc6c892 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right

Date

July 9, 2025, 12:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.315617] ==================================================================
[   19.315680] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488
[   19.315732] Write of size 1 at addr fff00000c638db78 by task kunit_try_catch/143
[   19.315781] 
[   19.315810] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.315890] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.315916] Hardware name: linux,dummy-virt (DT)
[   19.315946] Call trace:
[   19.315966]  show_stack+0x20/0x38 (C)
[   19.316014]  dump_stack_lvl+0x8c/0xd0
[   19.316061]  print_report+0x118/0x608
[   19.316107]  kasan_report+0xdc/0x128
[   19.316153]  __asan_report_store1_noabort+0x20/0x30
[   19.316204]  kmalloc_track_caller_oob_right+0x40c/0x488
[   19.316255]  kunit_try_run_case+0x170/0x3f0
[   19.316304]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.316356]  kthread+0x328/0x630
[   19.318001]  ret_from_fork+0x10/0x20
[   19.318052] 
[   19.318070] Allocated by task 143:
[   19.318101]  kasan_save_stack+0x3c/0x68
[   19.318141]  kasan_save_track+0x20/0x40
[   19.318178]  kasan_save_alloc_info+0x40/0x58
[   19.318217]  __kasan_kmalloc+0xd4/0xd8
[   19.318253]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   19.318296]  kmalloc_track_caller_oob_right+0xa8/0x488
[   19.318336]  kunit_try_run_case+0x170/0x3f0
[   19.318373]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.318430]  kthread+0x328/0x630
[   19.318462]  ret_from_fork+0x10/0x20
[   19.318498] 
[   19.318516] The buggy address belongs to the object at fff00000c638db00
[   19.318516]  which belongs to the cache kmalloc-128 of size 128
[   19.318573] The buggy address is located 0 bytes to the right of
[   19.318573]  allocated 120-byte region [fff00000c638db00, fff00000c638db78)
[   19.318636] 
[   19.318655] The buggy address belongs to the physical page:
[   19.318684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638d
[   19.318737] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.318786] page_type: f5(slab)
[   19.318823] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.318873] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.318912] page dumped because: kasan: bad access detected
[   19.318942] 
[   19.318960] Memory state around the buggy address:
[   19.318991]  fff00000c638da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.319034]  fff00000c638da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.319077] >fff00000c638db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   19.319114]                                                                 ^
[   19.319153]  fff00000c638db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.319194]  fff00000c638dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.319231] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAEs3GnocWqbWkV7rOIaC0ynd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAEs3GnocWqbWkV7rOIaC0ynd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/Image.gz
sha256sum	43942746c31837a748f7022cb72cf36f2b91f61e7d895fc8b55a1572e458e713

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/modules.tar.xz
sha256sum	8807b7479e37c86501e73242d675a1e38566097096d6197d93fffacaa4ec941e

durations

tests

boot	0
kunit	176.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.037403] ==================================================================
[   12.037849] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.038428] Write of size 1 at addr ffff88810269ab78 by task kunit_try_catch/159
[   12.038724] 
[   12.038848] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.038893] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.038904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.038938] Call Trace:
[   12.038963]  <TASK>
[   12.038982]  dump_stack_lvl+0x73/0xb0
[   12.039014]  print_report+0xd1/0x650
[   12.039037]  ? __virt_addr_valid+0x1db/0x2d0
[   12.039061]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.039086]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.039108]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.039133]  kasan_report+0x141/0x180
[   12.039154]  ? kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.039184]  __asan_report_store1_noabort+0x1b/0x30
[   12.039209]  kmalloc_track_caller_oob_right+0x4c8/0x520
[   12.039234]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   12.039308]  ? __schedule+0x10cc/0x2b60
[   12.039333]  ? __pfx_read_tsc+0x10/0x10
[   12.039355]  ? ktime_get_ts64+0x86/0x230
[   12.039381]  kunit_try_run_case+0x1a5/0x480
[   12.039408]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.039430]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.039454]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.039478]  ? __kthread_parkme+0x82/0x180
[   12.039498]  ? preempt_count_sub+0x50/0x80
[   12.039523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.039546]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.039570]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.039594]  kthread+0x337/0x6f0
[   12.039613]  ? trace_preempt_on+0x20/0xc0
[   12.039637]  ? __pfx_kthread+0x10/0x10
[   12.039657]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.039677]  ? calculate_sigpending+0x7b/0xa0
[   12.039702]  ? __pfx_kthread+0x10/0x10
[   12.039722]  ret_from_fork+0x116/0x1d0
[   12.039740]  ? __pfx_kthread+0x10/0x10
[   12.039760]  ret_from_fork_asm+0x1a/0x30
[   12.039792]  </TASK>
[   12.039802] 
[   12.047456] Allocated by task 159:
[   12.047593]  kasan_save_stack+0x45/0x70
[   12.048597]  kasan_save_track+0x18/0x40
[   12.048801]  kasan_save_alloc_info+0x3b/0x50
[   12.049245]  __kasan_kmalloc+0xb7/0xc0
[   12.049441]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   12.049685]  kmalloc_track_caller_oob_right+0x99/0x520
[   12.050012]  kunit_try_run_case+0x1a5/0x480
[   12.050235]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.050504]  kthread+0x337/0x6f0
[   12.050661]  ret_from_fork+0x116/0x1d0
[   12.050810]  ret_from_fork_asm+0x1a/0x30
[   12.051085] 
[   12.051183] The buggy address belongs to the object at ffff88810269ab00
[   12.051183]  which belongs to the cache kmalloc-128 of size 128
[   12.051699] The buggy address is located 0 bytes to the right of
[   12.051699]  allocated 120-byte region [ffff88810269ab00, ffff88810269ab78)
[   12.052257] 
[   12.052375] The buggy address belongs to the physical page:
[   12.052553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10269a
[   12.052890] flags: 0x200000000000000(node=0|zone=2)
[   12.053150] page_type: f5(slab)
[   12.053293] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.053645] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.054221] page dumped because: kasan: bad access detected
[   12.054479] 
[   12.054559] Memory state around the buggy address:
[   12.054788]  ffff88810269aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.055076]  ffff88810269aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.055362] >ffff88810269ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.055673]                                                                 ^
[   12.056011]  ffff88810269ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.056333]  ffff88810269ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.056583] ==================================================================
[   12.057368] ==================================================================
[   12.057672] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.058116] Write of size 1 at addr ffff88810269ac78 by task kunit_try_catch/159
[   12.058444] 
[   12.058541] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.058582] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.058593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.058612] Call Trace:
[   12.058624]  <TASK>
[   12.058640]  dump_stack_lvl+0x73/0xb0
[   12.058668]  print_report+0xd1/0x650
[   12.058689]  ? __virt_addr_valid+0x1db/0x2d0
[   12.058728]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.058755]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.058778]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.058804]  kasan_report+0x141/0x180
[   12.058825]  ? kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.058856]  __asan_report_store1_noabort+0x1b/0x30
[   12.058881]  kmalloc_track_caller_oob_right+0x4b1/0x520
[   12.058906]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   12.059013]  ? __schedule+0x10cc/0x2b60
[   12.059037]  ? __pfx_read_tsc+0x10/0x10
[   12.059058]  ? ktime_get_ts64+0x86/0x230
[   12.059081]  kunit_try_run_case+0x1a5/0x480
[   12.059106]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.059128]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.059151]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.059175]  ? __kthread_parkme+0x82/0x180
[   12.059195]  ? preempt_count_sub+0x50/0x80
[   12.059218]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.059242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.059268]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.059308]  kthread+0x337/0x6f0
[   12.059327]  ? trace_preempt_on+0x20/0xc0
[   12.059350]  ? __pfx_kthread+0x10/0x10
[   12.059370]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.059391]  ? calculate_sigpending+0x7b/0xa0
[   12.059415]  ? __pfx_kthread+0x10/0x10
[   12.059436]  ret_from_fork+0x116/0x1d0
[   12.059453]  ? __pfx_kthread+0x10/0x10
[   12.059473]  ret_from_fork_asm+0x1a/0x30
[   12.059504]  </TASK>
[   12.059514] 
[   12.066902] Allocated by task 159:
[   12.067060]  kasan_save_stack+0x45/0x70
[   12.067255]  kasan_save_track+0x18/0x40
[   12.067445]  kasan_save_alloc_info+0x3b/0x50
[   12.067594]  __kasan_kmalloc+0xb7/0xc0
[   12.067740]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   12.068070]  kmalloc_track_caller_oob_right+0x19a/0x520
[   12.068336]  kunit_try_run_case+0x1a5/0x480
[   12.068481]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.068723]  kthread+0x337/0x6f0
[   12.068889]  ret_from_fork+0x116/0x1d0
[   12.069149]  ret_from_fork_asm+0x1a/0x30
[   12.069356] 
[   12.069453] The buggy address belongs to the object at ffff88810269ac00
[   12.069453]  which belongs to the cache kmalloc-128 of size 128
[   12.069820] The buggy address is located 0 bytes to the right of
[   12.069820]  allocated 120-byte region [ffff88810269ac00, ffff88810269ac78)
[   12.070743] 
[   12.070846] The buggy address belongs to the physical page:
[   12.071176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10269a
[   12.071509] flags: 0x200000000000000(node=0|zone=2)
[   12.071732] page_type: f5(slab)
[   12.071854] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.072162] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.072532] page dumped because: kasan: bad access detected
[   12.072783] 
[   12.072874] Memory state around the buggy address:
[   12.073166]  ffff88810269ab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.073518]  ffff88810269ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.073784] >ffff88810269ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.074157]                                                                 ^
[   12.074464]  ffff88810269ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.074729]  ffff88810269ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.075227] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAFkblEHml5vWceVaiL0Z7pv2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAFkblEHml5vWceVaiL0Z7pv2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/bzImage
sha256sum	27b537d7ff0cc2505073732e0426981d2e11aae2d444edf9f87b5f4cd09a88c1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/modules.tar.xz
sha256sum	de6330518eae5656446007b0b43210efdfbd212f286fe2bf16230e157f9f0923

durations

tests

boot	0
kunit	201.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit