lkft/sashal-linus-next - v6.13-rc7-43435-gecfd4e45aa7e - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset

Date

July 9, 2025, 2:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.996354] ==================================================================
[   16.996425] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0
[   16.996480] Write of size 128 at addr fff00000c7767300 by task kunit_try_catch/170
[   16.996592] 
[   16.996640] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.996730] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.996947] Hardware name: linux,dummy-virt (DT)
[   16.997025] Call trace:
[   16.997051]  show_stack+0x20/0x38 (C)
[   16.997142]  dump_stack_lvl+0x8c/0xd0
[   16.997202]  print_report+0x118/0x608
[   16.997266]  kasan_report+0xdc/0x128
[   16.997315]  kasan_check_range+0x100/0x1a8
[   16.997363]  __asan_memset+0x34/0x78
[   16.997426]  kmalloc_oob_in_memset+0x144/0x2d0
[   16.997474]  kunit_try_run_case+0x170/0x3f0
[   16.997522]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.997584]  kthread+0x328/0x630
[   16.997677]  ret_from_fork+0x10/0x20
[   16.997730] 
[   16.997748] Allocated by task 170:
[   16.997777]  kasan_save_stack+0x3c/0x68
[   16.998062]  kasan_save_track+0x20/0x40
[   16.998148]  kasan_save_alloc_info+0x40/0x58
[   16.998238]  __kasan_kmalloc+0xd4/0xd8
[   16.998497]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.998543]  kmalloc_oob_in_memset+0xb0/0x2d0
[   16.998581]  kunit_try_run_case+0x170/0x3f0
[   16.998667]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.998725]  kthread+0x328/0x630
[   16.998815]  ret_from_fork+0x10/0x20
[   16.998900] 
[   16.998947] The buggy address belongs to the object at fff00000c7767300
[   16.998947]  which belongs to the cache kmalloc-128 of size 128
[   16.999030] The buggy address is located 0 bytes inside of
[   16.999030]  allocated 120-byte region [fff00000c7767300, fff00000c7767378)
[   16.999148] 
[   16.999220] The buggy address belongs to the physical page:
[   16.999274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767
[   16.999341] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.999512] page_type: f5(slab)
[   16.999650] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.999815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.999884] page dumped because: kasan: bad access detected
[   16.999972] 
[   17.000008] Memory state around the buggy address:
[   17.000047]  fff00000c7767200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.000306]  fff00000c7767280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.000418] >fff00000c7767300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   17.000520]                                                                 ^
[   17.002019]  fff00000c7767380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.002301]  fff00000c7767400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.002355] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zdnu4pJqTPxCDM01WetGTpcZWu

job_id

TEST:linaro@lkft#2zdnyB7OL0roABXRudexrWkB6AA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdnyB7OL0roABXRudexrWkB6AA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnvItg8MSQGpQ2PTgQjJbikMI/Image.gz
sha256sum	9fc3d2b9ecc4045dbbcaa0fce7c5393f9a1187e8c9f58809489a2386c2bba6f9

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnvItg8MSQGpQ2PTgQjJbikMI/modules.tar.xz
sha256sum	5f87b4429173aa3fe97d57eecb0d2d5f928699b458408678383ae22063f40b23

durations

tests

boot	0
kunit	181.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.804005] ==================================================================
[   12.804554] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320
[   12.805061] Write of size 128 at addr ffff888102c29d00 by task kunit_try_catch/187
[   12.805850] 
[   12.806092] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.806140] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.806152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.806173] Call Trace:
[   12.806186]  <TASK>
[   12.806203]  dump_stack_lvl+0x73/0xb0
[   12.806236]  print_report+0xd1/0x650
[   12.806258]  ? __virt_addr_valid+0x1db/0x2d0
[   12.806283]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.806305]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.806328]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.806350]  kasan_report+0x141/0x180
[   12.806371]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.806397]  kasan_check_range+0x10c/0x1c0
[   12.806420]  __asan_memset+0x27/0x50
[   12.806439]  kmalloc_oob_in_memset+0x15f/0x320
[   12.806460]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   12.806483]  ? __schedule+0x10cc/0x2b60
[   12.806505]  ? __pfx_read_tsc+0x10/0x10
[   12.806527]  ? ktime_get_ts64+0x86/0x230
[   12.806553]  kunit_try_run_case+0x1a5/0x480
[   12.806578]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.806616]  ? irqentry_exit+0x2a/0x60
[   12.806640]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.806668]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.806692]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.806715]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.806740]  kthread+0x337/0x6f0
[   12.806833]  ? trace_preempt_on+0x20/0xc0
[   12.806861]  ? __pfx_kthread+0x10/0x10
[   12.806893]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.806919]  ? calculate_sigpending+0x7b/0xa0
[   12.806944]  ? __pfx_kthread+0x10/0x10
[   12.806964]  ret_from_fork+0x116/0x1d0
[   12.806983]  ? __pfx_kthread+0x10/0x10
[   12.807002]  ret_from_fork_asm+0x1a/0x30
[   12.807036]  </TASK>
[   12.807046] 
[   12.821049] Allocated by task 187:
[   12.821366]  kasan_save_stack+0x45/0x70
[   12.821710]  kasan_save_track+0x18/0x40
[   12.821858]  kasan_save_alloc_info+0x3b/0x50
[   12.822008]  __kasan_kmalloc+0xb7/0xc0
[   12.822141]  __kmalloc_cache_noprof+0x189/0x420
[   12.822298]  kmalloc_oob_in_memset+0xac/0x320
[   12.822445]  kunit_try_run_case+0x1a5/0x480
[   12.822591]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.822777]  kthread+0x337/0x6f0
[   12.822905]  ret_from_fork+0x116/0x1d0
[   12.823198]  ret_from_fork_asm+0x1a/0x30
[   12.823468] 
[   12.823655] The buggy address belongs to the object at ffff888102c29d00
[   12.823655]  which belongs to the cache kmalloc-128 of size 128
[   12.824647] The buggy address is located 0 bytes inside of
[   12.824647]  allocated 120-byte region [ffff888102c29d00, ffff888102c29d78)
[   12.825946] 
[   12.826030] The buggy address belongs to the physical page:
[   12.826205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c29
[   12.826448] flags: 0x200000000000000(node=0|zone=2)
[   12.826625] page_type: f5(slab)
[   12.826747] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.827547] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.828317] page dumped because: kasan: bad access detected
[   12.829014] 
[   12.829176] Memory state around the buggy address:
[   12.829635]  ffff888102c29c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.830303]  ffff888102c29c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.830994] >ffff888102c29d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.831513]                                                                 ^
[   12.832105]  ffff888102c29d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.832611]  ffff888102c29e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.833232] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zdnu4pJqTPxCDM01WetGTpcZWu

job_id

TEST:linaro@lkft#2zdnz12aXMnIhwtiwfXXLzW2SfX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdnz12aXMnIhwtiwfXXLzW2SfX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnwL7Z3jTSF9idnXwNbKIrm5l/bzImage
sha256sum	e6f11fcb2c8291b84e69cf59825ab87253d1e31a31ee3254ee572a5b3c1a3c66

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnwL7Z3jTSF9idnXwNbKIrm5l/modules.tar.xz
sha256sum	3f6ece2e0f513330e7bf05b8b5fd9adc363b5b8ce0604b4c0b0febc2cae90572

durations

tests

boot	0
kunit	240.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit