lkft/linux-next-master - next-20250515 - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date
May 15, 2025, 10:38 a.m.
Environment
e850-96
[   35.722626] ==================================================================
[   35.722794] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   35.722921] Read of size 1 at addr ffff000801adc773 by task kunit_try_catch/266
[   35.729360] 
[   35.730844] CPU: 3 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   35.730902] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.730918] Hardware name: WinLink E850-96 board (DT)
[   35.730940] Call trace:
[   35.730960]  show_stack+0x20/0x38 (C)
[   35.730996]  dump_stack_lvl+0x8c/0xd0
[   35.731029]  print_report+0x118/0x608
[   35.731062]  kasan_report+0xdc/0x128
[   35.731093]  __asan_report_load1_noabort+0x20/0x30
[   35.731131]  mempool_oob_right_helper+0x2ac/0x2f0
[   35.731161]  mempool_kmalloc_oob_right+0xc4/0x120
[   35.731192]  kunit_try_run_case+0x170/0x3f0
[   35.731226]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.731261]  kthread+0x328/0x630
[   35.731296]  ret_from_fork+0x10/0x20
[   35.731330] 
[   35.800103] Allocated by task 266:
[   35.803490]  kasan_save_stack+0x3c/0x68
[   35.807306]  kasan_save_track+0x20/0x40
[   35.811126]  kasan_save_alloc_info+0x40/0x58
[   35.815379]  __kasan_mempool_unpoison_object+0x11c/0x180
[   35.820674]  remove_element+0x130/0x1f8
[   35.824493]  mempool_alloc_preallocated+0x58/0xc0
[   35.829182]  mempool_oob_right_helper+0x98/0x2f0
[   35.833781]  mempool_kmalloc_oob_right+0xc4/0x120
[   35.838469]  kunit_try_run_case+0x170/0x3f0
[   35.842635]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.848103]  kthread+0x328/0x630
[   35.851316]  ret_from_fork+0x10/0x20
[   35.854875] 
[   35.856352] The buggy address belongs to the object at ffff000801adc700
[   35.856352]  which belongs to the cache kmalloc-128 of size 128
[   35.868853] The buggy address is located 0 bytes to the right of
[   35.868853]  allocated 115-byte region [ffff000801adc700, ffff000801adc773)
[   35.881784] 
[   35.883263] The buggy address belongs to the physical page:
[   35.888819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881adc
[   35.896804] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.904443] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.911386] page_type: f5(slab)
[   35.914524] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   35.922241] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.929968] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   35.937779] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   35.945592] head: 0bfffe0000000001 fffffdffe006b701 00000000ffffffff 00000000ffffffff
[   35.953404] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   35.961212] page dumped because: kasan: bad access detected
[   35.966765] 
[   35.968241] Memory state around the buggy address:
[   35.973023]  ffff000801adc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.980223]  ffff000801adc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.987430] >ffff000801adc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   35.994630]                                                              ^
[   36.001491]  ffff000801adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.008697]  ffff000801adc800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   36.015900] ==================================================================
[   36.024956] ==================================================================
[   36.034827] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   36.042375] Read of size 1 at addr ffff0008067b2001 by task kunit_try_catch/268
[   36.049665] 
[   36.051152] CPU: 7 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   36.051209] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.051225] Hardware name: WinLink E850-96 board (DT)
[   36.051246] Call trace:
[   36.051258]  show_stack+0x20/0x38 (C)
[   36.051294]  dump_stack_lvl+0x8c/0xd0
[   36.051324]  print_report+0x118/0x608
[   36.051361]  kasan_report+0xdc/0x128
[   36.051391]  __asan_report_load1_noabort+0x20/0x30
[   36.051430]  mempool_oob_right_helper+0x2ac/0x2f0
[   36.051463]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   36.051498]  kunit_try_run_case+0x170/0x3f0
[   36.051531]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.051564]  kthread+0x328/0x630
[   36.051599]  ret_from_fork+0x10/0x20
[   36.051634] 
[   36.120932] The buggy address belongs to the physical page:
[   36.126490] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8867b0
[   36.134474] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   36.142114] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   36.149056] page_type: f8(unknown)
[   36.152453] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.160172] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   36.167898] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   36.175710] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   36.183523] head: 0bfffe0000000002 fffffdffe019ec01 00000000ffffffff 00000000ffffffff
[   36.191335] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   36.199140] page dumped because: kasan: bad access detected
[   36.204696] 
[   36.206172] Memory state around the buggy address:
[   36.210952]  ffff0008067b1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.218154]  ffff0008067b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.225361] >ffff0008067b2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.232560]                    ^
[   36.235776]  ffff0008067b2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.242981]  ffff0008067b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   36.250183] ==================================================================
[   36.259805] ==================================================================
[   36.269633] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   36.277180] Read of size 1 at addr ffff0008068622bb by task kunit_try_catch/270
[   36.284471] 
[   36.285957] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   36.286016] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.286032] Hardware name: WinLink E850-96 board (DT)
[   36.286053] Call trace:
[   36.286067]  show_stack+0x20/0x38 (C)
[   36.286105]  dump_stack_lvl+0x8c/0xd0
[   36.286136]  print_report+0x118/0x608
[   36.286170]  kasan_report+0xdc/0x128
[   36.286200]  __asan_report_load1_noabort+0x20/0x30
[   36.286237]  mempool_oob_right_helper+0x2ac/0x2f0
[   36.286271]  mempool_slab_oob_right+0xc0/0x118
[   36.286305]  kunit_try_run_case+0x170/0x3f0
[   36.286340]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.286374]  kthread+0x328/0x630
[   36.286407]  ret_from_fork+0x10/0x20
[   36.286444] 
[   36.354957] Allocated by task 270:
[   36.358342]  kasan_save_stack+0x3c/0x68
[   36.362160]  kasan_save_track+0x20/0x40
[   36.365978]  kasan_save_alloc_info+0x40/0x58
[   36.370232]  __kasan_mempool_unpoison_object+0xbc/0x180
[   36.375440]  remove_element+0x16c/0x1f8
[   36.379259]  mempool_alloc_preallocated+0x58/0xc0
[   36.383948]  mempool_oob_right_helper+0x98/0x2f0
[   36.388548]  mempool_slab_oob_right+0xc0/0x118
[   36.392975]  kunit_try_run_case+0x170/0x3f0
[   36.397141]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.402610]  kthread+0x328/0x630
[   36.405822]  ret_from_fork+0x10/0x20
[   36.409380] 
[   36.410858] The buggy address belongs to the object at ffff000806862240
[   36.410858]  which belongs to the cache test_cache of size 123
[   36.423273] The buggy address is located 0 bytes to the right of
[   36.423273]  allocated 123-byte region [ffff000806862240, ffff0008068622bb)
[   36.436203] 
[   36.437683] The buggy address belongs to the physical page:
[   36.443237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x886862
[   36.451223] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   36.457731] page_type: f5(slab)
[   36.460870] raw: 0bfffe0000000000 ffff000802403400 dead000000000122 0000000000000000
[   36.468588] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   36.476306] page dumped because: kasan: bad access detected
[   36.481862] 
[   36.483338] Memory state around the buggy address:
[   36.488118]  ffff000806862180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.495322]  ffff000806862200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   36.502527] >ffff000806862280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   36.509726]                                         ^
[   36.514765]  ffff000806862300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.521969]  ffff000806862380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.529172] ==================================================================
KNOWN ISSUE - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper: Failure
Metadata Full log Test run details
Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit KNOWN ISSUE
