lkft/linux-next-master - next-20250526 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

May 26, 2025, 9:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.751103] ==================================================================
[   19.751220] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   19.751308] Read of size 1 at addr fff00000c4693d73 by task kunit_try_catch/221
[   19.751389] 
[   19.751439] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   19.751534] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.751564] Hardware name: linux,dummy-virt (DT)
[   19.751601] Call trace:
[   19.751632]  show_stack+0x20/0x38 (C)
[   19.751699]  dump_stack_lvl+0x8c/0xd0
[   19.751762]  print_report+0x118/0x608
[   19.751818]  kasan_report+0xdc/0x128
[   19.751871]  __asan_report_load1_noabort+0x20/0x30
[   19.751929]  mempool_oob_right_helper+0x2ac/0x2f0
[   19.751986]  mempool_kmalloc_oob_right+0xc4/0x120
[   19.752040]  kunit_try_run_case+0x170/0x3f0
[   19.752102]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.752160]  kthread+0x328/0x630
[   19.752211]  ret_from_fork+0x10/0x20
[   19.752269] 
[   19.752291] Allocated by task 221:
[   19.752333]  kasan_save_stack+0x3c/0x68
[   19.752381]  kasan_save_track+0x20/0x40
[   19.752419]  kasan_save_alloc_info+0x40/0x58
[   19.752475]  __kasan_mempool_unpoison_object+0x11c/0x180
[   19.752521]  remove_element+0x130/0x1f8
[   19.752562]  mempool_alloc_preallocated+0x58/0xc0
[   19.752602]  mempool_oob_right_helper+0x98/0x2f0
[   19.752642]  mempool_kmalloc_oob_right+0xc4/0x120
[   19.752680]  kunit_try_run_case+0x170/0x3f0
[   19.752719]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.752761]  kthread+0x328/0x630
[   19.752795]  ret_from_fork+0x10/0x20
[   19.752832] 
[   19.752854] The buggy address belongs to the object at fff00000c4693d00
[   19.752854]  which belongs to the cache kmalloc-128 of size 128
[   19.752912] The buggy address is located 0 bytes to the right of
[   19.752912]  allocated 115-byte region [fff00000c4693d00, fff00000c4693d73)
[   19.752975] 
[   19.753001] The buggy address belongs to the physical page:
[   19.753038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104693
[   19.753099] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.753157] page_type: f5(slab)
[   19.753204] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.753256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.753298] page dumped because: kasan: bad access detected
[   19.753342] 
[   19.753364] Memory state around the buggy address:
[   19.753402]  fff00000c4693c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.753448]  fff00000c4693c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.753491] >fff00000c4693d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   19.753531]                                                              ^
[   19.753571]  fff00000c4693d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.753614]  fff00000c4693e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   19.753655] ==================================================================
[   19.807504] ==================================================================
[   19.807720] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   19.807876] Read of size 1 at addr fff00000c789f2bb by task kunit_try_catch/225
[   19.808029] 
[   19.808151] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   19.808403] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.808462] Hardware name: linux,dummy-virt (DT)
[   19.808538] Call trace:
[   19.808590]  show_stack+0x20/0x38 (C)
[   19.808741]  dump_stack_lvl+0x8c/0xd0
[   19.809218]  print_report+0x118/0x608
[   19.809364]  kasan_report+0xdc/0x128
[   19.809501]  __asan_report_load1_noabort+0x20/0x30
[   19.809604]  mempool_oob_right_helper+0x2ac/0x2f0
[   19.809695]  mempool_slab_oob_right+0xc0/0x118
[   19.809947]  kunit_try_run_case+0x170/0x3f0
[   19.810061]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.810185]  kthread+0x328/0x630
[   19.810587]  ret_from_fork+0x10/0x20
[   19.810745] 
[   19.810801] Allocated by task 225:
[   19.810901]  kasan_save_stack+0x3c/0x68
[   19.811031]  kasan_save_track+0x20/0x40
[   19.811145]  kasan_save_alloc_info+0x40/0x58
[   19.811263]  __kasan_mempool_unpoison_object+0xbc/0x180
[   19.811412]  remove_element+0x16c/0x1f8
[   19.811537]  mempool_alloc_preallocated+0x58/0xc0
[   19.811630]  mempool_oob_right_helper+0x98/0x2f0
[   19.811714]  mempool_slab_oob_right+0xc0/0x118
[   19.811805]  kunit_try_run_case+0x170/0x3f0
[   19.811893]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.812003]  kthread+0x328/0x630
[   19.812107]  ret_from_fork+0x10/0x20
[   19.812231] 
[   19.812283] The buggy address belongs to the object at fff00000c789f240
[   19.812283]  which belongs to the cache test_cache of size 123
[   19.812414] The buggy address is located 0 bytes to the right of
[   19.812414]  allocated 123-byte region [fff00000c789f240, fff00000c789f2bb)
[   19.812584] 
[   19.812640] The buggy address belongs to the physical page:
[   19.812704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10789f
[   19.812850] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.812968] page_type: f5(slab)
[   19.813070] raw: 0bfffe0000000000 fff00000c794a500 dead000000000122 0000000000000000
[   19.813196] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   19.813292] page dumped because: kasan: bad access detected
[   19.813385] 
[   19.813432] Memory state around the buggy address:
[   19.813507]  fff00000c789f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.814506]  fff00000c789f200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   19.814654] >fff00000c789f280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   19.814806]                                         ^
[   19.814991]  fff00000c789f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.815197]  fff00000c789f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.815401] ==================================================================
[   19.774907] ==================================================================
[   19.775056] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   19.775210] Read of size 1 at addr fff00000c797a001 by task kunit_try_catch/223
[   19.776020] 
[   19.776107] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   19.776301] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.776379] Hardware name: linux,dummy-virt (DT)
[   19.776462] Call trace:
[   19.776527]  show_stack+0x20/0x38 (C)
[   19.776656]  dump_stack_lvl+0x8c/0xd0
[   19.776775]  print_report+0x118/0x608
[   19.776880]  kasan_report+0xdc/0x128
[   19.777018]  __asan_report_load1_noabort+0x20/0x30
[   19.777279]  mempool_oob_right_helper+0x2ac/0x2f0
[   19.777482]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   19.777586]  kunit_try_run_case+0x170/0x3f0
[   19.777712]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.777823]  kthread+0x328/0x630
[   19.777910]  ret_from_fork+0x10/0x20
[   19.778005] 
[   19.778050] The buggy address belongs to the physical page:
[   19.778450] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107978
[   19.778579] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.778683] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.778836] page_type: f8(unknown)
[   19.778932] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.779384] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.779496] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.779590] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.779718] head: 0bfffe0000000002 ffffc1ffc31e5e01 00000000ffffffff 00000000ffffffff
[   19.780017] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.780126] page dumped because: kasan: bad access detected
[   19.780238] 
[   19.780343] Memory state around the buggy address:
[   19.780479]  fff00000c7979f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.780761]  fff00000c7979f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.781058] >fff00000c797a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.781161]                    ^
[   19.781575]  fff00000c797a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.782099]  fff00000c797a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.782408] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwKRqCiBXqZTfBUVGk3R7kFyV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwKRqCiBXqZTfBUVGk3R7kFyV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/Image.gz
sha256sum	5eb220ec8a0577057e846893fd6765de2862993ea9b0ac08817113a8276aa5f2

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/modules.tar.xz
sha256sum	4b1624b924fe7746dfbcb89db1c4c5f348e5b645d9f62b80c2bae0383b878251

durations

tests

boot	0
kunit	238.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.408672] ==================================================================
[   12.409292] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.409608] Read of size 1 at addr ffff888102826473 by task kunit_try_catch/239
[   12.410200] 
[   12.410324] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   12.410389] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.410401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.410720] Call Trace:
[   12.410739]  <TASK>
[   12.410760]  dump_stack_lvl+0x73/0xb0
[   12.410793]  print_report+0xd1/0x650
[   12.410818]  ? __virt_addr_valid+0x1db/0x2d0
[   12.410843]  ? mempool_oob_right_helper+0x318/0x380
[   12.410877]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.410900]  ? mempool_oob_right_helper+0x318/0x380
[   12.410924]  kasan_report+0x141/0x180
[   12.410946]  ? mempool_oob_right_helper+0x318/0x380
[   12.410974]  __asan_report_load1_noabort+0x18/0x20
[   12.410995]  mempool_oob_right_helper+0x318/0x380
[   12.411050]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.411076]  ? __kasan_check_write+0x18/0x20
[   12.411096]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.411119]  ? finish_task_switch.isra.0+0x153/0x700
[   12.411146]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.411170]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   12.411195]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.411217]  ? __pfx_mempool_kfree+0x10/0x10
[   12.411238]  ? __pfx_read_tsc+0x10/0x10
[   12.411260]  ? ktime_get_ts64+0x86/0x230
[   12.411285]  kunit_try_run_case+0x1a5/0x480
[   12.411308]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.411328]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.411353]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.411389]  ? __kthread_parkme+0x82/0x180
[   12.411410]  ? preempt_count_sub+0x50/0x80
[   12.411433]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.411454]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.411477]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.411501]  kthread+0x337/0x6f0
[   12.411521]  ? trace_preempt_on+0x20/0xc0
[   12.411545]  ? __pfx_kthread+0x10/0x10
[   12.411565]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.411587]  ? calculate_sigpending+0x7b/0xa0
[   12.411612]  ? __pfx_kthread+0x10/0x10
[   12.411633]  ret_from_fork+0x116/0x1d0
[   12.411651]  ? __pfx_kthread+0x10/0x10
[   12.411671]  ret_from_fork_asm+0x1a/0x30
[   12.411702]  </TASK>
[   12.411713] 
[   12.421065] Allocated by task 239:
[   12.421208]  kasan_save_stack+0x45/0x70
[   12.421362]  kasan_save_track+0x18/0x40
[   12.421596]  kasan_save_alloc_info+0x3b/0x50
[   12.421892]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.422522]  remove_element+0x11e/0x190
[   12.422666]  mempool_alloc_preallocated+0x4d/0x90
[   12.423180]  mempool_oob_right_helper+0x8a/0x380
[   12.423365]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.423658]  kunit_try_run_case+0x1a5/0x480
[   12.423908]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.424275]  kthread+0x337/0x6f0
[   12.424455]  ret_from_fork+0x116/0x1d0
[   12.424654]  ret_from_fork_asm+0x1a/0x30
[   12.424928] 
[   12.425045] The buggy address belongs to the object at ffff888102826400
[   12.425045]  which belongs to the cache kmalloc-128 of size 128
[   12.425508] The buggy address is located 0 bytes to the right of
[   12.425508]  allocated 115-byte region [ffff888102826400, ffff888102826473)
[   12.426281] 
[   12.426362] The buggy address belongs to the physical page:
[   12.426730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102826
[   12.427156] flags: 0x200000000000000(node=0|zone=2)
[   12.427491] page_type: f5(slab)
[   12.427651] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.428066] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.428435] page dumped because: kasan: bad access detected
[   12.428712] 
[   12.428864] Memory state around the buggy address:
[   12.429168]  ffff888102826300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.429444]  ffff888102826380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.429796] >ffff888102826400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.430107]                                                              ^
[   12.430472]  ffff888102826480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.430803]  ffff888102826500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.431198] ==================================================================
[   12.459388] ==================================================================
[   12.460270] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.460635] Read of size 1 at addr ffff88810397e2bb by task kunit_try_catch/243
[   12.460960] 
[   12.461064] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   12.461170] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.461198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.461220] Call Trace:
[   12.461233]  <TASK>
[   12.461249]  dump_stack_lvl+0x73/0xb0
[   12.461286]  print_report+0xd1/0x650
[   12.461309]  ? __virt_addr_valid+0x1db/0x2d0
[   12.461331]  ? mempool_oob_right_helper+0x318/0x380
[   12.461354]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.461386]  ? mempool_oob_right_helper+0x318/0x380
[   12.461410]  kasan_report+0x141/0x180
[   12.461432]  ? mempool_oob_right_helper+0x318/0x380
[   12.461461]  __asan_report_load1_noabort+0x18/0x20
[   12.461481]  mempool_oob_right_helper+0x318/0x380
[   12.461505]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.461531]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.461552]  ? finish_task_switch.isra.0+0x153/0x700
[   12.461577]  mempool_slab_oob_right+0xed/0x140
[   12.461598]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   12.461618]  ? __kasan_check_write+0x18/0x20
[   12.461649]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   12.461669]  ? __pfx_mempool_free_slab+0x10/0x10
[   12.461690]  ? __pfx_read_tsc+0x10/0x10
[   12.461721]  ? ktime_get_ts64+0x86/0x230
[   12.461744]  kunit_try_run_case+0x1a5/0x480
[   12.461783]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.461802]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   12.461836]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.461861]  ? __kthread_parkme+0x82/0x180
[   12.461880]  ? preempt_count_sub+0x50/0x80
[   12.461903]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.461923]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.461947]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.461971]  kthread+0x337/0x6f0
[   12.461990]  ? trace_preempt_on+0x20/0xc0
[   12.462033]  ? __pfx_kthread+0x10/0x10
[   12.462054]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.462075]  ? calculate_sigpending+0x7b/0xa0
[   12.462098]  ? __pfx_kthread+0x10/0x10
[   12.462120]  ret_from_fork+0x116/0x1d0
[   12.462138]  ? __pfx_kthread+0x10/0x10
[   12.462158]  ret_from_fork_asm+0x1a/0x30
[   12.462188]  </TASK>
[   12.462199] 
[   12.472189] Allocated by task 243:
[   12.472475]  kasan_save_stack+0x45/0x70
[   12.472687]  kasan_save_track+0x18/0x40
[   12.472841]  kasan_save_alloc_info+0x3b/0x50
[   12.472988]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   12.473162]  remove_element+0x11e/0x190
[   12.473340]  mempool_alloc_preallocated+0x4d/0x90
[   12.473627]  mempool_oob_right_helper+0x8a/0x380
[   12.474040]  mempool_slab_oob_right+0xed/0x140
[   12.474223]  kunit_try_run_case+0x1a5/0x480
[   12.474461]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.474699]  kthread+0x337/0x6f0
[   12.474859]  ret_from_fork+0x116/0x1d0
[   12.475220]  ret_from_fork_asm+0x1a/0x30
[   12.475392] 
[   12.475467] The buggy address belongs to the object at ffff88810397e240
[   12.475467]  which belongs to the cache test_cache of size 123
[   12.476109] The buggy address is located 0 bytes to the right of
[   12.476109]  allocated 123-byte region [ffff88810397e240, ffff88810397e2bb)
[   12.476999] 
[   12.477122] The buggy address belongs to the physical page:
[   12.477352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10397e
[   12.477669] flags: 0x200000000000000(node=0|zone=2)
[   12.477958] page_type: f5(slab)
[   12.478281] raw: 0200000000000000 ffff88810189cb40 dead000000000122 0000000000000000
[   12.478639] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   12.478990] page dumped because: kasan: bad access detected
[   12.479460] 
[   12.479562] Memory state around the buggy address:
[   12.479792]  ffff88810397e180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.480167]  ffff88810397e200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   12.480450] >ffff88810397e280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   12.480818]                                         ^
[   12.481055]  ffff88810397e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.481449]  ffff88810397e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.481737] ==================================================================
[   12.434804] ==================================================================
[   12.435319] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.435643] Read of size 1 at addr ffff8881039f6001 by task kunit_try_catch/241
[   12.436011] 
[   12.436115] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   12.436161] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.436173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.436194] Call Trace:
[   12.436207]  <TASK>
[   12.436235]  dump_stack_lvl+0x73/0xb0
[   12.436265]  print_report+0xd1/0x650
[   12.436289]  ? __virt_addr_valid+0x1db/0x2d0
[   12.436325]  ? mempool_oob_right_helper+0x318/0x380
[   12.436348]  ? kasan_addr_to_slab+0x11/0xa0
[   12.436369]  ? mempool_oob_right_helper+0x318/0x380
[   12.436401]  kasan_report+0x141/0x180
[   12.436424]  ? mempool_oob_right_helper+0x318/0x380
[   12.436452]  __asan_report_load1_noabort+0x18/0x20
[   12.436482]  mempool_oob_right_helper+0x318/0x380
[   12.436506]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.436531]  ? __kasan_check_write+0x18/0x20
[   12.436562]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.436585]  ? finish_task_switch.isra.0+0x153/0x700
[   12.436612]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   12.436637]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   12.436665]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.436685]  ? __pfx_mempool_kfree+0x10/0x10
[   12.436706]  ? __pfx_read_tsc+0x10/0x10
[   12.436738]  ? ktime_get_ts64+0x86/0x230
[   12.436763]  kunit_try_run_case+0x1a5/0x480
[   12.436794]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.436814]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.436840]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.436876]  ? __kthread_parkme+0x82/0x180
[   12.436895]  ? preempt_count_sub+0x50/0x80
[   12.436918]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.436939]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.436972]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.436996]  kthread+0x337/0x6f0
[   12.437016]  ? trace_preempt_on+0x20/0xc0
[   12.437051]  ? __pfx_kthread+0x10/0x10
[   12.437072]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.437118]  ? calculate_sigpending+0x7b/0xa0
[   12.437142]  ? __pfx_kthread+0x10/0x10
[   12.437164]  ret_from_fork+0x116/0x1d0
[   12.437182]  ? __pfx_kthread+0x10/0x10
[   12.437203]  ret_from_fork_asm+0x1a/0x30
[   12.437233]  </TASK>
[   12.437244] 
[   12.446641] The buggy address belongs to the physical page:
[   12.447180] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f4
[   12.447560] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.447920] flags: 0x200000000000040(head|node=0|zone=2)
[   12.448252] page_type: f8(unknown)
[   12.448436] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.448775] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.449118] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.449443] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.449717] head: 0200000000000002 ffffea00040e7d01 00000000ffffffff 00000000ffffffff
[   12.450055] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.450343] page dumped because: kasan: bad access detected
[   12.450616] 
[   12.450689] Memory state around the buggy address:
[   12.450944]  ffff8881039f5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.451213]  ffff8881039f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.451751] >ffff8881039f6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.452289]                    ^
[   12.452472]  ffff8881039f6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.452693]  ffff8881039f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.453057] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwLWYXo1r3LJpulqtiW2zsnrb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwLWYXo1r3LJpulqtiW2zsnrb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/bzImage
sha256sum	b09b9976970e4221a2c7611dba5f82a6b21199333e8eaa872d8eeba71513307b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/modules.tar.xz
sha256sum	2494407470591358d825e0a38516dda0affd27e1b84431d2c86d654acedface9

durations

tests

boot	0
kunit	198.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned