lkft/linux-next-master - next-20250529 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

May 29, 2025, 7:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   24.100568] ==================================================================
[   24.100970] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   24.101146] Read of size 1 at addr fff00000c78a2001 by task kunit_try_catch/223
[   24.101262] 
[   24.101344] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   24.101557] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.101615] Hardware name: linux,dummy-virt (DT)
[   24.101716] Call trace:
[   24.101802]  show_stack+0x20/0x38 (C)
[   24.101983]  dump_stack_lvl+0x8c/0xd0
[   24.102146]  print_report+0x118/0x608
[   24.102259]  kasan_report+0xdc/0x128
[   24.102438]  __asan_report_load1_noabort+0x20/0x30
[   24.102546]  mempool_oob_right_helper+0x2ac/0x2f0
[   24.102651]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   24.102765]  kunit_try_run_case+0x170/0x3f0
[   24.102933]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.103096]  kthread+0x328/0x630
[   24.103221]  ret_from_fork+0x10/0x20
[   24.103384] 
[   24.103463] The buggy address belongs to the physical page:
[   24.103568] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a0
[   24.103690] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.103795] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.103923] page_type: f8(unknown)
[   24.104013] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.104118] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.104213] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.104308] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.104459] head: 0bfffe0000000002 ffffc1ffc31e2801 00000000ffffffff 00000000ffffffff
[   24.104568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.104690] page dumped because: kasan: bad access detected
[   24.104809] 
[   24.104877] Memory state around the buggy address:
[   24.104997]  fff00000c78a1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.105108]  fff00000c78a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.105211] >fff00000c78a2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.105308]                    ^
[   24.105383]  fff00000c78a2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.105499]  fff00000c78a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.105618] ==================================================================
[   24.076949] ==================================================================
[   24.077083] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   24.077200] Read of size 1 at addr fff00000c6394f73 by task kunit_try_catch/221
[   24.077261] 
[   24.077324] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   24.077448] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.077480] Hardware name: linux,dummy-virt (DT)
[   24.077524] Call trace:
[   24.077555]  show_stack+0x20/0x38 (C)
[   24.077615]  dump_stack_lvl+0x8c/0xd0
[   24.077672]  print_report+0x118/0x608
[   24.077727]  kasan_report+0xdc/0x128
[   24.077780]  __asan_report_load1_noabort+0x20/0x30
[   24.077832]  mempool_oob_right_helper+0x2ac/0x2f0
[   24.077887]  mempool_kmalloc_oob_right+0xc4/0x120
[   24.077940]  kunit_try_run_case+0x170/0x3f0
[   24.077997]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.078057]  kthread+0x328/0x630
[   24.078105]  ret_from_fork+0x10/0x20
[   24.078163] 
[   24.078185] Allocated by task 221:
[   24.078219]  kasan_save_stack+0x3c/0x68
[   24.078271]  kasan_save_track+0x20/0x40
[   24.078317]  kasan_save_alloc_info+0x40/0x58
[   24.078437]  __kasan_mempool_unpoison_object+0x11c/0x180
[   24.078538]  remove_element+0x130/0x1f8
[   24.078631]  mempool_alloc_preallocated+0x58/0xc0
[   24.078723]  mempool_oob_right_helper+0x98/0x2f0
[   24.078810]  mempool_kmalloc_oob_right+0xc4/0x120
[   24.078923]  kunit_try_run_case+0x170/0x3f0
[   24.078982]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.079030]  kthread+0x328/0x630
[   24.079069]  ret_from_fork+0x10/0x20
[   24.079110] 
[   24.079141] The buggy address belongs to the object at fff00000c6394f00
[   24.079141]  which belongs to the cache kmalloc-128 of size 128
[   24.079211] The buggy address is located 0 bytes to the right of
[   24.079211]  allocated 115-byte region [fff00000c6394f00, fff00000c6394f73)
[   24.079279] 
[   24.079307] The buggy address belongs to the physical page:
[   24.079347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106394
[   24.079442] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.079505] page_type: f5(slab)
[   24.079557] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   24.079616] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   24.079666] page dumped because: kasan: bad access detected
[   24.079704] 
[   24.079727] Memory state around the buggy address:
[   24.079767]  fff00000c6394e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.079817]  fff00000c6394e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.079866] >fff00000c6394f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   24.079910]                                                              ^
[   24.079956]  fff00000c6394f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.080003]  fff00000c6395000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.080048] ==================================================================
[   24.120636] ==================================================================
[   24.120900] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   24.121050] Read of size 1 at addr fff00000c63d22bb by task kunit_try_catch/225
[   24.121164] 
[   24.121247] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   24.121457] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.121512] Hardware name: linux,dummy-virt (DT)
[   24.121577] Call trace:
[   24.121623]  show_stack+0x20/0x38 (C)
[   24.121740]  dump_stack_lvl+0x8c/0xd0
[   24.121843]  print_report+0x118/0x608
[   24.121980]  kasan_report+0xdc/0x128
[   24.122162]  __asan_report_load1_noabort+0x20/0x30
[   24.122307]  mempool_oob_right_helper+0x2ac/0x2f0
[   24.122760]  mempool_slab_oob_right+0xc0/0x118
[   24.123303]  kunit_try_run_case+0x170/0x3f0
[   24.123431]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.124236]  kthread+0x328/0x630
[   24.124493]  ret_from_fork+0x10/0x20
[   24.125074] 
[   24.125169] Allocated by task 225:
[   24.125304]  kasan_save_stack+0x3c/0x68
[   24.125517]  kasan_save_track+0x20/0x40
[   24.125616]  kasan_save_alloc_info+0x40/0x58
[   24.125712]  __kasan_mempool_unpoison_object+0xbc/0x180
[   24.125828]  remove_element+0x16c/0x1f8
[   24.125922]  mempool_alloc_preallocated+0x58/0xc0
[   24.126024]  mempool_oob_right_helper+0x98/0x2f0
[   24.126122]  mempool_slab_oob_right+0xc0/0x118
[   24.126229]  kunit_try_run_case+0x170/0x3f0
[   24.127052]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.127358]  kthread+0x328/0x630
[   24.128060]  ret_from_fork+0x10/0x20
[   24.128184] 
[   24.128342] The buggy address belongs to the object at fff00000c63d2240
[   24.128342]  which belongs to the cache test_cache of size 123
[   24.128589] The buggy address is located 0 bytes to the right of
[   24.128589]  allocated 123-byte region [fff00000c63d2240, fff00000c63d22bb)
[   24.129189] 
[   24.129291] The buggy address belongs to the physical page:
[   24.129420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063d2
[   24.129860] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.130009] page_type: f5(slab)
[   24.130112] raw: 0bfffe0000000000 fff00000c1764dc0 dead000000000122 0000000000000000
[   24.131088] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   24.131444] page dumped because: kasan: bad access detected
[   24.131563] 
[   24.131765] Memory state around the buggy address:
[   24.131967]  fff00000c63d2180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.132184]  fff00000c63d2200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   24.132297] >fff00000c63d2280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   24.132707]                                         ^
[   24.132970]  fff00000c63d2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.133141]  fff00000c63d2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.133444] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xlB4GuTqktDwlee71Jnb1NJfRI

job_id

TEST:linaro@lkft#2xlB9kSwL581IJhu7BHNzCfQT8M

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xlB9kSwL581IJhu7BHNzCfQT8M

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB5itkvUcoORKx6U0GB9mAQ6f/Image.gz
sha256sum	27519c64f4a22ec72b96feedf830a0a926ae1ffcb90bd853992b3cfb83707592

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB5itkvUcoORKx6U0GB9mAQ6f/modules.tar.xz
sha256sum	b608f80e2ffe2d76ee59982bb5280be82af49763b122cef01f6e5492f96dd429

durations

tests

boot	0
kunit	310.48

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.320206] ==================================================================
[   12.320726] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.322131] Read of size 1 at addr ffff888102fa62bb by task kunit_try_catch/242
[   12.322744] 
[   12.323092] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   12.323148] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.323162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.323192] Call Trace:
[   12.323206]  <TASK>
[   12.323222]  dump_stack_lvl+0x73/0xb0
[   12.323252]  print_report+0xd1/0x650
[   12.323275]  ? __virt_addr_valid+0x1db/0x2d0
[   12.323299]  ? mempool_oob_right_helper+0x318/0x380
[   12.323323]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.323345]  ? mempool_oob_right_helper+0x318/0x380
[   12.323369]  kasan_report+0x141/0x180
[   12.323392]  ? mempool_oob_right_helper+0x318/0x380
[   12.323421]  __asan_report_load1_noabort+0x18/0x20
[   12.323443]  mempool_oob_right_helper+0x318/0x380
[   12.323468]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.323492]  ? update_load_avg+0x1be/0x21b0
[   12.323520]  ? finish_task_switch.isra.0+0x153/0x700
[   12.323547]  mempool_slab_oob_right+0xed/0x140
[   12.323568]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   12.323591]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   12.323621]  ? __pfx_mempool_free_slab+0x10/0x10
[   12.323645]  ? __pfx_read_tsc+0x10/0x10
[   12.323667]  ? ktime_get_ts64+0x86/0x230
[   12.323691]  kunit_try_run_case+0x1a5/0x480
[   12.323713]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.323733]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.323759]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.323822]  ? __kthread_parkme+0x82/0x180
[   12.323845]  ? preempt_count_sub+0x50/0x80
[   12.323869]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.323892]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.323919]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.323954]  kthread+0x337/0x6f0
[   12.323975]  ? trace_preempt_on+0x20/0xc0
[   12.324000]  ? __pfx_kthread+0x10/0x10
[   12.324032]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.324056]  ? calculate_sigpending+0x7b/0xa0
[   12.324080]  ? __pfx_kthread+0x10/0x10
[   12.324103]  ret_from_fork+0x116/0x1d0
[   12.324123]  ? __pfx_kthread+0x10/0x10
[   12.324144]  ret_from_fork_asm+0x1a/0x30
[   12.324175]  </TASK>
[   12.324186] 
[   12.337267] Allocated by task 242:
[   12.337460]  kasan_save_stack+0x45/0x70
[   12.337669]  kasan_save_track+0x18/0x40
[   12.337907]  kasan_save_alloc_info+0x3b/0x50
[   12.338112]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   12.338348]  remove_element+0x11e/0x190
[   12.338525]  mempool_alloc_preallocated+0x4d/0x90
[   12.339163]  mempool_oob_right_helper+0x8a/0x380
[   12.339543]  mempool_slab_oob_right+0xed/0x140
[   12.339980]  kunit_try_run_case+0x1a5/0x480
[   12.340271]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.340664]  kthread+0x337/0x6f0
[   12.341021]  ret_from_fork+0x116/0x1d0
[   12.341209]  ret_from_fork_asm+0x1a/0x30
[   12.341396] 
[   12.341490] The buggy address belongs to the object at ffff888102fa6240
[   12.341490]  which belongs to the cache test_cache of size 123
[   12.342664] The buggy address is located 0 bytes to the right of
[   12.342664]  allocated 123-byte region [ffff888102fa6240, ffff888102fa62bb)
[   12.343380] 
[   12.343481] The buggy address belongs to the physical page:
[   12.343714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102fa6
[   12.344384] flags: 0x200000000000000(node=0|zone=2)
[   12.344603] page_type: f5(slab)
[   12.344742] raw: 0200000000000000 ffff8881011dadc0 dead000000000122 0000000000000000
[   12.345223] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   12.345552] page dumped because: kasan: bad access detected
[   12.345823] 
[   12.345906] Memory state around the buggy address:
[   12.346381]  ffff888102fa6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.346688]  ffff888102fa6200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   12.346998] >ffff888102fa6280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   12.347409]                                         ^
[   12.347648]  ffff888102fa6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.348031]  ffff888102fa6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.348462] ==================================================================
[   12.264731] ==================================================================
[   12.265652] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.266139] Read of size 1 at addr ffff888102f96573 by task kunit_try_catch/238
[   12.266453] 
[   12.266589] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   12.266654] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.266667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.266691] Call Trace:
[   12.266714]  <TASK>
[   12.266735]  dump_stack_lvl+0x73/0xb0
[   12.266801]  print_report+0xd1/0x650
[   12.267061]  ? __virt_addr_valid+0x1db/0x2d0
[   12.267096]  ? mempool_oob_right_helper+0x318/0x380
[   12.267128]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.267152]  ? mempool_oob_right_helper+0x318/0x380
[   12.267178]  kasan_report+0x141/0x180
[   12.267201]  ? mempool_oob_right_helper+0x318/0x380
[   12.267230]  __asan_report_load1_noabort+0x18/0x20
[   12.267252]  mempool_oob_right_helper+0x318/0x380
[   12.267278]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.267305]  ? __kasan_check_write+0x18/0x20
[   12.267327]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.267355]  ? finish_task_switch.isra.0+0x153/0x700
[   12.267385]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.267411]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   12.267440]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.267462]  ? __pfx_mempool_kfree+0x10/0x10
[   12.267484]  ? __pfx_read_tsc+0x10/0x10
[   12.267507]  ? ktime_get_ts64+0x86/0x230
[   12.267534]  kunit_try_run_case+0x1a5/0x480
[   12.267558]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.267578]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.267605]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.267642]  ? __kthread_parkme+0x82/0x180
[   12.267665]  ? preempt_count_sub+0x50/0x80
[   12.267688]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.267709]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.267734]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.267825]  kthread+0x337/0x6f0
[   12.267848]  ? trace_preempt_on+0x20/0xc0
[   12.267873]  ? __pfx_kthread+0x10/0x10
[   12.267895]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.267918]  ? calculate_sigpending+0x7b/0xa0
[   12.267942]  ? __pfx_kthread+0x10/0x10
[   12.267964]  ret_from_fork+0x116/0x1d0
[   12.267983]  ? __pfx_kthread+0x10/0x10
[   12.268003]  ret_from_fork_asm+0x1a/0x30
[   12.268035]  </TASK>
[   12.268048] 
[   12.278557] Allocated by task 238:
[   12.279009]  kasan_save_stack+0x45/0x70
[   12.279273]  kasan_save_track+0x18/0x40
[   12.279600]  kasan_save_alloc_info+0x3b/0x50
[   12.279867]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.280318]  remove_element+0x11e/0x190
[   12.280521]  mempool_alloc_preallocated+0x4d/0x90
[   12.280748]  mempool_oob_right_helper+0x8a/0x380
[   12.281139]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.281414]  kunit_try_run_case+0x1a5/0x480
[   12.281685]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.282156]  kthread+0x337/0x6f0
[   12.282329]  ret_from_fork+0x116/0x1d0
[   12.282484]  ret_from_fork_asm+0x1a/0x30
[   12.282709] 
[   12.282807] The buggy address belongs to the object at ffff888102f96500
[   12.282807]  which belongs to the cache kmalloc-128 of size 128
[   12.283281] The buggy address is located 0 bytes to the right of
[   12.283281]  allocated 115-byte region [ffff888102f96500, ffff888102f96573)
[   12.284248] 
[   12.284354] The buggy address belongs to the physical page:
[   12.284565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f96
[   12.285237] flags: 0x200000000000000(node=0|zone=2)
[   12.285562] page_type: f5(slab)
[   12.285909] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.286312] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.286720] page dumped because: kasan: bad access detected
[   12.287156] 
[   12.287258] Memory state around the buggy address:
[   12.287570]  ffff888102f96400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.288057]  ffff888102f96480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.288445] >ffff888102f96500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.288723]                                                              ^
[   12.289168]  ffff888102f96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.289545]  ffff888102f96600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.289926] ==================================================================
[   12.293071] ==================================================================
[   12.293604] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.293981] Read of size 1 at addr ffff888102a8a001 by task kunit_try_catch/240
[   12.294371] 
[   12.294698] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   12.294751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.294978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.295007] Call Trace:
[   12.295021]  <TASK>
[   12.295038]  dump_stack_lvl+0x73/0xb0
[   12.295069]  print_report+0xd1/0x650
[   12.295091]  ? __virt_addr_valid+0x1db/0x2d0
[   12.295116]  ? mempool_oob_right_helper+0x318/0x380
[   12.295139]  ? kasan_addr_to_slab+0x11/0xa0
[   12.295160]  ? mempool_oob_right_helper+0x318/0x380
[   12.295185]  kasan_report+0x141/0x180
[   12.295208]  ? mempool_oob_right_helper+0x318/0x380
[   12.295236]  __asan_report_load1_noabort+0x18/0x20
[   12.295258]  mempool_oob_right_helper+0x318/0x380
[   12.295283]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.295308]  ? __kasan_check_write+0x18/0x20
[   12.295328]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.295350]  ? finish_task_switch.isra.0+0x153/0x700
[   12.295377]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   12.295402]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   12.295429]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.295450]  ? __pfx_mempool_kfree+0x10/0x10
[   12.295471]  ? __pfx_read_tsc+0x10/0x10
[   12.295492]  ? ktime_get_ts64+0x86/0x230
[   12.295517]  kunit_try_run_case+0x1a5/0x480
[   12.295539]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.295559]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.295584]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.295620]  ? __kthread_parkme+0x82/0x180
[   12.295641]  ? preempt_count_sub+0x50/0x80
[   12.295663]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.295685]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.295728]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.295752]  kthread+0x337/0x6f0
[   12.295772]  ? trace_preempt_on+0x20/0xc0
[   12.295795]  ? __pfx_kthread+0x10/0x10
[   12.295834]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.295856]  ? calculate_sigpending+0x7b/0xa0
[   12.295889]  ? __pfx_kthread+0x10/0x10
[   12.295911]  ret_from_fork+0x116/0x1d0
[   12.295929]  ? __pfx_kthread+0x10/0x10
[   12.295950]  ret_from_fork_asm+0x1a/0x30
[   12.295981]  </TASK>
[   12.295993] 
[   12.307030] The buggy address belongs to the physical page:
[   12.307239] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88
[   12.307590] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.308004] flags: 0x200000000000040(head|node=0|zone=2)
[   12.308410] page_type: f8(unknown)
[   12.308695] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.309036] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.309573] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.310085] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.310397] head: 0200000000000002 ffffea00040aa201 00000000ffffffff 00000000ffffffff
[   12.311076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.311402] page dumped because: kasan: bad access detected
[   12.311786] 
[   12.312076] Memory state around the buggy address:
[   12.312279]  ffff888102a89f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.312590]  ffff888102a89f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.313179] >ffff888102a8a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.313490]                    ^
[   12.313989]  ffff888102a8a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.314374]  ffff888102a8a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.314836] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xlB4GuTqktDwlee71Jnb1NJfRI

job_id

TEST:linaro@lkft#2xlBAyWnEAFxkkNPj7qJWrTtgaT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xlBAyWnEAFxkkNPj7qJWrTtgaT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB7JyggRDdiWlLTNR3RGHKw4x/bzImage
sha256sum	813ee3b065558370ed659c97e0f76fa13c53689c6a88e9ed6ce06540be4fba08

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB7JyggRDdiWlLTNR3RGHKw4x/modules.tar.xz
sha256sum	d821f741da2dacad362fb409ee36ce859b32a19bbacfcc6c2f316531b9b4ec5f

durations

tests

boot	0
kunit	207.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned