lkft/linux-next-master - next-20250718 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 18, 2025, 1:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   33.572239] ==================================================================
[   33.572299] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.572351] Read of size 1 at addr fff00000c907a2bb by task kunit_try_catch/256
[   33.572452] 
[   33.572550] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   33.572636] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.572661] Hardware name: linux,dummy-virt (DT)
[   33.572807] Call trace:
[   33.572978]  show_stack+0x20/0x38 (C)
[   33.573212]  dump_stack_lvl+0x8c/0xd0
[   33.573268]  print_report+0x118/0x5e8
[   33.573407]  kasan_report+0xdc/0x128
[   33.573451]  __asan_report_load1_noabort+0x20/0x30
[   33.573504]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.573666]  mempool_slab_oob_right+0xc0/0x118
[   33.573963]  kunit_try_run_case+0x170/0x3f0
[   33.574068]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.574131]  kthread+0x328/0x630
[   33.574175]  ret_from_fork+0x10/0x20
[   33.574220] 
[   33.574248] Allocated by task 256:
[   33.574278]  kasan_save_stack+0x3c/0x68
[   33.574315]  kasan_save_track+0x20/0x40
[   33.574425]  kasan_save_alloc_info+0x40/0x58
[   33.574528]  __kasan_mempool_unpoison_object+0xbc/0x180
[   33.574825]  remove_element+0x16c/0x1f8
[   33.574893]  mempool_alloc_preallocated+0x58/0xc0
[   33.574934]  mempool_oob_right_helper+0x98/0x2f0
[   33.574973]  mempool_slab_oob_right+0xc0/0x118
[   33.575013]  kunit_try_run_case+0x170/0x3f0
[   33.575049]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.575102]  kthread+0x328/0x630
[   33.575144]  ret_from_fork+0x10/0x20
[   33.575180] 
[   33.575199] The buggy address belongs to the object at fff00000c907a240
[   33.575199]  which belongs to the cache test_cache of size 123
[   33.575531] The buggy address is located 0 bytes to the right of
[   33.575531]  allocated 123-byte region [fff00000c907a240, fff00000c907a2bb)
[   33.575706] 
[   33.575729] The buggy address belongs to the physical page:
[   33.575758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10907a
[   33.575852] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.576098] page_type: f5(slab)
[   33.576136] raw: 0bfffe0000000000 fff00000c4743c80 dead000000000122 0000000000000000
[   33.576184] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   33.576402] page dumped because: kasan: bad access detected
[   33.576439] 
[   33.576457] Memory state around the buggy address:
[   33.576589]  fff00000c907a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.576701]  fff00000c907a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   33.576758] >fff00000c907a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   33.576829]                                         ^
[   33.576878]  fff00000c907a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.576920]  fff00000c907a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.576975] ==================================================================
[   33.558504] ==================================================================
[   33.558595] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.558647] Read of size 1 at addr fff00000c9bb2001 by task kunit_try_catch/254
[   33.558696] 
[   33.558726] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   33.558896] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.559006] Hardware name: linux,dummy-virt (DT)
[   33.559044] Call trace:
[   33.559148]  show_stack+0x20/0x38 (C)
[   33.559197]  dump_stack_lvl+0x8c/0xd0
[   33.559243]  print_report+0x118/0x5e8
[   33.559294]  kasan_report+0xdc/0x128
[   33.559338]  __asan_report_load1_noabort+0x20/0x30
[   33.559384]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.559551]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   33.559698]  kunit_try_run_case+0x170/0x3f0
[   33.559756]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.559812]  kthread+0x328/0x630
[   33.559928]  ret_from_fork+0x10/0x20
[   33.559975] 
[   33.559995] The buggy address belongs to the physical page:
[   33.560027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bb0
[   33.560089] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.560135] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.560187] page_type: f8(unknown)
[   33.560225] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.560273] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.560321] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.560368] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.560423] head: 0bfffe0000000002 ffffc1ffc326ec01 00000000ffffffff 00000000ffffffff
[   33.560634] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.560686] page dumped because: kasan: bad access detected
[   33.560722] 
[   33.560786] Memory state around the buggy address:
[   33.560824]  fff00000c9bb1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.560921]  fff00000c9bb1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.560970] >fff00000c9bb2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.561029]                    ^
[   33.561091]  fff00000c9bb2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.561134]  fff00000c9bb2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.561173] ==================================================================
[   33.550149] ==================================================================
[   33.550226] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.550300] Read of size 1 at addr fff00000c3fed173 by task kunit_try_catch/252
[   33.550350] 
[   33.550391] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   33.550480] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.550509] Hardware name: linux,dummy-virt (DT)
[   33.550542] Call trace:
[   33.550569]  show_stack+0x20/0x38 (C)
[   33.550618]  dump_stack_lvl+0x8c/0xd0
[   33.550670]  print_report+0x118/0x5e8
[   33.550712]  kasan_report+0xdc/0x128
[   33.550756]  __asan_report_load1_noabort+0x20/0x30
[   33.550803]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.550851]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.550899]  kunit_try_run_case+0x170/0x3f0
[   33.550948]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.550997]  kthread+0x328/0x630
[   33.551042]  ret_from_fork+0x10/0x20
[   33.551117] 
[   33.551138] Allocated by task 252:
[   33.551167]  kasan_save_stack+0x3c/0x68
[   33.551208]  kasan_save_track+0x20/0x40
[   33.551242]  kasan_save_alloc_info+0x40/0x58
[   33.551280]  __kasan_mempool_unpoison_object+0x11c/0x180
[   33.551320]  remove_element+0x130/0x1f8
[   33.551360]  mempool_alloc_preallocated+0x58/0xc0
[   33.551400]  mempool_oob_right_helper+0x98/0x2f0
[   33.551441]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.551480]  kunit_try_run_case+0x170/0x3f0
[   33.551517]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.551558]  kthread+0x328/0x630
[   33.551592]  ret_from_fork+0x10/0x20
[   33.551627] 
[   33.551646] The buggy address belongs to the object at fff00000c3fed100
[   33.551646]  which belongs to the cache kmalloc-128 of size 128
[   33.551704] The buggy address is located 0 bytes to the right of
[   33.551704]  allocated 115-byte region [fff00000c3fed100, fff00000c3fed173)
[   33.551790] 
[   33.551821] The buggy address belongs to the physical page:
[   33.551855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fed
[   33.551911] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.551964] page_type: f5(slab)
[   33.552006] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   33.552056] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.552110] page dumped because: kasan: bad access detected
[   33.552142] 
[   33.552171] Memory state around the buggy address:
[   33.552206]  fff00000c3fed000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.552249]  fff00000c3fed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.552292] >fff00000c3fed100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.552330]                                                              ^
[   33.552370]  fff00000c3fed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.552414]  fff00000c3fed200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.552450] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3036v5IOku9kbGwPAxMzAEIc53c

job_id

TEST:linaro@lkft#3036zhqEIPBB9ZWiNqxrt9yzBCZ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3036zhqEIPBB9ZWiNqxrt9yzBCZ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036wEt97kKkGLPer9c9xRyYEUW/Image.gz
sha256sum	ef45bb451b92e0e364dae8f4a03204dbe06c728b275ab06b9f73ab6225c4cc39

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036wEt97kKkGLPer9c9xRyYEUW/modules.tar.xz
sha256sum	5b93974edad32ed66a90059bce180e27102c332dbf4de7f92fd7321ca4fe262a

durations

tests

boot	0
kunit	167.80

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   26.341750] ==================================================================
[   26.342322] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.342617] Read of size 1 at addr ffff8881053c52bb by task kunit_try_catch/273
[   26.342932] 
[   26.343042] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   26.343113] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.343127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.343151] Call Trace:
[   26.343164]  <TASK>
[   26.343194]  dump_stack_lvl+0x73/0xb0
[   26.343402]  print_report+0xd1/0x640
[   26.343431]  ? __virt_addr_valid+0x1db/0x2d0
[   26.343457]  ? mempool_oob_right_helper+0x318/0x380
[   26.343481]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.343506]  ? mempool_oob_right_helper+0x318/0x380
[   26.343551]  kasan_report+0x141/0x180
[   26.343575]  ? mempool_oob_right_helper+0x318/0x380
[   26.343603]  __asan_report_load1_noabort+0x18/0x20
[   26.343629]  mempool_oob_right_helper+0x318/0x380
[   26.343652]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.343679]  ? finish_task_switch.isra.0+0x153/0x700
[   26.343704]  mempool_slab_oob_right+0xed/0x140
[   26.343727]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   26.343752]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   26.343778]  ? __pfx_mempool_free_slab+0x10/0x10
[   26.343818]  ? __pfx_read_tsc+0x10/0x10
[   26.343989]  ? ktime_get_ts64+0x86/0x230
[   26.344015]  kunit_try_run_case+0x1a5/0x480
[   26.344060]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.344081]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.344117]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.344149]  ? __kthread_parkme+0x82/0x180
[   26.344170]  ? preempt_count_sub+0x50/0x80
[   26.344193]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.344216]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.344241]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.344273]  kthread+0x337/0x6f0
[   26.344293]  ? trace_preempt_on+0x20/0xc0
[   26.344316]  ? __pfx_kthread+0x10/0x10
[   26.344336]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.344367]  ? calculate_sigpending+0x7b/0xa0
[   26.344393]  ? __pfx_kthread+0x10/0x10
[   26.344414]  ret_from_fork+0x116/0x1d0
[   26.344432]  ? __pfx_kthread+0x10/0x10
[   26.344452]  ret_from_fork_asm+0x1a/0x30
[   26.344483]  </TASK>
[   26.344494] 
[   26.352805] Allocated by task 273:
[   26.352940]  kasan_save_stack+0x45/0x70
[   26.353323]  kasan_save_track+0x18/0x40
[   26.353518]  kasan_save_alloc_info+0x3b/0x50
[   26.354040]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   26.354321]  remove_element+0x11e/0x190
[   26.354505]  mempool_alloc_preallocated+0x4d/0x90
[   26.354720]  mempool_oob_right_helper+0x8a/0x380
[   26.355003]  mempool_slab_oob_right+0xed/0x140
[   26.355217]  kunit_try_run_case+0x1a5/0x480
[   26.355421]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.355644]  kthread+0x337/0x6f0
[   26.355755]  ret_from_fork+0x116/0x1d0
[   26.355929]  ret_from_fork_asm+0x1a/0x30
[   26.356110] 
[   26.356174] The buggy address belongs to the object at ffff8881053c5240
[   26.356174]  which belongs to the cache test_cache of size 123
[   26.356520] The buggy address is located 0 bytes to the right of
[   26.356520]  allocated 123-byte region [ffff8881053c5240, ffff8881053c52bb)
[   26.357498] 
[   26.357573] The buggy address belongs to the physical page:
[   26.357733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053c5
[   26.357959] flags: 0x200000000000000(node=0|zone=2)
[   26.358111] page_type: f5(slab)
[   26.358231] raw: 0200000000000000 ffff888100a0b8c0 dead000000000122 0000000000000000
[   26.358582] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   26.358915] page dumped because: kasan: bad access detected
[   26.359161] 
[   26.359246] Memory state around the buggy address:
[   26.359547]  ffff8881053c5180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.359882]  ffff8881053c5200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   26.360233] >ffff8881053c5280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   26.360439]                                         ^
[   26.360906]  ffff8881053c5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.361200]  ffff8881053c5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.361484] ==================================================================
[   26.290184] ==================================================================
[   26.290663] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.290970] Read of size 1 at addr ffff8881053b7673 by task kunit_try_catch/269
[   26.291344] 
[   26.291455] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   26.291510] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.291522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.291547] Call Trace:
[   26.291561]  <TASK>
[   26.291581]  dump_stack_lvl+0x73/0xb0
[   26.291619]  print_report+0xd1/0x640
[   26.291687]  ? __virt_addr_valid+0x1db/0x2d0
[   26.291715]  ? mempool_oob_right_helper+0x318/0x380
[   26.291764]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.291791]  ? mempool_oob_right_helper+0x318/0x380
[   26.291814]  kasan_report+0x141/0x180
[   26.291853]  ? mempool_oob_right_helper+0x318/0x380
[   26.291881]  __asan_report_load1_noabort+0x18/0x20
[   26.291904]  mempool_oob_right_helper+0x318/0x380
[   26.291928]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.291952]  ? dequeue_entities+0x23f/0x1630
[   26.291978]  ? __kasan_check_write+0x18/0x20
[   26.292002]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.292023]  ? finish_task_switch.isra.0+0x153/0x700
[   26.292049]  mempool_kmalloc_oob_right+0xf2/0x150
[   26.292072]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   26.292134]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.292159]  ? __pfx_mempool_kfree+0x10/0x10
[   26.292185]  ? __pfx_read_tsc+0x10/0x10
[   26.292207]  ? ktime_get_ts64+0x86/0x230
[   26.292235]  kunit_try_run_case+0x1a5/0x480
[   26.292311]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.292335]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.292372]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.292406]  ? __kthread_parkme+0x82/0x180
[   26.292428]  ? preempt_count_sub+0x50/0x80
[   26.292453]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.292476]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.292499]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.292522]  kthread+0x337/0x6f0
[   26.292542]  ? trace_preempt_on+0x20/0xc0
[   26.292567]  ? __pfx_kthread+0x10/0x10
[   26.292588]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.292618]  ? calculate_sigpending+0x7b/0xa0
[   26.292643]  ? __pfx_kthread+0x10/0x10
[   26.292663]  ret_from_fork+0x116/0x1d0
[   26.292683]  ? __pfx_kthread+0x10/0x10
[   26.292703]  ret_from_fork_asm+0x1a/0x30
[   26.292737]  </TASK>
[   26.292749] 
[   26.304769] Allocated by task 269:
[   26.304934]  kasan_save_stack+0x45/0x70
[   26.305174]  kasan_save_track+0x18/0x40
[   26.305353]  kasan_save_alloc_info+0x3b/0x50
[   26.305502]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   26.305753]  remove_element+0x11e/0x190
[   26.306090]  mempool_alloc_preallocated+0x4d/0x90
[   26.306299]  mempool_oob_right_helper+0x8a/0x380
[   26.306502]  mempool_kmalloc_oob_right+0xf2/0x150
[   26.306660]  kunit_try_run_case+0x1a5/0x480
[   26.306799]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.307038]  kthread+0x337/0x6f0
[   26.307258]  ret_from_fork+0x116/0x1d0
[   26.307455]  ret_from_fork_asm+0x1a/0x30
[   26.307644] 
[   26.307720] The buggy address belongs to the object at ffff8881053b7600
[   26.307720]  which belongs to the cache kmalloc-128 of size 128
[   26.308174] The buggy address is located 0 bytes to the right of
[   26.308174]  allocated 115-byte region [ffff8881053b7600, ffff8881053b7673)
[   26.308650] 
[   26.308746] The buggy address belongs to the physical page:
[   26.308992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7
[   26.309375] flags: 0x200000000000000(node=0|zone=2)
[   26.309541] page_type: f5(slab)
[   26.309661] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.309926] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.310419] page dumped because: kasan: bad access detected
[   26.310589] 
[   26.310658] Memory state around the buggy address:
[   26.310808]  ffff8881053b7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.311536]  ffff8881053b7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.311834] >ffff8881053b7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   26.312110]                                                              ^
[   26.312366]  ffff8881053b7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.312634]  ffff8881053b7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   26.312886] ==================================================================
[   26.318551] ==================================================================
[   26.319268] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.319662] Read of size 1 at addr ffff888106252001 by task kunit_try_catch/271
[   26.320151] 
[   26.320313] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   26.320412] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.320426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.320450] Call Trace:
[   26.320512]  <TASK>
[   26.320535]  dump_stack_lvl+0x73/0xb0
[   26.320585]  print_report+0xd1/0x640
[   26.320609]  ? __virt_addr_valid+0x1db/0x2d0
[   26.320635]  ? mempool_oob_right_helper+0x318/0x380
[   26.320657]  ? kasan_addr_to_slab+0x11/0xa0
[   26.320677]  ? mempool_oob_right_helper+0x318/0x380
[   26.320699]  kasan_report+0x141/0x180
[   26.320720]  ? mempool_oob_right_helper+0x318/0x380
[   26.320794]  __asan_report_load1_noabort+0x18/0x20
[   26.320819]  mempool_oob_right_helper+0x318/0x380
[   26.320854]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.320983]  ? dequeue_entities+0x23f/0x1630
[   26.321011]  ? __kasan_check_write+0x18/0x20
[   26.321035]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.321056]  ? finish_task_switch.isra.0+0x153/0x700
[   26.321081]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   26.321105]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   26.321131]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.321155]  ? __pfx_mempool_kfree+0x10/0x10
[   26.321179]  ? __pfx_read_tsc+0x10/0x10
[   26.321201]  ? ktime_get_ts64+0x86/0x230
[   26.321226]  kunit_try_run_case+0x1a5/0x480
[   26.321265]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.321288]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.321312]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.321335]  ? __kthread_parkme+0x82/0x180
[   26.321355]  ? preempt_count_sub+0x50/0x80
[   26.321377]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.321399]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.321422]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.321444]  kthread+0x337/0x6f0
[   26.321463]  ? trace_preempt_on+0x20/0xc0
[   26.321486]  ? __pfx_kthread+0x10/0x10
[   26.321508]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.321529]  ? calculate_sigpending+0x7b/0xa0
[   26.321553]  ? __pfx_kthread+0x10/0x10
[   26.321574]  ret_from_fork+0x116/0x1d0
[   26.321592]  ? __pfx_kthread+0x10/0x10
[   26.321612]  ret_from_fork_asm+0x1a/0x30
[   26.321643]  </TASK>
[   26.321655] 
[   26.330496] The buggy address belongs to the physical page:
[   26.330765] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106250
[   26.331094] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.331503] flags: 0x200000000000040(head|node=0|zone=2)
[   26.331689] page_type: f8(unknown)
[   26.331932] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.332311] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.332620] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.332937] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.333291] head: 0200000000000002 ffffea0004189401 00000000ffffffff 00000000ffffffff
[   26.333592] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.334041] page dumped because: kasan: bad access detected
[   26.334272] 
[   26.334384] Memory state around the buggy address:
[   26.334594]  ffff888106251f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.334813]  ffff888106251f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.335023] >ffff888106252000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.335567]                    ^
[   26.335993]  ffff888106252080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.336220]  ffff888106252100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.336438] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3036v5IOku9kbGwPAxMzAEIc53c

job_id

TEST:linaro@lkft#30370jamGaSAgcfW3PKLOLBtw8U

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30370jamGaSAgcfW3PKLOLBtw8U

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036xDpRrR5V90dzCJK3rrsTyNi/bzImage
sha256sum	fe25299d7ea64504487f8eb839cd1708aceb4f0c82b81f45634bb8a73b3edfa6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036xDpRrR5V90dzCJK3rrsTyNi/modules.tar.xz
sha256sum	bb9109246fd36b7a8249a4772c2bee7e93157a7bc523efedb3b113d0ba7942ea

durations

tests

boot	0
kunit	224.21

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned