lkft/linux-stable-rc-linux-6.15.y - v6.15.1-816-gd878a60be557 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

June 17, 2025, 3:40 p.m.

Environment
qemu-arm64
qemu-x86_64

[   24.159167] ==================================================================
[   24.159266] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   24.159359] Read of size 1 at addr fff00000c78de2bb by task kunit_try_catch/227
[   24.159417] 
[   24.159554] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   24.159657] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.159688] Hardware name: linux,dummy-virt (DT)
[   24.159739] Call trace:
[   24.159772]  show_stack+0x20/0x38 (C)
[   24.159831]  dump_stack_lvl+0x8c/0xd0
[   24.159887]  print_report+0x118/0x608
[   24.159937]  kasan_report+0xdc/0x128
[   24.159985]  __asan_report_load1_noabort+0x20/0x30
[   24.160042]  mempool_oob_right_helper+0x2ac/0x2f0
[   24.160096]  mempool_slab_oob_right+0xc0/0x118
[   24.160185]  kunit_try_run_case+0x170/0x3f0
[   24.160242]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.160301]  kthread+0x328/0x630
[   24.160353]  ret_from_fork+0x10/0x20
[   24.160407] 
[   24.160427] Allocated by task 227:
[   24.160461]  kasan_save_stack+0x3c/0x68
[   24.160510]  kasan_save_track+0x20/0x40
[   24.160552]  kasan_save_alloc_info+0x40/0x58
[   24.160596]  __kasan_mempool_unpoison_object+0xbc/0x180
[   24.160642]  remove_element+0x16c/0x1f8
[   24.160687]  mempool_alloc_preallocated+0x58/0xc0
[   24.160745]  mempool_oob_right_helper+0x98/0x2f0
[   24.160795]  mempool_slab_oob_right+0xc0/0x118
[   24.160888]  kunit_try_run_case+0x170/0x3f0
[   24.160941]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.161008]  kthread+0x328/0x630
[   24.161049]  ret_from_fork+0x10/0x20
[   24.161089] 
[   24.161112] The buggy address belongs to the object at fff00000c78de240
[   24.161112]  which belongs to the cache test_cache of size 123
[   24.161177] The buggy address is located 0 bytes to the right of
[   24.161177]  allocated 123-byte region [fff00000c78de240, fff00000c78de2bb)
[   24.161268] 
[   24.161318] The buggy address belongs to the physical page:
[   24.161362] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078de
[   24.161465] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.161555] page_type: f5(slab)
[   24.161718] raw: 0bfffe0000000000 fff00000c5918640 dead000000000122 0000000000000000
[   24.161819] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   24.161875] page dumped because: kasan: bad access detected
[   24.162025] 
[   24.162136] Memory state around the buggy address:
[   24.162432]  fff00000c78de180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.162490]  fff00000c78de200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   24.162540] >fff00000c78de280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   24.162583]                                         ^
[   24.162624]  fff00000c78de300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.162672]  fff00000c78de380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.163246] ==================================================================
[   24.135195] ==================================================================
[   24.135328] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   24.135434] Read of size 1 at addr fff00000c794b873 by task kunit_try_catch/223
[   24.135496] 
[   24.135556] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   24.135685] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.135718] Hardware name: linux,dummy-virt (DT)
[   24.135776] Call trace:
[   24.135805]  show_stack+0x20/0x38 (C)
[   24.135866]  dump_stack_lvl+0x8c/0xd0
[   24.135922]  print_report+0x118/0x608
[   24.135974]  kasan_report+0xdc/0x128
[   24.136024]  __asan_report_load1_noabort+0x20/0x30
[   24.136080]  mempool_oob_right_helper+0x2ac/0x2f0
[   24.136175]  mempool_kmalloc_oob_right+0xc4/0x120
[   24.136236]  kunit_try_run_case+0x170/0x3f0
[   24.136295]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.136355]  kthread+0x328/0x630
[   24.136409]  ret_from_fork+0x10/0x20
[   24.136469] 
[   24.136490] Allocated by task 223:
[   24.136523]  kasan_save_stack+0x3c/0x68
[   24.136575]  kasan_save_track+0x20/0x40
[   24.136617]  kasan_save_alloc_info+0x40/0x58
[   24.136662]  __kasan_mempool_unpoison_object+0x11c/0x180
[   24.136710]  remove_element+0x130/0x1f8
[   24.136776]  mempool_alloc_preallocated+0x58/0xc0
[   24.136822]  mempool_oob_right_helper+0x98/0x2f0
[   24.136870]  mempool_kmalloc_oob_right+0xc4/0x120
[   24.136917]  kunit_try_run_case+0x170/0x3f0
[   24.136959]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.137010]  kthread+0x328/0x630
[   24.137051]  ret_from_fork+0x10/0x20
[   24.137091] 
[   24.137115] The buggy address belongs to the object at fff00000c794b800
[   24.137115]  which belongs to the cache kmalloc-128 of size 128
[   24.137182] The buggy address is located 0 bytes to the right of
[   24.137182]  allocated 115-byte region [fff00000c794b800, fff00000c794b873)
[   24.137253] 
[   24.137279] The buggy address belongs to the physical page:
[   24.137340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10794b
[   24.137423] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.137486] page_type: f5(slab)
[   24.137537] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   24.137595] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.137642] page dumped because: kasan: bad access detected
[   24.137679] 
[   24.137699] Memory state around the buggy address:
[   24.137752]  fff00000c794b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.137806]  fff00000c794b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.137853] >fff00000c794b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   24.137896]                                                              ^
[   24.137941]  fff00000c794b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.137988]  fff00000c794b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   24.138031] ==================================================================
[   24.146151] ==================================================================
[   24.146248] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   24.146367] Read of size 1 at addr fff00000c7a12001 by task kunit_try_catch/225
[   24.146426] 
[   24.146477] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   24.146575] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.146607] Hardware name: linux,dummy-virt (DT)
[   24.146646] Call trace:
[   24.146865]  show_stack+0x20/0x38 (C)
[   24.147068]  dump_stack_lvl+0x8c/0xd0
[   24.147189]  print_report+0x118/0x608
[   24.147241]  kasan_report+0xdc/0x128
[   24.147307]  __asan_report_load1_noabort+0x20/0x30
[   24.147364]  mempool_oob_right_helper+0x2ac/0x2f0
[   24.147421]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   24.147478]  kunit_try_run_case+0x170/0x3f0
[   24.147537]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.147597]  kthread+0x328/0x630
[   24.147647]  ret_from_fork+0x10/0x20
[   24.147704] 
[   24.147741] The buggy address belongs to the physical page:
[   24.147792] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107a10
[   24.147882] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.147958] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.148088] page_type: f8(unknown)
[   24.148196] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.148305] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.148417] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.148518] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.148575] head: 0bfffe0000000002 ffffc1ffc31e8401 00000000ffffffff 00000000ffffffff
[   24.148687] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.149510] page dumped because: kasan: bad access detected
[   24.149612] 
[   24.149707] Memory state around the buggy address:
[   24.149867]  fff00000c7a11f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.150052]  fff00000c7a11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.150106] >fff00000c7a12000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.150148]                    ^
[   24.150185]  fff00000c7a12080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.150667]  fff00000c7a12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.150848] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ydqNQrhsJ2o3nRcu0jJt1pJPAN

job_id

TEST:linaro@lkft#2ydqRXA7BZt3FYFyyVtfHApec53

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ydqRXA7BZt3FYFyyVtfHApec53

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqOQvh8FZMWVTqNBBZW6j0IZ9/Image.gz
sha256sum	7242332481f9356c5933d0de1be88bb7412a90d205771a7f71dcbe5c7be41d51

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqOQvh8FZMWVTqNBBZW6j0IZ9/modules.tar.xz
sha256sum	7d68a204448ffa43aa8312ab431e97fd284c4240b83f9cb05c5040addb3de16f

durations

tests

boot	0
kunit	371.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   21.375864] ==================================================================
[   21.376695] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   21.377118] Read of size 1 at addr ffff888103096a73 by task kunit_try_catch/241
[   21.377541] 
[   21.377664] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   21.377734] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.377753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.377782] Call Trace:
[   21.377800]  <TASK>
[   21.377823]  dump_stack_lvl+0x73/0xb0
[   21.377866]  print_report+0xd1/0x650
[   21.377902]  ? __virt_addr_valid+0x1db/0x2d0
[   21.378196]  ? mempool_oob_right_helper+0x318/0x380
[   21.378236]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.378271]  ? mempool_oob_right_helper+0x318/0x380
[   21.378342]  kasan_report+0x141/0x180
[   21.378380]  ? mempool_oob_right_helper+0x318/0x380
[   21.378423]  __asan_report_load1_noabort+0x18/0x20
[   21.378456]  mempool_oob_right_helper+0x318/0x380
[   21.378494]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   21.378531]  ? update_load_avg+0x1be/0x21b0
[   21.378564]  ? dequeue_entities+0x852/0x1740
[   21.378600]  ? finish_task_switch.isra.0+0x153/0x700
[   21.378641]  mempool_kmalloc_oob_right+0xf2/0x150
[   21.378677]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   21.378715]  ? dequeue_task_fair+0x166/0x4e0
[   21.378750]  ? __pfx_mempool_kmalloc+0x10/0x10
[   21.378783]  ? __pfx_mempool_kfree+0x10/0x10
[   21.378816]  ? __pfx_read_tsc+0x10/0x10
[   21.378847]  ? ktime_get_ts64+0x86/0x230
[   21.378887]  kunit_try_run_case+0x1a5/0x480
[   21.378927]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.378961]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.379000]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.379037]  ? __kthread_parkme+0x82/0x180
[   21.379073]  ? preempt_count_sub+0x50/0x80
[   21.379111]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.379146]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.379201]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.379241]  kthread+0x337/0x6f0
[   21.379270]  ? trace_preempt_on+0x20/0xc0
[   21.380008]  ? __pfx_kthread+0x10/0x10
[   21.380083]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.380159]  ? calculate_sigpending+0x7b/0xa0
[   21.380236]  ? __pfx_kthread+0x10/0x10
[   21.380321]  ret_from_fork+0x41/0x80
[   21.380395]  ? __pfx_kthread+0x10/0x10
[   21.380461]  ret_from_fork_asm+0x1a/0x30
[   21.380558]  </TASK>
[   21.380600] 
[   21.400926] Allocated by task 241:
[   21.402081]  kasan_save_stack+0x45/0x70
[   21.402556]  kasan_save_track+0x18/0x40
[   21.402996]  kasan_save_alloc_info+0x3b/0x50
[   21.403717]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   21.404265]  remove_element+0x11e/0x190
[   21.404804]  mempool_alloc_preallocated+0x4d/0x90
[   21.405518]  mempool_oob_right_helper+0x8a/0x380
[   21.406240]  mempool_kmalloc_oob_right+0xf2/0x150
[   21.406742]  kunit_try_run_case+0x1a5/0x480
[   21.407860]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.408403]  kthread+0x337/0x6f0
[   21.408794]  ret_from_fork+0x41/0x80
[   21.409441]  ret_from_fork_asm+0x1a/0x30
[   21.409900] 
[   21.410360] The buggy address belongs to the object at ffff888103096a00
[   21.410360]  which belongs to the cache kmalloc-128 of size 128
[   21.411618] The buggy address is located 0 bytes to the right of
[   21.411618]  allocated 115-byte region [ffff888103096a00, ffff888103096a73)
[   21.412795] 
[   21.413588] The buggy address belongs to the physical page:
[   21.414167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103096
[   21.414788] flags: 0x200000000000000(node=0|zone=2)
[   21.415349] page_type: f5(slab)
[   21.415717] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   21.416579] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.417468] page dumped because: kasan: bad access detected
[   21.417940] 
[   21.418339] Memory state around the buggy address:
[   21.418694]  ffff888103096900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.419988]  ffff888103096980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.420837] >ffff888103096a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   21.421561]                                                              ^
[   21.422138]  ffff888103096a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.422738]  ffff888103096b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   21.424074] ==================================================================
[   21.487669] ==================================================================
[   21.489079] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   21.489838] Read of size 1 at addr ffff888102eea2bb by task kunit_try_catch/245
[   21.491761] 
[   21.492058] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   21.492165] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.492185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.492218] Call Trace:
[   21.492240]  <TASK>
[   21.492280]  dump_stack_lvl+0x73/0xb0
[   21.492432]  print_report+0xd1/0x650
[   21.492545]  ? __virt_addr_valid+0x1db/0x2d0
[   21.492624]  ? mempool_oob_right_helper+0x318/0x380
[   21.492700]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.492815]  ? mempool_oob_right_helper+0x318/0x380
[   21.492859]  kasan_report+0x141/0x180
[   21.492896]  ? mempool_oob_right_helper+0x318/0x380
[   21.492941]  __asan_report_load1_noabort+0x18/0x20
[   21.493026]  mempool_oob_right_helper+0x318/0x380
[   21.493114]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   21.493154]  ? update_load_avg+0x1be/0x21b0
[   21.493194]  ? finish_task_switch.isra.0+0x153/0x700
[   21.493234]  mempool_slab_oob_right+0xed/0x140
[   21.493265]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   21.493316]  ? dequeue_task_fair+0x166/0x4e0
[   21.493355]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   21.493390]  ? __pfx_mempool_free_slab+0x10/0x10
[   21.493422]  ? __pfx_read_tsc+0x10/0x10
[   21.493453]  ? ktime_get_ts64+0x86/0x230
[   21.493492]  kunit_try_run_case+0x1a5/0x480
[   21.493531]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.493564]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.493600]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.493636]  ? __kthread_parkme+0x82/0x180
[   21.493670]  ? preempt_count_sub+0x50/0x80
[   21.493705]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.493739]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.493773]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.493806]  kthread+0x337/0x6f0
[   21.493830]  ? trace_preempt_on+0x20/0xc0
[   21.493866]  ? __pfx_kthread+0x10/0x10
[   21.493892]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.493926]  ? calculate_sigpending+0x7b/0xa0
[   21.494001]  ? __pfx_kthread+0x10/0x10
[   21.494106]  ret_from_fork+0x41/0x80
[   21.494191]  ? __pfx_kthread+0x10/0x10
[   21.494223]  ret_from_fork_asm+0x1a/0x30
[   21.494268]  </TASK>
[   21.494285] 
[   21.520094] Allocated by task 245:
[   21.520441]  kasan_save_stack+0x45/0x70
[   21.520799]  kasan_save_track+0x18/0x40
[   21.522866]  kasan_save_alloc_info+0x3b/0x50
[   21.523206]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   21.524373]  remove_element+0x11e/0x190
[   21.524763]  mempool_alloc_preallocated+0x4d/0x90
[   21.525720]  mempool_oob_right_helper+0x8a/0x380
[   21.526102]  mempool_slab_oob_right+0xed/0x140
[   21.527013]  kunit_try_run_case+0x1a5/0x480
[   21.527567]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.528469]  kthread+0x337/0x6f0
[   21.528833]  ret_from_fork+0x41/0x80
[   21.529797]  ret_from_fork_asm+0x1a/0x30
[   21.530418] 
[   21.530644] The buggy address belongs to the object at ffff888102eea240
[   21.530644]  which belongs to the cache test_cache of size 123
[   21.532129] The buggy address is located 0 bytes to the right of
[   21.532129]  allocated 123-byte region [ffff888102eea240, ffff888102eea2bb)
[   21.533040] 
[   21.534384] The buggy address belongs to the physical page:
[   21.534871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102eea
[   21.535753] flags: 0x200000000000000(node=0|zone=2)
[   21.536470] page_type: f5(slab)
[   21.536853] raw: 0200000000000000 ffff888102ee4140 dead000000000122 0000000000000000
[   21.538399] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   21.539362] page dumped because: kasan: bad access detected
[   21.539811] 
[   21.540320] Memory state around the buggy address:
[   21.541540]  ffff888102eea180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.542043]  ffff888102eea200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   21.542779] >ffff888102eea280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   21.543320]                                         ^
[   21.543803]  ffff888102eea300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.544899]  ffff888102eea380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.545918] ==================================================================
[   21.431594] ==================================================================
[   21.432768] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   21.433856] Read of size 1 at addr ffff888103926001 by task kunit_try_catch/243
[   21.435214] 
[   21.435448] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   21.435522] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.435542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.435574] Call Trace:
[   21.435596]  <TASK>
[   21.435621]  dump_stack_lvl+0x73/0xb0
[   21.435668]  print_report+0xd1/0x650
[   21.435705]  ? __virt_addr_valid+0x1db/0x2d0
[   21.435742]  ? mempool_oob_right_helper+0x318/0x380
[   21.435779]  ? kasan_addr_to_slab+0x11/0xa0
[   21.435811]  ? mempool_oob_right_helper+0x318/0x380
[   21.435848]  kasan_report+0x141/0x180
[   21.435930]  ? mempool_oob_right_helper+0x318/0x380
[   21.436010]  __asan_report_load1_noabort+0x18/0x20
[   21.436090]  mempool_oob_right_helper+0x318/0x380
[   21.436172]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   21.436220]  ? dequeue_entities+0x852/0x1740
[   21.436262]  ? finish_task_switch.isra.0+0x153/0x700
[   21.436344]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   21.436426]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   21.436497]  ? dequeue_task_fair+0x166/0x4e0
[   21.436536]  ? __pfx_mempool_kmalloc+0x10/0x10
[   21.436571]  ? __pfx_mempool_kfree+0x10/0x10
[   21.436604]  ? __pfx_read_tsc+0x10/0x10
[   21.436636]  ? ktime_get_ts64+0x86/0x230
[   21.436676]  kunit_try_run_case+0x1a5/0x480
[   21.436716]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.436751]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.436788]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.436825]  ? __kthread_parkme+0x82/0x180
[   21.436859]  ? preempt_count_sub+0x50/0x80
[   21.436894]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.436930]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.437188]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.437276]  kthread+0x337/0x6f0
[   21.437419]  ? trace_preempt_on+0x20/0xc0
[   21.437464]  ? __pfx_kthread+0x10/0x10
[   21.437495]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.437532]  ? calculate_sigpending+0x7b/0xa0
[   21.437565]  ? __pfx_kthread+0x10/0x10
[   21.437594]  ret_from_fork+0x41/0x80
[   21.437628]  ? __pfx_kthread+0x10/0x10
[   21.437654]  ret_from_fork_asm+0x1a/0x30
[   21.437699]  </TASK>
[   21.437714] 
[   21.462327] The buggy address belongs to the physical page:
[   21.463262] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103924
[   21.464240] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.464882] flags: 0x200000000000040(head|node=0|zone=2)
[   21.465566] page_type: f8(unknown)
[   21.466323] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.467325] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.468280] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.469322] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.470331] head: 0200000000000002 ffffea00040e4901 00000000ffffffff 00000000ffffffff
[   21.470888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.471562] page dumped because: kasan: bad access detected
[   21.472069] 
[   21.472541] Memory state around the buggy address:
[   21.473244]  ffff888103925f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.473721]  ffff888103925f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.474575] >ffff888103926000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.475335]                    ^
[   21.475701]  ffff888103926080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.476583]  ffff888103926100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.477450] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ydqNQrhsJ2o3nRcu0jJt1pJPAN

job_id

TEST:linaro@lkft#2ydqSbVLJtfnoiVqBGRBZxOjffu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ydqSbVLJtfnoiVqBGRBZxOjffu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqPMPGuVJPcn1D8Y3KCmDNOXg/bzImage
sha256sum	05c6a85227d1e1a6c6c693a793fa53ba9f00416208a2562d45c58d329bf85dcb

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqPMPGuVJPcn1D8Y3KCmDNOXg/modules.tar.xz
sha256sum	52374c846bbd7392e4144d2522f592e5e135b33632071d46c9f4403fe0600d03

durations

tests

boot	0
kunit	437.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit