lkft/linux-mainline-master - v6.16-rc4-286-gc435a4f487e8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 4, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   20.017556] ==================================================================
[   20.017639] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.017713] Read of size 1 at addr fff00000c76c4173 by task kunit_try_catch/221
[   20.017764] 
[   20.017823] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.017908] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.017935] Hardware name: linux,dummy-virt (DT)
[   20.017969] Call trace:
[   20.017993]  show_stack+0x20/0x38 (C)
[   20.018046]  dump_stack_lvl+0x8c/0xd0
[   20.018095]  print_report+0x118/0x608
[   20.018143]  kasan_report+0xdc/0x128
[   20.018186]  __asan_report_load1_noabort+0x20/0x30
[   20.018237]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.018285]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.018332]  kunit_try_run_case+0x170/0x3f0
[   20.018381]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.018433]  kthread+0x328/0x630
[   20.018475]  ret_from_fork+0x10/0x20
[   20.018524] 
[   20.018543] Allocated by task 221:
[   20.018571]  kasan_save_stack+0x3c/0x68
[   20.018612]  kasan_save_track+0x20/0x40
[   20.018649]  kasan_save_alloc_info+0x40/0x58
[   20.018689]  __kasan_mempool_unpoison_object+0x11c/0x180
[   20.018732]  remove_element+0x130/0x1f8
[   20.018769]  mempool_alloc_preallocated+0x58/0xc0
[   20.018818]  mempool_oob_right_helper+0x98/0x2f0
[   20.018856]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.018896]  kunit_try_run_case+0x170/0x3f0
[   20.018956]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.018998]  kthread+0x328/0x630
[   20.019033]  ret_from_fork+0x10/0x20
[   20.019067] 
[   20.019087] The buggy address belongs to the object at fff00000c76c4100
[   20.019087]  which belongs to the cache kmalloc-128 of size 128
[   20.019145] The buggy address is located 0 bytes to the right of
[   20.019145]  allocated 115-byte region [fff00000c76c4100, fff00000c76c4173)
[   20.019209] 
[   20.019231] The buggy address belongs to the physical page:
[   20.019264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c4
[   20.019319] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.019373] page_type: f5(slab)
[   20.019413] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   20.019462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.019503] page dumped because: kasan: bad access detected
[   20.019536] 
[   20.019555] Memory state around the buggy address:
[   20.019588]  fff00000c76c4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.019631]  fff00000c76c4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.019674] >fff00000c76c4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.019712]                                                              ^
[   20.019751]  fff00000c76c4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.019792]  fff00000c76c4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.019842] ==================================================================
[   20.060056] ==================================================================
[   20.060130] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.060190] Read of size 1 at addr fff00000c6f442bb by task kunit_try_catch/225
[   20.060243] 
[   20.060280] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.060361] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.060387] Hardware name: linux,dummy-virt (DT)
[   20.060420] Call trace:
[   20.060443]  show_stack+0x20/0x38 (C)
[   20.060491]  dump_stack_lvl+0x8c/0xd0
[   20.060660]  print_report+0x118/0x608
[   20.061082]  kasan_report+0xdc/0x128
[   20.061250]  __asan_report_load1_noabort+0x20/0x30
[   20.061302]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.061348]  mempool_slab_oob_right+0xc0/0x118
[   20.061395]  kunit_try_run_case+0x170/0x3f0
[   20.061440]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.061491]  kthread+0x328/0x630
[   20.061536]  ret_from_fork+0x10/0x20
[   20.061585] 
[   20.061604] Allocated by task 225:
[   20.061631]  kasan_save_stack+0x3c/0x68
[   20.061673]  kasan_save_track+0x20/0x40
[   20.061709]  kasan_save_alloc_info+0x40/0x58
[   20.061748]  __kasan_mempool_unpoison_object+0xbc/0x180
[   20.061789]  remove_element+0x16c/0x1f8
[   20.061839]  mempool_alloc_preallocated+0x58/0xc0
[   20.061878]  mempool_oob_right_helper+0x98/0x2f0
[   20.062845]  mempool_slab_oob_right+0xc0/0x118
[   20.062975]  kunit_try_run_case+0x170/0x3f0
[   20.063223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.063395]  kthread+0x328/0x630
[   20.063453]  ret_from_fork+0x10/0x20
[   20.063552] 
[   20.063584] The buggy address belongs to the object at fff00000c6f44240
[   20.063584]  which belongs to the cache test_cache of size 123
[   20.063642] The buggy address is located 0 bytes to the right of
[   20.063642]  allocated 123-byte region [fff00000c6f44240, fff00000c6f442bb)
[   20.063712] 
[   20.063740] The buggy address belongs to the physical page:
[   20.063783] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f44
[   20.063847] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.063910] page_type: f5(slab)
[   20.063950] raw: 0bfffe0000000000 fff00000c6f47000 dead000000000122 0000000000000000
[   20.064017] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   20.064066] page dumped because: kasan: bad access detected
[   20.064098] 
[   20.064115] Memory state around the buggy address:
[   20.064173]  fff00000c6f44180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.064215]  fff00000c6f44200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   20.064257] >fff00000c6f44280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   20.064296]                                         ^
[   20.064336]  fff00000c6f44300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.064389]  fff00000c6f44380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.064442] ==================================================================
[   20.043850] ==================================================================
[   20.043927] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.044610] Read of size 1 at addr fff00000c77f6001 by task kunit_try_catch/223
[   20.044682] 
[   20.044754] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.045022] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.045050] Hardware name: linux,dummy-virt (DT)
[   20.045084] Call trace:
[   20.045108]  show_stack+0x20/0x38 (C)
[   20.045161]  dump_stack_lvl+0x8c/0xd0
[   20.045257]  print_report+0x118/0x608
[   20.045303]  kasan_report+0xdc/0x128
[   20.045348]  __asan_report_load1_noabort+0x20/0x30
[   20.045405]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.045454]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   20.045510]  kunit_try_run_case+0x170/0x3f0
[   20.045574]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.045626]  kthread+0x328/0x630
[   20.045667]  ret_from_fork+0x10/0x20
[   20.045723] 
[   20.045753] The buggy address belongs to the physical page:
[   20.045790] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077f4
[   20.045855] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.045902] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.045957] page_type: f8(unknown)
[   20.045999] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.046047] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.046096] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.046150] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.046199] head: 0bfffe0000000002 ffffc1ffc31dfd01 00000000ffffffff 00000000ffffffff
[   20.046270] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.046310] page dumped because: kasan: bad access detected
[   20.046341] 
[   20.046360] Memory state around the buggy address:
[   20.046393]  fff00000c77f5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.046435]  fff00000c77f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.046476] >fff00000c77f6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.046521]                    ^
[   20.046559]  fff00000c77f6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.046601]  fff00000c77f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.046639] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkRTcOxNG0RjFqEvXKm3x6sPC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkRTcOxNG0RjFqEvXKm3x6sPC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/Image.gz
sha256sum	5fbd8c3970ae36e29a834ce01bc6e4bd25f6cdde84c4785eddd5944e7fac6f3e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/modules.tar.xz
sha256sum	dab8e8682ec9a5cba2412ad5c71233241414072bbb9a1ce395053c4d1adb684f

durations

tests

boot	0
kunit	176.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.404485] ==================================================================
[   13.404964] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.405564] Read of size 1 at addr ffff888103980373 by task kunit_try_catch/238
[   13.405835] 
[   13.405961] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.406012] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.406024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.406047] Call Trace:
[   13.406061]  <TASK>
[   13.406082]  dump_stack_lvl+0x73/0xb0
[   13.406112]  print_report+0xd1/0x650
[   13.406135]  ? __virt_addr_valid+0x1db/0x2d0
[   13.406157]  ? mempool_oob_right_helper+0x318/0x380
[   13.406179]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.406199]  ? mempool_oob_right_helper+0x318/0x380
[   13.406235]  kasan_report+0x141/0x180
[   13.406257]  ? mempool_oob_right_helper+0x318/0x380
[   13.406283]  __asan_report_load1_noabort+0x18/0x20
[   13.406307]  mempool_oob_right_helper+0x318/0x380
[   13.406332]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.406355]  ? __kasan_check_write+0x18/0x20
[   13.406373]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.406395]  ? finish_task_switch.isra.0+0x153/0x700
[   13.406419]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.406441]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   13.406466]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.406493]  ? __pfx_mempool_kfree+0x10/0x10
[   13.406519]  ? __pfx_read_tsc+0x10/0x10
[   13.406539]  ? ktime_get_ts64+0x86/0x230
[   13.406563]  kunit_try_run_case+0x1a5/0x480
[   13.406587]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.406608]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.406631]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.406652]  ? __kthread_parkme+0x82/0x180
[   13.406672]  ? preempt_count_sub+0x50/0x80
[   13.406692]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.406715]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.406735]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.406758]  kthread+0x337/0x6f0
[   13.406776]  ? trace_preempt_on+0x20/0xc0
[   13.406798]  ? __pfx_kthread+0x10/0x10
[   13.406818]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.406838]  ? calculate_sigpending+0x7b/0xa0
[   13.406862]  ? __pfx_kthread+0x10/0x10
[   13.406883]  ret_from_fork+0x116/0x1d0
[   13.406900]  ? __pfx_kthread+0x10/0x10
[   13.406919]  ret_from_fork_asm+0x1a/0x30
[   13.406949]  </TASK>
[   13.406961] 
[   13.419532] Allocated by task 238:
[   13.419786]  kasan_save_stack+0x45/0x70
[   13.420094]  kasan_save_track+0x18/0x40
[   13.420370]  kasan_save_alloc_info+0x3b/0x50
[   13.420669]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.420944]  remove_element+0x11e/0x190
[   13.421117]  mempool_alloc_preallocated+0x4d/0x90
[   13.421431]  mempool_oob_right_helper+0x8a/0x380
[   13.421978]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.422335]  kunit_try_run_case+0x1a5/0x480
[   13.422586]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.422914]  kthread+0x337/0x6f0
[   13.423072]  ret_from_fork+0x116/0x1d0
[   13.423439]  ret_from_fork_asm+0x1a/0x30
[   13.423636] 
[   13.423726] The buggy address belongs to the object at ffff888103980300
[   13.423726]  which belongs to the cache kmalloc-128 of size 128
[   13.424462] The buggy address is located 0 bytes to the right of
[   13.424462]  allocated 115-byte region [ffff888103980300, ffff888103980373)
[   13.425058] 
[   13.425162] The buggy address belongs to the physical page:
[   13.425931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980
[   13.426764] flags: 0x200000000000000(node=0|zone=2)
[   13.427011] page_type: f5(slab)
[   13.427177] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.427782] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.428109] page dumped because: kasan: bad access detected
[   13.428318] 
[   13.428455] Memory state around the buggy address:
[   13.428811]  ffff888103980200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.429125]  ffff888103980280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.429416] >ffff888103980300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.429731]                                                              ^
[   13.430002]  ffff888103980380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.430710]  ffff888103980400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.431035] ==================================================================
[   13.463951] ==================================================================
[   13.464639] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.465123] Read of size 1 at addr ffff8881026482bb by task kunit_try_catch/242
[   13.465544] 
[   13.465765] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.465849] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.465862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.465886] Call Trace:
[   13.465902]  <TASK>
[   13.465923]  dump_stack_lvl+0x73/0xb0
[   13.465960]  print_report+0xd1/0x650
[   13.465985]  ? __virt_addr_valid+0x1db/0x2d0
[   13.466009]  ? mempool_oob_right_helper+0x318/0x380
[   13.466032]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.466053]  ? mempool_oob_right_helper+0x318/0x380
[   13.466076]  kasan_report+0x141/0x180
[   13.466097]  ? mempool_oob_right_helper+0x318/0x380
[   13.466124]  __asan_report_load1_noabort+0x18/0x20
[   13.466147]  mempool_oob_right_helper+0x318/0x380
[   13.466171]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.466326]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.466350]  ? finish_task_switch.isra.0+0x153/0x700
[   13.466376]  mempool_slab_oob_right+0xed/0x140
[   13.466399]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   13.466424]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   13.466477]  ? __pfx_mempool_free_slab+0x10/0x10
[   13.466498]  ? __pfx_read_tsc+0x10/0x10
[   13.466520]  ? ktime_get_ts64+0x86/0x230
[   13.466556]  kunit_try_run_case+0x1a5/0x480
[   13.466582]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.466603]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.466627]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.466649]  ? __kthread_parkme+0x82/0x180
[   13.466670]  ? preempt_count_sub+0x50/0x80
[   13.466692]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.466714]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.466736]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.466758]  kthread+0x337/0x6f0
[   13.466776]  ? trace_preempt_on+0x20/0xc0
[   13.466799]  ? __pfx_kthread+0x10/0x10
[   13.466819]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.466839]  ? calculate_sigpending+0x7b/0xa0
[   13.466864]  ? __pfx_kthread+0x10/0x10
[   13.466885]  ret_from_fork+0x116/0x1d0
[   13.466904]  ? __pfx_kthread+0x10/0x10
[   13.466923]  ret_from_fork_asm+0x1a/0x30
[   13.466955]  </TASK>
[   13.466967] 
[   13.476810] Allocated by task 242:
[   13.477032]  kasan_save_stack+0x45/0x70
[   13.477345]  kasan_save_track+0x18/0x40
[   13.477555]  kasan_save_alloc_info+0x3b/0x50
[   13.477760]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   13.477960]  remove_element+0x11e/0x190
[   13.478091]  mempool_alloc_preallocated+0x4d/0x90
[   13.478524]  mempool_oob_right_helper+0x8a/0x380
[   13.478761]  mempool_slab_oob_right+0xed/0x140
[   13.478953]  kunit_try_run_case+0x1a5/0x480
[   13.479128]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.479730]  kthread+0x337/0x6f0
[   13.479911]  ret_from_fork+0x116/0x1d0
[   13.480087]  ret_from_fork_asm+0x1a/0x30
[   13.480389] 
[   13.480493] The buggy address belongs to the object at ffff888102648240
[   13.480493]  which belongs to the cache test_cache of size 123
[   13.481036] The buggy address is located 0 bytes to the right of
[   13.481036]  allocated 123-byte region [ffff888102648240, ffff8881026482bb)
[   13.481669] 
[   13.481791] The buggy address belongs to the physical page:
[   13.482032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102648
[   13.482469] flags: 0x200000000000000(node=0|zone=2)
[   13.482708] page_type: f5(slab)
[   13.482834] raw: 0200000000000000 ffff888101643640 dead000000000122 0000000000000000
[   13.483573] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   13.483934] page dumped because: kasan: bad access detected
[   13.484169] 
[   13.484270] Memory state around the buggy address:
[   13.484483]  ffff888102648180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.484759]  ffff888102648200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   13.485066] >ffff888102648280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   13.485610]                                         ^
[   13.485808]  ffff888102648300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.486132]  ffff888102648380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.486547] ==================================================================
[   13.434685] ==================================================================
[   13.435176] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.435726] Read of size 1 at addr ffff888102a5a001 by task kunit_try_catch/240
[   13.436019] 
[   13.436124] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.436178] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.436190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.436214] Call Trace:
[   13.436241]  <TASK>
[   13.436262]  dump_stack_lvl+0x73/0xb0
[   13.436297]  print_report+0xd1/0x650
[   13.436321]  ? __virt_addr_valid+0x1db/0x2d0
[   13.436421]  ? mempool_oob_right_helper+0x318/0x380
[   13.436447]  ? kasan_addr_to_slab+0x11/0xa0
[   13.436466]  ? mempool_oob_right_helper+0x318/0x380
[   13.436489]  kasan_report+0x141/0x180
[   13.436510]  ? mempool_oob_right_helper+0x318/0x380
[   13.436536]  __asan_report_load1_noabort+0x18/0x20
[   13.436560]  mempool_oob_right_helper+0x318/0x380
[   13.436583]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.436616]  ? __kasan_check_write+0x18/0x20
[   13.436636]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.436658]  ? irqentry_exit+0x2a/0x60
[   13.436679]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.436703]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   13.436726]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.436752]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.436777]  ? __pfx_mempool_kfree+0x10/0x10
[   13.436808]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.436834]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.436869]  kunit_try_run_case+0x1a5/0x480
[   13.436895]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.436916]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.436951]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.436973]  ? __kthread_parkme+0x82/0x180
[   13.436994]  ? preempt_count_sub+0x50/0x80
[   13.437018]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.437040]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.437062]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.437084]  kthread+0x337/0x6f0
[   13.437102]  ? trace_preempt_on+0x20/0xc0
[   13.437125]  ? __pfx_kthread+0x10/0x10
[   13.437145]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.437164]  ? calculate_sigpending+0x7b/0xa0
[   13.437189]  ? __pfx_kthread+0x10/0x10
[   13.437272]  ret_from_fork+0x116/0x1d0
[   13.437295]  ? __pfx_kthread+0x10/0x10
[   13.437315]  ret_from_fork_asm+0x1a/0x30
[   13.437347]  </TASK>
[   13.437359] 
[   13.449826] The buggy address belongs to the physical page:
[   13.450060] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58
[   13.450563] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.451234] flags: 0x200000000000040(head|node=0|zone=2)
[   13.451584] page_type: f8(unknown)
[   13.451856] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.452336] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.452698] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.453099] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.453550] head: 0200000000000002 ffffea00040a9601 00000000ffffffff 00000000ffffffff
[   13.453871] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.454268] page dumped because: kasan: bad access detected
[   13.454662] 
[   13.454816] Memory state around the buggy address:
[   13.455049]  ffff888102a59f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.455471]  ffff888102a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.455861] >ffff888102a5a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.456171]                    ^
[   13.456662]  ffff888102a5a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.457031]  ffff888102a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.457664] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkSQgslXQ0Ma2lkWOt6lQxZV2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkSQgslXQ0Ma2lkWOt6lQxZV2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/bzImage
sha256sum	5c9564af88356106f181c7ebae8640f61710877fc0d04924c2c06faa7f0185e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/modules.tar.xz
sha256sum	61c61d46d81ee697a25111ed181eb7917f8709c9a7ef58842accb53e5ed282f2

durations

tests

boot	0
kunit	245.23

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit