lkft/linux-mainline-master - v6.16-rc4-319-g05df91921da6 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 5, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   20.117653] ==================================================================
[   20.117728] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.117799] Read of size 1 at addr fff00000c3ec0a73 by task kunit_try_catch/221
[   20.117846] 
[   20.117886] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.117969] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.117997] Hardware name: linux,dummy-virt (DT)
[   20.118028] Call trace:
[   20.118053]  show_stack+0x20/0x38 (C)
[   20.118105]  dump_stack_lvl+0x8c/0xd0
[   20.118168]  print_report+0x118/0x608
[   20.118214]  kasan_report+0xdc/0x128
[   20.118257]  __asan_report_load1_noabort+0x20/0x30
[   20.118308]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.118356]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.118404]  kunit_try_run_case+0x170/0x3f0
[   20.118453]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.118503]  kthread+0x328/0x630
[   20.118546]  ret_from_fork+0x10/0x20
[   20.118593] 
[   20.118612] Allocated by task 221:
[   20.118642]  kasan_save_stack+0x3c/0x68
[   20.118682]  kasan_save_track+0x20/0x40
[   20.118720]  kasan_save_alloc_info+0x40/0x58
[   20.118759]  __kasan_mempool_unpoison_object+0x11c/0x180
[   20.118804]  remove_element+0x130/0x1f8
[   20.118840]  mempool_alloc_preallocated+0x58/0xc0
[   20.118881]  mempool_oob_right_helper+0x98/0x2f0
[   20.118921]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.118959]  kunit_try_run_case+0x170/0x3f0
[   20.119004]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.119047]  kthread+0x328/0x630
[   20.119079]  ret_from_fork+0x10/0x20
[   20.119115] 
[   20.119135] The buggy address belongs to the object at fff00000c3ec0a00
[   20.119135]  which belongs to the cache kmalloc-128 of size 128
[   20.119201] The buggy address is located 0 bytes to the right of
[   20.119201]  allocated 115-byte region [fff00000c3ec0a00, fff00000c3ec0a73)
[   20.119264] 
[   20.119285] The buggy address belongs to the physical page:
[   20.119317] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ec0
[   20.119370] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.119422] page_type: f5(slab)
[   20.119462] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   20.119512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.119553] page dumped because: kasan: bad access detected
[   20.119583] 
[   20.119600] Memory state around the buggy address:
[   20.119634]  fff00000c3ec0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.119678]  fff00000c3ec0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.119721] >fff00000c3ec0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.119759]                                                              ^
[   20.119798]  fff00000c3ec0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.119840]  fff00000c3ec0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.119878] ==================================================================
[   20.130710] ==================================================================
[   20.130776] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.130833] Read of size 1 at addr fff00000c7902001 by task kunit_try_catch/223
[   20.130882] 
[   20.130916] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.131004] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.131033] Hardware name: linux,dummy-virt (DT)
[   20.131065] Call trace:
[   20.131088]  show_stack+0x20/0x38 (C)
[   20.131137]  dump_stack_lvl+0x8c/0xd0
[   20.131198]  print_report+0x118/0x608
[   20.131991]  kasan_report+0xdc/0x128
[   20.132089]  __asan_report_load1_noabort+0x20/0x30
[   20.132187]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.132239]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   20.132288]  kunit_try_run_case+0x170/0x3f0
[   20.132337]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.132390]  kthread+0x328/0x630
[   20.132432]  ret_from_fork+0x10/0x20
[   20.132480] 
[   20.132505] The buggy address belongs to the physical page:
[   20.132537] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107900
[   20.132591] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.132637] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.132691] page_type: f8(unknown)
[   20.132730] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.132779] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.132828] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.132875] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.132925] head: 0bfffe0000000002 ffffc1ffc31e4001 00000000ffffffff 00000000ffffffff
[   20.132975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.133031] page dumped because: kasan: bad access detected
[   20.133089] 
[   20.133107] Memory state around the buggy address:
[   20.133221]  fff00000c7901f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.133265]  fff00000c7901f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.133310] >fff00000c7902000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.133347]                    ^
[   20.133375]  fff00000c7902080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.133417]  fff00000c7902100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.133455] ==================================================================
[   20.143800] ==================================================================
[   20.143866] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.144295] Read of size 1 at addr fff00000c78db2bb by task kunit_try_catch/225
[   20.144361] 
[   20.144512] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.144621] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.144682] Hardware name: linux,dummy-virt (DT)
[   20.144764] Call trace:
[   20.144805]  show_stack+0x20/0x38 (C)
[   20.144856]  dump_stack_lvl+0x8c/0xd0
[   20.144903]  print_report+0x118/0x608
[   20.144947]  kasan_report+0xdc/0x128
[   20.145031]  __asan_report_load1_noabort+0x20/0x30
[   20.145304]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.145355]  mempool_slab_oob_right+0xc0/0x118
[   20.145401]  kunit_try_run_case+0x170/0x3f0
[   20.145448]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.145500]  kthread+0x328/0x630
[   20.145563]  ret_from_fork+0x10/0x20
[   20.145689] 
[   20.145718] Allocated by task 225:
[   20.145747]  kasan_save_stack+0x3c/0x68
[   20.145788]  kasan_save_track+0x20/0x40
[   20.145825]  kasan_save_alloc_info+0x40/0x58
[   20.145867]  __kasan_mempool_unpoison_object+0xbc/0x180
[   20.145929]  remove_element+0x16c/0x1f8
[   20.145965]  mempool_alloc_preallocated+0x58/0xc0
[   20.146118]  mempool_oob_right_helper+0x98/0x2f0
[   20.146165]  mempool_slab_oob_right+0xc0/0x118
[   20.146203]  kunit_try_run_case+0x170/0x3f0
[   20.146239]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.146306]  kthread+0x328/0x630
[   20.146352]  ret_from_fork+0x10/0x20
[   20.146415] 
[   20.146435] The buggy address belongs to the object at fff00000c78db240
[   20.146435]  which belongs to the cache test_cache of size 123
[   20.146969] The buggy address is located 0 bytes to the right of
[   20.146969]  allocated 123-byte region [fff00000c78db240, fff00000c78db2bb)
[   20.147042] 
[   20.147346] The buggy address belongs to the physical page:
[   20.147381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078db
[   20.147470] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.147780] page_type: f5(slab)
[   20.147923] raw: 0bfffe0000000000 fff00000c78c0140 dead000000000122 0000000000000000
[   20.147974] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   20.148013] page dumped because: kasan: bad access detected
[   20.148062] 
[   20.148080] Memory state around the buggy address:
[   20.148112]  fff00000c78db180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.148168]  fff00000c78db200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   20.148211] >fff00000c78db280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   20.148249]                                         ^
[   20.148284]  fff00000c78db300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.148334]  fff00000c78db380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.148374] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zTZX5aSUAhJVwr3xqAbJP8OBr6

job_id

TEST:linaro@lkft#2zTZbHzCE6ZylZlp0lglLTGuydp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zTZbHzCE6ZylZlp0lglLTGuydp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZYHU8IyXjvuXMYZoizjQZyTc/Image.gz
sha256sum	f49ecf90b386c92e37781079e5c76c8827d858d3a69ba7e84f2b1cbecb73deae

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZYHU8IyXjvuXMYZoizjQZyTc/modules.tar.xz
sha256sum	e009b646d141517f47e4a42f0b55703fe9065c966bd6ab95f60ff2cbbb32d2c4

durations

tests

boot	0
kunit	177.45

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.197846] ==================================================================
[   15.198458] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   15.198752] Read of size 1 at addr ffff888102a092bb by task kunit_try_catch/243
[   15.200310] 
[   15.200703] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   15.200765] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.200782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.200824] Call Trace:
[   15.200841]  <TASK>
[   15.200863]  dump_stack_lvl+0x73/0xb0
[   15.200903]  print_report+0xd1/0x650
[   15.200929]  ? __virt_addr_valid+0x1db/0x2d0
[   15.200957]  ? mempool_oob_right_helper+0x318/0x380
[   15.200984]  ? kasan_complete_mode_report_info+0x2a/0x200
[   15.201010]  ? mempool_oob_right_helper+0x318/0x380
[   15.201037]  kasan_report+0x141/0x180
[   15.201062]  ? mempool_oob_right_helper+0x318/0x380
[   15.201351]  __asan_report_load1_noabort+0x18/0x20
[   15.201399]  mempool_oob_right_helper+0x318/0x380
[   15.201431]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   15.201465]  ? __pfx_sched_clock_cpu+0x10/0x10
[   15.201490]  ? finish_task_switch.isra.0+0x153/0x700
[   15.201521]  mempool_slab_oob_right+0xed/0x140
[   15.201553]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   15.201585]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   15.201610]  ? __pfx_mempool_free_slab+0x10/0x10
[   15.201635]  ? __pfx_read_tsc+0x10/0x10
[   15.201660]  ? ktime_get_ts64+0x86/0x230
[   15.201689]  kunit_try_run_case+0x1a5/0x480
[   15.201718]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.201743]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.201771]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.201808]  ? __kthread_parkme+0x82/0x180
[   15.201834]  ? preempt_count_sub+0x50/0x80
[   15.201861]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.201889]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.201918]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.201946]  kthread+0x337/0x6f0
[   15.201969]  ? trace_preempt_on+0x20/0xc0
[   15.201996]  ? __pfx_kthread+0x10/0x10
[   15.202021]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.202048]  ? calculate_sigpending+0x7b/0xa0
[   15.202077]  ? __pfx_kthread+0x10/0x10
[   15.202101]  ret_from_fork+0x116/0x1d0
[   15.202125]  ? __pfx_kthread+0x10/0x10
[   15.202241]  ret_from_fork_asm+0x1a/0x30
[   15.202278]  </TASK>
[   15.202293] 
[   15.213739] Allocated by task 243:
[   15.214530]  kasan_save_stack+0x45/0x70
[   15.214902]  kasan_save_track+0x18/0x40
[   15.215423]  kasan_save_alloc_info+0x3b/0x50
[   15.215801]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   15.216369]  remove_element+0x11e/0x190
[   15.216736]  mempool_alloc_preallocated+0x4d/0x90
[   15.217065]  mempool_oob_right_helper+0x8a/0x380
[   15.217732]  mempool_slab_oob_right+0xed/0x140
[   15.218212]  kunit_try_run_case+0x1a5/0x480
[   15.218457]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.218720]  kthread+0x337/0x6f0
[   15.218925]  ret_from_fork+0x116/0x1d0
[   15.219524]  ret_from_fork_asm+0x1a/0x30
[   15.219762] 
[   15.219869] The buggy address belongs to the object at ffff888102a09240
[   15.219869]  which belongs to the cache test_cache of size 123
[   15.220944] The buggy address is located 0 bytes to the right of
[   15.220944]  allocated 123-byte region [ffff888102a09240, ffff888102a092bb)
[   15.222051] 
[   15.222189] The buggy address belongs to the physical page:
[   15.222453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a09
[   15.222850] flags: 0x200000000000000(node=0|zone=2)
[   15.223122] page_type: f5(slab)
[   15.223587] raw: 0200000000000000 ffff888101a64dc0 dead000000000122 0000000000000000
[   15.223916] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   15.224507] page dumped because: kasan: bad access detected
[   15.224765] 
[   15.225030] Memory state around the buggy address:
[   15.225250]  ffff888102a09180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.225691]  ffff888102a09200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   15.226171] >ffff888102a09280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   15.226803]                                         ^
[   15.227090]  ffff888102a09300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.227559]  ffff888102a09380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.227949] ==================================================================
[   15.129857] ==================================================================
[   15.130516] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   15.131503] Read of size 1 at addr ffff8881029f9473 by task kunit_try_catch/239
[   15.131962] 
[   15.132276] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   15.132340] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.132355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.132383] Call Trace:
[   15.132399]  <TASK>
[   15.132421]  dump_stack_lvl+0x73/0xb0
[   15.132463]  print_report+0xd1/0x650
[   15.132491]  ? __virt_addr_valid+0x1db/0x2d0
[   15.132518]  ? mempool_oob_right_helper+0x318/0x380
[   15.132545]  ? kasan_complete_mode_report_info+0x2a/0x200
[   15.132570]  ? mempool_oob_right_helper+0x318/0x380
[   15.132596]  kasan_report+0x141/0x180
[   15.132621]  ? mempool_oob_right_helper+0x318/0x380
[   15.132653]  __asan_report_load1_noabort+0x18/0x20
[   15.132680]  mempool_oob_right_helper+0x318/0x380
[   15.132707]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   15.132735]  ? __kasan_check_write+0x18/0x20
[   15.132758]  ? __pfx_sched_clock_cpu+0x10/0x10
[   15.132783]  ? irqentry_exit+0x2a/0x60
[   15.132823]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   15.132854]  mempool_kmalloc_oob_right+0xf2/0x150
[   15.132881]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   15.132911]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.132939]  ? __pfx_mempool_kfree+0x10/0x10
[   15.132966]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   15.132996]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   15.133024]  kunit_try_run_case+0x1a5/0x480
[   15.133054]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.133079]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.133108]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.133135]  ? __kthread_parkme+0x82/0x180
[   15.133159]  ? preempt_count_sub+0x50/0x80
[   15.133187]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.133213]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.133239]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.133265]  kthread+0x337/0x6f0
[   15.133288]  ? trace_preempt_on+0x20/0xc0
[   15.133315]  ? __pfx_kthread+0x10/0x10
[   15.133342]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.133368]  ? calculate_sigpending+0x7b/0xa0
[   15.133395]  ? __pfx_kthread+0x10/0x10
[   15.133420]  ret_from_fork+0x116/0x1d0
[   15.133441]  ? __pfx_kthread+0x10/0x10
[   15.133465]  ret_from_fork_asm+0x1a/0x30
[   15.133500]  </TASK>
[   15.133514] 
[   15.147447] Allocated by task 239:
[   15.147671]  kasan_save_stack+0x45/0x70
[   15.148029]  kasan_save_track+0x18/0x40
[   15.148472]  kasan_save_alloc_info+0x3b/0x50
[   15.148744]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   15.149337]  remove_element+0x11e/0x190
[   15.149555]  mempool_alloc_preallocated+0x4d/0x90
[   15.150014]  mempool_oob_right_helper+0x8a/0x380
[   15.150611]  mempool_kmalloc_oob_right+0xf2/0x150
[   15.150884]  kunit_try_run_case+0x1a5/0x480
[   15.151387]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.151683]  kthread+0x337/0x6f0
[   15.151878]  ret_from_fork+0x116/0x1d0
[   15.152071]  ret_from_fork_asm+0x1a/0x30
[   15.152267] 
[   15.152749] The buggy address belongs to the object at ffff8881029f9400
[   15.152749]  which belongs to the cache kmalloc-128 of size 128
[   15.153597] The buggy address is located 0 bytes to the right of
[   15.153597]  allocated 115-byte region [ffff8881029f9400, ffff8881029f9473)
[   15.154565] 
[   15.154836] The buggy address belongs to the physical page:
[   15.155345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f9
[   15.155731] flags: 0x200000000000000(node=0|zone=2)
[   15.156215] page_type: f5(slab)
[   15.156625] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   15.157367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.157702] page dumped because: kasan: bad access detected
[   15.158032] 
[   15.158145] Memory state around the buggy address:
[   15.158756]  ffff8881029f9300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.159144]  ffff8881029f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.159723] >ffff8881029f9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   15.160097]                                                              ^
[   15.160680]  ffff8881029f9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.161052]  ffff8881029f9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   15.161660] ==================================================================
[   15.166004] ==================================================================
[   15.166768] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   15.167388] Read of size 1 at addr ffff888103a6a001 by task kunit_try_catch/241
[   15.167963] 
[   15.168095] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   15.168268] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.168288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.168332] Call Trace:
[   15.168465]  <TASK>
[   15.168494]  dump_stack_lvl+0x73/0xb0
[   15.168538]  print_report+0xd1/0x650
[   15.168566]  ? __virt_addr_valid+0x1db/0x2d0
[   15.168596]  ? mempool_oob_right_helper+0x318/0x380
[   15.168626]  ? kasan_addr_to_slab+0x11/0xa0
[   15.168651]  ? mempool_oob_right_helper+0x318/0x380
[   15.168678]  kasan_report+0x141/0x180
[   15.168704]  ? mempool_oob_right_helper+0x318/0x380
[   15.168735]  __asan_report_load1_noabort+0x18/0x20
[   15.168763]  mempool_oob_right_helper+0x318/0x380
[   15.168806]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   15.168838]  ? __kasan_check_write+0x18/0x20
[   15.168861]  ? __pfx_sched_clock_cpu+0x10/0x10
[   15.168887]  ? finish_task_switch.isra.0+0x153/0x700
[   15.168918]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   15.168946]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   15.168977]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.169009]  ? __pfx_mempool_kfree+0x10/0x10
[   15.169038]  ? __pfx_read_tsc+0x10/0x10
[   15.169063]  ? ktime_get_ts64+0x86/0x230
[   15.169104]  kunit_try_run_case+0x1a5/0x480
[   15.169150]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.169177]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.169206]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.169233]  ? __kthread_parkme+0x82/0x180
[   15.169260]  ? preempt_count_sub+0x50/0x80
[   15.169286]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.169313]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.169345]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.169371]  kthread+0x337/0x6f0
[   15.169394]  ? trace_preempt_on+0x20/0xc0
[   15.169421]  ? __pfx_kthread+0x10/0x10
[   15.169447]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.169472]  ? calculate_sigpending+0x7b/0xa0
[   15.169503]  ? __pfx_kthread+0x10/0x10
[   15.169528]  ret_from_fork+0x116/0x1d0
[   15.169551]  ? __pfx_kthread+0x10/0x10
[   15.169575]  ret_from_fork_asm+0x1a/0x30
[   15.169612]  </TASK>
[   15.169627] 
[   15.182532] The buggy address belongs to the physical page:
[   15.182754] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a68
[   15.183250] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.184375] flags: 0x200000000000040(head|node=0|zone=2)
[   15.184658] page_type: f8(unknown)
[   15.185139] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.185630] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.186152] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.186710] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.187235] head: 0200000000000002 ffffea00040e9a01 00000000ffffffff 00000000ffffffff
[   15.187625] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.188022] page dumped because: kasan: bad access detected
[   15.188654] 
[   15.188770] Memory state around the buggy address:
[   15.188972]  ffff888103a69f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.189898]  ffff888103a69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.190502] >ffff888103a6a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.190976]                    ^
[   15.191188]  ffff888103a6a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.191810]  ffff888103a6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.192456] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zTZX5aSUAhJVwr3xqAbJP8OBr6

job_id

TEST:linaro@lkft#2zTZcFbN6XeQzYXjm7UmlxHMasy

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zTZcFbN6XeQzYXjm7UmlxHMasy

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZZFZAMBT45oZ2s8wBIxmVp9n/bzImage
sha256sum	a2b57e07193da995daf026b5840aa05cee4f700ac8e7cbccc02c96a1257e68ad

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zTZZFZAMBT45oZ2s8wBIxmVp9n/modules.tar.xz
sha256sum	335a214650c08e1986ed91f91f100ecc17a4575dda8f8222f7bc05b16bc937f5

durations

tests

boot	0
kunit	257.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit