lkft/linux-mainline-master - v6.16-rc5-193-g40f92e79b0aa - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 11, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.600329] ==================================================================
[   18.600390] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.600746] Read of size 1 at addr fff00000c659a001 by task kunit_try_catch/224
[   18.600810] 
[   18.601533] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.601711] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.601740] Hardware name: linux,dummy-virt (DT)
[   18.601772] Call trace:
[   18.601796]  show_stack+0x20/0x38 (C)
[   18.601861]  dump_stack_lvl+0x8c/0xd0
[   18.601907]  print_report+0x118/0x608
[   18.601951]  kasan_report+0xdc/0x128
[   18.601996]  __asan_report_load1_noabort+0x20/0x30
[   18.602045]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.602755]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   18.603248]  kunit_try_run_case+0x170/0x3f0
[   18.603356]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.603545]  kthread+0x328/0x630
[   18.604045]  ret_from_fork+0x10/0x20
[   18.604352] 
[   18.604383] The buggy address belongs to the physical page:
[   18.604719] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106598
[   18.604789] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.605217] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.605286] page_type: f8(unknown)
[   18.605326] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.605783] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.605852] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.606238] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.606447] head: 0bfffe0000000002 ffffc1ffc3196601 00000000ffffffff 00000000ffffffff
[   18.606622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.606920] page dumped because: kasan: bad access detected
[   18.606957] 
[   18.607003] Memory state around the buggy address:
[   18.607118]  fff00000c6599f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.607181]  fff00000c6599f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.607504] >fff00000c659a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.607547]                    ^
[   18.607885]  fff00000c659a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.608024]  fff00000c659a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.608063] ==================================================================
[   18.625404] ==================================================================
[   18.625480] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.625772] Read of size 1 at addr fff00000c6f592bb by task kunit_try_catch/226
[   18.626275] 
[   18.626364] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.626453] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.626480] Hardware name: linux,dummy-virt (DT)
[   18.626511] Call trace:
[   18.626535]  show_stack+0x20/0x38 (C)
[   18.627131]  dump_stack_lvl+0x8c/0xd0
[   18.627545]  print_report+0x118/0x608
[   18.627671]  kasan_report+0xdc/0x128
[   18.627990]  __asan_report_load1_noabort+0x20/0x30
[   18.628177]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.628227]  mempool_slab_oob_right+0xc0/0x118
[   18.628275]  kunit_try_run_case+0x170/0x3f0
[   18.628760]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.628814]  kthread+0x328/0x630
[   18.629123]  ret_from_fork+0x10/0x20
[   18.629422] 
[   18.629516] Allocated by task 226:
[   18.629560]  kasan_save_stack+0x3c/0x68
[   18.629606]  kasan_save_track+0x20/0x40
[   18.629643]  kasan_save_alloc_info+0x40/0x58
[   18.629682]  __kasan_mempool_unpoison_object+0xbc/0x180
[   18.630046]  remove_element+0x16c/0x1f8
[   18.630090]  mempool_alloc_preallocated+0x58/0xc0
[   18.630135]  mempool_oob_right_helper+0x98/0x2f0
[   18.630172]  mempool_slab_oob_right+0xc0/0x118
[   18.630211]  kunit_try_run_case+0x170/0x3f0
[   18.630628]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.630678]  kthread+0x328/0x630
[   18.630861]  ret_from_fork+0x10/0x20
[   18.631090] 
[   18.631140] The buggy address belongs to the object at fff00000c6f59240
[   18.631140]  which belongs to the cache test_cache of size 123
[   18.631209] The buggy address is located 0 bytes to the right of
[   18.631209]  allocated 123-byte region [fff00000c6f59240, fff00000c6f592bb)
[   18.631295] 
[   18.631347] The buggy address belongs to the physical page:
[   18.631382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f59
[   18.631433] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.631483] page_type: f5(slab)
[   18.631599] raw: 0bfffe0000000000 fff00000c6f4f140 dead000000000122 0000000000000000
[   18.631804] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   18.631969] page dumped because: kasan: bad access detected
[   18.632014] 
[   18.632031] Memory state around the buggy address:
[   18.632063]  fff00000c6f59180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.632113]  fff00000c6f59200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   18.632178] >fff00000c6f59280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   18.632215]                                         ^
[   18.632614]  fff00000c6f59300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.632661]  fff00000c6f59380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.632706] ==================================================================
[   18.588743] ==================================================================
[   18.588822] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.588914] Read of size 1 at addr fff00000c5872773 by task kunit_try_catch/222
[   18.588963] 
[   18.589007] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.589096] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.589123] Hardware name: linux,dummy-virt (DT)
[   18.589157] Call trace:
[   18.589183]  show_stack+0x20/0x38 (C)
[   18.589236]  dump_stack_lvl+0x8c/0xd0
[   18.589286]  print_report+0x118/0x608
[   18.589333]  kasan_report+0xdc/0x128
[   18.589377]  __asan_report_load1_noabort+0x20/0x30
[   18.589428]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.589476]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.589525]  kunit_try_run_case+0x170/0x3f0
[   18.589575]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.589625]  kthread+0x328/0x630
[   18.589669]  ret_from_fork+0x10/0x20
[   18.589717] 
[   18.589736] Allocated by task 222:
[   18.589766]  kasan_save_stack+0x3c/0x68
[   18.589805]  kasan_save_track+0x20/0x40
[   18.589854]  kasan_save_alloc_info+0x40/0x58
[   18.589892]  __kasan_mempool_unpoison_object+0x11c/0x180
[   18.589935]  remove_element+0x130/0x1f8
[   18.589972]  mempool_alloc_preallocated+0x58/0xc0
[   18.590011]  mempool_oob_right_helper+0x98/0x2f0
[   18.590051]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.590091]  kunit_try_run_case+0x170/0x3f0
[   18.590128]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.590171]  kthread+0x328/0x630
[   18.590202]  ret_from_fork+0x10/0x20
[   18.590239] 
[   18.590259] The buggy address belongs to the object at fff00000c5872700
[   18.590259]  which belongs to the cache kmalloc-128 of size 128
[   18.590317] The buggy address is located 0 bytes to the right of
[   18.590317]  allocated 115-byte region [fff00000c5872700, fff00000c5872773)
[   18.590379] 
[   18.590400] The buggy address belongs to the physical page:
[   18.590434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105872
[   18.590492] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.590543] page_type: f5(slab)
[   18.590585] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.590636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.590678] page dumped because: kasan: bad access detected
[   18.590708] 
[   18.590733] Memory state around the buggy address:
[   18.590881]  fff00000c5872600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.590929]  fff00000c5872680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.590973] >fff00000c5872700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.591012]                                                              ^
[   18.591052]  fff00000c5872780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.591096]  fff00000c5872800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.591136] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW7UZxPiH1T464u20hwJIzMWq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW7UZxPiH1T464u20hwJIzMWq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/Image.gz
sha256sum	73455ba8c867cc31230938836185eba847c55da4ba6373a74526940ec423a2fc

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/modules.tar.xz
sha256sum	b3a38b7dc2158aa4df654dd76a8d8d3385fffbddc38ddea05f97ea9d33ec2580

durations

tests

boot	0
kunit	180.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.788999] ==================================================================
[   13.789668] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.790222] Read of size 1 at addr ffff888102a13273 by task kunit_try_catch/238
[   13.790749] 
[   13.790945] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.791147] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.791162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.791186] Call Trace:
[   13.791200]  <TASK>
[   13.791220]  dump_stack_lvl+0x73/0xb0
[   13.791256]  print_report+0xd1/0x650
[   13.791279]  ? __virt_addr_valid+0x1db/0x2d0
[   13.791305]  ? mempool_oob_right_helper+0x318/0x380
[   13.791330]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.791354]  ? mempool_oob_right_helper+0x318/0x380
[   13.791378]  kasan_report+0x141/0x180
[   13.791401]  ? mempool_oob_right_helper+0x318/0x380
[   13.791430]  __asan_report_load1_noabort+0x18/0x20
[   13.791455]  mempool_oob_right_helper+0x318/0x380
[   13.791480]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.791503]  ? update_load_avg+0x1be/0x21b0
[   13.791529]  ? update_load_avg+0x1be/0x21b0
[   13.791551]  ? update_curr+0x80/0x810
[   13.791570]  ? pick_eevdf+0x18a/0x590
[   13.791592]  ? finish_task_switch.isra.0+0x153/0x700
[   13.791619]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.791644]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   13.791671]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.791697]  ? __pfx_mempool_kfree+0x10/0x10
[   13.791723]  ? __pfx_read_tsc+0x10/0x10
[   13.791755]  ? ktime_get_ts64+0x86/0x230
[   13.791781]  kunit_try_run_case+0x1a5/0x480
[   13.791808]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.791830]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.791855]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.791879]  ? __kthread_parkme+0x82/0x180
[   13.791901]  ? preempt_count_sub+0x50/0x80
[   13.791937]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.791961]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.791986]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.792028]  kthread+0x337/0x6f0
[   13.792054]  ? trace_preempt_on+0x20/0xc0
[   13.792078]  ? __pfx_kthread+0x10/0x10
[   13.792099]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.792121]  ? calculate_sigpending+0x7b/0xa0
[   13.792145]  ? __pfx_kthread+0x10/0x10
[   13.792167]  ret_from_fork+0x116/0x1d0
[   13.792185]  ? __pfx_kthread+0x10/0x10
[   13.792205]  ret_from_fork_asm+0x1a/0x30
[   13.792238]  </TASK>
[   13.792250] 
[   13.804455] Allocated by task 238:
[   13.804648]  kasan_save_stack+0x45/0x70
[   13.804858]  kasan_save_track+0x18/0x40
[   13.805075]  kasan_save_alloc_info+0x3b/0x50
[   13.805566]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.805844]  remove_element+0x11e/0x190
[   13.806176]  mempool_alloc_preallocated+0x4d/0x90
[   13.806376]  mempool_oob_right_helper+0x8a/0x380
[   13.806585]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.806971]  kunit_try_run_case+0x1a5/0x480
[   13.807305]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.807504]  kthread+0x337/0x6f0
[   13.807839]  ret_from_fork+0x116/0x1d0
[   13.808024]  ret_from_fork_asm+0x1a/0x30
[   13.808414] 
[   13.808519] The buggy address belongs to the object at ffff888102a13200
[   13.808519]  which belongs to the cache kmalloc-128 of size 128
[   13.809222] The buggy address is located 0 bytes to the right of
[   13.809222]  allocated 115-byte region [ffff888102a13200, ffff888102a13273)
[   13.809720] 
[   13.810118] The buggy address belongs to the physical page:
[   13.810440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a13
[   13.810874] flags: 0x200000000000000(node=0|zone=2)
[   13.811061] page_type: f5(slab)
[   13.811186] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.811420] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.811816] page dumped because: kasan: bad access detected
[   13.811997] 
[   13.812065] Memory state around the buggy address:
[   13.812217]  ffff888102a13100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.812428]  ffff888102a13180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.812637] >ffff888102a13200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.812844]                                                              ^
[   13.813456]  ffff888102a13280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.813685]  ffff888102a13300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.814391] ==================================================================
[   13.852824] ==================================================================
[   13.853580] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.853865] Read of size 1 at addr ffff8881039532bb by task kunit_try_catch/242
[   13.854411] 
[   13.854532] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.854579] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.854590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.854613] Call Trace:
[   13.854625]  <TASK>
[   13.854642]  dump_stack_lvl+0x73/0xb0
[   13.854674]  print_report+0xd1/0x650
[   13.854697]  ? __virt_addr_valid+0x1db/0x2d0
[   13.854724]  ? mempool_oob_right_helper+0x318/0x380
[   13.855006]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.855253]  ? mempool_oob_right_helper+0x318/0x380
[   13.855280]  kasan_report+0x141/0x180
[   13.855302]  ? mempool_oob_right_helper+0x318/0x380
[   13.855332]  __asan_report_load1_noabort+0x18/0x20
[   13.855357]  mempool_oob_right_helper+0x318/0x380
[   13.855382]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.855409]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.855432]  ? finish_task_switch.isra.0+0x153/0x700
[   13.855459]  mempool_slab_oob_right+0xed/0x140
[   13.855483]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   13.855511]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   13.855537]  ? __pfx_mempool_free_slab+0x10/0x10
[   13.855563]  ? __pfx_read_tsc+0x10/0x10
[   13.855584]  ? ktime_get_ts64+0x86/0x230
[   13.855608]  kunit_try_run_case+0x1a5/0x480
[   13.855634]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.855657]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.855681]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.855705]  ? __kthread_parkme+0x82/0x180
[   13.855726]  ? preempt_count_sub+0x50/0x80
[   13.855751]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.855776]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.855801]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.855827]  kthread+0x337/0x6f0
[   13.855846]  ? trace_preempt_on+0x20/0xc0
[   13.855869]  ? __pfx_kthread+0x10/0x10
[   13.855891]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.855913]  ? calculate_sigpending+0x7b/0xa0
[   13.855955]  ? __pfx_kthread+0x10/0x10
[   13.855977]  ret_from_fork+0x116/0x1d0
[   13.855995]  ? __pfx_kthread+0x10/0x10
[   13.856015]  ret_from_fork_asm+0x1a/0x30
[   13.856061]  </TASK>
[   13.856071] 
[   13.867987] Allocated by task 242:
[   13.868195]  kasan_save_stack+0x45/0x70
[   13.868491]  kasan_save_track+0x18/0x40
[   13.868644]  kasan_save_alloc_info+0x3b/0x50
[   13.868788]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   13.869059]  remove_element+0x11e/0x190
[   13.869280]  mempool_alloc_preallocated+0x4d/0x90
[   13.869507]  mempool_oob_right_helper+0x8a/0x380
[   13.869661]  mempool_slab_oob_right+0xed/0x140
[   13.869895]  kunit_try_run_case+0x1a5/0x480
[   13.870223]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.870481]  kthread+0x337/0x6f0
[   13.870607]  ret_from_fork+0x116/0x1d0
[   13.870735]  ret_from_fork_asm+0x1a/0x30
[   13.870953] 
[   13.871126] The buggy address belongs to the object at ffff888103953240
[   13.871126]  which belongs to the cache test_cache of size 123
[   13.871676] The buggy address is located 0 bytes to the right of
[   13.871676]  allocated 123-byte region [ffff888103953240, ffff8881039532bb)
[   13.872412] 
[   13.872491] The buggy address belongs to the physical page:
[   13.872712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103953
[   13.873289] flags: 0x200000000000000(node=0|zone=2)
[   13.873488] page_type: f5(slab)
[   13.873694] raw: 0200000000000000 ffff88810394a3c0 dead000000000122 0000000000000000
[   13.874011] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   13.874349] page dumped because: kasan: bad access detected
[   13.874520] 
[   13.874586] Memory state around the buggy address:
[   13.874827]  ffff888103953180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.875414]  ffff888103953200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   13.875748] >ffff888103953280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   13.875997]                                         ^
[   13.876169]  ffff888103953300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.876592]  ffff888103953380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.876950] ==================================================================
[   13.823745] ==================================================================
[   13.824484] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.825012] Read of size 1 at addr ffff888102a56001 by task kunit_try_catch/240
[   13.825466] 
[   13.825651] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.825698] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.825709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.825728] Call Trace:
[   13.825741]  <TASK>
[   13.825755]  dump_stack_lvl+0x73/0xb0
[   13.825956]  print_report+0xd1/0x650
[   13.825990]  ? __virt_addr_valid+0x1db/0x2d0
[   13.826046]  ? mempool_oob_right_helper+0x318/0x380
[   13.826088]  ? kasan_addr_to_slab+0x11/0xa0
[   13.826112]  ? mempool_oob_right_helper+0x318/0x380
[   13.826137]  kasan_report+0x141/0x180
[   13.826160]  ? mempool_oob_right_helper+0x318/0x380
[   13.826189]  __asan_report_load1_noabort+0x18/0x20
[   13.826214]  mempool_oob_right_helper+0x318/0x380
[   13.826240]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.826268]  ? __kasan_check_write+0x18/0x20
[   13.826289]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.826312]  ? finish_task_switch.isra.0+0x153/0x700
[   13.826339]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   13.826366]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.826396]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.826421]  ? __pfx_mempool_kfree+0x10/0x10
[   13.826447]  ? __pfx_read_tsc+0x10/0x10
[   13.826468]  ? ktime_get_ts64+0x86/0x230
[   13.826494]  kunit_try_run_case+0x1a5/0x480
[   13.826522]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.826545]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.826570]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.826593]  ? __kthread_parkme+0x82/0x180
[   13.826613]  ? preempt_count_sub+0x50/0x80
[   13.826637]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.826661]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.826686]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.826711]  kthread+0x337/0x6f0
[   13.826729]  ? trace_preempt_on+0x20/0xc0
[   13.826771]  ? __pfx_kthread+0x10/0x10
[   13.826791]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.826814]  ? calculate_sigpending+0x7b/0xa0
[   13.826838]  ? __pfx_kthread+0x10/0x10
[   13.826859]  ret_from_fork+0x116/0x1d0
[   13.826878]  ? __pfx_kthread+0x10/0x10
[   13.826898]  ret_from_fork_asm+0x1a/0x30
[   13.826941]  </TASK>
[   13.826951] 
[   13.838215] The buggy address belongs to the physical page:
[   13.838468] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a54
[   13.839017] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.839667] flags: 0x200000000000040(head|node=0|zone=2)
[   13.840329] page_type: f8(unknown)
[   13.840530] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.840944] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.841537] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.842131] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.842466] head: 0200000000000002 ffffea00040a9501 00000000ffffffff 00000000ffffffff
[   13.842991] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.843681] page dumped because: kasan: bad access detected
[   13.844001] 
[   13.844236] Memory state around the buggy address:
[   13.844454]  ffff888102a55f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.844748]  ffff888102a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.845048] >ffff888102a56000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.845337]                    ^
[   13.845489]  ffff888102a56080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.846417]  ffff888102a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.846973] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW8T0rf8x1xNcZqJ5ltfUVkWA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW8T0rf8x1xNcZqJ5ltfUVkWA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/bzImage
sha256sum	7f21af14d55a2a6c00657897b5a61581bc03fb7498328917a2f2ae35737ec23d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/modules.tar.xz
sha256sum	390422b5b27780b5bdc518a6075ef4179367a706b7d88bc8e5416986229d72fd

durations

tests

boot	0
kunit	209.86

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit