lkft/linux-mainline-master - v6.16-rc5-266-g3f31a806a62e - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 12, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.402565] ==================================================================
[   18.402640] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.402929] Read of size 1 at addr fff00000c65b12bb by task kunit_try_catch/225
[   18.403361] 
[   18.403425] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.403513] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.403541] Hardware name: linux,dummy-virt (DT)
[   18.403572] Call trace:
[   18.403594]  show_stack+0x20/0x38 (C)
[   18.403643]  dump_stack_lvl+0x8c/0xd0
[   18.403692]  print_report+0x118/0x5d0
[   18.403738]  kasan_report+0xdc/0x128
[   18.404057]  __asan_report_load1_noabort+0x20/0x30
[   18.404118]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.404300]  mempool_slab_oob_right+0xc0/0x118
[   18.404436]  kunit_try_run_case+0x170/0x3f0
[   18.404537]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.404647]  kthread+0x328/0x630
[   18.404732]  ret_from_fork+0x10/0x20
[   18.404792] 
[   18.404810] Allocated by task 225:
[   18.405065]  kasan_save_stack+0x3c/0x68
[   18.405162]  kasan_save_track+0x20/0x40
[   18.405274]  kasan_save_alloc_info+0x40/0x58
[   18.405326]  __kasan_mempool_unpoison_object+0xbc/0x180
[   18.405416]  remove_element+0x16c/0x1f8
[   18.405469]  mempool_alloc_preallocated+0x58/0xc0
[   18.405514]  mempool_oob_right_helper+0x98/0x2f0
[   18.405563]  mempool_slab_oob_right+0xc0/0x118
[   18.405611]  kunit_try_run_case+0x170/0x3f0
[   18.405648]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.405715]  kthread+0x328/0x630
[   18.405765]  ret_from_fork+0x10/0x20
[   18.405802] 
[   18.405823] The buggy address belongs to the object at fff00000c65b1240
[   18.405823]  which belongs to the cache test_cache of size 123
[   18.405882] The buggy address is located 0 bytes to the right of
[   18.405882]  allocated 123-byte region [fff00000c65b1240, fff00000c65b12bb)
[   18.406072] 
[   18.406135] The buggy address belongs to the physical page:
[   18.406267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1
[   18.406362] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.406415] page_type: f5(slab)
[   18.406454] raw: 0bfffe0000000000 fff00000c66fd140 dead000000000122 0000000000000000
[   18.406732] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   18.406780] page dumped because: kasan: bad access detected
[   18.406812] 
[   18.406848] Memory state around the buggy address:
[   18.406892]  fff00000c65b1180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.406938]  fff00000c65b1200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   18.406991] >fff00000c65b1280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   18.407030]                                         ^
[   18.407073]  fff00000c65b1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.407134]  fff00000c65b1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.407182] ==================================================================
[   18.357441] ==================================================================
[   18.357517] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.357592] Read of size 1 at addr fff00000c7897373 by task kunit_try_catch/221
[   18.357644] 
[   18.357685] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.357772] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.357798] Hardware name: linux,dummy-virt (DT)
[   18.357833] Call trace:
[   18.357856]  show_stack+0x20/0x38 (C)
[   18.357908]  dump_stack_lvl+0x8c/0xd0
[   18.357962]  print_report+0x118/0x5d0
[   18.358010]  kasan_report+0xdc/0x128
[   18.358053]  __asan_report_load1_noabort+0x20/0x30
[   18.358104]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.358152]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.358212]  kunit_try_run_case+0x170/0x3f0
[   18.358261]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.358314]  kthread+0x328/0x630
[   18.358355]  ret_from_fork+0x10/0x20
[   18.358404] 
[   18.358423] Allocated by task 221:
[   18.358454]  kasan_save_stack+0x3c/0x68
[   18.358494]  kasan_save_track+0x20/0x40
[   18.358531]  kasan_save_alloc_info+0x40/0x58
[   18.358572]  __kasan_mempool_unpoison_object+0x11c/0x180
[   18.358616]  remove_element+0x130/0x1f8
[   18.358654]  mempool_alloc_preallocated+0x58/0xc0
[   18.358693]  mempool_oob_right_helper+0x98/0x2f0
[   18.358732]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.358773]  kunit_try_run_case+0x170/0x3f0
[   18.358812]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.358854]  kthread+0x328/0x630
[   18.358888]  ret_from_fork+0x10/0x20
[   18.358923] 
[   18.358944] The buggy address belongs to the object at fff00000c7897300
[   18.358944]  which belongs to the cache kmalloc-128 of size 128
[   18.359004] The buggy address is located 0 bytes to the right of
[   18.359004]  allocated 115-byte region [fff00000c7897300, fff00000c7897373)
[   18.359072] 
[   18.359094] The buggy address belongs to the physical page:
[   18.359128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107897
[   18.359194] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.359249] page_type: f5(slab)
[   18.359297] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.359349] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.359392] page dumped because: kasan: bad access detected
[   18.359423] 
[   18.359441] Memory state around the buggy address:
[   18.359476]  fff00000c7897200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.359520]  fff00000c7897280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.359565] >fff00000c7897300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.359607]                                                              ^
[   18.359648]  fff00000c7897380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.359691]  fff00000c7897400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.359732] ==================================================================
[   18.380264] ==================================================================
[   18.380665] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.380820] Read of size 1 at addr fff00000c79b2001 by task kunit_try_catch/223
[   18.380871] 
[   18.381026] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.381410] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.381500] Hardware name: linux,dummy-virt (DT)
[   18.381532] Call trace:
[   18.381798]  show_stack+0x20/0x38 (C)
[   18.382129]  dump_stack_lvl+0x8c/0xd0
[   18.382215]  print_report+0x118/0x5d0
[   18.382260]  kasan_report+0xdc/0x128
[   18.382621]  __asan_report_load1_noabort+0x20/0x30
[   18.382804]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.382859]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   18.383241]  kunit_try_run_case+0x170/0x3f0
[   18.383354]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.383409]  kthread+0x328/0x630
[   18.383609]  ret_from_fork+0x10/0x20
[   18.383661] 
[   18.383681] The buggy address belongs to the physical page:
[   18.383715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079b0
[   18.384014] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.384123] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.384706] page_type: f8(unknown)
[   18.384755] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.385226] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.385284] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.385365] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.385636] head: 0bfffe0000000002 ffffc1ffc31e6c01 00000000ffffffff 00000000ffffffff
[   18.385690] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.386099] page dumped because: kasan: bad access detected
[   18.386293] 
[   18.386326] Memory state around the buggy address:
[   18.386635]  fff00000c79b1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.386877]  fff00000c79b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.386942] >fff00000c79b2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.386981]                    ^
[   18.387009]  fff00000c79b2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.387244]  fff00000c79b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.387818] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2znL9QWSKh9jtM3vTXwXjWrQIyK

job_id

TEST:linaro@lkft#2znLDVLP3ZXG8pfhY1jEbNie9dN

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2znLDVLP3ZXG8pfhY1jEbNie9dN

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLAbhqx7JKeEJepxMHIK2e3q3/Image.gz
sha256sum	2076283a81f0cbb0cb655b0b1a6f1f543a528d6518b44450c43376cd43cb9fb5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLAbhqx7JKeEJepxMHIK2e3q3/modules.tar.xz
sha256sum	8e0ad1fd79bc59f15b066f7e6b46d18cbb8a16a6dd13f47c309f97c71ffc31d7

durations

tests

boot	0
kunit	172.04

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   14.466113] ==================================================================
[   14.466553] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   14.466823] Read of size 1 at addr ffff888102a082bb by task kunit_try_catch/242
[   14.467211] 
[   14.467456] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   14.467516] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.467528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.467562] Call Trace:
[   14.467574]  <TASK>
[   14.467593]  dump_stack_lvl+0x73/0xb0
[   14.467637]  print_report+0xd1/0x610
[   14.467661]  ? __virt_addr_valid+0x1db/0x2d0
[   14.467687]  ? mempool_oob_right_helper+0x318/0x380
[   14.467711]  ? kasan_complete_mode_report_info+0x2a/0x200
[   14.467734]  ? mempool_oob_right_helper+0x318/0x380
[   14.467758]  kasan_report+0x141/0x180
[   14.467789]  ? mempool_oob_right_helper+0x318/0x380
[   14.467818]  __asan_report_load1_noabort+0x18/0x20
[   14.467854]  mempool_oob_right_helper+0x318/0x380
[   14.467879]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   14.467906]  ? __pfx_sched_clock_cpu+0x10/0x10
[   14.467931]  ? finish_task_switch.isra.0+0x153/0x700
[   14.467958]  mempool_slab_oob_right+0xed/0x140
[   14.467982]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   14.468308]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   14.468337]  ? __pfx_mempool_free_slab+0x10/0x10
[   14.468363]  ? __pfx_read_tsc+0x10/0x10
[   14.468396]  ? ktime_get_ts64+0x86/0x230
[   14.468422]  kunit_try_run_case+0x1a5/0x480
[   14.468449]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.468473]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.468500]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.468525]  ? __kthread_parkme+0x82/0x180
[   14.468547]  ? preempt_count_sub+0x50/0x80
[   14.468580]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.468622]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.468658]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.468684]  kthread+0x337/0x6f0
[   14.468703]  ? trace_preempt_on+0x20/0xc0
[   14.468727]  ? __pfx_kthread+0x10/0x10
[   14.468748]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.468769]  ? calculate_sigpending+0x7b/0xa0
[   14.468795]  ? __pfx_kthread+0x10/0x10
[   14.468816]  ret_from_fork+0x116/0x1d0
[   14.468835]  ? __pfx_kthread+0x10/0x10
[   14.468855]  ret_from_fork_asm+0x1a/0x30
[   14.468887]  </TASK>
[   14.468897] 
[   14.482616] Allocated by task 242:
[   14.482959]  kasan_save_stack+0x45/0x70
[   14.483427]  kasan_save_track+0x18/0x40
[   14.483793]  kasan_save_alloc_info+0x3b/0x50
[   14.484341]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   14.484912]  remove_element+0x11e/0x190
[   14.485225]  mempool_alloc_preallocated+0x4d/0x90
[   14.485399]  mempool_oob_right_helper+0x8a/0x380
[   14.485553]  mempool_slab_oob_right+0xed/0x140
[   14.485702]  kunit_try_run_case+0x1a5/0x480
[   14.485849]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.486059]  kthread+0x337/0x6f0
[   14.486178]  ret_from_fork+0x116/0x1d0
[   14.486501]  ret_from_fork_asm+0x1a/0x30
[   14.486736] 
[   14.486840] The buggy address belongs to the object at ffff888102a08240
[   14.486840]  which belongs to the cache test_cache of size 123
[   14.487412] The buggy address is located 0 bytes to the right of
[   14.487412]  allocated 123-byte region [ffff888102a08240, ffff888102a082bb)
[   14.487863] 
[   14.487939] The buggy address belongs to the physical page:
[   14.488523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a08
[   14.488921] flags: 0x200000000000000(node=0|zone=2)
[   14.489169] page_type: f5(slab)
[   14.489363] raw: 0200000000000000 ffff888101cdddc0 dead000000000122 0000000000000000
[   14.489793] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   14.490137] page dumped because: kasan: bad access detected
[   14.490453] 
[   14.490570] Memory state around the buggy address:
[   14.490798]  ffff888102a08180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.491130]  ffff888102a08200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   14.491400] >ffff888102a08280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   14.491885]                                         ^
[   14.492183]  ffff888102a08300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.492536]  ffff888102a08380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.492806] ==================================================================
[   14.408300] ==================================================================
[   14.408752] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   14.409433] Read of size 1 at addr ffff8881027eb873 by task kunit_try_catch/238
[   14.409774] 
[   14.409895] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   14.409946] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.409958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.409983] Call Trace:
[   14.410130]  <TASK>
[   14.410315]  dump_stack_lvl+0x73/0xb0
[   14.410354]  print_report+0xd1/0x610
[   14.410379]  ? __virt_addr_valid+0x1db/0x2d0
[   14.410405]  ? mempool_oob_right_helper+0x318/0x380
[   14.410430]  ? kasan_complete_mode_report_info+0x2a/0x200
[   14.410453]  ? mempool_oob_right_helper+0x318/0x380
[   14.410478]  kasan_report+0x141/0x180
[   14.410501]  ? mempool_oob_right_helper+0x318/0x380
[   14.410530]  __asan_report_load1_noabort+0x18/0x20
[   14.410556]  mempool_oob_right_helper+0x318/0x380
[   14.410581]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   14.410608]  ? __kasan_check_write+0x18/0x20
[   14.410629]  ? __pfx_sched_clock_cpu+0x10/0x10
[   14.410653]  ? finish_task_switch.isra.0+0x153/0x700
[   14.410681]  mempool_kmalloc_oob_right+0xf2/0x150
[   14.410711]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   14.410739]  ? __pfx_mempool_kmalloc+0x10/0x10
[   14.410765]  ? __pfx_mempool_kfree+0x10/0x10
[   14.410791]  ? __pfx_read_tsc+0x10/0x10
[   14.410814]  ? ktime_get_ts64+0x86/0x230
[   14.410840]  kunit_try_run_case+0x1a5/0x480
[   14.410867]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.410891]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.410917]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.410942]  ? __kthread_parkme+0x82/0x180
[   14.410964]  ? preempt_count_sub+0x50/0x80
[   14.411008]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.411053]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.411078]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.411104]  kthread+0x337/0x6f0
[   14.411123]  ? trace_preempt_on+0x20/0xc0
[   14.411149]  ? __pfx_kthread+0x10/0x10
[   14.411169]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.411191]  ? calculate_sigpending+0x7b/0xa0
[   14.411217]  ? __pfx_kthread+0x10/0x10
[   14.411239]  ret_from_fork+0x116/0x1d0
[   14.411257]  ? __pfx_kthread+0x10/0x10
[   14.411287]  ret_from_fork_asm+0x1a/0x30
[   14.411319]  </TASK>
[   14.411331] 
[   14.422331] Allocated by task 238:
[   14.422495]  kasan_save_stack+0x45/0x70
[   14.422696]  kasan_save_track+0x18/0x40
[   14.422889]  kasan_save_alloc_info+0x3b/0x50
[   14.423191]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   14.423505]  remove_element+0x11e/0x190
[   14.423695]  mempool_alloc_preallocated+0x4d/0x90
[   14.423854]  mempool_oob_right_helper+0x8a/0x380
[   14.424070]  mempool_kmalloc_oob_right+0xf2/0x150
[   14.424317]  kunit_try_run_case+0x1a5/0x480
[   14.424641]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.424838]  kthread+0x337/0x6f0
[   14.425082]  ret_from_fork+0x116/0x1d0
[   14.425319]  ret_from_fork_asm+0x1a/0x30
[   14.425536] 
[   14.425640] The buggy address belongs to the object at ffff8881027eb800
[   14.425640]  which belongs to the cache kmalloc-128 of size 128
[   14.426139] The buggy address is located 0 bytes to the right of
[   14.426139]  allocated 115-byte region [ffff8881027eb800, ffff8881027eb873)
[   14.426626] 
[   14.426730] The buggy address belongs to the physical page:
[   14.427005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027eb
[   14.427361] flags: 0x200000000000000(node=0|zone=2)
[   14.427814] page_type: f5(slab)
[   14.428014] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   14.428452] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   14.428709] page dumped because: kasan: bad access detected
[   14.429061] 
[   14.429158] Memory state around the buggy address:
[   14.429389]  ffff8881027eb700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.429651]  ffff8881027eb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.429924] >ffff8881027eb800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   14.430238]                                                              ^
[   14.430453]  ffff8881027eb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.430922]  ffff8881027eb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   14.431141] ==================================================================
[   14.441733] ==================================================================
[   14.442521] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   14.442858] Read of size 1 at addr ffff888102c06001 by task kunit_try_catch/240
[   14.443225] 
[   14.443364] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   14.443414] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.443427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.443451] Call Trace:
[   14.443463]  <TASK>
[   14.443482]  dump_stack_lvl+0x73/0xb0
[   14.443516]  print_report+0xd1/0x610
[   14.443541]  ? __virt_addr_valid+0x1db/0x2d0
[   14.443566]  ? mempool_oob_right_helper+0x318/0x380
[   14.443591]  ? kasan_addr_to_slab+0x11/0xa0
[   14.443611]  ? mempool_oob_right_helper+0x318/0x380
[   14.443635]  kasan_report+0x141/0x180
[   14.443657]  ? mempool_oob_right_helper+0x318/0x380
[   14.443686]  __asan_report_load1_noabort+0x18/0x20
[   14.443711]  mempool_oob_right_helper+0x318/0x380
[   14.443737]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   14.443765]  ? __kasan_check_write+0x18/0x20
[   14.443785]  ? __pfx_sched_clock_cpu+0x10/0x10
[   14.443810]  ? finish_task_switch.isra.0+0x153/0x700
[   14.443836]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   14.443863]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   14.443892]  ? __pfx_mempool_kmalloc+0x10/0x10
[   14.443918]  ? __pfx_mempool_kfree+0x10/0x10
[   14.443942]  ? __pfx_read_tsc+0x10/0x10
[   14.443965]  ? ktime_get_ts64+0x86/0x230
[   14.443989]  kunit_try_run_case+0x1a5/0x480
[   14.444016]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.444233]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.444260]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.444296]  ? __kthread_parkme+0x82/0x180
[   14.444318]  ? preempt_count_sub+0x50/0x80
[   14.444342]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.444367]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.444392]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.444418]  kthread+0x337/0x6f0
[   14.444438]  ? trace_preempt_on+0x20/0xc0
[   14.444462]  ? __pfx_kthread+0x10/0x10
[   14.444483]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.444505]  ? calculate_sigpending+0x7b/0xa0
[   14.444530]  ? __pfx_kthread+0x10/0x10
[   14.444551]  ret_from_fork+0x116/0x1d0
[   14.444571]  ? __pfx_kthread+0x10/0x10
[   14.444592]  ret_from_fork_asm+0x1a/0x30
[   14.444624]  </TASK>
[   14.444635] 
[   14.454521] The buggy address belongs to the physical page:
[   14.454797] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c04
[   14.455271] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   14.455552] flags: 0x200000000000040(head|node=0|zone=2)
[   14.455772] page_type: f8(unknown)
[   14.455925] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.456241] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.456665] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.456937] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.457218] head: 0200000000000002 ffffea00040b0101 00000000ffffffff 00000000ffffffff
[   14.457627] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   14.458093] page dumped because: kasan: bad access detected
[   14.458298] 
[   14.458393] Memory state around the buggy address:
[   14.458625]  ffff888102c05f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.458900]  ffff888102c05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.459322] >ffff888102c06000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.459637]                    ^
[   14.459812]  ffff888102c06080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.460191]  ffff888102c06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.460469] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2znL9QWSKh9jtM3vTXwXjWrQIyK

job_id

TEST:linaro@lkft#2znLEOh778NdzqxXvclxM6kz90I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2znLEOh778NdzqxXvclxM6kz90I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLBZJ8DrV0sDu6ze15nNjIKDA/bzImage
sha256sum	2a1fe3c86694600225737fe879edc46b86f5b64f276401d78943c1237bad361e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLBZJ8DrV0sDu6ze15nNjIKDA/modules.tar.xz
sha256sum	446d0d0ad74df0e03d659bdb36c8438b61b4b4a20a71ccdbc36ae4991603fc00

durations

tests

boot	0
kunit	245.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit