lkft/linux-mainline-master - v6.16-rc5-53-g8c2e52ebbe88 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 9, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.447958] ==================================================================
[   18.448043] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.448138] Read of size 1 at addr fff00000c6cb4173 by task kunit_try_catch/221
[   18.448187] 
[   18.448231] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.448320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.448348] Hardware name: linux,dummy-virt (DT)
[   18.448382] Call trace:
[   18.448408]  show_stack+0x20/0x38 (C)
[   18.448461]  dump_stack_lvl+0x8c/0xd0
[   18.448512]  print_report+0x118/0x608
[   18.448562]  kasan_report+0xdc/0x128
[   18.448606]  __asan_report_load1_noabort+0x20/0x30
[   18.448657]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.448705]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.448754]  kunit_try_run_case+0x170/0x3f0
[   18.448804]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.448857]  kthread+0x328/0x630
[   18.448900]  ret_from_fork+0x10/0x20
[   18.448949] 
[   18.448967] Allocated by task 221:
[   18.448997]  kasan_save_stack+0x3c/0x68
[   18.449038]  kasan_save_track+0x20/0x40
[   18.449076]  kasan_save_alloc_info+0x40/0x58
[   18.449125]  __kasan_mempool_unpoison_object+0x11c/0x180
[   18.449169]  remove_element+0x130/0x1f8
[   18.449206]  mempool_alloc_preallocated+0x58/0xc0
[   18.449244]  mempool_oob_right_helper+0x98/0x2f0
[   18.449283]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.449324]  kunit_try_run_case+0x170/0x3f0
[   18.449362]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.449405]  kthread+0x328/0x630
[   18.449437]  ret_from_fork+0x10/0x20
[   18.449472] 
[   18.449493] The buggy address belongs to the object at fff00000c6cb4100
[   18.449493]  which belongs to the cache kmalloc-128 of size 128
[   18.449554] The buggy address is located 0 bytes to the right of
[   18.449554]  allocated 115-byte region [fff00000c6cb4100, fff00000c6cb4173)
[   18.449618] 
[   18.449639] The buggy address belongs to the physical page:
[   18.449672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106cb4
[   18.449727] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.449779] page_type: f5(slab)
[   18.449823] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.449873] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.449914] page dumped because: kasan: bad access detected
[   18.449944] 
[   18.449962] Memory state around the buggy address:
[   18.449996]  fff00000c6cb4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.450040]  fff00000c6cb4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.450082] >fff00000c6cb4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.450130]                                                              ^
[   18.450170]  fff00000c6cb4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.450214]  fff00000c6cb4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.450252] ==================================================================
[   18.486808] ==================================================================
[   18.488862] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.489788] Read of size 1 at addr fff00000c76af2bb by task kunit_try_catch/225
[   18.490044] 
[   18.490110] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.490678] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.490712] Hardware name: linux,dummy-virt (DT)
[   18.490749] Call trace:
[   18.491017]  show_stack+0x20/0x38 (C)
[   18.491535]  dump_stack_lvl+0x8c/0xd0
[   18.492531]  print_report+0x118/0x608
[   18.493048]  kasan_report+0xdc/0x128
[   18.493607]  __asan_report_load1_noabort+0x20/0x30
[   18.493663]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.494614]  mempool_slab_oob_right+0xc0/0x118
[   18.494715]  kunit_try_run_case+0x170/0x3f0
[   18.494770]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.494822]  kthread+0x328/0x630
[   18.495766]  ret_from_fork+0x10/0x20
[   18.496718] 
[   18.496865] Allocated by task 225:
[   18.496899]  kasan_save_stack+0x3c/0x68
[   18.497430]  kasan_save_track+0x20/0x40
[   18.497639]  kasan_save_alloc_info+0x40/0x58
[   18.498348]  __kasan_mempool_unpoison_object+0xbc/0x180
[   18.498393]  remove_element+0x16c/0x1f8
[   18.498435]  mempool_alloc_preallocated+0x58/0xc0
[   18.499244]  mempool_oob_right_helper+0x98/0x2f0
[   18.500004]  mempool_slab_oob_right+0xc0/0x118
[   18.500064]  kunit_try_run_case+0x170/0x3f0
[   18.500105]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.500987]  kthread+0x328/0x630
[   18.501033]  ret_from_fork+0x10/0x20
[   18.501070] 
[   18.502315] The buggy address belongs to the object at fff00000c76af240
[   18.502315]  which belongs to the cache test_cache of size 123
[   18.502917] The buggy address is located 0 bytes to the right of
[   18.502917]  allocated 123-byte region [fff00000c76af240, fff00000c76af2bb)
[   18.503446] 
[   18.503632] The buggy address belongs to the physical page:
[   18.503965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076af
[   18.504450] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.504632] page_type: f5(slab)
[   18.504676] raw: 0bfffe0000000000 fff00000c6475140 dead000000000122 0000000000000000
[   18.504727] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   18.505750] page dumped because: kasan: bad access detected
[   18.505868] 
[   18.506159] Memory state around the buggy address:
[   18.506199]  fff00000c76af180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.506245]  fff00000c76af200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   18.507068] >fff00000c76af280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   18.507554]                                         ^
[   18.507939]  fff00000c76af300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.508456]  fff00000c76af380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.508740] ==================================================================
[   18.461759] ==================================================================
[   18.461821] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.461881] Read of size 1 at addr fff00000c77d2001 by task kunit_try_catch/223
[   18.461931] 
[   18.461966] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   18.462053] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.462078] Hardware name: linux,dummy-virt (DT)
[   18.462111] Call trace:
[   18.462150]  show_stack+0x20/0x38 (C)
[   18.462203]  dump_stack_lvl+0x8c/0xd0
[   18.462250]  print_report+0x118/0x608
[   18.462297]  kasan_report+0xdc/0x128
[   18.462343]  __asan_report_load1_noabort+0x20/0x30
[   18.462394]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.462818]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   18.462893]  kunit_try_run_case+0x170/0x3f0
[   18.463010]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.463073]  kthread+0x328/0x630
[   18.463132]  ret_from_fork+0x10/0x20
[   18.463182] 
[   18.463204] The buggy address belongs to the physical page:
[   18.463454] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d0
[   18.463523] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.463641] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.463747] page_type: f8(unknown)
[   18.463787] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.463837] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.463886] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.464132] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.464257] head: 0bfffe0000000002 ffffc1ffc31df401 00000000ffffffff 00000000ffffffff
[   18.464400] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.464461] page dumped because: kasan: bad access detected
[   18.464493] 
[   18.464519] Memory state around the buggy address:
[   18.464588]  fff00000c77d1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.464631]  fff00000c77d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.464673] >fff00000c77d2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.464711]                    ^
[   18.464776]  fff00000c77d2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.464853]  fff00000c77d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.464970] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zerdbOsDmJGhDOOfcn5MGLINr4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zerdbOsDmJGhDOOfcn5MGLINr4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/Image.gz
sha256sum	89f9acb15fbf6e84801bacbda6894745389368cc1918c11b82840929e5945e84

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/modules.tar.xz
sha256sum	5b8f2c09ed37ecf5f0d0ccdea1b4979c0eea6c192632c1613f6c12550875e5c5

durations

tests

boot	0
kunit	180.51

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   14.019152] ==================================================================
[   14.019566] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   14.019840] Read of size 1 at addr ffff8881032002bb by task kunit_try_catch/242
[   14.020152] 
[   14.020414] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   14.020460] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.020472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.020493] Call Trace:
[   14.020505]  <TASK>
[   14.020520]  dump_stack_lvl+0x73/0xb0
[   14.020553]  print_report+0xd1/0x650
[   14.020575]  ? __virt_addr_valid+0x1db/0x2d0
[   14.020599]  ? mempool_oob_right_helper+0x318/0x380
[   14.020639]  ? kasan_complete_mode_report_info+0x2a/0x200
[   14.020663]  ? mempool_oob_right_helper+0x318/0x380
[   14.020687]  kasan_report+0x141/0x180
[   14.020720]  ? mempool_oob_right_helper+0x318/0x380
[   14.020749]  __asan_report_load1_noabort+0x18/0x20
[   14.020774]  mempool_oob_right_helper+0x318/0x380
[   14.020798]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   14.020827]  ? irqentry_exit+0x2a/0x60
[   14.020854]  mempool_slab_oob_right+0xed/0x140
[   14.020879]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   14.020905]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   14.020931]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   14.020957]  ? __pfx_mempool_free_slab+0x10/0x10
[   14.020984]  ? __pfx_read_tsc+0x10/0x10
[   14.021008]  ? ktime_get_ts64+0x86/0x230
[   14.021064]  kunit_try_run_case+0x1a5/0x480
[   14.021090]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.021114]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.021152]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.021219]  ? __kthread_parkme+0x82/0x180
[   14.021567]  ? preempt_count_sub+0x50/0x80
[   14.021592]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.021616]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.021660]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.021686]  kthread+0x337/0x6f0
[   14.021718]  ? trace_preempt_on+0x20/0xc0
[   14.021744]  ? __pfx_kthread+0x10/0x10
[   14.021765]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.021788]  ? calculate_sigpending+0x7b/0xa0
[   14.021811]  ? __pfx_kthread+0x10/0x10
[   14.021833]  ret_from_fork+0x116/0x1d0
[   14.021852]  ? __pfx_kthread+0x10/0x10
[   14.021873]  ret_from_fork_asm+0x1a/0x30
[   14.021903]  </TASK>
[   14.021914] 
[   14.035409] Allocated by task 242:
[   14.035538]  kasan_save_stack+0x45/0x70
[   14.035679]  kasan_save_track+0x18/0x40
[   14.036064]  kasan_save_alloc_info+0x3b/0x50
[   14.036500]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   14.037081]  remove_element+0x11e/0x190
[   14.037471]  mempool_alloc_preallocated+0x4d/0x90
[   14.037926]  mempool_oob_right_helper+0x8a/0x380
[   14.038449]  mempool_slab_oob_right+0xed/0x140
[   14.038920]  kunit_try_run_case+0x1a5/0x480
[   14.039393]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.039879]  kthread+0x337/0x6f0
[   14.039999]  ret_from_fork+0x116/0x1d0
[   14.040175]  ret_from_fork_asm+0x1a/0x30
[   14.040624] 
[   14.040795] The buggy address belongs to the object at ffff888103200240
[   14.040795]  which belongs to the cache test_cache of size 123
[   14.041895] The buggy address is located 0 bytes to the right of
[   14.041895]  allocated 123-byte region [ffff888103200240, ffff8881032002bb)
[   14.042381] 
[   14.042612] The buggy address belongs to the physical page:
[   14.042889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103200
[   14.043389] flags: 0x200000000000000(node=0|zone=2)
[   14.043894] page_type: f5(slab)
[   14.044252] raw: 0200000000000000 ffff8881031f2500 dead000000000122 0000000000000000
[   14.044658] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   14.044890] page dumped because: kasan: bad access detected
[   14.045085] 
[   14.045244] Memory state around the buggy address:
[   14.045697]  ffff888103200180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.046371]  ffff888103200200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   14.047019] >ffff888103200280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   14.047649]                                         ^
[   14.048065]  ffff888103200300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.048457]  ffff888103200380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.048666] ==================================================================
[   13.961794] ==================================================================
[   13.962284] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.962639] Read of size 1 at addr ffff8881031dbf73 by task kunit_try_catch/238
[   13.962947] 
[   13.963073] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.963123] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.963188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.963212] Call Trace:
[   13.963227]  <TASK>
[   13.963246]  dump_stack_lvl+0x73/0xb0
[   13.963279]  print_report+0xd1/0x650
[   13.963302]  ? __virt_addr_valid+0x1db/0x2d0
[   13.963329]  ? mempool_oob_right_helper+0x318/0x380
[   13.963352]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.963376]  ? mempool_oob_right_helper+0x318/0x380
[   13.963401]  kasan_report+0x141/0x180
[   13.963422]  ? mempool_oob_right_helper+0x318/0x380
[   13.963451]  __asan_report_load1_noabort+0x18/0x20
[   13.963477]  mempool_oob_right_helper+0x318/0x380
[   13.963502]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.963528]  ? ret_from_fork+0x116/0x1d0
[   13.963548]  ? kthread+0x337/0x6f0
[   13.963569]  ? ret_from_fork_asm+0x1a/0x30
[   13.963594]  ? mempool_alloc_preallocated+0x5b/0x90
[   13.963622]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.963646]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   13.963673]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.963697]  ? __pfx_mempool_kfree+0x10/0x10
[   13.963737]  ? __pfx_read_tsc+0x10/0x10
[   13.963758]  ? ktime_get_ts64+0x86/0x230
[   13.963785]  kunit_try_run_case+0x1a5/0x480
[   13.963811]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.963834]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.963860]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.963883]  ? __kthread_parkme+0x82/0x180
[   13.963903]  ? preempt_count_sub+0x50/0x80
[   13.963928]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.963952]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.963977]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.964002]  kthread+0x337/0x6f0
[   13.964021]  ? trace_preempt_on+0x20/0xc0
[   13.964046]  ? __pfx_kthread+0x10/0x10
[   13.964066]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.964145]  ? calculate_sigpending+0x7b/0xa0
[   13.964172]  ? __pfx_kthread+0x10/0x10
[   13.964193]  ret_from_fork+0x116/0x1d0
[   13.964212]  ? __pfx_kthread+0x10/0x10
[   13.964233]  ret_from_fork_asm+0x1a/0x30
[   13.964264]  </TASK>
[   13.964276] 
[   13.973899] Allocated by task 238:
[   13.974737]  kasan_save_stack+0x45/0x70
[   13.974928]  kasan_save_track+0x18/0x40
[   13.975119]  kasan_save_alloc_info+0x3b/0x50
[   13.975438]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.975679]  remove_element+0x11e/0x190
[   13.975874]  mempool_alloc_preallocated+0x4d/0x90
[   13.976167]  mempool_oob_right_helper+0x8a/0x380
[   13.976361]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.976604]  kunit_try_run_case+0x1a5/0x480
[   13.976808]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.977095]  kthread+0x337/0x6f0
[   13.977284]  ret_from_fork+0x116/0x1d0
[   13.977439]  ret_from_fork_asm+0x1a/0x30
[   13.977636] 
[   13.977722] The buggy address belongs to the object at ffff8881031dbf00
[   13.977722]  which belongs to the cache kmalloc-128 of size 128
[   13.978832] The buggy address is located 0 bytes to the right of
[   13.978832]  allocated 115-byte region [ffff8881031dbf00, ffff8881031dbf73)
[   13.980189] 
[   13.980292] The buggy address belongs to the physical page:
[   13.980627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031db
[   13.981119] flags: 0x200000000000000(node=0|zone=2)
[   13.981316] page_type: f5(slab)
[   13.981493] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.981950] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   13.982428] page dumped because: kasan: bad access detected
[   13.982646] 
[   13.982759] Memory state around the buggy address:
[   13.982972]  ffff8881031dbe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.983601]  ffff8881031dbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.983971] >ffff8881031dbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.984365]                                                              ^
[   13.984753]  ffff8881031dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.985178]  ffff8881031dc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.985526] ==================================================================
[   13.988555] ==================================================================
[   13.989489] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.989841] Read of size 1 at addr ffff88810398e001 by task kunit_try_catch/240
[   13.990619] 
[   13.990748] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   13.990970] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.990987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.991010] Call Trace:
[   13.991146]  <TASK>
[   13.991165]  dump_stack_lvl+0x73/0xb0
[   13.991199]  print_report+0xd1/0x650
[   13.991221]  ? __virt_addr_valid+0x1db/0x2d0
[   13.991243]  ? mempool_oob_right_helper+0x318/0x380
[   13.991266]  ? kasan_addr_to_slab+0x11/0xa0
[   13.991287]  ? mempool_oob_right_helper+0x318/0x380
[   13.991311]  kasan_report+0x141/0x180
[   13.991333]  ? mempool_oob_right_helper+0x318/0x380
[   13.991361]  __asan_report_load1_noabort+0x18/0x20
[   13.991386]  mempool_oob_right_helper+0x318/0x380
[   13.991411]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.991438]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.991462]  ? finish_task_switch.isra.0+0x153/0x700
[   13.991489]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   13.991514]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.991543]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.991567]  ? __pfx_mempool_kfree+0x10/0x10
[   13.991591]  ? __pfx_read_tsc+0x10/0x10
[   13.991612]  ? ktime_get_ts64+0x86/0x230
[   13.991636]  kunit_try_run_case+0x1a5/0x480
[   13.991661]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.991683]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.991722]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.991746]  ? __kthread_parkme+0x82/0x180
[   13.991767]  ? preempt_count_sub+0x50/0x80
[   13.991790]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.991814]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.991838]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.991863]  kthread+0x337/0x6f0
[   13.991883]  ? trace_preempt_on+0x20/0xc0
[   13.991907]  ? __pfx_kthread+0x10/0x10
[   13.991927]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.991948]  ? calculate_sigpending+0x7b/0xa0
[   13.991972]  ? __pfx_kthread+0x10/0x10
[   13.991994]  ret_from_fork+0x116/0x1d0
[   13.992012]  ? __pfx_kthread+0x10/0x10
[   13.992043]  ret_from_fork_asm+0x1a/0x30
[   13.992074]  </TASK>
[   13.992084] 
[   14.004204] The buggy address belongs to the physical page:
[   14.004479] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398c
[   14.005237] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   14.005567] flags: 0x200000000000040(head|node=0|zone=2)
[   14.005983] page_type: f8(unknown)
[   14.006267] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.006744] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.007254] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.007565] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.008099] head: 0200000000000002 ffffea00040e6301 00000000ffffffff 00000000ffffffff
[   14.008567] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   14.009047] page dumped because: kasan: bad access detected
[   14.009450] 
[   14.009576] Memory state around the buggy address:
[   14.009777]  ffff88810398df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.010580]  ffff88810398df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.011021] >ffff88810398e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.011369]                    ^
[   14.011716]  ffff88810398e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.012168]  ffff88810398e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.012643] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zereWNnRLZAeOdMUNpobIiLjyq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zereWNnRLZAeOdMUNpobIiLjyq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/bzImage
sha256sum	268854fffad98cae17f08a82775371eb2820b0ac8cc4163845be9ad2651ac2eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/modules.tar.xz
sha256sum	3fdcd4639617aa7b9c8fff27fe84557c223c48cd8b5930857481938554180465

durations

tests

boot	0
kunit	211.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit