lkft/linux-mainline-master - v6.16-rc6-121-g6832a9317eee - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 17, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.578453] ==================================================================
[   18.578544] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.578623] Read of size 1 at addr fff00000c6691d73 by task kunit_try_catch/221
[   18.578673] 
[   18.578716] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.578800] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.578827] Hardware name: linux,dummy-virt (DT)
[   18.578876] Call trace:
[   18.578902]  show_stack+0x20/0x38 (C)
[   18.578957]  dump_stack_lvl+0x8c/0xd0
[   18.579007]  print_report+0x118/0x5d0
[   18.579054]  kasan_report+0xdc/0x128
[   18.579097]  __asan_report_load1_noabort+0x20/0x30
[   18.579147]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.579194]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.579247]  kunit_try_run_case+0x170/0x3f0
[   18.579297]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.579347]  kthread+0x328/0x630
[   18.579389]  ret_from_fork+0x10/0x20
[   18.579437] 
[   18.579456] Allocated by task 221:
[   18.579487]  kasan_save_stack+0x3c/0x68
[   18.579527]  kasan_save_track+0x20/0x40
[   18.579565]  kasan_save_alloc_info+0x40/0x58
[   18.579604]  __kasan_mempool_unpoison_object+0x11c/0x180
[   18.579648]  remove_element+0x130/0x1f8
[   18.579685]  mempool_alloc_preallocated+0x58/0xc0
[   18.579725]  mempool_oob_right_helper+0x98/0x2f0
[   18.580281]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.580333]  kunit_try_run_case+0x170/0x3f0
[   18.580374]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.580417]  kthread+0x328/0x630
[   18.580449]  ret_from_fork+0x10/0x20
[   18.580486] 
[   18.580507] The buggy address belongs to the object at fff00000c6691d00
[   18.580507]  which belongs to the cache kmalloc-128 of size 128
[   18.580565] The buggy address is located 0 bytes to the right of
[   18.580565]  allocated 115-byte region [fff00000c6691d00, fff00000c6691d73)
[   18.580627] 
[   18.580650] The buggy address belongs to the physical page:
[   18.580682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106691
[   18.580738] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.580788] page_type: f5(slab)
[   18.580832] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.580896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.580937] page dumped because: kasan: bad access detected
[   18.580966] 
[   18.580984] Memory state around the buggy address:
[   18.581019]  fff00000c6691c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.581063]  fff00000c6691c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.581106] >fff00000c6691d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.581144]                                                              ^
[   18.581183]  fff00000c6691d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.581225]  fff00000c6691e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.581263] ==================================================================
[   18.611515] ==================================================================
[   18.611608] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.611689] Read of size 1 at addr fff00000c79ae001 by task kunit_try_catch/223
[   18.611752] 
[   18.611923] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.612014] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.612042] Hardware name: linux,dummy-virt (DT)
[   18.612077] Call trace:
[   18.612103]  show_stack+0x20/0x38 (C)
[   18.612158]  dump_stack_lvl+0x8c/0xd0
[   18.612208]  print_report+0x118/0x5d0
[   18.612253]  kasan_report+0xdc/0x128
[   18.612299]  __asan_report_load1_noabort+0x20/0x30
[   18.612348]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.612396]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   18.612445]  kunit_try_run_case+0x170/0x3f0
[   18.612495]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.612546]  kthread+0x328/0x630
[   18.612588]  ret_from_fork+0x10/0x20
[   18.612639] 
[   18.612664] The buggy address belongs to the physical page:
[   18.612698] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079ac
[   18.612756] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.612803] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.612871] page_type: f8(unknown)
[   18.612914] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.612963] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.613014] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.613062] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.613111] head: 0bfffe0000000002 ffffc1ffc31e6b01 00000000ffffffff 00000000ffffffff
[   18.613159] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.613199] page dumped because: kasan: bad access detected
[   18.613230] 
[   18.613248] Memory state around the buggy address:
[   18.613283]  fff00000c79adf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.613326]  fff00000c79adf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.613367] >fff00000c79ae000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.613404]                    ^
[   18.613431]  fff00000c79ae080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.613472]  fff00000c79ae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.613509] ==================================================================
[   18.630829] ==================================================================
[   18.631164] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.631244] Read of size 1 at addr fff00000c78d52bb by task kunit_try_catch/225
[   18.631526] 
[   18.631596] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.631684] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.631712] Hardware name: linux,dummy-virt (DT)
[   18.632192] Call trace:
[   18.632264]  show_stack+0x20/0x38 (C)
[   18.632407]  dump_stack_lvl+0x8c/0xd0
[   18.632484]  print_report+0x118/0x5d0
[   18.632541]  kasan_report+0xdc/0x128
[   18.632586]  __asan_report_load1_noabort+0x20/0x30
[   18.632647]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.632706]  mempool_slab_oob_right+0xc0/0x118
[   18.632767]  kunit_try_run_case+0x170/0x3f0
[   18.632817]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.632891]  kthread+0x328/0x630
[   18.632934]  ret_from_fork+0x10/0x20
[   18.632997] 
[   18.633036] Allocated by task 225:
[   18.633072]  kasan_save_stack+0x3c/0x68
[   18.633136]  kasan_save_track+0x20/0x40
[   18.633174]  kasan_save_alloc_info+0x40/0x58
[   18.633224]  __kasan_mempool_unpoison_object+0xbc/0x180
[   18.633276]  remove_element+0x16c/0x1f8
[   18.633321]  mempool_alloc_preallocated+0x58/0xc0
[   18.633358]  mempool_oob_right_helper+0x98/0x2f0
[   18.633395]  mempool_slab_oob_right+0xc0/0x118
[   18.633433]  kunit_try_run_case+0x170/0x3f0
[   18.633513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.633919]  kthread+0x328/0x630
[   18.634109]  ret_from_fork+0x10/0x20
[   18.634253] 
[   18.634508] The buggy address belongs to the object at fff00000c78d5240
[   18.634508]  which belongs to the cache test_cache of size 123
[   18.634613] The buggy address is located 0 bytes to the right of
[   18.634613]  allocated 123-byte region [fff00000c78d5240, fff00000c78d52bb)
[   18.634775] 
[   18.635094] The buggy address belongs to the physical page:
[   18.635311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d5
[   18.635502] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.635600] page_type: f5(slab)
[   18.635943] raw: 0bfffe0000000000 fff00000c5875640 dead000000000122 0000000000000000
[   18.636556] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   18.636654] page dumped because: kasan: bad access detected
[   18.636832] 
[   18.637040] Memory state around the buggy address:
[   18.637101]  fff00000c78d5180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.637320]  fff00000c78d5200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   18.637643] >fff00000c78d5280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   18.637904]                                         ^
[   18.638063]  fff00000c78d5300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.638174]  fff00000c78d5380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.638300] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T6gpYLeLGmQWpD00AWQfumjV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T6gpYLeLGmQWpD00AWQfumjV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/Image.gz
sha256sum	1e8a96425b394266b80f5a87f3e4c17a0920d75b386a58c4ea821fbec08b62cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/modules.tar.xz
sha256sum	2d1b6550fa3f9a7bcd72ff05007bba0c70779bc2a8f1888e75b7d4efc5d9e554

durations

tests

boot	0
kunit	176.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.779103] ==================================================================
[   13.779629] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.779993] Read of size 1 at addr ffff888102f532bb by task kunit_try_catch/242
[   13.780373] 
[   13.780499] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.780572] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.780584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.780607] Call Trace:
[   13.780619]  <TASK>
[   13.780636]  dump_stack_lvl+0x73/0xb0
[   13.780687]  print_report+0xd1/0x610
[   13.780710]  ? __virt_addr_valid+0x1db/0x2d0
[   13.780734]  ? mempool_oob_right_helper+0x318/0x380
[   13.780758]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.780781]  ? mempool_oob_right_helper+0x318/0x380
[   13.780806]  kasan_report+0x141/0x180
[   13.780829]  ? mempool_oob_right_helper+0x318/0x380
[   13.780858]  __asan_report_load1_noabort+0x18/0x20
[   13.780899]  mempool_oob_right_helper+0x318/0x380
[   13.780925]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.780949]  ? update_load_avg+0x1be/0x21b0
[   13.780977]  ? finish_task_switch.isra.0+0x153/0x700
[   13.781004]  mempool_slab_oob_right+0xed/0x140
[   13.781028]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   13.781065]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   13.781090]  ? __pfx_mempool_free_slab+0x10/0x10
[   13.781116]  ? __pfx_read_tsc+0x10/0x10
[   13.781138]  ? ktime_get_ts64+0x86/0x230
[   13.781163]  kunit_try_run_case+0x1a5/0x480
[   13.781189]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.781211]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.781256]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.781281]  ? __kthread_parkme+0x82/0x180
[   13.781301]  ? preempt_count_sub+0x50/0x80
[   13.781325]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.781349]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.781373]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.781397]  kthread+0x337/0x6f0
[   13.781416]  ? trace_preempt_on+0x20/0xc0
[   13.781440]  ? __pfx_kthread+0x10/0x10
[   13.781460]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.781482]  ? calculate_sigpending+0x7b/0xa0
[   13.781506]  ? __pfx_kthread+0x10/0x10
[   13.781527]  ret_from_fork+0x116/0x1d0
[   13.781546]  ? __pfx_kthread+0x10/0x10
[   13.781567]  ret_from_fork_asm+0x1a/0x30
[   13.781600]  </TASK>
[   13.781611] 
[   13.789731] Allocated by task 242:
[   13.789924]  kasan_save_stack+0x45/0x70
[   13.790152]  kasan_save_track+0x18/0x40
[   13.790375]  kasan_save_alloc_info+0x3b/0x50
[   13.790599]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   13.790830]  remove_element+0x11e/0x190
[   13.791021]  mempool_alloc_preallocated+0x4d/0x90
[   13.791299]  mempool_oob_right_helper+0x8a/0x380
[   13.791561]  mempool_slab_oob_right+0xed/0x140
[   13.791780]  kunit_try_run_case+0x1a5/0x480
[   13.792015]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.792277]  kthread+0x337/0x6f0
[   13.792446]  ret_from_fork+0x116/0x1d0
[   13.792631]  ret_from_fork_asm+0x1a/0x30
[   13.792827] 
[   13.792897] The buggy address belongs to the object at ffff888102f53240
[   13.792897]  which belongs to the cache test_cache of size 123
[   13.793697] The buggy address is located 0 bytes to the right of
[   13.793697]  allocated 123-byte region [ffff888102f53240, ffff888102f532bb)
[   13.794217] 
[   13.794294] The buggy address belongs to the physical page:
[   13.794480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f53
[   13.794836] flags: 0x200000000000000(node=0|zone=2)
[   13.795217] page_type: f5(slab)
[   13.795345] raw: 0200000000000000 ffff888101a308c0 dead000000000122 0000000000000000
[   13.795578] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   13.795917] page dumped because: kasan: bad access detected
[   13.796220] 
[   13.796317] Memory state around the buggy address:
[   13.796523]  ffff888102f53180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.796834]  ffff888102f53200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   13.797091] >ffff888102f53280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   13.797434]                                         ^
[   13.797760]  ffff888102f53300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.798097]  ffff888102f53380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.798359] ==================================================================
[   13.722633] ==================================================================
[   13.723191] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.723523] Read of size 1 at addr ffff888102f42473 by task kunit_try_catch/238
[   13.723906] 
[   13.724020] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.724082] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.724095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.724119] Call Trace:
[   13.724132]  <TASK>
[   13.724152]  dump_stack_lvl+0x73/0xb0
[   13.724186]  print_report+0xd1/0x610
[   13.724209]  ? __virt_addr_valid+0x1db/0x2d0
[   13.724235]  ? mempool_oob_right_helper+0x318/0x380
[   13.724259]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.724283]  ? mempool_oob_right_helper+0x318/0x380
[   13.724306]  kasan_report+0x141/0x180
[   13.724329]  ? mempool_oob_right_helper+0x318/0x380
[   13.724358]  __asan_report_load1_noabort+0x18/0x20
[   13.724383]  mempool_oob_right_helper+0x318/0x380
[   13.724408]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.724434]  ? __kasan_check_write+0x18/0x20
[   13.724453]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.724477]  ? finish_task_switch.isra.0+0x153/0x700
[   13.724504]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.724528]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   13.724555]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.724580]  ? __pfx_mempool_kfree+0x10/0x10
[   13.724604]  ? __pfx_read_tsc+0x10/0x10
[   13.724626]  ? ktime_get_ts64+0x86/0x230
[   13.724652]  kunit_try_run_case+0x1a5/0x480
[   13.724680]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.724702]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.724728]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.724770]  ? __kthread_parkme+0x82/0x180
[   13.724794]  ? preempt_count_sub+0x50/0x80
[   13.724872]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.724899]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.724924]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.724948]  kthread+0x337/0x6f0
[   13.724968]  ? trace_preempt_on+0x20/0xc0
[   13.724993]  ? __pfx_kthread+0x10/0x10
[   13.725013]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.725035]  ? calculate_sigpending+0x7b/0xa0
[   13.725073]  ? __pfx_kthread+0x10/0x10
[   13.725095]  ret_from_fork+0x116/0x1d0
[   13.725115]  ? __pfx_kthread+0x10/0x10
[   13.725136]  ret_from_fork_asm+0x1a/0x30
[   13.725170]  </TASK>
[   13.725182] 
[   13.734683] Allocated by task 238:
[   13.734879]  kasan_save_stack+0x45/0x70
[   13.735287]  kasan_save_track+0x18/0x40
[   13.735707]  kasan_save_alloc_info+0x3b/0x50
[   13.735959]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.736404]  remove_element+0x11e/0x190
[   13.736812]  mempool_alloc_preallocated+0x4d/0x90
[   13.737178]  mempool_oob_right_helper+0x8a/0x380
[   13.737393]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.737634]  kunit_try_run_case+0x1a5/0x480
[   13.737839]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.738303]  kthread+0x337/0x6f0
[   13.738453]  ret_from_fork+0x116/0x1d0
[   13.738736]  ret_from_fork_asm+0x1a/0x30
[   13.738907] 
[   13.739030] The buggy address belongs to the object at ffff888102f42400
[   13.739030]  which belongs to the cache kmalloc-128 of size 128
[   13.739547] The buggy address is located 0 bytes to the right of
[   13.739547]  allocated 115-byte region [ffff888102f42400, ffff888102f42473)
[   13.740396] 
[   13.740480] The buggy address belongs to the physical page:
[   13.740813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f42
[   13.741313] flags: 0x200000000000000(node=0|zone=2)
[   13.741561] page_type: f5(slab)
[   13.741866] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.742261] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.742594] page dumped because: kasan: bad access detected
[   13.742868] 
[   13.742985] Memory state around the buggy address:
[   13.743221]  ffff888102f42300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.743682]  ffff888102f42380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.744250] >ffff888102f42400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.744538]                                                              ^
[   13.745001]  ffff888102f42480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.745337]  ffff888102f42500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.745678] ==================================================================
[   13.749179] ==================================================================
[   13.749673] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.750445] Read of size 1 at addr ffff888103aba001 by task kunit_try_catch/240
[   13.751048] 
[   13.751305] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.751359] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.751465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.751491] Call Trace:
[   13.751507]  <TASK>
[   13.751527]  dump_stack_lvl+0x73/0xb0
[   13.751563]  print_report+0xd1/0x610
[   13.751587]  ? __virt_addr_valid+0x1db/0x2d0
[   13.751610]  ? mempool_oob_right_helper+0x318/0x380
[   13.751635]  ? kasan_addr_to_slab+0x11/0xa0
[   13.751656]  ? mempool_oob_right_helper+0x318/0x380
[   13.751681]  kasan_report+0x141/0x180
[   13.751703]  ? mempool_oob_right_helper+0x318/0x380
[   13.751732]  __asan_report_load1_noabort+0x18/0x20
[   13.751757]  mempool_oob_right_helper+0x318/0x380
[   13.751782]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.751808]  ? __kasan_check_write+0x18/0x20
[   13.751841]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.751864]  ? finish_task_switch.isra.0+0x153/0x700
[   13.751891]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   13.751918]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.751946]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.751971]  ? __pfx_mempool_kfree+0x10/0x10
[   13.751997]  ? __pfx_read_tsc+0x10/0x10
[   13.752018]  ? ktime_get_ts64+0x86/0x230
[   13.752044]  kunit_try_run_case+0x1a5/0x480
[   13.752085]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.752106]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.752132]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.752156]  ? __kthread_parkme+0x82/0x180
[   13.752177]  ? preempt_count_sub+0x50/0x80
[   13.752200]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.752224]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.752248]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.752272]  kthread+0x337/0x6f0
[   13.752290]  ? trace_preempt_on+0x20/0xc0
[   13.752314]  ? __pfx_kthread+0x10/0x10
[   13.752335]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.752355]  ? calculate_sigpending+0x7b/0xa0
[   13.752380]  ? __pfx_kthread+0x10/0x10
[   13.752401]  ret_from_fork+0x116/0x1d0
[   13.752420]  ? __pfx_kthread+0x10/0x10
[   13.752441]  ret_from_fork_asm+0x1a/0x30
[   13.752474]  </TASK>
[   13.752484] 
[   13.765428] The buggy address belongs to the physical page:
[   13.765808] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab8
[   13.766173] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.766496] flags: 0x200000000000040(head|node=0|zone=2)
[   13.767125] page_type: f8(unknown)
[   13.767380] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.767918] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.768363] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.768911] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.769258] head: 0200000000000002 ffffea00040eae01 00000000ffffffff 00000000ffffffff
[   13.770000] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.770363] page dumped because: kasan: bad access detected
[   13.770731] 
[   13.770992] Memory state around the buggy address:
[   13.771236]  ffff888103ab9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.771635]  ffff888103ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.772117] >ffff888103aba000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.772452]                    ^
[   13.772822]  ffff888103aba080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.773303]  ffff888103aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.773744] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T7xoEYOckNLikE6jjEAHHRA9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T7xoEYOckNLikE6jjEAHHRA9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/bzImage
sha256sum	d878b5e59deae208baa4e6d482e984445ae0ec4af3b5020650447f9d4a2c4b26

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/modules.tar.xz
sha256sum	291fe06cceb324f9770dcb63da3c986fce8e7a389aa66d36243b066e98ed6839

durations

tests

boot	0
kunit	276.12

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit