lkft/linux-mainline-master - v6.16-rc6-281-gf4a40a4282f4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 20, 2025, 11:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.246644] ==================================================================
[   17.246737] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   17.246798] Read of size 1 at addr fff00000c7822001 by task kunit_try_catch/223
[   17.246851] 
[   17.246886] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.246968] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.246994] Hardware name: linux,dummy-virt (DT)
[   17.247050] Call trace:
[   17.247076]  show_stack+0x20/0x38 (C)
[   17.247126]  dump_stack_lvl+0x8c/0xd0
[   17.247174]  print_report+0x118/0x5d0
[   17.247222]  kasan_report+0xdc/0x128
[   17.247270]  __asan_report_load1_noabort+0x20/0x30
[   17.247320]  mempool_oob_right_helper+0x2ac/0x2f0
[   17.247369]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   17.247419]  kunit_try_run_case+0x170/0x3f0
[   17.247469]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.247519]  kthread+0x328/0x630
[   17.247561]  ret_from_fork+0x10/0x20
[   17.247608] 
[   17.247628] The buggy address belongs to the physical page:
[   17.247673] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107820
[   17.247727] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.247773] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.247828] page_type: f8(unknown)
[   17.247870] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.247921] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.247969] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.248017] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.248065] head: 0bfffe0000000002 ffffc1ffc31e0801 00000000ffffffff 00000000ffffffff
[   17.248114] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.248154] page dumped because: kasan: bad access detected
[   17.248185] 
[   17.248203] Memory state around the buggy address:
[   17.248235]  fff00000c7821f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.248278]  fff00000c7821f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.248320] >fff00000c7822000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.248358]                    ^
[   17.248392]  fff00000c7822080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.248434]  fff00000c7822100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.248471] ==================================================================
[   17.275878] ==================================================================
[   17.275957] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   17.276022] Read of size 1 at addr fff00000c780f2bb by task kunit_try_catch/225
[   17.276073] 
[   17.276110] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.276193] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.276221] Hardware name: linux,dummy-virt (DT)
[   17.276254] Call trace:
[   17.276282]  show_stack+0x20/0x38 (C)
[   17.276331]  dump_stack_lvl+0x8c/0xd0
[   17.276385]  print_report+0x118/0x5d0
[   17.276432]  kasan_report+0xdc/0x128
[   17.276479]  __asan_report_load1_noabort+0x20/0x30
[   17.276532]  mempool_oob_right_helper+0x2ac/0x2f0
[   17.276581]  mempool_slab_oob_right+0xc0/0x118
[   17.276629]  kunit_try_run_case+0x170/0x3f0
[   17.276691]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.276743]  kthread+0x328/0x630
[   17.276787]  ret_from_fork+0x10/0x20
[   17.276836] 
[   17.276855] Allocated by task 225:
[   17.276886]  kasan_save_stack+0x3c/0x68
[   17.276927]  kasan_save_track+0x20/0x40
[   17.276964]  kasan_save_alloc_info+0x40/0x58
[   17.277005]  __kasan_mempool_unpoison_object+0xbc/0x180
[   17.277046]  remove_element+0x16c/0x1f8
[   17.277084]  mempool_alloc_preallocated+0x58/0xc0
[   17.277126]  mempool_oob_right_helper+0x98/0x2f0
[   17.277165]  mempool_slab_oob_right+0xc0/0x118
[   17.277203]  kunit_try_run_case+0x170/0x3f0
[   17.277241]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.277282]  kthread+0x328/0x630
[   17.277315]  ret_from_fork+0x10/0x20
[   17.277351] 
[   17.277371] The buggy address belongs to the object at fff00000c780f240
[   17.277371]  which belongs to the cache test_cache of size 123
[   17.277428] The buggy address is located 0 bytes to the right of
[   17.277428]  allocated 123-byte region [fff00000c780f240, fff00000c780f2bb)
[   17.277491] 
[   17.277512] The buggy address belongs to the physical page:
[   17.277544] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10780f
[   17.277597] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.277648] page_type: f5(slab)
[   17.277696] raw: 0bfffe0000000000 fff00000c4370c80 dead000000000122 0000000000000000
[   17.277746] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   17.277787] page dumped because: kasan: bad access detected
[   17.277818] 
[   17.277836] Memory state around the buggy address:
[   17.277870]  fff00000c780f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.277913]  fff00000c780f200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   17.277955] >fff00000c780f280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   17.277993]                                         ^
[   17.278027]  fff00000c780f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.278068]  fff00000c780f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.278107] ==================================================================
[   17.215344] ==================================================================
[   17.215445] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   17.215524] Read of size 1 at addr fff00000c7001173 by task kunit_try_catch/221
[   17.215578] 
[   17.215623] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   17.215727] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.215754] Hardware name: linux,dummy-virt (DT)
[   17.215789] Call trace:
[   17.215814]  show_stack+0x20/0x38 (C)
[   17.215868]  dump_stack_lvl+0x8c/0xd0
[   17.215921]  print_report+0x118/0x5d0
[   17.215967]  kasan_report+0xdc/0x128
[   17.216013]  __asan_report_load1_noabort+0x20/0x30
[   17.216062]  mempool_oob_right_helper+0x2ac/0x2f0
[   17.216111]  mempool_kmalloc_oob_right+0xc4/0x120
[   17.216160]  kunit_try_run_case+0x170/0x3f0
[   17.216211]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.216264]  kthread+0x328/0x630
[   17.216306]  ret_from_fork+0x10/0x20
[   17.216356] 
[   17.216375] Allocated by task 221:
[   17.216408]  kasan_save_stack+0x3c/0x68
[   17.216452]  kasan_save_track+0x20/0x40
[   17.216491]  kasan_save_alloc_info+0x40/0x58
[   17.216531]  __kasan_mempool_unpoison_object+0x11c/0x180
[   17.216574]  remove_element+0x130/0x1f8
[   17.216611]  mempool_alloc_preallocated+0x58/0xc0
[   17.216650]  mempool_oob_right_helper+0x98/0x2f0
[   17.216699]  mempool_kmalloc_oob_right+0xc4/0x120
[   17.216737]  kunit_try_run_case+0x170/0x3f0
[   17.216776]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.216819]  kthread+0x328/0x630
[   17.216851]  ret_from_fork+0x10/0x20
[   17.216887] 
[   17.216908] The buggy address belongs to the object at fff00000c7001100
[   17.216908]  which belongs to the cache kmalloc-128 of size 128
[   17.216966] The buggy address is located 0 bytes to the right of
[   17.216966]  allocated 115-byte region [fff00000c7001100, fff00000c7001173)
[   17.217029] 
[   17.217051] The buggy address belongs to the physical page:
[   17.217084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107001
[   17.217141] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.217198] page_type: f5(slab)
[   17.217245] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.217297] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.217340] page dumped because: kasan: bad access detected
[   17.217373] 
[   17.217392] Memory state around the buggy address:
[   17.217427]  fff00000c7001000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.217471]  fff00000c7001080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.217514] >fff00000c7001100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   17.217553]                                                              ^
[   17.217595]  fff00000c7001180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.217638]  fff00000c7001200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   17.217685] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308WwJaHQwF9GiJmP1YPiPqA012

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308WwJaHQwF9GiJmP1YPiPqA012

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/Image.gz
sha256sum	4d2e0511bab027133f01b2172d6d8558efd2b45bcadc263c5cacdb0ac44741cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/modules.tar.xz
sha256sum	18d5d5576d3740ea20de31396b726912b8f91395c442996d953fc58d4a74f8e9

durations

tests

boot	0
kunit	197.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   13.725010] ==================================================================
[   13.725698] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.726193] Read of size 1 at addr ffff88810272bd73 by task kunit_try_catch/238
[   13.726615] 
[   13.726754] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.726804] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.726816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.726837] Call Trace:
[   13.726852]  <TASK>
[   13.726870]  dump_stack_lvl+0x73/0xb0
[   13.726902]  print_report+0xd1/0x610
[   13.726937]  ? __virt_addr_valid+0x1db/0x2d0
[   13.726962]  ? mempool_oob_right_helper+0x318/0x380
[   13.726984]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.727006]  ? mempool_oob_right_helper+0x318/0x380
[   13.727028]  kasan_report+0x141/0x180
[   13.727049]  ? mempool_oob_right_helper+0x318/0x380
[   13.727303]  __asan_report_load1_noabort+0x18/0x20
[   13.727335]  mempool_oob_right_helper+0x318/0x380
[   13.727361]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.727384]  ? __kasan_check_write+0x18/0x20
[   13.727403]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.727425]  ? irqentry_exit+0x2a/0x60
[   13.727446]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.727472]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.727494]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   13.727519]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.727544]  ? __pfx_mempool_kfree+0x10/0x10
[   13.727568]  ? __pfx_read_tsc+0x10/0x10
[   13.727589]  ? ktime_get_ts64+0x86/0x230
[   13.727613]  kunit_try_run_case+0x1a5/0x480
[   13.727639]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.727661]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.727700]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.727723]  ? __kthread_parkme+0x82/0x180
[   13.727743]  ? preempt_count_sub+0x50/0x80
[   13.727767]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.727790]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.727812]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.727834]  kthread+0x337/0x6f0
[   13.727853]  ? trace_preempt_on+0x20/0xc0
[   13.727876]  ? __pfx_kthread+0x10/0x10
[   13.727895]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.727926]  ? calculate_sigpending+0x7b/0xa0
[   13.727950]  ? __pfx_kthread+0x10/0x10
[   13.727971]  ret_from_fork+0x116/0x1d0
[   13.727989]  ? __pfx_kthread+0x10/0x10
[   13.728008]  ret_from_fork_asm+0x1a/0x30
[   13.728040]  </TASK>
[   13.728051] 
[   13.740367] Allocated by task 238:
[   13.740650]  kasan_save_stack+0x45/0x70
[   13.740934]  kasan_save_track+0x18/0x40
[   13.741076]  kasan_save_alloc_info+0x3b/0x50
[   13.741286]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.741501]  remove_element+0x11e/0x190
[   13.741776]  mempool_alloc_preallocated+0x4d/0x90
[   13.742006]  mempool_oob_right_helper+0x8a/0x380
[   13.742181]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.742371]  kunit_try_run_case+0x1a5/0x480
[   13.742649]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.742818]  kthread+0x337/0x6f0
[   13.743235]  ret_from_fork+0x116/0x1d0
[   13.743483]  ret_from_fork_asm+0x1a/0x30
[   13.743646] 
[   13.743718] The buggy address belongs to the object at ffff88810272bd00
[   13.743718]  which belongs to the cache kmalloc-128 of size 128
[   13.744485] The buggy address is located 0 bytes to the right of
[   13.744485]  allocated 115-byte region [ffff88810272bd00, ffff88810272bd73)
[   13.745152] 
[   13.745255] The buggy address belongs to the physical page:
[   13.745594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10272b
[   13.746003] flags: 0x200000000000000(node=0|zone=2)
[   13.746252] page_type: f5(slab)
[   13.746384] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.746691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.747086] page dumped because: kasan: bad access detected
[   13.747291] 
[   13.747511] Memory state around the buggy address:
[   13.747878]  ffff88810272bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.748171]  ffff88810272bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.748548] >ffff88810272bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.748921]                                                              ^
[   13.749195]  ffff88810272bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.749618]  ffff88810272be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.749987] ==================================================================
[   13.782587] ==================================================================
[   13.783658] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.784074] Read of size 1 at addr ffff888103af02bb by task kunit_try_catch/242
[   13.784518] 
[   13.784654] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.784700] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.784712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.784733] Call Trace:
[   13.784776]  <TASK>
[   13.784818]  dump_stack_lvl+0x73/0xb0
[   13.784848]  print_report+0xd1/0x610
[   13.784895]  ? __virt_addr_valid+0x1db/0x2d0
[   13.784928]  ? mempool_oob_right_helper+0x318/0x380
[   13.784951]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.784972]  ? mempool_oob_right_helper+0x318/0x380
[   13.784994]  kasan_report+0x141/0x180
[   13.785015]  ? mempool_oob_right_helper+0x318/0x380
[   13.785044]  __asan_report_load1_noabort+0x18/0x20
[   13.785067]  mempool_oob_right_helper+0x318/0x380
[   13.785089]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.785114]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.785135]  ? finish_task_switch.isra.0+0x153/0x700
[   13.785161]  mempool_slab_oob_right+0xed/0x140
[   13.785183]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   13.785208]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   13.785232]  ? __pfx_mempool_free_slab+0x10/0x10
[   13.785257]  ? __pfx_read_tsc+0x10/0x10
[   13.785277]  ? ktime_get_ts64+0x86/0x230
[   13.785301]  kunit_try_run_case+0x1a5/0x480
[   13.785325]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.785388]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.785415]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.785437]  ? __kthread_parkme+0x82/0x180
[   13.785457]  ? preempt_count_sub+0x50/0x80
[   13.785479]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.785502]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.785524]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.785546]  kthread+0x337/0x6f0
[   13.785565]  ? trace_preempt_on+0x20/0xc0
[   13.785586]  ? __pfx_kthread+0x10/0x10
[   13.785606]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.785626]  ? calculate_sigpending+0x7b/0xa0
[   13.785648]  ? __pfx_kthread+0x10/0x10
[   13.785669]  ret_from_fork+0x116/0x1d0
[   13.785700]  ? __pfx_kthread+0x10/0x10
[   13.785719]  ret_from_fork_asm+0x1a/0x30
[   13.785750]  </TASK>
[   13.785761] 
[   13.798324] Allocated by task 242:
[   13.798514]  kasan_save_stack+0x45/0x70
[   13.799059]  kasan_save_track+0x18/0x40
[   13.799248]  kasan_save_alloc_info+0x3b/0x50
[   13.799596]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   13.800030]  remove_element+0x11e/0x190
[   13.800189]  mempool_alloc_preallocated+0x4d/0x90
[   13.800637]  mempool_oob_right_helper+0x8a/0x380
[   13.800986]  mempool_slab_oob_right+0xed/0x140
[   13.801219]  kunit_try_run_case+0x1a5/0x480
[   13.801635]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.802074]  kthread+0x337/0x6f0
[   13.802340]  ret_from_fork+0x116/0x1d0
[   13.802849]  ret_from_fork_asm+0x1a/0x30
[   13.803144] 
[   13.803225] The buggy address belongs to the object at ffff888103af0240
[   13.803225]  which belongs to the cache test_cache of size 123
[   13.804128] The buggy address is located 0 bytes to the right of
[   13.804128]  allocated 123-byte region [ffff888103af0240, ffff888103af02bb)
[   13.804965] 
[   13.805050] The buggy address belongs to the physical page:
[   13.805300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af0
[   13.805931] flags: 0x200000000000000(node=0|zone=2)
[   13.806267] page_type: f5(slab)
[   13.806653] raw: 0200000000000000 ffff8881015acb40 dead000000000122 0000000000000000
[   13.807124] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   13.807792] page dumped because: kasan: bad access detected
[   13.808055] 
[   13.808148] Memory state around the buggy address:
[   13.808633]  ffff888103af0180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.809064]  ffff888103af0200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   13.809608] >ffff888103af0280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   13.810054]                                         ^
[   13.810424]  ffff888103af0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.810875]  ffff888103af0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.811291] ==================================================================
[   13.752866] ==================================================================
[   13.753804] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.754229] Read of size 1 at addr ffff888103abe001 by task kunit_try_catch/240
[   13.754585] 
[   13.754700] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.754742] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.754753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.754773] Call Trace:
[   13.754784]  <TASK>
[   13.754800]  dump_stack_lvl+0x73/0xb0
[   13.754828]  print_report+0xd1/0x610
[   13.754849]  ? __virt_addr_valid+0x1db/0x2d0
[   13.754871]  ? mempool_oob_right_helper+0x318/0x380
[   13.754926]  ? kasan_addr_to_slab+0x11/0xa0
[   13.754947]  ? mempool_oob_right_helper+0x318/0x380
[   13.754969]  kasan_report+0x141/0x180
[   13.754991]  ? mempool_oob_right_helper+0x318/0x380
[   13.755017]  __asan_report_load1_noabort+0x18/0x20
[   13.755041]  mempool_oob_right_helper+0x318/0x380
[   13.755074]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.755096]  ? update_load_avg+0x1be/0x21b0
[   13.755124]  ? finish_task_switch.isra.0+0x153/0x700
[   13.755167]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   13.755191]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.755217]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.755239]  ? __pfx_mempool_kfree+0x10/0x10
[   13.755263]  ? __pfx_read_tsc+0x10/0x10
[   13.755284]  ? ktime_get_ts64+0x86/0x230
[   13.755306]  kunit_try_run_case+0x1a5/0x480
[   13.755329]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.755351]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.755373]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.755395]  ? __kthread_parkme+0x82/0x180
[   13.755431]  ? preempt_count_sub+0x50/0x80
[   13.755454]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.755476]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.755498]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.755521]  kthread+0x337/0x6f0
[   13.755540]  ? trace_preempt_on+0x20/0xc0
[   13.755561]  ? __pfx_kthread+0x10/0x10
[   13.755581]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.755602]  ? calculate_sigpending+0x7b/0xa0
[   13.755624]  ? __pfx_kthread+0x10/0x10
[   13.755645]  ret_from_fork+0x116/0x1d0
[   13.755662]  ? __pfx_kthread+0x10/0x10
[   13.755681]  ret_from_fork_asm+0x1a/0x30
[   13.755710]  </TASK>
[   13.755720] 
[   13.767618] The buggy address belongs to the physical page:
[   13.768368] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103abc
[   13.769218] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.769728] flags: 0x200000000000040(head|node=0|zone=2)
[   13.769927] page_type: f8(unknown)
[   13.770056] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.770288] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.770534] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.771180] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.772077] head: 0200000000000002 ffffea00040eaf01 00000000ffffffff 00000000ffffffff
[   13.772895] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.773702] page dumped because: kasan: bad access detected
[   13.774269] 
[   13.774447] Memory state around the buggy address:
[   13.775044]  ffff888103abdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.775632]  ffff888103abdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.776152] >ffff888103abe000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.776878]                    ^
[   13.777016]  ffff888103abe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.777757]  ffff888103abe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.778201] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308Wxco0Z10DyzYIW4nOQQqgkwI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308Wxco0Z10DyzYIW4nOQQqgkwI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/bzImage
sha256sum	aa8c3294f8e6a312d0005bf4942ab46073b3db37d1a255c29f470aad8b68ac89

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/modules.tar.xz
sha256sum	3f40af07dd0ca48c872811d115b0432b5fee72cae8136e55274a0e7676f09c6e

durations

tests

boot	0
kunit	198.91

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit