lkft/linux-next-master - next-20250616 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

June 16, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   21.858033] ==================================================================
[   21.858120] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   21.858205] Read of size 1 at addr fff00000c7886001 by task kunit_try_catch/232
[   21.858270] 
[   21.858319] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   21.858425] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.858461] Hardware name: linux,dummy-virt (DT)
[   21.858499] Call trace:
[   21.858529]  show_stack+0x20/0x38 (C)
[   21.858591]  dump_stack_lvl+0x8c/0xd0
[   21.858646]  print_report+0x118/0x608
[   21.858735]  kasan_report+0xdc/0x128
[   21.858789]  __asan_report_load1_noabort+0x20/0x30
[   21.858860]  mempool_oob_right_helper+0x2ac/0x2f0
[   21.858922]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   21.858982]  kunit_try_run_case+0x170/0x3f0
[   21.859040]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.859213]  kthread+0x328/0x630
[   21.859267]  ret_from_fork+0x10/0x20
[   21.859328] 
[   21.859359] The buggy address belongs to the physical page:
[   21.859405] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107884
[   21.859470] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.859521] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.859979] page_type: f8(unknown)
[   21.860152] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.860221] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.860286] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.860345] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.860404] head: 0bfffe0000000002 ffffc1ffc31e2101 00000000ffffffff 00000000ffffffff
[   21.860577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.860629] page dumped because: kasan: bad access detected
[   21.860665] 
[   21.860695] Memory state around the buggy address:
[   21.860735]  fff00000c7885f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.860829]  fff00000c7885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.861058] >fff00000c7886000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.861118]                    ^
[   21.861160]  fff00000c7886080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.861210]  fff00000c7886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.861254] ==================================================================
[   21.871790] ==================================================================
[   21.871895] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   21.871984] Read of size 1 at addr fff00000c63ff2bb by task kunit_try_catch/234
[   21.872042] 
[   21.872238] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   21.872483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.872663] Hardware name: linux,dummy-virt (DT)
[   21.872706] Call trace:
[   21.872737]  show_stack+0x20/0x38 (C)
[   21.872809]  dump_stack_lvl+0x8c/0xd0
[   21.872876]  print_report+0x118/0x608
[   21.872926]  kasan_report+0xdc/0x128
[   21.872973]  __asan_report_load1_noabort+0x20/0x30
[   21.873193]  mempool_oob_right_helper+0x2ac/0x2f0
[   21.873342]  mempool_slab_oob_right+0xc0/0x118
[   21.873402]  kunit_try_run_case+0x170/0x3f0
[   21.873512]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.873575]  kthread+0x328/0x630
[   21.873622]  ret_from_fork+0x10/0x20
[   21.873864] 
[   21.873908] Allocated by task 234:
[   21.873952]  kasan_save_stack+0x3c/0x68
[   21.874068]  kasan_save_track+0x20/0x40
[   21.874181]  kasan_save_alloc_info+0x40/0x58
[   21.874267]  __kasan_mempool_unpoison_object+0xbc/0x180
[   21.874338]  remove_element+0x16c/0x1f8
[   21.874382]  mempool_alloc_preallocated+0x58/0xc0
[   21.874424]  mempool_oob_right_helper+0x98/0x2f0
[   21.874469]  mempool_slab_oob_right+0xc0/0x118
[   21.874512]  kunit_try_run_case+0x170/0x3f0
[   21.874568]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.874651]  kthread+0x328/0x630
[   21.874722]  ret_from_fork+0x10/0x20
[   21.874820] 
[   21.874949] The buggy address belongs to the object at fff00000c63ff240
[   21.874949]  which belongs to the cache test_cache of size 123
[   21.875550] The buggy address is located 0 bytes to the right of
[   21.875550]  allocated 123-byte region [fff00000c63ff240, fff00000c63ff2bb)
[   21.876099] 
[   21.876268] The buggy address belongs to the physical page:
[   21.876336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063ff
[   21.876578] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   21.876666] page_type: f5(slab)
[   21.876716] raw: 0bfffe0000000000 fff00000c6419140 dead000000000122 0000000000000000
[   21.876949] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   21.877146] page dumped because: kasan: bad access detected
[   21.877189] 
[   21.877212] Memory state around the buggy address:
[   21.877257]  fff00000c63ff180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.877310]  fff00000c63ff200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   21.877358] >fff00000c63ff280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   21.877402]                                         ^
[   21.877440]  fff00000c63ff300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.877488]  fff00000c63ff380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.877532] ==================================================================
[   21.847753] ==================================================================
[   21.847888] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   21.847993] Read of size 1 at addr fff00000c6408673 by task kunit_try_catch/230
[   21.848059] 
[   21.848128] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   21.848230] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.848262] Hardware name: linux,dummy-virt (DT)
[   21.848302] Call trace:
[   21.848335]  show_stack+0x20/0x38 (C)
[   21.848397]  dump_stack_lvl+0x8c/0xd0
[   21.848451]  print_report+0x118/0x608
[   21.848507]  kasan_report+0xdc/0x128
[   21.848556]  __asan_report_load1_noabort+0x20/0x30
[   21.848613]  mempool_oob_right_helper+0x2ac/0x2f0
[   21.848667]  mempool_kmalloc_oob_right+0xc4/0x120
[   21.848720]  kunit_try_run_case+0x170/0x3f0
[   21.848777]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.848861]  kthread+0x328/0x630
[   21.848911]  ret_from_fork+0x10/0x20
[   21.848969] 
[   21.849022] Allocated by task 230:
[   21.849064]  kasan_save_stack+0x3c/0x68
[   21.849122]  kasan_save_track+0x20/0x40
[   21.849173]  kasan_save_alloc_info+0x40/0x58
[   21.849213]  __kasan_mempool_unpoison_object+0x11c/0x180
[   21.849260]  remove_element+0x130/0x1f8
[   21.849303]  mempool_alloc_preallocated+0x58/0xc0
[   21.849347]  mempool_oob_right_helper+0x98/0x2f0
[   21.849388]  mempool_kmalloc_oob_right+0xc4/0x120
[   21.849430]  kunit_try_run_case+0x170/0x3f0
[   21.849472]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.849518]  kthread+0x328/0x630
[   21.849553]  ret_from_fork+0x10/0x20
[   21.849595] 
[   21.849628] The buggy address belongs to the object at fff00000c6408600
[   21.849628]  which belongs to the cache kmalloc-128 of size 128
[   21.849697] The buggy address is located 0 bytes to the right of
[   21.849697]  allocated 115-byte region [fff00000c6408600, fff00000c6408673)
[   21.849768] 
[   21.849798] The buggy address belongs to the physical page:
[   21.849875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106408
[   21.849948] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   21.850016] page_type: f5(slab)
[   21.850071] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   21.850134] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.850189] page dumped because: kasan: bad access detected
[   21.850230] 
[   21.850271] Memory state around the buggy address:
[   21.850318]  fff00000c6408500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.850376]  fff00000c6408580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.850432] >fff00000c6408600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   21.850482]                                                              ^
[   21.850533]  fff00000c6408680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.850588]  fff00000c6408700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   21.850640] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya0zPCLTsXcgMlhuwl4B74eGRP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya0zPCLTsXcgMlhuwl4B74eGRP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/Image.gz
sha256sum	a07f652b6ef2a3b23147f3c325e2115d921a305a0923eab0aef242be63afbe4f

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/modules.tar.xz
sha256sum	793787324999d0aa7d217eac21d3f904d0017c4f6b9bafdc8cd21afd90a18cf2

durations

tests

boot	0
kunit	252.96

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.893286] ==================================================================
[   12.893894] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.894277] Read of size 1 at addr ffff8881028e2973 by task kunit_try_catch/246
[   12.894572] 
[   12.894663] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   12.894715] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.894727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.894762] Call Trace:
[   12.894786]  <TASK>
[   12.894807]  dump_stack_lvl+0x73/0xb0
[   12.894840]  print_report+0xd1/0x650
[   12.894862]  ? __virt_addr_valid+0x1db/0x2d0
[   12.894889]  ? mempool_oob_right_helper+0x318/0x380
[   12.894913]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.894947]  ? mempool_oob_right_helper+0x318/0x380
[   12.894971]  kasan_report+0x141/0x180
[   12.894992]  ? mempool_oob_right_helper+0x318/0x380
[   12.895019]  __asan_report_load1_noabort+0x18/0x20
[   12.895043]  mempool_oob_right_helper+0x318/0x380
[   12.895066]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.895088]  ? update_load_avg+0x1be/0x21b0
[   12.895113]  ? dequeue_entities+0x27e/0x1740
[   12.895138]  ? finish_task_switch.isra.0+0x153/0x700
[   12.895164]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.895187]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   12.895212]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.895238]  ? __pfx_mempool_kfree+0x10/0x10
[   12.895263]  ? __pfx_read_tsc+0x10/0x10
[   12.895285]  ? ktime_get_ts64+0x86/0x230
[   12.895310]  kunit_try_run_case+0x1a5/0x480
[   12.895337]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.895358]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.895382]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.895404]  ? __kthread_parkme+0x82/0x180
[   12.895501]  ? preempt_count_sub+0x50/0x80
[   12.895528]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.895552]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.895575]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.895597]  kthread+0x337/0x6f0
[   12.895617]  ? trace_preempt_on+0x20/0xc0
[   12.895642]  ? __pfx_kthread+0x10/0x10
[   12.895663]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.895683]  ? calculate_sigpending+0x7b/0xa0
[   12.895708]  ? __pfx_kthread+0x10/0x10
[   12.895729]  ret_from_fork+0x116/0x1d0
[   12.895748]  ? __pfx_kthread+0x10/0x10
[   12.895768]  ret_from_fork_asm+0x1a/0x30
[   12.895800]  </TASK>
[   12.895812] 
[   12.905009] Allocated by task 246:
[   12.905150]  kasan_save_stack+0x45/0x70
[   12.905299]  kasan_save_track+0x18/0x40
[   12.905424]  kasan_save_alloc_info+0x3b/0x50
[   12.905563]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.905730]  remove_element+0x11e/0x190
[   12.905862]  mempool_alloc_preallocated+0x4d/0x90
[   12.906044]  mempool_oob_right_helper+0x8a/0x380
[   12.906191]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.906337]  kunit_try_run_case+0x1a5/0x480
[   12.906593]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.906767]  kthread+0x337/0x6f0
[   12.906885]  ret_from_fork+0x116/0x1d0
[   12.907047]  ret_from_fork_asm+0x1a/0x30
[   12.907235] 
[   12.907327] The buggy address belongs to the object at ffff8881028e2900
[   12.907327]  which belongs to the cache kmalloc-128 of size 128
[   12.907989] The buggy address is located 0 bytes to the right of
[   12.907989]  allocated 115-byte region [ffff8881028e2900, ffff8881028e2973)
[   12.908343] 
[   12.908410] The buggy address belongs to the physical page:
[   12.910082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2
[   12.910321] flags: 0x200000000000000(node=0|zone=2)
[   12.910483] page_type: f5(slab)
[   12.910647] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.911479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.911833] page dumped because: kasan: bad access detected
[   12.912046] 
[   12.912112] Memory state around the buggy address:
[   12.912263]  ffff8881028e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.912496]  ffff8881028e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.912776] >ffff8881028e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.912990]                                                              ^
[   12.913263]  ffff8881028e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.913470]  ffff8881028e2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.913672] ==================================================================
[   12.945020] ==================================================================
[   12.945671] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.946053] Read of size 1 at addr ffff8881028da2bb by task kunit_try_catch/250
[   12.946784] 
[   12.946886] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   12.946950] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.946961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.946983] Call Trace:
[   12.946996]  <TASK>
[   12.947013]  dump_stack_lvl+0x73/0xb0
[   12.947045]  print_report+0xd1/0x650
[   12.947068]  ? __virt_addr_valid+0x1db/0x2d0
[   12.947092]  ? mempool_oob_right_helper+0x318/0x380
[   12.947116]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.947138]  ? mempool_oob_right_helper+0x318/0x380
[   12.947160]  kasan_report+0x141/0x180
[   12.947182]  ? mempool_oob_right_helper+0x318/0x380
[   12.947209]  __asan_report_load1_noabort+0x18/0x20
[   12.947233]  mempool_oob_right_helper+0x318/0x380
[   12.947256]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.947281]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.947304]  ? finish_task_switch.isra.0+0x153/0x700
[   12.947330]  mempool_slab_oob_right+0xed/0x140
[   12.947353]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   12.947380]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   12.947404]  ? __pfx_mempool_free_slab+0x10/0x10
[   12.947429]  ? __pfx_read_tsc+0x10/0x10
[   12.947450]  ? ktime_get_ts64+0x86/0x230
[   12.947474]  kunit_try_run_case+0x1a5/0x480
[   12.947499]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.947521]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.947543]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.947565]  ? __kthread_parkme+0x82/0x180
[   12.947585]  ? preempt_count_sub+0x50/0x80
[   12.947608]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.947631]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.947652]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.947675]  kthread+0x337/0x6f0
[   12.947696]  ? trace_preempt_on+0x20/0xc0
[   12.947720]  ? __pfx_kthread+0x10/0x10
[   12.947740]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.947760]  ? calculate_sigpending+0x7b/0xa0
[   12.947784]  ? __pfx_kthread+0x10/0x10
[   12.947806]  ret_from_fork+0x116/0x1d0
[   12.947825]  ? __pfx_kthread+0x10/0x10
[   12.947844]  ret_from_fork_asm+0x1a/0x30
[   12.947875]  </TASK>
[   12.947886] 
[   12.959529] Allocated by task 250:
[   12.959709]  kasan_save_stack+0x45/0x70
[   12.959901]  kasan_save_track+0x18/0x40
[   12.960086]  kasan_save_alloc_info+0x3b/0x50
[   12.960278]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   12.960711]  remove_element+0x11e/0x190
[   12.960897]  mempool_alloc_preallocated+0x4d/0x90
[   12.961109]  mempool_oob_right_helper+0x8a/0x380
[   12.961306]  mempool_slab_oob_right+0xed/0x140
[   12.962173]  kunit_try_run_case+0x1a5/0x480
[   12.962393]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.962563]  kthread+0x337/0x6f0
[   12.962980]  ret_from_fork+0x116/0x1d0
[   12.963160]  ret_from_fork_asm+0x1a/0x30
[   12.963333] 
[   12.963487] The buggy address belongs to the object at ffff8881028da240
[   12.963487]  which belongs to the cache test_cache of size 123
[   12.963979] The buggy address is located 0 bytes to the right of
[   12.963979]  allocated 123-byte region [ffff8881028da240, ffff8881028da2bb)
[   12.964633] 
[   12.964728] The buggy address belongs to the physical page:
[   12.964958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028da
[   12.965265] flags: 0x200000000000000(node=0|zone=2)
[   12.965557] page_type: f5(slab)
[   12.966380] raw: 0200000000000000 ffff888101894780 dead000000000122 0000000000000000
[   12.966751] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   12.966991] page dumped because: kasan: bad access detected
[   12.967171] 
[   12.967258] Memory state around the buggy address:
[   12.967478]  ffff8881028da180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.967719]  ffff8881028da200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   12.967996] >ffff8881028da280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   12.968346]                                         ^
[   12.968730]  ffff8881028da300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.969025]  ffff8881028da380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.969334] ==================================================================
[   12.921693] ==================================================================
[   12.922225] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.922656] Read of size 1 at addr ffff888102bea001 by task kunit_try_catch/248
[   12.922978] 
[   12.923102] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   12.923153] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.923165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.923186] Call Trace:
[   12.923200]  <TASK>
[   12.923219]  dump_stack_lvl+0x73/0xb0
[   12.923252]  print_report+0xd1/0x650
[   12.923276]  ? __virt_addr_valid+0x1db/0x2d0
[   12.923299]  ? mempool_oob_right_helper+0x318/0x380
[   12.923344]  ? kasan_addr_to_slab+0x11/0xa0
[   12.923365]  ? mempool_oob_right_helper+0x318/0x380
[   12.923388]  kasan_report+0x141/0x180
[   12.923469]  ? mempool_oob_right_helper+0x318/0x380
[   12.923499]  __asan_report_load1_noabort+0x18/0x20
[   12.923524]  mempool_oob_right_helper+0x318/0x380
[   12.923573]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.923599]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.923624]  ? finish_task_switch.isra.0+0x153/0x700
[   12.923652]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   12.923675]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   12.923702]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.923726]  ? __pfx_mempool_kfree+0x10/0x10
[   12.923750]  ? __pfx_read_tsc+0x10/0x10
[   12.923772]  ? ktime_get_ts64+0x86/0x230
[   12.923797]  kunit_try_run_case+0x1a5/0x480
[   12.923822]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.923844]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.923866]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.923889]  ? __kthread_parkme+0x82/0x180
[   12.923966]  ? preempt_count_sub+0x50/0x80
[   12.923989]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.924012]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.924035]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.924057]  kthread+0x337/0x6f0
[   12.924076]  ? trace_preempt_on+0x20/0xc0
[   12.924101]  ? __pfx_kthread+0x10/0x10
[   12.924121]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.924162]  ? calculate_sigpending+0x7b/0xa0
[   12.924188]  ? __pfx_kthread+0x10/0x10
[   12.924209]  ret_from_fork+0x116/0x1d0
[   12.924228]  ? __pfx_kthread+0x10/0x10
[   12.924248]  ret_from_fork_asm+0x1a/0x30
[   12.924279]  </TASK>
[   12.924292] 
[   12.933122] The buggy address belongs to the physical page:
[   12.933464] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8
[   12.934032] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.934306] flags: 0x200000000000040(head|node=0|zone=2)
[   12.934575] page_type: f8(unknown)
[   12.934863] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.935187] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.935684] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.936019] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.936245] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff
[   12.936800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.937193] page dumped because: kasan: bad access detected
[   12.937476] 
[   12.937699] Memory state around the buggy address:
[   12.937873]  ffff888102be9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.938252]  ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.938499] >ffff888102bea000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.939068]                    ^
[   12.939276]  ffff888102bea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.939601]  ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.940033] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya10TrtOeZqMJoigZUQQpnbsgW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya10TrtOeZqMJoigZUQQpnbsgW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/bzImage
sha256sum	4d3d55ec68ee13601f4cba6535beaaa179877198316f6d49c7d2754d39d25d99

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/modules.tar.xz
sha256sum	6a0e4a1142b545d837c764528373cb157bd626a8fd062931e1825203c7bce58f

durations

tests

boot	0
kunit	134.01

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit