lkft/linux-next-master - next-20250618 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

June 18, 2025, 6:43 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.637190] ==================================================================
[   22.637308] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   22.637401] Read of size 1 at addr fff00000c6423f73 by task kunit_try_catch/231
[   22.637456] 
[   22.637505] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   22.637606] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   22.637638] Hardware name: linux,dummy-virt (DT)
[   22.637674] Call trace:
[   22.637702]  show_stack+0x20/0x38 (C)
[   22.637759]  dump_stack_lvl+0x8c/0xd0
[   22.637813]  print_report+0x118/0x608
[   22.637863]  kasan_report+0xdc/0x128
[   22.637912]  __asan_report_load1_noabort+0x20/0x30
[   22.637966]  mempool_oob_right_helper+0x2ac/0x2f0
[   22.638027]  mempool_kmalloc_oob_right+0xc4/0x120
[   22.638157]  kunit_try_run_case+0x170/0x3f0
[   22.638262]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.638365]  kthread+0x328/0x630
[   22.638456]  ret_from_fork+0x10/0x20
[   22.638525] 
[   22.638547] Allocated by task 231:
[   22.638579]  kasan_save_stack+0x3c/0x68
[   22.638626]  kasan_save_track+0x20/0x40
[   22.638667]  kasan_save_alloc_info+0x40/0x58
[   22.638707]  __kasan_mempool_unpoison_object+0x11c/0x180
[   22.638752]  remove_element+0x130/0x1f8
[   22.638791]  mempool_alloc_preallocated+0x58/0xc0
[   22.638828]  mempool_oob_right_helper+0x98/0x2f0
[   22.638866]  mempool_kmalloc_oob_right+0xc4/0x120
[   22.638904]  kunit_try_run_case+0x170/0x3f0
[   22.638941]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.638983]  kthread+0x328/0x630
[   22.639014]  ret_from_fork+0x10/0x20
[   22.639076] 
[   22.639098] The buggy address belongs to the object at fff00000c6423f00
[   22.639098]  which belongs to the cache kmalloc-128 of size 128
[   22.639158] The buggy address is located 0 bytes to the right of
[   22.639158]  allocated 115-byte region [fff00000c6423f00, fff00000c6423f73)
[   22.639218] 
[   22.639241] The buggy address belongs to the physical page:
[   22.639275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106423
[   22.639328] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.639383] page_type: f5(slab)
[   22.639430] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.639481] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   22.639522] page dumped because: kasan: bad access detected
[   22.639554] 
[   22.639573] Memory state around the buggy address:
[   22.639607]  fff00000c6423e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.639651]  fff00000c6423e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.639693] >fff00000c6423f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   22.639731]                                                              ^
[   22.639770]  fff00000c6423f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.639810]  fff00000c6424000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.639848] ==================================================================
[   22.694754] ==================================================================
[   22.695001] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   22.695211] Read of size 1 at addr fff00000c63f02bb by task kunit_try_catch/235
[   22.695366] 
[   22.695481] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   22.695734] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   22.695816] Hardware name: linux,dummy-virt (DT)
[   22.695914] Call trace:
[   22.695990]  show_stack+0x20/0x38 (C)
[   22.696101]  dump_stack_lvl+0x8c/0xd0
[   22.696200]  print_report+0x118/0x608
[   22.696367]  kasan_report+0xdc/0x128
[   22.696512]  __asan_report_load1_noabort+0x20/0x30
[   22.696691]  mempool_oob_right_helper+0x2ac/0x2f0
[   22.696851]  mempool_slab_oob_right+0xc0/0x118
[   22.697003]  kunit_try_run_case+0x170/0x3f0
[   22.697124]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.697296]  kthread+0x328/0x630
[   22.697432]  ret_from_fork+0x10/0x20
[   22.697583] 
[   22.697647] Allocated by task 235:
[   22.697737]  kasan_save_stack+0x3c/0x68
[   22.697833]  kasan_save_track+0x20/0x40
[   22.697952]  kasan_save_alloc_info+0x40/0x58
[   22.698471]  __kasan_mempool_unpoison_object+0xbc/0x180
[   22.698679]  remove_element+0x16c/0x1f8
[   22.698767]  mempool_alloc_preallocated+0x58/0xc0
[   22.698885]  mempool_oob_right_helper+0x98/0x2f0
[   22.699005]  mempool_slab_oob_right+0xc0/0x118
[   22.699145]  kunit_try_run_case+0x170/0x3f0
[   22.699225]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.699303]  kthread+0x328/0x630
[   22.699358]  ret_from_fork+0x10/0x20
[   22.699430] 
[   22.699472] The buggy address belongs to the object at fff00000c63f0240
[   22.699472]  which belongs to the cache test_cache of size 123
[   22.699602] The buggy address is located 0 bytes to the right of
[   22.699602]  allocated 123-byte region [fff00000c63f0240, fff00000c63f02bb)
[   22.699743] 
[   22.699794] The buggy address belongs to the physical page:
[   22.699893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063f0
[   22.700048] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.700146] page_type: f5(slab)
[   22.700231] raw: 0bfffe0000000000 fff00000c7790140 dead000000000122 0000000000000000
[   22.700341] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   22.700441] page dumped because: kasan: bad access detected
[   22.700511] 
[   22.700567] Memory state around the buggy address:
[   22.700655]  fff00000c63f0180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.701472]  fff00000c63f0200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   22.701618] >fff00000c63f0280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   22.701745]                                         ^
[   22.701857]  fff00000c63f0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.701988]  fff00000c63f0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.702099] ==================================================================
[   22.664004] ==================================================================
[   22.664197] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   22.664345] Read of size 1 at addr fff00000c77be001 by task kunit_try_catch/233
[   22.664794] 
[   22.664911] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   22.665141] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   22.665213] Hardware name: linux,dummy-virt (DT)
[   22.665283] Call trace:
[   22.665335]  show_stack+0x20/0x38 (C)
[   22.665607]  dump_stack_lvl+0x8c/0xd0
[   22.665941]  print_report+0x118/0x608
[   22.666063]  kasan_report+0xdc/0x128
[   22.666172]  __asan_report_load1_noabort+0x20/0x30
[   22.666284]  mempool_oob_right_helper+0x2ac/0x2f0
[   22.666373]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   22.666468]  kunit_try_run_case+0x170/0x3f0
[   22.666804]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.666938]  kthread+0x328/0x630
[   22.667050]  ret_from_fork+0x10/0x20
[   22.667717] 
[   22.667790] The buggy address belongs to the physical page:
[   22.667946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077bc
[   22.668090] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.668534] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.668776] page_type: f8(unknown)
[   22.669108] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.669239] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   22.669368] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.669542] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   22.669728] head: 0bfffe0000000002 ffffc1ffc31def01 00000000ffffffff 00000000ffffffff
[   22.669892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.669988] page dumped because: kasan: bad access detected
[   22.670262] 
[   22.670375] Memory state around the buggy address:
[   22.670473]  fff00000c77bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.670573]  fff00000c77bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.670664] >fff00000c77be000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.671103]                    ^
[   22.671190]  fff00000c77be080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.671297]  fff00000c77be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.671420] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcKukFQMOtwGu89FbiLnnYMcv

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcKukFQMOtwGu89FbiLnnYMcv

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/Image.gz
sha256sum	79b35f965911e8ff982969cf0605b0bd2094f0c42bb36563e2c84399e66104a2

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/modules.tar.xz
sha256sum	103eda217975c92326d72877fbd7b01adb7c5cccd1ce9b6932689a978eb4696f

durations

tests

boot	0
kunit	333.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.543144] ==================================================================
[   12.543637] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.543961] Read of size 1 at addr ffff888102c54e73 by task kunit_try_catch/247
[   12.544263] 
[   12.544390] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   12.544442] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.544455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.544477] Call Trace:
[   12.544489]  <TASK>
[   12.544507]  dump_stack_lvl+0x73/0xb0
[   12.544535]  print_report+0xd1/0x650
[   12.544556]  ? __virt_addr_valid+0x1db/0x2d0
[   12.544579]  ? mempool_oob_right_helper+0x318/0x380
[   12.544601]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.544626]  ? mempool_oob_right_helper+0x318/0x380
[   12.544686]  kasan_report+0x141/0x180
[   12.544707]  ? mempool_oob_right_helper+0x318/0x380
[   12.544732]  __asan_report_load1_noabort+0x18/0x20
[   12.544761]  mempool_oob_right_helper+0x318/0x380
[   12.544784]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.544807]  ? __kasan_check_write+0x18/0x20
[   12.544861]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.544884]  ? finish_task_switch.isra.0+0x153/0x700
[   12.544908]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.544941]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   12.544966]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.544989]  ? __pfx_mempool_kfree+0x10/0x10
[   12.545012]  ? __pfx_read_tsc+0x10/0x10
[   12.545033]  ? ktime_get_ts64+0x86/0x230
[   12.545057]  kunit_try_run_case+0x1a5/0x480
[   12.545107]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.545128]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.545151]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.545183]  ? __kthread_parkme+0x82/0x180
[   12.545211]  ? preempt_count_sub+0x50/0x80
[   12.545233]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.545255]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.545292]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.545314]  kthread+0x337/0x6f0
[   12.545341]  ? trace_preempt_on+0x20/0xc0
[   12.545364]  ? __pfx_kthread+0x10/0x10
[   12.545384]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.545413]  ? calculate_sigpending+0x7b/0xa0
[   12.545437]  ? __pfx_kthread+0x10/0x10
[   12.545456]  ret_from_fork+0x116/0x1d0
[   12.545474]  ? __pfx_kthread+0x10/0x10
[   12.545493]  ret_from_fork_asm+0x1a/0x30
[   12.545523]  </TASK>
[   12.545534] 
[   12.556497] Allocated by task 247:
[   12.556704]  kasan_save_stack+0x45/0x70
[   12.556897]  kasan_save_track+0x18/0x40
[   12.557067]  kasan_save_alloc_info+0x3b/0x50
[   12.557365]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.557868]  remove_element+0x11e/0x190
[   12.558109]  mempool_alloc_preallocated+0x4d/0x90
[   12.558292]  mempool_oob_right_helper+0x8a/0x380
[   12.558821]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.559017]  kunit_try_run_case+0x1a5/0x480
[   12.559342]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.559760]  kthread+0x337/0x6f0
[   12.559920]  ret_from_fork+0x116/0x1d0
[   12.560083]  ret_from_fork_asm+0x1a/0x30
[   12.560516] 
[   12.560605] The buggy address belongs to the object at ffff888102c54e00
[   12.560605]  which belongs to the cache kmalloc-128 of size 128
[   12.561061] The buggy address is located 0 bytes to the right of
[   12.561061]  allocated 115-byte region [ffff888102c54e00, ffff888102c54e73)
[   12.561850] 
[   12.561934] The buggy address belongs to the physical page:
[   12.562363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54
[   12.562849] flags: 0x200000000000000(node=0|zone=2)
[   12.563142] page_type: f5(slab)
[   12.563292] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.563950] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.564357] page dumped because: kasan: bad access detected
[   12.564765] 
[   12.564844] Memory state around the buggy address:
[   12.565003]  ffff888102c54d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.565462]  ffff888102c54d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.565889] >ffff888102c54e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.566176]                                                              ^
[   12.566503]  ffff888102c54e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.567051]  ffff888102c54f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.567438] ==================================================================
[   12.598019] ==================================================================
[   12.599317] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.599711] Read of size 1 at addr ffff8881038fb2bb by task kunit_try_catch/251
[   12.599936] 
[   12.600018] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   12.600065] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.600077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.600098] Call Trace:
[   12.600109]  <TASK>
[   12.600125]  dump_stack_lvl+0x73/0xb0
[   12.600150]  print_report+0xd1/0x650
[   12.600170]  ? __virt_addr_valid+0x1db/0x2d0
[   12.600192]  ? mempool_oob_right_helper+0x318/0x380
[   12.600225]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.600251]  ? mempool_oob_right_helper+0x318/0x380
[   12.600273]  kasan_report+0x141/0x180
[   12.600294]  ? mempool_oob_right_helper+0x318/0x380
[   12.600320]  __asan_report_load1_noabort+0x18/0x20
[   12.600343]  mempool_oob_right_helper+0x318/0x380
[   12.600365]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.600389]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.600410]  ? finish_task_switch.isra.0+0x153/0x700
[   12.600434]  mempool_slab_oob_right+0xed/0x140
[   12.600457]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   12.600482]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   12.600506]  ? __pfx_mempool_free_slab+0x10/0x10
[   12.600531]  ? __pfx_read_tsc+0x10/0x10
[   12.600552]  ? ktime_get_ts64+0x86/0x230
[   12.600575]  kunit_try_run_case+0x1a5/0x480
[   12.600598]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.600619]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.600642]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.600667]  ? __kthread_parkme+0x82/0x180
[   12.600687]  ? preempt_count_sub+0x50/0x80
[   12.600708]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.600730]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.600752]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.600775]  kthread+0x337/0x6f0
[   12.600793]  ? trace_preempt_on+0x20/0xc0
[   12.600815]  ? __pfx_kthread+0x10/0x10
[   12.600835]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.600854]  ? calculate_sigpending+0x7b/0xa0
[   12.600876]  ? __pfx_kthread+0x10/0x10
[   12.600897]  ret_from_fork+0x116/0x1d0
[   12.600914]  ? __pfx_kthread+0x10/0x10
[   12.600934]  ret_from_fork_asm+0x1a/0x30
[   12.600962]  </TASK>
[   12.600973] 
[   12.611284] Allocated by task 251:
[   12.611554]  kasan_save_stack+0x45/0x70
[   12.611794]  kasan_save_track+0x18/0x40
[   12.611999]  kasan_save_alloc_info+0x3b/0x50
[   12.612253]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   12.612601]  remove_element+0x11e/0x190
[   12.612824]  mempool_alloc_preallocated+0x4d/0x90
[   12.613075]  mempool_oob_right_helper+0x8a/0x380
[   12.613339]  mempool_slab_oob_right+0xed/0x140
[   12.613680]  kunit_try_run_case+0x1a5/0x480
[   12.613890]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.614108]  kthread+0x337/0x6f0
[   12.614239]  ret_from_fork+0x116/0x1d0
[   12.614373]  ret_from_fork_asm+0x1a/0x30
[   12.614521] 
[   12.614593] The buggy address belongs to the object at ffff8881038fb240
[   12.614593]  which belongs to the cache test_cache of size 123
[   12.615050] The buggy address is located 0 bytes to the right of
[   12.615050]  allocated 123-byte region [ffff8881038fb240, ffff8881038fb2bb)
[   12.615598] 
[   12.615672] The buggy address belongs to the physical page:
[   12.615839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038fb
[   12.616149] flags: 0x200000000000000(node=0|zone=2)
[   12.616399] page_type: f5(slab)
[   12.616617] raw: 0200000000000000 ffff88810108edc0 dead000000000122 0000000000000000
[   12.616976] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   12.617339] page dumped because: kasan: bad access detected
[   12.617660] 
[   12.617751] Memory state around the buggy address:
[   12.617938]  ffff8881038fb180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.618291]  ffff8881038fb200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   12.618628] >ffff8881038fb280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   12.618836]                                         ^
[   12.619016]  ffff8881038fb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.619358]  ffff8881038fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.619686] ==================================================================
[   12.572044] ==================================================================
[   12.572656] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.572959] Read of size 1 at addr ffff888102b46001 by task kunit_try_catch/249
[   12.573333] 
[   12.573425] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   12.573476] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.573488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.573511] Call Trace:
[   12.573525]  <TASK>
[   12.573577]  dump_stack_lvl+0x73/0xb0
[   12.573608]  print_report+0xd1/0x650
[   12.573630]  ? __virt_addr_valid+0x1db/0x2d0
[   12.573666]  ? mempool_oob_right_helper+0x318/0x380
[   12.573688]  ? kasan_addr_to_slab+0x11/0xa0
[   12.573707]  ? mempool_oob_right_helper+0x318/0x380
[   12.573731]  kasan_report+0x141/0x180
[   12.573752]  ? mempool_oob_right_helper+0x318/0x380
[   12.573805]  __asan_report_load1_noabort+0x18/0x20
[   12.573829]  mempool_oob_right_helper+0x318/0x380
[   12.573853]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.573887]  ? __kasan_check_write+0x18/0x20
[   12.573910]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.573932]  ? finish_task_switch.isra.0+0x153/0x700
[   12.573958]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   12.574007]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   12.574034]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.574056]  ? __pfx_mempool_kfree+0x10/0x10
[   12.574091]  ? __pfx_read_tsc+0x10/0x10
[   12.574112]  ? ktime_get_ts64+0x86/0x230
[   12.574160]  kunit_try_run_case+0x1a5/0x480
[   12.574184]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574223]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.574246]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.574267]  ? __kthread_parkme+0x82/0x180
[   12.574293]  ? preempt_count_sub+0x50/0x80
[   12.574314]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574337]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.574359]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.574381]  kthread+0x337/0x6f0
[   12.574400]  ? trace_preempt_on+0x20/0xc0
[   12.574423]  ? __pfx_kthread+0x10/0x10
[   12.574442]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.574462]  ? calculate_sigpending+0x7b/0xa0
[   12.574485]  ? __pfx_kthread+0x10/0x10
[   12.574506]  ret_from_fork+0x116/0x1d0
[   12.574524]  ? __pfx_kthread+0x10/0x10
[   12.574543]  ret_from_fork_asm+0x1a/0x30
[   12.574573]  </TASK>
[   12.574584] 
[   12.585841] The buggy address belongs to the physical page:
[   12.586304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b44
[   12.586813] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.587123] flags: 0x200000000000040(head|node=0|zone=2)
[   12.587596] page_type: f8(unknown)
[   12.587903] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.588396] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   12.588784] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.589266] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   12.589950] head: 0200000000000002 ffffea00040ad101 00000000ffffffff 00000000ffffffff
[   12.590454] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.590802] page dumped because: kasan: bad access detected
[   12.591301] 
[   12.591388] Memory state around the buggy address:
[   12.591809]  ffff888102b45f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.592093]  ffff888102b45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.592724] >ffff888102b46000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.593013]                    ^
[   12.593362]  ffff888102b46080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.593808]  ffff888102b46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.594090] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcLjszgvK081YlwHCPjcp2e2j

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcLjszgvK081YlwHCPjcp2e2j

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/bzImage
sha256sum	080c75ae0012d41783d523aad25761b97c23573ef70fd83b5b4ab34093a5f110

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/modules.tar.xz
sha256sum	7b460ce6a60b82c553c794703a10ad3e9db2ff894128eec130bd388dacdd428e

durations

tests

boot	0
kunit	123.89

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit