lkft/linux-next-master - next-20250619 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

June 19, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   32.860922] ==================================================================
[   32.861025] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.861121] Read of size 1 at addr fff00000c76d22bb by task kunit_try_catch/236
[   32.861182] 
[   32.861233] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   32.861341] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.861372] Hardware name: linux,dummy-virt (DT)
[   32.861412] Call trace:
[   32.861439]  show_stack+0x20/0x38 (C)
[   32.861499]  dump_stack_lvl+0x8c/0xd0
[   32.861554]  print_report+0x118/0x608
[   32.861608]  kasan_report+0xdc/0x128
[   32.861660]  __asan_report_load1_noabort+0x20/0x30
[   32.861718]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.861770]  mempool_slab_oob_right+0xc0/0x118
[   32.861823]  kunit_try_run_case+0x170/0x3f0
[   32.861883]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.862348]  kthread+0x328/0x630
[   32.862411]  ret_from_fork+0x10/0x20
[   32.862557] 
[   32.862617] Allocated by task 236:
[   32.862699]  kasan_save_stack+0x3c/0x68
[   32.862775]  kasan_save_track+0x20/0x40
[   32.862971]  kasan_save_alloc_info+0x40/0x58
[   32.863028]  __kasan_mempool_unpoison_object+0xbc/0x180
[   32.863078]  remove_element+0x16c/0x1f8
[   32.863127]  mempool_alloc_preallocated+0x58/0xc0
[   32.863171]  mempool_oob_right_helper+0x98/0x2f0
[   32.863215]  mempool_slab_oob_right+0xc0/0x118
[   32.863256]  kunit_try_run_case+0x170/0x3f0
[   32.863318]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.863391]  kthread+0x328/0x630
[   32.863433]  ret_from_fork+0x10/0x20
[   32.863474] 
[   32.863508] The buggy address belongs to the object at fff00000c76d2240
[   32.863508]  which belongs to the cache test_cache of size 123
[   32.863711] The buggy address is located 0 bytes to the right of
[   32.863711]  allocated 123-byte region [fff00000c76d2240, fff00000c76d22bb)
[   32.863958] 
[   32.863998] The buggy address belongs to the physical page:
[   32.864037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d2
[   32.864100] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.864161] page_type: f5(slab)
[   32.864211] raw: 0bfffe0000000000 fff00000c76a5140 dead000000000122 0000000000000000
[   32.864269] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   32.864315] page dumped because: kasan: bad access detected
[   32.864353] 
[   32.864375] Memory state around the buggy address:
[   32.864416]  fff00000c76d2180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.864465]  fff00000c76d2200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   32.864514] >fff00000c76d2280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   32.864557]                                         ^
[   32.864597]  fff00000c76d2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.864644]  fff00000c76d2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.865517] ==================================================================
[   32.830748] ==================================================================
[   32.830865] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.831027] Read of size 1 at addr fff00000c649d373 by task kunit_try_catch/232
[   32.831089] 
[   32.831146] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   32.831252] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.831283] Hardware name: linux,dummy-virt (DT)
[   32.831324] Call trace:
[   32.831353]  show_stack+0x20/0x38 (C)
[   32.831418]  dump_stack_lvl+0x8c/0xd0
[   32.831477]  print_report+0x118/0x608
[   32.831530]  kasan_report+0xdc/0x128
[   32.831583]  __asan_report_load1_noabort+0x20/0x30
[   32.831641]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.831694]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.831751]  kunit_try_run_case+0x170/0x3f0
[   32.831809]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.831868]  kthread+0x328/0x630
[   32.831934]  ret_from_fork+0x10/0x20
[   32.831993] 
[   32.832015] Allocated by task 232:
[   32.832048]  kasan_save_stack+0x3c/0x68
[   32.832100]  kasan_save_track+0x20/0x40
[   32.832142]  kasan_save_alloc_info+0x40/0x58
[   32.832189]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.832238]  remove_element+0x130/0x1f8
[   32.832280]  mempool_alloc_preallocated+0x58/0xc0
[   32.832324]  mempool_oob_right_helper+0x98/0x2f0
[   32.832367]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.832413]  kunit_try_run_case+0x170/0x3f0
[   32.832456]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.832504]  kthread+0x328/0x630
[   32.832539]  ret_from_fork+0x10/0x20
[   32.832578] 
[   32.832604] The buggy address belongs to the object at fff00000c649d300
[   32.832604]  which belongs to the cache kmalloc-128 of size 128
[   32.832670] The buggy address is located 0 bytes to the right of
[   32.832670]  allocated 115-byte region [fff00000c649d300, fff00000c649d373)
[   32.832738] 
[   32.832766] The buggy address belongs to the physical page:
[   32.832807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10649d
[   32.832869] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.832946] page_type: f5(slab)
[   32.832997] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.833056] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.833103] page dumped because: kasan: bad access detected
[   32.833140] 
[   32.833159] Memory state around the buggy address:
[   32.833199]  fff00000c649d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.833248]  fff00000c649d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.833296] >fff00000c649d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.833339]                                                              ^
[   32.833385]  fff00000c649d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.833433]  fff00000c649d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.833506] ==================================================================
[   32.845160] ==================================================================
[   32.845910] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.846029] Read of size 1 at addr fff00000c63ea001 by task kunit_try_catch/234
[   32.846093] 
[   32.846144] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   32.846263] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.846295] Hardware name: linux,dummy-virt (DT)
[   32.846332] Call trace:
[   32.846360]  show_stack+0x20/0x38 (C)
[   32.846423]  dump_stack_lvl+0x8c/0xd0
[   32.846479]  print_report+0x118/0x608
[   32.846532]  kasan_report+0xdc/0x128
[   32.846585]  __asan_report_load1_noabort+0x20/0x30
[   32.846643]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.846697]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   32.846754]  kunit_try_run_case+0x170/0x3f0
[   32.846836]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.846933]  kthread+0x328/0x630
[   32.847054]  ret_from_fork+0x10/0x20
[   32.847410] 
[   32.847505] The buggy address belongs to the physical page:
[   32.847666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063e8
[   32.847938] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.847998] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.848067] page_type: f8(unknown)
[   32.848119] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.848246] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.848612] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.848675] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.848732] head: 0bfffe0000000002 ffffc1ffc318fa01 00000000ffffffff 00000000ffffffff
[   32.848865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.848929] page dumped because: kasan: bad access detected
[   32.849389] 
[   32.849419] Memory state around the buggy address:
[   32.849462]  fff00000c63e9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.849647]  fff00000c63e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.849707] >fff00000c63ea000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.849752]                    ^
[   32.849797]  fff00000c63ea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.849852]  fff00000c63ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.849907] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4slvCaWR7XA8VuGcBZKW5SLX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4slvCaWR7XA8VuGcBZKW5SLX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/Image.gz
sha256sum	cb4663d0b05232347d68f7b3df67b018135c7f12ebc05b698352eab6f347f59e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/modules.tar.xz
sha256sum	9e286508840b9f94a2e5b2ba487385dccd8eb18c626ab265ff4eb5e7c0991772

durations

tests

boot	0
kunit	312.66

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   28.708483] ==================================================================
[   28.709014] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   28.709687] Read of size 1 at addr ffff88810326a2bb by task kunit_try_catch/254
[   28.710333] 
[   28.710496] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   28.710611] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.710627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.710657] Call Trace:
[   28.710677]  <TASK>
[   28.710702]  dump_stack_lvl+0x73/0xb0
[   28.710762]  print_report+0xd1/0x650
[   28.710801]  ? __virt_addr_valid+0x1db/0x2d0
[   28.710845]  ? mempool_oob_right_helper+0x318/0x380
[   28.710890]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.710960]  ? mempool_oob_right_helper+0x318/0x380
[   28.711160]  kasan_report+0x141/0x180
[   28.711210]  ? mempool_oob_right_helper+0x318/0x380
[   28.711271]  __asan_report_load1_noabort+0x18/0x20
[   28.711325]  mempool_oob_right_helper+0x318/0x380
[   28.711378]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   28.711409]  ? update_load_avg+0x1be/0x21b0
[   28.711443]  ? finish_task_switch.isra.0+0x153/0x700
[   28.711474]  mempool_slab_oob_right+0xed/0x140
[   28.711501]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   28.711543]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   28.711584]  ? __pfx_mempool_free_slab+0x10/0x10
[   28.711625]  ? __pfx_read_tsc+0x10/0x10
[   28.711664]  ? ktime_get_ts64+0x86/0x230
[   28.711706]  kunit_try_run_case+0x1a5/0x480
[   28.711753]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.711799]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.711848]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.711899]  ? __kthread_parkme+0x82/0x180
[   28.711984]  ? preempt_count_sub+0x50/0x80
[   28.712038]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.712089]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.712175]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.712231]  kthread+0x337/0x6f0
[   28.712276]  ? trace_preempt_on+0x20/0xc0
[   28.712318]  ? __pfx_kthread+0x10/0x10
[   28.712352]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.712388]  ? calculate_sigpending+0x7b/0xa0
[   28.712427]  ? __pfx_kthread+0x10/0x10
[   28.712463]  ret_from_fork+0x116/0x1d0
[   28.712495]  ? __pfx_kthread+0x10/0x10
[   28.712520]  ret_from_fork_asm+0x1a/0x30
[   28.712556]  </TASK>
[   28.712570] 
[   28.722958] Allocated by task 254:
[   28.723530]  kasan_save_stack+0x45/0x70
[   28.723888]  kasan_save_track+0x18/0x40
[   28.724310]  kasan_save_alloc_info+0x3b/0x50
[   28.724660]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   28.725287]  remove_element+0x11e/0x190
[   28.725639]  mempool_alloc_preallocated+0x4d/0x90
[   28.726220]  mempool_oob_right_helper+0x8a/0x380
[   28.726513]  mempool_slab_oob_right+0xed/0x140
[   28.726724]  kunit_try_run_case+0x1a5/0x480
[   28.726914]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.727431]  kthread+0x337/0x6f0
[   28.727687]  ret_from_fork+0x116/0x1d0
[   28.728023]  ret_from_fork_asm+0x1a/0x30
[   28.728378] 
[   28.728508] The buggy address belongs to the object at ffff88810326a240
[   28.728508]  which belongs to the cache test_cache of size 123
[   28.728928] The buggy address is located 0 bytes to the right of
[   28.728928]  allocated 123-byte region [ffff88810326a240, ffff88810326a2bb)
[   28.729743] 
[   28.729906] The buggy address belongs to the physical page:
[   28.730588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10326a
[   28.731066] flags: 0x200000000000000(node=0|zone=2)
[   28.731524] page_type: f5(slab)
[   28.731713] raw: 0200000000000000 ffff888103267000 dead000000000122 0000000000000000
[   28.732064] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   28.732703] page dumped because: kasan: bad access detected
[   28.733350] 
[   28.733487] Memory state around the buggy address:
[   28.733694]  ffff88810326a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.733939]  ffff88810326a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   28.734330] >ffff88810326a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   28.734856]                                         ^
[   28.735594]  ffff88810326a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.736349]  ffff88810326a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.736873] ==================================================================
[   28.632960] ==================================================================
[   28.633553] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   28.634201] Read of size 1 at addr ffff888103259473 by task kunit_try_catch/250
[   28.634452] 
[   28.634599] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   28.634703] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.634728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.634769] Call Trace:
[   28.634800]  <TASK>
[   28.634842]  dump_stack_lvl+0x73/0xb0
[   28.634932]  print_report+0xd1/0x650
[   28.634975]  ? __virt_addr_valid+0x1db/0x2d0
[   28.635022]  ? mempool_oob_right_helper+0x318/0x380
[   28.635063]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.635126]  ? mempool_oob_right_helper+0x318/0x380
[   28.635175]  kasan_report+0x141/0x180
[   28.635223]  ? mempool_oob_right_helper+0x318/0x380
[   28.635282]  __asan_report_load1_noabort+0x18/0x20
[   28.635328]  mempool_oob_right_helper+0x318/0x380
[   28.635372]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   28.635419]  ? __kasan_check_write+0x18/0x20
[   28.635466]  ? __pfx_sched_clock_cpu+0x10/0x10
[   28.635519]  ? finish_task_switch.isra.0+0x153/0x700
[   28.635580]  mempool_kmalloc_oob_right+0xf2/0x150
[   28.635635]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   28.635692]  ? __pfx_mempool_kmalloc+0x10/0x10
[   28.635942]  ? __pfx_mempool_kfree+0x10/0x10
[   28.636529]  ? __pfx_read_tsc+0x10/0x10
[   28.636588]  ? ktime_get_ts64+0x86/0x230
[   28.636649]  kunit_try_run_case+0x1a5/0x480
[   28.636701]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.636741]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.636770]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.636796]  ? __kthread_parkme+0x82/0x180
[   28.636821]  ? preempt_count_sub+0x50/0x80
[   28.636848]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.636873]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.636919]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.636966]  kthread+0x337/0x6f0
[   28.637130]  ? trace_preempt_on+0x20/0xc0
[   28.637163]  ? __pfx_kthread+0x10/0x10
[   28.637186]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.637209]  ? calculate_sigpending+0x7b/0xa0
[   28.637238]  ? __pfx_kthread+0x10/0x10
[   28.637262]  ret_from_fork+0x116/0x1d0
[   28.637284]  ? __pfx_kthread+0x10/0x10
[   28.637307]  ret_from_fork_asm+0x1a/0x30
[   28.637342]  </TASK>
[   28.637356] 
[   28.649521] Allocated by task 250:
[   28.649832]  kasan_save_stack+0x45/0x70
[   28.650060]  kasan_save_track+0x18/0x40
[   28.650574]  kasan_save_alloc_info+0x3b/0x50
[   28.650924]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   28.651216]  remove_element+0x11e/0x190
[   28.651408]  mempool_alloc_preallocated+0x4d/0x90
[   28.651746]  mempool_oob_right_helper+0x8a/0x380
[   28.652068]  mempool_kmalloc_oob_right+0xf2/0x150
[   28.652564]  kunit_try_run_case+0x1a5/0x480
[   28.652792]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.653014]  kthread+0x337/0x6f0
[   28.653820]  ret_from_fork+0x116/0x1d0
[   28.654375]  ret_from_fork_asm+0x1a/0x30
[   28.654705] 
[   28.654857] The buggy address belongs to the object at ffff888103259400
[   28.654857]  which belongs to the cache kmalloc-128 of size 128
[   28.655472] The buggy address is located 0 bytes to the right of
[   28.655472]  allocated 115-byte region [ffff888103259400, ffff888103259473)
[   28.656283] 
[   28.656530] The buggy address belongs to the physical page:
[   28.656750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103259
[   28.657054] flags: 0x200000000000000(node=0|zone=2)
[   28.657317] page_type: f5(slab)
[   28.657633] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   28.658749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.659586] page dumped because: kasan: bad access detected
[   28.659819] 
[   28.659916] Memory state around the buggy address:
[   28.660140]  ffff888103259300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.660419]  ffff888103259380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.660860] >ffff888103259400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   28.661424]                                                              ^
[   28.662865]  ffff888103259480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.663650]  ffff888103259500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   28.664198] ==================================================================
[   28.671842] ==================================================================
[   28.672603] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   28.673163] Read of size 1 at addr ffff888102afe001 by task kunit_try_catch/252
[   28.673667] 
[   28.673854] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   28.673961] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.673989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.674038] Call Trace:
[   28.674067]  <TASK>
[   28.674120]  dump_stack_lvl+0x73/0xb0
[   28.674193]  print_report+0xd1/0x650
[   28.674237]  ? __virt_addr_valid+0x1db/0x2d0
[   28.674281]  ? mempool_oob_right_helper+0x318/0x380
[   28.674325]  ? kasan_addr_to_slab+0x11/0xa0
[   28.674364]  ? mempool_oob_right_helper+0x318/0x380
[   28.674411]  kasan_report+0x141/0x180
[   28.674458]  ? mempool_oob_right_helper+0x318/0x380
[   28.674518]  __asan_report_load1_noabort+0x18/0x20
[   28.674573]  mempool_oob_right_helper+0x318/0x380
[   28.674624]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   28.674674]  ? __kasan_check_write+0x18/0x20
[   28.674721]  ? __pfx_sched_clock_cpu+0x10/0x10
[   28.674770]  ? finish_task_switch.isra.0+0x153/0x700
[   28.674819]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   28.674862]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   28.674915]  ? __pfx_mempool_kmalloc+0x10/0x10
[   28.674967]  ? __pfx_mempool_kfree+0x10/0x10
[   28.675019]  ? __pfx_read_tsc+0x10/0x10
[   28.675064]  ? ktime_get_ts64+0x86/0x230
[   28.675155]  kunit_try_run_case+0x1a5/0x480
[   28.675215]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.675264]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.675318]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.675372]  ? __kthread_parkme+0x82/0x180
[   28.675420]  ? preempt_count_sub+0x50/0x80
[   28.675471]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.675515]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.675565]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.675626]  kthread+0x337/0x6f0
[   28.675662]  ? trace_preempt_on+0x20/0xc0
[   28.675702]  ? __pfx_kthread+0x10/0x10
[   28.675736]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.675776]  ? calculate_sigpending+0x7b/0xa0
[   28.675822]  ? __pfx_kthread+0x10/0x10
[   28.675865]  ret_from_fork+0x116/0x1d0
[   28.675936]  ? __pfx_kthread+0x10/0x10
[   28.676005]  ret_from_fork_asm+0x1a/0x30
[   28.676078]  </TASK>
[   28.676142] 
[   28.691758] The buggy address belongs to the physical page:
[   28.692929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102afc
[   28.693529] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.694035] flags: 0x200000000000040(head|node=0|zone=2)
[   28.694465] page_type: f8(unknown)
[   28.694700] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.695056] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.696174] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.696348] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.696491] head: 0200000000000002 ffffea00040abf01 00000000ffffffff 00000000ffffffff
[   28.696631] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.696766] page dumped because: kasan: bad access detected
[   28.696871] 
[   28.697054] Memory state around the buggy address:
[   28.697479]  ffff888102afdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.698437]  ffff888102afdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.698657] >ffff888102afe000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.698795]                    ^
[   28.698874]  ffff888102afe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.699116]  ffff888102afe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.699541] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4tpeX02P5Qv7yMYQfk5TPyOp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4tpeX02P5Qv7yMYQfk5TPyOp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/bzImage
sha256sum	4e5e94ad4354f161d77bcbc08c44e2168e9a60b8ed77b02dccbd1516012d08e7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/modules.tar.xz
sha256sum	df747848e67907f2c678e62de10d5f90ecb5dd3d11ceec5de3846ce6e4a57e52

durations

tests

boot	0
kunit	248.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit