lkft/linux-next-master - next-20250722 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 22, 2025, 5:13 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.287688] ==================================================================
[   32.287748] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.287803] Read of size 1 at addr fff00000c926a2bb by task kunit_try_catch/256
[   32.290482] 
[   32.290537] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   32.290684] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.290714] Hardware name: linux,dummy-virt (DT)
[   32.290745] Call trace:
[   32.290770]  show_stack+0x20/0x38 (C)
[   32.290833]  dump_stack_lvl+0x8c/0xd0
[   32.290880]  print_report+0x118/0x5e8
[   32.291026]  kasan_report+0xdc/0x128
[   32.291300]  __asan_report_load1_noabort+0x20/0x30
[   32.291352]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.291401]  mempool_slab_oob_right+0xc0/0x118
[   32.293123]  kunit_try_run_case+0x170/0x3f0
[   32.293219]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.293441]  kthread+0x328/0x630
[   32.293887]  ret_from_fork+0x10/0x20
[   32.294238] 
[   32.294425] Allocated by task 256:
[   32.294488]  kasan_save_stack+0x3c/0x68
[   32.294536]  kasan_save_track+0x20/0x40
[   32.294742]  kasan_save_alloc_info+0x40/0x58
[   32.294861]  __kasan_mempool_unpoison_object+0xbc/0x180
[   32.295171]  remove_element+0x16c/0x1f8
[   32.295399]  mempool_alloc_preallocated+0x58/0xc0
[   32.295443]  mempool_oob_right_helper+0x98/0x2f0
[   32.295873]  mempool_slab_oob_right+0xc0/0x118
[   32.295974]  kunit_try_run_case+0x170/0x3f0
[   32.296105]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.296602]  kthread+0x328/0x630
[   32.296649]  ret_from_fork+0x10/0x20
[   32.296685] 
[   32.296705] The buggy address belongs to the object at fff00000c926a240
[   32.296705]  which belongs to the cache test_cache of size 123
[   32.297018] The buggy address is located 0 bytes to the right of
[   32.297018]  allocated 123-byte region [fff00000c926a240, fff00000c926a2bb)
[   32.297550] 
[   32.297585] The buggy address belongs to the physical page:
[   32.297650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10926a
[   32.298233] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.298681] page_type: f5(slab)
[   32.298723] raw: 0bfffe0000000000 fff00000c9247140 dead000000000122 0000000000000000
[   32.299220] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   32.299267] page dumped because: kasan: bad access detected
[   32.299298] 
[   32.299714] Memory state around the buggy address:
[   32.299779]  fff00000c926a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.299848]  fff00000c926a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   32.300162] >fff00000c926a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   32.300319]                                         ^
[   32.300639]  fff00000c926a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.300691]  fff00000c926a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.300730] ==================================================================
[   32.272018] ==================================================================
[   32.272125] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.272185] Read of size 1 at addr fff00000c9b9e001 by task kunit_try_catch/254
[   32.272402] 
[   32.272505] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   32.272622] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.272653] Hardware name: linux,dummy-virt (DT)
[   32.272685] Call trace:
[   32.272708]  show_stack+0x20/0x38 (C)
[   32.272769]  dump_stack_lvl+0x8c/0xd0
[   32.272827]  print_report+0x118/0x5e8
[   32.272871]  kasan_report+0xdc/0x128
[   32.272958]  __asan_report_load1_noabort+0x20/0x30
[   32.273083]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.273134]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   32.273186]  kunit_try_run_case+0x170/0x3f0
[   32.273231]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.273304]  kthread+0x328/0x630
[   32.273345]  ret_from_fork+0x10/0x20
[   32.273424] 
[   32.273444] The buggy address belongs to the physical page:
[   32.273481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b9c
[   32.273554] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.273601] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.273794] page_type: f8(unknown)
[   32.273905] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.273955] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.274003] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.274050] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.274098] head: 0bfffe0000000002 ffffc1ffc326e701 00000000ffffffff 00000000ffffffff
[   32.274145] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.274189] page dumped because: kasan: bad access detected
[   32.274219] 
[   32.274236] Memory state around the buggy address:
[   32.274319]  fff00000c9b9df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.274362]  fff00000c9b9df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.274404] >fff00000c9b9e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.274476]                    ^
[   32.274503]  fff00000c9b9e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.274545]  fff00000c9b9e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.274582] ==================================================================
[   32.263351] ==================================================================
[   32.263432] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.263511] Read of size 1 at addr fff00000c9a95373 by task kunit_try_catch/252
[   32.263562] 
[   32.263604] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   32.263701] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.263731] Hardware name: linux,dummy-virt (DT)
[   32.263766] Call trace:
[   32.263792]  show_stack+0x20/0x38 (C)
[   32.263858]  dump_stack_lvl+0x8c/0xd0
[   32.263908]  print_report+0x118/0x5e8
[   32.263950]  kasan_report+0xdc/0x128
[   32.263992]  __asan_report_load1_noabort+0x20/0x30
[   32.264041]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.264090]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.264139]  kunit_try_run_case+0x170/0x3f0
[   32.264188]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.264237]  kthread+0x328/0x630
[   32.264282]  ret_from_fork+0x10/0x20
[   32.264329] 
[   32.264348] Allocated by task 252:
[   32.264378]  kasan_save_stack+0x3c/0x68
[   32.264418]  kasan_save_track+0x20/0x40
[   32.264453]  kasan_save_alloc_info+0x40/0x58
[   32.264492]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.264533]  remove_element+0x130/0x1f8
[   32.264572]  mempool_alloc_preallocated+0x58/0xc0
[   32.264612]  mempool_oob_right_helper+0x98/0x2f0
[   32.264651]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.264692]  kunit_try_run_case+0x170/0x3f0
[   32.264729]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.264772]  kthread+0x328/0x630
[   32.264804]  ret_from_fork+0x10/0x20
[   32.264852] 
[   32.264901] The buggy address belongs to the object at fff00000c9a95300
[   32.264901]  which belongs to the cache kmalloc-128 of size 128
[   32.264961] The buggy address is located 0 bytes to the right of
[   32.264961]  allocated 115-byte region [fff00000c9a95300, fff00000c9a95373)
[   32.265022] 
[   32.265044] The buggy address belongs to the physical page:
[   32.265083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a95
[   32.265139] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.265191] page_type: f5(slab)
[   32.265235] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.265284] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.265325] page dumped because: kasan: bad access detected
[   32.265356] 
[   32.265374] Memory state around the buggy address:
[   32.265407]  fff00000c9a95200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.265450]  fff00000c9a95280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.265494] >fff00000c9a95300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.265530]                                                              ^
[   32.265569]  fff00000c9a95380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.265612]  fff00000c9a95400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.265651] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30DTUf0OK0VH9qRRuXmJxNbWT3c

job_id

TEST:linaro@lkft#30DTZX2OzvYa7G43GSjb9LZqhSf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30DTZX2OzvYa7G43GSjb9LZqhSf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/Image.gz
sha256sum	d1cc5806bf2ddfbb3802a0a4fd0f8138bf5c842af834ddb398ed867c7a51e5d1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/modules.tar.xz
sha256sum	452c7cc5a7d7fdc2801beb99bb9725c2d2534c879c8c3f4ae12898cd8ccb0426

durations

tests

boot	0
kunit	164.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   26.572819] ==================================================================
[   26.573387] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.573881] Read of size 1 at addr ffff8881058a62bb by task kunit_try_catch/273
[   26.574297] 
[   26.574405] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   26.574488] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.574502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.574525] Call Trace:
[   26.574550]  <TASK>
[   26.574584]  dump_stack_lvl+0x73/0xb0
[   26.574619]  print_report+0xd1/0x640
[   26.574657]  ? __virt_addr_valid+0x1db/0x2d0
[   26.574698]  ? mempool_oob_right_helper+0x318/0x380
[   26.574723]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.574751]  ? mempool_oob_right_helper+0x318/0x380
[   26.574824]  kasan_report+0x141/0x180
[   26.574872]  ? mempool_oob_right_helper+0x318/0x380
[   26.574903]  __asan_report_load1_noabort+0x18/0x20
[   26.574929]  mempool_oob_right_helper+0x318/0x380
[   26.574955]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.574983]  ? finish_task_switch.isra.0+0x153/0x700
[   26.575011]  mempool_slab_oob_right+0xed/0x140
[   26.575035]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   26.575063]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   26.575089]  ? __pfx_mempool_free_slab+0x10/0x10
[   26.575116]  ? __pfx_read_tsc+0x10/0x10
[   26.575139]  ? ktime_get_ts64+0x86/0x230
[   26.575180]  kunit_try_run_case+0x1a5/0x480
[   26.575208]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.575232]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.575260]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.575286]  ? __kthread_parkme+0x82/0x180
[   26.575308]  ? preempt_count_sub+0x50/0x80
[   26.575331]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.575356]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.575382]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.575407]  kthread+0x337/0x6f0
[   26.575428]  ? trace_preempt_on+0x20/0xc0
[   26.575453]  ? __pfx_kthread+0x10/0x10
[   26.575514]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.575539]  ? calculate_sigpending+0x7b/0xa0
[   26.575563]  ? __pfx_kthread+0x10/0x10
[   26.575586]  ret_from_fork+0x116/0x1d0
[   26.575607]  ? __pfx_kthread+0x10/0x10
[   26.575628]  ret_from_fork_asm+0x1a/0x30
[   26.575662]  </TASK>
[   26.575692] 
[   26.585184] Allocated by task 273:
[   26.585370]  kasan_save_stack+0x45/0x70
[   26.585731]  kasan_save_track+0x18/0x40
[   26.585957]  kasan_save_alloc_info+0x3b/0x50
[   26.586186]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   26.586553]  remove_element+0x11e/0x190
[   26.586763]  mempool_alloc_preallocated+0x4d/0x90
[   26.586953]  mempool_oob_right_helper+0x8a/0x380
[   26.587189]  mempool_slab_oob_right+0xed/0x140
[   26.587448]  kunit_try_run_case+0x1a5/0x480
[   26.587714]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.587972]  kthread+0x337/0x6f0
[   26.588138]  ret_from_fork+0x116/0x1d0
[   26.588329]  ret_from_fork_asm+0x1a/0x30
[   26.588699] 
[   26.588802] The buggy address belongs to the object at ffff8881058a6240
[   26.588802]  which belongs to the cache test_cache of size 123
[   26.589603] The buggy address is located 0 bytes to the right of
[   26.589603]  allocated 123-byte region [ffff8881058a6240, ffff8881058a62bb)
[   26.590074] 
[   26.590203] The buggy address belongs to the physical page:
[   26.590694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a6
[   26.591096] flags: 0x200000000000000(node=0|zone=2)
[   26.591380] page_type: f5(slab)
[   26.591557] raw: 0200000000000000 ffff888101d72a00 dead000000000122 0000000000000000
[   26.591990] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   26.592361] page dumped because: kasan: bad access detected
[   26.592668] 
[   26.592769] Memory state around the buggy address:
[   26.593024]  ffff8881058a6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.593406]  ffff8881058a6200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   26.594018] >ffff8881058a6280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   26.594318]                                         ^
[   26.594483]  ffff8881058a6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.595031]  ffff8881058a6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.595542] ==================================================================
[   26.520324] ==================================================================
[   26.521010] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.521590] Read of size 1 at addr ffff888104975373 by task kunit_try_catch/269
[   26.521840] 
[   26.521936] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   26.521992] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.522005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.522029] Call Trace:
[   26.522044]  <TASK>
[   26.522061]  dump_stack_lvl+0x73/0xb0
[   26.522093]  print_report+0xd1/0x640
[   26.522117]  ? __virt_addr_valid+0x1db/0x2d0
[   26.522143]  ? mempool_oob_right_helper+0x318/0x380
[   26.522171]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.522199]  ? mempool_oob_right_helper+0x318/0x380
[   26.522224]  kasan_report+0x141/0x180
[   26.522248]  ? mempool_oob_right_helper+0x318/0x380
[   26.522277]  __asan_report_load1_noabort+0x18/0x20
[   26.522302]  mempool_oob_right_helper+0x318/0x380
[   26.522327]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.522352]  ? dequeue_entities+0x23f/0x1630
[   26.522415]  ? __kasan_check_write+0x18/0x20
[   26.522442]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.522466]  ? finish_task_switch.isra.0+0x153/0x700
[   26.522493]  mempool_kmalloc_oob_right+0xf2/0x150
[   26.522518]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   26.522545]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.522571]  ? __pfx_mempool_kfree+0x10/0x10
[   26.522596]  ? __pfx_read_tsc+0x10/0x10
[   26.522620]  ? ktime_get_ts64+0x86/0x230
[   26.522645]  kunit_try_run_case+0x1a5/0x480
[   26.522672]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.522706]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.522733]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.522768]  ? __kthread_parkme+0x82/0x180
[   26.522789]  ? preempt_count_sub+0x50/0x80
[   26.522813]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.522848]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.522873]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.522896]  kthread+0x337/0x6f0
[   26.522917]  ? trace_preempt_on+0x20/0xc0
[   26.522941]  ? __pfx_kthread+0x10/0x10
[   26.522962]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.522987]  ? calculate_sigpending+0x7b/0xa0
[   26.523011]  ? __pfx_kthread+0x10/0x10
[   26.523033]  ret_from_fork+0x116/0x1d0
[   26.523054]  ? __pfx_kthread+0x10/0x10
[   26.523076]  ret_from_fork_asm+0x1a/0x30
[   26.523109]  </TASK>
[   26.523121] 
[   26.533753] Allocated by task 269:
[   26.533967]  kasan_save_stack+0x45/0x70
[   26.534175]  kasan_save_track+0x18/0x40
[   26.534375]  kasan_save_alloc_info+0x3b/0x50
[   26.534678]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   26.535024]  remove_element+0x11e/0x190
[   26.535253]  mempool_alloc_preallocated+0x4d/0x90
[   26.535461]  mempool_oob_right_helper+0x8a/0x380
[   26.535621]  mempool_kmalloc_oob_right+0xf2/0x150
[   26.535878]  kunit_try_run_case+0x1a5/0x480
[   26.536152]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.536398]  kthread+0x337/0x6f0
[   26.536666]  ret_from_fork+0x116/0x1d0
[   26.537192]  ret_from_fork_asm+0x1a/0x30
[   26.537418] 
[   26.537512] The buggy address belongs to the object at ffff888104975300
[   26.537512]  which belongs to the cache kmalloc-128 of size 128
[   26.538055] The buggy address is located 0 bytes to the right of
[   26.538055]  allocated 115-byte region [ffff888104975300, ffff888104975373)
[   26.538959] 
[   26.539075] The buggy address belongs to the physical page:
[   26.539306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975
[   26.539919] flags: 0x200000000000000(node=0|zone=2)
[   26.540139] page_type: f5(slab)
[   26.540516] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.540861] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.541258] page dumped because: kasan: bad access detected
[   26.541491] 
[   26.541849] Memory state around the buggy address:
[   26.542033]  ffff888104975200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.542461]  ffff888104975280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.542858] >ffff888104975300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   26.543144]                                                              ^
[   26.543524]  ffff888104975380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.543934]  ffff888104975400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   26.544273] ==================================================================
[   26.547314] ==================================================================
[   26.547932] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.548469] Read of size 1 at addr ffff8881061aa001 by task kunit_try_catch/271
[   26.548910] 
[   26.549007] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   26.549057] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.549070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.549092] Call Trace:
[   26.549105]  <TASK>
[   26.549120]  dump_stack_lvl+0x73/0xb0
[   26.549149]  print_report+0xd1/0x640
[   26.549173]  ? __virt_addr_valid+0x1db/0x2d0
[   26.549196]  ? mempool_oob_right_helper+0x318/0x380
[   26.549219]  ? kasan_addr_to_slab+0x11/0xa0
[   26.549241]  ? mempool_oob_right_helper+0x318/0x380
[   26.549264]  kasan_report+0x141/0x180
[   26.549287]  ? mempool_oob_right_helper+0x318/0x380
[   26.549315]  __asan_report_load1_noabort+0x18/0x20
[   26.549339]  mempool_oob_right_helper+0x318/0x380
[   26.549365]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.549393]  ? dequeue_entities+0x23f/0x1630
[   26.549419]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.549455]  ? finish_task_switch.isra.0+0x153/0x700
[   26.549481]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   26.549568]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   26.549596]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.549621]  ? __pfx_mempool_kfree+0x10/0x10
[   26.549646]  ? __pfx_read_tsc+0x10/0x10
[   26.549668]  ? ktime_get_ts64+0x86/0x230
[   26.549692]  kunit_try_run_case+0x1a5/0x480
[   26.549717]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.549740]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.549765]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.549791]  ? __kthread_parkme+0x82/0x180
[   26.549811]  ? preempt_count_sub+0x50/0x80
[   26.549848]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.549873]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.549898]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.549923]  kthread+0x337/0x6f0
[   26.549943]  ? trace_preempt_on+0x20/0xc0
[   26.549966]  ? __pfx_kthread+0x10/0x10
[   26.549986]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.550010]  ? calculate_sigpending+0x7b/0xa0
[   26.550034]  ? __pfx_kthread+0x10/0x10
[   26.550056]  ret_from_fork+0x116/0x1d0
[   26.550075]  ? __pfx_kthread+0x10/0x10
[   26.550097]  ret_from_fork_asm+0x1a/0x30
[   26.550127]  </TASK>
[   26.550139] 
[   26.561121] The buggy address belongs to the physical page:
[   26.561318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a8
[   26.561652] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.562051] flags: 0x200000000000040(head|node=0|zone=2)
[   26.562502] page_type: f8(unknown)
[   26.562685] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.563006] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.563907] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.564217] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.564678] head: 0200000000000002 ffffea0004186a01 00000000ffffffff 00000000ffffffff
[   26.565011] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.565394] page dumped because: kasan: bad access detected
[   26.565655] 
[   26.565735] Memory state around the buggy address:
[   26.565998]  ffff8881061a9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.566311]  ffff8881061a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.566657] >ffff8881061aa000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.567130]                    ^
[   26.567350]  ffff8881061aa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.567676]  ffff8881061aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.568010] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30DTUf0OK0VH9qRRuXmJxNbWT3c

job_id

TEST:linaro@lkft#30DTaY6z8UwWD3YGu9YRztFNOsK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30DTaY6z8UwWD3YGu9YRztFNOsK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTXAeOhEZKsCgysZTjz87X5dZ/bzImage
sha256sum	1dd9efd1ac1eaef764f151ccb4e75e2e5c7d980bfbf23ba6be71db9b997a5fe3

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTXAeOhEZKsCgysZTjz87X5dZ/modules.tar.xz
sha256sum	9563d5b087e0cfc4afa89d2de9a36b56201d28fc6e930509c5f9737522fc7569

durations

tests

boot	0
kunit	240.24

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit