lkft/sashal-linus-next - v6.13-rc7-43108-gb6b7fc407c99 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 1, 2025, 12:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.341297] ==================================================================
[   19.341383] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   19.341475] Read of size 1 at addr fff00000c656a973 by task kunit_try_catch/221
[   19.341527] 
[   19.341572] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.341660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.341689] Hardware name: linux,dummy-virt (DT)
[   19.341722] Call trace:
[   19.341750]  show_stack+0x20/0x38 (C)
[   19.341802]  dump_stack_lvl+0x8c/0xd0
[   19.341855]  print_report+0x118/0x608
[   19.341904]  kasan_report+0xdc/0x128
[   19.341949]  __asan_report_load1_noabort+0x20/0x30
[   19.342001]  mempool_oob_right_helper+0x2ac/0x2f0
[   19.342050]  mempool_kmalloc_oob_right+0xc4/0x120
[   19.342099]  kunit_try_run_case+0x170/0x3f0
[   19.342152]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.342206]  kthread+0x328/0x630
[   19.342250]  ret_from_fork+0x10/0x20
[   19.342301] 
[   19.342320] Allocated by task 221:
[   19.342350]  kasan_save_stack+0x3c/0x68
[   19.342394]  kasan_save_track+0x20/0x40
[   19.342438]  kasan_save_alloc_info+0x40/0x58
[   19.342489]  __kasan_mempool_unpoison_object+0x11c/0x180
[   19.342534]  remove_element+0x130/0x1f8
[   19.342574]  mempool_alloc_preallocated+0x58/0xc0
[   19.342616]  mempool_oob_right_helper+0x98/0x2f0
[   19.342657]  mempool_kmalloc_oob_right+0xc4/0x120
[   19.342700]  kunit_try_run_case+0x170/0x3f0
[   19.342740]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.342784]  kthread+0x328/0x630
[   19.342817]  ret_from_fork+0x10/0x20
[   19.342855] 
[   19.342875] The buggy address belongs to the object at fff00000c656a900
[   19.342875]  which belongs to the cache kmalloc-128 of size 128
[   19.342938] The buggy address is located 0 bytes to the right of
[   19.342938]  allocated 115-byte region [fff00000c656a900, fff00000c656a973)
[   19.343020] 
[   19.343042] The buggy address belongs to the physical page:
[   19.343105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656a
[   19.343167] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.343224] page_type: f5(slab)
[   19.343271] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.343325] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.343369] page dumped because: kasan: bad access detected
[   19.343402] 
[   19.343439] Memory state around the buggy address:
[   19.343484]  fff00000c656a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.343529]  fff00000c656a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.343574] >fff00000c656a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   19.343614]                                                              ^
[   19.343655]  fff00000c656a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.343698]  fff00000c656aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   19.343739] ==================================================================
[   19.349250] ==================================================================
[   19.349313] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   19.349368] Read of size 1 at addr fff00000c7846001 by task kunit_try_catch/223
[   19.349420] 
[   19.349465] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.349548] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.349575] Hardware name: linux,dummy-virt (DT)
[   19.349606] Call trace:
[   19.349630]  show_stack+0x20/0x38 (C)
[   19.350052]  dump_stack_lvl+0x8c/0xd0
[   19.350142]  print_report+0x118/0x608
[   19.350197]  kasan_report+0xdc/0x128
[   19.350356]  __asan_report_load1_noabort+0x20/0x30
[   19.350409]  mempool_oob_right_helper+0x2ac/0x2f0
[   19.350477]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   19.351287]  kunit_try_run_case+0x170/0x3f0
[   19.351417]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.351594]  kthread+0x328/0x630
[   19.351656]  ret_from_fork+0x10/0x20
[   19.351703] 
[   19.351726] The buggy address belongs to the physical page:
[   19.351762] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   19.351821] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.351872] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.351928] page_type: f8(unknown)
[   19.351968] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.352022] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.352075] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.352127] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.352180] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   19.352529] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.352577] page dumped because: kasan: bad access detected
[   19.353411] 
[   19.353887] Memory state around the buggy address:
[   19.354141]  fff00000c7845f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.354327]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.354378] >fff00000c7846000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.354425]                    ^
[   19.354777]  fff00000c7846080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.354899]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.354939] ==================================================================
[   19.370875] ==================================================================
[   19.371040] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   19.371121] Read of size 1 at addr fff00000c79ad2bb by task kunit_try_catch/225
[   19.371304] 
[   19.371338] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.371420] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.371455] Hardware name: linux,dummy-virt (DT)
[   19.371572] Call trace:
[   19.371664]  show_stack+0x20/0x38 (C)
[   19.371872]  dump_stack_lvl+0x8c/0xd0
[   19.372176]  print_report+0x118/0x608
[   19.372275]  kasan_report+0xdc/0x128
[   19.372415]  __asan_report_load1_noabort+0x20/0x30
[   19.372575]  mempool_oob_right_helper+0x2ac/0x2f0
[   19.372797]  mempool_slab_oob_right+0xc0/0x118
[   19.372867]  kunit_try_run_case+0x170/0x3f0
[   19.373146]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.373474]  kthread+0x328/0x630
[   19.373529]  ret_from_fork+0x10/0x20
[   19.373652] 
[   19.373786] Allocated by task 225:
[   19.373817]  kasan_save_stack+0x3c/0x68
[   19.373871]  kasan_save_track+0x20/0x40
[   19.374211]  kasan_save_alloc_info+0x40/0x58
[   19.374496]  __kasan_mempool_unpoison_object+0xbc/0x180
[   19.374821]  remove_element+0x16c/0x1f8
[   19.374942]  mempool_alloc_preallocated+0x58/0xc0
[   19.375191]  mempool_oob_right_helper+0x98/0x2f0
[   19.375237]  mempool_slab_oob_right+0xc0/0x118
[   19.375276]  kunit_try_run_case+0x170/0x3f0
[   19.375315]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.375361]  kthread+0x328/0x630
[   19.375600]  ret_from_fork+0x10/0x20
[   19.376032] 
[   19.376055] The buggy address belongs to the object at fff00000c79ad240
[   19.376055]  which belongs to the cache test_cache of size 123
[   19.376211] The buggy address is located 0 bytes to the right of
[   19.376211]  allocated 123-byte region [fff00000c79ad240, fff00000c79ad2bb)
[   19.376592] 
[   19.377010] The buggy address belongs to the physical page:
[   19.377147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079ad
[   19.377600] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.377668] page_type: f5(slab)
[   19.377711] raw: 0bfffe0000000000 fff00000c3e83a00 dead000000000122 0000000000000000
[   19.377765] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   19.378317] page dumped because: kasan: bad access detected
[   19.378489] 
[   19.378509] Memory state around the buggy address:
[   19.378546]  fff00000c79ad180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.378604]  fff00000c79ad200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   19.378735] >fff00000c79ad280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   19.378780]                                         ^
[   19.378817]  fff00000c79ad300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.378863]  fff00000c79ad380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.378904] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zFZ7AA8ZD9Hxk7VnRiY3mXiAkW

job_id

TEST:linaro@lkft#2zFZAgR4HGSChCPu8KuJLPt15ei

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zFZAgR4HGSChCPu8KuJLPt15ei

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/Image.gz
sha256sum	f21f2f7031b771bca830a5b3afef9252dc911b1937cfdab3c3cb3770ee1dfdef

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/modules.tar.xz
sha256sum	373376c87789d93a6bf9062ae250416e65b9f0b18e5cf538a39cc351f73c170d

durations

tests

boot	0
kunit	175.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.862385] ==================================================================
[   12.862857] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.863458] Read of size 1 at addr ffff88810312f673 by task kunit_try_catch/238
[   12.863981] 
[   12.864092] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   12.864144] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.864157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.864497] Call Trace:
[   12.864520]  <TASK>
[   12.864540]  dump_stack_lvl+0x73/0xb0
[   12.864574]  print_report+0xd1/0x650
[   12.864599]  ? __virt_addr_valid+0x1db/0x2d0
[   12.864624]  ? mempool_oob_right_helper+0x318/0x380
[   12.864648]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.864671]  ? mempool_oob_right_helper+0x318/0x380
[   12.864694]  kasan_report+0x141/0x180
[   12.864715]  ? mempool_oob_right_helper+0x318/0x380
[   12.864743]  __asan_report_load1_noabort+0x18/0x20
[   12.864766]  mempool_oob_right_helper+0x318/0x380
[   12.864790]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.864814]  ? __kasan_check_write+0x18/0x20
[   12.864833]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.864856]  ? finish_task_switch.isra.0+0x153/0x700
[   12.864881]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.864903]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   12.864928]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.864952]  ? __pfx_mempool_kfree+0x10/0x10
[   12.864976]  ? __pfx_read_tsc+0x10/0x10
[   12.864998]  ? ktime_get_ts64+0x86/0x230
[   12.865022]  kunit_try_run_case+0x1a5/0x480
[   12.865121]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.865145]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.865169]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.865191]  ? __kthread_parkme+0x82/0x180
[   12.865213]  ? preempt_count_sub+0x50/0x80
[   12.865235]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.865257]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.865280]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.865302]  kthread+0x337/0x6f0
[   12.865321]  ? trace_preempt_on+0x20/0xc0
[   12.865345]  ? __pfx_kthread+0x10/0x10
[   12.865365]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.865385]  ? calculate_sigpending+0x7b/0xa0
[   12.865409]  ? __pfx_kthread+0x10/0x10
[   12.865430]  ret_from_fork+0x116/0x1d0
[   12.865448]  ? __pfx_kthread+0x10/0x10
[   12.865468]  ret_from_fork_asm+0x1a/0x30
[   12.865498]  </TASK>
[   12.865512] 
[   12.877442] Allocated by task 238:
[   12.877827]  kasan_save_stack+0x45/0x70
[   12.878074]  kasan_save_track+0x18/0x40
[   12.878561]  kasan_save_alloc_info+0x3b/0x50
[   12.878787]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   12.879320]  remove_element+0x11e/0x190
[   12.879515]  mempool_alloc_preallocated+0x4d/0x90
[   12.879873]  mempool_oob_right_helper+0x8a/0x380
[   12.880249]  mempool_kmalloc_oob_right+0xf2/0x150
[   12.880495]  kunit_try_run_case+0x1a5/0x480
[   12.880822]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.881101]  kthread+0x337/0x6f0
[   12.881463]  ret_from_fork+0x116/0x1d0
[   12.881716]  ret_from_fork_asm+0x1a/0x30
[   12.881926] 
[   12.882240] The buggy address belongs to the object at ffff88810312f600
[   12.882240]  which belongs to the cache kmalloc-128 of size 128
[   12.882735] The buggy address is located 0 bytes to the right of
[   12.882735]  allocated 115-byte region [ffff88810312f600, ffff88810312f673)
[   12.883701] 
[   12.883789] The buggy address belongs to the physical page:
[   12.884325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10312f
[   12.884772] flags: 0x200000000000000(node=0|zone=2)
[   12.885001] page_type: f5(slab)
[   12.885191] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.885511] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.885788] page dumped because: kasan: bad access detected
[   12.886400] 
[   12.886503] Memory state around the buggy address:
[   12.886692]  ffff88810312f500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.887230]  ffff88810312f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.887647] >ffff88810312f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.888042]                                                              ^
[   12.888522]  ffff88810312f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.888830]  ffff88810312f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   12.889625] ==================================================================
[   12.915549] ==================================================================
[   12.916064] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.916466] Read of size 1 at addr ffff88810311f2bb by task kunit_try_catch/242
[   12.916865] 
[   12.916986] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   12.917040] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.917051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.917082] Call Trace:
[   12.917093]  <TASK>
[   12.917108]  dump_stack_lvl+0x73/0xb0
[   12.917136]  print_report+0xd1/0x650
[   12.917169]  ? __virt_addr_valid+0x1db/0x2d0
[   12.917189]  ? mempool_oob_right_helper+0x318/0x380
[   12.917231]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.917253]  ? mempool_oob_right_helper+0x318/0x380
[   12.917275]  kasan_report+0x141/0x180
[   12.917296]  ? mempool_oob_right_helper+0x318/0x380
[   12.917369]  __asan_report_load1_noabort+0x18/0x20
[   12.917408]  mempool_oob_right_helper+0x318/0x380
[   12.917433]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.917458]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.917478]  ? finish_task_switch.isra.0+0x153/0x700
[   12.917502]  mempool_slab_oob_right+0xed/0x140
[   12.917526]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   12.917551]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   12.917570]  ? __pfx_mempool_free_slab+0x10/0x10
[   12.917592]  ? __pfx_read_tsc+0x10/0x10
[   12.917612]  ? ktime_get_ts64+0x86/0x230
[   12.917634]  kunit_try_run_case+0x1a5/0x480
[   12.917668]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.917688]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.917711]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.917743]  ? __kthread_parkme+0x82/0x180
[   12.917763]  ? preempt_count_sub+0x50/0x80
[   12.917786]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.917809]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.917832]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.917854]  kthread+0x337/0x6f0
[   12.917873]  ? trace_preempt_on+0x20/0xc0
[   12.917896]  ? __pfx_kthread+0x10/0x10
[   12.917915]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.917935]  ? calculate_sigpending+0x7b/0xa0
[   12.917959]  ? __pfx_kthread+0x10/0x10
[   12.917979]  ret_from_fork+0x116/0x1d0
[   12.917996]  ? __pfx_kthread+0x10/0x10
[   12.918017]  ret_from_fork_asm+0x1a/0x30
[   12.918108]  </TASK>
[   12.918121] 
[   12.931841] Allocated by task 242:
[   12.931977]  kasan_save_stack+0x45/0x70
[   12.932262]  kasan_save_track+0x18/0x40
[   12.932404]  kasan_save_alloc_info+0x3b/0x50
[   12.932613]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   12.932874]  remove_element+0x11e/0x190
[   12.933055]  mempool_alloc_preallocated+0x4d/0x90
[   12.933287]  mempool_oob_right_helper+0x8a/0x380
[   12.933445]  mempool_slab_oob_right+0xed/0x140
[   12.933680]  kunit_try_run_case+0x1a5/0x480
[   12.933994]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.934286]  kthread+0x337/0x6f0
[   12.934441]  ret_from_fork+0x116/0x1d0
[   12.934628]  ret_from_fork_asm+0x1a/0x30
[   12.934803] 
[   12.934901] The buggy address belongs to the object at ffff88810311f240
[   12.934901]  which belongs to the cache test_cache of size 123
[   12.935413] The buggy address is located 0 bytes to the right of
[   12.935413]  allocated 123-byte region [ffff88810311f240, ffff88810311f2bb)
[   12.936252] 
[   12.936371] The buggy address belongs to the physical page:
[   12.936618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10311f
[   12.936911] flags: 0x200000000000000(node=0|zone=2)
[   12.937372] page_type: f5(slab)
[   12.937557] raw: 0200000000000000 ffff88810311c000 dead000000000122 0000000000000000
[   12.937856] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   12.938292] page dumped because: kasan: bad access detected
[   12.938494] 
[   12.938589] Memory state around the buggy address:
[   12.938847]  ffff88810311f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.939203]  ffff88810311f200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   12.939663] >ffff88810311f280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   12.939951]                                         ^
[   12.940354]  ffff88810311f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.940662]  ffff88810311f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.940931] ==================================================================
[   12.892815] ==================================================================
[   12.893561] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   12.893847] Read of size 1 at addr ffff8881029ce001 by task kunit_try_catch/240
[   12.894191] 
[   12.894301] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   12.894434] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.894449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.894471] Call Trace:
[   12.894493]  <TASK>
[   12.894510]  dump_stack_lvl+0x73/0xb0
[   12.894541]  print_report+0xd1/0x650
[   12.894574]  ? __virt_addr_valid+0x1db/0x2d0
[   12.894598]  ? mempool_oob_right_helper+0x318/0x380
[   12.894619]  ? kasan_addr_to_slab+0x11/0xa0
[   12.894639]  ? mempool_oob_right_helper+0x318/0x380
[   12.894662]  kasan_report+0x141/0x180
[   12.894682]  ? mempool_oob_right_helper+0x318/0x380
[   12.894718]  __asan_report_load1_noabort+0x18/0x20
[   12.894742]  mempool_oob_right_helper+0x318/0x380
[   12.894775]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   12.894799]  ? __kasan_check_write+0x18/0x20
[   12.894818]  ? __pfx_sched_clock_cpu+0x10/0x10
[   12.894838]  ? finish_task_switch.isra.0+0x153/0x700
[   12.894863]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   12.894887]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   12.894913]  ? __pfx_mempool_kmalloc+0x10/0x10
[   12.894936]  ? __pfx_mempool_kfree+0x10/0x10
[   12.894961]  ? __pfx_read_tsc+0x10/0x10
[   12.894984]  ? ktime_get_ts64+0x86/0x230
[   12.895007]  kunit_try_run_case+0x1a5/0x480
[   12.895041]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.895077]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.895099]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.895121]  ? __kthread_parkme+0x82/0x180
[   12.895205]  ? preempt_count_sub+0x50/0x80
[   12.895230]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.895254]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.895277]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.895299]  kthread+0x337/0x6f0
[   12.895328]  ? trace_preempt_on+0x20/0xc0
[   12.895351]  ? __pfx_kthread+0x10/0x10
[   12.895371]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.895403]  ? calculate_sigpending+0x7b/0xa0
[   12.895426]  ? __pfx_kthread+0x10/0x10
[   12.895447]  ret_from_fork+0x116/0x1d0
[   12.895464]  ? __pfx_kthread+0x10/0x10
[   12.895484]  ret_from_fork_asm+0x1a/0x30
[   12.895514]  </TASK>
[   12.895525] 
[   12.904722] The buggy address belongs to the physical page:
[   12.904977] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc
[   12.905477] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.905820] flags: 0x200000000000040(head|node=0|zone=2)
[   12.906153] page_type: f8(unknown)
[   12.906313] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.906608] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.906901] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.907336] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.907654] head: 0200000000000002 ffffea00040a7301 00000000ffffffff 00000000ffffffff
[   12.907886] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.908168] page dumped because: kasan: bad access detected
[   12.908430] 
[   12.908529] Memory state around the buggy address:
[   12.908730]  ffff8881029cdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.908948]  ffff8881029cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.909598] >ffff8881029ce000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.909916]                    ^
[   12.910049]  ffff8881029ce080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.910548]  ffff8881029ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.910890] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zFZ7AA8ZD9Hxk7VnRiY3mXiAkW

job_id

TEST:linaro@lkft#2zFZBUndPDS8X4MXFxkaR3tx0zz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zFZBUndPDS8X4MXFxkaR3tx0zz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8tbap7DwB8PZ4EuveLWZXOa/bzImage
sha256sum	fdab25edf269586788f4854ddc82bfb248384cd49a929fd8a11612d5c6323a6b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8tbap7DwB8PZ4EuveLWZXOa/modules.tar.xz
sha256sum	b870eec76e2de65ecab7668dc6c268dfb8fbc1fee9d4a7541f1df48cf623d5fd

durations

tests

boot	0
kunit	204.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit