lkft/sashal-linus-next - v6.13-rc7-43689-g85c2c095929a - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 16, 2025, 3:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.446503] ==================================================================
[   18.446630] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.446723] Read of size 1 at addr fff00000c780a001 by task kunit_try_catch/223
[   18.446778] 
[   18.446821] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.448725] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.449294] Hardware name: linux,dummy-virt (DT)
[   18.449451] Call trace:
[   18.449487]  show_stack+0x20/0x38 (C)
[   18.449556]  dump_stack_lvl+0x8c/0xd0
[   18.449610]  print_report+0x118/0x5d0
[   18.450291]  kasan_report+0xdc/0x128
[   18.450348]  __asan_report_load1_noabort+0x20/0x30
[   18.451026]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.451499]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   18.451575]  kunit_try_run_case+0x170/0x3f0
[   18.451626]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.451679]  kthread+0x328/0x630
[   18.452884]  ret_from_fork+0x10/0x20
[   18.453292] 
[   18.453815] The buggy address belongs to the physical page:
[   18.454157] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   18.454616] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.454826] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.454891] page_type: f8(unknown)
[   18.454939] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.454991] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.455042] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.455092] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.456563] head: 0bfffe0000000002 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   18.456748] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.456796] page dumped because: kasan: bad access detected
[   18.457404] 
[   18.457725] Memory state around the buggy address:
[   18.458380]  fff00000c7809f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.458470]  fff00000c7809f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.458665] >fff00000c780a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.459313]                    ^
[   18.459558]  fff00000c780a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.459742]  fff00000c780a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.459785] ==================================================================
[   18.418356] ==================================================================
[   18.418434] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.418510] Read of size 1 at addr fff00000c46f7f73 by task kunit_try_catch/221
[   18.418563] 
[   18.418605] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.418695] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.418739] Hardware name: linux,dummy-virt (DT)
[   18.418774] Call trace:
[   18.418800]  show_stack+0x20/0x38 (C)
[   18.418852]  dump_stack_lvl+0x8c/0xd0
[   18.418903]  print_report+0x118/0x5d0
[   18.418949]  kasan_report+0xdc/0x128
[   18.418994]  __asan_report_load1_noabort+0x20/0x30
[   18.419044]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.419092]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.419140]  kunit_try_run_case+0x170/0x3f0
[   18.419191]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.419521]  kthread+0x328/0x630
[   18.419575]  ret_from_fork+0x10/0x20
[   18.419628] 
[   18.419695] Allocated by task 221:
[   18.419737]  kasan_save_stack+0x3c/0x68
[   18.419781]  kasan_save_track+0x20/0x40
[   18.419819]  kasan_save_alloc_info+0x40/0x58
[   18.419862]  __kasan_mempool_unpoison_object+0x11c/0x180
[   18.419905]  remove_element+0x130/0x1f8
[   18.419945]  mempool_alloc_preallocated+0x58/0xc0
[   18.419984]  mempool_oob_right_helper+0x98/0x2f0
[   18.420023]  mempool_kmalloc_oob_right+0xc4/0x120
[   18.420064]  kunit_try_run_case+0x170/0x3f0
[   18.420105]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.420150]  kthread+0x328/0x630
[   18.420182]  ret_from_fork+0x10/0x20
[   18.420219] 
[   18.420239] The buggy address belongs to the object at fff00000c46f7f00
[   18.420239]  which belongs to the cache kmalloc-128 of size 128
[   18.420301] The buggy address is located 0 bytes to the right of
[   18.420301]  allocated 115-byte region [fff00000c46f7f00, fff00000c46f7f73)
[   18.420366] 
[   18.420389] The buggy address belongs to the physical page:
[   18.420424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046f7
[   18.420482] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.420537] page_type: f5(slab)
[   18.420580] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.420632] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   18.420674] page dumped because: kasan: bad access detected
[   18.420718] 
[   18.420736] Memory state around the buggy address:
[   18.420769]  fff00000c46f7e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.420814]  fff00000c46f7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.420858] >fff00000c46f7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.420898]                                                              ^
[   18.420944]  fff00000c46f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.420988]  fff00000c46f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.421028] ==================================================================
[   18.478948] ==================================================================
[   18.479038] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   18.479114] Read of size 1 at addr fff00000c65822bb by task kunit_try_catch/225
[   18.479166] 
[   18.479210] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   18.479358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.479385] Hardware name: linux,dummy-virt (DT)
[   18.479419] Call trace:
[   18.479445]  show_stack+0x20/0x38 (C)
[   18.479497]  dump_stack_lvl+0x8c/0xd0
[   18.479549]  print_report+0x118/0x5d0
[   18.479596]  kasan_report+0xdc/0x128
[   18.479641]  __asan_report_load1_noabort+0x20/0x30
[   18.479692]  mempool_oob_right_helper+0x2ac/0x2f0
[   18.479751]  mempool_slab_oob_right+0xc0/0x118
[   18.479799]  kunit_try_run_case+0x170/0x3f0
[   18.479851]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.479903]  kthread+0x328/0x630
[   18.479946]  ret_from_fork+0x10/0x20
[   18.479994] 
[   18.480012] Allocated by task 225:
[   18.480042]  kasan_save_stack+0x3c/0x68
[   18.480085]  kasan_save_track+0x20/0x40
[   18.480123]  kasan_save_alloc_info+0x40/0x58
[   18.480163]  __kasan_mempool_unpoison_object+0xbc/0x180
[   18.480207]  remove_element+0x16c/0x1f8
[   18.480246]  mempool_alloc_preallocated+0x58/0xc0
[   18.480287]  mempool_oob_right_helper+0x98/0x2f0
[   18.480325]  mempool_slab_oob_right+0xc0/0x118
[   18.480363]  kunit_try_run_case+0x170/0x3f0
[   18.480401]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.480443]  kthread+0x328/0x630
[   18.480475]  ret_from_fork+0x10/0x20
[   18.480512] 
[   18.480531] The buggy address belongs to the object at fff00000c6582240
[   18.480531]  which belongs to the cache test_cache of size 123
[   18.480590] The buggy address is located 0 bytes to the right of
[   18.480590]  allocated 123-byte region [fff00000c6582240, fff00000c65822bb)
[   18.480654] 
[   18.480675] The buggy address belongs to the physical page:
[   18.480720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106582
[   18.480776] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.480827] page_type: f5(slab)
[   18.480865] raw: 0bfffe0000000000 fff00000c3e3edc0 dead000000000122 0000000000000000
[   18.480919] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   18.480960] page dumped because: kasan: bad access detected
[   18.480992] 
[   18.481009] Memory state around the buggy address:
[   18.481041]  fff00000c6582180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.481085]  fff00000c6582200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   18.481129] >fff00000c6582280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   18.481167]                                         ^
[   18.481198]  fff00000c6582300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.481241]  fff00000c6582380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.481281] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhPau2yAblffjobEYDaYG9UHu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhPau2yAblffjobEYDaYG9UHu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/Image.gz
sha256sum	2b0debcad36297881bc624782cf0edc33acb46b91709a8f0c31c1d114a03cebe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/modules.tar.xz
sha256sum	0b414e42fe2c93d65e38e631ab86e7681d93e88e3b96220c05e8c582fa2dd427

durations

tests

boot	0
kunit	186.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.980440] ==================================================================
[   13.980896] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.981400] Read of size 1 at addr ffff88810307d273 by task kunit_try_catch/238
[   13.982083] 
[   13.982271] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   13.982328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.982359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.982382] Call Trace:
[   13.982396]  <TASK>
[   13.982415]  dump_stack_lvl+0x73/0xb0
[   13.982664]  print_report+0xd1/0x610
[   13.982693]  ? __virt_addr_valid+0x1db/0x2d0
[   13.982721]  ? mempool_oob_right_helper+0x318/0x380
[   13.982748]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.982789]  ? mempool_oob_right_helper+0x318/0x380
[   13.982816]  kasan_report+0x141/0x180
[   13.982840]  ? mempool_oob_right_helper+0x318/0x380
[   13.982871]  __asan_report_load1_noabort+0x18/0x20
[   13.982899]  mempool_oob_right_helper+0x318/0x380
[   13.982926]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.982955]  ? __kasan_check_write+0x18/0x20
[   13.982989]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.983015]  ? finish_task_switch.isra.0+0x153/0x700
[   13.983045]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.983072]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   13.983102]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.983131]  ? __pfx_mempool_kfree+0x10/0x10
[   13.983159]  ? __pfx_read_tsc+0x10/0x10
[   13.983187]  ? ktime_get_ts64+0x86/0x230
[   13.983214]  kunit_try_run_case+0x1a5/0x480
[   13.983243]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.983268]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.983297]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.983322]  ? __kthread_parkme+0x82/0x180
[   13.983346]  ? preempt_count_sub+0x50/0x80
[   13.983372]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.983398]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.983424]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.983450]  kthread+0x337/0x6f0
[   13.983471]  ? trace_preempt_on+0x20/0xc0
[   13.983497]  ? __pfx_kthread+0x10/0x10
[   13.983519]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.983543]  ? calculate_sigpending+0x7b/0xa0
[   13.983570]  ? __pfx_kthread+0x10/0x10
[   13.983593]  ret_from_fork+0x116/0x1d0
[   13.983613]  ? __pfx_kthread+0x10/0x10
[   13.983635]  ret_from_fork_asm+0x1a/0x30
[   13.983668]  </TASK>
[   13.983680] 
[   13.997061] Allocated by task 238:
[   13.997313]  kasan_save_stack+0x45/0x70
[   13.997615]  kasan_save_track+0x18/0x40
[   13.997875]  kasan_save_alloc_info+0x3b/0x50
[   13.998172]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.998392]  remove_element+0x11e/0x190
[   13.998809]  mempool_alloc_preallocated+0x4d/0x90
[   13.999167]  mempool_oob_right_helper+0x8a/0x380
[   13.999522]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.999724]  kunit_try_run_case+0x1a5/0x480
[   14.000360]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.000790]  kthread+0x337/0x6f0
[   14.000958]  ret_from_fork+0x116/0x1d0
[   14.001300]  ret_from_fork_asm+0x1a/0x30
[   14.001573] 
[   14.001655] The buggy address belongs to the object at ffff88810307d200
[   14.001655]  which belongs to the cache kmalloc-128 of size 128
[   14.002544] The buggy address is located 0 bytes to the right of
[   14.002544]  allocated 115-byte region [ffff88810307d200, ffff88810307d273)
[   14.003078] 
[   14.003418] The buggy address belongs to the physical page:
[   14.003702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10307d
[   14.004361] flags: 0x200000000000000(node=0|zone=2)
[   14.004595] page_type: f5(slab)
[   14.005055] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   14.005390] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   14.005949] page dumped because: kasan: bad access detected
[   14.006376] 
[   14.006467] Memory state around the buggy address:
[   14.006813]  ffff88810307d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.007227]  ffff88810307d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.007666] >ffff88810307d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   14.007975]                                                              ^
[   14.008576]  ffff88810307d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.009042]  ffff88810307d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   14.009417] ==================================================================
[   14.037653] ==================================================================
[   14.038817] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   14.039542] Read of size 1 at addr ffff88810307f2bb by task kunit_try_catch/242
[   14.040451] 
[   14.040708] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.040769] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.040945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.040970] Call Trace:
[   14.040983]  <TASK>
[   14.041000]  dump_stack_lvl+0x73/0xb0
[   14.041036]  print_report+0xd1/0x610
[   14.041062]  ? __virt_addr_valid+0x1db/0x2d0
[   14.041088]  ? mempool_oob_right_helper+0x318/0x380
[   14.041112]  ? kasan_complete_mode_report_info+0x2a/0x200
[   14.041136]  ? mempool_oob_right_helper+0x318/0x380
[   14.041161]  kasan_report+0x141/0x180
[   14.041183]  ? mempool_oob_right_helper+0x318/0x380
[   14.041213]  __asan_report_load1_noabort+0x18/0x20
[   14.041240]  mempool_oob_right_helper+0x318/0x380
[   14.041266]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   14.041290]  ? update_load_avg+0x1be/0x21b0
[   14.041319]  ? finish_task_switch.isra.0+0x153/0x700
[   14.041347]  mempool_slab_oob_right+0xed/0x140
[   14.041373]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   14.041399]  ? __kasan_check_write+0x18/0x20
[   14.041420]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   14.041463]  ? __pfx_mempool_free_slab+0x10/0x10
[   14.041490]  ? __pfx_read_tsc+0x10/0x10
[   14.041512]  ? ktime_get_ts64+0x86/0x230
[   14.041537]  kunit_try_run_case+0x1a5/0x480
[   14.041566]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.041589]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   14.041616]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.041640]  ? __kthread_parkme+0x82/0x180
[   14.041663]  ? preempt_count_sub+0x50/0x80
[   14.041686]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.041711]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.041736]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.041774]  kthread+0x337/0x6f0
[   14.041793]  ? trace_preempt_on+0x20/0xc0
[   14.041818]  ? __pfx_kthread+0x10/0x10
[   14.041838]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.041860]  ? calculate_sigpending+0x7b/0xa0
[   14.041886]  ? __pfx_kthread+0x10/0x10
[   14.041908]  ret_from_fork+0x116/0x1d0
[   14.041927]  ? __pfx_kthread+0x10/0x10
[   14.041948]  ret_from_fork_asm+0x1a/0x30
[   14.042096]  </TASK>
[   14.042107] 
[   14.059802] Allocated by task 242:
[   14.059963]  kasan_save_stack+0x45/0x70
[   14.060123]  kasan_save_track+0x18/0x40
[   14.060260]  kasan_save_alloc_info+0x3b/0x50
[   14.060412]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   14.061403]  remove_element+0x11e/0x190
[   14.061876]  mempool_alloc_preallocated+0x4d/0x90
[   14.062589]  mempool_oob_right_helper+0x8a/0x380
[   14.063138]  mempool_slab_oob_right+0xed/0x140
[   14.063788]  kunit_try_run_case+0x1a5/0x480
[   14.064308]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.064938]  kthread+0x337/0x6f0
[   14.065297]  ret_from_fork+0x116/0x1d0
[   14.065454]  ret_from_fork_asm+0x1a/0x30
[   14.065935] 
[   14.066113] The buggy address belongs to the object at ffff88810307f240
[   14.066113]  which belongs to the cache test_cache of size 123
[   14.067368] The buggy address is located 0 bytes to the right of
[   14.067368]  allocated 123-byte region [ffff88810307f240, ffff88810307f2bb)
[   14.068457] 
[   14.068542] The buggy address belongs to the physical page:
[   14.068722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10307f
[   14.068996] flags: 0x200000000000000(node=0|zone=2)
[   14.069470] page_type: f5(slab)
[   14.069820] raw: 0200000000000000 ffff888103074500 dead000000000122 0000000000000000
[   14.070674] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   14.071537] page dumped because: kasan: bad access detected
[   14.072146] 
[   14.072314] Memory state around the buggy address:
[   14.072735]  ffff88810307f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.072990]  ffff88810307f200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   14.073902] >ffff88810307f280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   14.074573]                                         ^
[   14.074822]  ffff88810307f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.075332]  ffff88810307f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.076111] ==================================================================
[   14.012841] ==================================================================
[   14.013330] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   14.014040] Read of size 1 at addr ffff888102a4e001 by task kunit_try_catch/240
[   14.014666] 
[   14.014838] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   14.014889] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.014900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.014922] Call Trace:
[   14.014935]  <TASK>
[   14.014952]  dump_stack_lvl+0x73/0xb0
[   14.015023]  print_report+0xd1/0x610
[   14.015050]  ? __virt_addr_valid+0x1db/0x2d0
[   14.015077]  ? mempool_oob_right_helper+0x318/0x380
[   14.015103]  ? kasan_addr_to_slab+0x11/0xa0
[   14.015126]  ? mempool_oob_right_helper+0x318/0x380
[   14.015155]  kasan_report+0x141/0x180
[   14.015183]  ? mempool_oob_right_helper+0x318/0x380
[   14.015215]  __asan_report_load1_noabort+0x18/0x20
[   14.015243]  mempool_oob_right_helper+0x318/0x380
[   14.015282]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   14.015310]  ? __kasan_check_write+0x18/0x20
[   14.015353]  ? __pfx_sched_clock_cpu+0x10/0x10
[   14.015380]  ? finish_task_switch.isra.0+0x153/0x700
[   14.015408]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   14.015445]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   14.015478]  ? __pfx_mempool_kmalloc+0x10/0x10
[   14.015505]  ? __pfx_mempool_kfree+0x10/0x10
[   14.015532]  ? __pfx_read_tsc+0x10/0x10
[   14.015555]  ? ktime_get_ts64+0x86/0x230
[   14.015582]  kunit_try_run_case+0x1a5/0x480
[   14.015610]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.015635]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.015663]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.015688]  ? __kthread_parkme+0x82/0x180
[   14.015712]  ? preempt_count_sub+0x50/0x80
[   14.015737]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.015772]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.015798]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.015825]  kthread+0x337/0x6f0
[   14.015844]  ? trace_preempt_on+0x20/0xc0
[   14.015871]  ? __pfx_kthread+0x10/0x10
[   14.015892]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.015916]  ? calculate_sigpending+0x7b/0xa0
[   14.015942]  ? __pfx_kthread+0x10/0x10
[   14.015965]  ret_from_fork+0x116/0x1d0
[   14.015993]  ? __pfx_kthread+0x10/0x10
[   14.016014]  ret_from_fork_asm+0x1a/0x30
[   14.016047]  </TASK>
[   14.016057] 
[   14.026065] The buggy address belongs to the physical page:
[   14.026338] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4c
[   14.026657] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   14.026937] flags: 0x200000000000040(head|node=0|zone=2)
[   14.027321] page_type: f8(unknown)
[   14.027564] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.027942] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.028291] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   14.028522] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   14.029292] head: 0200000000000002 ffffea00040a9301 00000000ffffffff 00000000ffffffff
[   14.029627] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   14.030096] page dumped because: kasan: bad access detected
[   14.030372] 
[   14.030457] Memory state around the buggy address:
[   14.030688]  ffff888102a4df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.031078]  ffff888102a4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   14.031428] >ffff888102a4e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.031750]                    ^
[   14.031962]  ffff888102a4e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.032354]  ffff888102a4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   14.032723] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhQRPGZHbRb85n8CYDdoCjSy0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhQRPGZHbRb85n8CYDdoCjSy0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/bzImage
sha256sum	94877b9cad13014eacc1b841cafb46b2097b45d947e8687ced9818c2ce733fa2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/modules.tar.xz
sha256sum	6702e05d8ba94a91e49ea6d51a35ae017a4bc99ef9af93b264bfdbdbbf2ed2bf

durations

tests

boot	0
kunit	207.16

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit