lkft/linux-next-master - next-20250711 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 11, 2025, 10:11 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   52.820447] ==================================================================
[   52.820618] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   52.820754] Read of size 1 at addr ffff000800de6373 by task kunit_try_catch/305
[   52.827212] 
[   52.828697] CPU: 7 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   52.828754] Tainted: [B]=BAD_PAGE, [N]=TEST
[   52.828769] Hardware name: WinLink E850-96 board (DT)
[   52.828793] Call trace:
[   52.828808]  show_stack+0x20/0x38 (C)
[   52.828844]  dump_stack_lvl+0x8c/0xd0
[   52.828878]  print_report+0x118/0x5d0
[   52.828906]  kasan_report+0xdc/0x128
[   52.828933]  __asan_report_load1_noabort+0x20/0x30
[   52.828963]  mempool_oob_right_helper+0x2ac/0x2f0
[   52.828995]  mempool_kmalloc_oob_right+0xc4/0x120
[   52.829027]  kunit_try_run_case+0x170/0x3f0
[   52.829061]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.829092]  kthread+0x328/0x630
[   52.829119]  ret_from_fork+0x10/0x20
[   52.829150] 
[   52.897957] Allocated by task 305:
[   52.901346]  kasan_save_stack+0x3c/0x68
[   52.905162]  kasan_save_track+0x20/0x40
[   52.908979]  kasan_save_alloc_info+0x40/0x58
[   52.913233]  __kasan_mempool_unpoison_object+0x11c/0x180
[   52.918528]  remove_element+0x130/0x1f8
[   52.922348]  mempool_alloc_preallocated+0x58/0xc0
[   52.927035]  mempool_oob_right_helper+0x98/0x2f0
[   52.931636]  mempool_kmalloc_oob_right+0xc4/0x120
[   52.936323]  kunit_try_run_case+0x170/0x3f0
[   52.940489]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.945958]  kthread+0x328/0x630
[   52.949170]  ret_from_fork+0x10/0x20
[   52.952729] 
[   52.954207] The buggy address belongs to the object at ffff000800de6300
[   52.954207]  which belongs to the cache kmalloc-128 of size 128
[   52.966708] The buggy address is located 0 bytes to the right of
[   52.966708]  allocated 115-byte region [ffff000800de6300, ffff000800de6373)
[   52.979638] 
[   52.981118] The buggy address belongs to the physical page:
[   52.986674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880de6
[   52.994657] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   53.002298] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   53.009241] page_type: f5(slab)
[   53.012379] raw: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122
[   53.020099] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   53.027826] head: 0bfffe0000000040 ffff000800002a00 dead000000000100 dead000000000122
[   53.035634] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   53.043447] head: 0bfffe0000000001 fffffdffe0037981 00000000ffffffff 00000000ffffffff
[   53.051258] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   53.059064] page dumped because: kasan: bad access detected
[   53.064619] 
[   53.066095] Memory state around the buggy address:
[   53.070877]  ffff000800de6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.078078]  ffff000800de6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.085284] >ffff000800de6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   53.092484]                                                              ^
[   53.099345]  ffff000800de6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.106551]  ffff000800de6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   53.113753] ==================================================================
[   53.122842] ==================================================================
[   53.132678] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   53.140228] Read of size 1 at addr ffff0008078d6001 by task kunit_try_catch/307
[   53.147518] 
[   53.149005] CPU: 5 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   53.149062] Tainted: [B]=BAD_PAGE, [N]=TEST
[   53.149080] Hardware name: WinLink E850-96 board (DT)
[   53.149103] Call trace:
[   53.149115]  show_stack+0x20/0x38 (C)
[   53.149150]  dump_stack_lvl+0x8c/0xd0
[   53.149181]  print_report+0x118/0x5d0
[   53.149212]  kasan_report+0xdc/0x128
[   53.149238]  __asan_report_load1_noabort+0x20/0x30
[   53.149274]  mempool_oob_right_helper+0x2ac/0x2f0
[   53.149310]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   53.149344]  kunit_try_run_case+0x170/0x3f0
[   53.149383]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.149415]  kthread+0x328/0x630
[   53.149446]  ret_from_fork+0x10/0x20
[   53.149484] 
[   53.218787] The buggy address belongs to the physical page:
[   53.224345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8878d4
[   53.232328] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   53.239966] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   53.246910] page_type: f8(unknown)
[   53.250308] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   53.258026] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   53.265754] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   53.273564] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   53.281377] head: 0bfffe0000000002 fffffdffe01e3501 00000000ffffffff 00000000ffffffff
[   53.289189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   53.296994] page dumped because: kasan: bad access detected
[   53.302550] 
[   53.304025] Memory state around the buggy address:
[   53.308804]  ffff0008078d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.316008]  ffff0008078d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.323215] >ffff0008078d6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   53.330414]                    ^
[   53.333630]  ffff0008078d6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   53.340835]  ffff0008078d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   53.348035] ==================================================================
[   53.357540] ==================================================================
[   53.367486] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   53.375032] Read of size 1 at addr ffff0008084ed2bb by task kunit_try_catch/309
[   53.382325] 
[   53.383809] CPU: 3 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   53.383870] Tainted: [B]=BAD_PAGE, [N]=TEST
[   53.383888] Hardware name: WinLink E850-96 board (DT)
[   53.383909] Call trace:
[   53.383923]  show_stack+0x20/0x38 (C)
[   53.383959]  dump_stack_lvl+0x8c/0xd0
[   53.383993]  print_report+0x118/0x5d0
[   53.384023]  kasan_report+0xdc/0x128
[   53.384050]  __asan_report_load1_noabort+0x20/0x30
[   53.384087]  mempool_oob_right_helper+0x2ac/0x2f0
[   53.384123]  mempool_slab_oob_right+0xc0/0x118
[   53.384159]  kunit_try_run_case+0x170/0x3f0
[   53.384197]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.384234]  kthread+0x328/0x630
[   53.384264]  ret_from_fork+0x10/0x20
[   53.384299] 
[   53.452810] Allocated by task 309:
[   53.456196]  kasan_save_stack+0x3c/0x68
[   53.460013]  kasan_save_track+0x20/0x40
[   53.463832]  kasan_save_alloc_info+0x40/0x58
[   53.468086]  __kasan_mempool_unpoison_object+0xbc/0x180
[   53.473294]  remove_element+0x16c/0x1f8
[   53.477114]  mempool_alloc_preallocated+0x58/0xc0
[   53.481802]  mempool_oob_right_helper+0x98/0x2f0
[   53.486402]  mempool_slab_oob_right+0xc0/0x118
[   53.490829]  kunit_try_run_case+0x170/0x3f0
[   53.494995]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.500464]  kthread+0x328/0x630
[   53.503675]  ret_from_fork+0x10/0x20
[   53.507235] 
[   53.508712] The buggy address belongs to the object at ffff0008084ed240
[   53.508712]  which belongs to the cache test_cache of size 123
[   53.521126] The buggy address is located 0 bytes to the right of
[   53.521126]  allocated 123-byte region [ffff0008084ed240, ffff0008084ed2bb)
[   53.534057] 
[   53.535536] The buggy address belongs to the physical page:
[   53.541092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8884ed
[   53.549077] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   53.555586] page_type: f5(slab)
[   53.558722] raw: 0bfffe0000000000 ffff0008019cc140 dead000000000122 0000000000000000
[   53.566442] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   53.574161] page dumped because: kasan: bad access detected
[   53.579716] 
[   53.581191] Memory state around the buggy address:
[   53.585975]  ffff0008084ed180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.593176]  ffff0008084ed200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   53.600381] >ffff0008084ed280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   53.607580]                                         ^
[   53.612619]  ffff0008084ed300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.619823]  ffff0008084ed380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.627025] ==================================================================

Metadata Full log Test run details

[   32.364085] ==================================================================
[   32.364167] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.364253] Read of size 1 at addr fff00000c99f0573 by task kunit_try_catch/252
[   32.364307] 
[   32.364369] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   32.364463] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.364491] Hardware name: linux,dummy-virt (DT)
[   32.364525] Call trace:
[   32.364552]  show_stack+0x20/0x38 (C)
[   32.364605]  dump_stack_lvl+0x8c/0xd0
[   32.364655]  print_report+0x118/0x5d0
[   32.364699]  kasan_report+0xdc/0x128
[   32.364742]  __asan_report_load1_noabort+0x20/0x30
[   32.364791]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.364840]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.364889]  kunit_try_run_case+0x170/0x3f0
[   32.364941]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.364991]  kthread+0x328/0x630
[   32.365035]  ret_from_fork+0x10/0x20
[   32.365085] 
[   32.365104] Allocated by task 252:
[   32.365134]  kasan_save_stack+0x3c/0x68
[   32.365179]  kasan_save_track+0x20/0x40
[   32.365220]  kasan_save_alloc_info+0x40/0x58
[   32.365260]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.365306]  remove_element+0x130/0x1f8
[   32.365358]  mempool_alloc_preallocated+0x58/0xc0
[   32.365621]  mempool_oob_right_helper+0x98/0x2f0
[   32.365672]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.365712]  kunit_try_run_case+0x170/0x3f0
[   32.365751]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.365794]  kthread+0x328/0x630
[   32.365828]  ret_from_fork+0x10/0x20
[   32.365864] 
[   32.365885] The buggy address belongs to the object at fff00000c99f0500
[   32.365885]  which belongs to the cache kmalloc-128 of size 128
[   32.365945] The buggy address is located 0 bytes to the right of
[   32.365945]  allocated 115-byte region [fff00000c99f0500, fff00000c99f0573)
[   32.366009] 
[   32.366030] The buggy address belongs to the physical page:
[   32.366065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1099f0
[   32.366124] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.366177] page_type: f5(slab)
[   32.366221] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.366270] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.366312] page dumped because: kasan: bad access detected
[   32.366360] 
[   32.366378] Memory state around the buggy address:
[   32.366415]  fff00000c99f0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.366459]  fff00000c99f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.366503] >fff00000c99f0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.366539]                                                              ^
[   32.366580]  fff00000c99f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.366620]  fff00000c99f0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.366659] ==================================================================
[   32.388103] ==================================================================
[   32.388174] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.388236] Read of size 1 at addr fff00000c9ad12bb by task kunit_try_catch/256
[   32.388288] 
[   32.388343] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   32.388431] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.388457] Hardware name: linux,dummy-virt (DT)
[   32.388487] Call trace:
[   32.388512]  show_stack+0x20/0x38 (C)
[   32.388561]  dump_stack_lvl+0x8c/0xd0
[   32.388608]  print_report+0x118/0x5d0
[   32.388650]  kasan_report+0xdc/0x128
[   32.388694]  __asan_report_load1_noabort+0x20/0x30
[   32.388743]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.388791]  mempool_slab_oob_right+0xc0/0x118
[   32.388838]  kunit_try_run_case+0x170/0x3f0
[   32.388888]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.388936]  kthread+0x328/0x630
[   32.388979]  ret_from_fork+0x10/0x20
[   32.389025] 
[   32.389044] Allocated by task 256:
[   32.389076]  kasan_save_stack+0x3c/0x68
[   32.389118]  kasan_save_track+0x20/0x40
[   32.389155]  kasan_save_alloc_info+0x40/0x58
[   32.389193]  __kasan_mempool_unpoison_object+0xbc/0x180
[   32.389237]  remove_element+0x16c/0x1f8
[   32.389277]  mempool_alloc_preallocated+0x58/0xc0
[   32.389317]  mempool_oob_right_helper+0x98/0x2f0
[   32.389396]  mempool_slab_oob_right+0xc0/0x118
[   32.389508]  kunit_try_run_case+0x170/0x3f0
[   32.389548]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.389589]  kthread+0x328/0x630
[   32.389622]  ret_from_fork+0x10/0x20
[   32.389668] 
[   32.389689] The buggy address belongs to the object at fff00000c9ad1240
[   32.389689]  which belongs to the cache test_cache of size 123
[   32.389749] The buggy address is located 0 bytes to the right of
[   32.389749]  allocated 123-byte region [fff00000c9ad1240, fff00000c9ad12bb)
[   32.389961] 
[   32.389985] The buggy address belongs to the physical page:
[   32.390031] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ad1
[   32.390239] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.390422] page_type: f5(slab)
[   32.390482] raw: 0bfffe0000000000 fff00000c5d1f8c0 dead000000000122 0000000000000000
[   32.390531] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   32.390573] page dumped because: kasan: bad access detected
[   32.390614] 
[   32.390632] Memory state around the buggy address:
[   32.390664]  fff00000c9ad1180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.390777]  fff00000c9ad1200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   32.390822] >fff00000c9ad1280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   32.390912]                                         ^
[   32.390945]  fff00000c9ad1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.391084]  fff00000c9ad1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.391123] ==================================================================
[   32.376400] ==================================================================
[   32.376478] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.376544] Read of size 1 at addr fff00000c9b66001 by task kunit_try_catch/254
[   32.376595] 
[   32.376633] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   32.376831] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.377111] Hardware name: linux,dummy-virt (DT)
[   32.377150] Call trace:
[   32.377182]  show_stack+0x20/0x38 (C)
[   32.377284]  dump_stack_lvl+0x8c/0xd0
[   32.377350]  print_report+0x118/0x5d0
[   32.377396]  kasan_report+0xdc/0x128
[   32.377438]  __asan_report_load1_noabort+0x20/0x30
[   32.377493]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.377603]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   32.377767]  kunit_try_run_case+0x170/0x3f0
[   32.377843]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.377893]  kthread+0x328/0x630
[   32.377943]  ret_from_fork+0x10/0x20
[   32.378160] 
[   32.378211] The buggy address belongs to the physical page:
[   32.378269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b64
[   32.378336] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.378386] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.378442] page_type: f8(unknown)
[   32.378486] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.378988] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.379107] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.379226] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.379292] head: 0bfffe0000000002 ffffc1ffc326d901 00000000ffffffff 00000000ffffffff
[   32.379350] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.379391] page dumped because: kasan: bad access detected
[   32.379437] 
[   32.379456] Memory state around the buggy address:
[   32.379490]  fff00000c9b65f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.379775]  fff00000c9b65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.379861] >fff00000c9b66000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.379899]                    ^
[   32.379954]  fff00000c9b66080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.380046]  fff00000c9b66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.380085] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizOeD8Jm6gvF6WEX3HpY0Yiv3

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizOeD8Jm6gvF6WEX3HpY0Yiv3

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/Image.gz
sha256sum	37d9d8f3bf88d1e931fe46cf36571593b5a433a5d7333af6ff92cab414d2ee0c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/modules.tar.xz
sha256sum	f716ec16fb4ddf54116cb1eb73ee916ed3bd359ff95e4d969af9a161c3cb0a9f

durations

tests

boot	0
kunit	172.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.290149] ==================================================================
[   25.291013] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.291545] Read of size 1 at addr ffff88810613c2bb by task kunit_try_catch/275
[   25.292025] 
[   25.292147] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   25.292204] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.292217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.292241] Call Trace:
[   25.292256]  <TASK>
[   25.292275]  dump_stack_lvl+0x73/0xb0
[   25.292308]  print_report+0xd1/0x610
[   25.292338]  ? __virt_addr_valid+0x1db/0x2d0
[   25.292364]  ? mempool_oob_right_helper+0x318/0x380
[   25.292387]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.292757]  ? mempool_oob_right_helper+0x318/0x380
[   25.292789]  kasan_report+0x141/0x180
[   25.292813]  ? mempool_oob_right_helper+0x318/0x380
[   25.292840]  __asan_report_load1_noabort+0x18/0x20
[   25.292865]  mempool_oob_right_helper+0x318/0x380
[   25.292890]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.292916]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.292940]  ? finish_task_switch.isra.0+0x153/0x700
[   25.292965]  mempool_slab_oob_right+0xed/0x140
[   25.292989]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   25.293015]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   25.293040]  ? __pfx_mempool_free_slab+0x10/0x10
[   25.293065]  ? __pfx_read_tsc+0x10/0x10
[   25.293088]  ? ktime_get_ts64+0x86/0x230
[   25.293113]  kunit_try_run_case+0x1a5/0x480
[   25.293137]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.293157]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.293182]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.293205]  ? __kthread_parkme+0x82/0x180
[   25.293226]  ? preempt_count_sub+0x50/0x80
[   25.293249]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.293288]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.293315]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.293340]  kthread+0x337/0x6f0
[   25.293360]  ? trace_preempt_on+0x20/0xc0
[   25.293385]  ? __pfx_kthread+0x10/0x10
[   25.293406]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.293435]  ? calculate_sigpending+0x7b/0xa0
[   25.293461]  ? __pfx_kthread+0x10/0x10
[   25.293483]  ret_from_fork+0x116/0x1d0
[   25.293502]  ? __pfx_kthread+0x10/0x10
[   25.293525]  ret_from_fork_asm+0x1a/0x30
[   25.293556]  </TASK>
[   25.293568] 
[   25.306128] Allocated by task 275:
[   25.306461]  kasan_save_stack+0x45/0x70
[   25.306783]  kasan_save_track+0x18/0x40
[   25.307062]  kasan_save_alloc_info+0x3b/0x50
[   25.307441]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   25.307813]  remove_element+0x11e/0x190
[   25.308087]  mempool_alloc_preallocated+0x4d/0x90
[   25.308313]  mempool_oob_right_helper+0x8a/0x380
[   25.308788]  mempool_slab_oob_right+0xed/0x140
[   25.309096]  kunit_try_run_case+0x1a5/0x480
[   25.309575]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.310023]  kthread+0x337/0x6f0
[   25.310173]  ret_from_fork+0x116/0x1d0
[   25.310318]  ret_from_fork_asm+0x1a/0x30
[   25.310455] 
[   25.310523] The buggy address belongs to the object at ffff88810613c240
[   25.310523]  which belongs to the cache test_cache of size 123
[   25.310961] The buggy address is located 0 bytes to the right of
[   25.310961]  allocated 123-byte region [ffff88810613c240, ffff88810613c2bb)
[   25.311590] 
[   25.311796] The buggy address belongs to the physical page:
[   25.312390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c
[   25.312949] flags: 0x200000000000000(node=0|zone=2)
[   25.313116] page_type: f5(slab)
[   25.313236] raw: 0200000000000000 ffff888101590780 dead000000000122 0000000000000000
[   25.314000] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   25.314757] page dumped because: kasan: bad access detected
[   25.315236] 
[   25.315316] Memory state around the buggy address:
[   25.315492]  ffff88810613c180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.316229]  ffff88810613c200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   25.316836] >ffff88810613c280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   25.317312]                                         ^
[   25.317751]  ffff88810613c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.318450]  ffff88810613c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.319110] ==================================================================
[   25.232991] ==================================================================
[   25.233410] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.234008] Read of size 1 at addr ffff888105745573 by task kunit_try_catch/271
[   25.234234] 
[   25.234327] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   25.234385] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.234623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.234854] Call Trace:
[   25.234872]  <TASK>
[   25.234927]  dump_stack_lvl+0x73/0xb0
[   25.234967]  print_report+0xd1/0x610
[   25.234990]  ? __virt_addr_valid+0x1db/0x2d0
[   25.235017]  ? mempool_oob_right_helper+0x318/0x380
[   25.235044]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.235072]  ? mempool_oob_right_helper+0x318/0x380
[   25.235096]  kasan_report+0x141/0x180
[   25.235118]  ? mempool_oob_right_helper+0x318/0x380
[   25.235146]  __asan_report_load1_noabort+0x18/0x20
[   25.235170]  mempool_oob_right_helper+0x318/0x380
[   25.235194]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.235220]  ? __kasan_check_write+0x18/0x20
[   25.235245]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.235446]  ? finish_task_switch.isra.0+0x153/0x700
[   25.235484]  mempool_kmalloc_oob_right+0xf2/0x150
[   25.235510]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   25.235536]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.235562]  ? __pfx_mempool_kfree+0x10/0x10
[   25.235586]  ? __pfx_read_tsc+0x10/0x10
[   25.235610]  ? ktime_get_ts64+0x86/0x230
[   25.235633]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   25.235662]  kunit_try_run_case+0x1a5/0x480
[   25.235687]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.235707]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.235742]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.235765]  ? __kthread_parkme+0x82/0x180
[   25.235786]  ? preempt_count_sub+0x50/0x80
[   25.235809]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.235830]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.235855]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.235881]  kthread+0x337/0x6f0
[   25.235901]  ? trace_preempt_on+0x20/0xc0
[   25.235925]  ? __pfx_kthread+0x10/0x10
[   25.235946]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.235968]  ? calculate_sigpending+0x7b/0xa0
[   25.235993]  ? __pfx_kthread+0x10/0x10
[   25.236015]  ret_from_fork+0x116/0x1d0
[   25.236034]  ? __pfx_kthread+0x10/0x10
[   25.236055]  ret_from_fork_asm+0x1a/0x30
[   25.236087]  </TASK>
[   25.236100] 
[   25.248842] Allocated by task 271:
[   25.249022]  kasan_save_stack+0x45/0x70
[   25.249224]  kasan_save_track+0x18/0x40
[   25.249758]  kasan_save_alloc_info+0x3b/0x50
[   25.249998]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   25.250423]  remove_element+0x11e/0x190
[   25.250745]  mempool_alloc_preallocated+0x4d/0x90
[   25.250986]  mempool_oob_right_helper+0x8a/0x380
[   25.251345]  mempool_kmalloc_oob_right+0xf2/0x150
[   25.251720]  kunit_try_run_case+0x1a5/0x480
[   25.251949]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.252188]  kthread+0x337/0x6f0
[   25.252380]  ret_from_fork+0x116/0x1d0
[   25.252606]  ret_from_fork_asm+0x1a/0x30
[   25.252847] 
[   25.253084] The buggy address belongs to the object at ffff888105745500
[   25.253084]  which belongs to the cache kmalloc-128 of size 128
[   25.253754] The buggy address is located 0 bytes to the right of
[   25.253754]  allocated 115-byte region [ffff888105745500, ffff888105745573)
[   25.254397] 
[   25.254532] The buggy address belongs to the physical page:
[   25.254803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745
[   25.255150] flags: 0x200000000000000(node=0|zone=2)
[   25.255459] page_type: f5(slab)
[   25.255685] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.256040] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.256442] page dumped because: kasan: bad access detected
[   25.256753] 
[   25.256818] Memory state around the buggy address:
[   25.257075]  ffff888105745400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.257692]  ffff888105745480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.258005] >ffff888105745500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.258319]                                                              ^
[   25.258709]  ffff888105745580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.258986]  ffff888105745600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.259404] ==================================================================
[   25.264070] ==================================================================
[   25.264645] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.265259] Read of size 1 at addr ffff888102baa001 by task kunit_try_catch/273
[   25.265661] 
[   25.265788] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   25.265845] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.265857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.265881] Call Trace:
[   25.265896]  <TASK>
[   25.265915]  dump_stack_lvl+0x73/0xb0
[   25.265951]  print_report+0xd1/0x610
[   25.265975]  ? __virt_addr_valid+0x1db/0x2d0
[   25.266000]  ? mempool_oob_right_helper+0x318/0x380
[   25.266028]  ? kasan_addr_to_slab+0x11/0xa0
[   25.266050]  ? mempool_oob_right_helper+0x318/0x380
[   25.266074]  kasan_report+0x141/0x180
[   25.266096]  ? mempool_oob_right_helper+0x318/0x380
[   25.266124]  __asan_report_load1_noabort+0x18/0x20
[   25.266148]  mempool_oob_right_helper+0x318/0x380
[   25.266172]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.266197]  ? __kasan_check_write+0x18/0x20
[   25.266220]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.266244]  ? finish_task_switch.isra.0+0x153/0x700
[   25.266620]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   25.266657]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   25.266684]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.266710]  ? __pfx_mempool_kfree+0x10/0x10
[   25.266748]  ? __pfx_read_tsc+0x10/0x10
[   25.266772]  ? ktime_get_ts64+0x86/0x230
[   25.266798]  kunit_try_run_case+0x1a5/0x480
[   25.266823]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.266843]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.266869]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.266893]  ? __kthread_parkme+0x82/0x180
[   25.266914]  ? preempt_count_sub+0x50/0x80
[   25.266938]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.266961]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.266987]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.267011]  kthread+0x337/0x6f0
[   25.267032]  ? trace_preempt_on+0x20/0xc0
[   25.267057]  ? __pfx_kthread+0x10/0x10
[   25.267077]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.267100]  ? calculate_sigpending+0x7b/0xa0
[   25.267125]  ? __pfx_kthread+0x10/0x10
[   25.267147]  ret_from_fork+0x116/0x1d0
[   25.267167]  ? __pfx_kthread+0x10/0x10
[   25.267188]  ret_from_fork_asm+0x1a/0x30
[   25.267220]  </TASK>
[   25.267234] 
[   25.278454] The buggy address belongs to the physical page:
[   25.278753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba8
[   25.279066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.279352] flags: 0x200000000000040(head|node=0|zone=2)
[   25.279677] page_type: f8(unknown)
[   25.279856] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.280114] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.280661] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.281022] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.281284] head: 0200000000000002 ffffea00040aea01 00000000ffffffff 00000000ffffffff
[   25.281902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.282360] page dumped because: kasan: bad access detected
[   25.282610] 
[   25.282675] Memory state around the buggy address:
[   25.283090]  ffff888102ba9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.283530]  ffff888102ba9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.283780] >ffff888102baa000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.284340]                    ^
[   25.284598]  ffff888102baa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.284885]  ffff888102baa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.285140] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizPosnQ5rY23goGLqjSSGUMDT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizPosnQ5rY23goGLqjSSGUMDT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/bzImage
sha256sum	0b86f8183e71d185ecf48e91daf338a38748221ed84c99d5fcc0aff2fb4fe4d2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/modules.tar.xz
sha256sum	1cecf8a22d53cbe6f1135ddb095fc53e6fe8ebbda902547c47910320c1d5aa61

durations

tests

boot	0
kunit	220.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit