lkft/linux-next-master - next-20250714 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 14, 2025, 10:38 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   51.822388] ==================================================================
[   51.832329] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   51.839880] Read of size 1 at addr ffff000804a82001 by task kunit_try_catch/307
[   51.847169] 
[   51.848657] CPU: 3 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   51.848713] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.848730] Hardware name: WinLink E850-96 board (DT)
[   51.848750] Call trace:
[   51.848765]  show_stack+0x20/0x38 (C)
[   51.848803]  dump_stack_lvl+0x8c/0xd0
[   51.848839]  print_report+0x118/0x5d0
[   51.848868]  kasan_report+0xdc/0x128
[   51.848895]  __asan_report_load1_noabort+0x20/0x30
[   51.848929]  mempool_oob_right_helper+0x2ac/0x2f0
[   51.848962]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   51.849000]  kunit_try_run_case+0x170/0x3f0
[   51.849039]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.849072]  kthread+0x328/0x630
[   51.849102]  ret_from_fork+0x10/0x20
[   51.849139] 
[   51.918440] The buggy address belongs to the physical page:
[   51.923996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x884a80
[   51.931979] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   51.939619] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   51.946562] page_type: f8(unknown)
[   51.949957] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   51.957678] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   51.965404] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   51.973216] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   51.981029] head: 0bfffe0000000002 fffffdffe012a001 00000000ffffffff 00000000ffffffff
[   51.988840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   51.996647] page dumped because: kasan: bad access detected
[   52.002202] 
[   52.003679] Memory state around the buggy address:
[   52.008457]  ffff000804a81f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.015660]  ffff000804a81f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.022866] >ffff000804a82000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   52.030066]                    ^
[   52.033281]  ffff000804a82080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   52.040486]  ffff000804a82100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   52.047688] ==================================================================
[   52.057098] ==================================================================
[   52.067140] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   52.074684] Read of size 1 at addr ffff0008088082bb by task kunit_try_catch/309
[   52.081975] 
[   52.083462] CPU: 6 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   52.083520] Tainted: [B]=BAD_PAGE, [N]=TEST
[   52.083536] Hardware name: WinLink E850-96 board (DT)
[   52.083557] Call trace:
[   52.083572]  show_stack+0x20/0x38 (C)
[   52.083609]  dump_stack_lvl+0x8c/0xd0
[   52.083641]  print_report+0x118/0x5d0
[   52.083669]  kasan_report+0xdc/0x128
[   52.083696]  __asan_report_load1_noabort+0x20/0x30
[   52.083732]  mempool_oob_right_helper+0x2ac/0x2f0
[   52.083767]  mempool_slab_oob_right+0xc0/0x118
[   52.083805]  kunit_try_run_case+0x170/0x3f0
[   52.083846]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.083878]  kthread+0x328/0x630
[   52.083906]  ret_from_fork+0x10/0x20
[   52.083941] 
[   52.152463] Allocated by task 309:
[   52.155847]  kasan_save_stack+0x3c/0x68
[   52.159664]  kasan_save_track+0x20/0x40
[   52.163484]  kasan_save_alloc_info+0x40/0x58
[   52.167737]  __kasan_mempool_unpoison_object+0xbc/0x180
[   52.172947]  remove_element+0x16c/0x1f8
[   52.176765]  mempool_alloc_preallocated+0x58/0xc0
[   52.181452]  mempool_oob_right_helper+0x98/0x2f0
[   52.186053]  mempool_slab_oob_right+0xc0/0x118
[   52.190480]  kunit_try_run_case+0x170/0x3f0
[   52.194647]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.200115]  kthread+0x328/0x630
[   52.203327]  ret_from_fork+0x10/0x20
[   52.206886] 
[   52.208363] The buggy address belongs to the object at ffff000808808240
[   52.208363]  which belongs to the cache test_cache of size 123
[   52.220777] The buggy address is located 0 bytes to the right of
[   52.220777]  allocated 123-byte region [ffff000808808240, ffff0008088082bb)
[   52.233709] 
[   52.235187] The buggy address belongs to the physical page:
[   52.240745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x888808
[   52.248729] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   52.255239] page_type: f5(slab)
[   52.258375] raw: 0bfffe0000000000 ffff000801e66140 dead000000000122 0000000000000000
[   52.266094] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   52.273814] page dumped because: kasan: bad access detected
[   52.279367] 
[   52.280843] Memory state around the buggy address:
[   52.285623]  ffff000808808180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.292827]  ffff000808808200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   52.300031] >ffff000808808280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   52.307232]                                         ^
[   52.312270]  ffff000808808300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.319475]  ffff000808808380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.326676] ==================================================================
[   51.519986] ==================================================================
[   51.520158] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   51.520295] Read of size 1 at addr ffff000801e0b973 by task kunit_try_catch/305
[   51.526861] 
[   51.528350] CPU: 5 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   51.528407] Tainted: [B]=BAD_PAGE, [N]=TEST
[   51.528426] Hardware name: WinLink E850-96 board (DT)
[   51.528447] Call trace:
[   51.528461]  show_stack+0x20/0x38 (C)
[   51.528499]  dump_stack_lvl+0x8c/0xd0
[   51.528532]  print_report+0x118/0x5d0
[   51.528560]  kasan_report+0xdc/0x128
[   51.528586]  __asan_report_load1_noabort+0x20/0x30
[   51.528624]  mempool_oob_right_helper+0x2ac/0x2f0
[   51.528655]  mempool_kmalloc_oob_right+0xc4/0x120
[   51.528688]  kunit_try_run_case+0x170/0x3f0
[   51.528726]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.528759]  kthread+0x328/0x630
[   51.528790]  ret_from_fork+0x10/0x20
[   51.528826] 
[   51.597607] Allocated by task 305:
[   51.600995]  kasan_save_stack+0x3c/0x68
[   51.604812]  kasan_save_track+0x20/0x40
[   51.608633]  kasan_save_alloc_info+0x40/0x58
[   51.612885]  __kasan_mempool_unpoison_object+0x11c/0x180
[   51.618180]  remove_element+0x130/0x1f8
[   51.621999]  mempool_alloc_preallocated+0x58/0xc0
[   51.626687]  mempool_oob_right_helper+0x98/0x2f0
[   51.631287]  mempool_kmalloc_oob_right+0xc4/0x120
[   51.635975]  kunit_try_run_case+0x170/0x3f0
[   51.640141]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   51.645609]  kthread+0x328/0x630
[   51.648821]  ret_from_fork+0x10/0x20
[   51.652381] 
[   51.653858] The buggy address belongs to the object at ffff000801e0b900
[   51.653858]  which belongs to the cache kmalloc-128 of size 128
[   51.666360] The buggy address is located 0 bytes to the right of
[   51.666360]  allocated 115-byte region [ffff000801e0b900, ffff000801e0b973)
[   51.679290] 
[   51.680770] The buggy address belongs to the physical page:
[   51.686326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881e0a
[   51.694309] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   51.701950] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   51.708891] page_type: f5(slab)
[   51.712029] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   51.719748] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   51.727475] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   51.735285] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   51.743098] head: 0bfffe0000000001 fffffdffe0078281 00000000ffffffff 00000000ffffffff
[   51.750910] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   51.758717] page dumped because: kasan: bad access detected
[   51.764271] 
[   51.765748] Memory state around the buggy address:
[   51.770527]  ffff000801e0b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.777730]  ffff000801e0b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.784937] >ffff000801e0b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   51.792135]                                                              ^
[   51.798996]  ffff000801e0b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.806201]  ffff000801e0ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   51.813404] ==================================================================

Metadata Full log Test run details

[   31.614404] ==================================================================
[   31.614910] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   31.615121] Read of size 1 at addr fff00000c85fc2bb by task kunit_try_catch/256
[   31.615379] 
[   31.615824] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   31.615970] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.616033] Hardware name: linux,dummy-virt (DT)
[   31.616092] Call trace:
[   31.616183]  show_stack+0x20/0x38 (C)
[   31.616278]  dump_stack_lvl+0x8c/0xd0
[   31.616365]  print_report+0x118/0x5d0
[   31.617073]  kasan_report+0xdc/0x128
[   31.617629]  __asan_report_load1_noabort+0x20/0x30
[   31.617691]  mempool_oob_right_helper+0x2ac/0x2f0
[   31.617740]  mempool_slab_oob_right+0xc0/0x118
[   31.618387]  kunit_try_run_case+0x170/0x3f0
[   31.619420]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.619481]  kthread+0x328/0x630
[   31.619823]  ret_from_fork+0x10/0x20
[   31.619882] 
[   31.619902] Allocated by task 256:
[   31.619933]  kasan_save_stack+0x3c/0x68
[   31.619976]  kasan_save_track+0x20/0x40
[   31.620016]  kasan_save_alloc_info+0x40/0x58
[   31.620065]  __kasan_mempool_unpoison_object+0xbc/0x180
[   31.621497]  remove_element+0x16c/0x1f8
[   31.621658]  mempool_alloc_preallocated+0x58/0xc0
[   31.622029]  mempool_oob_right_helper+0x98/0x2f0
[   31.622664]  mempool_slab_oob_right+0xc0/0x118
[   31.623509]  kunit_try_run_case+0x170/0x3f0
[   31.623566]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.623960]  kthread+0x328/0x630
[   31.624006]  ret_from_fork+0x10/0x20
[   31.624371] 
[   31.624414] The buggy address belongs to the object at fff00000c85fc240
[   31.624414]  which belongs to the cache test_cache of size 123
[   31.624493] The buggy address is located 0 bytes to the right of
[   31.624493]  allocated 123-byte region [fff00000c85fc240, fff00000c85fc2bb)
[   31.624619] 
[   31.624641] The buggy address belongs to the physical page:
[   31.624675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1085fc
[   31.625374] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.625872] page_type: f5(slab)
[   31.626134] raw: 0bfffe0000000000 fff00000c592e780 dead000000000122 0000000000000000
[   31.626272] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   31.626824] page dumped because: kasan: bad access detected
[   31.627318] 
[   31.627400] Memory state around the buggy address:
[   31.627562]  fff00000c85fc180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.627952]  fff00000c85fc200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   31.628719] >fff00000c85fc280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   31.628937]                                         ^
[   31.629214]  fff00000c85fc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.629432]  fff00000c85fc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.629766] ==================================================================
[   31.602900] ==================================================================
[   31.602979] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   31.603062] Read of size 1 at addr fff00000c9be2001 by task kunit_try_catch/254
[   31.603112] 
[   31.603151] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   31.603264] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.603293] Hardware name: linux,dummy-virt (DT)
[   31.603324] Call trace:
[   31.603389]  show_stack+0x20/0x38 (C)
[   31.603489]  dump_stack_lvl+0x8c/0xd0
[   31.603535]  print_report+0x118/0x5d0
[   31.603578]  kasan_report+0xdc/0x128
[   31.603619]  __asan_report_load1_noabort+0x20/0x30
[   31.603744]  mempool_oob_right_helper+0x2ac/0x2f0
[   31.603817]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   31.603966]  kunit_try_run_case+0x170/0x3f0
[   31.604179]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.604271]  kthread+0x328/0x630
[   31.604316]  ret_from_fork+0x10/0x20
[   31.604423] 
[   31.604448] The buggy address belongs to the physical page:
[   31.604483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109be0
[   31.604539] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.604591] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.604770] page_type: f8(unknown)
[   31.604857] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.605044] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.605105] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.605153] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.605202] head: 0bfffe0000000002 ffffc1ffc326f801 00000000ffffffff 00000000ffffffff
[   31.605286] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.605330] page dumped because: kasan: bad access detected
[   31.605362] 
[   31.605403] Memory state around the buggy address:
[   31.605437]  fff00000c9be1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.605481]  fff00000c9be1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.605523] >fff00000c9be2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.605561]                    ^
[   31.605592]  fff00000c9be2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.605635]  fff00000c9be2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.605674] ==================================================================
[   31.588727] ==================================================================
[   31.588813] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   31.588894] Read of size 1 at addr fff00000c6537273 by task kunit_try_catch/252
[   31.588944] 
[   31.588989] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   31.589095] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.589124] Hardware name: linux,dummy-virt (DT)
[   31.589157] Call trace:
[   31.589184]  show_stack+0x20/0x38 (C)
[   31.589236]  dump_stack_lvl+0x8c/0xd0
[   31.589285]  print_report+0x118/0x5d0
[   31.589329]  kasan_report+0xdc/0x128
[   31.589371]  __asan_report_load1_noabort+0x20/0x30
[   31.589418]  mempool_oob_right_helper+0x2ac/0x2f0
[   31.589467]  mempool_kmalloc_oob_right+0xc4/0x120
[   31.589515]  kunit_try_run_case+0x170/0x3f0
[   31.589565]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.589619]  kthread+0x328/0x630
[   31.589663]  ret_from_fork+0x10/0x20
[   31.589710] 
[   31.589729] Allocated by task 252:
[   31.589759]  kasan_save_stack+0x3c/0x68
[   31.589800]  kasan_save_track+0x20/0x40
[   31.589840]  kasan_save_alloc_info+0x40/0x58
[   31.589876]  __kasan_mempool_unpoison_object+0x11c/0x180
[   31.589918]  remove_element+0x130/0x1f8
[   31.589958]  mempool_alloc_preallocated+0x58/0xc0
[   31.589998]  mempool_oob_right_helper+0x98/0x2f0
[   31.590037]  mempool_kmalloc_oob_right+0xc4/0x120
[   31.590087]  kunit_try_run_case+0x170/0x3f0
[   31.590125]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.590166]  kthread+0x328/0x630
[   31.590199]  ret_from_fork+0x10/0x20
[   31.590235] 
[   31.590255] The buggy address belongs to the object at fff00000c6537200
[   31.590255]  which belongs to the cache kmalloc-128 of size 128
[   31.590313] The buggy address is located 0 bytes to the right of
[   31.590313]  allocated 115-byte region [fff00000c6537200, fff00000c6537273)
[   31.590377] 
[   31.590399] The buggy address belongs to the physical page:
[   31.590434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106537
[   31.590492] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.590545] page_type: f5(slab)
[   31.590588] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   31.590637] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.590680] page dumped because: kasan: bad access detected
[   31.590713] 
[   31.590731] Memory state around the buggy address:
[   31.590766]  fff00000c6537100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.590809]  fff00000c6537180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.590853] >fff00000c6537200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   31.590891]                                                              ^
[   31.590930]  fff00000c6537280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.590973]  fff00000c6537300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   31.591011] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW4gkgpPvPvyu1JhrLI5SfZ9n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW4gkgpPvPvyu1JhrLI5SfZ9n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/Image.gz
sha256sum	f1b1de68ab66795221ea7af2c885166039edc905709ae2b868dbc429ffb32d0d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/modules.tar.xz
sha256sum	94a5b5b8edfcc1ec8f65ff9d692207a782ba849df77dd9baa05c20bf5972d8f6

durations

tests

boot	0
kunit	174.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.742759] ==================================================================
[   25.743291] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.743598] Read of size 1 at addr ffff888105919673 by task kunit_try_catch/270
[   25.743960] 
[   25.744054] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   25.744113] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   25.744127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.744152] Call Trace:
[   25.744166]  <TASK>
[   25.744188]  dump_stack_lvl+0x73/0xb0
[   25.744222]  print_report+0xd1/0x610
[   25.744244]  ? __virt_addr_valid+0x1db/0x2d0
[   25.744270]  ? mempool_oob_right_helper+0x318/0x380
[   25.744292]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.744318]  ? mempool_oob_right_helper+0x318/0x380
[   25.744341]  kasan_report+0x141/0x180
[   25.744362]  ? mempool_oob_right_helper+0x318/0x380
[   25.744389]  __asan_report_load1_noabort+0x18/0x20
[   25.744412]  mempool_oob_right_helper+0x318/0x380
[   25.744435]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.744459]  ? dequeue_entities+0x23f/0x1630
[   25.744485]  ? __kasan_check_write+0x18/0x20
[   25.744508]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.744530]  ? finish_task_switch.isra.0+0x153/0x700
[   25.744557]  mempool_kmalloc_oob_right+0xf2/0x150
[   25.744580]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   25.744604]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.744630]  ? __pfx_mempool_kfree+0x10/0x10
[   25.744789]  ? __pfx_read_tsc+0x10/0x10
[   25.744848]  ? ktime_get_ts64+0x86/0x230
[   25.744874]  kunit_try_run_case+0x1a5/0x480
[   25.744900]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.744920]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.744996]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.745022]  ? __kthread_parkme+0x82/0x180
[   25.745044]  ? preempt_count_sub+0x50/0x80
[   25.745066]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.745088]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.745114]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.745138]  kthread+0x337/0x6f0
[   25.745158]  ? trace_preempt_on+0x20/0xc0
[   25.745183]  ? __pfx_kthread+0x10/0x10
[   25.745204]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.745225]  ? calculate_sigpending+0x7b/0xa0
[   25.745249]  ? __pfx_kthread+0x10/0x10
[   25.745270]  ret_from_fork+0x116/0x1d0
[   25.745290]  ? __pfx_kthread+0x10/0x10
[   25.745310]  ret_from_fork_asm+0x1a/0x30
[   25.745342]  </TASK>
[   25.745354] 
[   25.756611] Allocated by task 270:
[   25.756800]  kasan_save_stack+0x45/0x70
[   25.757387]  kasan_save_track+0x18/0x40
[   25.757531]  kasan_save_alloc_info+0x3b/0x50
[   25.757773]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   25.757974]  remove_element+0x11e/0x190
[   25.758145]  mempool_alloc_preallocated+0x4d/0x90
[   25.758356]  mempool_oob_right_helper+0x8a/0x380
[   25.758518]  mempool_kmalloc_oob_right+0xf2/0x150
[   25.758751]  kunit_try_run_case+0x1a5/0x480
[   25.758957]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.759142]  kthread+0x337/0x6f0
[   25.759305]  ret_from_fork+0x116/0x1d0
[   25.759460]  ret_from_fork_asm+0x1a/0x30
[   25.760036] 
[   25.760149] The buggy address belongs to the object at ffff888105919600
[   25.760149]  which belongs to the cache kmalloc-128 of size 128
[   25.760681] The buggy address is located 0 bytes to the right of
[   25.760681]  allocated 115-byte region [ffff888105919600, ffff888105919673)
[   25.761286] 
[   25.761716] The buggy address belongs to the physical page:
[   25.762004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919
[   25.762541] flags: 0x200000000000000(node=0|zone=2)
[   25.762897] page_type: f5(slab)
[   25.763073] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.763552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.764031] page dumped because: kasan: bad access detected
[   25.764345] 
[   25.764594] Memory state around the buggy address:
[   25.764893]  ffff888105919500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.765171]  ffff888105919580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.765689] >ffff888105919600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.766123]                                                              ^
[   25.766503]  ffff888105919680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.766844]  ffff888105919700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.767242] ==================================================================
[   25.771211] ==================================================================
[   25.771628] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.772185] Read of size 1 at addr ffff8881061b2001 by task kunit_try_catch/272
[   25.772710] 
[   25.772861] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   25.772917] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   25.772930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.772956] Call Trace:
[   25.772971]  <TASK>
[   25.772991]  dump_stack_lvl+0x73/0xb0
[   25.773026]  print_report+0xd1/0x610
[   25.773048]  ? __virt_addr_valid+0x1db/0x2d0
[   25.773073]  ? mempool_oob_right_helper+0x318/0x380
[   25.773096]  ? kasan_addr_to_slab+0x11/0xa0
[   25.773115]  ? mempool_oob_right_helper+0x318/0x380
[   25.773138]  kasan_report+0x141/0x180
[   25.773158]  ? mempool_oob_right_helper+0x318/0x380
[   25.773186]  __asan_report_load1_noabort+0x18/0x20
[   25.773209]  mempool_oob_right_helper+0x318/0x380
[   25.773232]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.773256]  ? dequeue_entities+0x23f/0x1630
[   25.773281]  ? __kasan_check_write+0x18/0x20
[   25.773303]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.773325]  ? finish_task_switch.isra.0+0x153/0x700
[   25.773351]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   25.773374]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   25.773400]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.773425]  ? __pfx_mempool_kfree+0x10/0x10
[   25.773448]  ? __pfx_read_tsc+0x10/0x10
[   25.773470]  ? ktime_get_ts64+0x86/0x230
[   25.773495]  kunit_try_run_case+0x1a5/0x480
[   25.773519]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.773539]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.773564]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.773586]  ? __kthread_parkme+0x82/0x180
[   25.773608]  ? preempt_count_sub+0x50/0x80
[   25.773630]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.773651]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.773699]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.773725]  kthread+0x337/0x6f0
[   25.773756]  ? trace_preempt_on+0x20/0xc0
[   25.773780]  ? __pfx_kthread+0x10/0x10
[   25.773800]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.773822]  ? calculate_sigpending+0x7b/0xa0
[   25.773846]  ? __pfx_kthread+0x10/0x10
[   25.773867]  ret_from_fork+0x116/0x1d0
[   25.773886]  ? __pfx_kthread+0x10/0x10
[   25.773906]  ret_from_fork_asm+0x1a/0x30
[   25.773936]  </TASK>
[   25.773958] 
[   25.784968] The buggy address belongs to the physical page:
[   25.785475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b0
[   25.786198] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.786499] flags: 0x200000000000040(head|node=0|zone=2)
[   25.786767] page_type: f8(unknown)
[   25.787164] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.787599] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.788085] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.788411] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.788886] head: 0200000000000002 ffffea0004186c01 00000000ffffffff 00000000ffffffff
[   25.789248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.789580] page dumped because: kasan: bad access detected
[   25.789812] 
[   25.789879] Memory state around the buggy address:
[   25.790454]  ffff8881061b1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.790737]  ffff8881061b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.791542] >ffff8881061b2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.791815]                    ^
[   25.791980]  ffff8881061b2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.792384]  ffff8881061b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.792684] ==================================================================
[   25.797400] ==================================================================
[   25.798543] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.799809] Read of size 1 at addr ffff888103eb42bb by task kunit_try_catch/274
[   25.801022] 
[   25.801559] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   25.801649] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   25.801763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.801791] Call Trace:
[   25.801809]  <TASK>
[   25.801831]  dump_stack_lvl+0x73/0xb0
[   25.801875]  print_report+0xd1/0x610
[   25.801900]  ? __virt_addr_valid+0x1db/0x2d0
[   25.801986]  ? mempool_oob_right_helper+0x318/0x380
[   25.802015]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.802046]  ? mempool_oob_right_helper+0x318/0x380
[   25.802070]  kasan_report+0x141/0x180
[   25.802092]  ? mempool_oob_right_helper+0x318/0x380
[   25.802119]  __asan_report_load1_noabort+0x18/0x20
[   25.802179]  mempool_oob_right_helper+0x318/0x380
[   25.802204]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.802229]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.802251]  ? finish_task_switch.isra.0+0x153/0x700
[   25.802278]  mempool_slab_oob_right+0xed/0x140
[   25.802302]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   25.802327]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   25.802352]  ? __pfx_mempool_free_slab+0x10/0x10
[   25.802377]  ? __pfx_read_tsc+0x10/0x10
[   25.802398]  ? ktime_get_ts64+0x86/0x230
[   25.802422]  kunit_try_run_case+0x1a5/0x480
[   25.802446]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.802466]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.802490]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.802514]  ? __kthread_parkme+0x82/0x180
[   25.802535]  ? preempt_count_sub+0x50/0x80
[   25.802557]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.802579]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.802604]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.802629]  kthread+0x337/0x6f0
[   25.802652]  ? trace_preempt_on+0x20/0xc0
[   25.802690]  ? __pfx_kthread+0x10/0x10
[   25.802713]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.802760]  ? calculate_sigpending+0x7b/0xa0
[   25.802785]  ? __pfx_kthread+0x10/0x10
[   25.802807]  ret_from_fork+0x116/0x1d0
[   25.802826]  ? __pfx_kthread+0x10/0x10
[   25.802846]  ret_from_fork_asm+0x1a/0x30
[   25.802878]  </TASK>
[   25.802889] 
[   25.818555] Allocated by task 274:
[   25.818785]  kasan_save_stack+0x45/0x70
[   25.818971]  kasan_save_track+0x18/0x40
[   25.819487]  kasan_save_alloc_info+0x3b/0x50
[   25.819699]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   25.819900]  remove_element+0x11e/0x190
[   25.820177]  mempool_alloc_preallocated+0x4d/0x90
[   25.820385]  mempool_oob_right_helper+0x8a/0x380
[   25.820550]  mempool_slab_oob_right+0xed/0x140
[   25.820803]  kunit_try_run_case+0x1a5/0x480
[   25.821055]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.821256]  kthread+0x337/0x6f0
[   25.821600]  ret_from_fork+0x116/0x1d0
[   25.821829]  ret_from_fork_asm+0x1a/0x30
[   25.821966] 
[   25.822065] The buggy address belongs to the object at ffff888103eb4240
[   25.822065]  which belongs to the cache test_cache of size 123
[   25.822627] The buggy address is located 0 bytes to the right of
[   25.822627]  allocated 123-byte region [ffff888103eb4240, ffff888103eb42bb)
[   25.823386] 
[   25.823491] The buggy address belongs to the physical page:
[   25.823757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb4
[   25.824041] flags: 0x200000000000000(node=0|zone=2)
[   25.824233] page_type: f5(slab)
[   25.824422] raw: 0200000000000000 ffff888103eb1140 dead000000000122 0000000000000000
[   25.824981] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   25.825950] page dumped because: kasan: bad access detected
[   25.826148] 
[   25.826214] Memory state around the buggy address:
[   25.826365]  ffff888103eb4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.826571]  ffff888103eb4200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   25.826784] >ffff888103eb4280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   25.826983]                                         ^
[   25.827134]  ffff888103eb4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.827333]  ffff888103eb4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.827532] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW5XeyUzOSFr9BpBP7b7OYkHS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW5XeyUzOSFr9BpBP7b7OYkHS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/bzImage
sha256sum	4565f21e261caec61f0904b87ff9eab2fa750b37970854db3ef378370e96c96a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/modules.tar.xz
sha256sum	25191cedf68988510c88d39b245d9f83740d3133c412cf5e2b129a6de7adb415

durations

tests

boot	0
kunit	230.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit