lkft/linux-next-master - next-20250715 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   53.277156] ==================================================================
[   53.287105] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   53.294653] Read of size 1 at addr ffff0008086382bb by task kunit_try_catch/306
[   53.301941] 
[   53.303428] CPU: 5 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   53.303489] Tainted: [B]=BAD_PAGE, [N]=TEST
[   53.303507] Hardware name: WinLink E850-96 board (DT)
[   53.303531] Call trace:
[   53.303545]  show_stack+0x20/0x38 (C)
[   53.303581]  dump_stack_lvl+0x8c/0xd0
[   53.303616]  print_report+0x118/0x5d0
[   53.303646]  kasan_report+0xdc/0x128
[   53.303673]  __asan_report_load1_noabort+0x20/0x30
[   53.303707]  mempool_oob_right_helper+0x2ac/0x2f0
[   53.303742]  mempool_slab_oob_right+0xc0/0x118
[   53.303775]  kunit_try_run_case+0x170/0x3f0
[   53.303807]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.303842]  kthread+0x328/0x630
[   53.303870]  ret_from_fork+0x10/0x20
[   53.303904] 
[   53.372428] Allocated by task 306:
[   53.375815]  kasan_save_stack+0x3c/0x68
[   53.379631]  kasan_save_track+0x20/0x40
[   53.383450]  kasan_save_alloc_info+0x40/0x58
[   53.387704]  __kasan_mempool_unpoison_object+0xbc/0x180
[   53.392912]  remove_element+0x16c/0x1f8
[   53.396731]  mempool_alloc_preallocated+0x58/0xc0
[   53.401419]  mempool_oob_right_helper+0x98/0x2f0
[   53.406019]  mempool_slab_oob_right+0xc0/0x118
[   53.410446]  kunit_try_run_case+0x170/0x3f0
[   53.414613]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.420082]  kthread+0x328/0x630
[   53.423293]  ret_from_fork+0x10/0x20
[   53.426852] 
[   53.428330] The buggy address belongs to the object at ffff000808638240
[   53.428330]  which belongs to the cache test_cache of size 123
[   53.440744] The buggy address is located 0 bytes to the right of
[   53.440744]  allocated 123-byte region [ffff000808638240, ffff0008086382bb)
[   53.453675] 
[   53.455154] The buggy address belongs to the physical page:
[   53.460710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x888638
[   53.468693] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   53.475204] page_type: f5(slab)
[   53.478341] raw: 0bfffe0000000000 ffff000801e0a640 dead000000000122 0000000000000000
[   53.486060] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   53.493780] page dumped because: kasan: bad access detected
[   53.499334] 
[   53.500810] Memory state around the buggy address:
[   53.505593]  ffff000808638180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.512792]  ffff000808638200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   53.519997] >ffff000808638280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   53.527198]                                         ^
[   53.532237]  ffff000808638300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.539441]  ffff000808638380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.546642] ==================================================================
[   52.740078] ==================================================================
[   52.740248] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   52.740386] Read of size 1 at addr ffff000801b9e273 by task kunit_try_catch/302
[   52.746828] 
[   52.748315] CPU: 7 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   52.748374] Tainted: [B]=BAD_PAGE, [N]=TEST
[   52.748389] Hardware name: WinLink E850-96 board (DT)
[   52.748413] Call trace:
[   52.748428]  show_stack+0x20/0x38 (C)
[   52.748465]  dump_stack_lvl+0x8c/0xd0
[   52.748502]  print_report+0x118/0x5d0
[   52.748531]  kasan_report+0xdc/0x128
[   52.748560]  __asan_report_load1_noabort+0x20/0x30
[   52.748595]  mempool_oob_right_helper+0x2ac/0x2f0
[   52.748627]  mempool_kmalloc_oob_right+0xc4/0x120
[   52.748659]  kunit_try_run_case+0x170/0x3f0
[   52.748689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.748724]  kthread+0x328/0x630
[   52.748752]  ret_from_fork+0x10/0x20
[   52.748786] 
[   52.817575] Allocated by task 302:
[   52.820962]  kasan_save_stack+0x3c/0x68
[   52.824778]  kasan_save_track+0x20/0x40
[   52.828598]  kasan_save_alloc_info+0x40/0x58
[   52.832851]  __kasan_mempool_unpoison_object+0x11c/0x180
[   52.838146]  remove_element+0x130/0x1f8
[   52.841965]  mempool_alloc_preallocated+0x58/0xc0
[   52.846653]  mempool_oob_right_helper+0x98/0x2f0
[   52.851253]  mempool_kmalloc_oob_right+0xc4/0x120
[   52.855941]  kunit_try_run_case+0x170/0x3f0
[   52.860108]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   52.865576]  kthread+0x328/0x630
[   52.868788]  ret_from_fork+0x10/0x20
[   52.872347] 
[   52.873825] The buggy address belongs to the object at ffff000801b9e200
[   52.873825]  which belongs to the cache kmalloc-128 of size 128
[   52.886326] The buggy address is located 0 bytes to the right of
[   52.886326]  allocated 115-byte region [ffff000801b9e200, ffff000801b9e273)
[   52.899256] 
[   52.900736] The buggy address belongs to the physical page:
[   52.906294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881b9e
[   52.914275] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   52.921916] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   52.928858] page_type: f5(slab)
[   52.931995] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   52.939714] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   52.947442] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   52.955252] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   52.963064] head: 0bfffe0000000001 fffffdffe006e781 00000000ffffffff 00000000ffffffff
[   52.970876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   52.978683] page dumped because: kasan: bad access detected
[   52.984237] 
[   52.985713] Memory state around the buggy address:
[   52.990496]  ffff000801b9e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.997698]  ffff000801b9e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.004902] >ffff000801b9e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   53.012102]                                                              ^
[   53.018963]  ffff000801b9e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.026167]  ffff000801b9e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   53.033368] ==================================================================
[   53.042274] ==================================================================
[   53.052296] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   53.059845] Read of size 1 at addr ffff00080506e001 by task kunit_try_catch/304
[   53.067136] 
[   53.068624] CPU: 3 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   53.068675] Tainted: [B]=BAD_PAGE, [N]=TEST
[   53.068692] Hardware name: WinLink E850-96 board (DT)
[   53.068714] Call trace:
[   53.068727]  show_stack+0x20/0x38 (C)
[   53.068764]  dump_stack_lvl+0x8c/0xd0
[   53.068800]  print_report+0x118/0x5d0
[   53.068829]  kasan_report+0xdc/0x128
[   53.068854]  __asan_report_load1_noabort+0x20/0x30
[   53.068887]  mempool_oob_right_helper+0x2ac/0x2f0
[   53.068923]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   53.068960]  kunit_try_run_case+0x170/0x3f0
[   53.068990]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   53.069027]  kthread+0x328/0x630
[   53.069059]  ret_from_fork+0x10/0x20
[   53.069097] 
[   53.138404] The buggy address belongs to the physical page:
[   53.143962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88506c
[   53.151948] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   53.159585] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   53.166527] page_type: f8(unknown)
[   53.169926] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   53.177644] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   53.185372] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   53.193181] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   53.200995] head: 0bfffe0000000002 fffffdffe0141b01 00000000ffffffff 00000000ffffffff
[   53.208807] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   53.216614] page dumped because: kasan: bad access detected
[   53.222168] 
[   53.223643] Memory state around the buggy address:
[   53.228425]  ffff00080506df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.235626]  ffff00080506df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   53.242833] >ffff00080506e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   53.250032]                    ^
[   53.253248]  ffff00080506e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   53.260452]  ffff00080506e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   53.267655] ==================================================================

Metadata Full log Test run details

[   32.559482] ==================================================================
[   32.559558] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.559636] Read of size 1 at addr fff00000c9147673 by task kunit_try_catch/253
[   32.559685] 
[   32.559730] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   32.559819] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.559847] Hardware name: linux,dummy-virt (DT)
[   32.559883] Call trace:
[   32.559909]  show_stack+0x20/0x38 (C)
[   32.559962]  dump_stack_lvl+0x8c/0xd0
[   32.560014]  print_report+0x118/0x5d0
[   32.560058]  kasan_report+0xdc/0x128
[   32.560101]  __asan_report_load1_noabort+0x20/0x30
[   32.560150]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.560201]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.560250]  kunit_try_run_case+0x170/0x3f0
[   32.560300]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.560359]  kthread+0x328/0x630
[   32.560402]  ret_from_fork+0x10/0x20
[   32.560465] 
[   32.560483] Allocated by task 253:
[   32.560512]  kasan_save_stack+0x3c/0x68
[   32.560557]  kasan_save_track+0x20/0x40
[   32.560597]  kasan_save_alloc_info+0x40/0x58
[   32.560635]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.560679]  remove_element+0x130/0x1f8
[   32.560719]  mempool_alloc_preallocated+0x58/0xc0
[   32.560760]  mempool_oob_right_helper+0x98/0x2f0
[   32.560802]  mempool_kmalloc_oob_right+0xc4/0x120
[   32.560845]  kunit_try_run_case+0x170/0x3f0
[   32.560881]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.560924]  kthread+0x328/0x630
[   32.560958]  ret_from_fork+0x10/0x20
[   32.560994] 
[   32.561015] The buggy address belongs to the object at fff00000c9147600
[   32.561015]  which belongs to the cache kmalloc-128 of size 128
[   32.561076] The buggy address is located 0 bytes to the right of
[   32.561076]  allocated 115-byte region [fff00000c9147600, fff00000c9147673)
[   32.561139] 
[   32.561161] The buggy address belongs to the physical page:
[   32.561195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109147
[   32.561252] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.561305] page_type: f5(slab)
[   32.561350] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122
[   32.561400] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.561450] page dumped because: kasan: bad access detected
[   32.561482] 
[   32.561501] Memory state around the buggy address:
[   32.561535]  fff00000c9147500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.561579]  fff00000c9147580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.561623] >fff00000c9147600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.561682]                                                              ^
[   32.561744]  fff00000c9147680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.561787]  fff00000c9147700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   32.561825] ==================================================================
[   32.596888] ==================================================================
[   32.596976] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.597046] Read of size 1 at addr fff00000c650a1fb by task kunit_try_catch/257
[   32.597096] 
[   32.597135] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   32.597224] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.597258] Hardware name: linux,dummy-virt (DT)
[   32.597404] Call trace:
[   32.597452]  show_stack+0x20/0x38 (C)
[   32.597614]  dump_stack_lvl+0x8c/0xd0
[   32.597678]  print_report+0x118/0x5d0
[   32.598018]  kasan_report+0xdc/0x128
[   32.598244]  __asan_report_load1_noabort+0x20/0x30
[   32.598300]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.598352]  mempool_slab_oob_right+0xc0/0x118
[   32.598452]  kunit_try_run_case+0x170/0x3f0
[   32.598507]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.598563]  kthread+0x328/0x630
[   32.598806]  ret_from_fork+0x10/0x20
[   32.598914] 
[   32.598962] Allocated by task 257:
[   32.598991]  kasan_save_stack+0x3c/0x68
[   32.599038]  kasan_save_track+0x20/0x40
[   32.599428]  kasan_save_alloc_info+0x40/0x58
[   32.599481]  __kasan_mempool_unpoison_object+0xbc/0x180
[   32.599621]  remove_element+0x16c/0x1f8
[   32.599768]  mempool_alloc_preallocated+0x58/0xc0
[   32.599848]  mempool_oob_right_helper+0x98/0x2f0
[   32.599948]  mempool_slab_oob_right+0xc0/0x118
[   32.600004]  kunit_try_run_case+0x170/0x3f0
[   32.600042]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.600087]  kthread+0x328/0x630
[   32.600119]  ret_from_fork+0x10/0x20
[   32.600157] 
[   32.600190] The buggy address belongs to the object at fff00000c650a180
[   32.600190]  which belongs to the cache test_cache of size 123
[   32.600421] The buggy address is located 0 bytes to the right of
[   32.600421]  allocated 123-byte region [fff00000c650a180, fff00000c650a1fb)
[   32.600563] 
[   32.600587] The buggy address belongs to the physical page:
[   32.600666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10650a
[   32.601036] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.601111] page_type: f5(slab)
[   32.601154] raw: 0bfffe0000000000 fff00000c650c000 dead000000000122 0000000000000000
[   32.601203] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   32.601244] page dumped because: kasan: bad access detected
[   32.601275] 
[   32.601293] Memory state around the buggy address:
[   32.601585]  fff00000c650a080: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   32.601730]  fff00000c650a100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.601971] >fff00000c650a180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
[   32.602170]                                                                 ^
[   32.602249]  fff00000c650a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.602368]  fff00000c650a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.602408] ==================================================================
[   32.567455] ==================================================================
[   32.567512] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   32.567567] Read of size 1 at addr fff00000c639a001 by task kunit_try_catch/255
[   32.567617] 
[   32.567648] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   32.567729] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.567756] Hardware name: linux,dummy-virt (DT)
[   32.567785] Call trace:
[   32.567809]  show_stack+0x20/0x38 (C)
[   32.567856]  dump_stack_lvl+0x8c/0xd0
[   32.567902]  print_report+0x118/0x5d0
[   32.567946]  kasan_report+0xdc/0x128
[   32.567988]  __asan_report_load1_noabort+0x20/0x30
[   32.568037]  mempool_oob_right_helper+0x2ac/0x2f0
[   32.568087]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   32.568138]  kunit_try_run_case+0x170/0x3f0
[   32.568184]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.568236]  kthread+0x328/0x630
[   32.568278]  ret_from_fork+0x10/0x20
[   32.568326] 
[   32.568345] The buggy address belongs to the physical page:
[   32.568377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398
[   32.568431] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.568491] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.568543] page_type: f8(unknown)
[   32.568582] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.568687] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.568737] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.568784] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.568834] head: 0bfffe0000000002 ffffc1ffc318e601 00000000ffffffff 00000000ffffffff
[   32.568879] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.568919] page dumped because: kasan: bad access detected
[   32.568951] 
[   32.568970] Memory state around the buggy address:
[   32.569001]  fff00000c6399f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.569042]  fff00000c6399f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.569084] >fff00000c639a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.569122]                    ^
[   32.569149]  fff00000c639a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.569190]  fff00000c639a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.569229] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSB6ZD0TprNwndx8osoZfzNbs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSB6ZD0TprNwndx8osoZfzNbs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/Image.gz
sha256sum	118b4ece9a238a43bf808c098cf2bf253d887d33e129eb81e3c965d23e20b8c5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/modules.tar.xz
sha256sum	01435f1d178968cd8186d4f9b9cf47e1273301cd5c54bfdff2cd2593d26e1adb

durations

tests

boot	0
kunit	165.28

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.534495] ==================================================================
[   25.535076] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.535402] Read of size 1 at addr ffff8881059222bb by task kunit_try_catch/273
[   25.535703] 
[   25.535812] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   25.536087] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.536102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.536124] Call Trace:
[   25.536138]  <TASK>
[   25.536155]  dump_stack_lvl+0x73/0xb0
[   25.536188]  print_report+0xd1/0x610
[   25.536217]  ? __virt_addr_valid+0x1db/0x2d0
[   25.536247]  ? mempool_oob_right_helper+0x318/0x380
[   25.536275]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.536306]  ? mempool_oob_right_helper+0x318/0x380
[   25.536336]  kasan_report+0x141/0x180
[   25.536364]  ? mempool_oob_right_helper+0x318/0x380
[   25.536399]  __asan_report_load1_noabort+0x18/0x20
[   25.536427]  mempool_oob_right_helper+0x318/0x380
[   25.536458]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.536491]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.536518]  ? finish_task_switch.isra.0+0x153/0x700
[   25.536561]  mempool_slab_oob_right+0xed/0x140
[   25.536600]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   25.536633]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   25.536662]  ? __pfx_mempool_free_slab+0x10/0x10
[   25.536693]  ? __pfx_read_tsc+0x10/0x10
[   25.536720]  ? ktime_get_ts64+0x86/0x230
[   25.536751]  kunit_try_run_case+0x1a5/0x480
[   25.536781]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.536815]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.536844]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.536872]  ? __kthread_parkme+0x82/0x180
[   25.536897]  ? preempt_count_sub+0x50/0x80
[   25.536927]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.536956]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.536989]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.537023]  kthread+0x337/0x6f0
[   25.537049]  ? trace_preempt_on+0x20/0xc0
[   25.537077]  ? __pfx_kthread+0x10/0x10
[   25.537102]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.537132]  ? calculate_sigpending+0x7b/0xa0
[   25.537161]  ? __pfx_kthread+0x10/0x10
[   25.537188]  ret_from_fork+0x116/0x1d0
[   25.537211]  ? __pfx_kthread+0x10/0x10
[   25.537237]  ret_from_fork_asm+0x1a/0x30
[   25.537277]  </TASK>
[   25.537289] 
[   25.545133] Allocated by task 273:
[   25.545292]  kasan_save_stack+0x45/0x70
[   25.545441]  kasan_save_track+0x18/0x40
[   25.545612]  kasan_save_alloc_info+0x3b/0x50
[   25.545884]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   25.546142]  remove_element+0x11e/0x190
[   25.546348]  mempool_alloc_preallocated+0x4d/0x90
[   25.546605]  mempool_oob_right_helper+0x8a/0x380
[   25.546851]  mempool_slab_oob_right+0xed/0x140
[   25.547042]  kunit_try_run_case+0x1a5/0x480
[   25.547254]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.547532]  kthread+0x337/0x6f0
[   25.547657]  ret_from_fork+0x116/0x1d0
[   25.547929]  ret_from_fork_asm+0x1a/0x30
[   25.548118] 
[   25.548212] The buggy address belongs to the object at ffff888105922240
[   25.548212]  which belongs to the cache test_cache of size 123
[   25.548724] The buggy address is located 0 bytes to the right of
[   25.548724]  allocated 123-byte region [ffff888105922240, ffff8881059222bb)
[   25.549232] 
[   25.549311] The buggy address belongs to the physical page:
[   25.549531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105922
[   25.549992] flags: 0x200000000000000(node=0|zone=2)
[   25.550206] page_type: f5(slab)
[   25.550349] raw: 0200000000000000 ffff888105920000 dead000000000122 0000000000000000
[   25.550663] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   25.550893] page dumped because: kasan: bad access detected
[   25.551064] 
[   25.551131] Memory state around the buggy address:
[   25.551286]  ffff888105922180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.551662]  ffff888105922200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   25.552003] >ffff888105922280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   25.552316]                                         ^
[   25.552538]  ffff888105922300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.552949]  ffff888105922380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.553166] ==================================================================
[   25.512881] ==================================================================
[   25.513689] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.514098] Read of size 1 at addr ffff888106126001 by task kunit_try_catch/271
[   25.514329] 
[   25.514416] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   25.514475] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.514488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.514511] Call Trace:
[   25.514536]  <TASK>
[   25.514552]  dump_stack_lvl+0x73/0xb0
[   25.514585]  print_report+0xd1/0x610
[   25.514607]  ? __virt_addr_valid+0x1db/0x2d0
[   25.514633]  ? mempool_oob_right_helper+0x318/0x380
[   25.514656]  ? kasan_addr_to_slab+0x11/0xa0
[   25.514676]  ? mempool_oob_right_helper+0x318/0x380
[   25.514700]  kasan_report+0x141/0x180
[   25.514808]  ? mempool_oob_right_helper+0x318/0x380
[   25.514839]  __asan_report_load1_noabort+0x18/0x20
[   25.514864]  mempool_oob_right_helper+0x318/0x380
[   25.514889]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.514913]  ? dequeue_entities+0x23f/0x1630
[   25.514939]  ? __kasan_check_write+0x18/0x20
[   25.514963]  ? __pfx_sched_clock_cpu+0x10/0x10
[   25.514985]  ? finish_task_switch.isra.0+0x153/0x700
[   25.515010]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   25.515035]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   25.515062]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.515086]  ? __pfx_mempool_kfree+0x10/0x10
[   25.515110]  ? __pfx_read_tsc+0x10/0x10
[   25.515132]  ? ktime_get_ts64+0x86/0x230
[   25.515158]  kunit_try_run_case+0x1a5/0x480
[   25.515182]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.515204]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.515227]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.515248]  ? __kthread_parkme+0x82/0x180
[   25.515270]  ? preempt_count_sub+0x50/0x80
[   25.515292]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.515315]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.515342]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.515368]  kthread+0x337/0x6f0
[   25.515387]  ? trace_preempt_on+0x20/0xc0
[   25.515411]  ? __pfx_kthread+0x10/0x10
[   25.515432]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.515457]  ? calculate_sigpending+0x7b/0xa0
[   25.515480]  ? __pfx_kthread+0x10/0x10
[   25.515502]  ret_from_fork+0x116/0x1d0
[   25.515534]  ? __pfx_kthread+0x10/0x10
[   25.515555]  ret_from_fork_asm+0x1a/0x30
[   25.515718]  </TASK>
[   25.515733] 
[   25.523669] The buggy address belongs to the physical page:
[   25.523936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106124
[   25.524299] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.524783] flags: 0x200000000000040(head|node=0|zone=2)
[   25.525040] page_type: f8(unknown)
[   25.525163] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.525385] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.525695] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.526032] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.526726] head: 0200000000000002 ffffea0004184901 00000000ffffffff 00000000ffffffff
[   25.526965] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.527187] page dumped because: kasan: bad access detected
[   25.527413] 
[   25.527502] Memory state around the buggy address:
[   25.527842]  ffff888106125f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.528155]  ffff888106125f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.528441] >ffff888106126000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.528878]                    ^
[   25.529010]  ffff888106126080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.529317]  ffff888106126100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.529605] ==================================================================
[   25.486225] ==================================================================
[   25.486793] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   25.487131] Read of size 1 at addr ffff8881041b9d73 by task kunit_try_catch/269
[   25.487465] 
[   25.487587] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   25.487746] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.487762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.487788] Call Trace:
[   25.487810]  <TASK>
[   25.487832]  dump_stack_lvl+0x73/0xb0
[   25.487871]  print_report+0xd1/0x610
[   25.487901]  ? __virt_addr_valid+0x1db/0x2d0
[   25.487934]  ? mempool_oob_right_helper+0x318/0x380
[   25.487962]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.487993]  ? mempool_oob_right_helper+0x318/0x380
[   25.488023]  kasan_report+0x141/0x180
[   25.488051]  ? mempool_oob_right_helper+0x318/0x380
[   25.488086]  __asan_report_load1_noabort+0x18/0x20
[   25.488116]  mempool_oob_right_helper+0x318/0x380
[   25.488146]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   25.488180]  ? finish_task_switch.isra.0+0x153/0x700
[   25.488214]  mempool_kmalloc_oob_right+0xf2/0x150
[   25.488243]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   25.488276]  ? __pfx_mempool_kmalloc+0x10/0x10
[   25.488308]  ? __pfx_mempool_kfree+0x10/0x10
[   25.488340]  ? __pfx_read_tsc+0x10/0x10
[   25.488368]  ? ktime_get_ts64+0x86/0x230
[   25.488400]  kunit_try_run_case+0x1a5/0x480
[   25.488431]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.488458]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.488486]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.488515]  ? __kthread_parkme+0x82/0x180
[   25.488553]  ? preempt_count_sub+0x50/0x80
[   25.488583]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.488612]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.488644]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.488677]  kthread+0x337/0x6f0
[   25.488702]  ? trace_preempt_on+0x20/0xc0
[   25.488732]  ? __pfx_kthread+0x10/0x10
[   25.488759]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.488789]  ? calculate_sigpending+0x7b/0xa0
[   25.488820]  ? __pfx_kthread+0x10/0x10
[   25.488847]  ret_from_fork+0x116/0x1d0
[   25.488871]  ? __pfx_kthread+0x10/0x10
[   25.488897]  ret_from_fork_asm+0x1a/0x30
[   25.488939]  </TASK>
[   25.488952] 
[   25.498719] Allocated by task 269:
[   25.498892]  kasan_save_stack+0x45/0x70
[   25.499081]  kasan_save_track+0x18/0x40
[   25.499257]  kasan_save_alloc_info+0x3b/0x50
[   25.499460]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   25.500104]  remove_element+0x11e/0x190
[   25.500306]  mempool_alloc_preallocated+0x4d/0x90
[   25.500673]  mempool_oob_right_helper+0x8a/0x380
[   25.500979]  mempool_kmalloc_oob_right+0xf2/0x150
[   25.501173]  kunit_try_run_case+0x1a5/0x480
[   25.501473]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.501780]  kthread+0x337/0x6f0
[   25.502068]  ret_from_fork+0x116/0x1d0
[   25.502266]  ret_from_fork_asm+0x1a/0x30
[   25.502611] 
[   25.502761] The buggy address belongs to the object at ffff8881041b9d00
[   25.502761]  which belongs to the cache kmalloc-128 of size 128
[   25.503351] The buggy address is located 0 bytes to the right of
[   25.503351]  allocated 115-byte region [ffff8881041b9d00, ffff8881041b9d73)
[   25.504099] 
[   25.504183] The buggy address belongs to the physical page:
[   25.504559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9
[   25.504960] flags: 0x200000000000000(node=0|zone=2)
[   25.505148] page_type: f5(slab)
[   25.505395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.505692] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.506175] page dumped because: kasan: bad access detected
[   25.506487] 
[   25.506577] Memory state around the buggy address:
[   25.506846]  ffff8881041b9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.507299]  ffff8881041b9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.507702] >ffff8881041b9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.507987]                                                              ^
[   25.508355]  ffff8881041b9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.508693]  ffff8881041b9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   25.509104] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSCDmb4DEQtYONUdNKA0gDr4g

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSCDmb4DEQtYONUdNKA0gDr4g

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/bzImage
sha256sum	c1e74129e828139d1503e1b2906d7bf3cc50987150c7e120efde5dc3ba3dece2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/modules.tar.xz
sha256sum	c033def305798e90a1dd43392f34d6ac3a5642caf58a41fa7d2b499626275ec8

durations

tests

boot	0
kunit	244.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit