lkft/linux-stable-rc-linux-6.15.y - v6.15-50-g86677b94d603 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

June 2, 2025, 2:11 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   33.864859] ==================================================================
[   33.874886] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.882431] Read of size 1 at addr ffff00080320a001 by task kunit_try_catch/270
[   33.889722] 
[   33.891209] CPU: 5 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   33.891260] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.891276] Hardware name: WinLink E850-96 board (DT)
[   33.891296] Call trace:
[   33.891309]  show_stack+0x20/0x38 (C)
[   33.891342]  dump_stack_lvl+0x8c/0xd0
[   33.891376]  print_report+0x118/0x608
[   33.891406]  kasan_report+0xdc/0x128
[   33.891435]  __asan_report_load1_noabort+0x20/0x30
[   33.891467]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.891504]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   33.891542]  kunit_try_run_case+0x170/0x3f0
[   33.891577]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.891617]  kthread+0x328/0x630
[   33.891651]  ret_from_fork+0x10/0x20
[   33.891685] 
[   33.959778] The buggy address belongs to the physical page:
[   33.965334] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883208
[   33.973319] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.980958] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.987898] page_type: f8(unknown)
[   33.991296] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.999015] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   34.006742] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   34.014553] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   34.022366] head: 0bfffe0000000002 fffffdffe00c8201 00000000ffffffff 00000000ffffffff
[   34.030178] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   34.037984] page dumped because: kasan: bad access detected
[   34.043539] 
[   34.045015] Memory state around the buggy address:
[   34.049796]  ffff000803209f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.056998]  ffff000803209f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.064202] >ffff00080320a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.071404]                    ^
[   34.074619]  ffff00080320a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.081824]  ffff00080320a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.089025] ==================================================================
[   33.563921] ==================================================================
[   33.564101] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.564242] Read of size 1 at addr ffff000801dd0473 by task kunit_try_catch/268
[   33.570630] 
[   33.572118] CPU: 6 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   33.572173] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.572188] Hardware name: WinLink E850-96 board (DT)
[   33.572211] Call trace:
[   33.572226]  show_stack+0x20/0x38 (C)
[   33.572266]  dump_stack_lvl+0x8c/0xd0
[   33.572301]  print_report+0x118/0x608
[   33.572333]  kasan_report+0xdc/0x128
[   33.572364]  __asan_report_load1_noabort+0x20/0x30
[   33.572399]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.572434]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.572468]  kunit_try_run_case+0x170/0x3f0
[   33.572505]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.572544]  kthread+0x328/0x630
[   33.572579]  ret_from_fork+0x10/0x20
[   33.572617] 
[   33.640162] Allocated by task 268:
[   33.643548]  kasan_save_stack+0x3c/0x68
[   33.647365]  kasan_save_track+0x20/0x40
[   33.651184]  kasan_save_alloc_info+0x40/0x58
[   33.655438]  __kasan_mempool_unpoison_object+0x11c/0x180
[   33.660733]  remove_element+0x130/0x1f8
[   33.664552]  mempool_alloc_preallocated+0x58/0xc0
[   33.669240]  mempool_oob_right_helper+0x98/0x2f0
[   33.673840]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.678528]  kunit_try_run_case+0x170/0x3f0
[   33.682693]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.688165]  kthread+0x328/0x630
[   33.691375]  ret_from_fork+0x10/0x20
[   33.694934] 
[   33.696411] The buggy address belongs to the object at ffff000801dd0400
[   33.696411]  which belongs to the cache kmalloc-128 of size 128
[   33.708911] The buggy address is located 0 bytes to the right of
[   33.708911]  allocated 115-byte region [ffff000801dd0400, ffff000801dd0473)
[   33.721843] 
[   33.723323] The buggy address belongs to the physical page:
[   33.728880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881dd0
[   33.736864] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.744504] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.751445] page_type: f5(slab)
[   33.754581] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   33.762301] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.770027] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   33.777838] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.785651] head: 0bfffe0000000001 fffffdffe0077401 00000000ffffffff 00000000ffffffff
[   33.793463] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.801269] page dumped because: kasan: bad access detected
[   33.806824] 
[   33.808300] Memory state around the buggy address:
[   33.813080]  ffff000801dd0300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.820282]  ffff000801dd0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.827488] >ffff000801dd0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.834688]                                                              ^
[   33.841549]  ffff000801dd0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.848754]  ffff000801dd0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.855957] ==================================================================
[   34.098396] ==================================================================
[   34.108476] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   34.116022] Read of size 1 at addr ffff00080682f2bb by task kunit_try_catch/272
[   34.123312] 
[   34.124800] CPU: 6 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT 
[   34.124848] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.124864] Hardware name: WinLink E850-96 board (DT)
[   34.124885] Call trace:
[   34.124900]  show_stack+0x20/0x38 (C)
[   34.124934]  dump_stack_lvl+0x8c/0xd0
[   34.124968]  print_report+0x118/0x608
[   34.124999]  kasan_report+0xdc/0x128
[   34.125030]  __asan_report_load1_noabort+0x20/0x30
[   34.125065]  mempool_oob_right_helper+0x2ac/0x2f0
[   34.125101]  mempool_slab_oob_right+0xc0/0x118
[   34.125133]  kunit_try_run_case+0x170/0x3f0
[   34.125169]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.125207]  kthread+0x328/0x630
[   34.125240]  ret_from_fork+0x10/0x20
[   34.125277] 
[   34.192584] Allocated by task 272:
[   34.195970]  kasan_save_stack+0x3c/0x68
[   34.199787]  kasan_save_track+0x20/0x40
[   34.203607]  kasan_save_alloc_info+0x40/0x58
[   34.207860]  __kasan_mempool_unpoison_object+0xbc/0x180
[   34.213070]  remove_element+0x16c/0x1f8
[   34.216888]  mempool_alloc_preallocated+0x58/0xc0
[   34.221575]  mempool_oob_right_helper+0x98/0x2f0
[   34.226176]  mempool_slab_oob_right+0xc0/0x118
[   34.230602]  kunit_try_run_case+0x170/0x3f0
[   34.234769]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.240238]  kthread+0x328/0x630
[   34.243450]  ret_from_fork+0x10/0x20
[   34.247008] 
[   34.248487] The buggy address belongs to the object at ffff00080682f240
[   34.248487]  which belongs to the cache test_cache of size 123
[   34.260900] The buggy address is located 0 bytes to the right of
[   34.260900]  allocated 123-byte region [ffff00080682f240, ffff00080682f2bb)
[   34.273831] 
[   34.275310] The buggy address belongs to the physical page:
[   34.280867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88682f
[   34.288852] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   34.295360] page_type: f5(slab)
[   34.298496] raw: 0bfffe0000000000 ffff000801dd23c0 dead000000000122 0000000000000000
[   34.306216] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   34.313935] page dumped because: kasan: bad access detected
[   34.319490] 
[   34.320966] Memory state around the buggy address:
[   34.325746]  ffff00080682f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.332950]  ffff00080682f200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   34.340155] >ffff00080682f280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   34.347354]                                         ^
[   34.352392]  ffff00080682f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.359597]  ffff00080682f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.366799] ==================================================================

Metadata Full log Test run details

[   20.456783] ==================================================================
[   20.456863] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.457213] Read of size 1 at addr fff00000c3fa42bb by task kunit_try_catch/228
[   20.457363] 
[   20.457455] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.1-rc1 #1 PREEMPT 
[   20.457557] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   20.457611] Hardware name: linux,dummy-virt (DT)
[   20.457819] Call trace:
[   20.457893]  show_stack+0x20/0x38 (C)
[   20.457950]  dump_stack_lvl+0x8c/0xd0
[   20.458000]  print_report+0x118/0x608
[   20.458058]  kasan_report+0xdc/0x128
[   20.458109]  __asan_report_load1_noabort+0x20/0x30
[   20.458182]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.458236]  mempool_slab_oob_right+0xc0/0x118
[   20.458286]  kunit_try_run_case+0x170/0x3f0
[   20.458372]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.458720]  kthread+0x328/0x630
[   20.458866]  ret_from_fork+0x10/0x20
[   20.458947] 
[   20.459051] Allocated by task 228:
[   20.459097]  kasan_save_stack+0x3c/0x68
[   20.459167]  kasan_save_track+0x20/0x40
[   20.459207]  kasan_save_alloc_info+0x40/0x58
[   20.459247]  __kasan_mempool_unpoison_object+0xbc/0x180
[   20.459325]  remove_element+0x16c/0x1f8
[   20.459424]  mempool_alloc_preallocated+0x58/0xc0
[   20.459469]  mempool_oob_right_helper+0x98/0x2f0
[   20.459531]  mempool_slab_oob_right+0xc0/0x118
[   20.459721]  kunit_try_run_case+0x170/0x3f0
[   20.459760]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.459847]  kthread+0x328/0x630
[   20.460042]  ret_from_fork+0x10/0x20
[   20.460080] 
[   20.460104] The buggy address belongs to the object at fff00000c3fa4240
[   20.460104]  which belongs to the cache test_cache of size 123
[   20.460169] The buggy address is located 0 bytes to the right of
[   20.460169]  allocated 123-byte region [fff00000c3fa4240, fff00000c3fa42bb)
[   20.460333] 
[   20.460376] The buggy address belongs to the physical page:
[   20.460409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fa4
[   20.460484] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.460564] page_type: f5(slab)
[   20.461004] raw: 0bfffe0000000000 fff00000c3ef3640 dead000000000122 0000000000000000
[   20.461208] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   20.461272] page dumped because: kasan: bad access detected
[   20.461373] 
[   20.461408] Memory state around the buggy address:
[   20.461714]  fff00000c3fa4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.461795]  fff00000c3fa4200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   20.461841] >fff00000c3fa4280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   20.461880]                                         ^
[   20.462112]  fff00000c3fa4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.462192]  fff00000c3fa4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.462231] ==================================================================
[   20.435057] ==================================================================
[   20.435133] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.435212] Read of size 1 at addr fff00000c3e64773 by task kunit_try_catch/224
[   20.435263] 
[   20.435305] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.1-rc1 #1 PREEMPT 
[   20.435457] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   20.435503] Hardware name: linux,dummy-virt (DT)
[   20.435537] Call trace:
[   20.435564]  show_stack+0x20/0x38 (C)
[   20.435622]  dump_stack_lvl+0x8c/0xd0
[   20.435676]  print_report+0x118/0x608
[   20.435724]  kasan_report+0xdc/0x128
[   20.435770]  __asan_report_load1_noabort+0x20/0x30
[   20.435823]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.435877]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.435930]  kunit_try_run_case+0x170/0x3f0
[   20.435984]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.436042]  kthread+0x328/0x630
[   20.436090]  ret_from_fork+0x10/0x20
[   20.436143] 
[   20.436162] Allocated by task 224:
[   20.436194]  kasan_save_stack+0x3c/0x68
[   20.436238]  kasan_save_track+0x20/0x40
[   20.436277]  kasan_save_alloc_info+0x40/0x58
[   20.436319]  __kasan_mempool_unpoison_object+0x11c/0x180
[   20.436375]  remove_element+0x130/0x1f8
[   20.436449]  mempool_alloc_preallocated+0x58/0xc0
[   20.436493]  mempool_oob_right_helper+0x98/0x2f0
[   20.436538]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.436582]  kunit_try_run_case+0x170/0x3f0
[   20.436623]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.436671]  kthread+0x328/0x630
[   20.436707]  ret_from_fork+0x10/0x20
[   20.436746] 
[   20.436767] The buggy address belongs to the object at fff00000c3e64700
[   20.436767]  which belongs to the cache kmalloc-128 of size 128
[   20.436826] The buggy address is located 0 bytes to the right of
[   20.436826]  allocated 115-byte region [fff00000c3e64700, fff00000c3e64773)
[   20.436890] 
[   20.436911] The buggy address belongs to the physical page:
[   20.436947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e64
[   20.437002] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.437056] page_type: f5(slab)
[   20.437100] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   20.437151] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.437193] page dumped because: kasan: bad access detected
[   20.437225] 
[   20.437243] Memory state around the buggy address:
[   20.437277]  fff00000c3e64600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.437321]  fff00000c3e64680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.437373] >fff00000c3e64700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.437412]                                                              ^
[   20.437452]  fff00000c3e64780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.437529]  fff00000c3e64800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.437594] ==================================================================
[   20.445849] ==================================================================
[   20.445985] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.446181] Read of size 1 at addr fff00000c65c2001 by task kunit_try_catch/226
[   20.446232] 
[   20.446276] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.1-rc1 #1 PREEMPT 
[   20.446380] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   20.446409] Hardware name: linux,dummy-virt (DT)
[   20.446442] Call trace:
[   20.446466]  show_stack+0x20/0x38 (C)
[   20.446519]  dump_stack_lvl+0x8c/0xd0
[   20.446568]  print_report+0x118/0x608
[   20.446616]  kasan_report+0xdc/0x128
[   20.446660]  __asan_report_load1_noabort+0x20/0x30
[   20.446715]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.446767]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   20.446823]  kunit_try_run_case+0x170/0x3f0
[   20.446876]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.446933]  kthread+0x328/0x630
[   20.446980]  ret_from_fork+0x10/0x20
[   20.447038] 
[   20.447058] The buggy address belongs to the physical page:
[   20.447095] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c0
[   20.447150] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.447198] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.447254] page_type: f8(unknown)
[   20.447297] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.447359] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.448423] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.448724] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.448823] head: 0bfffe0000000002 ffffc1ffc3197001 00000000ffffffff 00000000ffffffff
[   20.449180] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.449342] page dumped because: kasan: bad access detected
[   20.449389] 
[   20.449544] Memory state around the buggy address:
[   20.449958]  fff00000c65c1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.450018]  fff00000c65c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.450063] >fff00000c65c2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.450104]                    ^
[   20.450136]  fff00000c65c2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.450180]  fff00000c65c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.450217] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxImRmF075dm0nsBZ5X666mMHe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxImRmF075dm0nsBZ5X666mMHe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/Image.gz
sha256sum	b9a9fd4a9b1eed9b2355eb855fcee61950b1feb6d9174198b03424c9d229f427

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIiyPUR36zsQ0H1UAU7CDbti8/modules.tar.xz
sha256sum	369c25ed9d51a74f47b283fc088bebcc674124ca3658d6e259bf0d14f2ebcf1f

durations

tests

boot	0
kunit	197.32

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.254206] ==================================================================
[   18.254778] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   18.255238] Read of size 1 at addr ffff888101de5973 by task kunit_try_catch/242
[   18.255610] 
[   18.255922] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   18.255992] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.256008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.256035] Call Trace:
[   18.256054]  <TASK>
[   18.256082]  dump_stack_lvl+0x73/0xb0
[   18.256119]  print_report+0xd1/0x650
[   18.256146]  ? __virt_addr_valid+0x1db/0x2d0
[   18.256174]  ? mempool_oob_right_helper+0x318/0x380
[   18.256199]  ? kasan_complete_mode_report_info+0x2a/0x200
[   18.256223]  ? mempool_oob_right_helper+0x318/0x380
[   18.256249]  kasan_report+0x141/0x180
[   18.256274]  ? mempool_oob_right_helper+0x318/0x380
[   18.256305]  __asan_report_load1_noabort+0x18/0x20
[   18.256328]  mempool_oob_right_helper+0x318/0x380
[   18.256356]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   18.256382]  ? dequeue_entities+0x852/0x1740
[   18.256412]  ? finish_task_switch.isra.0+0x153/0x700
[   18.256442]  mempool_kmalloc_oob_right+0xf2/0x150
[   18.256468]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   18.256494]  ? dequeue_task_fair+0x166/0x4e0
[   18.256518]  ? __pfx_mempool_kmalloc+0x10/0x10
[   18.256570]  ? __pfx_mempool_kfree+0x10/0x10
[   18.256596]  ? __pfx_read_tsc+0x10/0x10
[   18.256620]  ? ktime_get_ts64+0x86/0x230
[   18.256650]  kunit_try_run_case+0x1a5/0x480
[   18.256679]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.256702]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.256729]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.256774]  ? __kthread_parkme+0x82/0x180
[   18.256803]  ? preempt_count_sub+0x50/0x80
[   18.256830]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.256855]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.256880]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.256913]  kthread+0x337/0x6f0
[   18.256937]  ? trace_preempt_on+0x20/0xc0
[   18.256964]  ? __pfx_kthread+0x10/0x10
[   18.256985]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.257009]  ? calculate_sigpending+0x7b/0xa0
[   18.257034]  ? __pfx_kthread+0x10/0x10
[   18.257055]  ret_from_fork+0x41/0x80
[   18.257078]  ? __pfx_kthread+0x10/0x10
[   18.257098]  ret_from_fork_asm+0x1a/0x30
[   18.257135]  </TASK>
[   18.257150] 
[   18.266046] Allocated by task 242:
[   18.266400]  kasan_save_stack+0x45/0x70
[   18.266663]  kasan_save_track+0x18/0x40
[   18.266816]  kasan_save_alloc_info+0x3b/0x50
[   18.266992]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   18.267287]  remove_element+0x11e/0x190
[   18.267536]  mempool_alloc_preallocated+0x4d/0x90
[   18.267801]  mempool_oob_right_helper+0x8a/0x380
[   18.268076]  mempool_kmalloc_oob_right+0xf2/0x150
[   18.268356]  kunit_try_run_case+0x1a5/0x480
[   18.268618]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.268901]  kthread+0x337/0x6f0
[   18.269176]  ret_from_fork+0x41/0x80
[   18.269403]  ret_from_fork_asm+0x1a/0x30
[   18.269631] 
[   18.269779] The buggy address belongs to the object at ffff888101de5900
[   18.269779]  which belongs to the cache kmalloc-128 of size 128
[   18.270351] The buggy address is located 0 bytes to the right of
[   18.270351]  allocated 115-byte region [ffff888101de5900, ffff888101de5973)
[   18.270885] 
[   18.271052] The buggy address belongs to the physical page:
[   18.271337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101de5
[   18.271558] flags: 0x200000000000000(node=0|zone=2)
[   18.271806] page_type: f5(slab)
[   18.272084] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   18.272418] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.272789] page dumped because: kasan: bad access detected
[   18.273055] 
[   18.273230] Memory state around the buggy address:
[   18.273416]  ffff888101de5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.273725]  ffff888101de5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.274068] >ffff888101de5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.274397]                                                              ^
[   18.274689]  ffff888101de5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.274989]  ffff888101de5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   18.275370] ==================================================================
[   18.282041] ==================================================================
[   18.282730] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   18.283155] Read of size 1 at addr ffff888102a9a001 by task kunit_try_catch/244
[   18.283586] 
[   18.283807] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   18.283890] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.283908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.283939] Call Trace:
[   18.283958]  <TASK>
[   18.283986]  dump_stack_lvl+0x73/0xb0
[   18.284028]  print_report+0xd1/0x650
[   18.284056]  ? __virt_addr_valid+0x1db/0x2d0
[   18.284087]  ? mempool_oob_right_helper+0x318/0x380
[   18.284115]  ? kasan_addr_to_slab+0x11/0xa0
[   18.284141]  ? mempool_oob_right_helper+0x318/0x380
[   18.284169]  kasan_report+0x141/0x180
[   18.284198]  ? mempool_oob_right_helper+0x318/0x380
[   18.284233]  __asan_report_load1_noabort+0x18/0x20
[   18.284259]  mempool_oob_right_helper+0x318/0x380
[   18.284291]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   18.284320]  ? dequeue_entities+0x852/0x1740
[   18.284352]  ? finish_task_switch.isra.0+0x153/0x700
[   18.284387]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   18.284416]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   18.284445]  ? dequeue_task_fair+0x166/0x4e0
[   18.284473]  ? __pfx_mempool_kmalloc+0x10/0x10
[   18.284500]  ? __pfx_mempool_kfree+0x10/0x10
[   18.284527]  ? __pfx_read_tsc+0x10/0x10
[   18.284551]  ? ktime_get_ts64+0x86/0x230
[   18.284584]  kunit_try_run_case+0x1a5/0x480
[   18.284615]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.284641]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.284672]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.284700]  ? __kthread_parkme+0x82/0x180
[   18.284727]  ? preempt_count_sub+0x50/0x80
[   18.284960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.285065]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.285098]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.285134]  kthread+0x337/0x6f0
[   18.285155]  ? trace_preempt_on+0x20/0xc0
[   18.285187]  ? __pfx_kthread+0x10/0x10
[   18.285412]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.285445]  ? calculate_sigpending+0x7b/0xa0
[   18.285475]  ? __pfx_kthread+0x10/0x10
[   18.285498]  ret_from_fork+0x41/0x80
[   18.285524]  ? __pfx_kthread+0x10/0x10
[   18.285547]  ret_from_fork_asm+0x1a/0x30
[   18.285587]  </TASK>
[   18.285605] 
[   18.294523] The buggy address belongs to the physical page:
[   18.294930] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a98
[   18.295568] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.295772] flags: 0x200000000000040(head|node=0|zone=2)
[   18.296096] page_type: f8(unknown)
[   18.296470] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.296990] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.297266] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.297705] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.297950] head: 0200000000000002 ffffea00040aa601 00000000ffffffff 00000000ffffffff
[   18.298147] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.298688] page dumped because: kasan: bad access detected
[   18.299068] 
[   18.299134] Memory state around the buggy address:
[   18.299491]  ffff888102a99f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.299856]  ffff888102a99f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.300432] >ffff888102a9a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.300665]                    ^
[   18.300905]  ffff888102a9a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.301363]  ffff888102a9a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.301718] ==================================================================
[   18.309228] ==================================================================
[   18.309928] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   18.310212] Read of size 1 at addr ffff888102b402bb by task kunit_try_catch/246
[   18.310673] 
[   18.310856] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.15.1-rc1 #1 PREEMPT(voluntary) 
[   18.310924] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.310939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.310967] Call Trace:
[   18.310982]  <TASK>
[   18.311006]  dump_stack_lvl+0x73/0xb0
[   18.311043]  print_report+0xd1/0x650
[   18.311069]  ? __virt_addr_valid+0x1db/0x2d0
[   18.311096]  ? mempool_oob_right_helper+0x318/0x380
[   18.311122]  ? kasan_complete_mode_report_info+0x2a/0x200
[   18.311148]  ? mempool_oob_right_helper+0x318/0x380
[   18.311176]  kasan_report+0x141/0x180
[   18.311201]  ? mempool_oob_right_helper+0x318/0x380
[   18.311235]  __asan_report_load1_noabort+0x18/0x20
[   18.311259]  mempool_oob_right_helper+0x318/0x380
[   18.311287]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   18.311319]  ? finish_task_switch.isra.0+0x153/0x700
[   18.311352]  mempool_slab_oob_right+0xed/0x140
[   18.311377]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   18.311398]  ? dequeue_task_fair+0x166/0x4e0
[   18.311425]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   18.311450]  ? __pfx_mempool_free_slab+0x10/0x10
[   18.311476]  ? __pfx_read_tsc+0x10/0x10
[   18.311499]  ? ktime_get_ts64+0x86/0x230
[   18.311530]  kunit_try_run_case+0x1a5/0x480
[   18.311560]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.311583]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.311611]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.311679]  ? __kthread_parkme+0x82/0x180
[   18.311706]  ? preempt_count_sub+0x50/0x80
[   18.311736]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.311904]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.311934]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.311961]  kthread+0x337/0x6f0
[   18.311981]  ? trace_preempt_on+0x20/0xc0
[   18.312011]  ? __pfx_kthread+0x10/0x10
[   18.312032]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.312058]  ? calculate_sigpending+0x7b/0xa0
[   18.312085]  ? __pfx_kthread+0x10/0x10
[   18.312128]  ret_from_fork+0x41/0x80
[   18.312157]  ? __pfx_kthread+0x10/0x10
[   18.312193]  ret_from_fork_asm+0x1a/0x30
[   18.312580]  </TASK>
[   18.312609] 
[   18.322725] Allocated by task 246:
[   18.323053]  kasan_save_stack+0x45/0x70
[   18.323503]  kasan_save_track+0x18/0x40
[   18.323723]  kasan_save_alloc_info+0x3b/0x50
[   18.323906]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   18.324052]  remove_element+0x11e/0x190
[   18.324171]  mempool_alloc_preallocated+0x4d/0x90
[   18.324346]  mempool_oob_right_helper+0x8a/0x380
[   18.324711]  mempool_slab_oob_right+0xed/0x140
[   18.325933]  kunit_try_run_case+0x1a5/0x480
[   18.326399]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.326844]  kthread+0x337/0x6f0
[   18.327257]  ret_from_fork+0x41/0x80
[   18.327495]  ret_from_fork_asm+0x1a/0x30
[   18.327848] 
[   18.327995] The buggy address belongs to the object at ffff888102b40240
[   18.327995]  which belongs to the cache test_cache of size 123
[   18.328668] The buggy address is located 0 bytes to the right of
[   18.328668]  allocated 123-byte region [ffff888102b40240, ffff888102b402bb)
[   18.329701] 
[   18.329995] The buggy address belongs to the physical page:
[   18.330263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40
[   18.330800] flags: 0x200000000000000(node=0|zone=2)
[   18.331241] page_type: f5(slab)
[   18.331470] raw: 0200000000000000 ffff888102b3b140 dead000000000122 0000000000000000
[   18.332041] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   18.332581] page dumped because: kasan: bad access detected
[   18.332861] 
[   18.333022] Memory state around the buggy address:
[   18.333921]  ffff888102b40180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.334266]  ffff888102b40200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   18.334513] >ffff888102b40280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   18.334742]                                         ^
[   18.334935]  ffff888102b40300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.335147]  ffff888102b40380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.335364] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xxIi03DVYToIy9dKnbnDmUoyr6

job_id

TEST:linaro@lkft#2xxInfPddVDXGngffC9JR7X5Cmc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxInfPddVDXGngffC9JR7X5Cmc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/bzImage
sha256sum	fa931e11017c8ca987af58467ceac4cfbdb749e86f43584874b54f325b4fc4f3

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIk5ew4LuOqFkcEQccT7nGfYz/modules.tar.xz
sha256sum	7c34359c003080a3ab3b531ece9044002fd87f98de8d7cd8150985fcf69c24ac

durations

tests

boot	0
kunit	459.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit