lkft/linux-stable-rc-linux-6.15.y - v6.15.4-264-gf6977c36decb - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 4, 2025, 3:11 p.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   33.615574] ==================================================================
[   33.615752] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.615887] Read of size 1 at addr ffff000802778473 by task kunit_try_catch/270
[   33.622284] 
[   33.623771] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   33.623825] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.623843] Hardware name: WinLink E850-96 board (DT)
[   33.623863] Call trace:
[   33.623879]  show_stack+0x20/0x38 (C)
[   33.623914]  dump_stack_lvl+0x8c/0xd0
[   33.623952]  print_report+0x118/0x608
[   33.623982]  kasan_report+0xdc/0x128
[   33.624010]  __asan_report_load1_noabort+0x20/0x30
[   33.624046]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.624081]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.624116]  kunit_try_run_case+0x170/0x3f0
[   33.624153]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.624191]  kthread+0x328/0x630
[   33.624226]  ret_from_fork+0x10/0x20
[   33.624262] 
[   33.691815] Allocated by task 270:
[   33.695203]  kasan_save_stack+0x3c/0x68
[   33.699018]  kasan_save_track+0x20/0x40
[   33.702839]  kasan_save_alloc_info+0x40/0x58
[   33.707091]  __kasan_mempool_unpoison_object+0x11c/0x180
[   33.712386]  remove_element+0x130/0x1f8
[   33.716205]  mempool_alloc_preallocated+0x58/0xc0
[   33.720893]  mempool_oob_right_helper+0x98/0x2f0
[   33.725493]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.730180]  kunit_try_run_case+0x170/0x3f0
[   33.734347]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.739817]  kthread+0x328/0x630
[   33.743028]  ret_from_fork+0x10/0x20
[   33.746587] 
[   33.748065] The buggy address belongs to the object at ffff000802778400
[   33.748065]  which belongs to the cache kmalloc-128 of size 128
[   33.760566] The buggy address is located 0 bytes to the right of
[   33.760566]  allocated 115-byte region [ffff000802778400, ffff000802778473)
[   33.773496] 
[   33.774975] The buggy address belongs to the physical page:
[   33.780532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882778
[   33.788515] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.796155] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.803098] page_type: f5(slab)
[   33.806235] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   33.813954] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.821681] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000
[   33.829491] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.837309] head: 0bfffe0000000001 fffffdffe009de01 00000000ffffffff 00000000ffffffff
[   33.845116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.852923] page dumped because: kasan: bad access detected
[   33.858477] 
[   33.859953] Memory state around the buggy address:
[   33.864733]  ffff000802778300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.871936]  ffff000802778380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.879142] >ffff000802778400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.886342]                                                              ^
[   33.893203]  ffff000802778480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.900407]  ffff000802778500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.907611] ==================================================================
[   33.916578] ==================================================================
[   33.926537] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.934086] Read of size 1 at addr ffff000803262001 by task kunit_try_catch/272
[   33.941376] 
[   33.942862] CPU: 6 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   33.942921] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.942939] Hardware name: WinLink E850-96 board (DT)
[   33.942962] Call trace:
[   33.942975]  show_stack+0x20/0x38 (C)
[   33.943011]  dump_stack_lvl+0x8c/0xd0
[   33.943046]  print_report+0x118/0x608
[   33.943081]  kasan_report+0xdc/0x128
[   33.943110]  __asan_report_load1_noabort+0x20/0x30
[   33.943148]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.943184]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   33.943220]  kunit_try_run_case+0x170/0x3f0
[   33.943256]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.943293]  kthread+0x328/0x630
[   33.943329]  ret_from_fork+0x10/0x20
[   33.943365] 
[   34.011428] The buggy address belongs to the physical page:
[   34.016987] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883260
[   34.024970] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   34.032611] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   34.039551] page_type: f8(unknown)
[   34.042950] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   34.050668] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   34.058395] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   34.066206] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   34.074020] head: 0bfffe0000000002 fffffdffe00c9801 00000000ffffffff 00000000ffffffff
[   34.081832] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   34.089637] page dumped because: kasan: bad access detected
[   34.095192] 
[   34.096667] Memory state around the buggy address:
[   34.101448]  ffff000803261f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.108651]  ffff000803261f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.115859] >ffff000803262000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.123057]                    ^
[   34.126272]  ffff000803262080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.133477]  ffff000803262100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.140680] ==================================================================
[   34.150273] ==================================================================
[   34.160127] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   34.167677] Read of size 1 at addr ffff00080675f2bb by task kunit_try_catch/274
[   34.174967] 
[   34.176454] CPU: 7 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   34.176508] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.176525] Hardware name: WinLink E850-96 board (DT)
[   34.176546] Call trace:
[   34.176562]  show_stack+0x20/0x38 (C)
[   34.176596]  dump_stack_lvl+0x8c/0xd0
[   34.176635]  print_report+0x118/0x608
[   34.176663]  kasan_report+0xdc/0x128
[   34.176692]  __asan_report_load1_noabort+0x20/0x30
[   34.176727]  mempool_oob_right_helper+0x2ac/0x2f0
[   34.176763]  mempool_slab_oob_right+0xc0/0x118
[   34.176792]  kunit_try_run_case+0x170/0x3f0
[   34.176829]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.176866]  kthread+0x328/0x630
[   34.176902]  ret_from_fork+0x10/0x20
[   34.176936] 
[   34.244237] Allocated by task 274:
[   34.247625]  kasan_save_stack+0x3c/0x68
[   34.251440]  kasan_save_track+0x20/0x40
[   34.255260]  kasan_save_alloc_info+0x40/0x58
[   34.259513]  __kasan_mempool_unpoison_object+0xbc/0x180
[   34.264721]  remove_element+0x16c/0x1f8
[   34.268540]  mempool_alloc_preallocated+0x58/0xc0
[   34.273228]  mempool_oob_right_helper+0x98/0x2f0
[   34.277829]  mempool_slab_oob_right+0xc0/0x118
[   34.282256]  kunit_try_run_case+0x170/0x3f0
[   34.286422]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.291891]  kthread+0x328/0x630
[   34.295103]  ret_from_fork+0x10/0x20
[   34.298662] 
[   34.300139] The buggy address belongs to the object at ffff00080675f240
[   34.300139]  which belongs to the cache test_cache of size 123
[   34.312553] The buggy address is located 0 bytes to the right of
[   34.312553]  allocated 123-byte region [ffff00080675f240, ffff00080675f2bb)
[   34.325484] 
[   34.326964] The buggy address belongs to the physical page:
[   34.332519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88675f
[   34.340504] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   34.347013] page_type: f5(slab)
[   34.350151] raw: 0bfffe0000000000 ffff000801bca140 dead000000000122 0000000000000000
[   34.357871] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   34.365591] page dumped because: kasan: bad access detected
[   34.371143] 
[   34.372618] Memory state around the buggy address:
[   34.377401]  ffff00080675f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.384602]  ffff00080675f200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   34.391810] >ffff00080675f280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   34.399008]                                         ^
[   34.404046]  ffff00080675f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.411251]  ffff00080675f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.418453] ==================================================================

Metadata Full log Test run details

[   17.505589] ==================================================================
[   17.505679] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   17.505751] Read of size 1 at addr fff00000c6eca473 by task kunit_try_catch/226
[   17.505801] 
[   17.505842] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   17.505928] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.505955] Hardware name: linux,dummy-virt (DT)
[   17.505994] Call trace:
[   17.506018]  show_stack+0x20/0x38 (C)
[   17.506069]  dump_stack_lvl+0x8c/0xd0
[   17.506120]  print_report+0x118/0x608
[   17.506163]  kasan_report+0xdc/0x128
[   17.506207]  __asan_report_load1_noabort+0x20/0x30
[   17.506256]  mempool_oob_right_helper+0x2ac/0x2f0
[   17.506306]  mempool_kmalloc_oob_right+0xc4/0x120
[   17.506356]  kunit_try_run_case+0x170/0x3f0
[   17.506406]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.506458]  kthread+0x328/0x630
[   17.506504]  ret_from_fork+0x10/0x20
[   17.506553] 
[   17.506571] Allocated by task 226:
[   17.506601]  kasan_save_stack+0x3c/0x68
[   17.506652]  kasan_save_track+0x20/0x40
[   17.506689]  kasan_save_alloc_info+0x40/0x58
[   17.506727]  __kasan_mempool_unpoison_object+0x11c/0x180
[   17.506769]  remove_element+0x130/0x1f8
[   17.506809]  mempool_alloc_preallocated+0x58/0xc0
[   17.506851]  mempool_oob_right_helper+0x98/0x2f0
[   17.506891]  mempool_kmalloc_oob_right+0xc4/0x120
[   17.506933]  kunit_try_run_case+0x170/0x3f0
[   17.506972]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.507014]  kthread+0x328/0x630
[   17.507050]  ret_from_fork+0x10/0x20
[   17.507084] 
[   17.507103] The buggy address belongs to the object at fff00000c6eca400
[   17.507103]  which belongs to the cache kmalloc-128 of size 128
[   17.507159] The buggy address is located 0 bytes to the right of
[   17.507159]  allocated 115-byte region [fff00000c6eca400, fff00000c6eca473)
[   17.507222] 
[   17.507243] The buggy address belongs to the physical page:
[   17.507275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106eca
[   17.507328] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.507378] page_type: f5(slab)
[   17.507421] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.507470] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.507512] page dumped because: kasan: bad access detected
[   17.507544] 
[   17.507561] Memory state around the buggy address:
[   17.507596]  fff00000c6eca300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.507651]  fff00000c6eca380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.507695] >fff00000c6eca400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   17.507733]                                                              ^
[   17.507772]  fff00000c6eca480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.507815]  fff00000c6eca500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   17.507852] ==================================================================
[   17.517281] ==================================================================
[   17.517345] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   17.517402] Read of size 1 at addr fff00000c784a001 by task kunit_try_catch/228
[   17.517451] 
[   17.517485] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   17.517566] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.517594] Hardware name: linux,dummy-virt (DT)
[   17.517625] Call trace:
[   17.517664]  show_stack+0x20/0x38 (C)
[   17.517713]  dump_stack_lvl+0x8c/0xd0
[   17.517760]  print_report+0x118/0x608
[   17.517802]  kasan_report+0xdc/0x128
[   17.517845]  __asan_report_load1_noabort+0x20/0x30
[   17.517895]  mempool_oob_right_helper+0x2ac/0x2f0
[   17.517942]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   17.518067]  kunit_try_run_case+0x170/0x3f0
[   17.518136]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.518189]  kthread+0x328/0x630
[   17.518665]  ret_from_fork+0x10/0x20
[   17.519011] 
[   17.519134] The buggy address belongs to the physical page:
[   17.519266] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.519363] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.519583] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.519760] page_type: f8(unknown)
[   17.519808] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.520007] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.520407] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.520586] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.520675] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.520733] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.520883] page dumped because: kasan: bad access detected
[   17.520959] 
[   17.521027] Memory state around the buggy address:
[   17.521059]  fff00000c7849f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.521244]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.521435] >fff00000c784a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.521476]                    ^
[   17.521503]  fff00000c784a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.521544]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.521583] ==================================================================
[   17.539229] ==================================================================
[   17.539293] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   17.539347] Read of size 1 at addr fff00000c79332bb by task kunit_try_catch/230
[   17.539396] 
[   17.539429] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT 
[   17.539512] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.539540] Hardware name: linux,dummy-virt (DT)
[   17.540009] Call trace:
[   17.540048]  show_stack+0x20/0x38 (C)
[   17.540225]  dump_stack_lvl+0x8c/0xd0
[   17.540569]  print_report+0x118/0x608
[   17.540958]  kasan_report+0xdc/0x128
[   17.541429]  __asan_report_load1_noabort+0x20/0x30
[   17.542252]  mempool_oob_right_helper+0x2ac/0x2f0
[   17.542469]  mempool_slab_oob_right+0xc0/0x118
[   17.542532]  kunit_try_run_case+0x170/0x3f0
[   17.542898]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.543276]  kthread+0x328/0x630
[   17.543526]  ret_from_fork+0x10/0x20
[   17.543893] 
[   17.543918] Allocated by task 230:
[   17.544098]  kasan_save_stack+0x3c/0x68
[   17.544312]  kasan_save_track+0x20/0x40
[   17.544376]  kasan_save_alloc_info+0x40/0x58
[   17.544416]  __kasan_mempool_unpoison_object+0xbc/0x180
[   17.544464]  remove_element+0x16c/0x1f8
[   17.544504]  mempool_alloc_preallocated+0x58/0xc0
[   17.544546]  mempool_oob_right_helper+0x98/0x2f0
[   17.544585]  mempool_slab_oob_right+0xc0/0x118
[   17.544622]  kunit_try_run_case+0x170/0x3f0
[   17.544668]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.545757]  kthread+0x328/0x630
[   17.545808]  ret_from_fork+0x10/0x20
[   17.545844] 
[   17.545867] The buggy address belongs to the object at fff00000c7933240
[   17.545867]  which belongs to the cache test_cache of size 123
[   17.546195] The buggy address is located 0 bytes to the right of
[   17.546195]  allocated 123-byte region [fff00000c7933240, fff00000c79332bb)
[   17.546651] 
[   17.546681] The buggy address belongs to the physical page:
[   17.547053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107933
[   17.547334] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.547577] page_type: f5(slab)
[   17.547693] raw: 0bfffe0000000000 fff00000c3eadb40 dead000000000122 0000000000000000
[   17.548168] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   17.548254] page dumped because: kasan: bad access detected
[   17.548288] 
[   17.548306] Memory state around the buggy address:
[   17.548349]  fff00000c7933180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.548393]  fff00000c7933200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   17.548435] >fff00000c7933280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   17.548490]                                         ^
[   17.548524]  fff00000c7933300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.549019]  fff00000c7933380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.549184] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zPnxoxgfqLIMGwIhjY8YiWerZe

job_id

TEST:linaro@lkft#2zPo2I57qRsZQJxzVxwHE8t7FHh

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPo2I57qRsZQJxzVxwHE8t7FHh

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnyxYPiqABaJxZ9acDEOmmQzx/Image.gz
sha256sum	327dd0d804120b39f71c58ea91214999e4c5cabcfe180191381a33c73e5cbb20

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnyxYPiqABaJxZ9acDEOmmQzx/modules.tar.xz
sha256sum	3cea64824b7650c49ea1931a18dc99c6bfdf185eb87f64d9aba8bc6614673c1b

durations

tests

boot	0
kunit	198.30

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.029084] ==================================================================
[   16.029659] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   16.029998] Read of size 1 at addr ffff8881029e5d73 by task kunit_try_catch/242
[   16.030973] 
[   16.031242] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT(voluntary) 
[   16.031373] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.031404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.031457] Call Trace:
[   16.031489]  <TASK>
[   16.031675]  dump_stack_lvl+0x73/0xb0
[   16.031763]  print_report+0xd1/0x650
[   16.031815]  ? __virt_addr_valid+0x1db/0x2d0
[   16.031865]  ? mempool_oob_right_helper+0x318/0x380
[   16.031911]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.031960]  ? mempool_oob_right_helper+0x318/0x380
[   16.032002]  kasan_report+0x141/0x180
[   16.032080]  ? mempool_oob_right_helper+0x318/0x380
[   16.032150]  __asan_report_load1_noabort+0x18/0x20
[   16.032197]  mempool_oob_right_helper+0x318/0x380
[   16.032250]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   16.032303]  ? dequeue_entities+0x852/0x1740
[   16.032379]  ? finish_task_switch.isra.0+0x153/0x700
[   16.032493]  mempool_kmalloc_oob_right+0xf2/0x150
[   16.032540]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   16.032573]  ? dequeue_task_fair+0x166/0x4e0
[   16.032598]  ? __pfx_mempool_kmalloc+0x10/0x10
[   16.032622]  ? __pfx_mempool_kfree+0x10/0x10
[   16.032646]  ? __pfx_read_tsc+0x10/0x10
[   16.032668]  ? ktime_get_ts64+0x86/0x230
[   16.032696]  kunit_try_run_case+0x1a5/0x480
[   16.032725]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.032747]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.032773]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.032799]  ? __kthread_parkme+0x82/0x180
[   16.032824]  ? preempt_count_sub+0x50/0x80
[   16.032850]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.032874]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.032898]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.032922]  kthread+0x337/0x6f0
[   16.032941]  ? trace_preempt_on+0x20/0xc0
[   16.032966]  ? __pfx_kthread+0x10/0x10
[   16.032986]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.033009]  ? calculate_sigpending+0x7b/0xa0
[   16.033048]  ? __pfx_kthread+0x10/0x10
[   16.033073]  ret_from_fork+0x41/0x80
[   16.033104]  ? __pfx_kthread+0x10/0x10
[   16.033125]  ret_from_fork_asm+0x1a/0x30
[   16.033160]  </TASK>
[   16.033175] 
[   16.046798] Allocated by task 242:
[   16.047009]  kasan_save_stack+0x45/0x70
[   16.047219]  kasan_save_track+0x18/0x40
[   16.047402]  kasan_save_alloc_info+0x3b/0x50
[   16.047575]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   16.047761]  remove_element+0x11e/0x190
[   16.047911]  mempool_alloc_preallocated+0x4d/0x90
[   16.048093]  mempool_oob_right_helper+0x8a/0x380
[   16.048462]  mempool_kmalloc_oob_right+0xf2/0x150
[   16.048678]  kunit_try_run_case+0x1a5/0x480
[   16.048867]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.049093]  kthread+0x337/0x6f0
[   16.049249]  ret_from_fork+0x41/0x80
[   16.049440]  ret_from_fork_asm+0x1a/0x30
[   16.049621] 
[   16.051294] The buggy address belongs to the object at ffff8881029e5d00
[   16.051294]  which belongs to the cache kmalloc-128 of size 128
[   16.051759] The buggy address is located 0 bytes to the right of
[   16.051759]  allocated 115-byte region [ffff8881029e5d00, ffff8881029e5d73)
[   16.052283] 
[   16.052880] The buggy address belongs to the physical page:
[   16.055485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5
[   16.055817] flags: 0x200000000000000(node=0|zone=2)
[   16.056056] page_type: f5(slab)
[   16.057757] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   16.058849] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.059892] page dumped because: kasan: bad access detected
[   16.060119] 
[   16.060231] Memory state around the buggy address:
[   16.060477]  ffff8881029e5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.060735]  ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.061705] >ffff8881029e5d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   16.061998]                                                              ^
[   16.062438]  ffff8881029e5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.062907]  ffff8881029e5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   16.063287] ==================================================================
[   16.111085] ==================================================================
[   16.111630] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   16.112453] Read of size 1 at addr ffff8881026102bb by task kunit_try_catch/246
[   16.113175] 
[   16.113482] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT(voluntary) 
[   16.113765] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.113785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.113815] Call Trace:
[   16.113833]  <TASK>
[   16.113862]  dump_stack_lvl+0x73/0xb0
[   16.113906]  print_report+0xd1/0x650
[   16.113938]  ? __virt_addr_valid+0x1db/0x2d0
[   16.113968]  ? mempool_oob_right_helper+0x318/0x380
[   16.113996]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.114023]  ? mempool_oob_right_helper+0x318/0x380
[   16.114050]  kasan_report+0x141/0x180
[   16.114104]  ? mempool_oob_right_helper+0x318/0x380
[   16.114138]  __asan_report_load1_noabort+0x18/0x20
[   16.114163]  mempool_oob_right_helper+0x318/0x380
[   16.114192]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   16.114228]  mempool_slab_oob_right+0xed/0x140
[   16.114253]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   16.114276]  ? dequeue_task_fair+0x166/0x4e0
[   16.114306]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   16.114349]  ? __pfx_mempool_free_slab+0x10/0x10
[   16.114382]  ? __pfx_read_tsc+0x10/0x10
[   16.114406]  ? ktime_get_ts64+0x86/0x230
[   16.114437]  kunit_try_run_case+0x1a5/0x480
[   16.114468]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.114494]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.114524]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.114552]  ? __kthread_parkme+0x82/0x180
[   16.114581]  ? preempt_count_sub+0x50/0x80
[   16.114612]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.114638]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.114665]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.114691]  kthread+0x337/0x6f0
[   16.114714]  ? trace_preempt_on+0x20/0xc0
[   16.114742]  ? __pfx_kthread+0x10/0x10
[   16.114765]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.114791]  ? calculate_sigpending+0x7b/0xa0
[   16.114818]  ? __pfx_kthread+0x10/0x10
[   16.114841]  ret_from_fork+0x41/0x80
[   16.114865]  ? __pfx_kthread+0x10/0x10
[   16.114886]  ret_from_fork_asm+0x1a/0x30
[   16.114923]  </TASK>
[   16.114936] 
[   16.126266] Allocated by task 246:
[   16.126531]  kasan_save_stack+0x45/0x70
[   16.126869]  kasan_save_track+0x18/0x40
[   16.127126]  kasan_save_alloc_info+0x3b/0x50
[   16.127328]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   16.127850]  remove_element+0x11e/0x190
[   16.128247]  mempool_alloc_preallocated+0x4d/0x90
[   16.128551]  mempool_oob_right_helper+0x8a/0x380
[   16.128827]  mempool_slab_oob_right+0xed/0x140
[   16.129033]  kunit_try_run_case+0x1a5/0x480
[   16.129419]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.129869]  kthread+0x337/0x6f0
[   16.130186]  ret_from_fork+0x41/0x80
[   16.130418]  ret_from_fork_asm+0x1a/0x30
[   16.130700] 
[   16.130868] The buggy address belongs to the object at ffff888102610240
[   16.130868]  which belongs to the cache test_cache of size 123
[   16.131442] The buggy address is located 0 bytes to the right of
[   16.131442]  allocated 123-byte region [ffff888102610240, ffff8881026102bb)
[   16.131881] 
[   16.132015] The buggy address belongs to the physical page:
[   16.132468] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102610
[   16.133251] flags: 0x200000000000000(node=0|zone=2)
[   16.133689] page_type: f5(slab)
[   16.134033] raw: 0200000000000000 ffff8881016a0dc0 dead000000000122 0000000000000000
[   16.134538] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   16.134819] page dumped because: kasan: bad access detected
[   16.135038] 
[   16.135252] Memory state around the buggy address:
[   16.135663]  ffff888102610180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.136467]  ffff888102610200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   16.136917] >ffff888102610280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   16.137451]                                         ^
[   16.137854]  ffff888102610300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.138154]  ffff888102610380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.138938] ==================================================================
[   16.071032] ==================================================================
[   16.072259] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   16.072959] Read of size 1 at addr ffff888102b1e001 by task kunit_try_catch/244
[   16.073602] 
[   16.074025] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc2 #1 PREEMPT(voluntary) 
[   16.074487] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.074521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.074569] Call Trace:
[   16.074596]  <TASK>
[   16.074634]  dump_stack_lvl+0x73/0xb0
[   16.074685]  print_report+0xd1/0x650
[   16.074716]  ? __virt_addr_valid+0x1db/0x2d0
[   16.074745]  ? mempool_oob_right_helper+0x318/0x380
[   16.074773]  ? kasan_addr_to_slab+0x11/0xa0
[   16.074798]  ? mempool_oob_right_helper+0x318/0x380
[   16.074825]  kasan_report+0x141/0x180
[   16.074851]  ? mempool_oob_right_helper+0x318/0x380
[   16.074884]  __asan_report_load1_noabort+0x18/0x20
[   16.074908]  mempool_oob_right_helper+0x318/0x380
[   16.074935]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   16.074961]  ? update_load_avg+0x1be/0x21b0
[   16.074986]  ? dequeue_entities+0x27e/0x1740
[   16.075013]  ? finish_task_switch.isra.0+0x153/0x700
[   16.075044]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   16.075080]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   16.075121]  ? dequeue_task_fair+0x166/0x4e0
[   16.075151]  ? __pfx_mempool_kmalloc+0x10/0x10
[   16.075177]  ? __pfx_mempool_kfree+0x10/0x10
[   16.075205]  ? __pfx_read_tsc+0x10/0x10
[   16.075243]  ? ktime_get_ts64+0x86/0x230
[   16.075289]  kunit_try_run_case+0x1a5/0x480
[   16.075349]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.075390]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.075437]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.075466]  ? __kthread_parkme+0x82/0x180
[   16.075494]  ? preempt_count_sub+0x50/0x80
[   16.075523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.075550]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.075576]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.075602]  kthread+0x337/0x6f0
[   16.075623]  ? trace_preempt_on+0x20/0xc0
[   16.075652]  ? __pfx_kthread+0x10/0x10
[   16.075673]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.075699]  ? calculate_sigpending+0x7b/0xa0
[   16.075726]  ? __pfx_kthread+0x10/0x10
[   16.075748]  ret_from_fork+0x41/0x80
[   16.075772]  ? __pfx_kthread+0x10/0x10
[   16.075792]  ret_from_fork_asm+0x1a/0x30
[   16.075831]  </TASK>
[   16.075844] 
[   16.092156] The buggy address belongs to the physical page:
[   16.092789] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b1c
[   16.093351] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.093966] flags: 0x200000000000040(head|node=0|zone=2)
[   16.094241] page_type: f8(unknown)
[   16.095372] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.095790] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.096447] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.096848] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.097632] head: 0200000000000002 ffffea00040ac701 00000000ffffffff 00000000ffffffff
[   16.098008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.098930] page dumped because: kasan: bad access detected
[   16.099415] 
[   16.099761] Memory state around the buggy address:
[   16.100093]  ffff888102b1df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.100817]  ffff888102b1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.101530] >ffff888102b1e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.101855]                    ^
[   16.102172]  ffff888102b1e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.102489]  ffff888102b1e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.102801] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zPnxoxgfqLIMGwIhjY8YiWerZe

job_id

TEST:linaro@lkft#2zPo3RZe7grS5yLm55QkyFHIkn0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPo3RZe7grS5yLm55QkyFHIkn0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnzwF9jjL8P9H5BeuK4WBSmEv/bzImage
sha256sum	ad643dbfee32e66584e4c9d2c429659c8ba2676d0810f502308fa285c8cd4500

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPnzwF9jjL8P9H5BeuK4WBSmEv/modules.tar.xz
sha256sum	35aeffff45a548f53709515ae42e284c9946c48678590a5b06349aef329add80

durations

tests

boot	0
kunit	392.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit