lkft/linux-next-master - next-20250702 - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper

Date

July 2, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.970757] ==================================================================
[   32.970819] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340
[   32.970874] Read of size 1 at addr fff00000c9acc240 by task kunit_try_catch/264
[   32.972787] 
[   32.972902] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   32.973196] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.973231] Hardware name: linux,dummy-virt (DT)
[   32.973274] Call trace:
[   32.973299]  show_stack+0x20/0x38 (C)
[   32.973352]  dump_stack_lvl+0x8c/0xd0
[   32.973401]  print_report+0x118/0x608
[   32.973836]  kasan_report+0xdc/0x128
[   32.974095]  __asan_report_load1_noabort+0x20/0x30
[   32.974348]  mempool_uaf_helper+0x314/0x340
[   32.974663]  mempool_slab_uaf+0xc0/0x118
[   32.975030]  kunit_try_run_case+0x170/0x3f0
[   32.975735]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.976285]  kthread+0x328/0x630
[   32.976448]  ret_from_fork+0x10/0x20
[   32.976582] 
[   32.976940] Allocated by task 264:
[   32.976980]  kasan_save_stack+0x3c/0x68
[   32.977262]  kasan_save_track+0x20/0x40
[   32.977305]  kasan_save_alloc_info+0x40/0x58
[   32.977343]  __kasan_mempool_unpoison_object+0xbc/0x180
[   32.977771]  remove_element+0x16c/0x1f8
[   32.977901]  mempool_alloc_preallocated+0x58/0xc0
[   32.978053]  mempool_uaf_helper+0xa4/0x340
[   32.978406]  mempool_slab_uaf+0xc0/0x118
[   32.978463]  kunit_try_run_case+0x170/0x3f0
[   32.978612]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.978693]  kthread+0x328/0x630
[   32.978738]  ret_from_fork+0x10/0x20
[   32.979032] 
[   32.979296] Freed by task 264:
[   32.979687]  kasan_save_stack+0x3c/0x68
[   32.979750]  kasan_save_track+0x20/0x40
[   32.979792]  kasan_save_free_info+0x4c/0x78
[   32.979827]  __kasan_mempool_poison_object+0xc0/0x150
[   32.979869]  mempool_free+0x28c/0x328
[   32.979907]  mempool_uaf_helper+0x104/0x340
[   32.980871]  mempool_slab_uaf+0xc0/0x118
[   32.981133]  kunit_try_run_case+0x170/0x3f0
[   32.981205]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.981529]  kthread+0x328/0x630
[   32.981579]  ret_from_fork+0x10/0x20
[   32.981618] 
[   32.981639] The buggy address belongs to the object at fff00000c9acc240
[   32.981639]  which belongs to the cache test_cache of size 123
[   32.981698] The buggy address is located 0 bytes inside of
[   32.981698]  freed 123-byte region [fff00000c9acc240, fff00000c9acc2bb)
[   32.981759] 
[   32.981782] The buggy address belongs to the physical page:
[   32.981816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109acc
[   32.982738] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.982797] page_type: f5(slab)
[   32.983117] raw: 0bfffe0000000000 fff00000c3fa2a00 dead000000000122 0000000000000000
[   32.983492] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   32.983666] page dumped because: kasan: bad access detected
[   32.983702] 
[   32.983732] Memory state around the buggy address:
[   32.983934]  fff00000c9acc100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.983982]  fff00000c9acc180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.984488] >fff00000c9acc200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   32.984606]                                            ^
[   32.984971]  fff00000c9acc280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.985019]  fff00000c9acc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.985058] ==================================================================
[   32.924790] ==================================================================
[   32.925092] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340
[   32.925323] Read of size 1 at addr fff00000c91f0900 by task kunit_try_catch/260
[   32.925527] 
[   32.925567] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   32.925663] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.925691] Hardware name: linux,dummy-virt (DT)
[   32.925724] Call trace:
[   32.926295]  show_stack+0x20/0x38 (C)
[   32.926622]  dump_stack_lvl+0x8c/0xd0
[   32.927037]  print_report+0x118/0x608
[   32.927216]  kasan_report+0xdc/0x128
[   32.927274]  __asan_report_load1_noabort+0x20/0x30
[   32.927485]  mempool_uaf_helper+0x314/0x340
[   32.927539]  mempool_kmalloc_uaf+0xc4/0x120
[   32.927645]  kunit_try_run_case+0x170/0x3f0
[   32.927699]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.927901]  kthread+0x328/0x630
[   32.928348]  ret_from_fork+0x10/0x20
[   32.928409] 
[   32.928739] Allocated by task 260:
[   32.928776]  kasan_save_stack+0x3c/0x68
[   32.928820]  kasan_save_track+0x20/0x40
[   32.928857]  kasan_save_alloc_info+0x40/0x58
[   32.929319]  __kasan_mempool_unpoison_object+0x11c/0x180
[   32.929382]  remove_element+0x130/0x1f8
[   32.929648]  mempool_alloc_preallocated+0x58/0xc0
[   32.930024]  mempool_uaf_helper+0xa4/0x340
[   32.930069]  mempool_kmalloc_uaf+0xc4/0x120
[   32.930108]  kunit_try_run_case+0x170/0x3f0
[   32.930146]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.930198]  kthread+0x328/0x630
[   32.930234]  ret_from_fork+0x10/0x20
[   32.930270] 
[   32.930290] Freed by task 260:
[   32.930844]  kasan_save_stack+0x3c/0x68
[   32.930906]  kasan_save_track+0x20/0x40
[   32.930990]  kasan_save_free_info+0x4c/0x78
[   32.931098]  __kasan_mempool_poison_object+0xc0/0x150
[   32.931142]  mempool_free+0x28c/0x328
[   32.931535]  mempool_uaf_helper+0x104/0x340
[   32.931719]  mempool_kmalloc_uaf+0xc4/0x120
[   32.931785]  kunit_try_run_case+0x170/0x3f0
[   32.931826]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.932092]  kthread+0x328/0x630
[   32.932409]  ret_from_fork+0x10/0x20
[   32.932561] 
[   32.932583] The buggy address belongs to the object at fff00000c91f0900
[   32.932583]  which belongs to the cache kmalloc-128 of size 128
[   32.932842] The buggy address is located 0 bytes inside of
[   32.932842]  freed 128-byte region [fff00000c91f0900, fff00000c91f0980)
[   32.933143] 
[   32.933293] The buggy address belongs to the physical page:
[   32.933519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091f0
[   32.933607] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.933951] page_type: f5(slab)
[   32.934113] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.934409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.934460] page dumped because: kasan: bad access detected
[   32.934721] 
[   32.934758] Memory state around the buggy address:
[   32.935074]  fff00000c91f0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.935340]  fff00000c91f0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.935385] >fff00000c91f0900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.935584]                    ^
[   32.935620]  fff00000c91f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.935959]  fff00000c91f0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.936001] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjafLF9SmbRpQYzvYRsbAp7df

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjafLF9SmbRpQYzvYRsbAp7df

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/Image.gz
sha256sum	85c5f8492d02f00134559b4c525d8c115890fb18f9f1a98f66474795be2b220c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjX2doCXR4zeonnwBjJk8bBMH/modules.tar.xz
sha256sum	1d59f082c2851f878fb4e179ce3326e01ee1a06bb2287f35b0c3c51598de1e42

durations

tests

boot	0
kunit	162.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   34.800286] ==================================================================
[   34.800355] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340
[   34.800412] Read of size 1 at addr fff00000c8806240 by task kunit_try_catch/262
[   34.800463] 
[   34.800497] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   34.800794] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.800923] Hardware name: linux,dummy-virt (DT)
[   34.801063] Call trace:
[   34.801152]  show_stack+0x20/0x38 (C)
[   34.801280]  dump_stack_lvl+0x8c/0xd0
[   34.801356]  print_report+0x118/0x608
[   34.801516]  kasan_report+0xdc/0x128
[   34.801604]  __asan_report_load1_noabort+0x20/0x30
[   34.801728]  mempool_uaf_helper+0x314/0x340
[   34.801788]  mempool_slab_uaf+0xc0/0x118
[   34.801862]  kunit_try_run_case+0x170/0x3f0
[   34.802166]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.802302]  kthread+0x328/0x630
[   34.802385]  ret_from_fork+0x10/0x20
[   34.802472] 
[   34.802568] Allocated by task 262:
[   34.802628]  kasan_save_stack+0x3c/0x68
[   34.802684]  kasan_save_track+0x20/0x40
[   34.802730]  kasan_save_alloc_info+0x40/0x58
[   34.803021]  __kasan_mempool_unpoison_object+0xbc/0x180
[   34.803142]  remove_element+0x16c/0x1f8
[   34.803228]  mempool_alloc_preallocated+0x58/0xc0
[   34.803283]  mempool_uaf_helper+0xa4/0x340
[   34.803622]  mempool_slab_uaf+0xc0/0x118
[   34.803708]  kunit_try_run_case+0x170/0x3f0
[   34.803813]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.803899]  kthread+0x328/0x630
[   34.804022]  ret_from_fork+0x10/0x20
[   34.804090] 
[   34.804215] Freed by task 262:
[   34.804276]  kasan_save_stack+0x3c/0x68
[   34.804354]  kasan_save_track+0x20/0x40
[   34.804527]  kasan_save_free_info+0x4c/0x78
[   34.804798]  __kasan_mempool_poison_object+0xc0/0x150
[   34.804907]  mempool_free+0x28c/0x328
[   34.804967]  mempool_uaf_helper+0x104/0x340
[   34.805037]  mempool_slab_uaf+0xc0/0x118
[   34.805147]  kunit_try_run_case+0x170/0x3f0
[   34.805258]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.805387]  kthread+0x328/0x630
[   34.805468]  ret_from_fork+0x10/0x20
[   34.805557] 
[   34.805653] The buggy address belongs to the object at fff00000c8806240
[   34.805653]  which belongs to the cache test_cache of size 123
[   34.805726] The buggy address is located 0 bytes inside of
[   34.805726]  freed 123-byte region [fff00000c8806240, fff00000c88062bb)
[   34.805955] 
[   34.806037] The buggy address belongs to the physical page:
[   34.806184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108806
[   34.806311] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   34.806398] page_type: f5(slab)
[   34.806471] raw: 0bfffe0000000000 fff00000c5711dc0 dead000000000122 0000000000000000
[   34.806591] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   34.806660] page dumped because: kasan: bad access detected
[   34.806900] 
[   34.806930] Memory state around the buggy address:
[   34.806965]  fff00000c8806100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   34.807009]  fff00000c8806180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.807059] >fff00000c8806200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   34.807124]                                            ^
[   34.807191]  fff00000c8806280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   34.807287]  fff00000c8806300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.807361] ==================================================================
[   34.773504] ==================================================================
[   34.773742] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340
[   34.773885] Read of size 1 at addr fff00000c8dbd400 by task kunit_try_catch/258
[   34.773962] 
[   34.774006] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT 
[   34.774191] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.774242] Hardware name: linux,dummy-virt (DT)
[   34.774279] Call trace:
[   34.774309]  show_stack+0x20/0x38 (C)
[   34.774421]  dump_stack_lvl+0x8c/0xd0
[   34.774486]  print_report+0x118/0x608
[   34.774661]  kasan_report+0xdc/0x128
[   34.774724]  __asan_report_load1_noabort+0x20/0x30
[   34.774826]  mempool_uaf_helper+0x314/0x340
[   34.774895]  mempool_kmalloc_uaf+0xc4/0x120
[   34.774952]  kunit_try_run_case+0x170/0x3f0
[   34.775016]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.775113]  kthread+0x328/0x630
[   34.775190]  ret_from_fork+0x10/0x20
[   34.775457] 
[   34.775522] Allocated by task 258:
[   34.775664]  kasan_save_stack+0x3c/0x68
[   34.775723]  kasan_save_track+0x20/0x40
[   34.775810]  kasan_save_alloc_info+0x40/0x58
[   34.775861]  __kasan_mempool_unpoison_object+0x11c/0x180
[   34.775905]  remove_element+0x130/0x1f8
[   34.776045]  mempool_alloc_preallocated+0x58/0xc0
[   34.776091]  mempool_uaf_helper+0xa4/0x340
[   34.776130]  mempool_kmalloc_uaf+0xc4/0x120
[   34.776182]  kunit_try_run_case+0x170/0x3f0
[   34.776223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.776268]  kthread+0x328/0x630
[   34.776367]  ret_from_fork+0x10/0x20
[   34.776440] 
[   34.776548] Freed by task 258:
[   34.776619]  kasan_save_stack+0x3c/0x68
[   34.776738]  kasan_save_track+0x20/0x40
[   34.776807]  kasan_save_free_info+0x4c/0x78
[   34.776892]  __kasan_mempool_poison_object+0xc0/0x150
[   34.776974]  mempool_free+0x28c/0x328
[   34.777034]  mempool_uaf_helper+0x104/0x340
[   34.777178]  mempool_kmalloc_uaf+0xc4/0x120
[   34.777220]  kunit_try_run_case+0x170/0x3f0
[   34.777273]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.777495]  kthread+0x328/0x630
[   34.777531]  ret_from_fork+0x10/0x20
[   34.777568] 
[   34.777598] The buggy address belongs to the object at fff00000c8dbd400
[   34.777598]  which belongs to the cache kmalloc-128 of size 128
[   34.777673] The buggy address is located 0 bytes inside of
[   34.777673]  freed 128-byte region [fff00000c8dbd400, fff00000c8dbd480)
[   34.777788] 
[   34.777828] The buggy address belongs to the physical page:
[   34.777912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108dbd
[   34.778028] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   34.778092] page_type: f5(slab)
[   34.778139] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   34.778203] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   34.778245] page dumped because: kasan: bad access detected
[   34.778282] 
[   34.778300] Memory state around the buggy address:
[   34.778343]  fff00000c8dbd300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.778398]  fff00000c8dbd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.778470] >fff00000c8dbd400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.778510]                    ^
[   34.778539]  fff00000c8dbd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.778583]  fff00000c8dbd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.778623] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgVNbTMWSdgH2toga97GQ1Q7f

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgVNbTMWSdgH2toga97GQ1Q7f

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/Image.gz
sha256sum	0bc9f899cfd087a8afeca5d2e97cbfde074f219701c595cf032b0638edac4ebb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgRtf8Z6sIAbl985f65Rf9q1j/modules.tar.xz
sha256sum	a7c57519c6dd39ab91f2f3c11d9473bcddc038b16e47bd1dafe42a18ff05f66f

durations

tests

boot	0
kunit	166.37

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.847379] ==================================================================
[   24.847803] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400
[   24.848846] Read of size 1 at addr ffff888103b7e400 by task kunit_try_catch/276
[   24.849889] 
[   24.850261] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   24.850324] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.850338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.850363] Call Trace:
[   24.850379]  <TASK>
[   24.850400]  dump_stack_lvl+0x73/0xb0
[   24.850437]  print_report+0xd1/0x650
[   24.850462]  ? __virt_addr_valid+0x1db/0x2d0
[   24.850488]  ? mempool_uaf_helper+0x392/0x400
[   24.850510]  ? kasan_complete_mode_report_info+0x64/0x200
[   24.850536]  ? mempool_uaf_helper+0x392/0x400
[   24.850558]  kasan_report+0x141/0x180
[   24.850579]  ? mempool_uaf_helper+0x392/0x400
[   24.850605]  __asan_report_load1_noabort+0x18/0x20
[   24.850629]  mempool_uaf_helper+0x392/0x400
[   24.850651]  ? __pfx_mempool_uaf_helper+0x10/0x10
[   24.850674]  ? __kasan_check_write+0x18/0x20
[   24.850697]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.850720]  ? finish_task_switch.isra.0+0x153/0x700
[   24.850747]  mempool_kmalloc_uaf+0xef/0x140
[   24.850769]  ? __pfx_mempool_kmalloc_uaf+0x10/0x10
[   24.850793]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.850817]  ? __pfx_mempool_kfree+0x10/0x10
[   24.850841]  ? __pfx_read_tsc+0x10/0x10
[   24.850863]  ? ktime_get_ts64+0x86/0x230
[   24.850889]  kunit_try_run_case+0x1a5/0x480
[   24.850935]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.850959]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.850981]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.851003]  ? __kthread_parkme+0x82/0x180
[   24.851024]  ? preempt_count_sub+0x50/0x80
[   24.851047]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.851081]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.851105]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.851130]  kthread+0x337/0x6f0
[   24.851150]  ? trace_preempt_on+0x20/0xc0
[   24.851193]  ? __pfx_kthread+0x10/0x10
[   24.851215]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.851241]  ? calculate_sigpending+0x7b/0xa0
[   24.851266]  ? __pfx_kthread+0x10/0x10
[   24.851288]  ret_from_fork+0x116/0x1d0
[   24.851309]  ? __pfx_kthread+0x10/0x10
[   24.851330]  ret_from_fork_asm+0x1a/0x30
[   24.851361]  </TASK>
[   24.851375] 
[   24.863579] Allocated by task 276:
[   24.863897]  kasan_save_stack+0x45/0x70
[   24.864319]  kasan_save_track+0x18/0x40
[   24.864722]  kasan_save_alloc_info+0x3b/0x50
[   24.865181]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   24.865695]  remove_element+0x11e/0x190
[   24.866115]  mempool_alloc_preallocated+0x4d/0x90
[   24.866524]  mempool_uaf_helper+0x96/0x400
[   24.866949]  mempool_kmalloc_uaf+0xef/0x140
[   24.867399]  kunit_try_run_case+0x1a5/0x480
[   24.867881]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.868483]  kthread+0x337/0x6f0
[   24.868854]  ret_from_fork+0x116/0x1d0
[   24.869314]  ret_from_fork_asm+0x1a/0x30
[   24.869713] 
[   24.869872] Freed by task 276:
[   24.870266]  kasan_save_stack+0x45/0x70
[   24.870675]  kasan_save_track+0x18/0x40
[   24.871055]  kasan_save_free_info+0x3f/0x60
[   24.871525]  __kasan_mempool_poison_object+0x131/0x1d0
[   24.872102]  mempool_free+0x2ec/0x380
[   24.872474]  mempool_uaf_helper+0x11a/0x400
[   24.872726]  mempool_kmalloc_uaf+0xef/0x140
[   24.872875]  kunit_try_run_case+0x1a5/0x480
[   24.873207]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.873828]  kthread+0x337/0x6f0
[   24.874174]  ret_from_fork+0x116/0x1d0
[   24.874600]  ret_from_fork_asm+0x1a/0x30
[   24.874883] 
[   24.874967] The buggy address belongs to the object at ffff888103b7e400
[   24.874967]  which belongs to the cache kmalloc-128 of size 128
[   24.876112] The buggy address is located 0 bytes inside of
[   24.876112]  freed 128-byte region [ffff888103b7e400, ffff888103b7e480)
[   24.876943] 
[   24.877117] The buggy address belongs to the physical page:
[   24.877644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b7e
[   24.877941] flags: 0x200000000000000(node=0|zone=2)
[   24.878430] page_type: f5(slab)
[   24.878741] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.879457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.880103] page dumped because: kasan: bad access detected
[   24.880416] 
[   24.880497] Memory state around the buggy address:
[   24.880829]  ffff888103b7e300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.881463]  ffff888103b7e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.881760] >ffff888103b7e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.881995]                    ^
[   24.882289]  ffff888103b7e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.882952]  ffff888103b7e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.883671] ==================================================================
[   24.915297] ==================================================================
[   24.915795] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400
[   24.916151] Read of size 1 at addr ffff88810602a240 by task kunit_try_catch/280
[   24.916512] 
[   24.916711] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   24.916770] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.916784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.916810] Call Trace:
[   24.916825]  <TASK>
[   24.916847]  dump_stack_lvl+0x73/0xb0
[   24.916882]  print_report+0xd1/0x650
[   24.916906]  ? __virt_addr_valid+0x1db/0x2d0
[   24.916933]  ? mempool_uaf_helper+0x392/0x400
[   24.916955]  ? kasan_complete_mode_report_info+0x64/0x200
[   24.916983]  ? mempool_uaf_helper+0x392/0x400
[   24.917005]  kasan_report+0x141/0x180
[   24.917027]  ? mempool_uaf_helper+0x392/0x400
[   24.917054]  __asan_report_load1_noabort+0x18/0x20
[   24.917091]  mempool_uaf_helper+0x392/0x400
[   24.917145]  ? __pfx_mempool_uaf_helper+0x10/0x10
[   24.917174]  mempool_slab_uaf+0xea/0x140
[   24.917197]  ? __pfx_mempool_slab_uaf+0x10/0x10
[   24.917222]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   24.917249]  ? __pfx_mempool_free_slab+0x10/0x10
[   24.917283]  ? __pfx_mempool_slab_uaf+0x10/0x10
[   24.917308]  ? __pfx_mempool_slab_uaf+0x10/0x10
[   24.917333]  kunit_try_run_case+0x1a5/0x480
[   24.917362]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.917386]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.917427]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.917449]  ? __kthread_parkme+0x82/0x180
[   24.917478]  ? preempt_count_sub+0x50/0x80
[   24.917504]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.917529]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.917554]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.917580]  kthread+0x337/0x6f0
[   24.917599]  ? trace_preempt_on+0x20/0xc0
[   24.917625]  ? __pfx_kthread+0x10/0x10
[   24.917646]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.917671]  ? calculate_sigpending+0x7b/0xa0
[   24.917696]  ? __pfx_kthread+0x10/0x10
[   24.917717]  ret_from_fork+0x116/0x1d0
[   24.917738]  ? __pfx_kthread+0x10/0x10
[   24.917758]  ret_from_fork_asm+0x1a/0x30
[   24.917791]  </TASK>
[   24.917804] 
[   24.926103] Allocated by task 280:
[   24.926295]  kasan_save_stack+0x45/0x70
[   24.926498]  kasan_save_track+0x18/0x40
[   24.926824]  kasan_save_alloc_info+0x3b/0x50
[   24.927090]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   24.927271]  remove_element+0x11e/0x190
[   24.927406]  mempool_alloc_preallocated+0x4d/0x90
[   24.927560]  mempool_uaf_helper+0x96/0x400
[   24.927811]  mempool_slab_uaf+0xea/0x140
[   24.928109]  kunit_try_run_case+0x1a5/0x480
[   24.928489]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.928839]  kthread+0x337/0x6f0
[   24.929017]  ret_from_fork+0x116/0x1d0
[   24.929159]  ret_from_fork_asm+0x1a/0x30
[   24.929297] 
[   24.929362] Freed by task 280:
[   24.929470]  kasan_save_stack+0x45/0x70
[   24.929652]  kasan_save_track+0x18/0x40
[   24.929877]  kasan_save_free_info+0x3f/0x60
[   24.930205]  __kasan_mempool_poison_object+0x131/0x1d0
[   24.930448]  mempool_free+0x2ec/0x380
[   24.930617]  mempool_uaf_helper+0x11a/0x400
[   24.930758]  mempool_slab_uaf+0xea/0x140
[   24.930890]  kunit_try_run_case+0x1a5/0x480
[   24.931583]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.931876]  kthread+0x337/0x6f0
[   24.932250]  ret_from_fork+0x116/0x1d0
[   24.932441]  ret_from_fork_asm+0x1a/0x30
[   24.932627] 
[   24.932722] The buggy address belongs to the object at ffff88810602a240
[   24.932722]  which belongs to the cache test_cache of size 123
[   24.933222] The buggy address is located 0 bytes inside of
[   24.933222]  freed 123-byte region [ffff88810602a240, ffff88810602a2bb)
[   24.933768] 
[   24.933919] The buggy address belongs to the physical page:
[   24.934290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602a
[   24.934534] flags: 0x200000000000000(node=0|zone=2)
[   24.935339] page_type: f5(slab)
[   24.935748] raw: 0200000000000000 ffff88810190e780 dead000000000122 0000000000000000
[   24.936456] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   24.936952] page dumped because: kasan: bad access detected
[   24.937366] 
[   24.937468] Memory state around the buggy address:
[   24.937849]  ffff88810602a100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   24.938411]  ffff88810602a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.938800] >ffff88810602a200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   24.939292]                                            ^
[   24.939508]  ffff88810602a280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   24.939821]  ffff88810602a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.940428] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJgQh5RpNnxHn5fYu3cjvVNtfe

job_id

TEST:linaro@lkft#2zJgWLiLp1SzPvoGOQl1Sc7c2xD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJgWLiLp1SzPvoGOQl1Sc7c2xD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/bzImage
sha256sum	c63ce0944f5600b46c12779e7ee07bd3abac22ab6ab0025102b975f86834f461

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJgSomoncXqQ2IeQhGu4P8l5Uz/modules.tar.xz
sha256sum	6bde680c4711a679bf6c233af89c66b0048bd800f61fd1fce42662ca56dcc624

durations

tests

boot	0
kunit	249.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.646987] ==================================================================
[   24.647621] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400
[   24.648044] Read of size 1 at addr ffff88810490b240 by task kunit_try_catch/279
[   24.648472] 
[   24.648588] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   24.648649] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.648811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.648873] Call Trace:
[   24.648889]  <TASK>
[   24.648911]  dump_stack_lvl+0x73/0xb0
[   24.648957]  print_report+0xd1/0x650
[   24.648982]  ? __virt_addr_valid+0x1db/0x2d0
[   24.649007]  ? mempool_uaf_helper+0x392/0x400
[   24.649030]  ? kasan_complete_mode_report_info+0x64/0x200
[   24.649057]  ? mempool_uaf_helper+0x392/0x400
[   24.649078]  kasan_report+0x141/0x180
[   24.649100]  ? mempool_uaf_helper+0x392/0x400
[   24.649127]  __asan_report_load1_noabort+0x18/0x20
[   24.649151]  mempool_uaf_helper+0x392/0x400
[   24.649173]  ? __pfx_mempool_uaf_helper+0x10/0x10
[   24.649198]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.649220]  ? finish_task_switch.isra.0+0x153/0x700
[   24.649246]  mempool_slab_uaf+0xea/0x140
[   24.649268]  ? __pfx_mempool_slab_uaf+0x10/0x10
[   24.649294]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   24.649328]  ? __pfx_mempool_free_slab+0x10/0x10
[   24.649375]  ? __pfx_read_tsc+0x10/0x10
[   24.649398]  ? ktime_get_ts64+0x86/0x230
[   24.649423]  kunit_try_run_case+0x1a5/0x480
[   24.649457]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.649481]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.649522]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.649545]  ? __kthread_parkme+0x82/0x180
[   24.649567]  ? preempt_count_sub+0x50/0x80
[   24.649590]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.649615]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.649640]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.649665]  kthread+0x337/0x6f0
[   24.649744]  ? trace_preempt_on+0x20/0xc0
[   24.649772]  ? __pfx_kthread+0x10/0x10
[   24.649793]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.649818]  ? calculate_sigpending+0x7b/0xa0
[   24.649842]  ? __pfx_kthread+0x10/0x10
[   24.649864]  ret_from_fork+0x116/0x1d0
[   24.649883]  ? __pfx_kthread+0x10/0x10
[   24.649903]  ret_from_fork_asm+0x1a/0x30
[   24.649935]  </TASK>
[   24.649948] 
[   24.660924] Allocated by task 279:
[   24.661101]  kasan_save_stack+0x45/0x70
[   24.661291]  kasan_save_track+0x18/0x40
[   24.661477]  kasan_save_alloc_info+0x3b/0x50
[   24.662219]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   24.662483]  remove_element+0x11e/0x190
[   24.662946]  mempool_alloc_preallocated+0x4d/0x90
[   24.663132]  mempool_uaf_helper+0x96/0x400
[   24.663440]  mempool_slab_uaf+0xea/0x140
[   24.663988]  kunit_try_run_case+0x1a5/0x480
[   24.664196]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.664587]  kthread+0x337/0x6f0
[   24.664739]  ret_from_fork+0x116/0x1d0
[   24.665197]  ret_from_fork_asm+0x1a/0x30
[   24.665523] 
[   24.665620] Freed by task 279:
[   24.665990]  kasan_save_stack+0x45/0x70
[   24.666215]  kasan_save_track+0x18/0x40
[   24.666481]  kasan_save_free_info+0x3f/0x60
[   24.666936]  __kasan_mempool_poison_object+0x131/0x1d0
[   24.667201]  mempool_free+0x2ec/0x380
[   24.667434]  mempool_uaf_helper+0x11a/0x400
[   24.667942]  mempool_slab_uaf+0xea/0x140
[   24.668256]  kunit_try_run_case+0x1a5/0x480
[   24.668460]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.668701]  kthread+0x337/0x6f0
[   24.669051]  ret_from_fork+0x116/0x1d0
[   24.669483]  ret_from_fork_asm+0x1a/0x30
[   24.669802] 
[   24.670031] The buggy address belongs to the object at ffff88810490b240
[   24.670031]  which belongs to the cache test_cache of size 123
[   24.670837] The buggy address is located 0 bytes inside of
[   24.670837]  freed 123-byte region [ffff88810490b240, ffff88810490b2bb)
[   24.671346] 
[   24.671443] The buggy address belongs to the physical page:
[   24.672041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490b
[   24.672459] flags: 0x200000000000000(node=0|zone=2)
[   24.672901] page_type: f5(slab)
[   24.673184] raw: 0200000000000000 ffff8881057ff140 dead000000000122 0000000000000000
[   24.673716] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   24.674196] page dumped because: kasan: bad access detected
[   24.674473] 
[   24.674768] Memory state around the buggy address:
[   24.674954]  ffff88810490b100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   24.675408]  ffff88810490b180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.675900] >ffff88810490b200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   24.676289]                                            ^
[   24.676577]  ffff88810490b280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   24.677006]  ffff88810490b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.677455] ==================================================================
[   24.575335] ==================================================================
[   24.576171] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400
[   24.576934] Read of size 1 at addr ffff888105898300 by task kunit_try_catch/275
[   24.577925] 
[   24.578143] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) 
[   24.578218] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.578232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.578258] Call Trace:
[   24.578272]  <TASK>
[   24.578296]  dump_stack_lvl+0x73/0xb0
[   24.578345]  print_report+0xd1/0x650
[   24.578371]  ? __virt_addr_valid+0x1db/0x2d0
[   24.578397]  ? mempool_uaf_helper+0x392/0x400
[   24.578420]  ? kasan_complete_mode_report_info+0x64/0x200
[   24.578448]  ? mempool_uaf_helper+0x392/0x400
[   24.578471]  kasan_report+0x141/0x180
[   24.578630]  ? mempool_uaf_helper+0x392/0x400
[   24.578662]  __asan_report_load1_noabort+0x18/0x20
[   24.578701]  mempool_uaf_helper+0x392/0x400
[   24.578725]  ? __pfx_mempool_uaf_helper+0x10/0x10
[   24.578748]  ? __kasan_check_write+0x18/0x20
[   24.578772]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.578796]  ? finish_task_switch.isra.0+0x153/0x700
[   24.578824]  mempool_kmalloc_uaf+0xef/0x140
[   24.578845]  ? __pfx_mempool_kmalloc_uaf+0x10/0x10
[   24.578870]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.578894]  ? __pfx_mempool_kfree+0x10/0x10
[   24.578919]  ? __pfx_read_tsc+0x10/0x10
[   24.578942]  ? ktime_get_ts64+0x86/0x230
[   24.578967]  kunit_try_run_case+0x1a5/0x480
[   24.578995]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.579019]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.579042]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.579064]  ? __kthread_parkme+0x82/0x180
[   24.579085]  ? preempt_count_sub+0x50/0x80
[   24.579108]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.579132]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.579157]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.579182]  kthread+0x337/0x6f0
[   24.579202]  ? trace_preempt_on+0x20/0xc0
[   24.579227]  ? __pfx_kthread+0x10/0x10
[   24.579247]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.579271]  ? calculate_sigpending+0x7b/0xa0
[   24.579296]  ? __pfx_kthread+0x10/0x10
[   24.579330]  ret_from_fork+0x116/0x1d0
[   24.579349]  ? __pfx_kthread+0x10/0x10
[   24.579370]  ret_from_fork_asm+0x1a/0x30
[   24.579402]  </TASK>
[   24.579417] 
[   24.596077] Allocated by task 275:
[   24.596345]  kasan_save_stack+0x45/0x70
[   24.596521]  kasan_save_track+0x18/0x40
[   24.596889]  kasan_save_alloc_info+0x3b/0x50
[   24.597378]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   24.597951]  remove_element+0x11e/0x190
[   24.598484]  mempool_alloc_preallocated+0x4d/0x90
[   24.598682]  mempool_uaf_helper+0x96/0x400
[   24.599108]  mempool_kmalloc_uaf+0xef/0x140
[   24.599590]  kunit_try_run_case+0x1a5/0x480
[   24.600030]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.600461]  kthread+0x337/0x6f0
[   24.600815]  ret_from_fork+0x116/0x1d0
[   24.601082]  ret_from_fork_asm+0x1a/0x30
[   24.601217] 
[   24.601283] Freed by task 275:
[   24.601399]  kasan_save_stack+0x45/0x70
[   24.601590]  kasan_save_track+0x18/0x40
[   24.601951]  kasan_save_free_info+0x3f/0x60
[   24.602394]  __kasan_mempool_poison_object+0x131/0x1d0
[   24.602803]  mempool_free+0x2ec/0x380
[   24.603186]  mempool_uaf_helper+0x11a/0x400
[   24.603633]  mempool_kmalloc_uaf+0xef/0x140
[   24.603981]  kunit_try_run_case+0x1a5/0x480
[   24.604128]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.604297]  kthread+0x337/0x6f0
[   24.604426]  ret_from_fork+0x116/0x1d0
[   24.604578]  ret_from_fork_asm+0x1a/0x30
[   24.604708] 
[   24.604838] The buggy address belongs to the object at ffff888105898300
[   24.604838]  which belongs to the cache kmalloc-128 of size 128
[   24.605378] The buggy address is located 0 bytes inside of
[   24.605378]  freed 128-byte region [ffff888105898300, ffff888105898380)
[   24.605938] 
[   24.606072] The buggy address belongs to the physical page:
[   24.606339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898
[   24.606701] flags: 0x200000000000000(node=0|zone=2)
[   24.607094] page_type: f5(slab)
[   24.607273] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.607598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.608050] page dumped because: kasan: bad access detected
[   24.608220] 
[   24.608284] Memory state around the buggy address:
[   24.608513]  ffff888105898200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.608914]  ffff888105898280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.609884] >ffff888105898300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.610172]                    ^
[   24.610371]  ffff888105898380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.610974]  ffff888105898400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.611291] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zJjVuY8CWIlVXTEux5Wdhwbsnl

job_id

TEST:linaro@lkft#2zJjbo5vUf6Wgav2dNg23QBILve

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zJjbo5vUf6Wgav2dNg23QBILve

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/bzImage
sha256sum	4acfb3ef7d1c5960d9bb8d8c6946992d600ffa1a2e100775f86dbb73a7e052b1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zJjY2X2HWOVFakdzDdk9bWjF5Q/modules.tar.xz
sha256sum	9d3b3583400db11d5b102f8eb0fbef431a8d5f7a81319fa4c86c7d93acce21b0

durations

tests

boot	0
kunit	219.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit