lkft/linux-next-master - next-20250704 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 4, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   31.651390] ==================================================================
[   31.651456] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   31.651533] Read of size 1 at addr fff00000c929f373 by task kunit_try_catch/254
[   31.651584] 
[   31.651630] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   31.651723] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.652180] Hardware name: linux,dummy-virt (DT)
[   31.652287] Call trace:
[   31.652316]  show_stack+0x20/0x38 (C)
[   31.652380]  dump_stack_lvl+0x8c/0xd0
[   31.652431]  print_report+0x118/0x608
[   31.652480]  kasan_report+0xdc/0x128
[   31.652527]  __asan_report_load1_noabort+0x20/0x30
[   31.652577]  mempool_oob_right_helper+0x2ac/0x2f0
[   31.652627]  mempool_kmalloc_oob_right+0xc4/0x120
[   31.652675]  kunit_try_run_case+0x170/0x3f0
[   31.652726]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.652780]  kthread+0x328/0x630
[   31.652826]  ret_from_fork+0x10/0x20
[   31.652877] 
[   31.652907] Allocated by task 254:
[   31.652937]  kasan_save_stack+0x3c/0x68
[   31.652984]  kasan_save_track+0x20/0x40
[   31.653976]  kasan_save_alloc_info+0x40/0x58
[   31.654042]  __kasan_mempool_unpoison_object+0x11c/0x180
[   31.654090]  remove_element+0x130/0x1f8
[   31.654133]  mempool_alloc_preallocated+0x58/0xc0
[   31.654172]  mempool_oob_right_helper+0x98/0x2f0
[   31.654212]  mempool_kmalloc_oob_right+0xc4/0x120
[   31.654272]  kunit_try_run_case+0x170/0x3f0
[   31.654315]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.654360]  kthread+0x328/0x630
[   31.654400]  ret_from_fork+0x10/0x20
[   31.654437] 
[   31.654458] The buggy address belongs to the object at fff00000c929f300
[   31.654458]  which belongs to the cache kmalloc-128 of size 128
[   31.654520] The buggy address is located 0 bytes to the right of
[   31.654520]  allocated 115-byte region [fff00000c929f300, fff00000c929f373)
[   31.654596] 
[   31.654618] The buggy address belongs to the physical page:
[   31.654654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10929f
[   31.654710] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.654765] page_type: f5(slab)
[   31.654810] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   31.654868] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.655526] page dumped because: kasan: bad access detected
[   31.655584] 
[   31.655605] Memory state around the buggy address:
[   31.655642]  fff00000c929f200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.655687]  fff00000c929f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.655959] >fff00000c929f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   31.656078]                                                              ^
[   31.656168]  fff00000c929f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.656357]  fff00000c929f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   31.656528] ==================================================================
[   31.694302] ==================================================================
[   31.694370] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   31.695031] Read of size 1 at addr fff00000c9abc2bb by task kunit_try_catch/258
[   31.695416] 
[   31.695455] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   31.695959] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.696070] Hardware name: linux,dummy-virt (DT)
[   31.696166] Call trace:
[   31.696278]  show_stack+0x20/0x38 (C)
[   31.696484]  dump_stack_lvl+0x8c/0xd0
[   31.696762]  print_report+0x118/0x608
[   31.696816]  kasan_report+0xdc/0x128
[   31.697276]  __asan_report_load1_noabort+0x20/0x30
[   31.697373]  mempool_oob_right_helper+0x2ac/0x2f0
[   31.697424]  mempool_slab_oob_right+0xc0/0x118
[   31.698021]  kunit_try_run_case+0x170/0x3f0
[   31.698592]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.698759]  kthread+0x328/0x630
[   31.698964]  ret_from_fork+0x10/0x20
[   31.699244] 
[   31.699432] Allocated by task 258:
[   31.699659]  kasan_save_stack+0x3c/0x68
[   31.699775]  kasan_save_track+0x20/0x40
[   31.699815]  kasan_save_alloc_info+0x40/0x58
[   31.699853]  __kasan_mempool_unpoison_object+0xbc/0x180
[   31.699909]  remove_element+0x16c/0x1f8
[   31.700617]  mempool_alloc_preallocated+0x58/0xc0
[   31.700691]  mempool_oob_right_helper+0x98/0x2f0
[   31.700732]  mempool_slab_oob_right+0xc0/0x118
[   31.701156]  kunit_try_run_case+0x170/0x3f0
[   31.701207]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.701564]  kthread+0x328/0x630
[   31.701663]  ret_from_fork+0x10/0x20
[   31.701820] 
[   31.701843] The buggy address belongs to the object at fff00000c9abc240
[   31.701843]  which belongs to the cache test_cache of size 123
[   31.702092] The buggy address is located 0 bytes to the right of
[   31.702092]  allocated 123-byte region [fff00000c9abc240, fff00000c9abc2bb)
[   31.702190] 
[   31.702645] The buggy address belongs to the physical page:
[   31.702849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109abc
[   31.703084] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.703183] page_type: f5(slab)
[   31.703342] raw: 0bfffe0000000000 fff00000c3f32500 dead000000000122 0000000000000000
[   31.703591] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   31.703631] page dumped because: kasan: bad access detected
[   31.703663] 
[   31.703681] Memory state around the buggy address:
[   31.704163]  fff00000c9abc180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.704263]  fff00000c9abc200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   31.704414] >fff00000c9abc280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   31.704643]                                         ^
[   31.704684]  fff00000c9abc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.704891]  fff00000c9abc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.704942] ==================================================================
[   31.676791] ==================================================================
[   31.677072] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   31.677130] Read of size 1 at addr fff00000c9bde001 by task kunit_try_catch/256
[   31.677180] 
[   31.677214] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   31.677308] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.677382] Hardware name: linux,dummy-virt (DT)
[   31.677447] Call trace:
[   31.677575]  show_stack+0x20/0x38 (C)
[   31.677717]  dump_stack_lvl+0x8c/0xd0
[   31.677764]  print_report+0x118/0x608
[   31.677810]  kasan_report+0xdc/0x128
[   31.677856]  __asan_report_load1_noabort+0x20/0x30
[   31.677922]  mempool_oob_right_helper+0x2ac/0x2f0
[   31.677972]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   31.678023]  kunit_try_run_case+0x170/0x3f0
[   31.678071]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.678124]  kthread+0x328/0x630
[   31.678165]  ret_from_fork+0x10/0x20
[   31.678214] 
[   31.678327] The buggy address belongs to the physical page:
[   31.678388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109bdc
[   31.678522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.678586] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.678641] page_type: f8(unknown)
[   31.678682] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.678731] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.678781] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.678829] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.678878] head: 0bfffe0000000002 ffffc1ffc326f701 00000000ffffffff 00000000ffffffff
[   31.678938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.678978] page dumped because: kasan: bad access detected
[   31.679009] 
[   31.679029] Memory state around the buggy address:
[   31.679061]  fff00000c9bddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.679105]  fff00000c9bddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.679148] >fff00000c9bde000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.679187]                    ^
[   31.679216]  fff00000c9bde080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.679257]  fff00000c9bde100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.679296] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKilf5MKTJ7lMyJmtgN73Nko7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKilf5MKTJ7lMyJmtgN73Nko7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/Image.gz
sha256sum	4057f87f22aa3a0c494fa56ac397e1d4208c36e40a654cceb81a6ec11e19d6de

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/modules.tar.xz
sha256sum	4bc11cd26c298df52c7ec39846a2a9f44ea5a2eb53067e5bc4040ac2b938e942

durations

tests

boot	0
kunit	164.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   26.501992] ==================================================================
[   26.502818] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.503339] Read of size 1 at addr ffff888105aba2bb by task kunit_try_catch/274
[   26.504063] 
[   26.504302] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   26.504366] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.504382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.504423] Call Trace:
[   26.504441]  <TASK>
[   26.504463]  dump_stack_lvl+0x73/0xb0
[   26.504500]  print_report+0xd1/0x650
[   26.504526]  ? __virt_addr_valid+0x1db/0x2d0
[   26.504554]  ? mempool_oob_right_helper+0x318/0x380
[   26.504580]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.504609]  ? mempool_oob_right_helper+0x318/0x380
[   26.504636]  kasan_report+0x141/0x180
[   26.504661]  ? mempool_oob_right_helper+0x318/0x380
[   26.504692]  __asan_report_load1_noabort+0x18/0x20
[   26.504720]  mempool_oob_right_helper+0x318/0x380
[   26.504746]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.504774]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.504802]  ? finish_task_switch.isra.0+0x153/0x700
[   26.504831]  mempool_slab_oob_right+0xed/0x140
[   26.504857]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   26.504885]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   26.504914]  ? __pfx_mempool_free_slab+0x10/0x10
[   26.504941]  ? __pfx_read_tsc+0x10/0x10
[   26.504968]  ? ktime_get_ts64+0x86/0x230
[   26.504996]  kunit_try_run_case+0x1a5/0x480
[   26.505028]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.505054]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.505083]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.505110]  ? __kthread_parkme+0x82/0x180
[   26.505133]  ? preempt_count_sub+0x50/0x80
[   26.505159]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.505187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.505229]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.505257]  kthread+0x337/0x6f0
[   26.505280]  ? trace_preempt_on+0x20/0xc0
[   26.505309]  ? __pfx_kthread+0x10/0x10
[   26.505331]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.505357]  ? calculate_sigpending+0x7b/0xa0
[   26.505384]  ? __pfx_kthread+0x10/0x10
[   26.505418]  ret_from_fork+0x116/0x1d0
[   26.505440]  ? __pfx_kthread+0x10/0x10
[   26.505465]  ret_from_fork_asm+0x1a/0x30
[   26.505501]  </TASK>
[   26.505516] 
[   26.517816] Allocated by task 274:
[   26.518048]  kasan_save_stack+0x45/0x70
[   26.518369]  kasan_save_track+0x18/0x40
[   26.518719]  kasan_save_alloc_info+0x3b/0x50
[   26.518956]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   26.519524]  remove_element+0x11e/0x190
[   26.519745]  mempool_alloc_preallocated+0x4d/0x90
[   26.520211]  mempool_oob_right_helper+0x8a/0x380
[   26.520569]  mempool_slab_oob_right+0xed/0x140
[   26.520805]  kunit_try_run_case+0x1a5/0x480
[   26.521142]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.521495]  kthread+0x337/0x6f0
[   26.521675]  ret_from_fork+0x116/0x1d0
[   26.521845]  ret_from_fork_asm+0x1a/0x30
[   26.522071] 
[   26.522746] The buggy address belongs to the object at ffff888105aba240
[   26.522746]  which belongs to the cache test_cache of size 123
[   26.523461] The buggy address is located 0 bytes to the right of
[   26.523461]  allocated 123-byte region [ffff888105aba240, ffff888105aba2bb)
[   26.524411] 
[   26.524522] The buggy address belongs to the physical page:
[   26.524717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aba
[   26.525091] flags: 0x200000000000000(node=0|zone=2)
[   26.525358] page_type: f5(slab)
[   26.525731] raw: 0200000000000000 ffff888101d9e640 dead000000000122 0000000000000000
[   26.526174] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   26.526707] page dumped because: kasan: bad access detected
[   26.527583] 
[   26.527693] Memory state around the buggy address:
[   26.527873]  ffff888105aba180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.528243]  ffff888105aba200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   26.528776] >ffff888105aba280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   26.529107]                                         ^
[   26.529499]  ffff888105aba300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.529828]  ffff888105aba380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.530088] ==================================================================
[   26.474719] ==================================================================
[   26.475764] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.476175] Read of size 1 at addr ffff8881062d6001 by task kunit_try_catch/272
[   26.476585] 
[   26.476754] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   26.476845] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.476859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.476886] Call Trace:
[   26.476903]  <TASK>
[   26.476925]  dump_stack_lvl+0x73/0xb0
[   26.476960]  print_report+0xd1/0x650
[   26.476986]  ? __virt_addr_valid+0x1db/0x2d0
[   26.477013]  ? mempool_oob_right_helper+0x318/0x380
[   26.477039]  ? kasan_addr_to_slab+0x11/0xa0
[   26.477065]  ? mempool_oob_right_helper+0x318/0x380
[   26.477091]  kasan_report+0x141/0x180
[   26.477116]  ? mempool_oob_right_helper+0x318/0x380
[   26.477147]  __asan_report_load1_noabort+0x18/0x20
[   26.477174]  mempool_oob_right_helper+0x318/0x380
[   26.477200]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.477226]  ? update_load_avg+0x1be/0x21b0
[   26.477255]  ? dequeue_entities+0x27e/0x1740
[   26.477282]  ? finish_task_switch.isra.0+0x153/0x700
[   26.477311]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   26.477338]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   26.477367]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.477406]  ? __pfx_mempool_kfree+0x10/0x10
[   26.477433]  ? __pfx_read_tsc+0x10/0x10
[   26.477459]  ? ktime_get_ts64+0x86/0x230
[   26.477486]  kunit_try_run_case+0x1a5/0x480
[   26.477518]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.477544]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.477572]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.477600]  ? __kthread_parkme+0x82/0x180
[   26.477623]  ? preempt_count_sub+0x50/0x80
[   26.477648]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.477676]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.477704]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.477731]  kthread+0x337/0x6f0
[   26.477754]  ? trace_preempt_on+0x20/0xc0
[   26.477781]  ? __pfx_kthread+0x10/0x10
[   26.477804]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.477829]  ? calculate_sigpending+0x7b/0xa0
[   26.477857]  ? __pfx_kthread+0x10/0x10
[   26.477897]  ret_from_fork+0x116/0x1d0
[   26.477921]  ? __pfx_kthread+0x10/0x10
[   26.477945]  ret_from_fork_asm+0x1a/0x30
[   26.477979]  </TASK>
[   26.477993] 
[   26.487750] The buggy address belongs to the physical page:
[   26.488656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d4
[   26.489273] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.489701] flags: 0x200000000000040(head|node=0|zone=2)
[   26.490068] page_type: f8(unknown)
[   26.490252] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.490576] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.491149] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.491610] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.492510] head: 0200000000000002 ffffea000418b501 00000000ffffffff 00000000ffffffff
[   26.493106] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.493707] page dumped because: kasan: bad access detected
[   26.493919] 
[   26.494279] Memory state around the buggy address:
[   26.494826]  ffff8881062d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.495425]  ffff8881062d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.495656] >ffff8881062d6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.495872]                    ^
[   26.495998]  ffff8881062d6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.496309]  ffff8881062d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.496971] ==================================================================
[   26.440458] ==================================================================
[   26.440937] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   26.441898] Read of size 1 at addr ffff888105aac673 by task kunit_try_catch/270
[   26.442528] 
[   26.442676] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   26.442914] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.442934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.442963] Call Trace:
[   26.442979]  <TASK>
[   26.443003]  dump_stack_lvl+0x73/0xb0
[   26.443060]  print_report+0xd1/0x650
[   26.443088]  ? __virt_addr_valid+0x1db/0x2d0
[   26.443116]  ? mempool_oob_right_helper+0x318/0x380
[   26.443143]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.443193]  ? mempool_oob_right_helper+0x318/0x380
[   26.443219]  kasan_report+0x141/0x180
[   26.443243]  ? mempool_oob_right_helper+0x318/0x380
[   26.443274]  __asan_report_load1_noabort+0x18/0x20
[   26.443300]  mempool_oob_right_helper+0x318/0x380
[   26.443327]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   26.443355]  ? __kasan_check_write+0x18/0x20
[   26.443380]  ? __pfx_sched_clock_cpu+0x10/0x10
[   26.443421]  ? finish_task_switch.isra.0+0x153/0x700
[   26.443451]  mempool_kmalloc_oob_right+0xf2/0x150
[   26.443477]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   26.443506]  ? __pfx_mempool_kmalloc+0x10/0x10
[   26.443533]  ? __pfx_mempool_kfree+0x10/0x10
[   26.443560]  ? __pfx_read_tsc+0x10/0x10
[   26.443587]  ? ktime_get_ts64+0x86/0x230
[   26.443615]  kunit_try_run_case+0x1a5/0x480
[   26.443647]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.443672]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.443702]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.443729]  ? __kthread_parkme+0x82/0x180
[   26.443753]  ? preempt_count_sub+0x50/0x80
[   26.443778]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.443806]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.443833]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.443860]  kthread+0x337/0x6f0
[   26.443882]  ? trace_preempt_on+0x20/0xc0
[   26.443909]  ? __pfx_kthread+0x10/0x10
[   26.443933]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.443957]  ? calculate_sigpending+0x7b/0xa0
[   26.443986]  ? __pfx_kthread+0x10/0x10
[   26.444011]  ret_from_fork+0x116/0x1d0
[   26.444032]  ? __pfx_kthread+0x10/0x10
[   26.444057]  ret_from_fork_asm+0x1a/0x30
[   26.444093]  </TASK>
[   26.444109] 
[   26.456097] Allocated by task 270:
[   26.456368]  kasan_save_stack+0x45/0x70
[   26.456577]  kasan_save_track+0x18/0x40
[   26.457315]  kasan_save_alloc_info+0x3b/0x50
[   26.457591]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   26.457862]  remove_element+0x11e/0x190
[   26.458313]  mempool_alloc_preallocated+0x4d/0x90
[   26.458577]  mempool_oob_right_helper+0x8a/0x380
[   26.458869]  mempool_kmalloc_oob_right+0xf2/0x150
[   26.459317]  kunit_try_run_case+0x1a5/0x480
[   26.459680]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.460376]  kthread+0x337/0x6f0
[   26.460592]  ret_from_fork+0x116/0x1d0
[   26.460803]  ret_from_fork_asm+0x1a/0x30
[   26.461037] 
[   26.461252] The buggy address belongs to the object at ffff888105aac600
[   26.461252]  which belongs to the cache kmalloc-128 of size 128
[   26.462433] The buggy address is located 0 bytes to the right of
[   26.462433]  allocated 115-byte region [ffff888105aac600, ffff888105aac673)
[   26.463436] 
[   26.463792] The buggy address belongs to the physical page:
[   26.464128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac
[   26.464734] flags: 0x200000000000000(node=0|zone=2)
[   26.465248] page_type: f5(slab)
[   26.465558] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.465874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.466454] page dumped because: kasan: bad access detected
[   26.466710] 
[   26.466810] Memory state around the buggy address:
[   26.467069]  ffff888105aac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.467716]  ffff888105aac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.468107] >ffff888105aac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   26.468609]                                                              ^
[   26.468946]  ffff888105aac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.469297]  ffff888105aac700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   26.469699] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKjpyJJfb0RHWMDdUonKtpYX7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKjpyJJfb0RHWMDdUonKtpYX7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/bzImage
sha256sum	3f0d1ff177ab5ba3055e740ba2cf1227dc4607b95078e840d6a28e4500986f57

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/modules.tar.xz
sha256sum	ead6c26eb094cd2228a8bb228bc9db0774422a83d6a7934109ba6612b5e4d45b

durations

tests

boot	0
kunit	260.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit