lkft/linux-next-master - next-20250708 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 8, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   33.180529] ==================================================================
[   33.180949] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.181022] Read of size 1 at addr fff00000c9b2e001 by task kunit_try_catch/254
[   33.181112] 
[   33.181146] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   33.181243] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.181268] Hardware name: linux,dummy-virt (DT)
[   33.181301] Call trace:
[   33.181324]  show_stack+0x20/0x38 (C)
[   33.181372]  dump_stack_lvl+0x8c/0xd0
[   33.181418]  print_report+0x118/0x5d0
[   33.181641]  kasan_report+0xdc/0x128
[   33.181870]  __asan_report_load1_noabort+0x20/0x30
[   33.181924]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.181972]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   33.182404]  kunit_try_run_case+0x170/0x3f0
[   33.182485]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.182760]  kthread+0x328/0x630
[   33.182989]  ret_from_fork+0x10/0x20
[   33.183315] 
[   33.183471] The buggy address belongs to the physical page:
[   33.183634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b2c
[   33.183866] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.184340] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.184406] page_type: f8(unknown)
[   33.184493] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.184544] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.185013] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.185093] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   33.185145] head: 0bfffe0000000002 ffffc1ffc326cb01 00000000ffffffff 00000000ffffffff
[   33.185193] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.185242] page dumped because: kasan: bad access detected
[   33.185276] 
[   33.185295] Memory state around the buggy address:
[   33.185327]  fff00000c9b2df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.185774]  fff00000c9b2df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.186038] >fff00000c9b2e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.186086]                    ^
[   33.186410]  fff00000c9b2e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.186473]  fff00000c9b2e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.186511] ==================================================================
[   33.204005] ==================================================================
[   33.204091] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.204293] Read of size 1 at addr fff00000c9add2bb by task kunit_try_catch/256
[   33.204447] 
[   33.204487] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   33.204638] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.204666] Hardware name: linux,dummy-virt (DT)
[   33.204860] Call trace:
[   33.205255]  show_stack+0x20/0x38 (C)
[   33.205352]  dump_stack_lvl+0x8c/0xd0
[   33.205596]  print_report+0x118/0x5d0
[   33.205778]  kasan_report+0xdc/0x128
[   33.206002]  __asan_report_load1_noabort+0x20/0x30
[   33.206117]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.206347]  mempool_slab_oob_right+0xc0/0x118
[   33.206445]  kunit_try_run_case+0x170/0x3f0
[   33.206529]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.206803]  kthread+0x328/0x630
[   33.206967]  ret_from_fork+0x10/0x20
[   33.207084] 
[   33.207117] Allocated by task 256:
[   33.207154]  kasan_save_stack+0x3c/0x68
[   33.207233]  kasan_save_track+0x20/0x40
[   33.207273]  kasan_save_alloc_info+0x40/0x58
[   33.207311]  __kasan_mempool_unpoison_object+0xbc/0x180
[   33.207355]  remove_element+0x16c/0x1f8
[   33.207401]  mempool_alloc_preallocated+0x58/0xc0
[   33.207442]  mempool_oob_right_helper+0x98/0x2f0
[   33.207490]  mempool_slab_oob_right+0xc0/0x118
[   33.207532]  kunit_try_run_case+0x170/0x3f0
[   33.207579]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.207632]  kthread+0x328/0x630
[   33.207671]  ret_from_fork+0x10/0x20
[   33.207717] 
[   33.207746] The buggy address belongs to the object at fff00000c9add240
[   33.207746]  which belongs to the cache test_cache of size 123
[   33.207814] The buggy address is located 0 bytes to the right of
[   33.207814]  allocated 123-byte region [fff00000c9add240, fff00000c9add2bb)
[   33.207877] 
[   33.207904] The buggy address belongs to the physical page:
[   33.207954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109add
[   33.208014] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.208075] page_type: f5(slab)
[   33.208116] raw: 0bfffe0000000000 fff00000c9ad53c0 dead000000000122 0000000000000000
[   33.208171] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   33.208401] page dumped because: kasan: bad access detected
[   33.208493] 
[   33.208732] Memory state around the buggy address:
[   33.208945]  fff00000c9add180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.209096]  fff00000c9add200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   33.209167] >fff00000c9add280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   33.209372]                                         ^
[   33.209417]  fff00000c9add300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.209462]  fff00000c9add380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.209501] ==================================================================
[   33.171428] ==================================================================
[   33.171503] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   33.171578] Read of size 1 at addr fff00000c9a9cb73 by task kunit_try_catch/252
[   33.171629] 
[   33.171671] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   33.171760] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.171786] Hardware name: linux,dummy-virt (DT)
[   33.171820] Call trace:
[   33.171846]  show_stack+0x20/0x38 (C)
[   33.171899]  dump_stack_lvl+0x8c/0xd0
[   33.171949]  print_report+0x118/0x5d0
[   33.171998]  kasan_report+0xdc/0x128
[   33.172045]  __asan_report_load1_noabort+0x20/0x30
[   33.172093]  mempool_oob_right_helper+0x2ac/0x2f0
[   33.172142]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.172192]  kunit_try_run_case+0x170/0x3f0
[   33.172261]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.172315]  kthread+0x328/0x630
[   33.172358]  ret_from_fork+0x10/0x20
[   33.172408] 
[   33.172427] Allocated by task 252:
[   33.172458]  kasan_save_stack+0x3c/0x68
[   33.172500]  kasan_save_track+0x20/0x40
[   33.172548]  kasan_save_alloc_info+0x40/0x58
[   33.172616]  __kasan_mempool_unpoison_object+0x11c/0x180
[   33.172680]  remove_element+0x130/0x1f8
[   33.172721]  mempool_alloc_preallocated+0x58/0xc0
[   33.172762]  mempool_oob_right_helper+0x98/0x2f0
[   33.172801]  mempool_kmalloc_oob_right+0xc4/0x120
[   33.172843]  kunit_try_run_case+0x170/0x3f0
[   33.172881]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.172927]  kthread+0x328/0x630
[   33.172970]  ret_from_fork+0x10/0x20
[   33.173006] 
[   33.173026] The buggy address belongs to the object at fff00000c9a9cb00
[   33.173026]  which belongs to the cache kmalloc-128 of size 128
[   33.173086] The buggy address is located 0 bytes to the right of
[   33.173086]  allocated 115-byte region [fff00000c9a9cb00, fff00000c9a9cb73)
[   33.173151] 
[   33.173174] The buggy address belongs to the physical page:
[   33.173219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a9c
[   33.173277] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   33.173329] page_type: f5(slab)
[   33.173372] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   33.173422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.173464] page dumped because: kasan: bad access detected
[   33.173495] 
[   33.173515] Memory state around the buggy address:
[   33.173547]  fff00000c9a9ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.173595]  fff00000c9a9ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.173641] >fff00000c9a9cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.173680]                                                              ^
[   33.173720]  fff00000c9a9cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.173763]  fff00000c9a9cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   33.173802] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadI5o4clKZiIYYjTSUQR6tPrp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadI5o4clKZiIYYjTSUQR6tPrp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/Image.gz
sha256sum	1ceb4687a4dcb5a790d42769a050e5ac78ce871667067fed7f3e7960550875ba

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/modules.tar.xz
sha256sum	3f48606753fbd3c6f5640d868ed22ac5af7831da8fafeb95bd8b8818bbdbc1a9

durations

tests

boot	0
kunit	170.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.838643] ==================================================================
[   24.839562] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   24.840044] Read of size 1 at addr ffff88810632e001 by task kunit_try_catch/271
[   24.840398] 
[   24.840492] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   24.840804] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.840832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.840855] Call Trace:
[   24.840871]  <TASK>
[   24.840891]  dump_stack_lvl+0x73/0xb0
[   24.840922]  print_report+0xd1/0x610
[   24.840946]  ? __virt_addr_valid+0x1db/0x2d0
[   24.840973]  ? mempool_oob_right_helper+0x318/0x380
[   24.840998]  ? kasan_addr_to_slab+0x11/0xa0
[   24.841019]  ? mempool_oob_right_helper+0x318/0x380
[   24.841044]  kasan_report+0x141/0x180
[   24.841067]  ? mempool_oob_right_helper+0x318/0x380
[   24.841097]  __asan_report_load1_noabort+0x18/0x20
[   24.841124]  mempool_oob_right_helper+0x318/0x380
[   24.841150]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   24.841178]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.841207]  ? finish_task_switch.isra.0+0x153/0x700
[   24.841235]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   24.841286]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   24.841324]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.841363]  ? __pfx_mempool_kfree+0x10/0x10
[   24.841391]  ? __pfx_read_tsc+0x10/0x10
[   24.841418]  ? ktime_get_ts64+0x86/0x230
[   24.841446]  kunit_try_run_case+0x1a5/0x480
[   24.841469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.841491]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.841513]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.841542]  ? __kthread_parkme+0x82/0x180
[   24.841565]  ? preempt_count_sub+0x50/0x80
[   24.841589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.841612]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.841639]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.841667]  kthread+0x337/0x6f0
[   24.841689]  ? trace_preempt_on+0x20/0xc0
[   24.841715]  ? __pfx_kthread+0x10/0x10
[   24.841738]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.841778]  ? calculate_sigpending+0x7b/0xa0
[   24.841805]  ? __pfx_kthread+0x10/0x10
[   24.841835]  ret_from_fork+0x116/0x1d0
[   24.841856]  ? __pfx_kthread+0x10/0x10
[   24.841878]  ret_from_fork_asm+0x1a/0x30
[   24.841913]  </TASK>
[   24.841926] 
[   24.853165] The buggy address belongs to the physical page:
[   24.853490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10632c
[   24.853964] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.854331] flags: 0x200000000000040(head|node=0|zone=2)
[   24.854863] page_type: f8(unknown)
[   24.855049] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.855408] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.855727] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.856320] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.856747] head: 0200000000000002 ffffea000418cb01 00000000ffffffff 00000000ffffffff
[   24.857333] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.857740] page dumped because: kasan: bad access detected
[   24.858190] 
[   24.858307] Memory state around the buggy address:
[   24.858677]  ffff88810632df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.859156]  ffff88810632df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.859595] >ffff88810632e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.860108]                    ^
[   24.860301]  ffff88810632e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.860710]  ffff88810632e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.861144] ==================================================================
[   24.865685] ==================================================================
[   24.866252] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   24.866868] Read of size 1 at addr ffff88810620e2bb by task kunit_try_catch/273
[   24.867345] 
[   24.867609] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   24.867670] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.867684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.867710] Call Trace:
[   24.867787]  <TASK>
[   24.867812]  dump_stack_lvl+0x73/0xb0
[   24.867850]  print_report+0xd1/0x610
[   24.867890]  ? __virt_addr_valid+0x1db/0x2d0
[   24.867919]  ? mempool_oob_right_helper+0x318/0x380
[   24.867944]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.867973]  ? mempool_oob_right_helper+0x318/0x380
[   24.867999]  kasan_report+0x141/0x180
[   24.868024]  ? mempool_oob_right_helper+0x318/0x380
[   24.868055]  __asan_report_load1_noabort+0x18/0x20
[   24.868085]  mempool_oob_right_helper+0x318/0x380
[   24.868112]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   24.868139]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.868165]  ? finish_task_switch.isra.0+0x153/0x700
[   24.868194]  mempool_slab_oob_right+0xed/0x140
[   24.868220]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   24.868261]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   24.868290]  ? __pfx_mempool_free_slab+0x10/0x10
[   24.868319]  ? __pfx_read_tsc+0x10/0x10
[   24.868346]  ? ktime_get_ts64+0x86/0x230
[   24.868374]  kunit_try_run_case+0x1a5/0x480
[   24.868401]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.868422]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.868445]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.868476]  ? __kthread_parkme+0x82/0x180
[   24.868498]  ? preempt_count_sub+0x50/0x80
[   24.868523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.868545]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.868573]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.868601]  kthread+0x337/0x6f0
[   24.868624]  ? trace_preempt_on+0x20/0xc0
[   24.868650]  ? __pfx_kthread+0x10/0x10
[   24.868672]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.868700]  ? calculate_sigpending+0x7b/0xa0
[   24.868729]  ? __pfx_kthread+0x10/0x10
[   24.868808]  ret_from_fork+0x116/0x1d0
[   24.868844]  ? __pfx_kthread+0x10/0x10
[   24.868868]  ret_from_fork_asm+0x1a/0x30
[   24.868906]  </TASK>
[   24.868920] 
[   24.879615] Allocated by task 273:
[   24.880290]  kasan_save_stack+0x45/0x70
[   24.880508]  kasan_save_track+0x18/0x40
[   24.880643]  kasan_save_alloc_info+0x3b/0x50
[   24.881099]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   24.881421]  remove_element+0x11e/0x190
[   24.881605]  mempool_alloc_preallocated+0x4d/0x90
[   24.882059]  mempool_oob_right_helper+0x8a/0x380
[   24.882298]  mempool_slab_oob_right+0xed/0x140
[   24.882566]  kunit_try_run_case+0x1a5/0x480
[   24.882756]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.883251]  kthread+0x337/0x6f0
[   24.883490]  ret_from_fork+0x116/0x1d0
[   24.883637]  ret_from_fork_asm+0x1a/0x30
[   24.883925] 
[   24.884041] The buggy address belongs to the object at ffff88810620e240
[   24.884041]  which belongs to the cache test_cache of size 123
[   24.884524] The buggy address is located 0 bytes to the right of
[   24.884524]  allocated 123-byte region [ffff88810620e240, ffff88810620e2bb)
[   24.885646] 
[   24.885744] The buggy address belongs to the physical page:
[   24.886024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10620e
[   24.886381] flags: 0x200000000000000(node=0|zone=2)
[   24.886592] page_type: f5(slab)
[   24.886787] raw: 0200000000000000 ffff888106209140 dead000000000122 0000000000000000
[   24.887110] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   24.887421] page dumped because: kasan: bad access detected
[   24.887644] 
[   24.887718] Memory state around the buggy address:
[   24.887921]  ffff88810620e180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.888812]  ffff88810620e200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   24.889169] >ffff88810620e280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   24.889480]                                         ^
[   24.889687]  ffff88810620e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.890220]  ffff88810620e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.890519] ==================================================================
[   24.809285] ==================================================================
[   24.809804] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   24.810757] Read of size 1 at addr ffff8881059ac973 by task kunit_try_catch/269
[   24.811252] 
[   24.811564] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   24.811625] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.811638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.811663] Call Trace:
[   24.811678]  <TASK>
[   24.811700]  dump_stack_lvl+0x73/0xb0
[   24.811738]  print_report+0xd1/0x610
[   24.812061]  ? __virt_addr_valid+0x1db/0x2d0
[   24.812095]  ? mempool_oob_right_helper+0x318/0x380
[   24.812122]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.812152]  ? mempool_oob_right_helper+0x318/0x380
[   24.812177]  kasan_report+0x141/0x180
[   24.812201]  ? mempool_oob_right_helper+0x318/0x380
[   24.812231]  __asan_report_load1_noabort+0x18/0x20
[   24.812273]  mempool_oob_right_helper+0x318/0x380
[   24.812298]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   24.812324]  ? __kasan_check_write+0x18/0x20
[   24.812351]  ? __pfx_sched_clock_cpu+0x10/0x10
[   24.812375]  ? finish_task_switch.isra.0+0x153/0x700
[   24.812402]  mempool_kmalloc_oob_right+0xf2/0x150
[   24.812427]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   24.812454]  ? __pfx_mempool_kmalloc+0x10/0x10
[   24.812483]  ? __pfx_mempool_kfree+0x10/0x10
[   24.812511]  ? __pfx_read_tsc+0x10/0x10
[   24.812536]  ? ktime_get_ts64+0x86/0x230
[   24.812564]  kunit_try_run_case+0x1a5/0x480
[   24.812589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.812610]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.812633]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.812663]  ? __kthread_parkme+0x82/0x180
[   24.812684]  ? preempt_count_sub+0x50/0x80
[   24.812707]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.812730]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.813021]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.813056]  kthread+0x337/0x6f0
[   24.813079]  ? trace_preempt_on+0x20/0xc0
[   24.813107]  ? __pfx_kthread+0x10/0x10
[   24.813131]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.813159]  ? calculate_sigpending+0x7b/0xa0
[   24.813187]  ? __pfx_kthread+0x10/0x10
[   24.813218]  ret_from_fork+0x116/0x1d0
[   24.813253]  ? __pfx_kthread+0x10/0x10
[   24.813277]  ret_from_fork_asm+0x1a/0x30
[   24.813312]  </TASK>
[   24.813325] 
[   24.824781] Allocated by task 269:
[   24.825190]  kasan_save_stack+0x45/0x70
[   24.825480]  kasan_save_track+0x18/0x40
[   24.825641]  kasan_save_alloc_info+0x3b/0x50
[   24.825864]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   24.826175]  remove_element+0x11e/0x190
[   24.826335]  mempool_alloc_preallocated+0x4d/0x90
[   24.826495]  mempool_oob_right_helper+0x8a/0x380
[   24.826702]  mempool_kmalloc_oob_right+0xf2/0x150
[   24.826982]  kunit_try_run_case+0x1a5/0x480
[   24.827192]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.827460]  kthread+0x337/0x6f0
[   24.827697]  ret_from_fork+0x116/0x1d0
[   24.828012]  ret_from_fork_asm+0x1a/0x30
[   24.828187] 
[   24.828287] The buggy address belongs to the object at ffff8881059ac900
[   24.828287]  which belongs to the cache kmalloc-128 of size 128
[   24.828710] The buggy address is located 0 bytes to the right of
[   24.828710]  allocated 115-byte region [ffff8881059ac900, ffff8881059ac973)
[   24.829680] 
[   24.829865] The buggy address belongs to the physical page:
[   24.830137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac
[   24.830679] flags: 0x200000000000000(node=0|zone=2)
[   24.830972] page_type: f5(slab)
[   24.831137] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   24.831474] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.831925] page dumped because: kasan: bad access detected
[   24.832170] 
[   24.832267] Memory state around the buggy address:
[   24.832533]  ffff8881059ac800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.832785]  ffff8881059ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.833444] >ffff8881059ac900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   24.833878]                                                              ^
[   24.834157]  ffff8881059ac980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.834443]  ffff8881059aca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   24.834764] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadJ2rDp4QF2EanzdxmWx6xbyw

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadJ2rDp4QF2EanzdxmWx6xbyw

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/bzImage
sha256sum	d2e0f1ca9d9f79d7d3d3df8bfa6136f501414ea8fca61dd648f312b7af92ba7e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/modules.tar.xz
sha256sum	ae1650227c5d0061093609bf5a55f56383843ed1e291a338f9fc46e881212983

durations

tests

boot	0
kunit	246.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit