lkft/sashal-linus-next - v6.13-rc7-43418-g558c6dd4d863 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper

Date

July 5, 2025, 5:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   20.066143] ==================================================================
[   20.066206] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.066520] Read of size 1 at addr fff00000c792d2bb by task kunit_try_catch/225
[   20.066683] 
[   20.066801] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.066955] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.066982] Hardware name: linux,dummy-virt (DT)
[   20.067014] Call trace:
[   20.067039]  show_stack+0x20/0x38 (C)
[   20.067085]  dump_stack_lvl+0x8c/0xd0
[   20.067131]  print_report+0x118/0x608
[   20.067177]  kasan_report+0xdc/0x128
[   20.067222]  __asan_report_load1_noabort+0x20/0x30
[   20.067271]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.067318]  mempool_slab_oob_right+0xc0/0x118
[   20.067366]  kunit_try_run_case+0x170/0x3f0
[   20.067444]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.067499]  kthread+0x328/0x630
[   20.067635]  ret_from_fork+0x10/0x20
[   20.067942] 
[   20.067965] Allocated by task 225:
[   20.068103]  kasan_save_stack+0x3c/0x68
[   20.068177]  kasan_save_track+0x20/0x40
[   20.068363]  kasan_save_alloc_info+0x40/0x58
[   20.068552]  __kasan_mempool_unpoison_object+0xbc/0x180
[   20.068713]  remove_element+0x16c/0x1f8
[   20.068793]  mempool_alloc_preallocated+0x58/0xc0
[   20.068895]  mempool_oob_right_helper+0x98/0x2f0
[   20.068936]  mempool_slab_oob_right+0xc0/0x118
[   20.068974]  kunit_try_run_case+0x170/0x3f0
[   20.069031]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.069210]  kthread+0x328/0x630
[   20.069242]  ret_from_fork+0x10/0x20
[   20.069322] 
[   20.069405] The buggy address belongs to the object at fff00000c792d240
[   20.069405]  which belongs to the cache test_cache of size 123
[   20.069488] The buggy address is located 0 bytes to the right of
[   20.069488]  allocated 123-byte region [fff00000c792d240, fff00000c792d2bb)
[   20.069659] 
[   20.069681] The buggy address belongs to the physical page:
[   20.069716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10792d
[   20.069839] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.069896] page_type: f5(slab)
[   20.069932] raw: 0bfffe0000000000 fff00000c5ca5dc0 dead000000000122 0000000000000000
[   20.069981] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   20.070020] page dumped because: kasan: bad access detected
[   20.070051] 
[   20.070427] Memory state around the buggy address:
[   20.070644]  fff00000c792d180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.070713]  fff00000c792d200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   20.070784] >fff00000c792d280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   20.070822]                                         ^
[   20.071095]  fff00000c792d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.071142]  fff00000c792d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.071180] ==================================================================
[   20.021842] ==================================================================
[   20.021942] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.022017] Read of size 1 at addr fff00000c6398073 by task kunit_try_catch/221
[   20.022068] 
[   20.022113] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.022196] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.022223] Hardware name: linux,dummy-virt (DT)
[   20.022257] Call trace:
[   20.022281]  show_stack+0x20/0x38 (C)
[   20.022336]  dump_stack_lvl+0x8c/0xd0
[   20.022386]  print_report+0x118/0x608
[   20.022434]  kasan_report+0xdc/0x128
[   20.022480]  __asan_report_load1_noabort+0x20/0x30
[   20.022532]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.022579]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.022628]  kunit_try_run_case+0x170/0x3f0
[   20.022678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.022730]  kthread+0x328/0x630
[   20.022807]  ret_from_fork+0x10/0x20
[   20.022870] 
[   20.022901] Allocated by task 221:
[   20.022932]  kasan_save_stack+0x3c/0x68
[   20.022975]  kasan_save_track+0x20/0x40
[   20.023013]  kasan_save_alloc_info+0x40/0x58
[   20.023054]  __kasan_mempool_unpoison_object+0x11c/0x180
[   20.023098]  remove_element+0x130/0x1f8
[   20.023135]  mempool_alloc_preallocated+0x58/0xc0
[   20.023174]  mempool_oob_right_helper+0x98/0x2f0
[   20.023212]  mempool_kmalloc_oob_right+0xc4/0x120
[   20.023253]  kunit_try_run_case+0x170/0x3f0
[   20.023291]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.023334]  kthread+0x328/0x630
[   20.023367]  ret_from_fork+0x10/0x20
[   20.023403] 
[   20.023427] The buggy address belongs to the object at fff00000c6398000
[   20.023427]  which belongs to the cache kmalloc-128 of size 128
[   20.023485] The buggy address is located 0 bytes to the right of
[   20.023485]  allocated 115-byte region [fff00000c6398000, fff00000c6398073)
[   20.023548] 
[   20.023569] The buggy address belongs to the physical page:
[   20.023603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106398
[   20.023655] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   20.023707] page_type: f5(slab)
[   20.023749] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   20.023798] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.023838] page dumped because: kasan: bad access detected
[   20.023881] 
[   20.023900] Memory state around the buggy address:
[   20.023934]  fff00000c6397f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.023976]  fff00000c6397f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   20.024019] >fff00000c6398000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.024059]                                                              ^
[   20.024098]  fff00000c6398080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.024140]  fff00000c6398100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   20.024178] ==================================================================
[   20.052949] ==================================================================
[   20.053020] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0
[   20.053086] Read of size 1 at addr fff00000c7916001 by task kunit_try_catch/223
[   20.053135] 
[   20.053173] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   20.053257] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.053286] Hardware name: linux,dummy-virt (DT)
[   20.053319] Call trace:
[   20.053343]  show_stack+0x20/0x38 (C)
[   20.053394]  dump_stack_lvl+0x8c/0xd0
[   20.053448]  print_report+0x118/0x608
[   20.053498]  kasan_report+0xdc/0x128
[   20.053543]  __asan_report_load1_noabort+0x20/0x30
[   20.053592]  mempool_oob_right_helper+0x2ac/0x2f0
[   20.053640]  mempool_kmalloc_large_oob_right+0xc4/0x120
[   20.053689]  kunit_try_run_case+0x170/0x3f0
[   20.053739]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.053791]  kthread+0x328/0x630
[   20.053834]  ret_from_fork+0x10/0x20
[   20.053894] 
[   20.053915] The buggy address belongs to the physical page:
[   20.053949] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107914
[   20.054001] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.054049] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.054103] page_type: f8(unknown)
[   20.054141] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.054190] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.054238] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.054287] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   20.054335] head: 0bfffe0000000002 ffffc1ffc31e4501 00000000ffffffff 00000000ffffffff
[   20.054382] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.054424] page dumped because: kasan: bad access detected
[   20.054454] 
[   20.054474] Memory state around the buggy address:
[   20.054505]  fff00000c7915f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.054547]  fff00000c7915f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.054590] >fff00000c7916000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.054627]                    ^
[   20.054653]  fff00000c7916080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.054694]  fff00000c7916100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.054732] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrWDq0bEi1EjtPufprycAKDeO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrWDq0bEi1EjtPufprycAKDeO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/Image.gz
sha256sum	c37d8937dcd7669a560694b12aa880cb8a3fca13f19914a1dd4b319a7759a1c4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/modules.tar.xz
sha256sum	54680ff2ac79b5b7aaf875ee8ccdcad9cb40402efd743a3b1747b89f302da86f

durations

tests

boot	0
kunit	171.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.080762] ==================================================================
[   13.081281] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.081831] Read of size 1 at addr ffff8881038e72bb by task kunit_try_catch/243
[   13.082072] 
[   13.082189] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.082233] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.082245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.082268] Call Trace:
[   13.082282]  <TASK>
[   13.082298]  dump_stack_lvl+0x73/0xb0
[   13.082329]  print_report+0xd1/0x650
[   13.082352]  ? __virt_addr_valid+0x1db/0x2d0
[   13.082376]  ? mempool_oob_right_helper+0x318/0x380
[   13.082400]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.082422]  ? mempool_oob_right_helper+0x318/0x380
[   13.082446]  kasan_report+0x141/0x180
[   13.082481]  ? mempool_oob_right_helper+0x318/0x380
[   13.082509]  __asan_report_load1_noabort+0x18/0x20
[   13.082532]  mempool_oob_right_helper+0x318/0x380
[   13.082556]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.082582]  ? irqentry_exit+0x2a/0x60
[   13.082603]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.082629]  mempool_slab_oob_right+0xed/0x140
[   13.082652]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   13.082678]  ? __pfx_mempool_alloc_slab+0x10/0x10
[   13.082698]  ? __pfx_mempool_free_slab+0x10/0x10
[   13.082719]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   13.082744]  ? __pfx_mempool_slab_oob_right+0x10/0x10
[   13.082769]  kunit_try_run_case+0x1a5/0x480
[   13.082794]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.082815]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.082839]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.082861]  ? __kthread_parkme+0x82/0x180
[   13.082882]  ? preempt_count_sub+0x50/0x80
[   13.082905]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.082929]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.082952]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.082975]  kthread+0x337/0x6f0
[   13.082994]  ? trace_preempt_on+0x20/0xc0
[   13.083017]  ? __pfx_kthread+0x10/0x10
[   13.083037]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.083058]  ? calculate_sigpending+0x7b/0xa0
[   13.083082]  ? __pfx_kthread+0x10/0x10
[   13.083102]  ret_from_fork+0x116/0x1d0
[   13.083121]  ? __pfx_kthread+0x10/0x10
[   13.083141]  ret_from_fork_asm+0x1a/0x30
[   13.083172]  </TASK>
[   13.083182] 
[   13.091158] Allocated by task 243:
[   13.091305]  kasan_save_stack+0x45/0x70
[   13.091514]  kasan_save_track+0x18/0x40
[   13.091705]  kasan_save_alloc_info+0x3b/0x50
[   13.091876]  __kasan_mempool_unpoison_object+0x1bb/0x200
[   13.092054]  remove_element+0x11e/0x190
[   13.092211]  mempool_alloc_preallocated+0x4d/0x90
[   13.092406]  mempool_oob_right_helper+0x8a/0x380
[   13.092600]  mempool_slab_oob_right+0xed/0x140
[   13.092796]  kunit_try_run_case+0x1a5/0x480
[   13.093053]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.093277]  kthread+0x337/0x6f0
[   13.093437]  ret_from_fork+0x116/0x1d0
[   13.093580]  ret_from_fork_asm+0x1a/0x30
[   13.093900] 
[   13.093998] The buggy address belongs to the object at ffff8881038e7240
[   13.093998]  which belongs to the cache test_cache of size 123
[   13.094383] The buggy address is located 0 bytes to the right of
[   13.094383]  allocated 123-byte region [ffff8881038e7240, ffff8881038e72bb)
[   13.094815] 
[   13.094914] The buggy address belongs to the physical page:
[   13.095167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e7
[   13.095533] flags: 0x200000000000000(node=0|zone=2)
[   13.095854] page_type: f5(slab)
[   13.096005] raw: 0200000000000000 ffff888101690a00 dead000000000122 0000000000000000
[   13.096240] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[   13.096522] page dumped because: kasan: bad access detected
[   13.096903] 
[   13.096998] Memory state around the buggy address:
[   13.097223]  ffff8881038e7180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.097557]  ffff8881038e7200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   13.097886] >ffff8881038e7280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc
[   13.098155]                                         ^
[   13.098355]  ffff8881038e7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.098647]  ffff8881038e7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.098994] ==================================================================
[   13.053254] ==================================================================
[   13.054594] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.055146] Read of size 1 at addr ffff88810395a001 by task kunit_try_catch/241
[   13.055842] 
[   13.056142] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.056195] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.056208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.056230] Call Trace:
[   13.056244]  <TASK>
[   13.056262]  dump_stack_lvl+0x73/0xb0
[   13.056294]  print_report+0xd1/0x650
[   13.056317]  ? __virt_addr_valid+0x1db/0x2d0
[   13.056341]  ? mempool_oob_right_helper+0x318/0x380
[   13.056363]  ? kasan_addr_to_slab+0x11/0xa0
[   13.056384]  ? mempool_oob_right_helper+0x318/0x380
[   13.056407]  kasan_report+0x141/0x180
[   13.056428]  ? mempool_oob_right_helper+0x318/0x380
[   13.056470]  __asan_report_load1_noabort+0x18/0x20
[   13.056494]  mempool_oob_right_helper+0x318/0x380
[   13.056518]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.056545]  ? mempool_alloc_preallocated+0x5b/0x90
[   13.056570]  mempool_kmalloc_large_oob_right+0xf2/0x150
[   13.056594]  ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10
[   13.056620]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.056643]  ? __pfx_mempool_kfree+0x10/0x10
[   13.056667]  ? __pfx_read_tsc+0x10/0x10
[   13.056689]  ? ktime_get_ts64+0x86/0x230
[   13.056714]  kunit_try_run_case+0x1a5/0x480
[   13.056738]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.056760]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.056783]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.056806]  ? __kthread_parkme+0x82/0x180
[   13.056826]  ? preempt_count_sub+0x50/0x80
[   13.056850]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.056873]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.056895]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.056918]  kthread+0x337/0x6f0
[   13.056938]  ? trace_preempt_on+0x20/0xc0
[   13.056960]  ? __pfx_kthread+0x10/0x10
[   13.056981]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.057002]  ? calculate_sigpending+0x7b/0xa0
[   13.057027]  ? __pfx_kthread+0x10/0x10
[   13.057047]  ret_from_fork+0x116/0x1d0
[   13.057066]  ? __pfx_kthread+0x10/0x10
[   13.057085]  ret_from_fork_asm+0x1a/0x30
[   13.057117]  </TASK>
[   13.057128] 
[   13.067077] The buggy address belongs to the physical page:
[   13.067705] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   13.068665] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.069192] flags: 0x200000000000040(head|node=0|zone=2)
[   13.069594] page_type: f8(unknown)
[   13.069797] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.070111] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.070585] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.070908] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.071195] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   13.071553] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.071900] page dumped because: kasan: bad access detected
[   13.072137] 
[   13.072226] Memory state around the buggy address:
[   13.072427]  ffff888103959f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.072706]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.073093] >ffff88810395a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.073581]                    ^
[   13.073792]  ffff88810395a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.074107]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.074413] ==================================================================
[   13.024600] ==================================================================
[   13.025094] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380
[   13.025661] Read of size 1 at addr ffff8881031a0973 by task kunit_try_catch/239
[   13.025979] 
[   13.026222] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.026295] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.026312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.026352] Call Trace:
[   13.026368]  <TASK>
[   13.026390]  dump_stack_lvl+0x73/0xb0
[   13.026427]  print_report+0xd1/0x650
[   13.026471]  ? __virt_addr_valid+0x1db/0x2d0
[   13.026503]  ? mempool_oob_right_helper+0x318/0x380
[   13.026532]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.026561]  ? mempool_oob_right_helper+0x318/0x380
[   13.026589]  kasan_report+0x141/0x180
[   13.026613]  ? mempool_oob_right_helper+0x318/0x380
[   13.026647]  __asan_report_load1_noabort+0x18/0x20
[   13.026725]  mempool_oob_right_helper+0x318/0x380
[   13.026756]  ? __pfx_mempool_oob_right_helper+0x10/0x10
[   13.026786]  ? __kasan_check_write+0x18/0x20
[   13.026809]  ? __pfx_sched_clock_cpu+0x10/0x10
[   13.026837]  ? finish_task_switch.isra.0+0x153/0x700
[   13.026868]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.026895]  ? __pfx_mempool_kmalloc_oob_right+0x10/0x10
[   13.026927]  ? __pfx_mempool_kmalloc+0x10/0x10
[   13.026955]  ? __pfx_mempool_kfree+0x10/0x10
[   13.026983]  ? __pfx_read_tsc+0x10/0x10
[   13.027008]  ? ktime_get_ts64+0x86/0x230
[   13.027037]  kunit_try_run_case+0x1a5/0x480
[   13.027067]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.027094]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.027123]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.027151]  ? __kthread_parkme+0x82/0x180
[   13.027176]  ? preempt_count_sub+0x50/0x80
[   13.027262]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.027295]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.027323]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.027353]  kthread+0x337/0x6f0
[   13.027374]  ? trace_preempt_on+0x20/0xc0
[   13.027401]  ? __pfx_kthread+0x10/0x10
[   13.027425]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.027450]  ? calculate_sigpending+0x7b/0xa0
[   13.027490]  ? __pfx_kthread+0x10/0x10
[   13.027515]  ret_from_fork+0x116/0x1d0
[   13.027535]  ? __pfx_kthread+0x10/0x10
[   13.027558]  ret_from_fork_asm+0x1a/0x30
[   13.027593]  </TASK>
[   13.027606] 
[   13.038383] Allocated by task 239:
[   13.038694]  kasan_save_stack+0x45/0x70
[   13.038971]  kasan_save_track+0x18/0x40
[   13.039154]  kasan_save_alloc_info+0x3b/0x50
[   13.039593]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   13.039886]  remove_element+0x11e/0x190
[   13.040068]  mempool_alloc_preallocated+0x4d/0x90
[   13.040674]  mempool_oob_right_helper+0x8a/0x380
[   13.040868]  mempool_kmalloc_oob_right+0xf2/0x150
[   13.041662]  kunit_try_run_case+0x1a5/0x480
[   13.041833]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.042018]  kthread+0x337/0x6f0
[   13.042142]  ret_from_fork+0x116/0x1d0
[   13.042280]  ret_from_fork_asm+0x1a/0x30
[   13.042422] 
[   13.042605] The buggy address belongs to the object at ffff8881031a0900
[   13.042605]  which belongs to the cache kmalloc-128 of size 128
[   13.042981] The buggy address is located 0 bytes to the right of
[   13.042981]  allocated 115-byte region [ffff8881031a0900, ffff8881031a0973)
[   13.043987] 
[   13.044083] The buggy address belongs to the physical page:
[   13.044265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0
[   13.044953] flags: 0x200000000000000(node=0|zone=2)
[   13.045139] page_type: f5(slab)
[   13.045318] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   13.045606] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.046018] page dumped because: kasan: bad access detected
[   13.046784] 
[   13.047136] Memory state around the buggy address:
[   13.047525]  ffff8881031a0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   13.047775]  ffff8881031a0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.048008] >ffff8881031a0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.048233]                                                              ^
[   13.048464]  ffff8881031a0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.048690]  ffff8881031a0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[   13.048915] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrX3orQWFDB1hBYGYI2ScAyiH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrX3orQWFDB1hBYGYI2ScAyiH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/bzImage
sha256sum	4a2ec3783c3fcf44f65d4d40ee2c81be96bf4d87b6db1ab01308c5fbd0723b99

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/modules.tar.xz
sha256sum	9f0760e2bc35f8a8e1fdf686c304d05bf0ea231e498a0100efa46359e97d8474

durations

tests

boot	0
kunit	205.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit