lkft/linux-next-master - next-20250711 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 11, 2025, 10:11 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   39.135661] ==================================================================
[   39.144778] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   39.152325] Write of size 1 at addr ffff0008030fd0eb by task kunit_try_catch/240
[   39.159701] 
[   39.161189] CPU: 3 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   39.161249] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.161267] Hardware name: WinLink E850-96 board (DT)
[   39.161288] Call trace:
[   39.161300]  show_stack+0x20/0x38 (C)
[   39.161339]  dump_stack_lvl+0x8c/0xd0
[   39.161372]  print_report+0x118/0x5d0
[   39.161401]  kasan_report+0xdc/0x128
[   39.161429]  __asan_report_store1_noabort+0x20/0x30
[   39.161464]  krealloc_more_oob_helper+0x60c/0x678
[   39.161499]  krealloc_more_oob+0x20/0x38
[   39.161531]  kunit_try_run_case+0x170/0x3f0
[   39.161570]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.161602]  kthread+0x328/0x630
[   39.161633]  ret_from_fork+0x10/0x20
[   39.161668] 
[   39.229754] Allocated by task 240:
[   39.233141]  kasan_save_stack+0x3c/0x68
[   39.236957]  kasan_save_track+0x20/0x40
[   39.240776]  kasan_save_alloc_info+0x40/0x58
[   39.245030]  __kasan_krealloc+0x118/0x178
[   39.249022]  krealloc_noprof+0x128/0x360
[   39.252929]  krealloc_more_oob_helper+0x168/0x678
[   39.257616]  krealloc_more_oob+0x20/0x38
[   39.261522]  kunit_try_run_case+0x170/0x3f0
[   39.265689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.271158]  kthread+0x328/0x630
[   39.274370]  ret_from_fork+0x10/0x20
[   39.277928] 
[   39.279406] The buggy address belongs to the object at ffff0008030fd000
[   39.279406]  which belongs to the cache kmalloc-256 of size 256
[   39.291908] The buggy address is located 0 bytes to the right of
[   39.291908]  allocated 235-byte region [ffff0008030fd000, ffff0008030fd0eb)
[   39.304838] 
[   39.306316] The buggy address belongs to the physical page:
[   39.311873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830fc
[   39.319857] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.327496] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.334441] page_type: f5(slab)
[   39.337576] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.345295] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.353024] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.360833] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.368646] head: 0bfffe0000000002 fffffdffe00c3f01 00000000ffffffff 00000000ffffffff
[   39.376458] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   39.384264] page dumped because: kasan: bad access detected
[   39.389819] 
[   39.391295] Memory state around the buggy address:
[   39.396074]  ffff0008030fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.403280]  ffff0008030fd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.410485] >ffff0008030fd080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   39.417683]                                                           ^
[   39.424284]  ffff0008030fd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.431489]  ffff0008030fd180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.438691] ==================================================================
[   41.299455] ==================================================================
[   41.308891] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   41.316440] Write of size 1 at addr ffff0008057ce0eb by task kunit_try_catch/244
[   41.323821] 
[   41.325304] CPU: 2 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   41.325362] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.325378] Hardware name: WinLink E850-96 board (DT)
[   41.325401] Call trace:
[   41.325415]  show_stack+0x20/0x38 (C)
[   41.325449]  dump_stack_lvl+0x8c/0xd0
[   41.325482]  print_report+0x118/0x5d0
[   41.325511]  kasan_report+0xdc/0x128
[   41.325536]  __asan_report_store1_noabort+0x20/0x30
[   41.325570]  krealloc_more_oob_helper+0x60c/0x678
[   41.325605]  krealloc_large_more_oob+0x20/0x38
[   41.325637]  kunit_try_run_case+0x170/0x3f0
[   41.325674]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.325706]  kthread+0x328/0x630
[   41.325737]  ret_from_fork+0x10/0x20
[   41.325774] 
[   41.394393] The buggy address belongs to the physical page:
[   41.399949] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8857cc
[   41.407933] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.415572] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.422515] page_type: f8(unknown)
[   41.425912] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.433632] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.441358] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.449170] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.456983] head: 0bfffe0000000002 fffffdffe015f301 00000000ffffffff 00000000ffffffff
[   41.464794] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.472600] page dumped because: kasan: bad access detected
[   41.478156] 
[   41.479631] Memory state around the buggy address:
[   41.484413]  ffff0008057cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.491614]  ffff0008057ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.498822] >ffff0008057ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   41.506020]                                                           ^
[   41.512621]  ffff0008057ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.519825]  ffff0008057ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.527026] ==================================================================
[   39.446147] ==================================================================
[   39.453105] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   39.460652] Write of size 1 at addr ffff0008030fd0f0 by task kunit_try_catch/240
[   39.468030] 
[   39.469514] CPU: 3 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   39.469569] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.469584] Hardware name: WinLink E850-96 board (DT)
[   39.469606] Call trace:
[   39.469618]  show_stack+0x20/0x38 (C)
[   39.469653]  dump_stack_lvl+0x8c/0xd0
[   39.469685]  print_report+0x118/0x5d0
[   39.469715]  kasan_report+0xdc/0x128
[   39.469740]  __asan_report_store1_noabort+0x20/0x30
[   39.469774]  krealloc_more_oob_helper+0x5c0/0x678
[   39.469810]  krealloc_more_oob+0x20/0x38
[   39.469840]  kunit_try_run_case+0x170/0x3f0
[   39.469878]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.469909]  kthread+0x328/0x630
[   39.469937]  ret_from_fork+0x10/0x20
[   39.469973] 
[   39.538081] Allocated by task 240:
[   39.541468]  kasan_save_stack+0x3c/0x68
[   39.545285]  kasan_save_track+0x20/0x40
[   39.549105]  kasan_save_alloc_info+0x40/0x58
[   39.553358]  __kasan_krealloc+0x118/0x178
[   39.557351]  krealloc_noprof+0x128/0x360
[   39.561257]  krealloc_more_oob_helper+0x168/0x678
[   39.565945]  krealloc_more_oob+0x20/0x38
[   39.569851]  kunit_try_run_case+0x170/0x3f0
[   39.574018]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.579486]  kthread+0x328/0x630
[   39.582698]  ret_from_fork+0x10/0x20
[   39.586257] 
[   39.587734] The buggy address belongs to the object at ffff0008030fd000
[   39.587734]  which belongs to the cache kmalloc-256 of size 256
[   39.600234] The buggy address is located 5 bytes to the right of
[   39.600234]  allocated 235-byte region [ffff0008030fd000, ffff0008030fd0eb)
[   39.613168] 
[   39.614644] The buggy address belongs to the physical page:
[   39.620202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8830fc
[   39.628185] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.635825] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.642768] page_type: f5(slab)
[   39.645902] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.653624] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.661350] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.669161] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.676975] head: 0bfffe0000000002 fffffdffe00c3f01 00000000ffffffff 00000000ffffffff
[   39.684786] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   39.692592] page dumped because: kasan: bad access detected
[   39.698148] 
[   39.699624] Memory state around the buggy address:
[   39.704404]  ffff0008030fcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.711606]  ffff0008030fd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.718812] >ffff0008030fd080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   39.726012]                                                              ^
[   39.732873]  ffff0008030fd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.740078]  ffff0008030fd180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.747279] ==================================================================
[   41.534367] ==================================================================
[   41.541442] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   41.548988] Write of size 1 at addr ffff0008057ce0f0 by task kunit_try_catch/244
[   41.556366] 
[   41.557849] CPU: 2 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   41.557900] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.557914] Hardware name: WinLink E850-96 board (DT)
[   41.557934] Call trace:
[   41.557948]  show_stack+0x20/0x38 (C)
[   41.557979]  dump_stack_lvl+0x8c/0xd0
[   41.558011]  print_report+0x118/0x5d0
[   41.558037]  kasan_report+0xdc/0x128
[   41.558063]  __asan_report_store1_noabort+0x20/0x30
[   41.558095]  krealloc_more_oob_helper+0x5c0/0x678
[   41.558128]  krealloc_large_more_oob+0x20/0x38
[   41.558162]  kunit_try_run_case+0x170/0x3f0
[   41.558198]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.558230]  kthread+0x328/0x630
[   41.558260]  ret_from_fork+0x10/0x20
[   41.558294] 
[   41.626940] The buggy address belongs to the physical page:
[   41.632498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8857cc
[   41.640481] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.648121] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.655063] page_type: f8(unknown)
[   41.658460] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.666180] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.673906] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.681718] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.689531] head: 0bfffe0000000002 fffffdffe015f301 00000000ffffffff 00000000ffffffff
[   41.697343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.705149] page dumped because: kasan: bad access detected
[   41.710704] 
[   41.712180] Memory state around the buggy address:
[   41.716961]  ffff0008057cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.724163]  ffff0008057ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.731369] >ffff0008057ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   41.738568]                                                              ^
[   41.745430]  ffff0008057ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.752634]  ffff0008057ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.759836] ==================================================================

Metadata Full log Test run details

[   30.239735] ==================================================================
[   30.240069] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.240268] Write of size 1 at addr fff00000c9a660eb by task kunit_try_catch/191
[   30.240409] 
[   30.240448] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.240531] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.240557] Hardware name: linux,dummy-virt (DT)
[   30.240816] Call trace:
[   30.240851]  show_stack+0x20/0x38 (C)
[   30.240906]  dump_stack_lvl+0x8c/0xd0
[   30.240953]  print_report+0x118/0x5d0
[   30.241332]  kasan_report+0xdc/0x128
[   30.241836]  __asan_report_store1_noabort+0x20/0x30
[   30.242287]  krealloc_more_oob_helper+0x60c/0x678
[   30.242352]  krealloc_large_more_oob+0x20/0x38
[   30.242401]  kunit_try_run_case+0x170/0x3f0
[   30.242448]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.242496]  kthread+0x328/0x630
[   30.243254]  ret_from_fork+0x10/0x20
[   30.243452] 
[   30.243486] The buggy address belongs to the physical page:
[   30.243519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a64
[   30.243604] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.243652] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.243865] page_type: f8(unknown)
[   30.243912] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.243961] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.244008] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.244055] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.244634] head: 0bfffe0000000002 ffffc1ffc3269901 00000000ffffffff 00000000ffffffff
[   30.244887] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.244954] page dumped because: kasan: bad access detected
[   30.245060] 
[   30.245078] Memory state around the buggy address:
[   30.245111]  fff00000c9a65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.245152]  fff00000c9a66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.245248] >fff00000c9a66080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.245821]                                                           ^
[   30.245868]  fff00000c9a66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.245909]  fff00000c9a66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.246015] ==================================================================
[   30.174536] ==================================================================
[   30.174583] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.174745] Write of size 1 at addr fff00000c95548f0 by task kunit_try_catch/187
[   30.174796] 
[   30.174824] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.174926] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.174961] Hardware name: linux,dummy-virt (DT)
[   30.174990] Call trace:
[   30.175012]  show_stack+0x20/0x38 (C)
[   30.175066]  dump_stack_lvl+0x8c/0xd0
[   30.175112]  print_report+0x118/0x5d0
[   30.175179]  kasan_report+0xdc/0x128
[   30.175244]  __asan_report_store1_noabort+0x20/0x30
[   30.175310]  krealloc_more_oob_helper+0x5c0/0x678
[   30.175399]  krealloc_more_oob+0x20/0x38
[   30.175445]  kunit_try_run_case+0x170/0x3f0
[   30.175493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.175803]  kthread+0x328/0x630
[   30.175846]  ret_from_fork+0x10/0x20
[   30.175892] 
[   30.175910] Allocated by task 187:
[   30.175937]  kasan_save_stack+0x3c/0x68
[   30.176038]  kasan_save_track+0x20/0x40
[   30.176077]  kasan_save_alloc_info+0x40/0x58
[   30.176113]  __kasan_krealloc+0x118/0x178
[   30.176152]  krealloc_noprof+0x128/0x360
[   30.176207]  krealloc_more_oob_helper+0x168/0x678
[   30.176267]  krealloc_more_oob+0x20/0x38
[   30.176304]  kunit_try_run_case+0x170/0x3f0
[   30.176369]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.176416]  kthread+0x328/0x630
[   30.176451]  ret_from_fork+0x10/0x20
[   30.176504] 
[   30.176551] The buggy address belongs to the object at fff00000c9554800
[   30.176551]  which belongs to the cache kmalloc-256 of size 256
[   30.176607] The buggy address is located 5 bytes to the right of
[   30.176607]  allocated 235-byte region [fff00000c9554800, fff00000c95548eb)
[   30.176669] 
[   30.176688] The buggy address belongs to the physical page:
[   30.176717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109554
[   30.176785] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.176849] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.177193] page_type: f5(slab)
[   30.177251] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.177316] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.177407] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.177503] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.177565] head: 0bfffe0000000001 ffffc1ffc3255501 00000000ffffffff 00000000ffffffff
[   30.177629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.177667] page dumped because: kasan: bad access detected
[   30.177770] 
[   30.177811] Memory state around the buggy address:
[   30.177888]  fff00000c9554780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.177948]  fff00000c9554800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.178012] >fff00000c9554880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.178047]                                                              ^
[   30.178084]  fff00000c9554900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.178124]  fff00000c9554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.178159] ==================================================================
[   30.247686] ==================================================================
[   30.247734] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.247786] Write of size 1 at addr fff00000c9a660f0 by task kunit_try_catch/191
[   30.247834] 
[   30.247867] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.247948] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.247974] Hardware name: linux,dummy-virt (DT)
[   30.248005] Call trace:
[   30.248027]  show_stack+0x20/0x38 (C)
[   30.248074]  dump_stack_lvl+0x8c/0xd0
[   30.248120]  print_report+0x118/0x5d0
[   30.248162]  kasan_report+0xdc/0x128
[   30.248204]  __asan_report_store1_noabort+0x20/0x30
[   30.248253]  krealloc_more_oob_helper+0x5c0/0x678
[   30.248312]  krealloc_large_more_oob+0x20/0x38
[   30.248384]  kunit_try_run_case+0x170/0x3f0
[   30.248562]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.248621]  kthread+0x328/0x630
[   30.248934]  ret_from_fork+0x10/0x20
[   30.249221] 
[   30.249247] The buggy address belongs to the physical page:
[   30.249500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a64
[   30.249708] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.249892] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.250270] page_type: f8(unknown)
[   30.250339] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.250390] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.250438] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.250681] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.250734] head: 0bfffe0000000002 ffffc1ffc3269901 00000000ffffffff 00000000ffffffff
[   30.250781] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.250818] page dumped because: kasan: bad access detected
[   30.250925] 
[   30.250945] Memory state around the buggy address:
[   30.251035]  fff00000c9a65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.251077]  fff00000c9a66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.251673] >fff00000c9a66080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.251789]                                                              ^
[   30.251874]  fff00000c9a66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.251916]  fff00000c9a66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.251952] ==================================================================
[   30.168845] ==================================================================
[   30.168911] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.168973] Write of size 1 at addr fff00000c95548eb by task kunit_try_catch/187
[   30.169104] 
[   30.169173] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.169352] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.169581] Hardware name: linux,dummy-virt (DT)
[   30.169628] Call trace:
[   30.169652]  show_stack+0x20/0x38 (C)
[   30.169707]  dump_stack_lvl+0x8c/0xd0
[   30.169763]  print_report+0x118/0x5d0
[   30.169806]  kasan_report+0xdc/0x128
[   30.169850]  __asan_report_store1_noabort+0x20/0x30
[   30.169900]  krealloc_more_oob_helper+0x60c/0x678
[   30.170066]  krealloc_more_oob+0x20/0x38
[   30.170144]  kunit_try_run_case+0x170/0x3f0
[   30.170306]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.170411]  kthread+0x328/0x630
[   30.170565]  ret_from_fork+0x10/0x20
[   30.170921] 
[   30.170966] Allocated by task 187:
[   30.171018]  kasan_save_stack+0x3c/0x68
[   30.171142]  kasan_save_track+0x20/0x40
[   30.171207]  kasan_save_alloc_info+0x40/0x58
[   30.171245]  __kasan_krealloc+0x118/0x178
[   30.171595]  krealloc_noprof+0x128/0x360
[   30.171697]  krealloc_more_oob_helper+0x168/0x678
[   30.171821]  krealloc_more_oob+0x20/0x38
[   30.171910]  kunit_try_run_case+0x170/0x3f0
[   30.171948]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.172240]  kthread+0x328/0x630
[   30.172314]  ret_from_fork+0x10/0x20
[   30.172361] 
[   30.172381] The buggy address belongs to the object at fff00000c9554800
[   30.172381]  which belongs to the cache kmalloc-256 of size 256
[   30.172594] The buggy address is located 0 bytes to the right of
[   30.172594]  allocated 235-byte region [fff00000c9554800, fff00000c95548eb)
[   30.172691] 
[   30.172773] The buggy address belongs to the physical page:
[   30.172830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109554
[   30.172940] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.172997] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.173065] page_type: f5(slab)
[   30.173218] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.173313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.173460] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.173509] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.173556] head: 0bfffe0000000001 ffffc1ffc3255501 00000000ffffffff 00000000ffffffff
[   30.173602] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.173640] page dumped because: kasan: bad access detected
[   30.173670] 
[   30.173687] Memory state around the buggy address:
[   30.173719]  fff00000c9554780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.173760]  fff00000c9554800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.173800] >fff00000c9554880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.173835]                                                           ^
[   30.173872]  fff00000c9554900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.173912]  fff00000c9554980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.173948] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizOeD8Jm6gvF6WEX3HpY0Yiv3

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizOeD8Jm6gvF6WEX3HpY0Yiv3

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/Image.gz
sha256sum	37d9d8f3bf88d1e931fe46cf36571593b5a433a5d7333af6ff92cab414d2ee0c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizLHXy0YY4Eb3Uvf7RBZBjPJe/modules.tar.xz
sha256sum	f716ec16fb4ddf54116cb1eb73ee916ed3bd359ff95e4d969af9a161c3cb0a9f

durations

tests

boot	0
kunit	172.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.512161] ==================================================================
[   23.512646] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.512906] Write of size 1 at addr ffff888102b960eb by task kunit_try_catch/210
[   23.513123] 
[   23.513212] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.513264] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.513275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.513297] Call Trace:
[   23.513312]  <TASK>
[   23.513331]  dump_stack_lvl+0x73/0xb0
[   23.513361]  print_report+0xd1/0x610
[   23.513383]  ? __virt_addr_valid+0x1db/0x2d0
[   23.513406]  ? krealloc_more_oob_helper+0x821/0x930
[   23.513429]  ? kasan_addr_to_slab+0x11/0xa0
[   23.513448]  ? krealloc_more_oob_helper+0x821/0x930
[   23.513471]  kasan_report+0x141/0x180
[   23.513492]  ? krealloc_more_oob_helper+0x821/0x930
[   23.513519]  __asan_report_store1_noabort+0x1b/0x30
[   23.513542]  krealloc_more_oob_helper+0x821/0x930
[   23.513564]  ? __schedule+0x10cc/0x2b60
[   23.513587]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.513610]  ? finish_task_switch.isra.0+0x153/0x700
[   23.513632]  ? __switch_to+0x47/0xf80
[   23.513659]  ? __schedule+0x10cc/0x2b60
[   23.513680]  ? __pfx_read_tsc+0x10/0x10
[   23.513704]  krealloc_large_more_oob+0x1c/0x30
[   23.513727]  kunit_try_run_case+0x1a5/0x480
[   23.513762]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.513782]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.513804]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.513827]  ? __kthread_parkme+0x82/0x180
[   23.513847]  ? preempt_count_sub+0x50/0x80
[   23.513870]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.513891]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.513916]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.513940]  kthread+0x337/0x6f0
[   23.513959]  ? trace_preempt_on+0x20/0xc0
[   23.513983]  ? __pfx_kthread+0x10/0x10
[   23.514005]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.514026]  ? calculate_sigpending+0x7b/0xa0
[   23.514050]  ? __pfx_kthread+0x10/0x10
[   23.514071]  ret_from_fork+0x116/0x1d0
[   23.514089]  ? __pfx_kthread+0x10/0x10
[   23.514110]  ret_from_fork_asm+0x1a/0x30
[   23.514140]  </TASK>
[   23.514152] 
[   23.521337] The buggy address belongs to the physical page:
[   23.521532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94
[   23.521967] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.522360] flags: 0x200000000000040(head|node=0|zone=2)
[   23.522657] page_type: f8(unknown)
[   23.522851] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.523111] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.523334] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.523651] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.523999] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff
[   23.524361] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.524667] page dumped because: kasan: bad access detected
[   23.524848] 
[   23.524912] Memory state around the buggy address:
[   23.525117]  ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.525421]  ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.525744] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.526179]                                                           ^
[   23.526704]  ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.527029]  ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.527344] ==================================================================
[   23.338725] ==================================================================
[   23.339262] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.339634] Write of size 1 at addr ffff88810579d8eb by task kunit_try_catch/206
[   23.340177] 
[   23.340279] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.340340] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.340352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.340386] Call Trace:
[   23.340399]  <TASK>
[   23.340418]  dump_stack_lvl+0x73/0xb0
[   23.340464]  print_report+0xd1/0x610
[   23.340488]  ? __virt_addr_valid+0x1db/0x2d0
[   23.340513]  ? krealloc_more_oob_helper+0x821/0x930
[   23.340536]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.340561]  ? krealloc_more_oob_helper+0x821/0x930
[   23.340607]  kasan_report+0x141/0x180
[   23.340628]  ? krealloc_more_oob_helper+0x821/0x930
[   23.340655]  __asan_report_store1_noabort+0x1b/0x30
[   23.340689]  krealloc_more_oob_helper+0x821/0x930
[   23.340711]  ? __schedule+0x10cc/0x2b60
[   23.340745]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.340768]  ? finish_task_switch.isra.0+0x153/0x700
[   23.340791]  ? __switch_to+0x47/0xf80
[   23.340818]  ? __schedule+0x10cc/0x2b60
[   23.340848]  ? __pfx_read_tsc+0x10/0x10
[   23.340873]  krealloc_more_oob+0x1c/0x30
[   23.340894]  kunit_try_run_case+0x1a5/0x480
[   23.340928]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.340948]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.340970]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.340993]  ? __kthread_parkme+0x82/0x180
[   23.341013]  ? preempt_count_sub+0x50/0x80
[   23.341036]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.341065]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.341089]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.341114]  kthread+0x337/0x6f0
[   23.341144]  ? trace_preempt_on+0x20/0xc0
[   23.341167]  ? __pfx_kthread+0x10/0x10
[   23.341188]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.341209]  ? calculate_sigpending+0x7b/0xa0
[   23.341233]  ? __pfx_kthread+0x10/0x10
[   23.341254]  ret_from_fork+0x116/0x1d0
[   23.341273]  ? __pfx_kthread+0x10/0x10
[   23.341294]  ret_from_fork_asm+0x1a/0x30
[   23.341324]  </TASK>
[   23.341336] 
[   23.348723] Allocated by task 206:
[   23.348861]  kasan_save_stack+0x45/0x70
[   23.349000]  kasan_save_track+0x18/0x40
[   23.349184]  kasan_save_alloc_info+0x3b/0x50
[   23.349415]  __kasan_krealloc+0x190/0x1f0
[   23.349695]  krealloc_noprof+0xf3/0x340
[   23.349898]  krealloc_more_oob_helper+0x1a9/0x930
[   23.350131]  krealloc_more_oob+0x1c/0x30
[   23.350331]  kunit_try_run_case+0x1a5/0x480
[   23.350480]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.350800]  kthread+0x337/0x6f0
[   23.350987]  ret_from_fork+0x116/0x1d0
[   23.351161]  ret_from_fork_asm+0x1a/0x30
[   23.351356] 
[   23.351469] The buggy address belongs to the object at ffff88810579d800
[   23.351469]  which belongs to the cache kmalloc-256 of size 256
[   23.351950] The buggy address is located 0 bytes to the right of
[   23.351950]  allocated 235-byte region [ffff88810579d800, ffff88810579d8eb)
[   23.352489] 
[   23.352576] The buggy address belongs to the physical page:
[   23.352818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c
[   23.353165] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.353423] flags: 0x200000000000040(head|node=0|zone=2)
[   23.353597] page_type: f5(slab)
[   23.353715] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.353949] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.354303] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.354706] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.355048] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff
[   23.355407] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.355741] page dumped because: kasan: bad access detected
[   23.355949] 
[   23.356013] Memory state around the buggy address:
[   23.356163]  ffff88810579d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.356379]  ffff88810579d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.357274] >ffff88810579d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.358288]                                                           ^
[   23.358926]  ffff88810579d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.359247]  ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.359952] ==================================================================
[   23.361382] ==================================================================
[   23.361993] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.362424] Write of size 1 at addr ffff88810579d8f0 by task kunit_try_catch/206
[   23.362779] 
[   23.362910] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.362958] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.362969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.363002] Call Trace:
[   23.363029]  <TASK>
[   23.363046]  dump_stack_lvl+0x73/0xb0
[   23.363079]  print_report+0xd1/0x610
[   23.363112]  ? __virt_addr_valid+0x1db/0x2d0
[   23.363138]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.363161]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.363186]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.363209]  kasan_report+0x141/0x180
[   23.363230]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.363257]  __asan_report_store1_noabort+0x1b/0x30
[   23.363281]  krealloc_more_oob_helper+0x7eb/0x930
[   23.363302]  ? __schedule+0x10cc/0x2b60
[   23.363335]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.363358]  ? finish_task_switch.isra.0+0x153/0x700
[   23.363391]  ? __switch_to+0x47/0xf80
[   23.363426]  ? __schedule+0x10cc/0x2b60
[   23.363447]  ? __pfx_read_tsc+0x10/0x10
[   23.363472]  krealloc_more_oob+0x1c/0x30
[   23.363492]  kunit_try_run_case+0x1a5/0x480
[   23.363516]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.363536]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.363560]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.363582]  ? __kthread_parkme+0x82/0x180
[   23.363612]  ? preempt_count_sub+0x50/0x80
[   23.363634]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.363655]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.363690]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.363714]  kthread+0x337/0x6f0
[   23.363744]  ? trace_preempt_on+0x20/0xc0
[   23.363769]  ? __pfx_kthread+0x10/0x10
[   23.363798]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.363819]  ? calculate_sigpending+0x7b/0xa0
[   23.363844]  ? __pfx_kthread+0x10/0x10
[   23.363875]  ret_from_fork+0x116/0x1d0
[   23.363894]  ? __pfx_kthread+0x10/0x10
[   23.363914]  ret_from_fork_asm+0x1a/0x30
[   23.363945]  </TASK>
[   23.363956] 
[   23.371678] Allocated by task 206:
[   23.371861]  kasan_save_stack+0x45/0x70
[   23.372044]  kasan_save_track+0x18/0x40
[   23.372237]  kasan_save_alloc_info+0x3b/0x50
[   23.372443]  __kasan_krealloc+0x190/0x1f0
[   23.372640]  krealloc_noprof+0xf3/0x340
[   23.372825]  krealloc_more_oob_helper+0x1a9/0x930
[   23.373054]  krealloc_more_oob+0x1c/0x30
[   23.373223]  kunit_try_run_case+0x1a5/0x480
[   23.373443]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.373677]  kthread+0x337/0x6f0
[   23.373857]  ret_from_fork+0x116/0x1d0
[   23.373999]  ret_from_fork_asm+0x1a/0x30
[   23.374205] 
[   23.374276] The buggy address belongs to the object at ffff88810579d800
[   23.374276]  which belongs to the cache kmalloc-256 of size 256
[   23.374826] The buggy address is located 5 bytes to the right of
[   23.374826]  allocated 235-byte region [ffff88810579d800, ffff88810579d8eb)
[   23.375275] 
[   23.375341] The buggy address belongs to the physical page:
[   23.375511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c
[   23.375753] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.376082] flags: 0x200000000000040(head|node=0|zone=2)
[   23.376368] page_type: f5(slab)
[   23.376564] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.376917] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.377245] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.377621] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.377855] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff
[   23.378078] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.378404] page dumped because: kasan: bad access detected
[   23.378661] 
[   23.378779] Memory state around the buggy address:
[   23.378999]  ffff88810579d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.379332]  ffff88810579d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.379781] >ffff88810579d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.380040]                                                              ^
[   23.380344]  ffff88810579d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.380600]  ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.380885] ==================================================================
[   23.527853] ==================================================================
[   23.528075] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.528695] Write of size 1 at addr ffff888102b960f0 by task kunit_try_catch/210
[   23.529462] 
[   23.529590] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.529638] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.529650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.529670] Call Trace:
[   23.529687]  <TASK>
[   23.529703]  dump_stack_lvl+0x73/0xb0
[   23.529749]  print_report+0xd1/0x610
[   23.529771]  ? __virt_addr_valid+0x1db/0x2d0
[   23.529794]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.529816]  ? kasan_addr_to_slab+0x11/0xa0
[   23.529836]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.529859]  kasan_report+0x141/0x180
[   23.529880]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.529907]  __asan_report_store1_noabort+0x1b/0x30
[   23.529931]  krealloc_more_oob_helper+0x7eb/0x930
[   23.529952]  ? __schedule+0x10cc/0x2b60
[   23.529975]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.529999]  ? finish_task_switch.isra.0+0x153/0x700
[   23.530020]  ? __switch_to+0x47/0xf80
[   23.530046]  ? __schedule+0x10cc/0x2b60
[   23.530067]  ? __pfx_read_tsc+0x10/0x10
[   23.530092]  krealloc_large_more_oob+0x1c/0x30
[   23.530113]  kunit_try_run_case+0x1a5/0x480
[   23.530136]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.530155]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.530177]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.530200]  ? __kthread_parkme+0x82/0x180
[   23.530220]  ? preempt_count_sub+0x50/0x80
[   23.530243]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.530264]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.530608]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.530635]  kthread+0x337/0x6f0
[   23.530655]  ? trace_preempt_on+0x20/0xc0
[   23.530678]  ? __pfx_kthread+0x10/0x10
[   23.530699]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.530720]  ? calculate_sigpending+0x7b/0xa0
[   23.530758]  ? __pfx_kthread+0x10/0x10
[   23.530779]  ret_from_fork+0x116/0x1d0
[   23.530798]  ? __pfx_kthread+0x10/0x10
[   23.530819]  ret_from_fork_asm+0x1a/0x30
[   23.530850]  </TASK>
[   23.530860] 
[   23.538627] The buggy address belongs to the physical page:
[   23.538817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94
[   23.539172] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.539821] flags: 0x200000000000040(head|node=0|zone=2)
[   23.540010] page_type: f8(unknown)
[   23.540131] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.540435] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.540795] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.541133] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.541378] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff
[   23.541802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.542141] page dumped because: kasan: bad access detected
[   23.542356] 
[   23.542446] Memory state around the buggy address:
[   23.542634]  ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.542925]  ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.543511] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.543801]                                                              ^
[   23.544001]  ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.544205]  ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.544577] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zizK5DpLdiSo5JTRmUPvSCnGxG

job_id

TEST:linaro@lkft#2zizPosnQ5rY23goGLqjSSGUMDT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zizPosnQ5rY23goGLqjSSGUMDT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/bzImage
sha256sum	0b86f8183e71d185ecf48e91daf338a38748221ed84c99d5fcc0aff2fb4fe4d2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zizMF2TFo5wqp9ExxxKcu7DMgd/modules.tar.xz
sha256sum	1cecf8a22d53cbe6f1135ddb095fc53e6fe8ebbda902547c47910320c1d5aa61

durations

tests

boot	0
kunit	220.78

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit