lkft/linux-next-master - next-20250714 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 14, 2025, 10:38 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   39.403911] ==================================================================
[   39.410780] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   39.418326] Write of size 1 at addr ffff000804a77ef0 by task kunit_try_catch/240
[   39.425704] 
[   39.427189] CPU: 3 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   39.427241] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.427257] Hardware name: WinLink E850-96 board (DT)
[   39.427276] Call trace:
[   39.427289]  show_stack+0x20/0x38 (C)
[   39.427323]  dump_stack_lvl+0x8c/0xd0
[   39.427355]  print_report+0x118/0x5d0
[   39.427386]  kasan_report+0xdc/0x128
[   39.427413]  __asan_report_store1_noabort+0x20/0x30
[   39.427447]  krealloc_more_oob_helper+0x5c0/0x678
[   39.427483]  krealloc_more_oob+0x20/0x38
[   39.427514]  kunit_try_run_case+0x170/0x3f0
[   39.427549]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.427581]  kthread+0x328/0x630
[   39.427611]  ret_from_fork+0x10/0x20
[   39.427645] 
[   39.495755] Allocated by task 240:
[   39.499143]  kasan_save_stack+0x3c/0x68
[   39.502959]  kasan_save_track+0x20/0x40
[   39.506779]  kasan_save_alloc_info+0x40/0x58
[   39.511033]  __kasan_krealloc+0x118/0x178
[   39.515025]  krealloc_noprof+0x128/0x360
[   39.518932]  krealloc_more_oob_helper+0x168/0x678
[   39.523619]  krealloc_more_oob+0x20/0x38
[   39.527525]  kunit_try_run_case+0x170/0x3f0
[   39.531691]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.537160]  kthread+0x328/0x630
[   39.540372]  ret_from_fork+0x10/0x20
[   39.543931] 
[   39.545408] The buggy address belongs to the object at ffff000804a77e00
[   39.545408]  which belongs to the cache kmalloc-256 of size 256
[   39.557910] The buggy address is located 5 bytes to the right of
[   39.557910]  allocated 235-byte region [ffff000804a77e00, ffff000804a77eeb)
[   39.570841] 
[   39.572319] The buggy address belongs to the physical page:
[   39.577876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x884a74
[   39.585858] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.593500] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.600441] page_type: f5(slab)
[   39.603577] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.611298] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.619024] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.626836] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.634649] head: 0bfffe0000000002 fffffdffe0129d01 00000000ffffffff 00000000ffffffff
[   39.642461] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   39.650266] page dumped because: kasan: bad access detected
[   39.655822] 
[   39.657297] Memory state around the buggy address:
[   39.662077]  ffff000804a77d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.669282]  ffff000804a77e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.676485] >ffff000804a77e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   39.683686]                                                              ^
[   39.690547]  ffff000804a77f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.697752]  ffff000804a77f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.704953] ==================================================================
[   39.952469] ==================================================================
[   39.962247] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   39.969793] Write of size 1 at addr ffff000804a7a0eb by task kunit_try_catch/244
[   39.977173] 
[   39.978657] CPU: 3 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   39.978713] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.978730] Hardware name: WinLink E850-96 board (DT)
[   39.978752] Call trace:
[   39.978764]  show_stack+0x20/0x38 (C)
[   39.978800]  dump_stack_lvl+0x8c/0xd0
[   39.978834]  print_report+0x118/0x5d0
[   39.978865]  kasan_report+0xdc/0x128
[   39.978893]  __asan_report_store1_noabort+0x20/0x30
[   39.978929]  krealloc_more_oob_helper+0x60c/0x678
[   39.978962]  krealloc_large_more_oob+0x20/0x38
[   39.978994]  kunit_try_run_case+0x170/0x3f0
[   39.979034]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.979064]  kthread+0x328/0x630
[   39.979093]  ret_from_fork+0x10/0x20
[   39.979126] 
[   40.047746] The buggy address belongs to the physical page:
[   40.053304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x884a78
[   40.061286] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.068926] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.075869] page_type: f8(unknown)
[   40.079266] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.086985] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.094711] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.102523] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.110336] head: 0bfffe0000000002 fffffdffe0129e01 00000000ffffffff 00000000ffffffff
[   40.118148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.125955] page dumped because: kasan: bad access detected
[   40.131509] 
[   40.132986] Memory state around the buggy address:
[   40.137765]  ffff000804a79f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.144967]  ffff000804a7a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.152174] >ffff000804a7a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   40.159373]                                                           ^
[   40.165974]  ffff000804a7a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.173179]  ffff000804a7a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.180381] ==================================================================
[   40.187900] ==================================================================
[   40.194795] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   40.202342] Write of size 1 at addr ffff000804a7a0f0 by task kunit_try_catch/244
[   40.209720] 
[   40.211205] CPU: 3 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   40.211257] Tainted: [B]=BAD_PAGE, [N]=TEST
[   40.211275] Hardware name: WinLink E850-96 board (DT)
[   40.211292] Call trace:
[   40.211305]  show_stack+0x20/0x38 (C)
[   40.211340]  dump_stack_lvl+0x8c/0xd0
[   40.211373]  print_report+0x118/0x5d0
[   40.211401]  kasan_report+0xdc/0x128
[   40.211432]  __asan_report_store1_noabort+0x20/0x30
[   40.211465]  krealloc_more_oob_helper+0x5c0/0x678
[   40.211498]  krealloc_large_more_oob+0x20/0x38
[   40.211530]  kunit_try_run_case+0x170/0x3f0
[   40.211568]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   40.211599]  kthread+0x328/0x630
[   40.211628]  ret_from_fork+0x10/0x20
[   40.211661] 
[   40.280294] The buggy address belongs to the physical page:
[   40.285851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x884a78
[   40.293835] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.301473] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   40.308416] page_type: f8(unknown)
[   40.311814] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.319533] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.327260] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   40.335072] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   40.342885] head: 0bfffe0000000002 fffffdffe0129e01 00000000ffffffff 00000000ffffffff
[   40.350697] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   40.358502] page dumped because: kasan: bad access detected
[   40.364058] 
[   40.365533] Memory state around the buggy address:
[   40.370312]  ffff000804a79f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.377516]  ffff000804a7a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.384722] >ffff000804a7a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   40.391922]                                                              ^
[   40.398783]  ffff000804a7a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.405988]  ffff000804a7a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   40.413189] ==================================================================
[   39.093302] ==================================================================
[   39.102453] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   39.109997] Write of size 1 at addr ffff000804a77eeb by task kunit_try_catch/240
[   39.117375] 
[   39.118861] CPU: 3 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   39.118918] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.118935] Hardware name: WinLink E850-96 board (DT)
[   39.118958] Call trace:
[   39.118973]  show_stack+0x20/0x38 (C)
[   39.119008]  dump_stack_lvl+0x8c/0xd0
[   39.119044]  print_report+0x118/0x5d0
[   39.119075]  kasan_report+0xdc/0x128
[   39.119102]  __asan_report_store1_noabort+0x20/0x30
[   39.119137]  krealloc_more_oob_helper+0x60c/0x678
[   39.119171]  krealloc_more_oob+0x20/0x38
[   39.119200]  kunit_try_run_case+0x170/0x3f0
[   39.119236]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.119267]  kthread+0x328/0x630
[   39.119294]  ret_from_fork+0x10/0x20
[   39.119329] 
[   39.187428] Allocated by task 240:
[   39.190815]  kasan_save_stack+0x3c/0x68
[   39.194631]  kasan_save_track+0x20/0x40
[   39.198452]  kasan_save_alloc_info+0x40/0x58
[   39.202704]  __kasan_krealloc+0x118/0x178
[   39.206696]  krealloc_noprof+0x128/0x360
[   39.210603]  krealloc_more_oob_helper+0x168/0x678
[   39.215290]  krealloc_more_oob+0x20/0x38
[   39.219197]  kunit_try_run_case+0x170/0x3f0
[   39.223363]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.228832]  kthread+0x328/0x630
[   39.232043]  ret_from_fork+0x10/0x20
[   39.235602] 
[   39.237080] The buggy address belongs to the object at ffff000804a77e00
[   39.237080]  which belongs to the cache kmalloc-256 of size 256
[   39.249581] The buggy address is located 0 bytes to the right of
[   39.249581]  allocated 235-byte region [ffff000804a77e00, ffff000804a77eeb)
[   39.262512] 
[   39.263990] The buggy address belongs to the physical page:
[   39.269548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x884a74
[   39.277531] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.285171] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.292114] page_type: f5(slab)
[   39.295249] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.302969] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.310696] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.318507] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.326320] head: 0bfffe0000000002 fffffdffe0129d01 00000000ffffffff 00000000ffffffff
[   39.334132] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   39.341939] page dumped because: kasan: bad access detected
[   39.347493] 
[   39.348970] Memory state around the buggy address:
[   39.353749]  ffff000804a77d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.360953]  ffff000804a77e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.368156] >ffff000804a77e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   39.375357]                                                           ^
[   39.381958]  ffff000804a77f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.389163]  ffff000804a77f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.396364] ==================================================================

Metadata Full log Test run details

[   29.497207] ==================================================================
[   29.497262] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.497317] Write of size 1 at addr fff00000c9b060f0 by task kunit_try_catch/191
[   29.497364] 
[   29.497399] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.497515] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.497543] Hardware name: linux,dummy-virt (DT)
[   29.497574] Call trace:
[   29.497603]  show_stack+0x20/0x38 (C)
[   29.497655]  dump_stack_lvl+0x8c/0xd0
[   29.497703]  print_report+0x118/0x5d0
[   29.497745]  kasan_report+0xdc/0x128
[   29.498086]  __asan_report_store1_noabort+0x20/0x30
[   29.498332]  krealloc_more_oob_helper+0x5c0/0x678
[   29.498456]  krealloc_large_more_oob+0x20/0x38
[   29.498559]  kunit_try_run_case+0x170/0x3f0
[   29.498677]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.498726]  kthread+0x328/0x630
[   29.498768]  ret_from_fork+0x10/0x20
[   29.498818] 
[   29.498839] The buggy address belongs to the physical page:
[   29.498991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   29.499161] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.499319] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.499471] page_type: f8(unknown)
[   29.499528] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.499689] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.499773] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.500057] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.500240] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   29.500408] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.500473] page dumped because: kasan: bad access detected
[   29.500570] 
[   29.500635] Memory state around the buggy address:
[   29.500684]  fff00000c9b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.500726]  fff00000c9b06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.500766] >fff00000c9b06080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.500802]                                                              ^
[   29.500866]  fff00000c9b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.500907]  fff00000c9b06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.500943] ==================================================================
[   29.421835] ==================================================================
[   29.421904] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.421968] Write of size 1 at addr fff00000c96880eb by task kunit_try_catch/187
[   29.422017] 
[   29.422066] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.422149] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.422175] Hardware name: linux,dummy-virt (DT)
[   29.422208] Call trace:
[   29.422496]  show_stack+0x20/0x38 (C)
[   29.422635]  dump_stack_lvl+0x8c/0xd0
[   29.422962]  print_report+0x118/0x5d0
[   29.423332]  kasan_report+0xdc/0x128
[   29.423742]  __asan_report_store1_noabort+0x20/0x30
[   29.424384]  krealloc_more_oob_helper+0x60c/0x678
[   29.424440]  krealloc_more_oob+0x20/0x38
[   29.424487]  kunit_try_run_case+0x170/0x3f0
[   29.424536]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.424939]  kthread+0x328/0x630
[   29.425158]  ret_from_fork+0x10/0x20
[   29.425230] 
[   29.425308] Allocated by task 187:
[   29.425396]  kasan_save_stack+0x3c/0x68
[   29.425450]  kasan_save_track+0x20/0x40
[   29.425488]  kasan_save_alloc_info+0x40/0x58
[   29.425524]  __kasan_krealloc+0x118/0x178
[   29.425950]  krealloc_noprof+0x128/0x360
[   29.425991]  krealloc_more_oob_helper+0x168/0x678
[   29.426031]  krealloc_more_oob+0x20/0x38
[   29.426077]  kunit_try_run_case+0x170/0x3f0
[   29.426137]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.426243]  kthread+0x328/0x630
[   29.426291]  ret_from_fork+0x10/0x20
[   29.426373] 
[   29.426441] The buggy address belongs to the object at fff00000c9688000
[   29.426441]  which belongs to the cache kmalloc-256 of size 256
[   29.426498] The buggy address is located 0 bytes to the right of
[   29.426498]  allocated 235-byte region [fff00000c9688000, fff00000c96880eb)
[   29.426618] 
[   29.426695] The buggy address belongs to the physical page:
[   29.426727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109688
[   29.426968] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.427032] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.427110] page_type: f5(slab)
[   29.427152] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.427682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.427765] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.427992] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.428234] head: 0bfffe0000000001 ffffc1ffc325a201 00000000ffffffff 00000000ffffffff
[   29.428284] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.428566] page dumped because: kasan: bad access detected
[   29.428605] 
[   29.428624] Memory state around the buggy address:
[   29.428663]  fff00000c9687f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.428710]  fff00000c9688000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.428751] >fff00000c9688080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.428814]                                                           ^
[   29.428853]  fff00000c9688100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.428894]  fff00000c9688180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.428930] ==================================================================
[   29.490706] ==================================================================
[   29.490774] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.490839] Write of size 1 at addr fff00000c9b060eb by task kunit_try_catch/191
[   29.491028] 
[   29.491123] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.491774] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.491915] Hardware name: linux,dummy-virt (DT)
[   29.491948] Call trace:
[   29.491971]  show_stack+0x20/0x38 (C)
[   29.492025]  dump_stack_lvl+0x8c/0xd0
[   29.492090]  print_report+0x118/0x5d0
[   29.492251]  kasan_report+0xdc/0x128
[   29.492294]  __asan_report_store1_noabort+0x20/0x30
[   29.492355]  krealloc_more_oob_helper+0x60c/0x678
[   29.492727]  krealloc_large_more_oob+0x20/0x38
[   29.492778]  kunit_try_run_case+0x170/0x3f0
[   29.492828]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.492877]  kthread+0x328/0x630
[   29.492919]  ret_from_fork+0x10/0x20
[   29.493172] 
[   29.493198] The buggy address belongs to the physical page:
[   29.493329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b04
[   29.493452] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.493622] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.493677] page_type: f8(unknown)
[   29.493719] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.493767] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.493822] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.493951] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.494124] head: 0bfffe0000000002 ffffc1ffc326c101 00000000ffffffff 00000000ffffffff
[   29.494313] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.494397] page dumped because: kasan: bad access detected
[   29.494499] 
[   29.494517] Memory state around the buggy address:
[   29.494566]  fff00000c9b05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.494608]  fff00000c9b06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.494725] >fff00000c9b06080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.494890]                                                           ^
[   29.494927]  fff00000c9b06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.494968]  fff00000c9b06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.495386] ==================================================================
[   29.430301] ==================================================================
[   29.430600] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.431127] Write of size 1 at addr fff00000c96880f0 by task kunit_try_catch/187
[   29.431253] 
[   29.431428] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250714 #1 PREEMPT 
[   29.431566] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.431591] Hardware name: linux,dummy-virt (DT)
[   29.431622] Call trace:
[   29.431644]  show_stack+0x20/0x38 (C)
[   29.431699]  dump_stack_lvl+0x8c/0xd0
[   29.431778]  print_report+0x118/0x5d0
[   29.431964]  kasan_report+0xdc/0x128
[   29.432080]  __asan_report_store1_noabort+0x20/0x30
[   29.432129]  krealloc_more_oob_helper+0x5c0/0x678
[   29.432229]  krealloc_more_oob+0x20/0x38
[   29.432647]  kunit_try_run_case+0x170/0x3f0
[   29.432701]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.432912]  kthread+0x328/0x630
[   29.432959]  ret_from_fork+0x10/0x20
[   29.433045] 
[   29.433151] Allocated by task 187:
[   29.433189]  kasan_save_stack+0x3c/0x68
[   29.433448]  kasan_save_track+0x20/0x40
[   29.433490]  kasan_save_alloc_info+0x40/0x58
[   29.433526]  __kasan_krealloc+0x118/0x178
[   29.433563]  krealloc_noprof+0x128/0x360
[   29.433608]  krealloc_more_oob_helper+0x168/0x678
[   29.433657]  krealloc_more_oob+0x20/0x38
[   29.433693]  kunit_try_run_case+0x170/0x3f0
[   29.433959]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.434159]  kthread+0x328/0x630
[   29.434229]  ret_from_fork+0x10/0x20
[   29.434265] 
[   29.434284] The buggy address belongs to the object at fff00000c9688000
[   29.434284]  which belongs to the cache kmalloc-256 of size 256
[   29.434351] The buggy address is located 5 bytes to the right of
[   29.434351]  allocated 235-byte region [fff00000c9688000, fff00000c96880eb)
[   29.434451] 
[   29.434506] The buggy address belongs to the physical page:
[   29.434541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109688
[   29.434592] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.434802] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.435094] page_type: f5(slab)
[   29.435233] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.435376] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.435425] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.435472] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.435733] head: 0bfffe0000000001 ffffc1ffc325a201 00000000ffffffff 00000000ffffffff
[   29.435785] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.435824] page dumped because: kasan: bad access detected
[   29.435925] 
[   29.435943] Memory state around the buggy address:
[   29.436021]  fff00000c9687f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.436100]  fff00000c9688000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.436201] >fff00000c9688080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.436237]                                                              ^
[   29.436275]  fff00000c9688100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.436769]  fff00000c9688180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.436832] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW4gkgpPvPvyu1JhrLI5SfZ9n

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW4gkgpPvPvyu1JhrLI5SfZ9n

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/Image.gz
sha256sum	f1b1de68ab66795221ea7af2c885166039edc905709ae2b868dbc429ffb32d0d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW17i5CHwMjQFrMEumC4tgHQD/modules.tar.xz
sha256sum	94a5b5b8edfcc1ec8f65ff9d692207a782ba849df77dd9baa05c20bf5972d8f6

durations

tests

boot	0
kunit	174.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.036872] ==================================================================
[   24.037355] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.038503] Write of size 1 at addr ffff88810587a0f0 by task kunit_try_catch/209
[   24.039605] 
[   24.039964] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   24.040023] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.040037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.040059] Call Trace:
[   24.040078]  <TASK>
[   24.040099]  dump_stack_lvl+0x73/0xb0
[   24.040137]  print_report+0xd1/0x610
[   24.040161]  ? __virt_addr_valid+0x1db/0x2d0
[   24.040184]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.040206]  ? kasan_addr_to_slab+0x11/0xa0
[   24.040226]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.040248]  kasan_report+0x141/0x180
[   24.040268]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.040294]  __asan_report_store1_noabort+0x1b/0x30
[   24.040317]  krealloc_more_oob_helper+0x7eb/0x930
[   24.040339]  ? __schedule+0x10cc/0x2b60
[   24.040362]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.040384]  ? finish_task_switch.isra.0+0x153/0x700
[   24.040406]  ? __switch_to+0x47/0xf80
[   24.040431]  ? __schedule+0x10cc/0x2b60
[   24.040452]  ? __pfx_read_tsc+0x10/0x10
[   24.040475]  krealloc_large_more_oob+0x1c/0x30
[   24.040497]  kunit_try_run_case+0x1a5/0x480
[   24.040519]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.040538]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.040560]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.040583]  ? __kthread_parkme+0x82/0x180
[   24.040603]  ? preempt_count_sub+0x50/0x80
[   24.040625]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.040645]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.040682]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.040706]  kthread+0x337/0x6f0
[   24.040725]  ? trace_preempt_on+0x20/0xc0
[   24.040749]  ? __pfx_kthread+0x10/0x10
[   24.040769]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.040790]  ? calculate_sigpending+0x7b/0xa0
[   24.040813]  ? __pfx_kthread+0x10/0x10
[   24.040834]  ret_from_fork+0x116/0x1d0
[   24.040852]  ? __pfx_kthread+0x10/0x10
[   24.040873]  ret_from_fork_asm+0x1a/0x30
[   24.040904]  </TASK>
[   24.040915] 
[   24.052011] The buggy address belongs to the physical page:
[   24.052267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878
[   24.052558] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.053096] flags: 0x200000000000040(head|node=0|zone=2)
[   24.053343] page_type: f8(unknown)
[   24.053510] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.053758] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.054321] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.054585] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.054928] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff
[   24.055262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.055534] page dumped because: kasan: bad access detected
[   24.055728] 
[   24.055890] Memory state around the buggy address:
[   24.056433]  ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.056732]  ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.057119] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.057391]                                                              ^
[   24.057646]  ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.057880]  ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.058325] ==================================================================
[   23.819068] ==================================================================
[   23.820103] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.820520] Write of size 1 at addr ffff888103d996eb by task kunit_try_catch/205
[   23.821415] 
[   23.821646] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.821754] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.821768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.821792] Call Trace:
[   23.821808]  <TASK>
[   23.821828]  dump_stack_lvl+0x73/0xb0
[   23.821866]  print_report+0xd1/0x610
[   23.821889]  ? __virt_addr_valid+0x1db/0x2d0
[   23.821912]  ? krealloc_more_oob_helper+0x821/0x930
[   23.821995]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.822021]  ? krealloc_more_oob_helper+0x821/0x930
[   23.822059]  kasan_report+0x141/0x180
[   23.822080]  ? krealloc_more_oob_helper+0x821/0x930
[   23.822107]  __asan_report_store1_noabort+0x1b/0x30
[   23.822130]  krealloc_more_oob_helper+0x821/0x930
[   23.822151]  ? __schedule+0x10cc/0x2b60
[   23.822175]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.822198]  ? finish_task_switch.isra.0+0x153/0x700
[   23.822220]  ? __switch_to+0x47/0xf80
[   23.822246]  ? __schedule+0x10cc/0x2b60
[   23.822267]  ? __pfx_read_tsc+0x10/0x10
[   23.822291]  krealloc_more_oob+0x1c/0x30
[   23.822312]  kunit_try_run_case+0x1a5/0x480
[   23.822334]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.822354]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.822376]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.822398]  ? __kthread_parkme+0x82/0x180
[   23.822418]  ? preempt_count_sub+0x50/0x80
[   23.822440]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.822460]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.822484]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.822508]  kthread+0x337/0x6f0
[   23.822528]  ? trace_preempt_on+0x20/0xc0
[   23.822551]  ? __pfx_kthread+0x10/0x10
[   23.822571]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.822592]  ? calculate_sigpending+0x7b/0xa0
[   23.822616]  ? __pfx_kthread+0x10/0x10
[   23.822636]  ret_from_fork+0x116/0x1d0
[   23.822655]  ? __pfx_kthread+0x10/0x10
[   23.822694]  ret_from_fork_asm+0x1a/0x30
[   23.822725]  </TASK>
[   23.822754] 
[   23.836347] Allocated by task 205:
[   23.836734]  kasan_save_stack+0x45/0x70
[   23.837196]  kasan_save_track+0x18/0x40
[   23.837673]  kasan_save_alloc_info+0x3b/0x50
[   23.838089]  __kasan_krealloc+0x190/0x1f0
[   23.838516]  krealloc_noprof+0xf3/0x340
[   23.838885]  krealloc_more_oob_helper+0x1a9/0x930
[   23.839384]  krealloc_more_oob+0x1c/0x30
[   23.839845]  kunit_try_run_case+0x1a5/0x480
[   23.840269]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.840819]  kthread+0x337/0x6f0
[   23.841033]  ret_from_fork+0x116/0x1d0
[   23.841179]  ret_from_fork_asm+0x1a/0x30
[   23.841483] 
[   23.841655] The buggy address belongs to the object at ffff888103d99600
[   23.841655]  which belongs to the cache kmalloc-256 of size 256
[   23.842832] The buggy address is located 0 bytes to the right of
[   23.842832]  allocated 235-byte region [ffff888103d99600, ffff888103d996eb)
[   23.843977] 
[   23.844145] The buggy address belongs to the physical page:
[   23.844733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d98
[   23.845184] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.845880] flags: 0x200000000000040(head|node=0|zone=2)
[   23.846121] page_type: f5(slab)
[   23.846330] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.846993] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.847761] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.848447] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.848700] head: 0200000000000001 ffffea00040f6601 00000000ffffffff 00000000ffffffff
[   23.849353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.850052] page dumped because: kasan: bad access detected
[   23.850627] 
[   23.850795] Memory state around the buggy address:
[   23.851279]  ffff888103d99580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.851698]  ffff888103d99600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.852412] >ffff888103d99680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.852876]                                                           ^
[   23.853292]  ffff888103d99700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.853685]  ffff888103d99780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.854364] ==================================================================
[   23.855130] ==================================================================
[   23.855516] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.856069] Write of size 1 at addr ffff888103d996f0 by task kunit_try_catch/205
[   23.856851] 
[   23.857079] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   23.857134] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.857148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.857171] Call Trace:
[   23.857186]  <TASK>
[   23.857205]  dump_stack_lvl+0x73/0xb0
[   23.857239]  print_report+0xd1/0x610
[   23.857263]  ? __virt_addr_valid+0x1db/0x2d0
[   23.857286]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.857309]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.857334]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.857356]  kasan_report+0x141/0x180
[   23.857376]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.857403]  __asan_report_store1_noabort+0x1b/0x30
[   23.857426]  krealloc_more_oob_helper+0x7eb/0x930
[   23.857447]  ? __schedule+0x10cc/0x2b60
[   23.857470]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.857493]  ? finish_task_switch.isra.0+0x153/0x700
[   23.857515]  ? __switch_to+0x47/0xf80
[   23.857541]  ? __schedule+0x10cc/0x2b60
[   23.857562]  ? __pfx_read_tsc+0x10/0x10
[   23.857586]  krealloc_more_oob+0x1c/0x30
[   23.857615]  kunit_try_run_case+0x1a5/0x480
[   23.857638]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.857677]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.857701]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.857723]  ? __kthread_parkme+0x82/0x180
[   23.857744]  ? preempt_count_sub+0x50/0x80
[   23.857775]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.857796]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.857820]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.857844]  kthread+0x337/0x6f0
[   23.857864]  ? trace_preempt_on+0x20/0xc0
[   23.857887]  ? __pfx_kthread+0x10/0x10
[   23.857907]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.857928]  ? calculate_sigpending+0x7b/0xa0
[   23.857964]  ? __pfx_kthread+0x10/0x10
[   23.857985]  ret_from_fork+0x116/0x1d0
[   23.858004]  ? __pfx_kthread+0x10/0x10
[   23.858025]  ret_from_fork_asm+0x1a/0x30
[   23.858060]  </TASK>
[   23.858071] 
[   23.868305] Allocated by task 205:
[   23.868794]  kasan_save_stack+0x45/0x70
[   23.869035]  kasan_save_track+0x18/0x40
[   23.869311]  kasan_save_alloc_info+0x3b/0x50
[   23.869525]  __kasan_krealloc+0x190/0x1f0
[   23.869727]  krealloc_noprof+0xf3/0x340
[   23.869932]  krealloc_more_oob_helper+0x1a9/0x930
[   23.870227]  krealloc_more_oob+0x1c/0x30
[   23.870429]  kunit_try_run_case+0x1a5/0x480
[   23.870740]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.871056]  kthread+0x337/0x6f0
[   23.871219]  ret_from_fork+0x116/0x1d0
[   23.871464]  ret_from_fork_asm+0x1a/0x30
[   23.871638] 
[   23.871726] The buggy address belongs to the object at ffff888103d99600
[   23.871726]  which belongs to the cache kmalloc-256 of size 256
[   23.872323] The buggy address is located 5 bytes to the right of
[   23.872323]  allocated 235-byte region [ffff888103d99600, ffff888103d996eb)
[   23.872735] 
[   23.872800] The buggy address belongs to the physical page:
[   23.873201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d98
[   23.873566] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.874353] flags: 0x200000000000040(head|node=0|zone=2)
[   23.874644] page_type: f5(slab)
[   23.874898] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.875344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.875614] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.875924] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.876259] head: 0200000000000001 ffffea00040f6601 00000000ffffffff 00000000ffffffff
[   23.876614] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.877089] page dumped because: kasan: bad access detected
[   23.877414] 
[   23.877521] Memory state around the buggy address:
[   23.877688]  ffff888103d99580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.877917]  ffff888103d99600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.878356] >ffff888103d99680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.878722]                                                              ^
[   23.879001]  ffff888103d99700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.879616]  ffff888103d99780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.880122] ==================================================================
[   24.004347] ==================================================================
[   24.005588] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.005911] Write of size 1 at addr ffff88810587a0eb by task kunit_try_catch/209
[   24.006683] 
[   24.006862] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) 
[   24.006919] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   24.006933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.006957] Call Trace:
[   24.006971]  <TASK>
[   24.006991]  dump_stack_lvl+0x73/0xb0
[   24.007026]  print_report+0xd1/0x610
[   24.007049]  ? __virt_addr_valid+0x1db/0x2d0
[   24.007074]  ? krealloc_more_oob_helper+0x821/0x930
[   24.007096]  ? kasan_addr_to_slab+0x11/0xa0
[   24.007116]  ? krealloc_more_oob_helper+0x821/0x930
[   24.007138]  kasan_report+0x141/0x180
[   24.007159]  ? krealloc_more_oob_helper+0x821/0x930
[   24.007185]  __asan_report_store1_noabort+0x1b/0x30
[   24.007209]  krealloc_more_oob_helper+0x821/0x930
[   24.007230]  ? __schedule+0x10cc/0x2b60
[   24.007253]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.007275]  ? finish_task_switch.isra.0+0x153/0x700
[   24.007298]  ? __switch_to+0x47/0xf80
[   24.007325]  ? __schedule+0x10cc/0x2b60
[   24.007346]  ? __pfx_read_tsc+0x10/0x10
[   24.007370]  krealloc_large_more_oob+0x1c/0x30
[   24.007392]  kunit_try_run_case+0x1a5/0x480
[   24.007416]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.007438]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.007460]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.007483]  ? __kthread_parkme+0x82/0x180
[   24.007503]  ? preempt_count_sub+0x50/0x80
[   24.007525]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.007546]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.007570]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.007594]  kthread+0x337/0x6f0
[   24.007613]  ? trace_preempt_on+0x20/0xc0
[   24.007639]  ? __pfx_kthread+0x10/0x10
[   24.007670]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.007692]  ? calculate_sigpending+0x7b/0xa0
[   24.007771]  ? __pfx_kthread+0x10/0x10
[   24.007792]  ret_from_fork+0x116/0x1d0
[   24.007811]  ? __pfx_kthread+0x10/0x10
[   24.007931]  ret_from_fork_asm+0x1a/0x30
[   24.007966]  </TASK>
[   24.007977] 
[   24.023884] The buggy address belongs to the physical page:
[   24.024434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878
[   24.025211] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.025981] flags: 0x200000000000040(head|node=0|zone=2)
[   24.026497] page_type: f8(unknown)
[   24.026824] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.027623] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.028316] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.028556] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.028822] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff
[   24.029471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.030197] page dumped because: kasan: bad access detected
[   24.030734] 
[   24.030904] Memory state around the buggy address:
[   24.031375]  ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.031999]  ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.032567] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.033520]                                                           ^
[   24.033754]  ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.034508]  ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.035867] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zrVzYzOpEW4XHiYds9jEwikFK7

job_id

TEST:linaro@lkft#2zrW5XeyUzOSFr9BpBP7b7OYkHS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zrW5XeyUzOSFr9BpBP7b7OYkHS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/bzImage
sha256sum	4565f21e261caec61f0904b87ff9eab2fa750b37970854db3ef378370e96c96a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zrW2SH9xrBCbgawOpHg8puHqCe/modules.tar.xz
sha256sum	25191cedf68988510c88d39b245d9f83740d3133c412cf5e2b129a6de7adb415

durations

tests

boot	0
kunit	230.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit