lkft/linux-next-master - next-20250715 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64

[   41.197351] ==================================================================
[   41.206694] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   41.214240] Write of size 1 at addr ffff0008050620eb by task kunit_try_catch/241
[   41.221618] 
[   41.223104] CPU: 3 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   41.223157] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.223173] Hardware name: WinLink E850-96 board (DT)
[   41.223191] Call trace:
[   41.223205]  show_stack+0x20/0x38 (C)
[   41.223238]  dump_stack_lvl+0x8c/0xd0
[   41.223273]  print_report+0x118/0x5d0
[   41.223303]  kasan_report+0xdc/0x128
[   41.223328]  __asan_report_store1_noabort+0x20/0x30
[   41.223362]  krealloc_more_oob_helper+0x60c/0x678
[   41.223394]  krealloc_large_more_oob+0x20/0x38
[   41.223424]  kunit_try_run_case+0x170/0x3f0
[   41.223455]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.223490]  kthread+0x328/0x630
[   41.223516]  ret_from_fork+0x10/0x20
[   41.223549] 
[   41.292193] The buggy address belongs to the physical page:
[   41.297750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885060
[   41.305733] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.313373] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.320314] page_type: f8(unknown)
[   41.323712] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.331432] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.339160] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.346970] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.354783] head: 0bfffe0000000002 fffffdffe0141801 00000000ffffffff 00000000ffffffff
[   41.362595] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.370403] page dumped because: kasan: bad access detected
[   41.375956] 
[   41.377431] Memory state around the buggy address:
[   41.382216]  ffff000805061f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.389414]  ffff000805062000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.396621] >ffff000805062080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   41.403820]                                                           ^
[   41.410421]  ffff000805062100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.417626]  ffff000805062180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.424828] ==================================================================
[   41.432329] ==================================================================
[   41.439239] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   41.446790] Write of size 1 at addr ffff0008050620f0 by task kunit_try_catch/241
[   41.454166] 
[   41.455652] CPU: 3 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   41.455704] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.455718] Hardware name: WinLink E850-96 board (DT)
[   41.455737] Call trace:
[   41.455750]  show_stack+0x20/0x38 (C)
[   41.455782]  dump_stack_lvl+0x8c/0xd0
[   41.455818]  print_report+0x118/0x5d0
[   41.455847]  kasan_report+0xdc/0x128
[   41.455871]  __asan_report_store1_noabort+0x20/0x30
[   41.455902]  krealloc_more_oob_helper+0x5c0/0x678
[   41.455934]  krealloc_large_more_oob+0x20/0x38
[   41.455966]  kunit_try_run_case+0x170/0x3f0
[   41.455996]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   41.456029]  kthread+0x328/0x630
[   41.456061]  ret_from_fork+0x10/0x20
[   41.456092] 
[   41.524740] The buggy address belongs to the physical page:
[   41.530300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885060
[   41.538282] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   41.545922] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   41.552863] page_type: f8(unknown)
[   41.556261] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.563980] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.571707] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   41.579518] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   41.587331] head: 0bfffe0000000002 fffffdffe0141801 00000000ffffffff 00000000ffffffff
[   41.595143] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   41.602952] page dumped because: kasan: bad access detected
[   41.608504] 
[   41.609980] Memory state around the buggy address:
[   41.614762]  ffff000805061f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.621963]  ffff000805062000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.629168] >ffff000805062080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   41.636369]                                                              ^
[   41.643230]  ffff000805062100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.650435]  ffff000805062180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   41.657636] ==================================================================
[   39.033478] ==================================================================
[   39.042577] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   39.050125] Write of size 1 at addr ffff0008050582eb by task kunit_try_catch/237
[   39.057501] 
[   39.058987] CPU: 3 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   39.059043] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.059058] Hardware name: WinLink E850-96 board (DT)
[   39.059079] Call trace:
[   39.059091]  show_stack+0x20/0x38 (C)
[   39.059125]  dump_stack_lvl+0x8c/0xd0
[   39.059159]  print_report+0x118/0x5d0
[   39.059186]  kasan_report+0xdc/0x128
[   39.059212]  __asan_report_store1_noabort+0x20/0x30
[   39.059245]  krealloc_more_oob_helper+0x60c/0x678
[   39.059278]  krealloc_more_oob+0x20/0x38
[   39.059309]  kunit_try_run_case+0x170/0x3f0
[   39.059340]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.059374]  kthread+0x328/0x630
[   39.059402]  ret_from_fork+0x10/0x20
[   39.059436] 
[   39.127554] Allocated by task 237:
[   39.130941]  kasan_save_stack+0x3c/0x68
[   39.134757]  kasan_save_track+0x20/0x40
[   39.138576]  kasan_save_alloc_info+0x40/0x58
[   39.142830]  __kasan_krealloc+0x118/0x178
[   39.146824]  krealloc_noprof+0x128/0x360
[   39.150729]  krealloc_more_oob_helper+0x168/0x678
[   39.155416]  krealloc_more_oob+0x20/0x38
[   39.159322]  kunit_try_run_case+0x170/0x3f0
[   39.163489]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.168958]  kthread+0x328/0x630
[   39.172170]  ret_from_fork+0x10/0x20
[   39.175728] 
[   39.177207] The buggy address belongs to the object at ffff000805058200
[   39.177207]  which belongs to the cache kmalloc-256 of size 256
[   39.189707] The buggy address is located 0 bytes to the right of
[   39.189707]  allocated 235-byte region [ffff000805058200, ffff0008050582eb)
[   39.202637] 
[   39.204118] The buggy address belongs to the physical page:
[   39.209674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885058
[   39.217657] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.225297] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.232240] page_type: f5(slab)
[   39.235375] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.243095] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.250823] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.258633] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.266446] head: 0bfffe0000000002 fffffdffe0141601 00000000ffffffff 00000000ffffffff
[   39.274258] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   39.282065] page dumped because: kasan: bad access detected
[   39.287619] 
[   39.289094] Memory state around the buggy address:
[   39.293874]  ffff000805058180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.301079]  ffff000805058200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.308282] >ffff000805058280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   39.315483]                                                           ^
[   39.322084]  ffff000805058300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.329289]  ffff000805058380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.336491] ==================================================================
[   39.343824] ==================================================================
[   39.350903] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   39.358453] Write of size 1 at addr ffff0008050582f0 by task kunit_try_catch/237
[   39.365829] 
[   39.367315] CPU: 3 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   39.367369] Tainted: [B]=BAD_PAGE, [N]=TEST
[   39.367384] Hardware name: WinLink E850-96 board (DT)
[   39.367404] Call trace:
[   39.367418]  show_stack+0x20/0x38 (C)
[   39.367451]  dump_stack_lvl+0x8c/0xd0
[   39.367485]  print_report+0x118/0x5d0
[   39.367512]  kasan_report+0xdc/0x128
[   39.367537]  __asan_report_store1_noabort+0x20/0x30
[   39.367567]  krealloc_more_oob_helper+0x5c0/0x678
[   39.367600]  krealloc_more_oob+0x20/0x38
[   39.367629]  kunit_try_run_case+0x170/0x3f0
[   39.367657]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.367690]  kthread+0x328/0x630
[   39.367714]  ret_from_fork+0x10/0x20
[   39.367745] 
[   39.435881] Allocated by task 237:
[   39.439268]  kasan_save_stack+0x3c/0x68
[   39.443086]  kasan_save_track+0x20/0x40
[   39.446905]  kasan_save_alloc_info+0x40/0x58
[   39.451159]  __kasan_krealloc+0x118/0x178
[   39.455152]  krealloc_noprof+0x128/0x360
[   39.459058]  krealloc_more_oob_helper+0x168/0x678
[   39.463745]  krealloc_more_oob+0x20/0x38
[   39.467651]  kunit_try_run_case+0x170/0x3f0
[   39.471818]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   39.477286]  kthread+0x328/0x630
[   39.480498]  ret_from_fork+0x10/0x20
[   39.484057] 
[   39.485534] The buggy address belongs to the object at ffff000805058200
[   39.485534]  which belongs to the cache kmalloc-256 of size 256
[   39.498033] The buggy address is located 5 bytes to the right of
[   39.498033]  allocated 235-byte region [ffff000805058200, ffff0008050582eb)
[   39.510966] 
[   39.512444] The buggy address belongs to the physical page:
[   39.518001] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885058
[   39.525987] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.533623] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   39.540568] page_type: f5(slab)
[   39.543702] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.551424] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.559150] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[   39.566962] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   39.574775] head: 0bfffe0000000002 fffffdffe0141601 00000000ffffffff 00000000ffffffff
[   39.582586] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   39.590392] page dumped because: kasan: bad access detected
[   39.595948] 
[   39.597423] Memory state around the buggy address:
[   39.602204]  ffff000805058180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.609406]  ffff000805058200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.616611] >ffff000805058280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   39.623812]                                                              ^
[   39.630673]  ffff000805058300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.637878]  ffff000805058380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.645079] ==================================================================

Metadata Full log Test run details

[   30.451901] ==================================================================
[   30.451976] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.452040] Write of size 1 at addr fff00000c792e8eb by task kunit_try_catch/188
[   30.452089] 
[   30.452126] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.452208] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.452233] Hardware name: linux,dummy-virt (DT)
[   30.452264] Call trace:
[   30.452328]  show_stack+0x20/0x38 (C)
[   30.453190]  dump_stack_lvl+0x8c/0xd0
[   30.453256]  print_report+0x118/0x5d0
[   30.453303]  kasan_report+0xdc/0x128
[   30.453346]  __asan_report_store1_noabort+0x20/0x30
[   30.453395]  krealloc_more_oob_helper+0x60c/0x678
[   30.453454]  krealloc_more_oob+0x20/0x38
[   30.453500]  kunit_try_run_case+0x170/0x3f0
[   30.454349]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.454422]  kthread+0x328/0x630
[   30.454755]  ret_from_fork+0x10/0x20
[   30.454807] 
[   30.454826] Allocated by task 188:
[   30.454854]  kasan_save_stack+0x3c/0x68
[   30.454899]  kasan_save_track+0x20/0x40
[   30.454938]  kasan_save_alloc_info+0x40/0x58
[   30.454976]  __kasan_krealloc+0x118/0x178
[   30.455011]  krealloc_noprof+0x128/0x360
[   30.455049]  krealloc_more_oob_helper+0x168/0x678
[   30.455090]  krealloc_more_oob+0x20/0x38
[   30.455133]  kunit_try_run_case+0x170/0x3f0
[   30.455168]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.455209]  kthread+0x328/0x630
[   30.455240]  ret_from_fork+0x10/0x20
[   30.455275] 
[   30.455295] The buggy address belongs to the object at fff00000c792e800
[   30.455295]  which belongs to the cache kmalloc-256 of size 256
[   30.455351] The buggy address is located 0 bytes to the right of
[   30.455351]  allocated 235-byte region [fff00000c792e800, fff00000c792e8eb)
[   30.455412] 
[   30.455431] The buggy address belongs to the physical page:
[   30.455510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c792e600 pfn:0x10792e
[   30.455699] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.455745] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.455798] page_type: f5(slab)
[   30.455838] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.455888] raw: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.455988] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.456555] head: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.456673] head: 0bfffe0000000001 ffffc1ffc31e4b81 00000000ffffffff 00000000ffffffff
[   30.456737] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.456805] page dumped because: kasan: bad access detected
[   30.456836] 
[   30.456853] Memory state around the buggy address:
[   30.456887]  fff00000c792e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.457071]  fff00000c792e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.457152] >fff00000c792e880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.457239]                                                           ^
[   30.457388]  fff00000c792e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.457517]  fff00000c792e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.457565] ==================================================================
[   30.503457] ==================================================================
[   30.503523] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.503587] Write of size 1 at addr fff00000c9a5a0eb by task kunit_try_catch/192
[   30.503635] 
[   30.503667] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.503763] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.503788] Hardware name: linux,dummy-virt (DT)
[   30.503825] Call trace:
[   30.503846]  show_stack+0x20/0x38 (C)
[   30.503895]  dump_stack_lvl+0x8c/0xd0
[   30.503943]  print_report+0x118/0x5d0
[   30.503987]  kasan_report+0xdc/0x128
[   30.504030]  __asan_report_store1_noabort+0x20/0x30
[   30.504079]  krealloc_more_oob_helper+0x60c/0x678
[   30.504127]  krealloc_large_more_oob+0x20/0x38
[   30.504175]  kunit_try_run_case+0x170/0x3f0
[   30.504229]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.504280]  kthread+0x328/0x630
[   30.504322]  ret_from_fork+0x10/0x20
[   30.504368] 
[   30.504393] The buggy address belongs to the physical page:
[   30.504424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   30.504488] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.504534] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.504582] page_type: f8(unknown)
[   30.504619] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.504667] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.504714] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.504759] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.505134] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   30.505322] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.505388] page dumped because: kasan: bad access detected
[   30.505451] 
[   30.505469] Memory state around the buggy address:
[   30.505500]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.505547]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.505592] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.505664]                                                           ^
[   30.505745]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.505845]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.505914] ==================================================================
[   30.458780] ==================================================================
[   30.458828] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.458878] Write of size 1 at addr fff00000c792e8f0 by task kunit_try_catch/188
[   30.458925] 
[   30.458956] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.459036] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.459121] Hardware name: linux,dummy-virt (DT)
[   30.459165] Call trace:
[   30.459231]  show_stack+0x20/0x38 (C)
[   30.459287]  dump_stack_lvl+0x8c/0xd0
[   30.459339]  print_report+0x118/0x5d0
[   30.459451]  kasan_report+0xdc/0x128
[   30.459801]  __asan_report_store1_noabort+0x20/0x30
[   30.459953]  krealloc_more_oob_helper+0x5c0/0x678
[   30.460114]  krealloc_more_oob+0x20/0x38
[   30.460161]  kunit_try_run_case+0x170/0x3f0
[   30.460206]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.460257]  kthread+0x328/0x630
[   30.460299]  ret_from_fork+0x10/0x20
[   30.460346] 
[   30.460364] Allocated by task 188:
[   30.461658]  kasan_save_stack+0x3c/0x68
[   30.461883]  kasan_save_track+0x20/0x40
[   30.461922]  kasan_save_alloc_info+0x40/0x58
[   30.461960]  __kasan_krealloc+0x118/0x178
[   30.462600]  krealloc_noprof+0x128/0x360
[   30.462651]  krealloc_more_oob_helper+0x168/0x678
[   30.462692]  krealloc_more_oob+0x20/0x38
[   30.462729]  kunit_try_run_case+0x170/0x3f0
[   30.462765]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.462807]  kthread+0x328/0x630
[   30.462838]  ret_from_fork+0x10/0x20
[   30.462874] 
[   30.462893] The buggy address belongs to the object at fff00000c792e800
[   30.462893]  which belongs to the cache kmalloc-256 of size 256
[   30.462948] The buggy address is located 5 bytes to the right of
[   30.462948]  allocated 235-byte region [fff00000c792e800, fff00000c792e8eb)
[   30.463009] 
[   30.463028] The buggy address belongs to the physical page:
[   30.463058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c792e600 pfn:0x10792e
[   30.463138] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.463285] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.463365] page_type: f5(slab)
[   30.463468] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.463782] raw: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.464015] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.464121] head: fff00000c792e600 000000008010000f 00000000f5000000 0000000000000000
[   30.464186] head: 0bfffe0000000001 ffffc1ffc31e4b81 00000000ffffffff 00000000ffffffff
[   30.464240] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.464279] page dumped because: kasan: bad access detected
[   30.464326] 
[   30.464343] Memory state around the buggy address:
[   30.464382]  fff00000c792e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.464423]  fff00000c792e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.464476] >fff00000c792e880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.464534]                                                              ^
[   30.464571]  fff00000c792e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.464619]  fff00000c792e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.464665] ==================================================================
[   30.506356] ==================================================================
[   30.506401] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.506482] Write of size 1 at addr fff00000c9a5a0f0 by task kunit_try_catch/192
[   30.506557] 
[   30.506606] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.506726] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.506751] Hardware name: linux,dummy-virt (DT)
[   30.506780] Call trace:
[   30.506799]  show_stack+0x20/0x38 (C)
[   30.506846]  dump_stack_lvl+0x8c/0xd0
[   30.506892]  print_report+0x118/0x5d0
[   30.507079]  kasan_report+0xdc/0x128
[   30.507168]  __asan_report_store1_noabort+0x20/0x30
[   30.507223]  krealloc_more_oob_helper+0x5c0/0x678
[   30.507273]  krealloc_large_more_oob+0x20/0x38
[   30.507320]  kunit_try_run_case+0x170/0x3f0
[   30.507365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.507417]  kthread+0x328/0x630
[   30.507497]  ret_from_fork+0x10/0x20
[   30.507545] 
[   30.507582] The buggy address belongs to the physical page:
[   30.507728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a58
[   30.507860] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.507910] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.507959] page_type: f8(unknown)
[   30.507995] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.508235] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.508354] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.508410] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.508477] head: 0bfffe0000000002 ffffc1ffc3269601 00000000ffffffff 00000000ffffffff
[   30.508543] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.508620] page dumped because: kasan: bad access detected
[   30.508650] 
[   30.508703] Memory state around the buggy address:
[   30.508751]  fff00000c9a59f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.508797]  fff00000c9a5a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.508838] >fff00000c9a5a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.508898]                                                              ^
[   30.508954]  fff00000c9a5a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.509184]  fff00000c9a5a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.509271] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSB6ZD0TprNwndx8osoZfzNbs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSB6ZD0TprNwndx8osoZfzNbs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/Image.gz
sha256sum	118b4ece9a238a43bf808c098cf2bf253d887d33e129eb81e3c965d23e20b8c5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS7fFjob8Lq2iSUNxlIF41bYW/modules.tar.xz
sha256sum	01435f1d178968cd8186d4f9b9cf47e1273301cd5c54bfdff2cd2593d26e1adb

durations

tests

boot	0
kunit	165.28

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.882481] ==================================================================
[   23.883380] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.884063] Write of size 1 at addr ffff8881061120f0 by task kunit_try_catch/208
[   23.884303] 
[   23.884386] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.884430] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.884442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.884461] Call Trace:
[   23.884474]  <TASK>
[   23.884489]  dump_stack_lvl+0x73/0xb0
[   23.884530]  print_report+0xd1/0x610
[   23.884553]  ? __virt_addr_valid+0x1db/0x2d0
[   23.884577]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.884599]  ? kasan_addr_to_slab+0x11/0xa0
[   23.884619]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.884642]  kasan_report+0x141/0x180
[   23.884665]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.884693]  __asan_report_store1_noabort+0x1b/0x30
[   23.884717]  krealloc_more_oob_helper+0x7eb/0x930
[   23.884739]  ? __schedule+0x10cc/0x2b60
[   23.884760]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.884784]  ? finish_task_switch.isra.0+0x153/0x700
[   23.884805]  ? __switch_to+0x47/0xf80
[   23.884831]  ? __schedule+0x10cc/0x2b60
[   23.884851]  ? __pfx_read_tsc+0x10/0x10
[   23.884876]  krealloc_large_more_oob+0x1c/0x30
[   23.884898]  kunit_try_run_case+0x1a5/0x480
[   23.884985]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.885008]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.885031]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.885053]  ? __kthread_parkme+0x82/0x180
[   23.885073]  ? preempt_count_sub+0x50/0x80
[   23.885096]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.885118]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.885144]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.885170]  kthread+0x337/0x6f0
[   23.885189]  ? trace_preempt_on+0x20/0xc0
[   23.885212]  ? __pfx_kthread+0x10/0x10
[   23.885232]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.885256]  ? calculate_sigpending+0x7b/0xa0
[   23.885279]  ? __pfx_kthread+0x10/0x10
[   23.885300]  ret_from_fork+0x116/0x1d0
[   23.885320]  ? __pfx_kthread+0x10/0x10
[   23.885340]  ret_from_fork_asm+0x1a/0x30
[   23.885371]  </TASK>
[   23.885382] 
[   23.895843] The buggy address belongs to the physical page:
[   23.896056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106110
[   23.896362] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.896648] flags: 0x200000000000040(head|node=0|zone=2)
[   23.897261] page_type: f8(unknown)
[   23.897394] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.897634] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.897943] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.898278] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.898786] head: 0200000000000002 ffffea0004184401 00000000ffffffff 00000000ffffffff
[   23.899031] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.899285] page dumped because: kasan: bad access detected
[   23.899544] 
[   23.899697] Memory state around the buggy address:
[   23.899924]  ffff888106111f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.900233]  ffff888106112000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.900793] >ffff888106112080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.901069]                                                              ^
[   23.901327]  ffff888106112100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.901659]  ffff888106112180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.901898] ==================================================================
[   23.702440] ==================================================================
[   23.702767] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.703269] Write of size 1 at addr ffff888104b460f0 by task kunit_try_catch/204
[   23.703601] 
[   23.703708] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.703769] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.703783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.703805] Call Trace:
[   23.703820]  <TASK>
[   23.703836]  dump_stack_lvl+0x73/0xb0
[   23.703868]  print_report+0xd1/0x610
[   23.703895]  ? __virt_addr_valid+0x1db/0x2d0
[   23.703923]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.703950]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.703981]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.704010]  kasan_report+0x141/0x180
[   23.704037]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.704073]  __asan_report_store1_noabort+0x1b/0x30
[   23.704101]  krealloc_more_oob_helper+0x7eb/0x930
[   23.704128]  ? __schedule+0x10cc/0x2b60
[   23.704155]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.704184]  ? finish_task_switch.isra.0+0x153/0x700
[   23.704209]  ? __switch_to+0x47/0xf80
[   23.704241]  ? __schedule+0x10cc/0x2b60
[   23.704267]  ? __pfx_read_tsc+0x10/0x10
[   23.704503]  krealloc_more_oob+0x1c/0x30
[   23.704551]  kunit_try_run_case+0x1a5/0x480
[   23.704743]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.704776]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.704804]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.704850]  ? __kthread_parkme+0x82/0x180
[   23.704875]  ? preempt_count_sub+0x50/0x80
[   23.704904]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.704932]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.704962]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.704993]  kthread+0x337/0x6f0
[   23.705019]  ? trace_preempt_on+0x20/0xc0
[   23.705048]  ? __pfx_kthread+0x10/0x10
[   23.705074]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.705294]  ? calculate_sigpending+0x7b/0xa0
[   23.705337]  ? __pfx_kthread+0x10/0x10
[   23.705365]  ret_from_fork+0x116/0x1d0
[   23.705389]  ? __pfx_kthread+0x10/0x10
[   23.705414]  ret_from_fork_asm+0x1a/0x30
[   23.705453]  </TASK>
[   23.705465] 
[   23.713923] Allocated by task 204:
[   23.714048]  kasan_save_stack+0x45/0x70
[   23.714192]  kasan_save_track+0x18/0x40
[   23.714323]  kasan_save_alloc_info+0x3b/0x50
[   23.714472]  __kasan_krealloc+0x190/0x1f0
[   23.714718]  krealloc_noprof+0xf3/0x340
[   23.715242]  krealloc_more_oob_helper+0x1a9/0x930
[   23.715474]  krealloc_more_oob+0x1c/0x30
[   23.715823]  kunit_try_run_case+0x1a5/0x480
[   23.716029]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.716348]  kthread+0x337/0x6f0
[   23.716541]  ret_from_fork+0x116/0x1d0
[   23.716790]  ret_from_fork_asm+0x1a/0x30
[   23.717017] 
[   23.717125] The buggy address belongs to the object at ffff888104b46000
[   23.717125]  which belongs to the cache kmalloc-256 of size 256
[   23.717676] The buggy address is located 5 bytes to the right of
[   23.717676]  allocated 235-byte region [ffff888104b46000, ffff888104b460eb)
[   23.718138] 
[   23.718203] The buggy address belongs to the physical page:
[   23.718369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b46
[   23.718775] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.719056] flags: 0x200000000000040(head|node=0|zone=2)
[   23.719283] page_type: f5(slab)
[   23.719429] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.719765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.720064] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.720370] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.721474] head: 0200000000000001 ffffea000412d181 00000000ffffffff 00000000ffffffff
[   23.721815] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.722129] page dumped because: kasan: bad access detected
[   23.722366] 
[   23.722472] Memory state around the buggy address:
[   23.722877]  ffff888104b45f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.723216]  ffff888104b46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.723506] >ffff888104b46080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.723906]                                                              ^
[   23.724217]  ffff888104b46100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.724534]  ffff888104b46180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.724923] ==================================================================
[   23.861428] ==================================================================
[   23.862502] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.863166] Write of size 1 at addr ffff8881061120eb by task kunit_try_catch/208
[   23.863849] 
[   23.864081] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.864147] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.864160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.864179] Call Trace:
[   23.864191]  <TASK>
[   23.864207]  dump_stack_lvl+0x73/0xb0
[   23.864235]  print_report+0xd1/0x610
[   23.864258]  ? __virt_addr_valid+0x1db/0x2d0
[   23.864280]  ? krealloc_more_oob_helper+0x821/0x930
[   23.864303]  ? kasan_addr_to_slab+0x11/0xa0
[   23.864323]  ? krealloc_more_oob_helper+0x821/0x930
[   23.864346]  kasan_report+0x141/0x180
[   23.864368]  ? krealloc_more_oob_helper+0x821/0x930
[   23.864396]  __asan_report_store1_noabort+0x1b/0x30
[   23.864420]  krealloc_more_oob_helper+0x821/0x930
[   23.864442]  ? __schedule+0x10cc/0x2b60
[   23.864463]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.864487]  ? finish_task_switch.isra.0+0x153/0x700
[   23.864508]  ? __switch_to+0x47/0xf80
[   23.864545]  ? __schedule+0x10cc/0x2b60
[   23.864566]  ? __pfx_read_tsc+0x10/0x10
[   23.864655]  krealloc_large_more_oob+0x1c/0x30
[   23.864679]  kunit_try_run_case+0x1a5/0x480
[   23.864702]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.864723]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.864745]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.864767]  ? __kthread_parkme+0x82/0x180
[   23.864787]  ? preempt_count_sub+0x50/0x80
[   23.864809]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.864832]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.864857]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.864883]  kthread+0x337/0x6f0
[   23.864902]  ? trace_preempt_on+0x20/0xc0
[   23.864925]  ? __pfx_kthread+0x10/0x10
[   23.864945]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.864969]  ? calculate_sigpending+0x7b/0xa0
[   23.864992]  ? __pfx_kthread+0x10/0x10
[   23.865013]  ret_from_fork+0x116/0x1d0
[   23.865032]  ? __pfx_kthread+0x10/0x10
[   23.865052]  ret_from_fork_asm+0x1a/0x30
[   23.865083]  </TASK>
[   23.865094] 
[   23.874601] The buggy address belongs to the physical page:
[   23.874952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106110
[   23.875345] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.875643] flags: 0x200000000000040(head|node=0|zone=2)
[   23.875861] page_type: f8(unknown)
[   23.876296] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.876672] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.877147] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.877384] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.877935] head: 0200000000000002 ffffea0004184401 00000000ffffffff 00000000ffffffff
[   23.878307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.878770] page dumped because: kasan: bad access detected
[   23.878944] 
[   23.879033] Memory state around the buggy address:
[   23.879292]  ffff888106111f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.879689]  ffff888106112000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.879911] >ffff888106112080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.880226]                                                           ^
[   23.880507]  ffff888106112100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.880967]  ffff888106112180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.881220] ==================================================================
[   23.680145] ==================================================================
[   23.680861] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.681167] Write of size 1 at addr ffff888104b460eb by task kunit_try_catch/204
[   23.681528] 
[   23.681860] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.681917] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.681957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.681979] Call Trace:
[   23.681993]  <TASK>
[   23.682009]  dump_stack_lvl+0x73/0xb0
[   23.682063]  print_report+0xd1/0x610
[   23.682091]  ? __virt_addr_valid+0x1db/0x2d0
[   23.682119]  ? krealloc_more_oob_helper+0x821/0x930
[   23.682147]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.682178]  ? krealloc_more_oob_helper+0x821/0x930
[   23.682207]  kasan_report+0x141/0x180
[   23.682234]  ? krealloc_more_oob_helper+0x821/0x930
[   23.682269]  __asan_report_store1_noabort+0x1b/0x30
[   23.682297]  krealloc_more_oob_helper+0x821/0x930
[   23.682324]  ? __schedule+0x10cc/0x2b60
[   23.682350]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.682379]  ? finish_task_switch.isra.0+0x153/0x700
[   23.682405]  ? __switch_to+0x47/0xf80
[   23.682438]  ? __schedule+0x10cc/0x2b60
[   23.682473]  ? __pfx_read_tsc+0x10/0x10
[   23.682503]  krealloc_more_oob+0x1c/0x30
[   23.682539]  kunit_try_run_case+0x1a5/0x480
[   23.682568]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.682595]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.682622]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.682649]  ? __kthread_parkme+0x82/0x180
[   23.682674]  ? preempt_count_sub+0x50/0x80
[   23.682774]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.682803]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.682834]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.682865]  kthread+0x337/0x6f0
[   23.682890]  ? trace_preempt_on+0x20/0xc0
[   23.682918]  ? __pfx_kthread+0x10/0x10
[   23.682944]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.682973]  ? calculate_sigpending+0x7b/0xa0
[   23.683001]  ? __pfx_kthread+0x10/0x10
[   23.683028]  ret_from_fork+0x116/0x1d0
[   23.683051]  ? __pfx_kthread+0x10/0x10
[   23.683077]  ret_from_fork_asm+0x1a/0x30
[   23.683117]  </TASK>
[   23.683129] 
[   23.691390] Allocated by task 204:
[   23.691625]  kasan_save_stack+0x45/0x70
[   23.691885]  kasan_save_track+0x18/0x40
[   23.692076]  kasan_save_alloc_info+0x3b/0x50
[   23.692262]  __kasan_krealloc+0x190/0x1f0
[   23.692475]  krealloc_noprof+0xf3/0x340
[   23.692727]  krealloc_more_oob_helper+0x1a9/0x930
[   23.692966]  krealloc_more_oob+0x1c/0x30
[   23.693158]  kunit_try_run_case+0x1a5/0x480
[   23.693363]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.693652]  kthread+0x337/0x6f0
[   23.693889]  ret_from_fork+0x116/0x1d0
[   23.694061]  ret_from_fork_asm+0x1a/0x30
[   23.694335] 
[   23.694429] The buggy address belongs to the object at ffff888104b46000
[   23.694429]  which belongs to the cache kmalloc-256 of size 256
[   23.695043] The buggy address is located 0 bytes to the right of
[   23.695043]  allocated 235-byte region [ffff888104b46000, ffff888104b460eb)
[   23.695562] 
[   23.695657] The buggy address belongs to the physical page:
[   23.696014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b46
[   23.696346] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.696576] flags: 0x200000000000040(head|node=0|zone=2)
[   23.696745] page_type: f5(slab)
[   23.696904] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.697231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.697600] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   23.697985] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.698211] head: 0200000000000001 ffffea000412d181 00000000ffffffff 00000000ffffffff
[   23.698432] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.698966] page dumped because: kasan: bad access detected
[   23.699221] 
[   23.699387] Memory state around the buggy address:
[   23.699828]  ffff888104b45f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.700156]  ffff888104b46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.700486] >ffff888104b46080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.700950]                                                           ^
[   23.701151]  ffff888104b46100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.701484]  ffff888104b46180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.701827] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuS6DosVUhzL9DaDmqO9nLybFJ

job_id

TEST:linaro@lkft#2zuSCDmb4DEQtYONUdNKA0gDr4g

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuSCDmb4DEQtYONUdNKA0gDr4g

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/bzImage
sha256sum	c1e74129e828139d1503e1b2906d7bf3cc50987150c7e120efde5dc3ba3dece2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuS8r35xHBxsDmYxAGYTykGzuO/modules.tar.xz
sha256sum	c033def305798e90a1dd43392f34d6ac3a5642caf58a41fa7d2b499626275ec8

durations

tests

boot	0
kunit	244.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - e850-96 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit