lkft/linux-next-master - next-20250617 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 17, 2025, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   16.678763] ==================================================================
[   16.678854] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.678920] Write of size 1 at addr fff00000c176b6eb by task kunit_try_catch/165
[   16.679008] 
[   16.679057] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.679144] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.679189] Hardware name: linux,dummy-virt (DT)
[   16.679221] Call trace:
[   16.679245]  show_stack+0x20/0x38 (C)
[   16.679295]  dump_stack_lvl+0x8c/0xd0
[   16.679493]  print_report+0x118/0x608
[   16.679555]  kasan_report+0xdc/0x128
[   16.679625]  __asan_report_store1_noabort+0x20/0x30
[   16.679718]  krealloc_more_oob_helper+0x60c/0x678
[   16.679825]  krealloc_more_oob+0x20/0x38
[   16.679917]  kunit_try_run_case+0x170/0x3f0
[   16.680053]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.680164]  kthread+0x328/0x630
[   16.680245]  ret_from_fork+0x10/0x20
[   16.680381] 
[   16.680443] Allocated by task 165:
[   16.680501]  kasan_save_stack+0x3c/0x68
[   16.680607]  kasan_save_track+0x20/0x40
[   16.680695]  kasan_save_alloc_info+0x40/0x58
[   16.680732]  __kasan_krealloc+0x118/0x178
[   16.680769]  krealloc_noprof+0x128/0x360
[   16.681089]  krealloc_more_oob_helper+0x168/0x678
[   16.681196]  krealloc_more_oob+0x20/0x38
[   16.681285]  kunit_try_run_case+0x170/0x3f0
[   16.681371]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.681488]  kthread+0x328/0x630
[   16.681547]  ret_from_fork+0x10/0x20
[   16.681623] 
[   16.681720] The buggy address belongs to the object at fff00000c176b600
[   16.681720]  which belongs to the cache kmalloc-256 of size 256
[   16.681818] The buggy address is located 0 bytes to the right of
[   16.681818]  allocated 235-byte region [fff00000c176b600, fff00000c176b6eb)
[   16.681893] 
[   16.682074] The buggy address belongs to the physical page:
[   16.682293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10176a
[   16.682406] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.682492] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.682570] page_type: f5(slab)
[   16.682621] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.682848] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.683005] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.683106] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.683239] head: 0bfffe0000000001 ffffc1ffc305da81 00000000ffffffff 00000000ffffffff
[   16.683318] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.683402] page dumped because: kasan: bad access detected
[   16.683504] 
[   16.683558] Memory state around the buggy address:
[   16.683633]  fff00000c176b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.683734]  fff00000c176b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.683803] >fff00000c176b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.683912]                                                           ^
[   16.683981]  fff00000c176b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.684046]  fff00000c176b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.684248] ==================================================================
[   16.751376] ==================================================================
[   16.751616] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.752223] Write of size 1 at addr fff00000c50b60f0 by task kunit_try_catch/169
[   16.752528] 
[   16.752560] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.752984] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.753013] Hardware name: linux,dummy-virt (DT)
[   16.753232] Call trace:
[   16.753262]  show_stack+0x20/0x38 (C)
[   16.753320]  dump_stack_lvl+0x8c/0xd0
[   16.753368]  print_report+0x118/0x608
[   16.753415]  kasan_report+0xdc/0x128
[   16.753460]  __asan_report_store1_noabort+0x20/0x30
[   16.753507]  krealloc_more_oob_helper+0x5c0/0x678
[   16.753556]  krealloc_large_more_oob+0x20/0x38
[   16.753608]  kunit_try_run_case+0x170/0x3f0
[   16.753655]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.753706]  kthread+0x328/0x630
[   16.753747]  ret_from_fork+0x10/0x20
[   16.753794] 
[   16.753814] The buggy address belongs to the physical page:
[   16.754227] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b4
[   16.754533] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.754735] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.754902] page_type: f8(unknown)
[   16.754973] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.755024] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.755096] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.755145] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.755262] head: 0bfffe0000000002 ffffc1ffc3142d01 00000000ffffffff 00000000ffffffff
[   16.755311] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.755351] page dumped because: kasan: bad access detected
[   16.755381] 
[   16.755399] Memory state around the buggy address:
[   16.755431]  fff00000c50b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.755480]  fff00000c50b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.755524] >fff00000c50b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.755672]                                                              ^
[   16.755803]  fff00000c50b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.755846]  fff00000c50b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.755884] ==================================================================
[   16.685198] ==================================================================
[   16.685245] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.685494] Write of size 1 at addr fff00000c176b6f0 by task kunit_try_catch/165
[   16.685561] 
[   16.685597] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.685681] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.685791] Hardware name: linux,dummy-virt (DT)
[   16.685875] Call trace:
[   16.685908]  show_stack+0x20/0x38 (C)
[   16.686009]  dump_stack_lvl+0x8c/0xd0
[   16.686114]  print_report+0x118/0x608
[   16.686166]  kasan_report+0xdc/0x128
[   16.686211]  __asan_report_store1_noabort+0x20/0x30
[   16.686577]  krealloc_more_oob_helper+0x5c0/0x678
[   16.686671]  krealloc_more_oob+0x20/0x38
[   16.686718]  kunit_try_run_case+0x170/0x3f0
[   16.686790]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.686843]  kthread+0x328/0x630
[   16.686884]  ret_from_fork+0x10/0x20
[   16.686942] 
[   16.686960] Allocated by task 165:
[   16.686988]  kasan_save_stack+0x3c/0x68
[   16.687224]  kasan_save_track+0x20/0x40
[   16.687267]  kasan_save_alloc_info+0x40/0x58
[   16.687383]  __kasan_krealloc+0x118/0x178
[   16.687606]  krealloc_noprof+0x128/0x360
[   16.687643]  krealloc_more_oob_helper+0x168/0x678
[   16.687682]  krealloc_more_oob+0x20/0x38
[   16.687718]  kunit_try_run_case+0x170/0x3f0
[   16.687755]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.687797]  kthread+0x328/0x630
[   16.687836]  ret_from_fork+0x10/0x20
[   16.688008] 
[   16.688028] The buggy address belongs to the object at fff00000c176b600
[   16.688028]  which belongs to the cache kmalloc-256 of size 256
[   16.688086] The buggy address is located 5 bytes to the right of
[   16.688086]  allocated 235-byte region [fff00000c176b600, fff00000c176b6eb)
[   16.688149] 
[   16.688169] The buggy address belongs to the physical page:
[   16.688201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10176a
[   16.688253] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.688300] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.688350] page_type: f5(slab)
[   16.688388] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.688437] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.688486] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.688533] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.688581] head: 0bfffe0000000001 ffffc1ffc305da81 00000000ffffffff 00000000ffffffff
[   16.688629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.688669] page dumped because: kasan: bad access detected
[   16.688699] 
[   16.688716] Memory state around the buggy address:
[   16.688746]  fff00000c176b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.688788]  fff00000c176b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.688829] >fff00000c176b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.688903]                                                              ^
[   16.688951]  fff00000c176b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.688991]  fff00000c176b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.689029] ==================================================================
[   16.744545] ==================================================================
[   16.744602] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.744664] Write of size 1 at addr fff00000c50b60eb by task kunit_try_catch/169
[   16.744714] 
[   16.744749] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.744835] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.744870] Hardware name: linux,dummy-virt (DT)
[   16.745229] Call trace:
[   16.745324]  show_stack+0x20/0x38 (C)
[   16.745739]  dump_stack_lvl+0x8c/0xd0
[   16.745922]  print_report+0x118/0x608
[   16.745983]  kasan_report+0xdc/0x128
[   16.746399]  __asan_report_store1_noabort+0x20/0x30
[   16.746584]  krealloc_more_oob_helper+0x60c/0x678
[   16.746635]  krealloc_large_more_oob+0x20/0x38
[   16.746683]  kunit_try_run_case+0x170/0x3f0
[   16.746732]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.747080]  kthread+0x328/0x630
[   16.747211]  ret_from_fork+0x10/0x20
[   16.747669] 
[   16.747711] The buggy address belongs to the physical page:
[   16.747744] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b4
[   16.747866] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.747915] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.748017] page_type: f8(unknown)
[   16.748066] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.748293] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.748403] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.748566] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.748695] head: 0bfffe0000000002 ffffc1ffc3142d01 00000000ffffffff 00000000ffffffff
[   16.748744] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.748783] page dumped because: kasan: bad access detected
[   16.748814] 
[   16.748832] Memory state around the buggy address:
[   16.748865]  fff00000c50b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.748943]  fff00000c50b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.748984] >fff00000c50b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.749021]                                                           ^
[   16.749060]  fff00000c50b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.749101]  fff00000c50b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.749139] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmGBohWgwDt0q1MSJxRxJ46Gq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmGBohWgwDt0q1MSJxRxJ46Gq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/Image.gz
sha256sum	0e75f247fcfca828bae2c74673e3187b2cb142639542a20241767255dd2a989b

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/modules.tar.xz
sha256sum	18ad61734b8ac92476de265f77917a21b448a5c78baec17abc62599dfb00aad0

durations

tests

boot	0
kunit	171.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.125933] ==================================================================
[   17.126943] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   17.127717] Write of size 1 at addr ffff8881039088eb by task kunit_try_catch/183
[   17.128721] 
[   17.129055] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.129432] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.129499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.129556] Call Trace:
[   17.129591]  <TASK>
[   17.129634]  dump_stack_lvl+0x73/0xb0
[   17.129713]  print_report+0xd1/0x650
[   17.129748]  ? __virt_addr_valid+0x1db/0x2d0
[   17.129781]  ? krealloc_more_oob_helper+0x821/0x930
[   17.129813]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.129867]  ? krealloc_more_oob_helper+0x821/0x930
[   17.129904]  kasan_report+0x141/0x180
[   17.129935]  ? krealloc_more_oob_helper+0x821/0x930
[   17.129974]  __asan_report_store1_noabort+0x1b/0x30
[   17.130008]  krealloc_more_oob_helper+0x821/0x930
[   17.130038]  ? __schedule+0x10cc/0x2b60
[   17.130066]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   17.130099]  ? finish_task_switch.isra.0+0x153/0x700
[   17.130132]  ? __switch_to+0x47/0xf50
[   17.130166]  ? __schedule+0x10cc/0x2b60
[   17.130191]  ? __pfx_read_tsc+0x10/0x10
[   17.130269]  krealloc_more_oob+0x1c/0x30
[   17.130353]  kunit_try_run_case+0x1a5/0x480
[   17.130414]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.130447]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.130476]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.130513]  ? __kthread_parkme+0x82/0x180
[   17.130541]  ? preempt_count_sub+0x50/0x80
[   17.130573]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.130608]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.130640]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.130672]  kthread+0x337/0x6f0
[   17.130700]  ? trace_preempt_on+0x20/0xc0
[   17.130734]  ? __pfx_kthread+0x10/0x10
[   17.130762]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.130796]  ? calculate_sigpending+0x7b/0xa0
[   17.130849]  ? __pfx_kthread+0x10/0x10
[   17.130889]  ret_from_fork+0x116/0x1d0
[   17.130914]  ? __pfx_kthread+0x10/0x10
[   17.130943]  ret_from_fork_asm+0x1a/0x30
[   17.130985]  </TASK>
[   17.131003] 
[   17.150954] Allocated by task 183:
[   17.151513]  kasan_save_stack+0x45/0x70
[   17.152091]  kasan_save_track+0x18/0x40
[   17.152572]  kasan_save_alloc_info+0x3b/0x50
[   17.153172]  __kasan_krealloc+0x190/0x1f0
[   17.153747]  krealloc_noprof+0xf3/0x340
[   17.154373]  krealloc_more_oob_helper+0x1a9/0x930
[   17.154980]  krealloc_more_oob+0x1c/0x30
[   17.155606]  kunit_try_run_case+0x1a5/0x480
[   17.156120]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.156826]  kthread+0x337/0x6f0
[   17.157150]  ret_from_fork+0x116/0x1d0
[   17.157763]  ret_from_fork_asm+0x1a/0x30
[   17.158417] 
[   17.158673] The buggy address belongs to the object at ffff888103908800
[   17.158673]  which belongs to the cache kmalloc-256 of size 256
[   17.159892] The buggy address is located 0 bytes to the right of
[   17.159892]  allocated 235-byte region [ffff888103908800, ffff8881039088eb)
[   17.160811] 
[   17.161449] The buggy address belongs to the physical page:
[   17.161882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   17.163059] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.163934] flags: 0x200000000000040(head|node=0|zone=2)
[   17.164266] page_type: f5(slab)
[   17.164503] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.164923] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.165335] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.166128] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.166819] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   17.169053] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.169783] page dumped because: kasan: bad access detected
[   17.170416] 
[   17.170623] Memory state around the buggy address:
[   17.171065]  ffff888103908780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.171895]  ffff888103908800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.172657] >ffff888103908880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.173204]                                                           ^
[   17.173891]  ffff888103908900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.174551]  ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.175093] ==================================================================
[   17.176678] ==================================================================
[   17.177200] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   17.177879] Write of size 1 at addr ffff8881039088f0 by task kunit_try_catch/183
[   17.178655] 
[   17.178915] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.179040] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.179076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.179135] Call Trace:
[   17.179170]  <TASK>
[   17.179335]  dump_stack_lvl+0x73/0xb0
[   17.179976]  print_report+0xd1/0x650
[   17.180051]  ? __virt_addr_valid+0x1db/0x2d0
[   17.180123]  ? krealloc_more_oob_helper+0x7eb/0x930
[   17.180194]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.180278]  ? krealloc_more_oob_helper+0x7eb/0x930
[   17.180353]  kasan_report+0x141/0x180
[   17.180426]  ? krealloc_more_oob_helper+0x7eb/0x930
[   17.180510]  __asan_report_store1_noabort+0x1b/0x30
[   17.180587]  krealloc_more_oob_helper+0x7eb/0x930
[   17.180660]  ? __schedule+0x10cc/0x2b60
[   17.180728]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   17.180799]  ? finish_task_switch.isra.0+0x153/0x700
[   17.180888]  ? __switch_to+0x47/0xf50
[   17.180965]  ? __schedule+0x10cc/0x2b60
[   17.181035]  ? __pfx_read_tsc+0x10/0x10
[   17.181102]  krealloc_more_oob+0x1c/0x30
[   17.181160]  kunit_try_run_case+0x1a5/0x480
[   17.181221]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.181281]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.181337]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.181404]  ? __kthread_parkme+0x82/0x180
[   17.181459]  ? preempt_count_sub+0x50/0x80
[   17.181512]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.181576]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.181650]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.181723]  kthread+0x337/0x6f0
[   17.181788]  ? trace_preempt_on+0x20/0xc0
[   17.181872]  ? __pfx_kthread+0x10/0x10
[   17.181942]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.182007]  ? calculate_sigpending+0x7b/0xa0
[   17.182079]  ? __pfx_kthread+0x10/0x10
[   17.182113]  ret_from_fork+0x116/0x1d0
[   17.182139]  ? __pfx_kthread+0x10/0x10
[   17.182167]  ret_from_fork_asm+0x1a/0x30
[   17.182210]  </TASK>
[   17.182236] 
[   17.199743] Allocated by task 183:
[   17.200129]  kasan_save_stack+0x45/0x70
[   17.200750]  kasan_save_track+0x18/0x40
[   17.201156]  kasan_save_alloc_info+0x3b/0x50
[   17.201751]  __kasan_krealloc+0x190/0x1f0
[   17.202192]  krealloc_noprof+0xf3/0x340
[   17.202989]  krealloc_more_oob_helper+0x1a9/0x930
[   17.203427]  krealloc_more_oob+0x1c/0x30
[   17.203864]  kunit_try_run_case+0x1a5/0x480
[   17.204275]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.204647]  kthread+0x337/0x6f0
[   17.205008]  ret_from_fork+0x116/0x1d0
[   17.205395]  ret_from_fork_asm+0x1a/0x30
[   17.205722] 
[   17.206029] The buggy address belongs to the object at ffff888103908800
[   17.206029]  which belongs to the cache kmalloc-256 of size 256
[   17.207599] The buggy address is located 5 bytes to the right of
[   17.207599]  allocated 235-byte region [ffff888103908800, ffff8881039088eb)
[   17.208872] 
[   17.209068] The buggy address belongs to the physical page:
[   17.209581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   17.210718] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.211584] flags: 0x200000000000040(head|node=0|zone=2)
[   17.212093] page_type: f5(slab)
[   17.212638] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.213398] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.214040] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.214967] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.216146] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   17.218622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.219106] page dumped because: kasan: bad access detected
[   17.220302] 
[   17.220906] Memory state around the buggy address:
[   17.221696]  ffff888103908780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.222248]  ffff888103908800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.223887] >ffff888103908880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.224445]                                                              ^
[   17.224918]  ffff888103908900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.225307]  ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.225676] ==================================================================
[   17.501755] ==================================================================
[   17.502900] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   17.503448] Write of size 1 at addr ffff88810395a0f0 by task kunit_try_catch/187
[   17.505689] 
[   17.506103] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.506215] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.506244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.506291] Call Trace:
[   17.506332]  <TASK>
[   17.506371]  dump_stack_lvl+0x73/0xb0
[   17.506435]  print_report+0xd1/0x650
[   17.506486]  ? __virt_addr_valid+0x1db/0x2d0
[   17.506535]  ? krealloc_more_oob_helper+0x7eb/0x930
[   17.506585]  ? kasan_addr_to_slab+0x11/0xa0
[   17.506631]  ? krealloc_more_oob_helper+0x7eb/0x930
[   17.506683]  kasan_report+0x141/0x180
[   17.506732]  ? krealloc_more_oob_helper+0x7eb/0x930
[   17.506792]  __asan_report_store1_noabort+0x1b/0x30
[   17.506862]  krealloc_more_oob_helper+0x7eb/0x930
[   17.506915]  ? __schedule+0x10cc/0x2b60
[   17.506962]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   17.507014]  ? finish_task_switch.isra.0+0x153/0x700
[   17.507062]  ? __switch_to+0x47/0xf50
[   17.507115]  ? __schedule+0x10cc/0x2b60
[   17.507157]  ? __pfx_read_tsc+0x10/0x10
[   17.507210]  krealloc_large_more_oob+0x1c/0x30
[   17.507258]  kunit_try_run_case+0x1a5/0x480
[   17.507309]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.507358]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.507404]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.507457]  ? __kthread_parkme+0x82/0x180
[   17.507500]  ? preempt_count_sub+0x50/0x80
[   17.507560]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.507612]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.507663]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.507710]  kthread+0x337/0x6f0
[   17.507752]  ? trace_preempt_on+0x20/0xc0
[   17.507802]  ? __pfx_kthread+0x10/0x10
[   17.507884]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.507962]  ? calculate_sigpending+0x7b/0xa0
[   17.508040]  ? __pfx_kthread+0x10/0x10
[   17.508156]  ret_from_fork+0x116/0x1d0
[   17.508391]  ? __pfx_kthread+0x10/0x10
[   17.508456]  ret_from_fork_asm+0x1a/0x30
[   17.508525]  </TASK>
[   17.508553] 
[   17.531101] The buggy address belongs to the physical page:
[   17.532196] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   17.533609] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.535118] flags: 0x200000000000040(head|node=0|zone=2)
[   17.536192] page_type: f8(unknown)
[   17.536765] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.538011] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.539125] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.541210] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.541721] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   17.542601] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.543165] page dumped because: kasan: bad access detected
[   17.544466] 
[   17.544689] Memory state around the buggy address:
[   17.545803]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.546793]  ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.547694] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.548537]                                                              ^
[   17.550099]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.551194]  ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.551713] ==================================================================
[   17.454052] ==================================================================
[   17.454899] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   17.456599] Write of size 1 at addr ffff88810395a0eb by task kunit_try_catch/187
[   17.457721] 
[   17.458140] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.458594] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.458636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.458721] Call Trace:
[   17.458760]  <TASK>
[   17.458807]  dump_stack_lvl+0x73/0xb0
[   17.458887]  print_report+0xd1/0x650
[   17.458923]  ? __virt_addr_valid+0x1db/0x2d0
[   17.458956]  ? krealloc_more_oob_helper+0x821/0x930
[   17.458989]  ? kasan_addr_to_slab+0x11/0xa0
[   17.459017]  ? krealloc_more_oob_helper+0x821/0x930
[   17.459049]  kasan_report+0x141/0x180
[   17.459080]  ? krealloc_more_oob_helper+0x821/0x930
[   17.459118]  __asan_report_store1_noabort+0x1b/0x30
[   17.459153]  krealloc_more_oob_helper+0x821/0x930
[   17.459185]  ? __schedule+0x10cc/0x2b60
[   17.459227]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   17.459301]  ? finish_task_switch.isra.0+0x153/0x700
[   17.459394]  ? __switch_to+0x47/0xf50
[   17.459439]  ? __schedule+0x10cc/0x2b60
[   17.459466]  ? __pfx_read_tsc+0x10/0x10
[   17.459500]  krealloc_large_more_oob+0x1c/0x30
[   17.459533]  kunit_try_run_case+0x1a5/0x480
[   17.459587]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.459619]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.459647]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.459683]  ? __kthread_parkme+0x82/0x180
[   17.459711]  ? preempt_count_sub+0x50/0x80
[   17.459740]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.459772]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.459803]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.459861]  kthread+0x337/0x6f0
[   17.459895]  ? trace_preempt_on+0x20/0xc0
[   17.459930]  ? __pfx_kthread+0x10/0x10
[   17.459958]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.459990]  ? calculate_sigpending+0x7b/0xa0
[   17.460024]  ? __pfx_kthread+0x10/0x10
[   17.460053]  ret_from_fork+0x116/0x1d0
[   17.460079]  ? __pfx_kthread+0x10/0x10
[   17.460106]  ret_from_fork_asm+0x1a/0x30
[   17.460148]  </TASK>
[   17.460164] 
[   17.478679] The buggy address belongs to the physical page:
[   17.479400] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   17.480198] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.481020] flags: 0x200000000000040(head|node=0|zone=2)
[   17.481766] page_type: f8(unknown)
[   17.482042] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.484008] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.485358] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.487808] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.488336] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   17.488995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.489715] page dumped because: kasan: bad access detected
[   17.490570] 
[   17.492513] Memory state around the buggy address:
[   17.492925]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.493412]  ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.493774] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.494156]                                                           ^
[   17.495788]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.497296]  ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.500447] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmHIv4OjqzuY4se718cLGQLXs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmHIv4OjqzuY4se718cLGQLXs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/bzImage
sha256sum	e8ff53ed1294ecb6e3942f69c9702cf67245fcd535135359b70f78a45efa657a

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/modules.tar.xz
sha256sum	4b7f7ee9385141e7d851b6b43f3ef6c0857845282181ddc6cfac1e13c3ff02a7

durations

tests

boot	0
kunit	223.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit