lkft/linux-next-master - next-20250618 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 18, 2025, 6:43 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.976273] ==================================================================
[   19.976563] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.976696] Write of size 1 at addr fff00000c59a8cf0 by task kunit_try_catch/166
[   19.976809] 
[   19.976892] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   19.977101] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.977165] Hardware name: linux,dummy-virt (DT)
[   19.977240] Call trace:
[   19.977292]  show_stack+0x20/0x38 (C)
[   19.977924]  dump_stack_lvl+0x8c/0xd0
[   19.978120]  print_report+0x118/0x608
[   19.978276]  kasan_report+0xdc/0x128
[   19.978384]  __asan_report_store1_noabort+0x20/0x30
[   19.978474]  krealloc_more_oob_helper+0x5c0/0x678
[   19.978557]  krealloc_more_oob+0x20/0x38
[   19.978643]  kunit_try_run_case+0x170/0x3f0
[   19.978720]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.978820]  kthread+0x328/0x630
[   19.978903]  ret_from_fork+0x10/0x20
[   19.979073] 
[   19.979131] Allocated by task 166:
[   19.979214]  kasan_save_stack+0x3c/0x68
[   19.979336]  kasan_save_track+0x20/0x40
[   19.979417]  kasan_save_alloc_info+0x40/0x58
[   19.979532]  __kasan_krealloc+0x118/0x178
[   19.979638]  krealloc_noprof+0x128/0x360
[   19.979747]  krealloc_more_oob_helper+0x168/0x678
[   19.979855]  krealloc_more_oob+0x20/0x38
[   19.979945]  kunit_try_run_case+0x170/0x3f0
[   19.980030]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.980111]  kthread+0x328/0x630
[   19.980178]  ret_from_fork+0x10/0x20
[   19.980253] 
[   19.980667] The buggy address belongs to the object at fff00000c59a8c00
[   19.980667]  which belongs to the cache kmalloc-256 of size 256
[   19.980812] The buggy address is located 5 bytes to the right of
[   19.980812]  allocated 235-byte region [fff00000c59a8c00, fff00000c59a8ceb)
[   19.981167] 
[   19.981286] The buggy address belongs to the physical page:
[   19.981466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059a8
[   19.981634] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.981776] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.981932] page_type: f5(slab)
[   19.982046] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.982164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.982276] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.982385] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.982487] head: 0bfffe0000000001 ffffc1ffc3166a01 00000000ffffffff 00000000ffffffff
[   19.982573] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.982643] page dumped because: kasan: bad access detected
[   19.982700] 
[   19.982733] Memory state around the buggy address:
[   19.982794]  fff00000c59a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.982892]  fff00000c59a8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.982979] >fff00000c59a8c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.983424]                                                              ^
[   19.983549]  fff00000c59a8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.983647]  fff00000c59a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.983723] ==================================================================
[   20.125761] ==================================================================
[   20.125927] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   20.128285] Write of size 1 at addr fff00000c76d20eb by task kunit_try_catch/170
[   20.128597] 
[   20.128698] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.129584] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.130124] Hardware name: linux,dummy-virt (DT)
[   20.130303] Call trace:
[   20.130355]  show_stack+0x20/0x38 (C)
[   20.130490]  dump_stack_lvl+0x8c/0xd0
[   20.130583]  print_report+0x118/0x608
[   20.130665]  kasan_report+0xdc/0x128
[   20.130748]  __asan_report_store1_noabort+0x20/0x30
[   20.130854]  krealloc_more_oob_helper+0x60c/0x678
[   20.132317]  krealloc_large_more_oob+0x20/0x38
[   20.132590]  kunit_try_run_case+0x170/0x3f0
[   20.132902]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.133552]  kthread+0x328/0x630
[   20.134279]  ret_from_fork+0x10/0x20
[   20.134555] 
[   20.134815] The buggy address belongs to the physical page:
[   20.135100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d0
[   20.135506] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.135617] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.135742] page_type: f8(unknown)
[   20.135828] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.136656] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.136817] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.137638] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.138306] head: 0bfffe0000000002 ffffc1ffc31db401 00000000ffffffff 00000000ffffffff
[   20.138598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.138814] page dumped because: kasan: bad access detected
[   20.138990] 
[   20.139120] Memory state around the buggy address:
[   20.139196]  fff00000c76d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.139292]  fff00000c76d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.139384] >fff00000c76d2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   20.139458]                                                           ^
[   20.139544]  fff00000c76d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.140371]  fff00000c76d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.141707] ==================================================================
[   19.960643] ==================================================================
[   19.960983] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.961154] Write of size 1 at addr fff00000c59a8ceb by task kunit_try_catch/166
[   19.961455] 
[   19.961616] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   19.961856] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.961924] Hardware name: linux,dummy-virt (DT)
[   19.962001] Call trace:
[   19.962099]  show_stack+0x20/0x38 (C)
[   19.962218]  dump_stack_lvl+0x8c/0xd0
[   19.962328]  print_report+0x118/0x608
[   19.962422]  kasan_report+0xdc/0x128
[   19.962510]  __asan_report_store1_noabort+0x20/0x30
[   19.962648]  krealloc_more_oob_helper+0x60c/0x678
[   19.962788]  krealloc_more_oob+0x20/0x38
[   19.962931]  kunit_try_run_case+0x170/0x3f0
[   19.963433]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.963584]  kthread+0x328/0x630
[   19.963694]  ret_from_fork+0x10/0x20
[   19.963888] 
[   19.963934] Allocated by task 166:
[   19.964126]  kasan_save_stack+0x3c/0x68
[   19.964502]  kasan_save_track+0x20/0x40
[   19.964633]  kasan_save_alloc_info+0x40/0x58
[   19.965216]  __kasan_krealloc+0x118/0x178
[   19.965746]  krealloc_noprof+0x128/0x360
[   19.965992]  krealloc_more_oob_helper+0x168/0x678
[   19.966110]  krealloc_more_oob+0x20/0x38
[   19.966195]  kunit_try_run_case+0x170/0x3f0
[   19.966265]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.966820]  kthread+0x328/0x630
[   19.966998]  ret_from_fork+0x10/0x20
[   19.967113] 
[   19.967279] The buggy address belongs to the object at fff00000c59a8c00
[   19.967279]  which belongs to the cache kmalloc-256 of size 256
[   19.967490] The buggy address is located 0 bytes to the right of
[   19.967490]  allocated 235-byte region [fff00000c59a8c00, fff00000c59a8ceb)
[   19.967638] 
[   19.967680] The buggy address belongs to the physical page:
[   19.968010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059a8
[   19.968325] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.968446] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.968593] page_type: f5(slab)
[   19.968695] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.968892] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.969218] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.969539] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.969841] head: 0bfffe0000000001 ffffc1ffc3166a01 00000000ffffffff 00000000ffffffff
[   19.970139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.970239] page dumped because: kasan: bad access detected
[   19.970560] 
[   19.970608] Memory state around the buggy address:
[   19.970696]  fff00000c59a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.970787]  fff00000c59a8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.970875] >fff00000c59a8c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.971136]                                                           ^
[   19.971231]  fff00000c59a8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.971356]  fff00000c59a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.971489] ==================================================================
[   20.143791] ==================================================================
[   20.143890] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   20.143997] Write of size 1 at addr fff00000c76d20f0 by task kunit_try_catch/170
[   20.145888] 
[   20.146299] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.146462] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.146514] Hardware name: linux,dummy-virt (DT)
[   20.146576] Call trace:
[   20.146620]  show_stack+0x20/0x38 (C)
[   20.146734]  dump_stack_lvl+0x8c/0xd0
[   20.146836]  print_report+0x118/0x608
[   20.146937]  kasan_report+0xdc/0x128
[   20.148935]  __asan_report_store1_noabort+0x20/0x30
[   20.149405]  krealloc_more_oob_helper+0x5c0/0x678
[   20.150113]  krealloc_large_more_oob+0x20/0x38
[   20.150321]  kunit_try_run_case+0x170/0x3f0
[   20.150984]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.151367]  kthread+0x328/0x630
[   20.151891]  ret_from_fork+0x10/0x20
[   20.152617] 
[   20.152859] The buggy address belongs to the physical page:
[   20.152931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d0
[   20.153106] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.153824] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.154284] page_type: f8(unknown)
[   20.154365] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.155099] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.155399] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.155504] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.155611] head: 0bfffe0000000002 ffffc1ffc31db401 00000000ffffffff 00000000ffffffff
[   20.155717] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.155803] page dumped because: kasan: bad access detected
[   20.155870] 
[   20.155906] Memory state around the buggy address:
[   20.155975]  fff00000c76d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.157658]  fff00000c76d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.158482] >fff00000c76d2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   20.158675]                                                              ^
[   20.158805]  fff00000c76d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.158896]  fff00000c76d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.158967] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcKukFQMOtwGu89FbiLnnYMcv

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcKukFQMOtwGu89FbiLnnYMcv

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/Image.gz
sha256sum	79b35f965911e8ff982969cf0605b0bd2094f0c42bb36563e2c84399e66104a2

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/modules.tar.xz
sha256sum	103eda217975c92326d72877fbd7b01adb7c5cccd1ce9b6932689a978eb4696f

durations

tests

boot	0
kunit	333.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.774425] ==================================================================
[   10.774792] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.775095] Write of size 1 at addr ffff888100a22af0 by task kunit_try_catch/182
[   10.775562] 
[   10.775706] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.775751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.775763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.775782] Call Trace:
[   10.775794]  <TASK>
[   10.775808]  dump_stack_lvl+0x73/0xb0
[   10.775834]  print_report+0xd1/0x650
[   10.775854]  ? __virt_addr_valid+0x1db/0x2d0
[   10.775875]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.775896]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.775920]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.775942]  kasan_report+0x141/0x180
[   10.775963]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.775990]  __asan_report_store1_noabort+0x1b/0x30
[   10.776012]  krealloc_more_oob_helper+0x7eb/0x930
[   10.776032]  ? __schedule+0x10cc/0x2b60
[   10.776106]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.776143]  ? finish_task_switch.isra.0+0x153/0x700
[   10.776164]  ? __switch_to+0x47/0xf50
[   10.776187]  ? __schedule+0x10cc/0x2b60
[   10.776222]  ? __pfx_read_tsc+0x10/0x10
[   10.776245]  krealloc_more_oob+0x1c/0x30
[   10.776266]  kunit_try_run_case+0x1a5/0x480
[   10.776299]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.776319]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.776339]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.776360]  ? __kthread_parkme+0x82/0x180
[   10.776378]  ? preempt_count_sub+0x50/0x80
[   10.776399]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.776421]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.776442]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.776463]  kthread+0x337/0x6f0
[   10.776480]  ? trace_preempt_on+0x20/0xc0
[   10.776502]  ? __pfx_kthread+0x10/0x10
[   10.776521]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.776548]  ? calculate_sigpending+0x7b/0xa0
[   10.776640]  ? __pfx_kthread+0x10/0x10
[   10.776665]  ret_from_fork+0x116/0x1d0
[   10.776684]  ? __pfx_kthread+0x10/0x10
[   10.776703]  ret_from_fork_asm+0x1a/0x30
[   10.776731]  </TASK>
[   10.776741] 
[   10.789246] Allocated by task 182:
[   10.790014]  kasan_save_stack+0x45/0x70
[   10.790367]  kasan_save_track+0x18/0x40
[   10.790981]  kasan_save_alloc_info+0x3b/0x50
[   10.791390]  __kasan_krealloc+0x190/0x1f0
[   10.791811]  krealloc_noprof+0xf3/0x340
[   10.791994]  krealloc_more_oob_helper+0x1a9/0x930
[   10.792180]  krealloc_more_oob+0x1c/0x30
[   10.792347]  kunit_try_run_case+0x1a5/0x480
[   10.792985]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.793353]  kthread+0x337/0x6f0
[   10.793740]  ret_from_fork+0x116/0x1d0
[   10.794196]  ret_from_fork_asm+0x1a/0x30
[   10.794905] 
[   10.795189] The buggy address belongs to the object at ffff888100a22a00
[   10.795189]  which belongs to the cache kmalloc-256 of size 256
[   10.796074] The buggy address is located 5 bytes to the right of
[   10.796074]  allocated 235-byte region [ffff888100a22a00, ffff888100a22aeb)
[   10.797008] 
[   10.797102] The buggy address belongs to the physical page:
[   10.797659] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22
[   10.798054] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.798626] anon flags: 0x200000000000040(head|node=0|zone=2)
[   10.799096] page_type: f5(slab)
[   10.799512] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   10.799960] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.800501] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   10.801120] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.801770] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff
[   10.802179] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.802440] page dumped because: kasan: bad access detected
[   10.802900] 
[   10.803053] Memory state around the buggy address:
[   10.803574]  ffff888100a22980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.803831]  ffff888100a22a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.804041] >ffff888100a22a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.804269]                                                              ^
[   10.804585]  ffff888100a22b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.804838]  ffff888100a22b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.805356] ==================================================================
[   10.741756] ==================================================================
[   10.743265] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.743714] Write of size 1 at addr ffff888100a22aeb by task kunit_try_catch/182
[   10.745263] 
[   10.745357] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.745629] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.745644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.745702] Call Trace:
[   10.745715]  <TASK>
[   10.745731]  dump_stack_lvl+0x73/0xb0
[   10.745760]  print_report+0xd1/0x650
[   10.745780]  ? __virt_addr_valid+0x1db/0x2d0
[   10.745801]  ? krealloc_more_oob_helper+0x821/0x930
[   10.745823]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.745847]  ? krealloc_more_oob_helper+0x821/0x930
[   10.745869]  kasan_report+0x141/0x180
[   10.745889]  ? krealloc_more_oob_helper+0x821/0x930
[   10.745915]  __asan_report_store1_noabort+0x1b/0x30
[   10.745938]  krealloc_more_oob_helper+0x821/0x930
[   10.745958]  ? __schedule+0x10cc/0x2b60
[   10.745978]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.746000]  ? finish_task_switch.isra.0+0x153/0x700
[   10.746021]  ? __switch_to+0x47/0xf50
[   10.746047]  ? __schedule+0x10cc/0x2b60
[   10.746066]  ? __pfx_read_tsc+0x10/0x10
[   10.746089]  krealloc_more_oob+0x1c/0x30
[   10.746109]  kunit_try_run_case+0x1a5/0x480
[   10.746131]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.746151]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.746192]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.746222]  ? __kthread_parkme+0x82/0x180
[   10.746242]  ? preempt_count_sub+0x50/0x80
[   10.746263]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.746285]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.746305]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.746327]  kthread+0x337/0x6f0
[   10.746345]  ? trace_preempt_on+0x20/0xc0
[   10.746367]  ? __pfx_kthread+0x10/0x10
[   10.746386]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.746405]  ? calculate_sigpending+0x7b/0xa0
[   10.746446]  ? __pfx_kthread+0x10/0x10
[   10.746465]  ret_from_fork+0x116/0x1d0
[   10.746482]  ? __pfx_kthread+0x10/0x10
[   10.746501]  ret_from_fork_asm+0x1a/0x30
[   10.746530]  </TASK>
[   10.746541] 
[   10.761085] Allocated by task 182:
[   10.761238]  kasan_save_stack+0x45/0x70
[   10.761373]  kasan_save_track+0x18/0x40
[   10.761510]  kasan_save_alloc_info+0x3b/0x50
[   10.761643]  __kasan_krealloc+0x190/0x1f0
[   10.761913]  krealloc_noprof+0xf3/0x340
[   10.762087]  krealloc_more_oob_helper+0x1a9/0x930
[   10.762408]  krealloc_more_oob+0x1c/0x30
[   10.762550]  kunit_try_run_case+0x1a5/0x480
[   10.762688]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.763134]  kthread+0x337/0x6f0
[   10.763355]  ret_from_fork+0x116/0x1d0
[   10.763534]  ret_from_fork_asm+0x1a/0x30
[   10.763708] 
[   10.763770] The buggy address belongs to the object at ffff888100a22a00
[   10.763770]  which belongs to the cache kmalloc-256 of size 256
[   10.764588] The buggy address is located 0 bytes to the right of
[   10.764588]  allocated 235-byte region [ffff888100a22a00, ffff888100a22aeb)
[   10.765223] 
[   10.765296] The buggy address belongs to the physical page:
[   10.765562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22
[   10.765976] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.766361] anon flags: 0x200000000000040(head|node=0|zone=2)
[   10.766540] page_type: f5(slab)
[   10.766731] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   10.767084] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.767541] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001
[   10.767935] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.768331] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff
[   10.769115] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.769879] page dumped because: kasan: bad access detected
[   10.770345] 
[   10.770511] Memory state around the buggy address:
[   10.770859]  ffff888100a22980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.771064]  ffff888100a22a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.771612] >ffff888100a22a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.772250]                                                           ^
[   10.772985]  ffff888100a22b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.773495]  ffff888100a22b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.773835] ==================================================================
[   10.955907] ==================================================================
[   10.956221] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.956590] Write of size 1 at addr ffff888103ab60f0 by task kunit_try_catch/186
[   10.956990] 
[   10.957073] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.957117] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.957129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.957149] Call Trace:
[   10.957161]  <TASK>
[   10.957174]  dump_stack_lvl+0x73/0xb0
[   10.957200]  print_report+0xd1/0x650
[   10.957233]  ? __virt_addr_valid+0x1db/0x2d0
[   10.957254]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.957276]  ? kasan_addr_to_slab+0x11/0xa0
[   10.957295]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.957316]  kasan_report+0x141/0x180
[   10.957337]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.957364]  __asan_report_store1_noabort+0x1b/0x30
[   10.957387]  krealloc_more_oob_helper+0x7eb/0x930
[   10.957407]  ? __schedule+0x10cc/0x2b60
[   10.957428]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.957450]  ? finish_task_switch.isra.0+0x153/0x700
[   10.957470]  ? __switch_to+0x47/0xf50
[   10.957494]  ? __schedule+0x10cc/0x2b60
[   10.957513]  ? __pfx_read_tsc+0x10/0x10
[   10.957536]  krealloc_large_more_oob+0x1c/0x30
[   10.957557]  kunit_try_run_case+0x1a5/0x480
[   10.957580]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.957601]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.957622]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.957643]  ? __kthread_parkme+0x82/0x180
[   10.957662]  ? preempt_count_sub+0x50/0x80
[   10.957683]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.957706]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.957727]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.957748]  kthread+0x337/0x6f0
[   10.957766]  ? trace_preempt_on+0x20/0xc0
[   10.957788]  ? __pfx_kthread+0x10/0x10
[   10.957807]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.957826]  ? calculate_sigpending+0x7b/0xa0
[   10.957849]  ? __pfx_kthread+0x10/0x10
[   10.957869]  ret_from_fork+0x116/0x1d0
[   10.957887]  ? __pfx_kthread+0x10/0x10
[   10.957906]  ret_from_fork_asm+0x1a/0x30
[   10.957934]  </TASK>
[   10.957944] 
[   10.965823] The buggy address belongs to the physical page:
[   10.966054] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab4
[   10.966423] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.966696] flags: 0x200000000000040(head|node=0|zone=2)
[   10.966940] page_type: f8(unknown)
[   10.967108] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.967481] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   10.967790] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.968078] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   10.968391] head: 0200000000000002 ffffea00040ead01 00000000ffffffff 00000000ffffffff
[   10.968864] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.969180] page dumped because: kasan: bad access detected
[   10.969368] 
[   10.969430] Memory state around the buggy address:
[   10.969575]  ffff888103ab5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.969782]  ffff888103ab6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.970323] >ffff888103ab6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.970548]                                                              ^
[   10.970745]  ffff888103ab6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.970952]  ffff888103ab6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.971159] ==================================================================
[   10.934618] ==================================================================
[   10.935054] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.935658] Write of size 1 at addr ffff888103ab60eb by task kunit_try_catch/186
[   10.935963] 
[   10.936070] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.936117] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.936130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.936149] Call Trace:
[   10.936163]  <TASK>
[   10.936179]  dump_stack_lvl+0x73/0xb0
[   10.936217]  print_report+0xd1/0x650
[   10.936238]  ? __virt_addr_valid+0x1db/0x2d0
[   10.936260]  ? krealloc_more_oob_helper+0x821/0x930
[   10.936283]  ? kasan_addr_to_slab+0x11/0xa0
[   10.936302]  ? krealloc_more_oob_helper+0x821/0x930
[   10.936324]  kasan_report+0x141/0x180
[   10.936344]  ? krealloc_more_oob_helper+0x821/0x930
[   10.936370]  __asan_report_store1_noabort+0x1b/0x30
[   10.936393]  krealloc_more_oob_helper+0x821/0x930
[   10.936414]  ? __schedule+0x10cc/0x2b60
[   10.936435]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.936458]  ? finish_task_switch.isra.0+0x153/0x700
[   10.936479]  ? __switch_to+0x47/0xf50
[   10.936504]  ? __schedule+0x10cc/0x2b60
[   10.936523]  ? __pfx_read_tsc+0x10/0x10
[   10.936546]  krealloc_large_more_oob+0x1c/0x30
[   10.936567]  kunit_try_run_case+0x1a5/0x480
[   10.936589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.936610]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.936631]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.936659]  ? __kthread_parkme+0x82/0x180
[   10.936678]  ? preempt_count_sub+0x50/0x80
[   10.936700]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.936723]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.936747]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.936769]  kthread+0x337/0x6f0
[   10.936789]  ? trace_preempt_on+0x20/0xc0
[   10.936811]  ? __pfx_kthread+0x10/0x10
[   10.936830]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.936849]  ? calculate_sigpending+0x7b/0xa0
[   10.936873]  ? __pfx_kthread+0x10/0x10
[   10.936893]  ret_from_fork+0x116/0x1d0
[   10.936910]  ? __pfx_kthread+0x10/0x10
[   10.936929]  ret_from_fork_asm+0x1a/0x30
[   10.936957]  </TASK>
[   10.936968] 
[   10.947171] The buggy address belongs to the physical page:
[   10.947550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab4
[   10.947878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.948382] flags: 0x200000000000040(head|node=0|zone=2)
[   10.948747] page_type: f8(unknown)
[   10.949158] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.949660] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   10.950115] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.950742] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   10.951056] head: 0200000000000002 ffffea00040ead01 00000000ffffffff 00000000ffffffff
[   10.951550] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.951892] page dumped because: kasan: bad access detected
[   10.952266] 
[   10.952360] Memory state around the buggy address:
[   10.952914]  ffff888103ab5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.953380]  ffff888103ab6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.954051] >ffff888103ab6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.954355]                                                           ^
[   10.954750]  ffff888103ab6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.955047]  ffff888103ab6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.955361] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcLjszgvK081YlwHCPjcp2e2j

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcLjszgvK081YlwHCPjcp2e2j

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/bzImage
sha256sum	080c75ae0012d41783d523aad25761b97c23573ef70fd83b5b4ab34093a5f110

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/modules.tar.xz
sha256sum	7b460ce6a60b82c553c794703a10ad3e9db2ff894128eec130bd388dacdd428e

durations

tests

boot	0
kunit	123.89

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit