lkft/linux-next-master - next-20250619 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 19, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.048908] ==================================================================
[   30.049150] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.049305] Write of size 1 at addr fff00000c46d0eeb by task kunit_try_catch/167
[   30.049474] 
[   30.049566] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.049794] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.049864] Hardware name: linux,dummy-virt (DT)
[   30.049974] Call trace:
[   30.050039]  show_stack+0x20/0x38 (C)
[   30.050183]  dump_stack_lvl+0x8c/0xd0
[   30.050305]  print_report+0x118/0x608
[   30.050418]  kasan_report+0xdc/0x128
[   30.050548]  __asan_report_store1_noabort+0x20/0x30
[   30.050677]  krealloc_more_oob_helper+0x60c/0x678
[   30.050796]  krealloc_more_oob+0x20/0x38
[   30.050933]  kunit_try_run_case+0x170/0x3f0
[   30.051078]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.051218]  kthread+0x328/0x630
[   30.051359]  ret_from_fork+0x10/0x20
[   30.051493] 
[   30.051541] Allocated by task 167:
[   30.051638]  kasan_save_stack+0x3c/0x68
[   30.051733]  kasan_save_track+0x20/0x40
[   30.051805]  kasan_save_alloc_info+0x40/0x58
[   30.051888]  __kasan_krealloc+0x118/0x178
[   30.051993]  krealloc_noprof+0x128/0x360
[   30.052076]  krealloc_more_oob_helper+0x168/0x678
[   30.052165]  krealloc_more_oob+0x20/0x38
[   30.052248]  kunit_try_run_case+0x170/0x3f0
[   30.052358]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.052507]  kthread+0x328/0x630
[   30.052619]  ret_from_fork+0x10/0x20
[   30.052739] 
[   30.052807] The buggy address belongs to the object at fff00000c46d0e00
[   30.052807]  which belongs to the cache kmalloc-256 of size 256
[   30.053033] The buggy address is located 0 bytes to the right of
[   30.053033]  allocated 235-byte region [fff00000c46d0e00, fff00000c46d0eeb)
[   30.053263] 
[   30.053314] The buggy address belongs to the physical page:
[   30.053395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d0
[   30.053546] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.053680] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.053807] page_type: f5(slab)
[   30.053913] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.054026] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.054162] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.054230] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.054290] head: 0bfffe0000000001 ffffc1ffc311b401 00000000ffffffff 00000000ffffffff
[   30.054349] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.054397] page dumped because: kasan: bad access detected
[   30.054436] 
[   30.054460] Memory state around the buggy address:
[   30.054507]  fff00000c46d0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.054557]  fff00000c46d0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.054604] >fff00000c46d0e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.054645]                                                           ^
[   30.054687]  fff00000c46d0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.054734]  fff00000c46d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.054775] ==================================================================
[   30.055736] ==================================================================
[   30.055856] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.056252] Write of size 1 at addr fff00000c46d0ef0 by task kunit_try_catch/167
[   30.056374] 
[   30.056542] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.056760] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.056832] Hardware name: linux,dummy-virt (DT)
[   30.056942] Call trace:
[   30.056998]  show_stack+0x20/0x38 (C)
[   30.057120]  dump_stack_lvl+0x8c/0xd0
[   30.057238]  print_report+0x118/0x608
[   30.057351]  kasan_report+0xdc/0x128
[   30.057472]  __asan_report_store1_noabort+0x20/0x30
[   30.057618]  krealloc_more_oob_helper+0x5c0/0x678
[   30.057742]  krealloc_more_oob+0x20/0x38
[   30.057865]  kunit_try_run_case+0x170/0x3f0
[   30.058010]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.058141]  kthread+0x328/0x630
[   30.058234]  ret_from_fork+0x10/0x20
[   30.058346] 
[   30.058429] Allocated by task 167:
[   30.058685]  kasan_save_stack+0x3c/0x68
[   30.058839]  kasan_save_track+0x20/0x40
[   30.059078]  kasan_save_alloc_info+0x40/0x58
[   30.059257]  __kasan_krealloc+0x118/0x178
[   30.059419]  krealloc_noprof+0x128/0x360
[   30.059568]  krealloc_more_oob_helper+0x168/0x678
[   30.059897]  krealloc_more_oob+0x20/0x38
[   30.060134]  kunit_try_run_case+0x170/0x3f0
[   30.060224]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.060386]  kthread+0x328/0x630
[   30.060468]  ret_from_fork+0x10/0x20
[   30.060845] 
[   30.061001] The buggy address belongs to the object at fff00000c46d0e00
[   30.061001]  which belongs to the cache kmalloc-256 of size 256
[   30.061223] The buggy address is located 5 bytes to the right of
[   30.061223]  allocated 235-byte region [fff00000c46d0e00, fff00000c46d0eeb)
[   30.061664] 
[   30.061727] The buggy address belongs to the physical page:
[   30.061818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d0
[   30.062248] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.062394] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.062537] page_type: f5(slab)
[   30.062638] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.062765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.062898] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.063024] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.063151] head: 0bfffe0000000001 ffffc1ffc311b401 00000000ffffffff 00000000ffffffff
[   30.063276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.063366] page dumped because: kasan: bad access detected
[   30.063424] 
[   30.063458] Memory state around the buggy address:
[   30.063524]  fff00000c46d0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.063622]  fff00000c46d0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.063726] >fff00000c46d0e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.063822]                                                              ^
[   30.065317]  fff00000c46d0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.065474]  fff00000c46d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.065567] ==================================================================
[   30.195237] ==================================================================
[   30.195691] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.195831] Write of size 1 at addr fff00000c77020f0 by task kunit_try_catch/171
[   30.195983] 
[   30.196336] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.196898] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.196981] Hardware name: linux,dummy-virt (DT)
[   30.197074] Call trace:
[   30.197135]  show_stack+0x20/0x38 (C)
[   30.197257]  dump_stack_lvl+0x8c/0xd0
[   30.197383]  print_report+0x118/0x608
[   30.197493]  kasan_report+0xdc/0x128
[   30.198126]  __asan_report_store1_noabort+0x20/0x30
[   30.198347]  krealloc_more_oob_helper+0x5c0/0x678
[   30.199044]  krealloc_large_more_oob+0x20/0x38
[   30.199278]  kunit_try_run_case+0x170/0x3f0
[   30.199430]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.199567]  kthread+0x328/0x630
[   30.199679]  ret_from_fork+0x10/0x20
[   30.200086] 
[   30.200413] The buggy address belongs to the physical page:
[   30.200494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107700
[   30.201093] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.201229] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.201369] page_type: f8(unknown)
[   30.201627] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.201762] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.201902] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.202383] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.202804] head: 0bfffe0000000002 ffffc1ffc31dc001 00000000ffffffff 00000000ffffffff
[   30.202957] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.203402] page dumped because: kasan: bad access detected
[   30.203509] 
[   30.203559] Memory state around the buggy address:
[   30.203697]  fff00000c7701f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.203910]  fff00000c7702000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.204138] >fff00000c7702080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.204234]                                                              ^
[   30.204672]  fff00000c7702100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.204793]  fff00000c7702180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.204905] ==================================================================
[   30.182713] ==================================================================
[   30.182907] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.183077] Write of size 1 at addr fff00000c77020eb by task kunit_try_catch/171
[   30.183193] 
[   30.183286] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.183504] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.183569] Hardware name: linux,dummy-virt (DT)
[   30.183647] Call trace:
[   30.183702]  show_stack+0x20/0x38 (C)
[   30.183827]  dump_stack_lvl+0x8c/0xd0
[   30.184393]  print_report+0x118/0x608
[   30.184585]  kasan_report+0xdc/0x128
[   30.184842]  __asan_report_store1_noabort+0x20/0x30
[   30.185372]  krealloc_more_oob_helper+0x60c/0x678
[   30.185724]  krealloc_large_more_oob+0x20/0x38
[   30.186146]  kunit_try_run_case+0x170/0x3f0
[   30.186225]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.186286]  kthread+0x328/0x630
[   30.186335]  ret_from_fork+0x10/0x20
[   30.186391] 
[   30.186418] The buggy address belongs to the physical page:
[   30.186457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107700
[   30.186519] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.186571] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.186634] page_type: f8(unknown)
[   30.186684] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.186739] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.186792] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.186843] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.186935] head: 0bfffe0000000002 ffffc1ffc31dc001 00000000ffffffff 00000000ffffffff
[   30.187130] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.187344] page dumped because: kasan: bad access detected
[   30.187456] 
[   30.187584] Memory state around the buggy address:
[   30.187957]  fff00000c7701f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.189920]  fff00000c7702000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.190054] >fff00000c7702080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.190152]                                                           ^
[   30.190254]  fff00000c7702100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.191045]  fff00000c7702180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.191736] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4slvCaWR7XA8VuGcBZKW5SLX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4slvCaWR7XA8VuGcBZKW5SLX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/Image.gz
sha256sum	cb4663d0b05232347d68f7b3df67b018135c7f12ebc05b698352eab6f347f59e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/modules.tar.xz
sha256sum	9e286508840b9f94a2e5b2ba487385dccd8eb18c626ab265ff4eb5e7c0991772

durations

tests

boot	0
kunit	312.66

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   26.275385] ==================================================================
[   26.276117] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   26.276513] Write of size 1 at addr ffff8881003742f0 by task kunit_try_catch/185
[   26.277089] 
[   26.277279] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.277386] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.277413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.277460] Call Trace:
[   26.277492]  <TASK>
[   26.277531]  dump_stack_lvl+0x73/0xb0
[   26.277602]  print_report+0xd1/0x650
[   26.277652]  ? __virt_addr_valid+0x1db/0x2d0
[   26.277698]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.277744]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.277796]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.277845]  kasan_report+0x141/0x180
[   26.277892]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.277942]  __asan_report_store1_noabort+0x1b/0x30
[   26.277987]  krealloc_more_oob_helper+0x7eb/0x930
[   26.278029]  ? __schedule+0x10cc/0x2b60
[   26.278075]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.278138]  ? finish_task_switch.isra.0+0x153/0x700
[   26.278184]  ? __switch_to+0x47/0xf50
[   26.278237]  ? __schedule+0x10cc/0x2b60
[   26.278280]  ? __pfx_read_tsc+0x10/0x10
[   26.278331]  krealloc_more_oob+0x1c/0x30
[   26.278379]  kunit_try_run_case+0x1a5/0x480
[   26.278432]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.278479]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.278526]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.278576]  ? __kthread_parkme+0x82/0x180
[   26.278619]  ? preempt_count_sub+0x50/0x80
[   26.278664]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.278696]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.278722]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.278747]  kthread+0x337/0x6f0
[   26.278770]  ? trace_preempt_on+0x20/0xc0
[   26.278810]  ? __pfx_kthread+0x10/0x10
[   26.278846]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.278890]  ? calculate_sigpending+0x7b/0xa0
[   26.278965]  ? __pfx_kthread+0x10/0x10
[   26.279006]  ret_from_fork+0x116/0x1d0
[   26.279045]  ? __pfx_kthread+0x10/0x10
[   26.279083]  ret_from_fork_asm+0x1a/0x30
[   26.279157]  </TASK>
[   26.279185] 
[   26.288897] Allocated by task 185:
[   26.289292]  kasan_save_stack+0x45/0x70
[   26.289700]  kasan_save_track+0x18/0x40
[   26.290150]  kasan_save_alloc_info+0x3b/0x50
[   26.290513]  __kasan_krealloc+0x190/0x1f0
[   26.290871]  krealloc_noprof+0xf3/0x340
[   26.291229]  krealloc_more_oob_helper+0x1a9/0x930
[   26.291594]  krealloc_more_oob+0x1c/0x30
[   26.291802]  kunit_try_run_case+0x1a5/0x480
[   26.292259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.292501]  kthread+0x337/0x6f0
[   26.292674]  ret_from_fork+0x116/0x1d0
[   26.292999]  ret_from_fork_asm+0x1a/0x30
[   26.293361] 
[   26.293527] The buggy address belongs to the object at ffff888100374200
[   26.293527]  which belongs to the cache kmalloc-256 of size 256
[   26.294307] The buggy address is located 5 bytes to the right of
[   26.294307]  allocated 235-byte region [ffff888100374200, ffff8881003742eb)
[   26.295082] 
[   26.295274] The buggy address belongs to the physical page:
[   26.295637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374
[   26.296053] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.296352] flags: 0x200000000000040(head|node=0|zone=2)
[   26.296603] page_type: f5(slab)
[   26.296785] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.297082] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.297384] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.297913] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.298522] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff
[   26.299302] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.299935] page dumped because: kasan: bad access detected
[   26.300356] 
[   26.300529] Memory state around the buggy address:
[   26.300965]  ffff888100374180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.301546]  ffff888100374200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.301938] >ffff888100374280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.302395]                                                              ^
[   26.302675]  ffff888100374300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.302955]  ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.303564] ==================================================================
[   26.520899] ==================================================================
[   26.521509] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   26.522378] Write of size 1 at addr ffff888102aea0eb by task kunit_try_catch/189
[   26.522743] 
[   26.522886] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.522965] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.522980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.523006] Call Trace:
[   26.523025]  <TASK>
[   26.523050]  dump_stack_lvl+0x73/0xb0
[   26.523094]  print_report+0xd1/0x650
[   26.523141]  ? __virt_addr_valid+0x1db/0x2d0
[   26.523169]  ? krealloc_more_oob_helper+0x821/0x930
[   26.523193]  ? kasan_addr_to_slab+0x11/0xa0
[   26.523215]  ? krealloc_more_oob_helper+0x821/0x930
[   26.523239]  kasan_report+0x141/0x180
[   26.523262]  ? krealloc_more_oob_helper+0x821/0x930
[   26.523291]  __asan_report_store1_noabort+0x1b/0x30
[   26.523317]  krealloc_more_oob_helper+0x821/0x930
[   26.523340]  ? __schedule+0x10cc/0x2b60
[   26.523364]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.523388]  ? finish_task_switch.isra.0+0x153/0x700
[   26.523413]  ? __switch_to+0x47/0xf50
[   26.523440]  ? __schedule+0x10cc/0x2b60
[   26.523463]  ? __pfx_read_tsc+0x10/0x10
[   26.523489]  krealloc_large_more_oob+0x1c/0x30
[   26.523512]  kunit_try_run_case+0x1a5/0x480
[   26.523540]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.523562]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.523586]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.523610]  ? __kthread_parkme+0x82/0x180
[   26.523632]  ? preempt_count_sub+0x50/0x80
[   26.523656]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.523680]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.523704]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.523727]  kthread+0x337/0x6f0
[   26.523748]  ? trace_preempt_on+0x20/0xc0
[   26.523774]  ? __pfx_kthread+0x10/0x10
[   26.523796]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.523819]  ? calculate_sigpending+0x7b/0xa0
[   26.523844]  ? __pfx_kthread+0x10/0x10
[   26.523867]  ret_from_fork+0x116/0x1d0
[   26.523887]  ? __pfx_kthread+0x10/0x10
[   26.523917]  ret_from_fork_asm+0x1a/0x30
[   26.523957]  </TASK>
[   26.523970] 
[   26.536756] The buggy address belongs to the physical page:
[   26.537465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae8
[   26.537893] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.538176] flags: 0x200000000000040(head|node=0|zone=2)
[   26.538466] page_type: f8(unknown)
[   26.538677] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.540212] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.540476] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.541727] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.542161] head: 0200000000000002 ffffea00040aba01 00000000ffffffff 00000000ffffffff
[   26.542673] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.543280] page dumped because: kasan: bad access detected
[   26.543749] 
[   26.544130] Memory state around the buggy address:
[   26.544377]  ffff888102ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.544829]  ffff888102aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.545280] >ffff888102aea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.545648]                                                           ^
[   26.546616]  ffff888102aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.546982]  ffff888102aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.547333] ==================================================================
[   26.549374] ==================================================================
[   26.549862] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   26.550443] Write of size 1 at addr ffff888102aea0f0 by task kunit_try_catch/189
[   26.550745] 
[   26.551187] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.551285] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.551305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.551341] Call Trace:
[   26.551380]  <TASK>
[   26.551415]  dump_stack_lvl+0x73/0xb0
[   26.551475]  print_report+0xd1/0x650
[   26.551512]  ? __virt_addr_valid+0x1db/0x2d0
[   26.551547]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.551583]  ? kasan_addr_to_slab+0x11/0xa0
[   26.551615]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.551650]  kasan_report+0x141/0x180
[   26.551684]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.551724]  __asan_report_store1_noabort+0x1b/0x30
[   26.551760]  krealloc_more_oob_helper+0x7eb/0x930
[   26.551794]  ? __schedule+0x10cc/0x2b60
[   26.551829]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.551865]  ? finish_task_switch.isra.0+0x153/0x700
[   26.551901]  ? __switch_to+0x47/0xf50
[   26.551973]  ? __schedule+0x10cc/0x2b60
[   26.552017]  ? __pfx_read_tsc+0x10/0x10
[   26.552061]  krealloc_large_more_oob+0x1c/0x30
[   26.552346]  kunit_try_run_case+0x1a5/0x480
[   26.552400]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.552440]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.552467]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.552490]  ? __kthread_parkme+0x82/0x180
[   26.552523]  ? preempt_count_sub+0x50/0x80
[   26.552565]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.552609]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.552654]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.552702]  kthread+0x337/0x6f0
[   26.552743]  ? trace_preempt_on+0x20/0xc0
[   26.552792]  ? __pfx_kthread+0x10/0x10
[   26.552836]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.552881]  ? calculate_sigpending+0x7b/0xa0
[   26.552923]  ? __pfx_kthread+0x10/0x10
[   26.552960]  ret_from_fork+0x116/0x1d0
[   26.552996]  ? __pfx_kthread+0x10/0x10
[   26.553032]  ret_from_fork_asm+0x1a/0x30
[   26.553071]  </TASK>
[   26.553090] 
[   26.561920] The buggy address belongs to the physical page:
[   26.562381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae8
[   26.563238] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.563537] flags: 0x200000000000040(head|node=0|zone=2)
[   26.563776] page_type: f8(unknown)
[   26.563950] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.564638] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.566584] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.567312] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.567750] head: 0200000000000002 ffffea00040aba01 00000000ffffffff 00000000ffffffff
[   26.568295] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.568622] page dumped because: kasan: bad access detected
[   26.568833] 
[   26.568930] Memory state around the buggy address:
[   26.569142]  ffff888102ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.569635]  ffff888102aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.570083] >ffff888102aea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.570738]                                                              ^
[   26.571333]  ffff888102aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.571733]  ffff888102aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.572172] ==================================================================
[   26.240670] ==================================================================
[   26.241332] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   26.242283] Write of size 1 at addr ffff8881003742eb by task kunit_try_catch/185
[   26.242976] 
[   26.243147] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.243254] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.243293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.243335] Call Trace:
[   26.243375]  <TASK>
[   26.243411]  dump_stack_lvl+0x73/0xb0
[   26.243482]  print_report+0xd1/0x650
[   26.243520]  ? __virt_addr_valid+0x1db/0x2d0
[   26.243556]  ? krealloc_more_oob_helper+0x821/0x930
[   26.243596]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.243642]  ? krealloc_more_oob_helper+0x821/0x930
[   26.243689]  kasan_report+0x141/0x180
[   26.243737]  ? krealloc_more_oob_helper+0x821/0x930
[   26.243797]  __asan_report_store1_noabort+0x1b/0x30
[   26.243847]  krealloc_more_oob_helper+0x821/0x930
[   26.243885]  ? __schedule+0x10cc/0x2b60
[   26.243924]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.243969]  ? finish_task_switch.isra.0+0x153/0x700
[   26.244012]  ? __switch_to+0x47/0xf50
[   26.244061]  ? __schedule+0x10cc/0x2b60
[   26.244144]  ? __pfx_read_tsc+0x10/0x10
[   26.244195]  krealloc_more_oob+0x1c/0x30
[   26.244232]  kunit_try_run_case+0x1a5/0x480
[   26.244280]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.244322]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.244364]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.244410]  ? __kthread_parkme+0x82/0x180
[   26.244451]  ? preempt_count_sub+0x50/0x80
[   26.244505]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.244556]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.244623]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.244668]  kthread+0x337/0x6f0
[   26.244704]  ? trace_preempt_on+0x20/0xc0
[   26.244734]  ? __pfx_kthread+0x10/0x10
[   26.244757]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.244780]  ? calculate_sigpending+0x7b/0xa0
[   26.244807]  ? __pfx_kthread+0x10/0x10
[   26.244831]  ret_from_fork+0x116/0x1d0
[   26.244852]  ? __pfx_kthread+0x10/0x10
[   26.244874]  ret_from_fork_asm+0x1a/0x30
[   26.244917]  </TASK>
[   26.244937] 
[   26.255953] Allocated by task 185:
[   26.256344]  kasan_save_stack+0x45/0x70
[   26.256649]  kasan_save_track+0x18/0x40
[   26.256846]  kasan_save_alloc_info+0x3b/0x50
[   26.257045]  __kasan_krealloc+0x190/0x1f0
[   26.257437]  krealloc_noprof+0xf3/0x340
[   26.257836]  krealloc_more_oob_helper+0x1a9/0x930
[   26.258280]  krealloc_more_oob+0x1c/0x30
[   26.258658]  kunit_try_run_case+0x1a5/0x480
[   26.259083]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.259358]  kthread+0x337/0x6f0
[   26.259532]  ret_from_fork+0x116/0x1d0
[   26.259884]  ret_from_fork_asm+0x1a/0x30
[   26.260298] 
[   26.260511] The buggy address belongs to the object at ffff888100374200
[   26.260511]  which belongs to the cache kmalloc-256 of size 256
[   26.261305] The buggy address is located 0 bytes to the right of
[   26.261305]  allocated 235-byte region [ffff888100374200, ffff8881003742eb)
[   26.262049] 
[   26.262272] The buggy address belongs to the physical page:
[   26.262668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374
[   26.263155] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.263650] flags: 0x200000000000040(head|node=0|zone=2)
[   26.264080] page_type: f5(slab)
[   26.264308] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.264598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.264894] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.265610] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.266526] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff
[   26.267394] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.267922] page dumped because: kasan: bad access detected
[   26.268267] 
[   26.268379] Memory state around the buggy address:
[   26.268800]  ffff888100374180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.269347]  ffff888100374200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.269797] >ffff888100374280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.270267]                                                           ^
[   26.270722]  ffff888100374300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.271250]  ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.271750] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4tpeX02P5Qv7yMYQfk5TPyOp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4tpeX02P5Qv7yMYQfk5TPyOp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/bzImage
sha256sum	4e5e94ad4354f161d77bcbc08c44e2168e9a60b8ed77b02dccbd1516012d08e7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/modules.tar.xz
sha256sum	df747848e67907f2c678e62de10d5f90ecb5dd3d11ceec5de3846ce6e4a57e52

durations

tests

boot	0
kunit	248.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit