lkft/linux-next-master - next-20250620 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 20, 2025, 12:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   31.633461] ==================================================================
[   31.633658] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   31.633832] Write of size 1 at addr fff00000c60720eb by task kunit_try_catch/171
[   31.633997] 
[   31.634094] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.634366] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.634438] Hardware name: linux,dummy-virt (DT)
[   31.634518] Call trace:
[   31.634815]  show_stack+0x20/0x38 (C)
[   31.634955]  dump_stack_lvl+0x8c/0xd0
[   31.635069]  print_report+0x118/0x608
[   31.635130]  kasan_report+0xdc/0x128
[   31.635181]  __asan_report_store1_noabort+0x20/0x30
[   31.635274]  krealloc_more_oob_helper+0x60c/0x678
[   31.635336]  krealloc_large_more_oob+0x20/0x38
[   31.635389]  kunit_try_run_case+0x170/0x3f0
[   31.635467]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.635528]  kthread+0x328/0x630
[   31.635575]  ret_from_fork+0x10/0x20
[   31.635655] 
[   31.635686] The buggy address belongs to the physical page:
[   31.635725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070
[   31.635789] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.635843] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.635911] page_type: f8(unknown)
[   31.635964] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.636021] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.636077] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.636130] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.636184] head: 0bfffe0000000002 ffffc1ffc3181c01 00000000ffffffff 00000000ffffffff
[   31.636238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.636283] page dumped because: kasan: bad access detected
[   31.636417] 
[   31.636491] Memory state around the buggy address:
[   31.636677]  fff00000c6071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.636897]  fff00000c6072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.637124] >fff00000c6072080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   31.637861]                                                           ^
[   31.637999]  fff00000c6072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.638116]  fff00000c6072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.638216] ==================================================================
[   31.488270] ==================================================================
[   31.488522] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   31.488664] Write of size 1 at addr fff00000c4496cf0 by task kunit_try_catch/167
[   31.488771] 
[   31.488852] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.489327] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.489695] Hardware name: linux,dummy-virt (DT)
[   31.489802] Call trace:
[   31.489928]  show_stack+0x20/0x38 (C)
[   31.490082]  dump_stack_lvl+0x8c/0xd0
[   31.490254]  print_report+0x118/0x608
[   31.490364]  kasan_report+0xdc/0x128
[   31.490898]  __asan_report_store1_noabort+0x20/0x30
[   31.491100]  krealloc_more_oob_helper+0x5c0/0x678
[   31.491311]  krealloc_more_oob+0x20/0x38
[   31.491488]  kunit_try_run_case+0x170/0x3f0
[   31.491696]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.491835]  kthread+0x328/0x630
[   31.491937]  ret_from_fork+0x10/0x20
[   31.492064] 
[   31.492112] Allocated by task 167:
[   31.492183]  kasan_save_stack+0x3c/0x68
[   31.492564]  kasan_save_track+0x20/0x40
[   31.492796]  kasan_save_alloc_info+0x40/0x58
[   31.492974]  __kasan_krealloc+0x118/0x178
[   31.493138]  krealloc_noprof+0x128/0x360
[   31.493415]  krealloc_more_oob_helper+0x168/0x678
[   31.493505]  krealloc_more_oob+0x20/0x38
[   31.493585]  kunit_try_run_case+0x170/0x3f0
[   31.493852]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.494076]  kthread+0x328/0x630
[   31.494178]  ret_from_fork+0x10/0x20
[   31.494350] 
[   31.494416] The buggy address belongs to the object at fff00000c4496c00
[   31.494416]  which belongs to the cache kmalloc-256 of size 256
[   31.494639] The buggy address is located 5 bytes to the right of
[   31.494639]  allocated 235-byte region [fff00000c4496c00, fff00000c4496ceb)
[   31.494895] 
[   31.495302] The buggy address belongs to the physical page:
[   31.495525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104496
[   31.495707] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.495914] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.496140] page_type: f5(slab)
[   31.496320] raw: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.496461] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.496567] head: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.496672] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.496768] head: 0bfffe0000000001 ffffc1ffc3112581 00000000ffffffff 00000000ffffffff
[   31.496876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.496979] page dumped because: kasan: bad access detected
[   31.497341] 
[   31.497404] Memory state around the buggy address:
[   31.497561]  fff00000c4496b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.497754]  fff00000c4496c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.498121] >fff00000c4496c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   31.498383]                                                              ^
[   31.498499]  fff00000c4496d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.498821]  fff00000c4496d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.498912] ==================================================================
[   31.473754] ==================================================================
[   31.473960] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   31.474108] Write of size 1 at addr fff00000c4496ceb by task kunit_try_catch/167
[   31.474218] 
[   31.474303] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.474538] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.474630] Hardware name: linux,dummy-virt (DT)
[   31.474713] Call trace:
[   31.474966]  show_stack+0x20/0x38 (C)
[   31.475127]  dump_stack_lvl+0x8c/0xd0
[   31.475245]  print_report+0x118/0x608
[   31.475351]  kasan_report+0xdc/0x128
[   31.475637]  __asan_report_store1_noabort+0x20/0x30
[   31.475772]  krealloc_more_oob_helper+0x60c/0x678
[   31.475896]  krealloc_more_oob+0x20/0x38
[   31.476009]  kunit_try_run_case+0x170/0x3f0
[   31.476128]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.476253]  kthread+0x328/0x630
[   31.476345]  ret_from_fork+0x10/0x20
[   31.476460] 
[   31.476898] Allocated by task 167:
[   31.476996]  kasan_save_stack+0x3c/0x68
[   31.477107]  kasan_save_track+0x20/0x40
[   31.477277]  kasan_save_alloc_info+0x40/0x58
[   31.477400]  __kasan_krealloc+0x118/0x178
[   31.477501]  krealloc_noprof+0x128/0x360
[   31.477817]  krealloc_more_oob_helper+0x168/0x678
[   31.478146]  krealloc_more_oob+0x20/0x38
[   31.478286]  kunit_try_run_case+0x170/0x3f0
[   31.478431]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.478976]  kthread+0x328/0x630
[   31.479092]  ret_from_fork+0x10/0x20
[   31.479244] 
[   31.479307] The buggy address belongs to the object at fff00000c4496c00
[   31.479307]  which belongs to the cache kmalloc-256 of size 256
[   31.479537] The buggy address is located 0 bytes to the right of
[   31.479537]  allocated 235-byte region [fff00000c4496c00, fff00000c4496ceb)
[   31.479966] 
[   31.480405] The buggy address belongs to the physical page:
[   31.480509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104496
[   31.481036] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.481173] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.481553] page_type: f5(slab)
[   31.481967] raw: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.482256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.482450] head: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.482781] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.483141] head: 0bfffe0000000001 ffffc1ffc3112581 00000000ffffffff 00000000ffffffff
[   31.483334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.483566] page dumped because: kasan: bad access detected
[   31.483678] 
[   31.483727] Memory state around the buggy address:
[   31.483808]  fff00000c4496b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.483923]  fff00000c4496c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.484035] >fff00000c4496c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   31.484134]                                                           ^
[   31.484768]  fff00000c4496d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.484999]  fff00000c4496d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.485119] ==================================================================
[   31.639198] ==================================================================
[   31.639983] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   31.640453] Write of size 1 at addr fff00000c60720f0 by task kunit_try_catch/171
[   31.640558] 
[   31.640646] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.642059] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.642143] Hardware name: linux,dummy-virt (DT)
[   31.642224] Call trace:
[   31.642281]  show_stack+0x20/0x38 (C)
[   31.642412]  dump_stack_lvl+0x8c/0xd0
[   31.644197]  print_report+0x118/0x608
[   31.645359]  kasan_report+0xdc/0x128
[   31.645601]  __asan_report_store1_noabort+0x20/0x30
[   31.646129]  krealloc_more_oob_helper+0x5c0/0x678
[   31.646468]  krealloc_large_more_oob+0x20/0x38
[   31.647208]  kunit_try_run_case+0x170/0x3f0
[   31.647621]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.648349]  kthread+0x328/0x630
[   31.649080]  ret_from_fork+0x10/0x20
[   31.649360] 
[   31.649415] The buggy address belongs to the physical page:
[   31.649877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070
[   31.650359] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.650765] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.650915] page_type: f8(unknown)
[   31.651023] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.652400] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.653025] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.653728] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.653893] head: 0bfffe0000000002 ffffc1ffc3181c01 00000000ffffffff 00000000ffffffff
[   31.654560] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.654844] page dumped because: kasan: bad access detected
[   31.654925] 
[   31.655640] Memory state around the buggy address:
[   31.655961]  fff00000c6071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.656411]  fff00000c6072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.656886] >fff00000c6072080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   31.657178]                                                              ^
[   31.657397]  fff00000c6072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.657638]  fff00000c6072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.658174] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ylxeu6IO0JXwDBBfpeBJndyVOz

job_id

TEST:linaro@lkft#2ylxknDmzqBc7l7AJ73lkzQwChd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ylxknDmzqBc7l7AJ73lkzQwChd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxgYId6JcqlbNdF5Ou1na1u7V/Image.gz
sha256sum	16e81c2ed2a17916f19db760d3a7c856b75ce2c5efeb6f59660648808e3ea09c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxgYId6JcqlbNdF5Ou1na1u7V/modules.tar.xz
sha256sum	cec40e0efa28ebd64355a818786c4419f9e1a0e9c486afe0449163fd13fe0a7d

durations

tests

boot	0
kunit	348.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.970393] ==================================================================
[   24.971493] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.971899] Write of size 1 at addr ffff888100a1bceb by task kunit_try_catch/185
[   24.972667] 
[   24.973346] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   24.973482] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.973511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.973555] Call Trace:
[   24.973582]  <TASK>
[   24.973617]  dump_stack_lvl+0x73/0xb0
[   24.973687]  print_report+0xd1/0x650
[   24.973730]  ? __virt_addr_valid+0x1db/0x2d0
[   24.973771]  ? krealloc_more_oob_helper+0x821/0x930
[   24.973809]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.973855]  ? krealloc_more_oob_helper+0x821/0x930
[   24.973895]  kasan_report+0x141/0x180
[   24.973931]  ? krealloc_more_oob_helper+0x821/0x930
[   24.973974]  __asan_report_store1_noabort+0x1b/0x30
[   24.974013]  krealloc_more_oob_helper+0x821/0x930
[   24.974065]  ? __schedule+0x10cc/0x2b60
[   24.974112]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.974156]  ? finish_task_switch.isra.0+0x153/0x700
[   24.974195]  ? __switch_to+0x47/0xf50
[   24.974225]  ? __schedule+0x10cc/0x2b60
[   24.974248]  ? __pfx_read_tsc+0x10/0x10
[   24.974275]  krealloc_more_oob+0x1c/0x30
[   24.974297]  kunit_try_run_case+0x1a5/0x480
[   24.974323]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.974346]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.974369]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.974392]  ? __kthread_parkme+0x82/0x180
[   24.974414]  ? preempt_count_sub+0x50/0x80
[   24.974438]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.974489]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.974514]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.974537]  kthread+0x337/0x6f0
[   24.974570]  ? trace_preempt_on+0x20/0xc0
[   24.974609]  ? __pfx_kthread+0x10/0x10
[   24.974644]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.974673]  ? calculate_sigpending+0x7b/0xa0
[   24.974698]  ? __pfx_kthread+0x10/0x10
[   24.974720]  ret_from_fork+0x116/0x1d0
[   24.974740]  ? __pfx_kthread+0x10/0x10
[   24.974762]  ret_from_fork_asm+0x1a/0x30
[   24.974794]  </TASK>
[   24.974807] 
[   24.987751] Allocated by task 185:
[   24.988187]  kasan_save_stack+0x45/0x70
[   24.988682]  kasan_save_track+0x18/0x40
[   24.988951]  kasan_save_alloc_info+0x3b/0x50
[   24.989276]  __kasan_krealloc+0x190/0x1f0
[   24.989606]  krealloc_noprof+0xf3/0x340
[   24.989965]  krealloc_more_oob_helper+0x1a9/0x930
[   24.990617]  krealloc_more_oob+0x1c/0x30
[   24.991361]  kunit_try_run_case+0x1a5/0x480
[   24.991604]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.992392]  kthread+0x337/0x6f0
[   24.992764]  ret_from_fork+0x116/0x1d0
[   24.992988]  ret_from_fork_asm+0x1a/0x30
[   24.993282] 
[   24.993463] The buggy address belongs to the object at ffff888100a1bc00
[   24.993463]  which belongs to the cache kmalloc-256 of size 256
[   24.994127] The buggy address is located 0 bytes to the right of
[   24.994127]  allocated 235-byte region [ffff888100a1bc00, ffff888100a1bceb)
[   24.995487] 
[   24.995660] The buggy address belongs to the physical page:
[   24.995910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1a
[   24.996946] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.997329] flags: 0x200000000000040(head|node=0|zone=2)
[   24.997868] page_type: f5(slab)
[   24.998288] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.998984] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.999718] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   25.000361] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.001065] head: 0200000000000001 ffffea0004028681 00000000ffffffff 00000000ffffffff
[   25.001778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.002377] page dumped because: kasan: bad access detected
[   25.002882] 
[   25.003000] Memory state around the buggy address:
[   25.003656]  ffff888100a1bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.004335]  ffff888100a1bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.004585] >ffff888100a1bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.005062]                                                           ^
[   25.005571]  ffff888100a1bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.006183]  ffff888100a1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.006573] ==================================================================
[   25.284183] ==================================================================
[   25.284522] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   25.284846] Write of size 1 at addr ffff888102af60f0 by task kunit_try_catch/189
[   25.286174] 
[   25.286426] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.286571] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.286603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.286644] Call Trace:
[   25.286680]  <TASK>
[   25.286720]  dump_stack_lvl+0x73/0xb0
[   25.286805]  print_report+0xd1/0x650
[   25.286873]  ? __virt_addr_valid+0x1db/0x2d0
[   25.286920]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.286966]  ? kasan_addr_to_slab+0x11/0xa0
[   25.287008]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.287066]  kasan_report+0x141/0x180
[   25.287114]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.287225]  __asan_report_store1_noabort+0x1b/0x30
[   25.287278]  krealloc_more_oob_helper+0x7eb/0x930
[   25.287330]  ? __schedule+0x10cc/0x2b60
[   25.287382]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.287460]  ? finish_task_switch.isra.0+0x153/0x700
[   25.287504]  ? __switch_to+0x47/0xf50
[   25.287549]  ? __schedule+0x10cc/0x2b60
[   25.287573]  ? __pfx_read_tsc+0x10/0x10
[   25.287600]  krealloc_large_more_oob+0x1c/0x30
[   25.287625]  kunit_try_run_case+0x1a5/0x480
[   25.287653]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.287676]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.287700]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.287724]  ? __kthread_parkme+0x82/0x180
[   25.287746]  ? preempt_count_sub+0x50/0x80
[   25.287770]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.287795]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.287820]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.287845]  kthread+0x337/0x6f0
[   25.287866]  ? trace_preempt_on+0x20/0xc0
[   25.287891]  ? __pfx_kthread+0x10/0x10
[   25.287913]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.287936]  ? calculate_sigpending+0x7b/0xa0
[   25.287961]  ? __pfx_kthread+0x10/0x10
[   25.287984]  ret_from_fork+0x116/0x1d0
[   25.288004]  ? __pfx_kthread+0x10/0x10
[   25.288026]  ret_from_fork_asm+0x1a/0x30
[   25.288059]  </TASK>
[   25.288072] 
[   25.300201] The buggy address belongs to the physical page:
[   25.300657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af4
[   25.301123] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.301653] flags: 0x200000000000040(head|node=0|zone=2)
[   25.302092] page_type: f8(unknown)
[   25.302415] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.302921] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.303432] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.303729] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.304362] head: 0200000000000002 ffffea00040abd01 00000000ffffffff 00000000ffffffff
[   25.304953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.305433] page dumped because: kasan: bad access detected
[   25.305808] 
[   25.305909] Memory state around the buggy address:
[   25.306248]  ffff888102af5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.306665]  ffff888102af6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.306923] >ffff888102af6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.307415]                                                              ^
[   25.307925]  ffff888102af6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.308387]  ffff888102af6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.308869] ==================================================================
[   25.257110] ==================================================================
[   25.257620] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   25.258382] Write of size 1 at addr ffff888102af60eb by task kunit_try_catch/189
[   25.259392] 
[   25.259613] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.259704] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.259721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.259747] Call Trace:
[   25.259766]  <TASK>
[   25.259790]  dump_stack_lvl+0x73/0xb0
[   25.259846]  print_report+0xd1/0x650
[   25.259907]  ? __virt_addr_valid+0x1db/0x2d0
[   25.259962]  ? krealloc_more_oob_helper+0x821/0x930
[   25.260008]  ? kasan_addr_to_slab+0x11/0xa0
[   25.260050]  ? krealloc_more_oob_helper+0x821/0x930
[   25.260088]  kasan_report+0x141/0x180
[   25.260130]  ? krealloc_more_oob_helper+0x821/0x930
[   25.260205]  __asan_report_store1_noabort+0x1b/0x30
[   25.260259]  krealloc_more_oob_helper+0x821/0x930
[   25.260299]  ? __schedule+0x10cc/0x2b60
[   25.260325]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.260351]  ? finish_task_switch.isra.0+0x153/0x700
[   25.260377]  ? __switch_to+0x47/0xf50
[   25.260406]  ? __schedule+0x10cc/0x2b60
[   25.260429]  ? __pfx_read_tsc+0x10/0x10
[   25.260482]  krealloc_large_more_oob+0x1c/0x30
[   25.260508]  kunit_try_run_case+0x1a5/0x480
[   25.260536]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.260559]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.260584]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.260608]  ? __kthread_parkme+0x82/0x180
[   25.260630]  ? preempt_count_sub+0x50/0x80
[   25.260654]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.260679]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.260704]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.260728]  kthread+0x337/0x6f0
[   25.260749]  ? trace_preempt_on+0x20/0xc0
[   25.260776]  ? __pfx_kthread+0x10/0x10
[   25.260797]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.260820]  ? calculate_sigpending+0x7b/0xa0
[   25.260846]  ? __pfx_kthread+0x10/0x10
[   25.260868]  ret_from_fork+0x116/0x1d0
[   25.260890]  ? __pfx_kthread+0x10/0x10
[   25.260912]  ret_from_fork_asm+0x1a/0x30
[   25.260945]  </TASK>
[   25.260959] 
[   25.273448] The buggy address belongs to the physical page:
[   25.273881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af4
[   25.274398] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.275056] flags: 0x200000000000040(head|node=0|zone=2)
[   25.275392] page_type: f8(unknown)
[   25.275758] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.276296] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.276778] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.277278] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.277867] head: 0200000000000002 ffffea00040abd01 00000000ffffffff 00000000ffffffff
[   25.278389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.278873] page dumped because: kasan: bad access detected
[   25.279317] 
[   25.279436] Memory state around the buggy address:
[   25.279775]  ffff888102af5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.280178]  ffff888102af6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.280624] >ffff888102af6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.281181]                                                           ^
[   25.281544]  ffff888102af6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.281809]  ffff888102af6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.282389] ==================================================================
[   25.008091] ==================================================================
[   25.009369] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   25.010428] Write of size 1 at addr ffff888100a1bcf0 by task kunit_try_catch/185
[   25.010999] 
[   25.011258] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.011366] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.011394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.011450] Call Trace:
[   25.011491]  <TASK>
[   25.011529]  dump_stack_lvl+0x73/0xb0
[   25.011751]  print_report+0xd1/0x650
[   25.011801]  ? __virt_addr_valid+0x1db/0x2d0
[   25.011848]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.011895]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.011939]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.011982]  kasan_report+0x141/0x180
[   25.012028]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.012090]  __asan_report_store1_noabort+0x1b/0x30
[   25.012172]  krealloc_more_oob_helper+0x7eb/0x930
[   25.012216]  ? __schedule+0x10cc/0x2b60
[   25.012253]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.012278]  ? finish_task_switch.isra.0+0x153/0x700
[   25.012303]  ? __switch_to+0x47/0xf50
[   25.012332]  ? __schedule+0x10cc/0x2b60
[   25.012354]  ? __pfx_read_tsc+0x10/0x10
[   25.012380]  krealloc_more_oob+0x1c/0x30
[   25.012402]  kunit_try_run_case+0x1a5/0x480
[   25.012429]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.012474]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.012500]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.012524]  ? __kthread_parkme+0x82/0x180
[   25.012561]  ? preempt_count_sub+0x50/0x80
[   25.012639]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.012682]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.012714]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.012738]  kthread+0x337/0x6f0
[   25.012760]  ? trace_preempt_on+0x20/0xc0
[   25.012785]  ? __pfx_kthread+0x10/0x10
[   25.012807]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.012829]  ? calculate_sigpending+0x7b/0xa0
[   25.012854]  ? __pfx_kthread+0x10/0x10
[   25.012877]  ret_from_fork+0x116/0x1d0
[   25.012898]  ? __pfx_kthread+0x10/0x10
[   25.012920]  ret_from_fork_asm+0x1a/0x30
[   25.012952]  </TASK>
[   25.012966] 
[   25.027059] Allocated by task 185:
[   25.028033]  kasan_save_stack+0x45/0x70
[   25.028458]  kasan_save_track+0x18/0x40
[   25.028971]  kasan_save_alloc_info+0x3b/0x50
[   25.029262]  __kasan_krealloc+0x190/0x1f0
[   25.029625]  krealloc_noprof+0xf3/0x340
[   25.029938]  krealloc_more_oob_helper+0x1a9/0x930
[   25.030272]  krealloc_more_oob+0x1c/0x30
[   25.030542]  kunit_try_run_case+0x1a5/0x480
[   25.031074]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.031386]  kthread+0x337/0x6f0
[   25.032018]  ret_from_fork+0x116/0x1d0
[   25.032680]  ret_from_fork_asm+0x1a/0x30
[   25.033049] 
[   25.033248] The buggy address belongs to the object at ffff888100a1bc00
[   25.033248]  which belongs to the cache kmalloc-256 of size 256
[   25.034129] The buggy address is located 5 bytes to the right of
[   25.034129]  allocated 235-byte region [ffff888100a1bc00, ffff888100a1bceb)
[   25.034850] 
[   25.035019] The buggy address belongs to the physical page:
[   25.035456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1a
[   25.035924] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.036341] flags: 0x200000000000040(head|node=0|zone=2)
[   25.036877] page_type: f5(slab)
[   25.037206] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   25.038515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.039096] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   25.039490] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.040111] head: 0200000000000001 ffffea0004028681 00000000ffffffff 00000000ffffffff
[   25.040685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.041064] page dumped because: kasan: bad access detected
[   25.041363] 
[   25.041534] Memory state around the buggy address:
[   25.041991]  ffff888100a1bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.042398]  ffff888100a1bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.043430] >ffff888100a1bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.043703]                                                              ^
[   25.044296]  ffff888100a1bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.044877]  ffff888100a1bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.045292] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ylxeu6IO0JXwDBBfpeBJndyVOz

job_id

TEST:linaro@lkft#2ylxlwz5RxcyLOfJc85DXMJ1ZHa

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ylxlwz5RxcyLOfJc85DXMJ1ZHa

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxi8VBQbEeX7ahh6RQozQ3qEa/bzImage
sha256sum	45bde6c06931535c0358c3b45a949b96cf4ed89bcf19cfa2091d7ba61a28678f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxi8VBQbEeX7ahh6RQozQ3qEa/modules.tar.xz
sha256sum	78c646c5a5ca97c0ac59bb4022d308a7d957fff2cd7cba95f35c1aa1de7ed757

durations

tests

boot	0
kunit	261.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit