lkft/linux-next-master - next-20250623 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 23, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.486682] ==================================================================
[   32.486853] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   32.486990] Write of size 1 at addr fff00000c45110eb by task kunit_try_catch/168
[   32.487123] 
[   32.490405] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.490532] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.490680] Hardware name: linux,dummy-virt (DT)
[   32.490894] Call trace:
[   32.490960]  show_stack+0x20/0x38 (C)
[   32.491116]  dump_stack_lvl+0x8c/0xd0
[   32.491779]  print_report+0x118/0x608
[   32.492218]  kasan_report+0xdc/0x128
[   32.492453]  __asan_report_store1_noabort+0x20/0x30
[   32.492838]  krealloc_more_oob_helper+0x60c/0x678
[   32.493097]  krealloc_more_oob+0x20/0x38
[   32.493226]  kunit_try_run_case+0x170/0x3f0
[   32.493459]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.493657]  kthread+0x328/0x630
[   32.493826]  ret_from_fork+0x10/0x20
[   32.494042] 
[   32.494368] Allocated by task 168:
[   32.494448]  kasan_save_stack+0x3c/0x68
[   32.496209]  kasan_save_track+0x20/0x40
[   32.496320]  kasan_save_alloc_info+0x40/0x58
[   32.496487]  __kasan_krealloc+0x118/0x178
[   32.496617]  krealloc_noprof+0x128/0x360
[   32.497111]  krealloc_more_oob_helper+0x168/0x678
[   32.497211]  krealloc_more_oob+0x20/0x38
[   32.497300]  kunit_try_run_case+0x170/0x3f0
[   32.498094]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.499527]  kthread+0x328/0x630
[   32.500373]  ret_from_fork+0x10/0x20
[   32.500863] 
[   32.500945] The buggy address belongs to the object at fff00000c4511000
[   32.500945]  which belongs to the cache kmalloc-256 of size 256
[   32.501459] The buggy address is located 0 bytes to the right of
[   32.501459]  allocated 235-byte region [fff00000c4511000, fff00000c45110eb)
[   32.501608] 
[   32.501660] The buggy address belongs to the physical page:
[   32.501737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104510
[   32.501856] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.504423] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.505460] page_type: f5(slab)
[   32.505563] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.506575] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.507524] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.507656] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.507787] head: 0bfffe0000000001 ffffc1ffc3114401 00000000ffffffff 00000000ffffffff
[   32.507907] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.508118] page dumped because: kasan: bad access detected
[   32.509016] 
[   32.509573] Memory state around the buggy address:
[   32.509660]  fff00000c4510f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.509763]  fff00000c4511000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.509859] >fff00000c4511080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.510511]                                                           ^
[   32.510652]  fff00000c4511100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.510784]  fff00000c4511180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.511184] ==================================================================
[   32.653188] ==================================================================
[   32.653457] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   32.654345] Write of size 1 at addr fff00000c577e0eb by task kunit_try_catch/172
[   32.655116] 
[   32.655372] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.655957] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.656053] Hardware name: linux,dummy-virt (DT)
[   32.656355] Call trace:
[   32.656654]  show_stack+0x20/0x38 (C)
[   32.657306]  dump_stack_lvl+0x8c/0xd0
[   32.657700]  print_report+0x118/0x608
[   32.657818]  kasan_report+0xdc/0x128
[   32.658600]  __asan_report_store1_noabort+0x20/0x30
[   32.658741]  krealloc_more_oob_helper+0x60c/0x678
[   32.658886]  krealloc_large_more_oob+0x20/0x38
[   32.659018]  kunit_try_run_case+0x170/0x3f0
[   32.659164]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.659291]  kthread+0x328/0x630
[   32.660287]  ret_from_fork+0x10/0x20
[   32.660444] 
[   32.660832] The buggy address belongs to the physical page:
[   32.661380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10577c
[   32.661890] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.662678] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.663220] page_type: f8(unknown)
[   32.663319] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.663744] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.664159] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.664629] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.664749] head: 0bfffe0000000002 ffffc1ffc315df01 00000000ffffffff 00000000ffffffff
[   32.665625] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.665925] page dumped because: kasan: bad access detected
[   32.666003] 
[   32.666063] Memory state around the buggy address:
[   32.666148]  fff00000c577df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.666255]  fff00000c577e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.666358] >fff00000c577e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   32.666448]                                                           ^
[   32.666541]  fff00000c577e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.666655]  fff00000c577e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.666880] ==================================================================
[   32.514647] ==================================================================
[   32.514762] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   32.514954] Write of size 1 at addr fff00000c45110f0 by task kunit_try_catch/168
[   32.515088] 
[   32.515165] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.515398] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.515474] Hardware name: linux,dummy-virt (DT)
[   32.515750] Call trace:
[   32.515810]  show_stack+0x20/0x38 (C)
[   32.515968]  dump_stack_lvl+0x8c/0xd0
[   32.516210]  print_report+0x118/0x608
[   32.516387]  kasan_report+0xdc/0x128
[   32.516512]  __asan_report_store1_noabort+0x20/0x30
[   32.516649]  krealloc_more_oob_helper+0x5c0/0x678
[   32.516773]  krealloc_more_oob+0x20/0x38
[   32.516896]  kunit_try_run_case+0x170/0x3f0
[   32.517010]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.517156]  kthread+0x328/0x630
[   32.517265]  ret_from_fork+0x10/0x20
[   32.517413] 
[   32.517477] Allocated by task 168:
[   32.517548]  kasan_save_stack+0x3c/0x68
[   32.517653]  kasan_save_track+0x20/0x40
[   32.517764]  kasan_save_alloc_info+0x40/0x58
[   32.517850]  __kasan_krealloc+0x118/0x178
[   32.517948]  krealloc_noprof+0x128/0x360
[   32.518060]  krealloc_more_oob_helper+0x168/0x678
[   32.518172]  krealloc_more_oob+0x20/0x38
[   32.518344]  kunit_try_run_case+0x170/0x3f0
[   32.518483]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.519013]  kthread+0x328/0x630
[   32.519147]  ret_from_fork+0x10/0x20
[   32.519241] 
[   32.519289] The buggy address belongs to the object at fff00000c4511000
[   32.519289]  which belongs to the cache kmalloc-256 of size 256
[   32.519438] The buggy address is located 5 bytes to the right of
[   32.519438]  allocated 235-byte region [fff00000c4511000, fff00000c45110eb)
[   32.519690] 
[   32.519871] The buggy address belongs to the physical page:
[   32.519962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104510
[   32.520115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.520339] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.520560] page_type: f5(slab)
[   32.520707] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.520960] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.521112] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.521230] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.521399] head: 0bfffe0000000001 ffffc1ffc3114401 00000000ffffffff 00000000ffffffff
[   32.522648] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.522711] page dumped because: kasan: bad access detected
[   32.522758] 
[   32.522780] Memory state around the buggy address:
[   32.522844]  fff00000c4510f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.522921]  fff00000c4511000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.522972] >fff00000c4511080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.523015]                                                              ^
[   32.523187]  fff00000c4511100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.523481]  fff00000c4511180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.524007] ==================================================================
[   32.668599] ==================================================================
[   32.668719] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   32.668955] Write of size 1 at addr fff00000c577e0f0 by task kunit_try_catch/172
[   32.669184] 
[   32.669363] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.669871] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.670049] Hardware name: linux,dummy-virt (DT)
[   32.670140] Call trace:
[   32.670256]  show_stack+0x20/0x38 (C)
[   32.670382]  dump_stack_lvl+0x8c/0xd0
[   32.670642]  print_report+0x118/0x608
[   32.670777]  kasan_report+0xdc/0x128
[   32.670931]  __asan_report_store1_noabort+0x20/0x30
[   32.671080]  krealloc_more_oob_helper+0x5c0/0x678
[   32.671241]  krealloc_large_more_oob+0x20/0x38
[   32.671473]  kunit_try_run_case+0x170/0x3f0
[   32.671695]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.671830]  kthread+0x328/0x630
[   32.671961]  ret_from_fork+0x10/0x20
[   32.672242] 
[   32.672340] The buggy address belongs to the physical page:
[   32.672415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10577c
[   32.672682] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.672792] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.672941] page_type: f8(unknown)
[   32.673207] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.673484] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.673685] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.673796] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.673907] head: 0bfffe0000000002 ffffc1ffc315df01 00000000ffffffff 00000000ffffffff
[   32.674018] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.674131] page dumped because: kasan: bad access detected
[   32.674210] 
[   32.674328] Memory state around the buggy address:
[   32.674530]  fff00000c577df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.674693]  fff00000c577e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.674987] >fff00000c577e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   32.675126]                                                              ^
[   32.675235]  fff00000c577e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.675380]  fff00000c577e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.675547] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmtaMTLcPEn4w4FcozR6WSC8v

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmtaMTLcPEn4w4FcozR6WSC8v

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/Image.gz
sha256sum	8babb9b25d008158739b204767b25f2683bd6714a94fb69277dbb95712e03026

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/modules.tar.xz
sha256sum	6a716a814d9729621b3aef13f694d9d6b53e23d3c12c6a026a54d81f80d3f12c

durations

tests

boot	0
kunit	290.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   21.493273] ==================================================================
[   21.493698] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   21.494171] Write of size 1 at addr ffff8881029920eb by task kunit_try_catch/189
[   21.494674] 
[   21.494792] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.494902] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.494925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.494960] Call Trace:
[   21.494986]  <TASK>
[   21.495014]  dump_stack_lvl+0x73/0xb0
[   21.495066]  print_report+0xd1/0x650
[   21.495097]  ? __virt_addr_valid+0x1db/0x2d0
[   21.495132]  ? krealloc_more_oob_helper+0x821/0x930
[   21.495168]  ? kasan_addr_to_slab+0x11/0xa0
[   21.495202]  ? krealloc_more_oob_helper+0x821/0x930
[   21.495239]  kasan_report+0x141/0x180
[   21.495278]  ? krealloc_more_oob_helper+0x821/0x930
[   21.495323]  __asan_report_store1_noabort+0x1b/0x30
[   21.495360]  krealloc_more_oob_helper+0x821/0x930
[   21.495411]  ? __schedule+0x10cc/0x2b60
[   21.495448]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.495487]  ? finish_task_switch.isra.0+0x153/0x700
[   21.495522]  ? __switch_to+0x47/0xf50
[   21.495560]  ? __schedule+0x10cc/0x2b60
[   21.495578]  ? __pfx_read_tsc+0x10/0x10
[   21.495599]  krealloc_large_more_oob+0x1c/0x30
[   21.495617]  kunit_try_run_case+0x1a5/0x480
[   21.495637]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.495655]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.495673]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.495692]  ? __kthread_parkme+0x82/0x180
[   21.495708]  ? preempt_count_sub+0x50/0x80
[   21.495727]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.495746]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.495764]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.495783]  kthread+0x337/0x6f0
[   21.495799]  ? trace_preempt_on+0x20/0xc0
[   21.495817]  ? __pfx_kthread+0x10/0x10
[   21.495839]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.495891]  ? calculate_sigpending+0x7b/0xa0
[   21.495922]  ? __pfx_kthread+0x10/0x10
[   21.495955]  ret_from_fork+0x116/0x1d0
[   21.495984]  ? __pfx_kthread+0x10/0x10
[   21.496015]  ret_from_fork_asm+0x1a/0x30
[   21.496067]  </TASK>
[   21.496089] 
[   21.507289] The buggy address belongs to the physical page:
[   21.507614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102990
[   21.508418] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.508709] flags: 0x200000000000040(head|node=0|zone=2)
[   21.509051] page_type: f8(unknown)
[   21.509259] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.509537] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.509952] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.510301] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.510702] head: 0200000000000002 ffffea00040a6401 00000000ffffffff 00000000ffffffff
[   21.510984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.511428] page dumped because: kasan: bad access detected
[   21.511920] 
[   21.512052] Memory state around the buggy address:
[   21.512367]  ffff888102991f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.512825]  ffff888102992000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.513253] >ffff888102992080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.513666]                                                           ^
[   21.514070]  ffff888102992100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.514508]  ffff888102992180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.515022] ==================================================================
[   21.282823] ==================================================================
[   21.283215] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   21.283771] Write of size 1 at addr ffff888100ab9eeb by task kunit_try_catch/185
[   21.284696] 
[   21.285174] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.285257] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.285276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.285307] Call Trace:
[   21.285327]  <TASK>
[   21.285352]  dump_stack_lvl+0x73/0xb0
[   21.285590]  print_report+0xd1/0x650
[   21.285635]  ? __virt_addr_valid+0x1db/0x2d0
[   21.285670]  ? krealloc_more_oob_helper+0x821/0x930
[   21.285706]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.285744]  ? krealloc_more_oob_helper+0x821/0x930
[   21.285957]  kasan_report+0x141/0x180
[   21.285984]  ? krealloc_more_oob_helper+0x821/0x930
[   21.286020]  __asan_report_store1_noabort+0x1b/0x30
[   21.286045]  krealloc_more_oob_helper+0x821/0x930
[   21.286065]  ? __schedule+0x10cc/0x2b60
[   21.286096]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.286128]  ? finish_task_switch.isra.0+0x153/0x700
[   21.286158]  ? __switch_to+0x47/0xf50
[   21.286194]  ? __schedule+0x10cc/0x2b60
[   21.286213]  ? __pfx_read_tsc+0x10/0x10
[   21.286236]  krealloc_more_oob+0x1c/0x30
[   21.286255]  kunit_try_run_case+0x1a5/0x480
[   21.286277]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.286296]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.286316]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.286335]  ? __kthread_parkme+0x82/0x180
[   21.286353]  ? preempt_count_sub+0x50/0x80
[   21.286372]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.286421]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.286459]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.286496]  kthread+0x337/0x6f0
[   21.286529]  ? trace_preempt_on+0x20/0xc0
[   21.286566]  ? __pfx_kthread+0x10/0x10
[   21.286585]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.286604]  ? calculate_sigpending+0x7b/0xa0
[   21.286625]  ? __pfx_kthread+0x10/0x10
[   21.286644]  ret_from_fork+0x116/0x1d0
[   21.286661]  ? __pfx_kthread+0x10/0x10
[   21.286679]  ret_from_fork_asm+0x1a/0x30
[   21.286708]  </TASK>
[   21.286720] 
[   21.297605] Allocated by task 185:
[   21.297916]  kasan_save_stack+0x45/0x70
[   21.298355]  kasan_save_track+0x18/0x40
[   21.298622]  kasan_save_alloc_info+0x3b/0x50
[   21.298800]  __kasan_krealloc+0x190/0x1f0
[   21.298991]  krealloc_noprof+0xf3/0x340
[   21.299260]  krealloc_more_oob_helper+0x1a9/0x930
[   21.299508]  krealloc_more_oob+0x1c/0x30
[   21.299783]  kunit_try_run_case+0x1a5/0x480
[   21.300048]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.300549]  kthread+0x337/0x6f0
[   21.300802]  ret_from_fork+0x116/0x1d0
[   21.301589]  ret_from_fork_asm+0x1a/0x30
[   21.301938] 
[   21.302226] The buggy address belongs to the object at ffff888100ab9e00
[   21.302226]  which belongs to the cache kmalloc-256 of size 256
[   21.302819] The buggy address is located 0 bytes to the right of
[   21.302819]  allocated 235-byte region [ffff888100ab9e00, ffff888100ab9eeb)
[   21.303671] 
[   21.303836] The buggy address belongs to the physical page:
[   21.304320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8
[   21.304682] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.304917] flags: 0x200000000000040(head|node=0|zone=2)
[   21.305107] page_type: f5(slab)
[   21.305514] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   21.306047] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.307013] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   21.307678] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.308207] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff
[   21.308434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.308871] page dumped because: kasan: bad access detected
[   21.309352] 
[   21.309518] Memory state around the buggy address:
[   21.309798]  ffff888100ab9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.310240]  ffff888100ab9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.310771] >ffff888100ab9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.311064]                                                           ^
[   21.311916]  ffff888100ab9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.312127]  ffff888100ab9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.312744] ==================================================================
[   21.314754] ==================================================================
[   21.315128] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   21.315369] Write of size 1 at addr ffff888100ab9ef0 by task kunit_try_catch/185
[   21.315888] 
[   21.315999] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.316081] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.316103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.316134] Call Trace:
[   21.316159]  <TASK>
[   21.316184]  dump_stack_lvl+0x73/0xb0
[   21.316235]  print_report+0xd1/0x650
[   21.316272]  ? __virt_addr_valid+0x1db/0x2d0
[   21.316312]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.316351]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.316402]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.316442]  kasan_report+0x141/0x180
[   21.316478]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.316522]  __asan_report_store1_noabort+0x1b/0x30
[   21.316563]  krealloc_more_oob_helper+0x7eb/0x930
[   21.316623]  ? __schedule+0x10cc/0x2b60
[   21.316663]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.316704]  ? finish_task_switch.isra.0+0x153/0x700
[   21.316743]  ? __switch_to+0x47/0xf50
[   21.316788]  ? __schedule+0x10cc/0x2b60
[   21.316827]  ? __pfx_read_tsc+0x10/0x10
[   21.316870]  krealloc_more_oob+0x1c/0x30
[   21.316908]  kunit_try_run_case+0x1a5/0x480
[   21.316949]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.316978]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.316998]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.317017]  ? __kthread_parkme+0x82/0x180
[   21.317034]  ? preempt_count_sub+0x50/0x80
[   21.317052]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.317071]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.317090]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.317109]  kthread+0x337/0x6f0
[   21.317125]  ? trace_preempt_on+0x20/0xc0
[   21.317143]  ? __pfx_kthread+0x10/0x10
[   21.317160]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.317177]  ? calculate_sigpending+0x7b/0xa0
[   21.317196]  ? __pfx_kthread+0x10/0x10
[   21.317214]  ret_from_fork+0x116/0x1d0
[   21.317229]  ? __pfx_kthread+0x10/0x10
[   21.317245]  ret_from_fork_asm+0x1a/0x30
[   21.317272]  </TASK>
[   21.317283] 
[   21.328326] Allocated by task 185:
[   21.328485]  kasan_save_stack+0x45/0x70
[   21.328641]  kasan_save_track+0x18/0x40
[   21.328795]  kasan_save_alloc_info+0x3b/0x50
[   21.329261]  __kasan_krealloc+0x190/0x1f0
[   21.329560]  krealloc_noprof+0xf3/0x340
[   21.329820]  krealloc_more_oob_helper+0x1a9/0x930
[   21.330029]  krealloc_more_oob+0x1c/0x30
[   21.330481]  kunit_try_run_case+0x1a5/0x480
[   21.330811]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.331518]  kthread+0x337/0x6f0
[   21.331795]  ret_from_fork+0x116/0x1d0
[   21.332217]  ret_from_fork_asm+0x1a/0x30
[   21.332450] 
[   21.332603] The buggy address belongs to the object at ffff888100ab9e00
[   21.332603]  which belongs to the cache kmalloc-256 of size 256
[   21.333462] The buggy address is located 5 bytes to the right of
[   21.333462]  allocated 235-byte region [ffff888100ab9e00, ffff888100ab9eeb)
[   21.334030] 
[   21.334311] The buggy address belongs to the physical page:
[   21.334680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8
[   21.335056] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.335604] flags: 0x200000000000040(head|node=0|zone=2)
[   21.336009] page_type: f5(slab)
[   21.336697] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   21.337050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.337730] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   21.338319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.338665] head: 0200000000000001 ffffea000402ae01 00000000ffffffff 00000000ffffffff
[   21.339276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.339702] page dumped because: kasan: bad access detected
[   21.339879] 
[   21.340034] Memory state around the buggy address:
[   21.340469]  ffff888100ab9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.340757]  ffff888100ab9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.341131] >ffff888100ab9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.341657]                                                              ^
[   21.341993]  ffff888100ab9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.342418]  ffff888100ab9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.342778] ==================================================================
[   21.516899] ==================================================================
[   21.517248] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   21.517555] Write of size 1 at addr ffff8881029920f0 by task kunit_try_catch/189
[   21.518002] 
[   21.518139] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.518221] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.518244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.518284] Call Trace:
[   21.518309]  <TASK>
[   21.518338]  dump_stack_lvl+0x73/0xb0
[   21.518423]  print_report+0xd1/0x650
[   21.518464]  ? __virt_addr_valid+0x1db/0x2d0
[   21.518508]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.518548]  ? kasan_addr_to_slab+0x11/0xa0
[   21.518593]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.518650]  kasan_report+0x141/0x180
[   21.518690]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.518738]  __asan_report_store1_noabort+0x1b/0x30
[   21.518779]  krealloc_more_oob_helper+0x7eb/0x930
[   21.518825]  ? __schedule+0x10cc/0x2b60
[   21.518865]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.518922]  ? finish_task_switch.isra.0+0x153/0x700
[   21.518968]  ? __switch_to+0x47/0xf50
[   21.519030]  ? __schedule+0x10cc/0x2b60
[   21.519074]  ? __pfx_read_tsc+0x10/0x10
[   21.519118]  krealloc_large_more_oob+0x1c/0x30
[   21.519163]  kunit_try_run_case+0x1a5/0x480
[   21.519200]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.519225]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.519250]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.519272]  ? __kthread_parkme+0x82/0x180
[   21.519289]  ? preempt_count_sub+0x50/0x80
[   21.519308]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.519327]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.519346]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.519365]  kthread+0x337/0x6f0
[   21.519399]  ? trace_preempt_on+0x20/0xc0
[   21.519427]  ? __pfx_kthread+0x10/0x10
[   21.519449]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.519470]  ? calculate_sigpending+0x7b/0xa0
[   21.519490]  ? __pfx_kthread+0x10/0x10
[   21.519507]  ret_from_fork+0x116/0x1d0
[   21.519522]  ? __pfx_kthread+0x10/0x10
[   21.519538]  ret_from_fork_asm+0x1a/0x30
[   21.519564]  </TASK>
[   21.519575] 
[   21.528162] The buggy address belongs to the physical page:
[   21.528443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102990
[   21.528692] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.529013] flags: 0x200000000000040(head|node=0|zone=2)
[   21.529429] page_type: f8(unknown)
[   21.529697] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.530363] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.530622] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.531019] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.531526] head: 0200000000000002 ffffea00040a6401 00000000ffffffff 00000000ffffffff
[   21.531826] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.532244] page dumped because: kasan: bad access detected
[   21.532560] 
[   21.532702] Memory state around the buggy address:
[   21.532952]  ffff888102991f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.533332]  ffff888102992000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.533731] >ffff888102992080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.534210]                                                              ^
[   21.534566]  ffff888102992100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.534857]  ffff888102992180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.535257] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmubRIV1JPUllhZ47JmxJvXDc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmubRIV1JPUllhZ47JmxJvXDc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/bzImage
sha256sum	b03452fcb75b3b14cf8383cc19f407b3f7a1f0ee70432185dec0e489b10cb3a4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/modules.tar.xz
sha256sum	e4532e2fb00e2e4b26601276ccbbe81c48edd0570f10fd066f50509a42a73673

durations

tests

boot	0
kunit	172.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit