lkft/linux-next-master - next-20250625 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 25, 2025, 8:08 a.m.

Environment
qemu-arm64
qemu-x86_64

[   26.428875] ==================================================================
[   26.428937] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   26.429004] Write of size 1 at addr fff00000c470f4eb by task kunit_try_catch/168
[   26.429052] 
[   26.429085] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.429166] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.429191] Hardware name: linux,dummy-virt (DT)
[   26.429221] Call trace:
[   26.429270]  show_stack+0x20/0x38 (C)
[   26.429320]  dump_stack_lvl+0x8c/0xd0
[   26.429366]  print_report+0x118/0x608
[   26.429426]  kasan_report+0xdc/0x128
[   26.429481]  __asan_report_store1_noabort+0x20/0x30
[   26.429528]  krealloc_more_oob_helper+0x60c/0x678
[   26.429575]  krealloc_more_oob+0x20/0x38
[   26.429618]  kunit_try_run_case+0x170/0x3f0
[   26.429666]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.429716]  kthread+0x328/0x630
[   26.429757]  ret_from_fork+0x10/0x20
[   26.429804] 
[   26.429827] Allocated by task 168:
[   26.429855]  kasan_save_stack+0x3c/0x68
[   26.429894]  kasan_save_track+0x20/0x40
[   26.429931]  kasan_save_alloc_info+0x40/0x58
[   26.429966]  __kasan_krealloc+0x118/0x178
[   26.430002]  krealloc_noprof+0x128/0x360
[   26.430039]  krealloc_more_oob_helper+0x168/0x678
[   26.430076]  krealloc_more_oob+0x20/0x38
[   26.430120]  kunit_try_run_case+0x170/0x3f0
[   26.430172]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.430214]  kthread+0x328/0x630
[   26.430250]  ret_from_fork+0x10/0x20
[   26.430293] 
[   26.430322] The buggy address belongs to the object at fff00000c470f400
[   26.430322]  which belongs to the cache kmalloc-256 of size 256
[   26.430379] The buggy address is located 0 bytes to the right of
[   26.430379]  allocated 235-byte region [fff00000c470f400, fff00000c470f4eb)
[   26.430449] 
[   26.430468] The buggy address belongs to the physical page:
[   26.430500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10470e
[   26.430550] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.430595] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.430645] page_type: f5(slab)
[   26.430681] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.431117] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.431178] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.431225] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.431271] head: 0bfffe0000000001 ffffc1ffc311c381 00000000ffffffff 00000000ffffffff
[   26.431317] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.431356] page dumped because: kasan: bad access detected
[   26.431658] 
[   26.431687] Memory state around the buggy address:
[   26.431769]  fff00000c470f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.431813]  fff00000c470f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.431890] >fff00000c470f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.431928]                                                           ^
[   26.431972]  fff00000c470f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.432081]  fff00000c470f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.432245] ==================================================================
[   26.488923] ==================================================================
[   26.489076] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   26.489134] Write of size 1 at addr fff00000c78260f0 by task kunit_try_catch/172
[   26.489180] 
[   26.489207] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.489289] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.489484] Hardware name: linux,dummy-virt (DT)
[   26.489554] Call trace:
[   26.489614]  show_stack+0x20/0x38 (C)
[   26.489676]  dump_stack_lvl+0x8c/0xd0
[   26.489760]  print_report+0x118/0x608
[   26.489836]  kasan_report+0xdc/0x128
[   26.489890]  __asan_report_store1_noabort+0x20/0x30
[   26.489937]  krealloc_more_oob_helper+0x5c0/0x678
[   26.489984]  krealloc_large_more_oob+0x20/0x38
[   26.490030]  kunit_try_run_case+0x170/0x3f0
[   26.490078]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.490145]  kthread+0x328/0x630
[   26.490185]  ret_from_fork+0x10/0x20
[   26.490239] 
[   26.490259] The buggy address belongs to the physical page:
[   26.490290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107824
[   26.490338] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.490390] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.490644] page_type: f8(unknown)
[   26.490826] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.490930] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.490980] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.491075] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.491136] head: 0bfffe0000000002 ffffc1ffc31e0901 00000000ffffffff 00000000ffffffff
[   26.491182] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.491219] page dumped because: kasan: bad access detected
[   26.491321] 
[   26.491343] Memory state around the buggy address:
[   26.491626]  fff00000c7825f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.491720]  fff00000c7826000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.491789] >fff00000c7826080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.491825]                                                              ^
[   26.491893]  fff00000c7826100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.492032]  fff00000c7826180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.492152] ==================================================================
[   26.432955] ==================================================================
[   26.433001] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   26.433051] Write of size 1 at addr fff00000c470f4f0 by task kunit_try_catch/168
[   26.433099] 
[   26.433127] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.433207] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.433232] Hardware name: linux,dummy-virt (DT)
[   26.433261] Call trace:
[   26.433282]  show_stack+0x20/0x38 (C)
[   26.433327]  dump_stack_lvl+0x8c/0xd0
[   26.433436]  print_report+0x118/0x608
[   26.433609]  kasan_report+0xdc/0x128
[   26.433771]  __asan_report_store1_noabort+0x20/0x30
[   26.433906]  krealloc_more_oob_helper+0x5c0/0x678
[   26.433993]  krealloc_more_oob+0x20/0x38
[   26.434061]  kunit_try_run_case+0x170/0x3f0
[   26.434137]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.434256]  kthread+0x328/0x630
[   26.434458]  ret_from_fork+0x10/0x20
[   26.434611] 
[   26.434629] Allocated by task 168:
[   26.434654]  kasan_save_stack+0x3c/0x68
[   26.434936]  kasan_save_track+0x20/0x40
[   26.435104]  kasan_save_alloc_info+0x40/0x58
[   26.435283]  __kasan_krealloc+0x118/0x178
[   26.435497]  krealloc_noprof+0x128/0x360
[   26.435655]  krealloc_more_oob_helper+0x168/0x678
[   26.435693]  krealloc_more_oob+0x20/0x38
[   26.435762]  kunit_try_run_case+0x170/0x3f0
[   26.435800]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.435842]  kthread+0x328/0x630
[   26.436112]  ret_from_fork+0x10/0x20
[   26.436157] 
[   26.436188] The buggy address belongs to the object at fff00000c470f400
[   26.436188]  which belongs to the cache kmalloc-256 of size 256
[   26.436249] The buggy address is located 5 bytes to the right of
[   26.436249]  allocated 235-byte region [fff00000c470f400, fff00000c470f4eb)
[   26.436308] 
[   26.436327] The buggy address belongs to the physical page:
[   26.436588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10470e
[   26.436672] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.436781] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.436946] page_type: f5(slab)
[   26.437048] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.437189] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.437274] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.437676] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.437859] head: 0bfffe0000000001 ffffc1ffc311c381 00000000ffffffff 00000000ffffffff
[   26.437982] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.438083] page dumped because: kasan: bad access detected
[   26.438211] 
[   26.438251] Memory state around the buggy address:
[   26.438354]  fff00000c470f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.438416]  fff00000c470f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.438455] >fff00000c470f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.438491]                                                              ^
[   26.438883]  fff00000c470f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.438975]  fff00000c470f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.439035] ==================================================================
[   26.483275] ==================================================================
[   26.483331] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   26.483421] Write of size 1 at addr fff00000c78260eb by task kunit_try_catch/172
[   26.483572] 
[   26.483662] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.483744] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.484080] Hardware name: linux,dummy-virt (DT)
[   26.484186] Call trace:
[   26.484335]  show_stack+0x20/0x38 (C)
[   26.484455]  dump_stack_lvl+0x8c/0xd0
[   26.484595]  print_report+0x118/0x608
[   26.484749]  kasan_report+0xdc/0x128
[   26.484827]  __asan_report_store1_noabort+0x20/0x30
[   26.484913]  krealloc_more_oob_helper+0x60c/0x678
[   26.484961]  krealloc_large_more_oob+0x20/0x38
[   26.485151]  kunit_try_run_case+0x170/0x3f0
[   26.485202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.485254]  kthread+0x328/0x630
[   26.485294]  ret_from_fork+0x10/0x20
[   26.485512] 
[   26.485618] The buggy address belongs to the physical page:
[   26.485760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107824
[   26.485843] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.485987] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.486138] page_type: f8(unknown)
[   26.486290] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.486388] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.486679] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.486919] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.487066] head: 0bfffe0000000002 ffffc1ffc31e0901 00000000ffffffff 00000000ffffffff
[   26.487216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.487340] page dumped because: kasan: bad access detected
[   26.487509] 
[   26.487579] Memory state around the buggy address:
[   26.487611]  fff00000c7825f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.487870]  fff00000c7826000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.487915] >fff00000c7826080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.487951]                                                           ^
[   26.487988]  fff00000c7826100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.488027]  fff00000c7826180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.488063] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yzYOk343WUC6Wpt3myROi1ycEp

job_id

TEST:linaro@lkft#2yzYUHdREalZeVuTYEtZ0Vg4zyC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yzYUHdREalZeVuTYEtZ0Vg4zyC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYQLBlrPZKRLNAwKs2gdkoA38/Image.gz
sha256sum	ecffa73d9c53e178bc58f77e3a2aaadac22dbb2340351d938f09d8930cf3c815

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYQLBlrPZKRLNAwKs2gdkoA38/modules.tar.xz
sha256sum	d909e31b2675c9cfa4c6c68cb67b8b55a898f72165169b4030348d19c0ca4f80

durations

tests

boot	0
kunit	168.59

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   21.632354] ==================================================================
[   21.632827] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   21.633469] Write of size 1 at addr ffff888102cce0eb by task kunit_try_catch/189
[   21.633795] 
[   21.633910] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.633994] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.634007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.634139] Call Trace:
[   21.634155]  <TASK>
[   21.634172]  dump_stack_lvl+0x73/0xb0
[   21.634225]  print_report+0xd1/0x650
[   21.634249]  ? __virt_addr_valid+0x1db/0x2d0
[   21.634274]  ? krealloc_more_oob_helper+0x821/0x930
[   21.634296]  ? kasan_addr_to_slab+0x11/0xa0
[   21.634316]  ? krealloc_more_oob_helper+0x821/0x930
[   21.634339]  kasan_report+0x141/0x180
[   21.634362]  ? krealloc_more_oob_helper+0x821/0x930
[   21.634396]  __asan_report_store1_noabort+0x1b/0x30
[   21.634419]  krealloc_more_oob_helper+0x821/0x930
[   21.634440]  ? __schedule+0x10cc/0x2b60
[   21.634467]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.634490]  ? finish_task_switch.isra.0+0x153/0x700
[   21.634511]  ? __switch_to+0x47/0xf50
[   21.634543]  ? __schedule+0x10cc/0x2b60
[   21.634567]  ? __pfx_read_tsc+0x10/0x10
[   21.634596]  krealloc_large_more_oob+0x1c/0x30
[   21.634617]  kunit_try_run_case+0x1a5/0x480
[   21.634643]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.634664]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.634685]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.634710]  ? __kthread_parkme+0x82/0x180
[   21.634731]  ? preempt_count_sub+0x50/0x80
[   21.634757]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.634781]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.634804]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.634890]  kthread+0x337/0x6f0
[   21.634911]  ? trace_preempt_on+0x20/0xc0
[   21.634947]  ? __pfx_kthread+0x10/0x10
[   21.634968]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.634991]  ? calculate_sigpending+0x7b/0xa0
[   21.635015]  ? __pfx_kthread+0x10/0x10
[   21.635038]  ret_from_fork+0x116/0x1d0
[   21.635056]  ? __pfx_kthread+0x10/0x10
[   21.635077]  ret_from_fork_asm+0x1a/0x30
[   21.635129]  </TASK>
[   21.635140] 
[   21.643055] The buggy address belongs to the physical page:
[   21.643321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ccc
[   21.643681] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.644154] flags: 0x200000000000040(head|node=0|zone=2)
[   21.644360] page_type: f8(unknown)
[   21.644484] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.644834] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.645414] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.645743] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.646166] head: 0200000000000002 ffffea00040b3301 00000000ffffffff 00000000ffffffff
[   21.646641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.647021] page dumped because: kasan: bad access detected
[   21.647247] 
[   21.647308] Memory state around the buggy address:
[   21.647575]  ffff888102ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.647873]  ffff888102cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.648143] >ffff888102cce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.648344]                                                           ^
[   21.648697]  ffff888102cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.649322]  ffff888102cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.649617] ==================================================================
[   21.649915] ==================================================================
[   21.650271] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   21.650673] Write of size 1 at addr ffff888102cce0f0 by task kunit_try_catch/189
[   21.651297] 
[   21.651401] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.651447] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.651459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.651479] Call Trace:
[   21.651492]  <TASK>
[   21.651506]  dump_stack_lvl+0x73/0xb0
[   21.651532]  print_report+0xd1/0x650
[   21.651554]  ? __virt_addr_valid+0x1db/0x2d0
[   21.651578]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.651599]  ? kasan_addr_to_slab+0x11/0xa0
[   21.651619]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.651643]  kasan_report+0x141/0x180
[   21.651666]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.651700]  __asan_report_store1_noabort+0x1b/0x30
[   21.651723]  krealloc_more_oob_helper+0x7eb/0x930
[   21.651744]  ? __schedule+0x10cc/0x2b60
[   21.651770]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.651793]  ? finish_task_switch.isra.0+0x153/0x700
[   21.651813]  ? __switch_to+0x47/0xf50
[   21.651903]  ? __schedule+0x10cc/0x2b60
[   21.651929]  ? __pfx_read_tsc+0x10/0x10
[   21.651970]  krealloc_large_more_oob+0x1c/0x30
[   21.651992]  kunit_try_run_case+0x1a5/0x480
[   21.652018]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.652059]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.652093]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.652118]  ? __kthread_parkme+0x82/0x180
[   21.652151]  ? preempt_count_sub+0x50/0x80
[   21.652192]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.652218]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.652242]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.652279]  kthread+0x337/0x6f0
[   21.652312]  ? trace_preempt_on+0x20/0xc0
[   21.652342]  ? __pfx_kthread+0x10/0x10
[   21.652376]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.652413]  ? calculate_sigpending+0x7b/0xa0
[   21.652437]  ? __pfx_kthread+0x10/0x10
[   21.652460]  ret_from_fork+0x116/0x1d0
[   21.652478]  ? __pfx_kthread+0x10/0x10
[   21.652498]  ret_from_fork_asm+0x1a/0x30
[   21.652540]  </TASK>
[   21.652550] 
[   21.660959] The buggy address belongs to the physical page:
[   21.661240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ccc
[   21.661610] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.661951] flags: 0x200000000000040(head|node=0|zone=2)
[   21.662262] page_type: f8(unknown)
[   21.662426] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.662685] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.662895] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.663378] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.663965] head: 0200000000000002 ffffea00040b3301 00000000ffffffff 00000000ffffffff
[   21.664347] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.664583] page dumped because: kasan: bad access detected
[   21.664802] 
[   21.664929] Memory state around the buggy address:
[   21.665232]  ffff888102ccdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.665558]  ffff888102cce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.665912] >ffff888102cce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.666203]                                                              ^
[   21.666521]  ffff888102cce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.666846]  ffff888102cce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.667333] ==================================================================
[   21.492553] ==================================================================
[   21.492978] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   21.493542] Write of size 1 at addr ffff88810038c6f0 by task kunit_try_catch/185
[   21.494131] 
[   21.494233] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.494278] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.494290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.494309] Call Trace:
[   21.494321]  <TASK>
[   21.494335]  dump_stack_lvl+0x73/0xb0
[   21.494359]  print_report+0xd1/0x650
[   21.494378]  ? __virt_addr_valid+0x1db/0x2d0
[   21.494399]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.494428]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.494452]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.494473]  kasan_report+0x141/0x180
[   21.494493]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.494518]  __asan_report_store1_noabort+0x1b/0x30
[   21.494540]  krealloc_more_oob_helper+0x7eb/0x930
[   21.494560]  ? __schedule+0x10cc/0x2b60
[   21.494584]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.494606]  ? finish_task_switch.isra.0+0x153/0x700
[   21.494626]  ? __switch_to+0x47/0xf50
[   21.494649]  ? __schedule+0x10cc/0x2b60
[   21.494672]  ? __pfx_read_tsc+0x10/0x10
[   21.494695]  krealloc_more_oob+0x1c/0x30
[   21.494715]  kunit_try_run_case+0x1a5/0x480
[   21.494739]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.494760]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.494779]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.494802]  ? __kthread_parkme+0x82/0x180
[   21.494864]  ? preempt_count_sub+0x50/0x80
[   21.494885]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.494907]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.494929]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.494964]  kthread+0x337/0x6f0
[   21.494982]  ? trace_preempt_on+0x20/0xc0
[   21.495003]  ? __pfx_kthread+0x10/0x10
[   21.495022]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.495043]  ? calculate_sigpending+0x7b/0xa0
[   21.495065]  ? __pfx_kthread+0x10/0x10
[   21.495085]  ret_from_fork+0x116/0x1d0
[   21.495102]  ? __pfx_kthread+0x10/0x10
[   21.495121]  ret_from_fork_asm+0x1a/0x30
[   21.495148]  </TASK>
[   21.495158] 
[   21.503646] Allocated by task 185:
[   21.503873]  kasan_save_stack+0x45/0x70
[   21.504195]  kasan_save_track+0x18/0x40
[   21.504389]  kasan_save_alloc_info+0x3b/0x50
[   21.504575]  __kasan_krealloc+0x190/0x1f0
[   21.504751]  krealloc_noprof+0xf3/0x340
[   21.505023]  krealloc_more_oob_helper+0x1a9/0x930
[   21.505327]  krealloc_more_oob+0x1c/0x30
[   21.505459]  kunit_try_run_case+0x1a5/0x480
[   21.505661]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.505976]  kthread+0x337/0x6f0
[   21.506094]  ret_from_fork+0x116/0x1d0
[   21.506402]  ret_from_fork_asm+0x1a/0x30
[   21.507290] 
[   21.507651] The buggy address belongs to the object at ffff88810038c600
[   21.507651]  which belongs to the cache kmalloc-256 of size 256
[   21.508234] The buggy address is located 5 bytes to the right of
[   21.508234]  allocated 235-byte region [ffff88810038c600, ffff88810038c6eb)
[   21.508666] 
[   21.508760] The buggy address belongs to the physical page:
[   21.509022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c
[   21.509370] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.509695] flags: 0x200000000000040(head|node=0|zone=2)
[   21.509986] page_type: f5(slab)
[   21.510165] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.510430] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.510744] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.511115] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.511386] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff
[   21.511609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.511851] page dumped because: kasan: bad access detected
[   21.512101] 
[   21.512186] Memory state around the buggy address:
[   21.512402]  ffff88810038c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.512715]  ffff88810038c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.513025] >ffff88810038c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.513496]                                                              ^
[   21.513705]  ffff88810038c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.514305]  ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.514617] ==================================================================
[   21.471339] ==================================================================
[   21.472531] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   21.472970] Write of size 1 at addr ffff88810038c6eb by task kunit_try_catch/185
[   21.473291] 
[   21.473397] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.473443] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.473455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.473475] Call Trace:
[   21.473488]  <TASK>
[   21.473502]  dump_stack_lvl+0x73/0xb0
[   21.473528]  print_report+0xd1/0x650
[   21.473548]  ? __virt_addr_valid+0x1db/0x2d0
[   21.473570]  ? krealloc_more_oob_helper+0x821/0x930
[   21.473591]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.473614]  ? krealloc_more_oob_helper+0x821/0x930
[   21.473635]  kasan_report+0x141/0x180
[   21.473655]  ? krealloc_more_oob_helper+0x821/0x930
[   21.473680]  __asan_report_store1_noabort+0x1b/0x30
[   21.473702]  krealloc_more_oob_helper+0x821/0x930
[   21.473722]  ? __schedule+0x10cc/0x2b60
[   21.473745]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.473767]  ? finish_task_switch.isra.0+0x153/0x700
[   21.473788]  ? __switch_to+0x47/0xf50
[   21.473813]  ? __schedule+0x10cc/0x2b60
[   21.473834]  ? __pfx_read_tsc+0x10/0x10
[   21.473857]  krealloc_more_oob+0x1c/0x30
[   21.473877]  kunit_try_run_case+0x1a5/0x480
[   21.473901]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.473922]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.473952]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.473975]  ? __kthread_parkme+0x82/0x180
[   21.473993]  ? preempt_count_sub+0x50/0x80
[   21.474013]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.474036]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.474057]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.474079]  kthread+0x337/0x6f0
[   21.474096]  ? trace_preempt_on+0x20/0xc0
[   21.474118]  ? __pfx_kthread+0x10/0x10
[   21.474154]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.474175]  ? calculate_sigpending+0x7b/0xa0
[   21.474197]  ? __pfx_kthread+0x10/0x10
[   21.474217]  ret_from_fork+0x116/0x1d0
[   21.474234]  ? __pfx_kthread+0x10/0x10
[   21.474253]  ret_from_fork_asm+0x1a/0x30
[   21.474281]  </TASK>
[   21.474291] 
[   21.481914] Allocated by task 185:
[   21.482101]  kasan_save_stack+0x45/0x70
[   21.482353]  kasan_save_track+0x18/0x40
[   21.482536]  kasan_save_alloc_info+0x3b/0x50
[   21.482706]  __kasan_krealloc+0x190/0x1f0
[   21.482834]  krealloc_noprof+0xf3/0x340
[   21.483067]  krealloc_more_oob_helper+0x1a9/0x930
[   21.483286]  krealloc_more_oob+0x1c/0x30
[   21.483473]  kunit_try_run_case+0x1a5/0x480
[   21.483661]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.483824]  kthread+0x337/0x6f0
[   21.484092]  ret_from_fork+0x116/0x1d0
[   21.484284]  ret_from_fork_asm+0x1a/0x30
[   21.484437] 
[   21.484506] The buggy address belongs to the object at ffff88810038c600
[   21.484506]  which belongs to the cache kmalloc-256 of size 256
[   21.484849] The buggy address is located 0 bytes to the right of
[   21.484849]  allocated 235-byte region [ffff88810038c600, ffff88810038c6eb)
[   21.485682] 
[   21.485776] The buggy address belongs to the physical page:
[   21.486028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c
[   21.486766] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.487204] flags: 0x200000000000040(head|node=0|zone=2)
[   21.487374] page_type: f5(slab)
[   21.487485] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.487738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.488075] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.488441] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.488822] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff
[   21.489192] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.489539] page dumped because: kasan: bad access detected
[   21.489794] 
[   21.489916] Memory state around the buggy address:
[   21.490118]  ffff88810038c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.490342]  ffff88810038c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.490549] >ffff88810038c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.490857]                                                           ^
[   21.491149]  ffff88810038c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.491425]  ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.491697] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yzYOk343WUC6Wpt3myROi1ycEp

job_id

TEST:linaro@lkft#2yzYVNT6IUjhjLdh7nstgLFd505

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yzYVNT6IUjhjLdh7nstgLFd505

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYRjK4yPgWCSPteds1wuyRjxm/bzImage
sha256sum	a36e634a4a78f2929b45bc04de080bad523a4659b57f144ae08b96bb49e6195c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYRjK4yPgWCSPteds1wuyRjxm/modules.tar.xz
sha256sum	20f0a98822a7ed9176a2a3211e41859c1b0cc5afa6ae6640cdcd27770eeb51ec

durations

tests

boot	0
kunit	118.62

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit