lkft/linux-next-master - next-20250626 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 26, 2025, 9:10 a.m.

Environment
dragonboard-845c
juno-r2
qemu-arm64
qemu-x86_64

[   35.297829] ==================================================================
[   35.309048] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   35.316722] Write of size 1 at addr ffff00009535e0eb by task kunit_try_catch/246
[   35.324220] 
[   35.325752] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   35.325779] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.325787] Hardware name: Thundercomm Dragonboard 845c (DT)
[   35.325796] Call trace:
[   35.325803]  show_stack+0x20/0x38 (C)
[   35.325821]  dump_stack_lvl+0x8c/0xd0
[   35.325839]  print_report+0x118/0x608
[   35.325858]  kasan_report+0xdc/0x128
[   35.325877]  __asan_report_store1_noabort+0x20/0x30
[   35.325894]  krealloc_more_oob_helper+0x60c/0x678
[   35.325913]  krealloc_large_more_oob+0x20/0x38
[   35.325931]  kunit_try_run_case+0x170/0x3f0
[   35.325950]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.325970]  kthread+0x328/0x630
[   35.325985]  ret_from_fork+0x10/0x20
[   35.326004] 
[   35.396813] The buggy address belongs to the physical page:
[   35.402461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11535c
[   35.410574] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.418329] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.425383] page_type: f8(unknown)
[   35.428846] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.436689] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.444535] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.452464] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.460394] head: 0bfffe0000000002 fffffdffc254d701 00000000ffffffff 00000000ffffffff
[   35.468324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.476248] page dumped because: kasan: bad access detected
[   35.481896] 
[   35.483425] Memory state around the buggy address:
[   35.488291]  ffff00009535df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.495609]  ffff00009535e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.502931] >ffff00009535e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   35.510248]                                                           ^
[   35.516953]  ffff00009535e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.524275]  ffff00009535e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.531592] ==================================================================
[   35.539044] ==================================================================
[   35.546369] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   35.554042] Write of size 1 at addr ffff00009535e0f0 by task kunit_try_catch/246
[   35.561538] 
[   35.563070] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   35.563099] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.563107] Hardware name: Thundercomm Dragonboard 845c (DT)
[   35.563119] Call trace:
[   35.563125]  show_stack+0x20/0x38 (C)
[   35.563143]  dump_stack_lvl+0x8c/0xd0
[   35.563162]  print_report+0x118/0x608
[   35.563181]  kasan_report+0xdc/0x128
[   35.563200]  __asan_report_store1_noabort+0x20/0x30
[   35.563217]  krealloc_more_oob_helper+0x5c0/0x678
[   35.563236]  krealloc_large_more_oob+0x20/0x38
[   35.563255]  kunit_try_run_case+0x170/0x3f0
[   35.563273]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.563295]  kthread+0x328/0x630
[   35.563310]  ret_from_fork+0x10/0x20
[   35.563327] 
[   35.634141] The buggy address belongs to the physical page:
[   35.639788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11535c
[   35.647898] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.655653] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.662707] page_type: f8(unknown)
[   35.666170] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.674014] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.681858] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.689787] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.697716] head: 0bfffe0000000002 fffffdffc254d701 00000000ffffffff 00000000ffffffff
[   35.705645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.713569] page dumped because: kasan: bad access detected
[   35.719218] 
[   35.720750] Memory state around the buggy address:
[   35.725612]  ffff00009535df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.732934]  ffff00009535e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.740255] >ffff00009535e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   35.747570]                                                              ^
[   35.754532]  ffff00009535e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.761852]  ffff00009535e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.769173] ==================================================================
[   33.082823] ==================================================================
[   33.093771] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   33.101448] Write of size 1 at addr ffff00008036eceb by task kunit_try_catch/242
[   33.108947] 
[   33.110481] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   33.110510] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.110519] Hardware name: Thundercomm Dragonboard 845c (DT)
[   33.110531] Call trace:
[   33.110538]  show_stack+0x20/0x38 (C)
[   33.110556]  dump_stack_lvl+0x8c/0xd0
[   33.110576]  print_report+0x118/0x608
[   33.110595]  kasan_report+0xdc/0x128
[   33.110614]  __asan_report_store1_noabort+0x20/0x30
[   33.110632]  krealloc_more_oob_helper+0x60c/0x678
[   33.110651]  krealloc_more_oob+0x20/0x38
[   33.110668]  kunit_try_run_case+0x170/0x3f0
[   33.110688]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.110711]  kthread+0x328/0x630
[   33.110727]  ret_from_fork+0x10/0x20
[   33.110745] 
[   33.181020] Allocated by task 242:
[   33.184488]  kasan_save_stack+0x3c/0x68
[   33.188394]  kasan_save_track+0x20/0x40
[   33.192298]  kasan_save_alloc_info+0x40/0x58
[   33.196643]  __kasan_krealloc+0x118/0x178
[   33.200720]  krealloc_noprof+0x128/0x360
[   33.204713]  krealloc_more_oob_helper+0x168/0x678
[   33.209492]  krealloc_more_oob+0x20/0x38
[   33.213484]  kunit_try_run_case+0x170/0x3f0
[   33.217743]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.223312]  kthread+0x328/0x630
[   33.226598]  ret_from_fork+0x10/0x20
[   33.230242] 
[   33.231772] The buggy address belongs to the object at ffff00008036ec00
[   33.231772]  which belongs to the cache kmalloc-256 of size 256
[   33.244434] The buggy address is located 0 bytes to the right of
[   33.244434]  allocated 235-byte region [ffff00008036ec00, ffff00008036eceb)
[   33.257539] 
[   33.259070] The buggy address belongs to the physical page:
[   33.264716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10036c
[   33.272821] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.280578] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.287636] page_type: f5(slab)
[   33.290837] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.298683] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.306529] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.314463] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.322395] head: 0bfffe0000000002 fffffdffc200db01 00000000ffffffff 00000000ffffffff
[   33.330328] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.338255] page dumped because: kasan: bad access detected
[   33.343899] 
[   33.345428] Memory state around the buggy address:
[   33.350286]  ffff00008036eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.357600]  ffff00008036ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.364915] >ffff00008036ec80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   33.372227]                                                           ^
[   33.378932]  ffff00008036ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.386246]  ffff00008036ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.393557] ==================================================================
[   33.400951] ==================================================================
[   33.408275] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   33.415946] Write of size 1 at addr ffff00008036ecf0 by task kunit_try_catch/242
[   33.423439] 
[   33.424977] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   33.425005] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.425014] Hardware name: Thundercomm Dragonboard 845c (DT)
[   33.425024] Call trace:
[   33.425031]  show_stack+0x20/0x38 (C)
[   33.425050]  dump_stack_lvl+0x8c/0xd0
[   33.425069]  print_report+0x118/0x608
[   33.425090]  kasan_report+0xdc/0x128
[   33.425109]  __asan_report_store1_noabort+0x20/0x30
[   33.425127]  krealloc_more_oob_helper+0x5c0/0x678
[   33.425146]  krealloc_more_oob+0x20/0x38
[   33.425162]  kunit_try_run_case+0x170/0x3f0
[   33.425181]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.425201]  kthread+0x328/0x630
[   33.425216]  ret_from_fork+0x10/0x20
[   33.425234] 
[   33.495515] Allocated by task 242:
[   33.498975]  kasan_save_stack+0x3c/0x68
[   33.502883]  kasan_save_track+0x20/0x40
[   33.506790]  kasan_save_alloc_info+0x40/0x58
[   33.511126]  __kasan_krealloc+0x118/0x178
[   33.515206]  krealloc_noprof+0x128/0x360
[   33.519202]  krealloc_more_oob_helper+0x168/0x678
[   33.523981]  krealloc_more_oob+0x20/0x38
[   33.527974]  kunit_try_run_case+0x170/0x3f0
[   33.532223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.537793]  kthread+0x328/0x630
[   33.541083]  ret_from_fork+0x10/0x20
[   33.544720] 
[   33.546250] The buggy address belongs to the object at ffff00008036ec00
[   33.546250]  which belongs to the cache kmalloc-256 of size 256
[   33.558913] The buggy address is located 5 bytes to the right of
[   33.558913]  allocated 235-byte region [ffff00008036ec00, ffff00008036eceb)
[   33.572016] 
[   33.573542] The buggy address belongs to the physical page:
[   33.579189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10036c
[   33.587298] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.595053] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.602105] page_type: f5(slab)
[   33.605309] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.613152] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.620995] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.628925] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.636853] head: 0bfffe0000000002 fffffdffc200db01 00000000ffffffff 00000000ffffffff
[   33.644781] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.652705] page dumped because: kasan: bad access detected
[   33.658354] 
[   33.659889] Memory state around the buggy address:
[   33.664746]  ffff00008036eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.672070]  ffff00008036ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.679383] >ffff00008036ec80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   33.686704]                                                              ^
[   33.693668]  ffff00008036ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.700988]  ffff00008036ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.708307] ==================================================================

Metadata Full log Test run details

[ 1523.219577] ==================================================================
[ 1523.219598] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[ 1523.219631] Write of size 1 at addr ffff000800d20ef0 by task kunit_try_catch/227
[ 1523.219663] 
[ 1523.219677] CPU: 5 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1523.219735] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[ 1523.219753] Hardware name: ARM Juno development board (r2) (DT)
[ 1523.219773] Call trace:
[ 1523.219784]  show_stack+0x20/0x38 (C)
[ 1523.219820]  dump_stack_lvl+0x8c/0xd0
[ 1523.219857]  print_report+0x118/0x608
[ 1523.219896]  kasan_report+0xdc/0x128
[ 1523.219934]  __asan_report_store1_noabort+0x20/0x30
[ 1523.219970]  krealloc_more_oob_helper+0x5c0/0x678
[ 1523.220010]  krealloc_more_oob+0x20/0x38
[ 1523.220046]  kunit_try_run_case+0x170/0x3f0
[ 1523.220083]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1523.220127]  kthread+0x328/0x630
[ 1523.220156]  ret_from_fork+0x10/0x20
[ 1523.220192] 
[ 1523.220202] Allocated by task 227:
[ 1523.220218]  kasan_save_stack+0x3c/0x68
[ 1523.220250]  kasan_save_track+0x20/0x40
[ 1523.220281]  kasan_save_alloc_info+0x40/0x58
[ 1523.220308]  __kasan_krealloc+0x118/0x178
[ 1523.220340]  krealloc_noprof+0x128/0x360
[ 1523.220371]  krealloc_more_oob_helper+0x168/0x678
[ 1523.220403]  krealloc_more_oob+0x20/0x38
[ 1523.220432]  kunit_try_run_case+0x170/0x3f0
[ 1523.220463]  kunit_generic_run_threadfn_adapter+0x88/0x100
[ 1523.220500]  kthread+0x328/0x630
[ 1523.220523]  ret_from_fork+0x10/0x20
[ 1523.220551] 
[ 1523.220560] The buggy address belongs to the object at ffff000800d20e00
[ 1523.220560]  which belongs to the cache kmalloc-256 of size 256
[ 1523.220597] The buggy address is located 5 bytes to the right of
[ 1523.220597]  allocated 235-byte region [ffff000800d20e00, ffff000800d20eeb)
[ 1523.220640] 
[ 1523.220650] The buggy address belongs to the physical page:
[ 1523.220667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880d20
[ 1523.220700] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1523.220730] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[ 1523.220762] page_type: f5(slab)
[ 1523.220787] raw: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[ 1523.220821] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 1523.220856] head: 0bfffe0000000040 ffff000800002b40 dead000000000122 0000000000000000
[ 1523.220891] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 1523.220926] head: 0bfffe0000000001 fffffdffe0034801 00000000ffffffff 00000000ffffffff
[ 1523.220960] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1523.220985] page dumped because: kasan: bad access detected
[ 1523.221003] 
[ 1523.221012] Memory state around the buggy address:
[ 1523.221031]  ffff000800d20d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1523.221059]  ffff000800d20e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1523.221088] >ffff000800d20e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[ 1523.221112]                                                              ^
[ 1523.221137]  ffff000800d20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1523.221165]  ffff000800d20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1523.221189] ==================================================================

Metadata Full log Test run details

[   26.697825] ==================================================================
[   26.698094] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   26.698305] Write of size 1 at addr fff00000c649e0f0 by task kunit_try_catch/172
[   26.698402] 
[   26.698429] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   26.698509] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.698533] Hardware name: linux,dummy-virt (DT)
[   26.698561] Call trace:
[   26.698731]  show_stack+0x20/0x38 (C)
[   26.698976]  dump_stack_lvl+0x8c/0xd0
[   26.699175]  print_report+0x118/0x608
[   26.699290]  kasan_report+0xdc/0x128
[   26.699368]  __asan_report_store1_noabort+0x20/0x30
[   26.699415]  krealloc_more_oob_helper+0x5c0/0x678
[   26.699469]  krealloc_large_more_oob+0x20/0x38
[   26.699554]  kunit_try_run_case+0x170/0x3f0
[   26.699817]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.700856]  kthread+0x328/0x630
[   26.701184]  ret_from_fork+0x10/0x20
[   26.701361] 
[   26.701676] The buggy address belongs to the physical page:
[   26.701757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10649c
[   26.702485] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.702705] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.703390] page_type: f8(unknown)
[   26.703536] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.704023] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.704259] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.704306] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.705353] head: 0bfffe0000000002 ffffc1ffc3192701 00000000ffffffff 00000000ffffffff
[   26.705544] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.705633] page dumped because: kasan: bad access detected
[   26.705663] 
[   26.706177] Memory state around the buggy address:
[   26.706244]  fff00000c649df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.706791]  fff00000c649e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.707417] >fff00000c649e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.707767]                                                              ^
[   26.707813]  fff00000c649e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.708095]  fff00000c649e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.708133] ==================================================================
[   26.628468] ==================================================================
[   26.628514] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   26.628583] Write of size 1 at addr fff00000c1c40af0 by task kunit_try_catch/168
[   26.628828] 
[   26.628862] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   26.628943] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.628968] Hardware name: linux,dummy-virt (DT)
[   26.628996] Call trace:
[   26.629026]  show_stack+0x20/0x38 (C)
[   26.629086]  dump_stack_lvl+0x8c/0xd0
[   26.629131]  print_report+0x118/0x608
[   26.629176]  kasan_report+0xdc/0x128
[   26.629220]  __asan_report_store1_noabort+0x20/0x30
[   26.629276]  krealloc_more_oob_helper+0x5c0/0x678
[   26.629408]  krealloc_more_oob+0x20/0x38
[   26.629453]  kunit_try_run_case+0x170/0x3f0
[   26.629498]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.629549]  kthread+0x328/0x630
[   26.629589]  ret_from_fork+0x10/0x20
[   26.629643] 
[   26.629661] Allocated by task 168:
[   26.629686]  kasan_save_stack+0x3c/0x68
[   26.629724]  kasan_save_track+0x20/0x40
[   26.629760]  kasan_save_alloc_info+0x40/0x58
[   26.629794]  __kasan_krealloc+0x118/0x178
[   26.629830]  krealloc_noprof+0x128/0x360
[   26.629865]  krealloc_more_oob_helper+0x168/0x678
[   26.630013]  krealloc_more_oob+0x20/0x38
[   26.630048]  kunit_try_run_case+0x170/0x3f0
[   26.630134]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.630255]  kthread+0x328/0x630
[   26.630339]  ret_from_fork+0x10/0x20
[   26.630536] 
[   26.630554] The buggy address belongs to the object at fff00000c1c40a00
[   26.630554]  which belongs to the cache kmalloc-256 of size 256
[   26.630613] The buggy address is located 5 bytes to the right of
[   26.630613]  allocated 235-byte region [fff00000c1c40a00, fff00000c1c40aeb)
[   26.630879] 
[   26.630898] The buggy address belongs to the physical page:
[   26.630926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c40
[   26.630980] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.631579] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.631741] page_type: f5(slab)
[   26.631865] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   26.631914] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.631961] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   26.632007] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.632061] head: 0bfffe0000000001 ffffc1ffc3071001 00000000ffffffff 00000000ffffffff
[   26.632107] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.632145] page dumped because: kasan: bad access detected
[   26.632173] 
[   26.632190] Memory state around the buggy address:
[   26.632218]  fff00000c1c40980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.632258]  fff00000c1c40a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.632297] >fff00000c1c40a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.632383]                                                              ^
[   26.632420]  fff00000c1c40b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.632461]  fff00000c1c40b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.632564] ==================================================================
[   26.693611] ==================================================================
[   26.693673] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   26.693856] Write of size 1 at addr fff00000c649e0eb by task kunit_try_catch/172
[   26.693919] 
[   26.694033] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   26.694204] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.694229] Hardware name: linux,dummy-virt (DT)
[   26.694258] Call trace:
[   26.694279]  show_stack+0x20/0x38 (C)
[   26.694329]  dump_stack_lvl+0x8c/0xd0
[   26.694377]  print_report+0x118/0x608
[   26.694422]  kasan_report+0xdc/0x128
[   26.694476]  __asan_report_store1_noabort+0x20/0x30
[   26.694524]  krealloc_more_oob_helper+0x60c/0x678
[   26.694573]  krealloc_large_more_oob+0x20/0x38
[   26.694681]  kunit_try_run_case+0x170/0x3f0
[   26.695174]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.695410]  kthread+0x328/0x630
[   26.695515]  ret_from_fork+0x10/0x20
[   26.695639] 
[   26.695659] The buggy address belongs to the physical page:
[   26.695689] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10649c
[   26.695741] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.695793] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.695844] page_type: f8(unknown)
[   26.695882] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.695930] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.695977] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.696395] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.696446] head: 0bfffe0000000002 ffffc1ffc3192701 00000000ffffffff 00000000ffffffff
[   26.696493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.696546] page dumped because: kasan: bad access detected
[   26.696626] 
[   26.696673] Memory state around the buggy address:
[   26.696740]  fff00000c649df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.696865]  fff00000c649e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.696969] >fff00000c649e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.697140]                                                           ^
[   26.697273]  fff00000c649e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.697315]  fff00000c649e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.697649] ==================================================================
[   26.624607] ==================================================================
[   26.624665] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   26.624760] Write of size 1 at addr fff00000c1c40aeb by task kunit_try_catch/168
[   26.624938] 
[   26.624969] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   26.625064] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.625089] Hardware name: linux,dummy-virt (DT)
[   26.625128] Call trace:
[   26.625149]  show_stack+0x20/0x38 (C)
[   26.625198]  dump_stack_lvl+0x8c/0xd0
[   26.625244]  print_report+0x118/0x608
[   26.625289]  kasan_report+0xdc/0x128
[   26.625334]  __asan_report_store1_noabort+0x20/0x30
[   26.625508]  krealloc_more_oob_helper+0x60c/0x678
[   26.625559]  krealloc_more_oob+0x20/0x38
[   26.625605]  kunit_try_run_case+0x170/0x3f0
[   26.625662]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.625714]  kthread+0x328/0x630
[   26.625755]  ret_from_fork+0x10/0x20
[   26.625802] 
[   26.625819] Allocated by task 168:
[   26.625846]  kasan_save_stack+0x3c/0x68
[   26.625886]  kasan_save_track+0x20/0x40
[   26.625922]  kasan_save_alloc_info+0x40/0x58
[   26.626016]  __kasan_krealloc+0x118/0x178
[   26.626063]  krealloc_noprof+0x128/0x360
[   26.626139]  krealloc_more_oob_helper+0x168/0x678
[   26.626217]  krealloc_more_oob+0x20/0x38
[   26.626254]  kunit_try_run_case+0x170/0x3f0
[   26.626291]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.626332]  kthread+0x328/0x630
[   26.626363]  ret_from_fork+0x10/0x20
[   26.626397] 
[   26.626415] The buggy address belongs to the object at fff00000c1c40a00
[   26.626415]  which belongs to the cache kmalloc-256 of size 256
[   26.626528] The buggy address is located 0 bytes to the right of
[   26.626528]  allocated 235-byte region [fff00000c1c40a00, fff00000c1c40aeb)
[   26.626688] 
[   26.626732] The buggy address belongs to the physical page:
[   26.626900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c40
[   26.627079] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.627124] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.627174] page_type: f5(slab)
[   26.627211] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   26.627259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.627306] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   26.627353] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.627399] head: 0bfffe0000000001 ffffc1ffc3071001 00000000ffffffff 00000000ffffffff
[   26.627445] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.627483] page dumped because: kasan: bad access detected
[   26.627512] 
[   26.627529] Memory state around the buggy address:
[   26.627570]  fff00000c1c40980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.627611]  fff00000c1c40a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.627651] >fff00000c1c40a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.627733]                                                           ^
[   26.627836]  fff00000c1c40b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.627878]  fff00000c1c40b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.627949] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VBWOwNE7tln7ibBWNJtNgCdd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VBWOwNE7tln7ibBWNJtNgCdd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/Image.gz
sha256sum	42e36f6e4a060d5f9a1060b857a02a69294fe7d2a27b0731adb370bcbc85f1e6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V7USjjUTWqzxtyXvVloPZLjf/modules.tar.xz
sha256sum	890b3fa8e09fb90f169b09d75de24714d8b16adf2b500a29a27124602d4970e9

durations

tests

boot	0
kunit	167.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   21.801089] ==================================================================
[   21.801427] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   21.801750] Write of size 1 at addr ffff888103aaa6f0 by task kunit_try_catch/185
[   21.802041] 
[   21.802156] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   21.802214] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.802288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.802311] Call Trace:
[   21.802324]  <TASK>
[   21.802342]  dump_stack_lvl+0x73/0xb0
[   21.802370]  print_report+0xd1/0x650
[   21.802391]  ? __virt_addr_valid+0x1db/0x2d0
[   21.802413]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.802435]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.802471]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.802493]  kasan_report+0x141/0x180
[   21.802513]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.802551]  __asan_report_store1_noabort+0x1b/0x30
[   21.802574]  krealloc_more_oob_helper+0x7eb/0x930
[   21.802594]  ? __schedule+0x10cc/0x2b60
[   21.802619]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.802641]  ? finish_task_switch.isra.0+0x153/0x700
[   21.802662]  ? __switch_to+0x47/0xf50
[   21.802687]  ? __schedule+0x10cc/0x2b60
[   21.802709]  ? __pfx_read_tsc+0x10/0x10
[   21.802732]  krealloc_more_oob+0x1c/0x30
[   21.802761]  kunit_try_run_case+0x1a5/0x480
[   21.802822]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.802846]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.802870]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.802894]  ? __kthread_parkme+0x82/0x180
[   21.802913]  ? preempt_count_sub+0x50/0x80
[   21.802936]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.802959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.802981]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.803004]  kthread+0x337/0x6f0
[   21.803047]  ? trace_preempt_on+0x20/0xc0
[   21.803077]  ? __pfx_kthread+0x10/0x10
[   21.803097]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.803131]  ? calculate_sigpending+0x7b/0xa0
[   21.803154]  ? __pfx_kthread+0x10/0x10
[   21.803175]  ret_from_fork+0x116/0x1d0
[   21.803193]  ? __pfx_kthread+0x10/0x10
[   21.803213]  ret_from_fork_asm+0x1a/0x30
[   21.803251]  </TASK>
[   21.803262] 
[   21.811322] Allocated by task 185:
[   21.811762]  kasan_save_stack+0x45/0x70
[   21.811980]  kasan_save_track+0x18/0x40
[   21.812167]  kasan_save_alloc_info+0x3b/0x50
[   21.812458]  __kasan_krealloc+0x190/0x1f0
[   21.812620]  krealloc_noprof+0xf3/0x340
[   21.812878]  krealloc_more_oob_helper+0x1a9/0x930
[   21.813119]  krealloc_more_oob+0x1c/0x30
[   21.813272]  kunit_try_run_case+0x1a5/0x480
[   21.813487]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.813710]  kthread+0x337/0x6f0
[   21.813901]  ret_from_fork+0x116/0x1d0
[   21.814169]  ret_from_fork_asm+0x1a/0x30
[   21.814369] 
[   21.814462] The buggy address belongs to the object at ffff888103aaa600
[   21.814462]  which belongs to the cache kmalloc-256 of size 256
[   21.814977] The buggy address is located 5 bytes to the right of
[   21.814977]  allocated 235-byte region [ffff888103aaa600, ffff888103aaa6eb)
[   21.815364] 
[   21.815439] The buggy address belongs to the physical page:
[   21.815676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa
[   21.816661] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.817016] flags: 0x200000000000040(head|node=0|zone=2)
[   21.817309] page_type: f5(slab)
[   21.817450] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.817674] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.818162] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.818514] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.818914] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff
[   21.819331] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.819668] page dumped because: kasan: bad access detected
[   21.819950] 
[   21.820051] Memory state around the buggy address:
[   21.820269]  ffff888103aaa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.820561]  ffff888103aaa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.820971] >ffff888103aaa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.821536]                                                              ^
[   21.821924]  ffff888103aaa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.822283]  ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.822603] ==================================================================
[   21.962499] ==================================================================
[   21.962997] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   21.963569] Write of size 1 at addr ffff888102c8e0f0 by task kunit_try_catch/189
[   21.964100] 
[   21.964207] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   21.964277] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.964289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.964311] Call Trace:
[   21.964325]  <TASK>
[   21.964343]  dump_stack_lvl+0x73/0xb0
[   21.964373]  print_report+0xd1/0x650
[   21.964405]  ? __virt_addr_valid+0x1db/0x2d0
[   21.964429]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.964452]  ? kasan_addr_to_slab+0x11/0xa0
[   21.964481]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.964504]  kasan_report+0x141/0x180
[   21.964525]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.964552]  __asan_report_store1_noabort+0x1b/0x30
[   21.964575]  krealloc_more_oob_helper+0x7eb/0x930
[   21.964596]  ? __schedule+0x10cc/0x2b60
[   21.964619]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.964644]  ? __kasan_check_write+0x18/0x20
[   21.964665]  ? queued_spin_lock_slowpath+0x116/0xb40
[   21.964691]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   21.964716]  ? __pfx_read_tsc+0x10/0x10
[   21.964740]  krealloc_large_more_oob+0x1c/0x30
[   21.964770]  kunit_try_run_case+0x1a5/0x480
[   21.964794]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.964816]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   21.964859]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.964883]  ? __kthread_parkme+0x82/0x180
[   21.964903]  ? preempt_count_sub+0x50/0x80
[   21.964925]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.964948]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.965016]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.965051]  kthread+0x337/0x6f0
[   21.965070]  ? trace_preempt_on+0x20/0xc0
[   21.965093]  ? __pfx_kthread+0x10/0x10
[   21.965112]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.965135]  ? calculate_sigpending+0x7b/0xa0
[   21.965159]  ? __pfx_kthread+0x10/0x10
[   21.965179]  ret_from_fork+0x116/0x1d0
[   21.965198]  ? __pfx_kthread+0x10/0x10
[   21.965217]  ret_from_fork_asm+0x1a/0x30
[   21.965255]  </TASK>
[   21.965267] 
[   21.974331] The buggy address belongs to the physical page:
[   21.974598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8c
[   21.974874] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.975237] flags: 0x200000000000040(head|node=0|zone=2)
[   21.975439] page_type: f8(unknown)
[   21.975742] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.976208] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.976531] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.976936] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.977246] head: 0200000000000002 ffffea00040b2301 00000000ffffffff 00000000ffffffff
[   21.977470] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.977986] page dumped because: kasan: bad access detected
[   21.978334] 
[   21.978398] Memory state around the buggy address:
[   21.978548]  ffff888102c8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.978754]  ffff888102c8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.979595] >ffff888102c8e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.980084]                                                              ^
[   21.980417]  ffff888102c8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.980689]  ffff888102c8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.981139] ==================================================================
[   21.943244] ==================================================================
[   21.943677] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   21.944361] Write of size 1 at addr ffff888102c8e0eb by task kunit_try_catch/189
[   21.944693] 
[   21.944798] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   21.944849] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.944861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.944884] Call Trace:
[   21.944898]  <TASK>
[   21.944917]  dump_stack_lvl+0x73/0xb0
[   21.944989]  print_report+0xd1/0x650
[   21.945014]  ? __virt_addr_valid+0x1db/0x2d0
[   21.945037]  ? krealloc_more_oob_helper+0x821/0x930
[   21.945084]  ? kasan_addr_to_slab+0x11/0xa0
[   21.945103]  ? krealloc_more_oob_helper+0x821/0x930
[   21.945125]  kasan_report+0x141/0x180
[   21.945146]  ? krealloc_more_oob_helper+0x821/0x930
[   21.945173]  __asan_report_store1_noabort+0x1b/0x30
[   21.945196]  krealloc_more_oob_helper+0x821/0x930
[   21.945217]  ? __schedule+0x10cc/0x2b60
[   21.945260]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.945284]  ? __kasan_check_write+0x18/0x20
[   21.945306]  ? queued_spin_lock_slowpath+0x116/0xb40
[   21.945343]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   21.945368]  ? __pfx_read_tsc+0x10/0x10
[   21.945393]  krealloc_large_more_oob+0x1c/0x30
[   21.945414]  kunit_try_run_case+0x1a5/0x480
[   21.945447]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.945469]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   21.945492]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.945527]  ? __kthread_parkme+0x82/0x180
[   21.945547]  ? preempt_count_sub+0x50/0x80
[   21.945569]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.945592]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.945614]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.945636]  kthread+0x337/0x6f0
[   21.945655]  ? trace_preempt_on+0x20/0xc0
[   21.945677]  ? __pfx_kthread+0x10/0x10
[   21.945697]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.945720]  ? calculate_sigpending+0x7b/0xa0
[   21.945743]  ? __pfx_kthread+0x10/0x10
[   21.945763]  ret_from_fork+0x116/0x1d0
[   21.945782]  ? __pfx_kthread+0x10/0x10
[   21.945844]  ret_from_fork_asm+0x1a/0x30
[   21.945875]  </TASK>
[   21.945887] 
[   21.954006] The buggy address belongs to the physical page:
[   21.954313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c8c
[   21.954677] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.954994] flags: 0x200000000000040(head|node=0|zone=2)
[   21.955344] page_type: f8(unknown)
[   21.955519] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.955793] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.956151] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.956547] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.956921] head: 0200000000000002 ffffea00040b2301 00000000ffffffff 00000000ffffffff
[   21.957245] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.957625] page dumped because: kasan: bad access detected
[   21.957931] 
[   21.957994] Memory state around the buggy address:
[   21.958141]  ffff888102c8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.958356]  ffff888102c8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.958812] >ffff888102c8e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.959256]                                                           ^
[   21.959461]  ffff888102c8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.959670]  ffff888102c8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.960140] ==================================================================
[   21.772929] ==================================================================
[   21.773540] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   21.774030] Write of size 1 at addr ffff888103aaa6eb by task kunit_try_catch/185
[   21.774535] 
[   21.774626] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   21.774714] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.774727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.774751] Call Trace:
[   21.774777]  <TASK>
[   21.774796]  dump_stack_lvl+0x73/0xb0
[   21.774827]  print_report+0xd1/0x650
[   21.774862]  ? __virt_addr_valid+0x1db/0x2d0
[   21.774885]  ? krealloc_more_oob_helper+0x821/0x930
[   21.774908]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.775057]  ? krealloc_more_oob_helper+0x821/0x930
[   21.775081]  kasan_report+0x141/0x180
[   21.775103]  ? krealloc_more_oob_helper+0x821/0x930
[   21.775141]  __asan_report_store1_noabort+0x1b/0x30
[   21.775164]  krealloc_more_oob_helper+0x821/0x930
[   21.775206]  ? __schedule+0x10cc/0x2b60
[   21.775240]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.775263]  ? finish_task_switch.isra.0+0x153/0x700
[   21.775284]  ? __switch_to+0x47/0xf50
[   21.775312]  ? __schedule+0x10cc/0x2b60
[   21.775334]  ? __pfx_read_tsc+0x10/0x10
[   21.775358]  krealloc_more_oob+0x1c/0x30
[   21.775378]  kunit_try_run_case+0x1a5/0x480
[   21.775403]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.775425]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.775448]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.775472]  ? __kthread_parkme+0x82/0x180
[   21.775492]  ? preempt_count_sub+0x50/0x80
[   21.775513]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.775536]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.775559]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.775581]  kthread+0x337/0x6f0
[   21.775601]  ? trace_preempt_on+0x20/0xc0
[   21.775623]  ? __pfx_kthread+0x10/0x10
[   21.775645]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.775667]  ? calculate_sigpending+0x7b/0xa0
[   21.775691]  ? __pfx_kthread+0x10/0x10
[   21.775713]  ret_from_fork+0x116/0x1d0
[   21.775734]  ? __pfx_kthread+0x10/0x10
[   21.775755]  ret_from_fork_asm+0x1a/0x30
[   21.775802]  </TASK>
[   21.775814] 
[   21.787116] Allocated by task 185:
[   21.787515]  kasan_save_stack+0x45/0x70
[   21.787807]  kasan_save_track+0x18/0x40
[   21.788164]  kasan_save_alloc_info+0x3b/0x50
[   21.788480]  __kasan_krealloc+0x190/0x1f0
[   21.788633]  krealloc_noprof+0xf3/0x340
[   21.788940]  krealloc_more_oob_helper+0x1a9/0x930
[   21.789626]  krealloc_more_oob+0x1c/0x30
[   21.789829]  kunit_try_run_case+0x1a5/0x480
[   21.790267]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.790519]  kthread+0x337/0x6f0
[   21.790667]  ret_from_fork+0x116/0x1d0
[   21.791086]  ret_from_fork_asm+0x1a/0x30
[   21.791382] 
[   21.791472] The buggy address belongs to the object at ffff888103aaa600
[   21.791472]  which belongs to the cache kmalloc-256 of size 256
[   21.792260] The buggy address is located 0 bytes to the right of
[   21.792260]  allocated 235-byte region [ffff888103aaa600, ffff888103aaa6eb)
[   21.792818] 
[   21.793232] The buggy address belongs to the physical page:
[   21.793441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaa
[   21.794044] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.794358] flags: 0x200000000000040(head|node=0|zone=2)
[   21.794613] page_type: f5(slab)
[   21.794766] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.795426] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.795785] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.796265] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.796573] head: 0200000000000001 ffffea00040eaa81 00000000ffffffff 00000000ffffffff
[   21.796920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.797353] page dumped because: kasan: bad access detected
[   21.797576] 
[   21.797666] Memory state around the buggy address:
[   21.797967]  ffff888103aaa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.798372]  ffff888103aaa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.798649] >ffff888103aaa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.799041]                                                           ^
[   21.799423]  ffff888103aaa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.799720]  ffff888103aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.800087] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2z2V64IZ5mZ4pqTgyDjND4po2p7

job_id

TEST:linaro@lkft#2z2VCWzEgPcUDHhhw0N7L6OuTsi

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2z2VCWzEgPcUDHhhw0N7L6OuTsi

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/bzImage
sha256sum	af9e113be0609efaece1c192f6aceee5e71a8c7326695ad181171f155187f3ab

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2z2V8vW6OGUdLnT5KmRzpsRviaL/modules.tar.xz
sha256sum	eb3bf6ab4822a4ffbb4c6a0a8f2b0db2418a278c2192667f80b6a1aac6efaa14

durations

tests

boot	0
kunit	146.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - juno-r2 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit