lkft/linux-next-master - next-20250704 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 4, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.468282] ==================================================================
[   29.468335] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.468792] Write of size 1 at addr fff00000c9a560f0 by task kunit_try_catch/193
[   29.468862] 
[   29.468893] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.469486] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.469526] Hardware name: linux,dummy-virt (DT)
[   29.469556] Call trace:
[   29.469578]  show_stack+0x20/0x38 (C)
[   29.469751]  dump_stack_lvl+0x8c/0xd0
[   29.469996]  print_report+0x118/0x608
[   29.470065]  kasan_report+0xdc/0x128
[   29.470110]  __asan_report_store1_noabort+0x20/0x30
[   29.470157]  krealloc_more_oob_helper+0x5c0/0x678
[   29.470205]  krealloc_large_more_oob+0x20/0x38
[   29.470252]  kunit_try_run_case+0x170/0x3f0
[   29.470685]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.470860]  kthread+0x328/0x630
[   29.470917]  ret_from_fork+0x10/0x20
[   29.471073] 
[   29.471221] The buggy address belongs to the physical page:
[   29.471252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.471548] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.471593] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.472017] page_type: f8(unknown)
[   29.472065] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.472493] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.472546] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.472942] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.473207] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.473260] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.473681] page dumped because: kasan: bad access detected
[   29.474090] 
[   29.474120] Memory state around the buggy address:
[   29.474175]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.474218]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.474420] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.474461]                                                              ^
[   29.474500]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.474562]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.474599] ==================================================================
[   29.389662] ==================================================================
[   29.389781] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.389936] Write of size 1 at addr fff00000c907eef0 by task kunit_try_catch/189
[   29.389997] 
[   29.390026] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.390127] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.390153] Hardware name: linux,dummy-virt (DT)
[   29.390207] Call trace:
[   29.390230]  show_stack+0x20/0x38 (C)
[   29.390279]  dump_stack_lvl+0x8c/0xd0
[   29.390324]  print_report+0x118/0x608
[   29.390370]  kasan_report+0xdc/0x128
[   29.390555]  __asan_report_store1_noabort+0x20/0x30
[   29.390686]  krealloc_more_oob_helper+0x5c0/0x678
[   29.390736]  krealloc_more_oob+0x20/0x38
[   29.390781]  kunit_try_run_case+0x170/0x3f0
[   29.390828]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.391090]  kthread+0x328/0x630
[   29.391190]  ret_from_fork+0x10/0x20
[   29.391289] 
[   29.391396] Allocated by task 189:
[   29.391458]  kasan_save_stack+0x3c/0x68
[   29.391539]  kasan_save_track+0x20/0x40
[   29.391576]  kasan_save_alloc_info+0x40/0x58
[   29.391614]  __kasan_krealloc+0x118/0x178
[   29.391670]  krealloc_noprof+0x128/0x360
[   29.391707]  krealloc_more_oob_helper+0x168/0x678
[   29.391747]  krealloc_more_oob+0x20/0x38
[   29.391782]  kunit_try_run_case+0x170/0x3f0
[   29.391819]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.391862]  kthread+0x328/0x630
[   29.391967]  ret_from_fork+0x10/0x20
[   29.392052] 
[   29.392071] The buggy address belongs to the object at fff00000c907ee00
[   29.392071]  which belongs to the cache kmalloc-256 of size 256
[   29.392167] The buggy address is located 5 bytes to the right of
[   29.392167]  allocated 235-byte region [fff00000c907ee00, fff00000c907eeeb)
[   29.392320] 
[   29.392399] The buggy address belongs to the physical page:
[   29.392446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e
[   29.392639] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.392844] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.392993] page_type: f5(slab)
[   29.393059] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.393178] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.393280] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.393340] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.393485] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff
[   29.393600] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.393732] page dumped because: kasan: bad access detected
[   29.393798] 
[   29.393815] Memory state around the buggy address:
[   29.394004]  fff00000c907ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.394069]  fff00000c907ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.394148] >fff00000c907ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.394278]                                                              ^
[   29.394332]  fff00000c907ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.394372]  fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.394419] ==================================================================
[   29.385205] ==================================================================
[   29.385308] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.385372] Write of size 1 at addr fff00000c907eeeb by task kunit_try_catch/189
[   29.385421] 
[   29.385565] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.385694] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.385857] Hardware name: linux,dummy-virt (DT)
[   29.385932] Call trace:
[   29.386012]  show_stack+0x20/0x38 (C)
[   29.386144]  dump_stack_lvl+0x8c/0xd0
[   29.386201]  print_report+0x118/0x608
[   29.386344]  kasan_report+0xdc/0x128
[   29.386436]  __asan_report_store1_noabort+0x20/0x30
[   29.386484]  krealloc_more_oob_helper+0x60c/0x678
[   29.386549]  krealloc_more_oob+0x20/0x38
[   29.386594]  kunit_try_run_case+0x170/0x3f0
[   29.386642]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.386694]  kthread+0x328/0x630
[   29.386851]  ret_from_fork+0x10/0x20
[   29.387131] 
[   29.387247] Allocated by task 189:
[   29.387325]  kasan_save_stack+0x3c/0x68
[   29.387431]  kasan_save_track+0x20/0x40
[   29.387498]  kasan_save_alloc_info+0x40/0x58
[   29.387533]  __kasan_krealloc+0x118/0x178
[   29.387570]  krealloc_noprof+0x128/0x360
[   29.387625]  krealloc_more_oob_helper+0x168/0x678
[   29.387665]  krealloc_more_oob+0x20/0x38
[   29.387720]  kunit_try_run_case+0x170/0x3f0
[   29.387885]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.387994]  kthread+0x328/0x630
[   29.388109]  ret_from_fork+0x10/0x20
[   29.388152] 
[   29.388171] The buggy address belongs to the object at fff00000c907ee00
[   29.388171]  which belongs to the cache kmalloc-256 of size 256
[   29.388228] The buggy address is located 0 bytes to the right of
[   29.388228]  allocated 235-byte region [fff00000c907ee00, fff00000c907eeeb)
[   29.388289] 
[   29.388327] The buggy address belongs to the physical page:
[   29.388359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c907ea00 pfn:0x10907e
[   29.388429] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.388482] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.388545] page_type: f5(slab)
[   29.388582] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.388631] raw: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.388679] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.388727] head: fff00000c907ea00 000000008010000f 00000000f5000000 0000000000000000
[   29.388774] head: 0bfffe0000000001 ffffc1ffc3241f81 00000000ffffffff 00000000ffffffff
[   29.388853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.388891] page dumped because: kasan: bad access detected
[   29.388929] 
[   29.388947] Memory state around the buggy address:
[   29.388977]  fff00000c907ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.389040]  fff00000c907ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.389096] >fff00000c907ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.389146]                                                           ^
[   29.389182]  fff00000c907ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.389222]  fff00000c907ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.389258] ==================================================================
[   29.458451] ==================================================================
[   29.458519] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.458573] Write of size 1 at addr fff00000c9a560eb by task kunit_try_catch/193
[   29.458665] 
[   29.458697] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT 
[   29.458830] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.460163] Hardware name: linux,dummy-virt (DT)
[   29.460451] Call trace:
[   29.460750]  show_stack+0x20/0x38 (C)
[   29.460844]  dump_stack_lvl+0x8c/0xd0
[   29.461312]  print_report+0x118/0x608
[   29.461436]  kasan_report+0xdc/0x128
[   29.461662]  __asan_report_store1_noabort+0x20/0x30
[   29.462062]  krealloc_more_oob_helper+0x60c/0x678
[   29.462123]  krealloc_large_more_oob+0x20/0x38
[   29.462171]  kunit_try_run_case+0x170/0x3f0
[   29.462482]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.462544]  kthread+0x328/0x630
[   29.462587]  ret_from_fork+0x10/0x20
[   29.462643] 
[   29.462664] The buggy address belongs to the physical page:
[   29.463015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.463295] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.463346] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.463398] page_type: f8(unknown)
[   29.463948] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.464044] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.464563] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.465014] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.465494] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.465840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.466180] page dumped because: kasan: bad access detected
[   29.466214] 
[   29.466233] Memory state around the buggy address:
[   29.466356]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.466403]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.466445] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.466582]                                                           ^
[   29.466626]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.467054]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.467276] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKilf5MKTJ7lMyJmtgN73Nko7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKilf5MKTJ7lMyJmtgN73Nko7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/Image.gz
sha256sum	4057f87f22aa3a0c494fa56ac397e1d4208c36e40a654cceb81a6ec11e19d6de

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKeZVJ6s8BxWIdIAcetHSV2vd/modules.tar.xz
sha256sum	4bc11cd26c298df52c7ec39846a2a9f44ea5a2eb53067e5bc4040ac2b938e942

durations

tests

boot	0
kunit	164.38

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.455958] ==================================================================
[   24.456970] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.457748] Write of size 1 at addr ffff88810099e0eb by task kunit_try_catch/205
[   24.458510] 
[   24.458738] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.458798] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.458813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.458840] Call Trace:
[   24.458855]  <TASK>
[   24.458900]  dump_stack_lvl+0x73/0xb0
[   24.458933]  print_report+0xd1/0x650
[   24.458960]  ? __virt_addr_valid+0x1db/0x2d0
[   24.458988]  ? krealloc_more_oob_helper+0x821/0x930
[   24.459013]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.459042]  ? krealloc_more_oob_helper+0x821/0x930
[   24.459068]  kasan_report+0x141/0x180
[   24.459092]  ? krealloc_more_oob_helper+0x821/0x930
[   24.459122]  __asan_report_store1_noabort+0x1b/0x30
[   24.459157]  krealloc_more_oob_helper+0x821/0x930
[   24.459181]  ? __schedule+0x10cc/0x2b60
[   24.459209]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.459236]  ? finish_task_switch.isra.0+0x153/0x700
[   24.459260]  ? __switch_to+0x47/0xf50
[   24.459291]  ? __schedule+0x10cc/0x2b60
[   24.459316]  ? __pfx_read_tsc+0x10/0x10
[   24.459344]  krealloc_more_oob+0x1c/0x30
[   24.459368]  kunit_try_run_case+0x1a5/0x480
[   24.459407]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.459433]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.459459]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.459486]  ? __kthread_parkme+0x82/0x180
[   24.459510]  ? preempt_count_sub+0x50/0x80
[   24.459535]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.459563]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.459590]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.459616]  kthread+0x337/0x6f0
[   24.459638]  ? trace_preempt_on+0x20/0xc0
[   24.459666]  ? __pfx_kthread+0x10/0x10
[   24.459689]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.459714]  ? calculate_sigpending+0x7b/0xa0
[   24.459741]  ? __pfx_kthread+0x10/0x10
[   24.459765]  ret_from_fork+0x116/0x1d0
[   24.459786]  ? __pfx_kthread+0x10/0x10
[   24.459809]  ret_from_fork_asm+0x1a/0x30
[   24.459844]  </TASK>
[   24.459859] 
[   24.471451] Allocated by task 205:
[   24.471660]  kasan_save_stack+0x45/0x70
[   24.471848]  kasan_save_track+0x18/0x40
[   24.472042]  kasan_save_alloc_info+0x3b/0x50
[   24.472207]  __kasan_krealloc+0x190/0x1f0
[   24.472365]  krealloc_noprof+0xf3/0x340
[   24.472544]  krealloc_more_oob_helper+0x1a9/0x930
[   24.472794]  krealloc_more_oob+0x1c/0x30
[   24.473009]  kunit_try_run_case+0x1a5/0x480
[   24.473251]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.473480]  kthread+0x337/0x6f0
[   24.473612]  ret_from_fork+0x116/0x1d0
[   24.473755]  ret_from_fork_asm+0x1a/0x30
[   24.473974] 
[   24.474207] The buggy address belongs to the object at ffff88810099e000
[   24.474207]  which belongs to the cache kmalloc-256 of size 256
[   24.474847] The buggy address is located 0 bytes to the right of
[   24.474847]  allocated 235-byte region [ffff88810099e000, ffff88810099e0eb)
[   24.476073] 
[   24.476180] The buggy address belongs to the physical page:
[   24.476383] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10099e
[   24.477363] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.477657] ksm flags: 0x200000000000040(head|node=0|zone=2)
[   24.478056] page_type: f5(slab)
[   24.478293] raw: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003
[   24.478641] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.479204] head: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003
[   24.479660] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.480168] head: 0200000000000001 ffffea0004026781 00000000ffffffff 00000000ffffffff
[   24.480675] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.481210] page dumped because: kasan: bad access detected
[   24.481557] 
[   24.481632] Memory state around the buggy address:
[   24.482333]  ffff88810099df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.483094]  ffff88810099e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.483410] >ffff88810099e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.484273]                                                           ^
[   24.484974]  ffff88810099e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.485814]  ffff88810099e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.486557] ==================================================================
[   24.669956] ==================================================================
[   24.670724] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.671175] Write of size 1 at addr ffff8881062c20f0 by task kunit_try_catch/209
[   24.671483] 
[   24.671600] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.671649] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.671663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.671685] Call Trace:
[   24.671699]  <TASK>
[   24.671716]  dump_stack_lvl+0x73/0xb0
[   24.671744]  print_report+0xd1/0x650
[   24.671769]  ? __virt_addr_valid+0x1db/0x2d0
[   24.671795]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.671821]  ? kasan_addr_to_slab+0x11/0xa0
[   24.671848]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.671874]  kasan_report+0x141/0x180
[   24.671898]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.671929]  __asan_report_store1_noabort+0x1b/0x30
[   24.671956]  krealloc_more_oob_helper+0x7eb/0x930
[   24.671980]  ? __schedule+0x10cc/0x2b60
[   24.672007]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.672033]  ? finish_task_switch.isra.0+0x153/0x700
[   24.672057]  ? __switch_to+0x47/0xf50
[   24.672085]  ? __schedule+0x10cc/0x2b60
[   24.672110]  ? __pfx_read_tsc+0x10/0x10
[   24.672138]  krealloc_large_more_oob+0x1c/0x30
[   24.672163]  kunit_try_run_case+0x1a5/0x480
[   24.672191]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.672217]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.672250]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.672279]  ? __kthread_parkme+0x82/0x180
[   24.672302]  ? preempt_count_sub+0x50/0x80
[   24.672327]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.672355]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.672382]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.672420]  kthread+0x337/0x6f0
[   24.672442]  ? trace_preempt_on+0x20/0xc0
[   24.672468]  ? __pfx_kthread+0x10/0x10
[   24.672491]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.672516]  ? calculate_sigpending+0x7b/0xa0
[   24.672543]  ? __pfx_kthread+0x10/0x10
[   24.672568]  ret_from_fork+0x116/0x1d0
[   24.672588]  ? __pfx_kthread+0x10/0x10
[   24.672611]  ret_from_fork_asm+0x1a/0x30
[   24.672646]  </TASK>
[   24.672659] 
[   24.680782] The buggy address belongs to the physical page:
[   24.680973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062c0
[   24.681234] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.682896] flags: 0x200000000000040(head|node=0|zone=2)
[   24.683559] page_type: f8(unknown)
[   24.684071] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.685136] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.685627] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.686836] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.687741] head: 0200000000000002 ffffea000418b001 00000000ffffffff 00000000ffffffff
[   24.688683] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.689253] page dumped because: kasan: bad access detected
[   24.689898] 
[   24.690343] Memory state around the buggy address:
[   24.691216]  ffff8881062c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.691745]  ffff8881062c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.692767] >ffff8881062c2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.693645]                                                              ^
[   24.694380]  ffff8881062c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.694641]  ffff8881062c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.695161] ==================================================================
[   24.487511] ==================================================================
[   24.487847] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.488376] Write of size 1 at addr ffff88810099e0f0 by task kunit_try_catch/205
[   24.488637] 
[   24.488755] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.488810] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.488825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.488849] Call Trace:
[   24.488868]  <TASK>
[   24.488888]  dump_stack_lvl+0x73/0xb0
[   24.488917]  print_report+0xd1/0x650
[   24.488941]  ? __virt_addr_valid+0x1db/0x2d0
[   24.488967]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.488992]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.489021]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.489046]  kasan_report+0x141/0x180
[   24.489070]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.489100]  __asan_report_store1_noabort+0x1b/0x30
[   24.489126]  krealloc_more_oob_helper+0x7eb/0x930
[   24.489149]  ? __schedule+0x10cc/0x2b60
[   24.489175]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.489588]  ? finish_task_switch.isra.0+0x153/0x700
[   24.489625]  ? __switch_to+0x47/0xf50
[   24.489655]  ? __schedule+0x10cc/0x2b60
[   24.489681]  ? __pfx_read_tsc+0x10/0x10
[   24.489708]  krealloc_more_oob+0x1c/0x30
[   24.489732]  kunit_try_run_case+0x1a5/0x480
[   24.489760]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.489785]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.489811]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.489837]  ? __kthread_parkme+0x82/0x180
[   24.489859]  ? preempt_count_sub+0x50/0x80
[   24.489883]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.489910]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.489937]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.489963]  kthread+0x337/0x6f0
[   24.489984]  ? trace_preempt_on+0x20/0xc0
[   24.490011]  ? __pfx_kthread+0x10/0x10
[   24.490033]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.490058]  ? calculate_sigpending+0x7b/0xa0
[   24.490084]  ? __pfx_kthread+0x10/0x10
[   24.490107]  ret_from_fork+0x116/0x1d0
[   24.490128]  ? __pfx_kthread+0x10/0x10
[   24.490150]  ret_from_fork_asm+0x1a/0x30
[   24.490184]  </TASK>
[   24.490197] 
[   24.498481] Allocated by task 205:
[   24.498672]  kasan_save_stack+0x45/0x70
[   24.498822]  kasan_save_track+0x18/0x40
[   24.499077]  kasan_save_alloc_info+0x3b/0x50
[   24.499227]  __kasan_krealloc+0x190/0x1f0
[   24.499367]  krealloc_noprof+0xf3/0x340
[   24.499775]  krealloc_more_oob_helper+0x1a9/0x930
[   24.500230]  krealloc_more_oob+0x1c/0x30
[   24.500405]  kunit_try_run_case+0x1a5/0x480
[   24.500558]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.500740]  kthread+0x337/0x6f0
[   24.500969]  ret_from_fork+0x116/0x1d0
[   24.501192]  ret_from_fork_asm+0x1a/0x30
[   24.501638] 
[   24.501740] The buggy address belongs to the object at ffff88810099e000
[   24.501740]  which belongs to the cache kmalloc-256 of size 256
[   24.502469] The buggy address is located 5 bytes to the right of
[   24.502469]  allocated 235-byte region [ffff88810099e000, ffff88810099e0eb)
[   24.503083] 
[   24.503159] The buggy address belongs to the physical page:
[   24.504429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10099e
[   24.504853] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.505669] ksm flags: 0x200000000000040(head|node=0|zone=2)
[   24.505883] page_type: f5(slab)
[   24.506016] raw: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003
[   24.506269] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.506656] head: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003
[   24.507956] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.508210] head: 0200000000000001 ffffea0004026781 00000000ffffffff 00000000ffffffff
[   24.508483] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.508721] page dumped because: kasan: bad access detected
[   24.508897] 
[   24.509033] Memory state around the buggy address:
[   24.509254]  ffff88810099df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.509568]  ffff88810099e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.509951] >ffff88810099e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.510430]                                                              ^
[   24.513214]  ffff88810099e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.513493]  ffff88810099e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.513760] ==================================================================
[   24.653126] ==================================================================
[   24.653743] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.654068] Write of size 1 at addr ffff8881062c20eb by task kunit_try_catch/209
[   24.654423] 
[   24.654528] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
[   24.654583] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.654596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.654620] Call Trace:
[   24.654635]  <TASK>
[   24.654655]  dump_stack_lvl+0x73/0xb0
[   24.654684]  print_report+0xd1/0x650
[   24.654709]  ? __virt_addr_valid+0x1db/0x2d0
[   24.654736]  ? krealloc_more_oob_helper+0x821/0x930
[   24.654760]  ? kasan_addr_to_slab+0x11/0xa0
[   24.654786]  ? krealloc_more_oob_helper+0x821/0x930
[   24.654811]  kasan_report+0x141/0x180
[   24.654834]  ? krealloc_more_oob_helper+0x821/0x930
[   24.654863]  __asan_report_store1_noabort+0x1b/0x30
[   24.654889]  krealloc_more_oob_helper+0x821/0x930
[   24.654913]  ? __schedule+0x10cc/0x2b60
[   24.654939]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.654964]  ? finish_task_switch.isra.0+0x153/0x700
[   24.654988]  ? __switch_to+0x47/0xf50
[   24.655016]  ? __schedule+0x10cc/0x2b60
[   24.655040]  ? __pfx_read_tsc+0x10/0x10
[   24.655067]  krealloc_large_more_oob+0x1c/0x30
[   24.655106]  kunit_try_run_case+0x1a5/0x480
[   24.655137]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.655161]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.655187]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.655213]  ? __kthread_parkme+0x82/0x180
[   24.655236]  ? preempt_count_sub+0x50/0x80
[   24.655261]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.655287]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.655313]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.655339]  kthread+0x337/0x6f0
[   24.655361]  ? trace_preempt_on+0x20/0xc0
[   24.655387]  ? __pfx_kthread+0x10/0x10
[   24.655421]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.655444]  ? calculate_sigpending+0x7b/0xa0
[   24.655470]  ? __pfx_kthread+0x10/0x10
[   24.655492]  ret_from_fork+0x116/0x1d0
[   24.655513]  ? __pfx_kthread+0x10/0x10
[   24.655536]  ret_from_fork_asm+0x1a/0x30
[   24.655569]  </TASK>
[   24.655583] 
[   24.663372] The buggy address belongs to the physical page:
[   24.663629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062c0
[   24.663968] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.664324] flags: 0x200000000000040(head|node=0|zone=2)
[   24.664562] page_type: f8(unknown)
[   24.664743] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.665142] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.665486] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.665796] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.666127] head: 0200000000000002 ffffea000418b001 00000000ffffffff 00000000ffffffff
[   24.666465] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.666741] page dumped because: kasan: bad access detected
[   24.666990] 
[   24.667099] Memory state around the buggy address:
[   24.667316]  ffff8881062c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.667587]  ffff8881062c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.667987] >ffff8881062c2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.668301]                                                           ^
[   24.668597]  ffff8881062c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.668896]  ffff8881062c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.669212] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zPKcyRCCcLXHTLmyDYDrnSncpa

job_id

TEST:linaro@lkft#2zPKjpyJJfb0RHWMDdUonKtpYX7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zPKjpyJJfb0RHWMDdUonKtpYX7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/bzImage
sha256sum	3f0d1ff177ab5ba3055e740ba2cf1227dc4607b95078e840d6a28e4500986f57

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zPKg4TX3WzyU2HDTsyrHFy4Y8u/modules.tar.xz
sha256sum	ead6c26eb094cd2228a8bb228bc9db0774422a83d6a7934109ba6612b5e4d45b

durations

tests

boot	0
kunit	260.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit