lkft/linux-next-master - next-20250708 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 8, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.988344] ==================================================================
[   30.988461] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.988670] Write of size 1 at addr fff00000c9a2a0eb by task kunit_try_catch/191
[   30.988884] 
[   30.988944] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.989114] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.989154] Hardware name: linux,dummy-virt (DT)
[   30.989186] Call trace:
[   30.989228]  show_stack+0x20/0x38 (C)
[   30.989298]  dump_stack_lvl+0x8c/0xd0
[   30.989387]  print_report+0x118/0x5d0
[   30.989511]  kasan_report+0xdc/0x128
[   30.989608]  __asan_report_store1_noabort+0x20/0x30
[   30.989664]  krealloc_more_oob_helper+0x60c/0x678
[   30.989861]  krealloc_large_more_oob+0x20/0x38
[   30.989915]  kunit_try_run_case+0x170/0x3f0
[   30.989965]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.990624]  kthread+0x328/0x630
[   30.990676]  ret_from_fork+0x10/0x20
[   30.991130] 
[   30.991678] The buggy address belongs to the physical page:
[   30.991964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a28
[   30.992347] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.992484] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.992545] page_type: f8(unknown)
[   30.992592] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.992644] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.993200] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.993911] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.994335] head: 0bfffe0000000002 ffffc1ffc3268a01 00000000ffffffff 00000000ffffffff
[   30.994930] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.995010] page dumped because: kasan: bad access detected
[   30.995042] 
[   30.995366] Memory state around the buggy address:
[   30.995752]  fff00000c9a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.996180]  fff00000c9a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.996911] >fff00000c9a2a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.996961]                                                           ^
[   30.997381]  fff00000c9a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.997595]  fff00000c9a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.998076] ==================================================================
[   30.943607] ==================================================================
[   30.943662] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.943714] Write of size 1 at addr fff00000c91e02eb by task kunit_try_catch/187
[   30.944048] 
[   30.944137] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.944237] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.944274] Hardware name: linux,dummy-virt (DT)
[   30.944304] Call trace:
[   30.944327]  show_stack+0x20/0x38 (C)
[   30.944385]  dump_stack_lvl+0x8c/0xd0
[   30.944432]  print_report+0x118/0x5d0
[   30.944478]  kasan_report+0xdc/0x128
[   30.944532]  __asan_report_store1_noabort+0x20/0x30
[   30.944619]  krealloc_more_oob_helper+0x60c/0x678
[   30.944683]  krealloc_more_oob+0x20/0x38
[   30.944729]  kunit_try_run_case+0x170/0x3f0
[   30.944779]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.944832]  kthread+0x328/0x630
[   30.944873]  ret_from_fork+0x10/0x20
[   30.945049] 
[   30.945096] Allocated by task 187:
[   30.945246]  kasan_save_stack+0x3c/0x68
[   30.945317]  kasan_save_track+0x20/0x40
[   30.945365]  kasan_save_alloc_info+0x40/0x58
[   30.945418]  __kasan_krealloc+0x118/0x178
[   30.945489]  krealloc_noprof+0x128/0x360
[   30.945608]  krealloc_more_oob_helper+0x168/0x678
[   30.945679]  krealloc_more_oob+0x20/0x38
[   30.945745]  kunit_try_run_case+0x170/0x3f0
[   30.945783]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.945839]  kthread+0x328/0x630
[   30.945900]  ret_from_fork+0x10/0x20
[   30.946033] 
[   30.946075] The buggy address belongs to the object at fff00000c91e0200
[   30.946075]  which belongs to the cache kmalloc-256 of size 256
[   30.946143] The buggy address is located 0 bytes to the right of
[   30.946143]  allocated 235-byte region [fff00000c91e0200, fff00000c91e02eb)
[   30.946404] 
[   30.946509] The buggy address belongs to the physical page:
[   30.946666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c91e0000 pfn:0x1091e0
[   30.946788] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.946869] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.946948] page_type: f5(slab)
[   30.947065] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.947133] raw: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.947227] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.947336] head: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.947413] head: 0bfffe0000000001 ffffc1ffc3247801 00000000ffffffff 00000000ffffffff
[   30.947461] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.947682] page dumped because: kasan: bad access detected
[   30.947849] 
[   30.947891] Memory state around the buggy address:
[   30.947997]  fff00000c91e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.948062]  fff00000c91e0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.948129] >fff00000c91e0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.948165]                                                           ^
[   30.948494]  fff00000c91e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.948632]  fff00000c91e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.948774] ==================================================================
[   31.003890] ==================================================================
[   31.003943] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   31.003996] Write of size 1 at addr fff00000c9a2a0f0 by task kunit_try_catch/191
[   31.004046] 
[   31.004077] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   31.004157] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.004183] Hardware name: linux,dummy-virt (DT)
[   31.004228] Call trace:
[   31.004250]  show_stack+0x20/0x38 (C)
[   31.004296]  dump_stack_lvl+0x8c/0xd0
[   31.004343]  print_report+0x118/0x5d0
[   31.004389]  kasan_report+0xdc/0x128
[   31.004435]  __asan_report_store1_noabort+0x20/0x30
[   31.004482]  krealloc_more_oob_helper+0x5c0/0x678
[   31.004530]  krealloc_large_more_oob+0x20/0x38
[   31.004592]  kunit_try_run_case+0x170/0x3f0
[   31.004640]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.004693]  kthread+0x328/0x630
[   31.004733]  ret_from_fork+0x10/0x20
[   31.004780] 
[   31.004799] The buggy address belongs to the physical page:
[   31.004829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a28
[   31.004880] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.004926] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.004977] page_type: f8(unknown)
[   31.005014] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.005062] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.005109] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.005156] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.005203] head: 0bfffe0000000002 ffffc1ffc3268a01 00000000ffffffff 00000000ffffffff
[   31.006436] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.006477] page dumped because: kasan: bad access detected
[   31.006508] 
[   31.006527] Memory state around the buggy address:
[   31.006558]  fff00000c9a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.006601]  fff00000c9a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.006732] >fff00000c9a2a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   31.007616]                                                              ^
[   31.007670]  fff00000c9a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.007715]  fff00000c9a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.007752] ==================================================================
[   30.949700] ==================================================================
[   30.949747] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.949794] Write of size 1 at addr fff00000c91e02f0 by task kunit_try_catch/187
[   30.949842] 
[   30.949870] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   30.950188] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.950240] Hardware name: linux,dummy-virt (DT)
[   30.950289] Call trace:
[   30.950345]  show_stack+0x20/0x38 (C)
[   30.950413]  dump_stack_lvl+0x8c/0xd0
[   30.950504]  print_report+0x118/0x5d0
[   30.950551]  kasan_report+0xdc/0x128
[   30.950597]  __asan_report_store1_noabort+0x20/0x30
[   30.950644]  krealloc_more_oob_helper+0x5c0/0x678
[   30.950700]  krealloc_more_oob+0x20/0x38
[   30.950767]  kunit_try_run_case+0x170/0x3f0
[   30.950826]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.950879]  kthread+0x328/0x630
[   30.950938]  ret_from_fork+0x10/0x20
[   30.951032] 
[   30.951050] Allocated by task 187:
[   30.951078]  kasan_save_stack+0x3c/0x68
[   30.951117]  kasan_save_track+0x20/0x40
[   30.951154]  kasan_save_alloc_info+0x40/0x58
[   30.951190]  __kasan_krealloc+0x118/0x178
[   30.951238]  krealloc_noprof+0x128/0x360
[   30.951380]  krealloc_more_oob_helper+0x168/0x678
[   30.951422]  krealloc_more_oob+0x20/0x38
[   30.951457]  kunit_try_run_case+0x170/0x3f0
[   30.951495]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.951658]  kthread+0x328/0x630
[   30.951703]  ret_from_fork+0x10/0x20
[   30.951796] 
[   30.951825] The buggy address belongs to the object at fff00000c91e0200
[   30.951825]  which belongs to the cache kmalloc-256 of size 256
[   30.951883] The buggy address is located 5 bytes to the right of
[   30.951883]  allocated 235-byte region [fff00000c91e0200, fff00000c91e02eb)
[   30.951956] 
[   30.951975] The buggy address belongs to the physical page:
[   30.952005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c91e0000 pfn:0x1091e0
[   30.952059] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.952105] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.952154] page_type: f5(slab)
[   30.952190] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.952249] raw: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.952297] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.952344] head: fff00000c91e0000 000000008010000f 00000000f5000000 0000000000000000
[   30.952391] head: 0bfffe0000000001 ffffc1ffc3247801 00000000ffffffff 00000000ffffffff
[   30.952437] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.952484] page dumped because: kasan: bad access detected
[   30.952522] 
[   30.952573] Memory state around the buggy address:
[   30.952608]  fff00000c91e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.952651]  fff00000c91e0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.952692] >fff00000c91e0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.952727]                                                              ^
[   30.952984]  fff00000c91e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.953049]  fff00000c91e0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.953104] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadI5o4clKZiIYYjTSUQR6tPrp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadI5o4clKZiIYYjTSUQR6tPrp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/Image.gz
sha256sum	1ceb4687a4dcb5a790d42769a050e5ac78ce871667067fed7f3e7960550875ba

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadEoX75GcVmVMiGSC6ULKasfH/modules.tar.xz
sha256sum	3f48606753fbd3c6f5640d868ed22ac5af7831da8fafeb95bd8b8818bbdbc1a9

durations

tests

boot	0
kunit	170.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.170816] ==================================================================
[   23.171147] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.171506] Write of size 1 at addr ffff88810631a0f0 by task kunit_try_catch/208
[   23.171749] 
[   23.171925] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.171975] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.171987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.172008] Call Trace:
[   23.172021]  <TASK>
[   23.172039]  dump_stack_lvl+0x73/0xb0
[   23.172069]  print_report+0xd1/0x610
[   23.172092]  ? __virt_addr_valid+0x1db/0x2d0
[   23.172117]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.172142]  ? kasan_addr_to_slab+0x11/0xa0
[   23.172162]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.172188]  kasan_report+0x141/0x180
[   23.172210]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.172252]  __asan_report_store1_noabort+0x1b/0x30
[   23.172280]  krealloc_more_oob_helper+0x7eb/0x930
[   23.172304]  ? __schedule+0x10cc/0x2b60
[   23.172333]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.172360]  ? __kasan_check_write+0x18/0x20
[   23.172386]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.172407]  ? irqentry_exit+0x2a/0x60
[   23.172428]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.172451]  ? trace_hardirqs_on+0x37/0xe0
[   23.172476]  ? __pfx_read_tsc+0x10/0x10
[   23.172504]  krealloc_large_more_oob+0x1c/0x30
[   23.172528]  kunit_try_run_case+0x1a5/0x480
[   23.172551]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.172573]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.172594]  ? __kthread_parkme+0x82/0x180
[   23.172616]  ? preempt_count_sub+0x50/0x80
[   23.172640]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.172662]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.172688]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.172715]  kthread+0x337/0x6f0
[   23.172736]  ? trace_preempt_on+0x20/0xc0
[   23.172817]  ? __pfx_kthread+0x10/0x10
[   23.172843]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.172870]  ? calculate_sigpending+0x7b/0xa0
[   23.172897]  ? __pfx_kthread+0x10/0x10
[   23.172921]  ret_from_fork+0x116/0x1d0
[   23.172946]  ? __pfx_kthread+0x10/0x10
[   23.172970]  ret_from_fork_asm+0x1a/0x30
[   23.173004]  </TASK>
[   23.173016] 
[   23.180470] The buggy address belongs to the physical page:
[   23.180651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106318
[   23.181000] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.181336] flags: 0x200000000000040(head|node=0|zone=2)
[   23.181909] page_type: f8(unknown)
[   23.182046] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.182285] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.182542] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.183070] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.183429] head: 0200000000000002 ffffea000418c601 00000000ffffffff 00000000ffffffff
[   23.183776] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.184165] page dumped because: kasan: bad access detected
[   23.184437] 
[   23.184503] Memory state around the buggy address:
[   23.184655]  ffff888106319f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.184863]  ffff88810631a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.185156] >ffff88810631a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.185477]                                                              ^
[   23.185777]  ffff88810631a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.186363]  ffff88810631a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.186582] ==================================================================
[   22.991024] ==================================================================
[   22.991523] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   22.992371] Write of size 1 at addr ffff888100a360f0 by task kunit_try_catch/204
[   22.992619] 
[   22.992728] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   22.992856] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.992870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.992892] Call Trace:
[   22.992907]  <TASK>
[   22.992925]  dump_stack_lvl+0x73/0xb0
[   22.992957]  print_report+0xd1/0x610
[   22.992980]  ? __virt_addr_valid+0x1db/0x2d0
[   22.993004]  ? krealloc_more_oob_helper+0x7eb/0x930
[   22.993028]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.993056]  ? krealloc_more_oob_helper+0x7eb/0x930
[   22.993081]  kasan_report+0x141/0x180
[   22.993103]  ? krealloc_more_oob_helper+0x7eb/0x930
[   22.993133]  __asan_report_store1_noabort+0x1b/0x30
[   22.993159]  krealloc_more_oob_helper+0x7eb/0x930
[   22.993183]  ? __schedule+0x10cc/0x2b60
[   22.993218]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.993256]  ? finish_task_switch.isra.0+0x153/0x700
[   22.993279]  ? __switch_to+0x47/0xf50
[   22.993307]  ? __schedule+0x10cc/0x2b60
[   22.993334]  ? __pfx_read_tsc+0x10/0x10
[   22.993362]  krealloc_more_oob+0x1c/0x30
[   22.993386]  kunit_try_run_case+0x1a5/0x480
[   22.993408]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.993428]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.993449]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.993478]  ? __kthread_parkme+0x82/0x180
[   22.993500]  ? preempt_count_sub+0x50/0x80
[   22.993523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.993544]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.993570]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.993597]  kthread+0x337/0x6f0
[   22.993618]  ? trace_preempt_on+0x20/0xc0
[   22.993643]  ? __pfx_kthread+0x10/0x10
[   22.993665]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.993692]  ? calculate_sigpending+0x7b/0xa0
[   22.993719]  ? __pfx_kthread+0x10/0x10
[   22.993742]  ret_from_fork+0x116/0x1d0
[   22.993761]  ? __pfx_kthread+0x10/0x10
[   22.994319]  ret_from_fork_asm+0x1a/0x30
[   22.994358]  </TASK>
[   22.994371] 
[   23.009746] Allocated by task 204:
[   23.010224]  kasan_save_stack+0x45/0x70
[   23.010522]  kasan_save_track+0x18/0x40
[   23.010657]  kasan_save_alloc_info+0x3b/0x50
[   23.010928]  __kasan_krealloc+0x190/0x1f0
[   23.011117]  krealloc_noprof+0xf3/0x340
[   23.011298]  krealloc_more_oob_helper+0x1a9/0x930
[   23.011500]  krealloc_more_oob+0x1c/0x30
[   23.011689]  kunit_try_run_case+0x1a5/0x480
[   23.011867]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.012529]  kthread+0x337/0x6f0
[   23.012687]  ret_from_fork+0x116/0x1d0
[   23.013256]  ret_from_fork_asm+0x1a/0x30
[   23.013439] 
[   23.013529] The buggy address belongs to the object at ffff888100a36000
[   23.013529]  which belongs to the cache kmalloc-256 of size 256
[   23.014146] The buggy address is located 5 bytes to the right of
[   23.014146]  allocated 235-byte region [ffff888100a36000, ffff888100a360eb)
[   23.014662] 
[   23.014752] The buggy address belongs to the physical page:
[   23.015396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   23.015736] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.016139] ksm flags: 0x200000000000040(head|node=0|zone=2)
[   23.016395] page_type: f5(slab)
[   23.016548] raw: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003
[   23.016858] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.017532] head: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003
[   23.018058] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.018407] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   23.018716] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.019190] page dumped because: kasan: bad access detected
[   23.019442] 
[   23.019514] Memory state around the buggy address:
[   23.019717]  ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.020107]  ffff888100a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.020420] >ffff888100a36080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.020703]                                                              ^
[   23.021096]  ffff888100a36100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.021402]  ffff888100a36180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.021685] ==================================================================
[   22.958659] ==================================================================
[   22.959700] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   22.960753] Write of size 1 at addr ffff888100a360eb by task kunit_try_catch/204
[   22.961387] 
[   22.961506] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   22.961564] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.961577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.961600] Call Trace:
[   22.961614]  <TASK>
[   22.961634]  dump_stack_lvl+0x73/0xb0
[   22.961667]  print_report+0xd1/0x610
[   22.961692]  ? __virt_addr_valid+0x1db/0x2d0
[   22.961717]  ? krealloc_more_oob_helper+0x821/0x930
[   22.961742]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.961981]  ? krealloc_more_oob_helper+0x821/0x930
[   22.962008]  kasan_report+0x141/0x180
[   22.962031]  ? krealloc_more_oob_helper+0x821/0x930
[   22.962105]  __asan_report_store1_noabort+0x1b/0x30
[   22.962135]  krealloc_more_oob_helper+0x821/0x930
[   22.962158]  ? __schedule+0x10cc/0x2b60
[   22.962188]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.962213]  ? finish_task_switch.isra.0+0x153/0x700
[   22.962248]  ? __switch_to+0x47/0xf50
[   22.962281]  ? __schedule+0x10cc/0x2b60
[   22.962308]  ? __pfx_read_tsc+0x10/0x10
[   22.962336]  krealloc_more_oob+0x1c/0x30
[   22.962360]  kunit_try_run_case+0x1a5/0x480
[   22.962383]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.962403]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.962424]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.962453]  ? __kthread_parkme+0x82/0x180
[   22.962473]  ? preempt_count_sub+0x50/0x80
[   22.962496]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.962518]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.962544]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.962571]  kthread+0x337/0x6f0
[   22.962592]  ? trace_preempt_on+0x20/0xc0
[   22.962617]  ? __pfx_kthread+0x10/0x10
[   22.962639]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.962667]  ? calculate_sigpending+0x7b/0xa0
[   22.962695]  ? __pfx_kthread+0x10/0x10
[   22.962718]  ret_from_fork+0x116/0x1d0
[   22.962737]  ? __pfx_kthread+0x10/0x10
[   22.962770]  ret_from_fork_asm+0x1a/0x30
[   22.962807]  </TASK>
[   22.962833] 
[   22.974852] Allocated by task 204:
[   22.975221]  kasan_save_stack+0x45/0x70
[   22.975458]  kasan_save_track+0x18/0x40
[   22.975631]  kasan_save_alloc_info+0x3b/0x50
[   22.976019]  __kasan_krealloc+0x190/0x1f0
[   22.976335]  krealloc_noprof+0xf3/0x340
[   22.976689]  krealloc_more_oob_helper+0x1a9/0x930
[   22.977038]  krealloc_more_oob+0x1c/0x30
[   22.977249]  kunit_try_run_case+0x1a5/0x480
[   22.977430]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.977657]  kthread+0x337/0x6f0
[   22.978061]  ret_from_fork+0x116/0x1d0
[   22.978357]  ret_from_fork_asm+0x1a/0x30
[   22.978657] 
[   22.978905] The buggy address belongs to the object at ffff888100a36000
[   22.978905]  which belongs to the cache kmalloc-256 of size 256
[   22.979575] The buggy address is located 0 bytes to the right of
[   22.979575]  allocated 235-byte region [ffff888100a36000, ffff888100a360eb)
[   22.980400] 
[   22.980498] The buggy address belongs to the physical page:
[   22.980880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   22.981366] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.981669] ksm flags: 0x200000000000040(head|node=0|zone=2)
[   22.982072] page_type: f5(slab)
[   22.982422] raw: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003
[   22.983142] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.983469] head: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003
[   22.983935] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.984438] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   22.985184] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.985552] page dumped because: kasan: bad access detected
[   22.985981] 
[   22.986080] Memory state around the buggy address:
[   22.986520]  ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.986983]  ffff888100a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.987289] >ffff888100a36080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.987576]                                                           ^
[   22.988114]  ffff888100a36100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.988595]  ffff888100a36180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.989326] ==================================================================
[   23.153099] ==================================================================
[   23.153585] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.153929] Write of size 1 at addr ffff88810631a0eb by task kunit_try_catch/208
[   23.154381] 
[   23.154692] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.154819] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.154835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.154858] Call Trace:
[   23.154874]  <TASK>
[   23.154895]  dump_stack_lvl+0x73/0xb0
[   23.154928]  print_report+0xd1/0x610
[   23.154953]  ? __virt_addr_valid+0x1db/0x2d0
[   23.154979]  ? krealloc_more_oob_helper+0x821/0x930
[   23.155004]  ? kasan_addr_to_slab+0x11/0xa0
[   23.155024]  ? krealloc_more_oob_helper+0x821/0x930
[   23.155049]  kasan_report+0x141/0x180
[   23.155072]  ? krealloc_more_oob_helper+0x821/0x930
[   23.155101]  __asan_report_store1_noabort+0x1b/0x30
[   23.155128]  krealloc_more_oob_helper+0x821/0x930
[   23.155152]  ? __schedule+0x10cc/0x2b60
[   23.155181]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.155208]  ? __kasan_check_write+0x18/0x20
[   23.155234]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.155270]  ? irqentry_exit+0x2a/0x60
[   23.155291]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.155314]  ? trace_hardirqs_on+0x37/0xe0
[   23.155339]  ? __pfx_read_tsc+0x10/0x10
[   23.155368]  krealloc_large_more_oob+0x1c/0x30
[   23.155393]  kunit_try_run_case+0x1a5/0x480
[   23.155417]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.155440]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.155461]  ? __kthread_parkme+0x82/0x180
[   23.155482]  ? preempt_count_sub+0x50/0x80
[   23.155507]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.155528]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.155556]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.155582]  kthread+0x337/0x6f0
[   23.155604]  ? trace_preempt_on+0x20/0xc0
[   23.155627]  ? __pfx_kthread+0x10/0x10
[   23.155649]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.155676]  ? calculate_sigpending+0x7b/0xa0
[   23.155704]  ? __pfx_kthread+0x10/0x10
[   23.155727]  ret_from_fork+0x116/0x1d0
[   23.155747]  ? __pfx_kthread+0x10/0x10
[   23.155782]  ret_from_fork_asm+0x1a/0x30
[   23.155854]  </TASK>
[   23.155869] 
[   23.163856] The buggy address belongs to the physical page:
[   23.164056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106318
[   23.164311] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.164641] flags: 0x200000000000040(head|node=0|zone=2)
[   23.165126] page_type: f8(unknown)
[   23.165335] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.165664] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.166090] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.166424] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.166679] head: 0200000000000002 ffffea000418c601 00000000ffffffff 00000000ffffffff
[   23.166902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.167162] page dumped because: kasan: bad access detected
[   23.167413] 
[   23.167499] Memory state around the buggy address:
[   23.168023]  ffff888106319f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.168394]  ffff88810631a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.168603] >ffff88810631a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.168808]                                                           ^
[   23.169462]  ffff88810631a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.169940]  ffff88810631a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.170294] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zadDcsZaTNoMt5NQDMjH9XXSjo

job_id

TEST:linaro@lkft#2zadJ2rDp4QF2EanzdxmWx6xbyw

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zadJ2rDp4QF2EanzdxmWx6xbyw

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/bzImage
sha256sum	d2e0f1ca9d9f79d7d3d3df8bfa6136f501414ea8fca61dd648f312b7af92ba7e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zadFlqHhTrd3zbaPMG0NfTHOqI/modules.tar.xz
sha256sum	ae1650227c5d0061093609bf5a55f56383843ed1e291a338f9fc46e881212983

durations

tests

boot	0
kunit	246.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit