lkft/linux-next-master - next-20250709 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 9, 2025, 1:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   29.125855] ==================================================================
[   29.125910] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.125962] Write of size 1 at addr fff00000c97e26eb by task kunit_try_catch/188
[   29.126255] 
[   29.126423] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.126688] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.126814] Hardware name: linux,dummy-virt (DT)
[   29.126856] Call trace:
[   29.126885]  show_stack+0x20/0x38 (C)
[   29.127078]  dump_stack_lvl+0x8c/0xd0
[   29.127128]  print_report+0x118/0x5d0
[   29.127170]  kasan_report+0xdc/0x128
[   29.127212]  __asan_report_store1_noabort+0x20/0x30
[   29.127259]  krealloc_more_oob_helper+0x60c/0x678
[   29.128016]  krealloc_more_oob+0x20/0x38
[   29.128080]  kunit_try_run_case+0x170/0x3f0
[   29.128130]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.128183]  kthread+0x328/0x630
[   29.128376]  ret_from_fork+0x10/0x20
[   29.128495] 
[   29.128555] Allocated by task 188:
[   29.128586]  kasan_save_stack+0x3c/0x68
[   29.128637]  kasan_save_track+0x20/0x40
[   29.128750]  kasan_save_alloc_info+0x40/0x58
[   29.128786]  __kasan_krealloc+0x118/0x178
[   29.128823]  krealloc_noprof+0x128/0x360
[   29.128861]  krealloc_more_oob_helper+0x168/0x678
[   29.129158]  krealloc_more_oob+0x20/0x38
[   29.129230]  kunit_try_run_case+0x170/0x3f0
[   29.129309]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.129352]  kthread+0x328/0x630
[   29.129571]  ret_from_fork+0x10/0x20
[   29.129606] 
[   29.129626] The buggy address belongs to the object at fff00000c97e2600
[   29.129626]  which belongs to the cache kmalloc-256 of size 256
[   29.129822] The buggy address is located 0 bytes to the right of
[   29.129822]  allocated 235-byte region [fff00000c97e2600, fff00000c97e26eb)
[   29.130187] 
[   29.130280] The buggy address belongs to the physical page:
[   29.130314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2
[   29.130397] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.130616] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.130681] page_type: f5(slab)
[   29.130779] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.130914] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.131013] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.131319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.131606] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff
[   29.131878] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.132129] page dumped because: kasan: bad access detected
[   29.132163] 
[   29.132182] Memory state around the buggy address:
[   29.132214]  fff00000c97e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.132257]  fff00000c97e2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.132297] >fff00000c97e2680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.132333]                                                           ^
[   29.132594]  fff00000c97e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.132663]  fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.132700] ==================================================================
[   29.195168] ==================================================================
[   29.195221] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.195274] Write of size 1 at addr fff00000c9b020eb by task kunit_try_catch/192
[   29.199142] 
[   29.199696] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.199784] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.199811] Hardware name: linux,dummy-virt (DT)
[   29.200729] Call trace:
[   29.202390]  show_stack+0x20/0x38 (C)
[   29.202895]  dump_stack_lvl+0x8c/0xd0
[   29.203555]  print_report+0x118/0x5d0
[   29.204166]  kasan_report+0xdc/0x128
[   29.204226]  __asan_report_store1_noabort+0x20/0x30
[   29.204869]  krealloc_more_oob_helper+0x60c/0x678
[   29.205554]  krealloc_large_more_oob+0x20/0x38
[   29.205984]  kunit_try_run_case+0x170/0x3f0
[   29.206539]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.207168]  kthread+0x328/0x630
[   29.207458]  ret_from_fork+0x10/0x20
[   29.208289] 
[   29.208804] The buggy address belongs to the physical page:
[   29.208877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00
[   29.209368] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.209488] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.210181] page_type: f8(unknown)
[   29.210416] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.210769] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.211166] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.211763] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.212131] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff
[   29.212325] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.212451] page dumped because: kasan: bad access detected
[   29.213023] 
[   29.213046] Memory state around the buggy address:
[   29.213388]  fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.213437]  fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.213479] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.213515]                                                           ^
[   29.213961]  fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.214100]  fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.214140] ==================================================================
[   29.215609] ==================================================================
[   29.215721] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.215774] Write of size 1 at addr fff00000c9b020f0 by task kunit_try_catch/192
[   29.215822] 
[   29.215852] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.215983] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.216037] Hardware name: linux,dummy-virt (DT)
[   29.216087] Call trace:
[   29.216109]  show_stack+0x20/0x38 (C)
[   29.216172]  dump_stack_lvl+0x8c/0xd0
[   29.216230]  print_report+0x118/0x5d0
[   29.216275]  kasan_report+0xdc/0x128
[   29.216328]  __asan_report_store1_noabort+0x20/0x30
[   29.216519]  krealloc_more_oob_helper+0x5c0/0x678
[   29.216615]  krealloc_large_more_oob+0x20/0x38
[   29.216666]  kunit_try_run_case+0x170/0x3f0
[   29.216716]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.216770]  kthread+0x328/0x630
[   29.216812]  ret_from_fork+0x10/0x20
[   29.216860] 
[   29.216886] The buggy address belongs to the physical page:
[   29.217026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b00
[   29.217102] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.217148] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.217198] page_type: f8(unknown)
[   29.217313] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.217362] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.217411] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.217458] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.217505] head: 0bfffe0000000002 ffffc1ffc326c001 00000000ffffffff 00000000ffffffff
[   29.217628] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.217779] page dumped because: kasan: bad access detected
[   29.217809] 
[   29.217826] Memory state around the buggy address:
[   29.217855]  fff00000c9b01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.217896]  fff00000c9b02000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.217971] >fff00000c9b02080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.218007]                                                              ^
[   29.218045]  fff00000c9b02100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.218094]  fff00000c9b02180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.218130] ==================================================================
[   29.134822] ==================================================================
[   29.134869] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.134919] Write of size 1 at addr fff00000c97e26f0 by task kunit_try_catch/188
[   29.135206] 
[   29.135423] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250709 #1 PREEMPT 
[   29.135912] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.135962] Hardware name: linux,dummy-virt (DT)
[   29.136030] Call trace:
[   29.136146]  show_stack+0x20/0x38 (C)
[   29.136285]  dump_stack_lvl+0x8c/0xd0
[   29.136381]  print_report+0x118/0x5d0
[   29.136425]  kasan_report+0xdc/0x128
[   29.136523]  __asan_report_store1_noabort+0x20/0x30
[   29.136571]  krealloc_more_oob_helper+0x5c0/0x678
[   29.136640]  krealloc_more_oob+0x20/0x38
[   29.136854]  kunit_try_run_case+0x170/0x3f0
[   29.136904]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.137071]  kthread+0x328/0x630
[   29.137119]  ret_from_fork+0x10/0x20
[   29.137219] 
[   29.137313] Allocated by task 188:
[   29.137381]  kasan_save_stack+0x3c/0x68
[   29.137468]  kasan_save_track+0x20/0x40
[   29.137506]  kasan_save_alloc_info+0x40/0x58
[   29.137542]  __kasan_krealloc+0x118/0x178
[   29.137579]  krealloc_noprof+0x128/0x360
[   29.137643]  krealloc_more_oob_helper+0x168/0x678
[   29.137802]  krealloc_more_oob+0x20/0x38
[   29.137838]  kunit_try_run_case+0x170/0x3f0
[   29.137876]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.137918]  kthread+0x328/0x630
[   29.137949]  ret_from_fork+0x10/0x20
[   29.137983] 
[   29.138002] The buggy address belongs to the object at fff00000c97e2600
[   29.138002]  which belongs to the cache kmalloc-256 of size 256
[   29.138067] The buggy address is located 5 bytes to the right of
[   29.138067]  allocated 235-byte region [fff00000c97e2600, fff00000c97e26eb)
[   29.138128] 
[   29.138147] The buggy address belongs to the physical page:
[   29.138178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1097e2
[   29.138227] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.138317] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.138498] page_type: f5(slab)
[   29.138803] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.138958] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.139307] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.139811] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.140003] head: 0bfffe0000000001 ffffc1ffc325f881 00000000ffffffff 00000000ffffffff
[   29.140067] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.140107] page dumped because: kasan: bad access detected
[   29.140137] 
[   29.140155] Memory state around the buggy address:
[   29.140185]  fff00000c97e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.140225]  fff00000c97e2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.140265] >fff00000c97e2680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.140301]                                                              ^
[   29.140517]  fff00000c97e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.140622]  fff00000c97e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.140691] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdghTlh69PR1QDjNegFtBHq55A

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdghTlh69PR1QDjNegFtBHq55A

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/Image.gz
sha256sum	9f5eee9957545548ea4e1a38f001ee4d49216581a9ba43dfa3ccfa9e44a80665

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgdlpB9JiVBKeSwABXYd80ypl/modules.tar.xz
sha256sum	a00a8fd80d7c3e7553673b7b34ffa080501292edf8c4877ba00c110d5f08ed8f

durations

tests

boot	0
kunit	163.99

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.733591] ==================================================================
[   23.734880] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.735540] Write of size 1 at addr ffff888103d33ceb by task kunit_try_catch/206
[   23.735966] 
[   23.736082] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.736137] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.736151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.736174] Call Trace:
[   23.736187]  <TASK>
[   23.736207]  dump_stack_lvl+0x73/0xb0
[   23.736240]  print_report+0xd1/0x610
[   23.736265]  ? __virt_addr_valid+0x1db/0x2d0
[   23.736290]  ? krealloc_more_oob_helper+0x821/0x930
[   23.736312]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.736337]  ? krealloc_more_oob_helper+0x821/0x930
[   23.736421]  kasan_report+0x141/0x180
[   23.736452]  ? krealloc_more_oob_helper+0x821/0x930
[   23.736480]  __asan_report_store1_noabort+0x1b/0x30
[   23.736504]  krealloc_more_oob_helper+0x821/0x930
[   23.736526]  ? __schedule+0x10cc/0x2b60
[   23.736549]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.736574]  ? finish_task_switch.isra.0+0x153/0x700
[   23.736596]  ? __switch_to+0x47/0xf80
[   23.736623]  ? __schedule+0x10cc/0x2b60
[   23.736645]  ? __pfx_read_tsc+0x10/0x10
[   23.736670]  krealloc_more_oob+0x1c/0x30
[   23.736691]  kunit_try_run_case+0x1a5/0x480
[   23.736727]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.736747]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.736771]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.736804]  ? __kthread_parkme+0x82/0x180
[   23.736824]  ? preempt_count_sub+0x50/0x80
[   23.736847]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.736868]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.736933]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.736959]  kthread+0x337/0x6f0
[   23.736978]  ? trace_preempt_on+0x20/0xc0
[   23.737001]  ? __pfx_kthread+0x10/0x10
[   23.737021]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.737043]  ? calculate_sigpending+0x7b/0xa0
[   23.737067]  ? __pfx_kthread+0x10/0x10
[   23.737088]  ret_from_fork+0x116/0x1d0
[   23.737107]  ? __pfx_kthread+0x10/0x10
[   23.737127]  ret_from_fork_asm+0x1a/0x30
[   23.737159]  </TASK>
[   23.737171] 
[   23.747798] Allocated by task 206:
[   23.748281]  kasan_save_stack+0x45/0x70
[   23.748565]  kasan_save_track+0x18/0x40
[   23.748754]  kasan_save_alloc_info+0x3b/0x50
[   23.749179]  __kasan_krealloc+0x190/0x1f0
[   23.749346]  krealloc_noprof+0xf3/0x340
[   23.749685]  krealloc_more_oob_helper+0x1a9/0x930
[   23.750036]  krealloc_more_oob+0x1c/0x30
[   23.750216]  kunit_try_run_case+0x1a5/0x480
[   23.750404]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.750632]  kthread+0x337/0x6f0
[   23.750788]  ret_from_fork+0x116/0x1d0
[   23.751364]  ret_from_fork_asm+0x1a/0x30
[   23.751517] 
[   23.751765] The buggy address belongs to the object at ffff888103d33c00
[   23.751765]  which belongs to the cache kmalloc-256 of size 256
[   23.752459] The buggy address is located 0 bytes to the right of
[   23.752459]  allocated 235-byte region [ffff888103d33c00, ffff888103d33ceb)
[   23.753163] 
[   23.753270] The buggy address belongs to the physical page:
[   23.753519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d32
[   23.753866] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.754439] flags: 0x200000000000040(head|node=0|zone=2)
[   23.754668] page_type: f5(slab)
[   23.755036] raw: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004
[   23.755457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.755850] head: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004
[   23.756303] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.756612] head: 0200000000000001 ffffea00040f4c81 00000000ffffffff 00000000ffffffff
[   23.757176] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.757555] page dumped because: kasan: bad access detected
[   23.757808] 
[   23.758018] Memory state around the buggy address:
[   23.758482]  ffff888103d33b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.758868]  ffff888103d33c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.759276] >ffff888103d33c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.759569]                                                           ^
[   23.760103]  ffff888103d33d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.760421]  ffff888103d33d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.760763] ==================================================================
[   23.924142] ==================================================================
[   23.924477] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.924782] Write of size 1 at addr ffff88810621a0f0 by task kunit_try_catch/210
[   23.925029] 
[   23.925112] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.925161] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.925174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.925196] Call Trace:
[   23.925213]  <TASK>
[   23.925231]  dump_stack_lvl+0x73/0xb0
[   23.925263]  print_report+0xd1/0x610
[   23.925284]  ? __virt_addr_valid+0x1db/0x2d0
[   23.925308]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.925331]  ? kasan_addr_to_slab+0x11/0xa0
[   23.925351]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.925374]  kasan_report+0x141/0x180
[   23.925395]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.925422]  __asan_report_store1_noabort+0x1b/0x30
[   23.925445]  krealloc_more_oob_helper+0x7eb/0x930
[   23.925466]  ? __schedule+0x10cc/0x2b60
[   23.925489]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.925513]  ? __kasan_check_write+0x18/0x20
[   23.925535]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.925558]  ? irqentry_exit+0x2a/0x60
[   23.925579]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.925602]  ? trace_hardirqs_on+0x37/0xe0
[   23.925625]  ? __pfx_read_tsc+0x10/0x10
[   23.925649]  krealloc_large_more_oob+0x1c/0x30
[   23.925671]  kunit_try_run_case+0x1a5/0x480
[   23.925703]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.925725]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.926284]  ? __kthread_parkme+0x82/0x180
[   23.926364]  ? preempt_count_sub+0x50/0x80
[   23.926390]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.926413]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.926498]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.926526]  kthread+0x337/0x6f0
[   23.926546]  ? trace_preempt_on+0x20/0xc0
[   23.926568]  ? __pfx_kthread+0x10/0x10
[   23.926588]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.926609]  ? calculate_sigpending+0x7b/0xa0
[   23.926632]  ? __pfx_kthread+0x10/0x10
[   23.926810]  ret_from_fork+0x116/0x1d0
[   23.926831]  ? __pfx_kthread+0x10/0x10
[   23.926852]  ret_from_fork_asm+0x1a/0x30
[   23.926901]  </TASK>
[   23.926915] 
[   23.937411] The buggy address belongs to the physical page:
[   23.938012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106218
[   23.938426] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.938755] flags: 0x200000000000040(head|node=0|zone=2)
[   23.939156] page_type: f8(unknown)
[   23.939329] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.939644] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.940183] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.940583] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.941171] head: 0200000000000002 ffffea0004188601 00000000ffffffff 00000000ffffffff
[   23.941467] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.942019] page dumped because: kasan: bad access detected
[   23.942210] 
[   23.942453] Memory state around the buggy address:
[   23.942654]  ffff888106219f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.943205]  ffff88810621a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.943579] >ffff88810621a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.943983]                                                              ^
[   23.944363]  ffff88810621a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.944726]  ffff88810621a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.945214] ==================================================================
[   23.762017] ==================================================================
[   23.762335] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.762741] Write of size 1 at addr ffff888103d33cf0 by task kunit_try_catch/206
[   23.763177] 
[   23.763288] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.763336] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.763349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.763370] Call Trace:
[   23.763383]  <TASK>
[   23.763401]  dump_stack_lvl+0x73/0xb0
[   23.763431]  print_report+0xd1/0x610
[   23.763452]  ? __virt_addr_valid+0x1db/0x2d0
[   23.763476]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.763498]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.763523]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.763546]  kasan_report+0x141/0x180
[   23.763567]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.763594]  __asan_report_store1_noabort+0x1b/0x30
[   23.763617]  krealloc_more_oob_helper+0x7eb/0x930
[   23.763639]  ? __schedule+0x10cc/0x2b60
[   23.763662]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.763684]  ? finish_task_switch.isra.0+0x153/0x700
[   23.763719]  ? __switch_to+0x47/0xf80
[   23.763745]  ? __schedule+0x10cc/0x2b60
[   23.763766]  ? __pfx_read_tsc+0x10/0x10
[   23.763801]  krealloc_more_oob+0x1c/0x30
[   23.763827]  kunit_try_run_case+0x1a5/0x480
[   23.763849]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.763868]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.763891]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.763914]  ? __kthread_parkme+0x82/0x180
[   23.763934]  ? preempt_count_sub+0x50/0x80
[   23.764032]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.764054]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.764079]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.764103]  kthread+0x337/0x6f0
[   23.764122]  ? trace_preempt_on+0x20/0xc0
[   23.764145]  ? __pfx_kthread+0x10/0x10
[   23.764165]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.764187]  ? calculate_sigpending+0x7b/0xa0
[   23.764210]  ? __pfx_kthread+0x10/0x10
[   23.764231]  ret_from_fork+0x116/0x1d0
[   23.764250]  ? __pfx_kthread+0x10/0x10
[   23.764270]  ret_from_fork_asm+0x1a/0x30
[   23.764300]  </TASK>
[   23.764311] 
[   23.772151] Allocated by task 206:
[   23.772311]  kasan_save_stack+0x45/0x70
[   23.772490]  kasan_save_track+0x18/0x40
[   23.772651]  kasan_save_alloc_info+0x3b/0x50
[   23.772936]  __kasan_krealloc+0x190/0x1f0
[   23.773110]  krealloc_noprof+0xf3/0x340
[   23.773294]  krealloc_more_oob_helper+0x1a9/0x930
[   23.773478]  krealloc_more_oob+0x1c/0x30
[   23.773656]  kunit_try_run_case+0x1a5/0x480
[   23.773866]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.774127]  kthread+0x337/0x6f0
[   23.774242]  ret_from_fork+0x116/0x1d0
[   23.774365]  ret_from_fork_asm+0x1a/0x30
[   23.774495] 
[   23.774560] The buggy address belongs to the object at ffff888103d33c00
[   23.774560]  which belongs to the cache kmalloc-256 of size 256
[   23.775079] The buggy address is located 5 bytes to the right of
[   23.775079]  allocated 235-byte region [ffff888103d33c00, ffff888103d33ceb)
[   23.775606] 
[   23.775672] The buggy address belongs to the physical page:
[   23.776087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d32
[   23.776503] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.776784] flags: 0x200000000000040(head|node=0|zone=2)
[   23.776955] page_type: f5(slab)
[   23.777069] raw: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004
[   23.777467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.777827] head: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004
[   23.778172] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.778494] head: 0200000000000001 ffffea00040f4c81 00000000ffffffff 00000000ffffffff
[   23.779025] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.779310] page dumped because: kasan: bad access detected
[   23.779494] 
[   23.779559] Memory state around the buggy address:
[   23.779790]  ffff888103d33b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.780146]  ffff888103d33c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.780353] >ffff888103d33c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.780819]                                                              ^
[   23.781213]  ffff888103d33d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.781491]  ffff888103d33d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.781707] ==================================================================
[   23.901166] ==================================================================
[   23.901610] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.902003] Write of size 1 at addr ffff88810621a0eb by task kunit_try_catch/210
[   23.902282] 
[   23.902375] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) 
[   23.902428] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   23.902441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.902463] Call Trace:
[   23.902477]  <TASK>
[   23.902497]  dump_stack_lvl+0x73/0xb0
[   23.902530]  print_report+0xd1/0x610
[   23.902553]  ? __virt_addr_valid+0x1db/0x2d0
[   23.902577]  ? krealloc_more_oob_helper+0x821/0x930
[   23.902600]  ? kasan_addr_to_slab+0x11/0xa0
[   23.902619]  ? krealloc_more_oob_helper+0x821/0x930
[   23.902642]  kasan_report+0x141/0x180
[   23.902664]  ? krealloc_more_oob_helper+0x821/0x930
[   23.902705]  __asan_report_store1_noabort+0x1b/0x30
[   23.902730]  krealloc_more_oob_helper+0x821/0x930
[   23.902752]  ? __schedule+0x10cc/0x2b60
[   23.902776]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.903187]  ? __kasan_check_write+0x18/0x20
[   23.903213]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.903237]  ? irqentry_exit+0x2a/0x60
[   23.903260]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   23.903284]  ? trace_hardirqs_on+0x37/0xe0
[   23.903308]  ? __pfx_read_tsc+0x10/0x10
[   23.903333]  krealloc_large_more_oob+0x1c/0x30
[   23.903356]  kunit_try_run_case+0x1a5/0x480
[   23.903379]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.903400]  ? queued_spin_lock_slowpath+0x116/0xb40
[   23.903423]  ? __kthread_parkme+0x82/0x180
[   23.903444]  ? preempt_count_sub+0x50/0x80
[   23.903468]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.903489]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.903514]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.903538]  kthread+0x337/0x6f0
[   23.903558]  ? trace_preempt_on+0x20/0xc0
[   23.903580]  ? __pfx_kthread+0x10/0x10
[   23.903600]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.903621]  ? calculate_sigpending+0x7b/0xa0
[   23.903645]  ? __pfx_kthread+0x10/0x10
[   23.903666]  ret_from_fork+0x116/0x1d0
[   23.903685]  ? __pfx_kthread+0x10/0x10
[   23.903719]  ret_from_fork_asm+0x1a/0x30
[   23.903750]  </TASK>
[   23.903762] 
[   23.911469] The buggy address belongs to the physical page:
[   23.911738] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106218
[   23.912169] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.912502] flags: 0x200000000000040(head|node=0|zone=2)
[   23.912682] page_type: f8(unknown)
[   23.912944] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.913284] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.913583] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.914117] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.914356] head: 0200000000000002 ffffea0004188601 00000000ffffffff 00000000ffffffff
[   23.915811] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.916991] page dumped because: kasan: bad access detected
[   23.917375] 
[   23.918678] Memory state around the buggy address:
[   23.918877]  ffff888106219f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.920468]  ffff88810621a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.921345] >ffff88810621a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.921853]                                                           ^
[   23.922999]  ffff88810621a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.923242]  ffff88810621a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.923495] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zdgcq9j1ujmXwxUxAtmoX2JeBw

job_id

TEST:linaro@lkft#2zdgiR4lYmFolv6VtPNpXUv6c4T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdgiR4lYmFolv6VtPNpXUv6c4T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/bzImage
sha256sum	f7e62367d136756fd78b141e5190ae396942c5b5fabd4fda00971c136430b59f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdgeyu2bhhwOi5HT3qnlyin7Ms/modules.tar.xz
sha256sum	4b09f4cdde291b6f441ef91e7389f5ff9bff86967f27fcee3276d7367dea1cc6

durations

tests

boot	0
kunit	223.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit