lkft/linux-next-master - next-20250710 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 10, 2025, 9:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.363701] ==================================================================
[   29.363750] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.363797] Write of size 1 at addr fff00000c83c98f0 by task kunit_try_catch/187
[   29.363846] 
[   29.363875] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.363957] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.363983] Hardware name: linux,dummy-virt (DT)
[   29.364012] Call trace:
[   29.364032]  show_stack+0x20/0x38 (C)
[   29.364077]  dump_stack_lvl+0x8c/0xd0
[   29.364121]  print_report+0x118/0x5d0
[   29.364176]  kasan_report+0xdc/0x128
[   29.364259]  __asan_report_store1_noabort+0x20/0x30
[   29.364369]  krealloc_more_oob_helper+0x5c0/0x678
[   29.364419]  krealloc_more_oob+0x20/0x38
[   29.364464]  kunit_try_run_case+0x170/0x3f0
[   29.364511]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.364572]  kthread+0x328/0x630
[   29.364624]  ret_from_fork+0x10/0x20
[   29.364671] 
[   29.364688] Allocated by task 187:
[   29.364725]  kasan_save_stack+0x3c/0x68
[   29.364771]  kasan_save_track+0x20/0x40
[   29.364808]  kasan_save_alloc_info+0x40/0x58
[   29.364866]  __kasan_krealloc+0x118/0x178
[   29.364904]  krealloc_noprof+0x128/0x360
[   29.364947]  krealloc_more_oob_helper+0x168/0x678
[   29.365031]  krealloc_more_oob+0x20/0x38
[   29.365172]  kunit_try_run_case+0x170/0x3f0
[   29.365227]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.365299]  kthread+0x328/0x630
[   29.365375]  ret_from_fork+0x10/0x20
[   29.365409] 
[   29.365427] The buggy address belongs to the object at fff00000c83c9800
[   29.365427]  which belongs to the cache kmalloc-256 of size 256
[   29.365483] The buggy address is located 5 bytes to the right of
[   29.365483]  allocated 235-byte region [fff00000c83c9800, fff00000c83c98eb)
[   29.365557] 
[   29.365587] The buggy address belongs to the physical page:
[   29.365617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083c8
[   29.365686] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.365874] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.365931] page_type: f5(slab)
[   29.366028] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.366110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.366268] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.366377] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.366427] head: 0bfffe0000000001 ffffc1ffc320f201 00000000ffffffff 00000000ffffffff
[   29.366476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.366515] page dumped because: kasan: bad access detected
[   29.366552] 
[   29.366626] Memory state around the buggy address:
[   29.366673]  fff00000c83c9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.366728]  fff00000c83c9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.366770] >fff00000c83c9880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.366808]                                                              ^
[   29.366846]  fff00000c83c9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.366888]  fff00000c83c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.366926] ==================================================================
[   29.405437] ==================================================================
[   29.405506] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.405556] Write of size 1 at addr fff00000c9a560f0 by task kunit_try_catch/191
[   29.405627] 
[   29.405655] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.405913] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.405967] Hardware name: linux,dummy-virt (DT)
[   29.405997] Call trace:
[   29.406031]  show_stack+0x20/0x38 (C)
[   29.406084]  dump_stack_lvl+0x8c/0xd0
[   29.406185]  print_report+0x118/0x5d0
[   29.406319]  kasan_report+0xdc/0x128
[   29.406368]  __asan_report_store1_noabort+0x20/0x30
[   29.406417]  krealloc_more_oob_helper+0x5c0/0x678
[   29.406465]  krealloc_large_more_oob+0x20/0x38
[   29.406512]  kunit_try_run_case+0x170/0x3f0
[   29.406558]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.406611]  kthread+0x328/0x630
[   29.406651]  ret_from_fork+0x10/0x20
[   29.406698] 
[   29.406726] The buggy address belongs to the physical page:
[   29.406757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.406808] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.406854] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.406903] page_type: f8(unknown)
[   29.406949] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.406999] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.407059] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.407108] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.407168] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.407263] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.407349] page dumped because: kasan: bad access detected
[   29.407385] 
[   29.407430] Memory state around the buggy address:
[   29.407523]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.407566]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.407608] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.407655]                                                              ^
[   29.407693]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.407735]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.407782] ==================================================================
[   29.401654] ==================================================================
[   29.401709] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.401765] Write of size 1 at addr fff00000c9a560eb by task kunit_try_catch/191
[   29.401816] 
[   29.401847] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.401933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.401959] Hardware name: linux,dummy-virt (DT)
[   29.401989] Call trace:
[   29.402019]  show_stack+0x20/0x38 (C)
[   29.402612]  dump_stack_lvl+0x8c/0xd0
[   29.402721]  print_report+0x118/0x5d0
[   29.402792]  kasan_report+0xdc/0x128
[   29.402833]  __asan_report_store1_noabort+0x20/0x30
[   29.402881]  krealloc_more_oob_helper+0x60c/0x678
[   29.402930]  krealloc_large_more_oob+0x20/0x38
[   29.402977]  kunit_try_run_case+0x170/0x3f0
[   29.403025]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.403078]  kthread+0x328/0x630
[   29.403121]  ret_from_fork+0x10/0x20
[   29.403176] 
[   29.403195] The buggy address belongs to the physical page:
[   29.403226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.403281] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.403345] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.403551] page_type: f8(unknown)
[   29.403598] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.403784] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.403848] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.403980] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.404058] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.404173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.404214] page dumped because: kasan: bad access detected
[   29.404332] 
[   29.404349] Memory state around the buggy address:
[   29.404380]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.404461]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.404647] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.404691]                                                           ^
[   29.404842]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.404923]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.404962] ==================================================================
[   29.358363] ==================================================================
[   29.358417] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.358469] Write of size 1 at addr fff00000c83c98eb by task kunit_try_catch/187
[   29.358519] 
[   29.358547] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.358630] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.358657] Hardware name: linux,dummy-virt (DT)
[   29.358711] Call trace:
[   29.358733]  show_stack+0x20/0x38 (C)
[   29.358795]  dump_stack_lvl+0x8c/0xd0
[   29.358863]  print_report+0x118/0x5d0
[   29.358906]  kasan_report+0xdc/0x128
[   29.359008]  __asan_report_store1_noabort+0x20/0x30
[   29.359056]  krealloc_more_oob_helper+0x60c/0x678
[   29.359105]  krealloc_more_oob+0x20/0x38
[   29.359160]  kunit_try_run_case+0x170/0x3f0
[   29.359216]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.359269]  kthread+0x328/0x630
[   29.359310]  ret_from_fork+0x10/0x20
[   29.359366] 
[   29.359384] Allocated by task 187:
[   29.359423]  kasan_save_stack+0x3c/0x68
[   29.359465]  kasan_save_track+0x20/0x40
[   29.359511]  kasan_save_alloc_info+0x40/0x58
[   29.359549]  __kasan_krealloc+0x118/0x178
[   29.359588]  krealloc_noprof+0x128/0x360
[   29.359638]  krealloc_more_oob_helper+0x168/0x678
[   29.359759]  krealloc_more_oob+0x20/0x38
[   29.359797]  kunit_try_run_case+0x170/0x3f0
[   29.359835]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.359887]  kthread+0x328/0x630
[   29.359965]  ret_from_fork+0x10/0x20
[   29.360000] 
[   29.360018] The buggy address belongs to the object at fff00000c83c9800
[   29.360018]  which belongs to the cache kmalloc-256 of size 256
[   29.360339] The buggy address is located 0 bytes to the right of
[   29.360339]  allocated 235-byte region [fff00000c83c9800, fff00000c83c98eb)
[   29.360409] 
[   29.360429] The buggy address belongs to the physical page:
[   29.360463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083c8
[   29.360568] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.360779] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.360860] page_type: f5(slab)
[   29.361039] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.361568] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.361629] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.361701] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.361750] head: 0bfffe0000000001 ffffc1ffc320f201 00000000ffffffff 00000000ffffffff
[   29.361799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.361849] page dumped because: kasan: bad access detected
[   29.361890] 
[   29.361962] Memory state around the buggy address:
[   29.362018]  fff00000c83c9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.362063]  fff00000c83c9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.362158] >fff00000c83c9880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.362215]                                                           ^
[   29.362284]  fff00000c83c9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.362474]  fff00000c83c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.362618] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2bsAOkg3wb79cd8Vo2Ft0I1T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2bsAOkg3wb79cd8Vo2Ft0I1T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/Image.gz
sha256sum	3f8bc09ed9f9b9b07dd9347c2471900b9e11e4d06f46c1535963c2786d616931

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/modules.tar.xz
sha256sum	18d47f695b0cc0ec439f0c595d58fd07556cd744245e3297b23baf9d55fb3bf2

durations

tests

boot	0
kunit	167.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.674117] ==================================================================
[   24.674431] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.675173] Write of size 1 at addr ffff8881049904f0 by task kunit_try_catch/204
[   24.675518] 
[   24.675735] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.675784] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.675796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.675817] Call Trace:
[   24.675835]  <TASK>
[   24.675858]  dump_stack_lvl+0x73/0xb0
[   24.676167]  print_report+0xd1/0x610
[   24.676200]  ? __virt_addr_valid+0x1db/0x2d0
[   24.676224]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.676247]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.676272]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.676296]  kasan_report+0x141/0x180
[   24.676317]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.676344]  __asan_report_store1_noabort+0x1b/0x30
[   24.676368]  krealloc_more_oob_helper+0x7eb/0x930
[   24.676390]  ? __schedule+0x10cc/0x2b60
[   24.676413]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.676436]  ? finish_task_switch.isra.0+0x153/0x700
[   24.676458]  ? __switch_to+0x47/0xf80
[   24.676483]  ? __schedule+0x10cc/0x2b60
[   24.676519]  ? __pfx_read_tsc+0x10/0x10
[   24.676544]  krealloc_more_oob+0x1c/0x30
[   24.676565]  kunit_try_run_case+0x1a5/0x480
[   24.676587]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.676607]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.676630]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.676652]  ? __kthread_parkme+0x82/0x180
[   24.676672]  ? preempt_count_sub+0x50/0x80
[   24.676695]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.676728]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.676753]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.676846]  kthread+0x337/0x6f0
[   24.676869]  ? trace_preempt_on+0x20/0xc0
[   24.676893]  ? __pfx_kthread+0x10/0x10
[   24.676914]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.676935]  ? calculate_sigpending+0x7b/0xa0
[   24.676958]  ? __pfx_kthread+0x10/0x10
[   24.676979]  ret_from_fork+0x116/0x1d0
[   24.676998]  ? __pfx_kthread+0x10/0x10
[   24.677018]  ret_from_fork_asm+0x1a/0x30
[   24.677049]  </TASK>
[   24.677060] 
[   24.689979] Allocated by task 204:
[   24.690283]  kasan_save_stack+0x45/0x70
[   24.690649]  kasan_save_track+0x18/0x40
[   24.690865]  kasan_save_alloc_info+0x3b/0x50
[   24.691328]  __kasan_krealloc+0x190/0x1f0
[   24.691481]  krealloc_noprof+0xf3/0x340
[   24.692088]  krealloc_more_oob_helper+0x1a9/0x930
[   24.692442]  krealloc_more_oob+0x1c/0x30
[   24.692657]  kunit_try_run_case+0x1a5/0x480
[   24.693060]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.693335]  kthread+0x337/0x6f0
[   24.693550]  ret_from_fork+0x116/0x1d0
[   24.693689]  ret_from_fork_asm+0x1a/0x30
[   24.693949] 
[   24.694017] The buggy address belongs to the object at ffff888104990400
[   24.694017]  which belongs to the cache kmalloc-256 of size 256
[   24.694614] The buggy address is located 5 bytes to the right of
[   24.694614]  allocated 235-byte region [ffff888104990400, ffff8881049904eb)
[   24.695406] 
[   24.695529] The buggy address belongs to the physical page:
[   24.696178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990
[   24.696636] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.697168] flags: 0x200000000000040(head|node=0|zone=2)
[   24.697511] page_type: f5(slab)
[   24.697759] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.698155] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.698489] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.698969] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.699550] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff
[   24.699893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.700352] page dumped because: kasan: bad access detected
[   24.700588] 
[   24.700690] Memory state around the buggy address:
[   24.700984]  ffff888104990380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.701500]  ffff888104990400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.701926] >ffff888104990480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.702209]                                                              ^
[   24.702457]  ffff888104990500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.702753]  ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.703018] ==================================================================
[   24.850652] ==================================================================
[   24.851040] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.851593] Write of size 1 at addr ffff8881060de0f0 by task kunit_try_catch/208
[   24.852020] 
[   24.852134] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.852182] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.852194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.852215] Call Trace:
[   24.852227]  <TASK>
[   24.852385]  dump_stack_lvl+0x73/0xb0
[   24.852477]  print_report+0xd1/0x610
[   24.852511]  ? __virt_addr_valid+0x1db/0x2d0
[   24.852536]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.852559]  ? kasan_addr_to_slab+0x11/0xa0
[   24.852579]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.852602]  kasan_report+0x141/0x180
[   24.852623]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.852650]  __asan_report_store1_noabort+0x1b/0x30
[   24.852673]  krealloc_more_oob_helper+0x7eb/0x930
[   24.852695]  ? __schedule+0x10cc/0x2b60
[   24.852730]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.852753]  ? finish_task_switch.isra.0+0x153/0x700
[   24.852774]  ? __switch_to+0x47/0xf80
[   24.852939]  ? __schedule+0x10cc/0x2b60
[   24.852961]  ? __pfx_read_tsc+0x10/0x10
[   24.852985]  krealloc_large_more_oob+0x1c/0x30
[   24.853008]  kunit_try_run_case+0x1a5/0x480
[   24.853030]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.853050]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.853072]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.853094]  ? __kthread_parkme+0x82/0x180
[   24.853114]  ? preempt_count_sub+0x50/0x80
[   24.853136]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.853157]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.853181]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.853205]  kthread+0x337/0x6f0
[   24.853224]  ? trace_preempt_on+0x20/0xc0
[   24.853246]  ? __pfx_kthread+0x10/0x10
[   24.853266]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.853287]  ? calculate_sigpending+0x7b/0xa0
[   24.853309]  ? __pfx_kthread+0x10/0x10
[   24.853330]  ret_from_fork+0x116/0x1d0
[   24.853349]  ? __pfx_kthread+0x10/0x10
[   24.853369]  ret_from_fork_asm+0x1a/0x30
[   24.853399]  </TASK>
[   24.853411] 
[   24.861272] The buggy address belongs to the physical page:
[   24.861693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc
[   24.862066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.862411] flags: 0x200000000000040(head|node=0|zone=2)
[   24.862728] page_type: f8(unknown)
[   24.862925] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.863228] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.863476] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.863869] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.864207] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff
[   24.864558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.864992] page dumped because: kasan: bad access detected
[   24.865243] 
[   24.865327] Memory state around the buggy address:
[   24.865555]  ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.865902]  ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.866237] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.866609]                                                              ^
[   24.866917]  ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.867212]  ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.867421] ==================================================================
[   24.649851] ==================================================================
[   24.650274] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.650869] Write of size 1 at addr ffff8881049904eb by task kunit_try_catch/204
[   24.651652] 
[   24.651973] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.652041] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.652053] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.652075] Call Trace:
[   24.652088]  <TASK>
[   24.652107]  dump_stack_lvl+0x73/0xb0
[   24.652189]  print_report+0xd1/0x610
[   24.652214]  ? __virt_addr_valid+0x1db/0x2d0
[   24.652251]  ? krealloc_more_oob_helper+0x821/0x930
[   24.652274]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.652299]  ? krealloc_more_oob_helper+0x821/0x930
[   24.652323]  kasan_report+0x141/0x180
[   24.652344]  ? krealloc_more_oob_helper+0x821/0x930
[   24.652371]  __asan_report_store1_noabort+0x1b/0x30
[   24.652395]  krealloc_more_oob_helper+0x821/0x930
[   24.652417]  ? __schedule+0x10cc/0x2b60
[   24.652439]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.652462]  ? finish_task_switch.isra.0+0x153/0x700
[   24.652503]  ? __switch_to+0x47/0xf80
[   24.652530]  ? __schedule+0x10cc/0x2b60
[   24.652551]  ? __pfx_read_tsc+0x10/0x10
[   24.652575]  krealloc_more_oob+0x1c/0x30
[   24.652596]  kunit_try_run_case+0x1a5/0x480
[   24.652620]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.652640]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.652663]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.652685]  ? __kthread_parkme+0x82/0x180
[   24.652714]  ? preempt_count_sub+0x50/0x80
[   24.652736]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.652757]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.652849]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.652874]  kthread+0x337/0x6f0
[   24.652895]  ? trace_preempt_on+0x20/0xc0
[   24.652923]  ? __pfx_kthread+0x10/0x10
[   24.652943]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.652964]  ? calculate_sigpending+0x7b/0xa0
[   24.652988]  ? __pfx_kthread+0x10/0x10
[   24.653009]  ret_from_fork+0x116/0x1d0
[   24.653028]  ? __pfx_kthread+0x10/0x10
[   24.653048]  ret_from_fork_asm+0x1a/0x30
[   24.653079]  </TASK>
[   24.653091] 
[   24.661666] Allocated by task 204:
[   24.661932]  kasan_save_stack+0x45/0x70
[   24.662179]  kasan_save_track+0x18/0x40
[   24.662312]  kasan_save_alloc_info+0x3b/0x50
[   24.662539]  __kasan_krealloc+0x190/0x1f0
[   24.662852]  krealloc_noprof+0xf3/0x340
[   24.663048]  krealloc_more_oob_helper+0x1a9/0x930
[   24.663272]  krealloc_more_oob+0x1c/0x30
[   24.663466]  kunit_try_run_case+0x1a5/0x480
[   24.663643]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.663893]  kthread+0x337/0x6f0
[   24.664042]  ret_from_fork+0x116/0x1d0
[   24.664193]  ret_from_fork_asm+0x1a/0x30
[   24.664375] 
[   24.664440] The buggy address belongs to the object at ffff888104990400
[   24.664440]  which belongs to the cache kmalloc-256 of size 256
[   24.665171] The buggy address is located 0 bytes to the right of
[   24.665171]  allocated 235-byte region [ffff888104990400, ffff8881049904eb)
[   24.665668] 
[   24.665749] The buggy address belongs to the physical page:
[   24.666077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990
[   24.666628] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.667087] flags: 0x200000000000040(head|node=0|zone=2)
[   24.667281] page_type: f5(slab)
[   24.667528] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.668008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.668303] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.668693] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.669208] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff
[   24.669601] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.670077] page dumped because: kasan: bad access detected
[   24.670319] 
[   24.670422] Memory state around the buggy address:
[   24.670669]  ffff888104990380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.671129]  ffff888104990400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.671502] >ffff888104990480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.671878]                                                           ^
[   24.672150]  ffff888104990500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.672436]  ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.672754] ==================================================================
[   24.821417] ==================================================================
[   24.822122] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.823160] Write of size 1 at addr ffff8881060de0eb by task kunit_try_catch/208
[   24.823408] 
[   24.823498] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.823547] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.823559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.823580] Call Trace:
[   24.823593]  <TASK>
[   24.823611]  dump_stack_lvl+0x73/0xb0
[   24.823639]  print_report+0xd1/0x610
[   24.823664]  ? __virt_addr_valid+0x1db/0x2d0
[   24.823688]  ? krealloc_more_oob_helper+0x821/0x930
[   24.823730]  ? kasan_addr_to_slab+0x11/0xa0
[   24.823751]  ? krealloc_more_oob_helper+0x821/0x930
[   24.823774]  kasan_report+0x141/0x180
[   24.823796]  ? krealloc_more_oob_helper+0x821/0x930
[   24.823823]  __asan_report_store1_noabort+0x1b/0x30
[   24.823865]  krealloc_more_oob_helper+0x821/0x930
[   24.823887]  ? __schedule+0x10cc/0x2b60
[   24.823909]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.823938]  ? finish_task_switch.isra.0+0x153/0x700
[   24.823987]  ? __switch_to+0x47/0xf80
[   24.824013]  ? __schedule+0x10cc/0x2b60
[   24.824035]  ? __pfx_read_tsc+0x10/0x10
[   24.824059]  krealloc_large_more_oob+0x1c/0x30
[   24.824082]  kunit_try_run_case+0x1a5/0x480
[   24.824103]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.824123]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.824145]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.824167]  ? __kthread_parkme+0x82/0x180
[   24.824188]  ? preempt_count_sub+0x50/0x80
[   24.824209]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.824230]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.824254]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.824279]  kthread+0x337/0x6f0
[   24.824298]  ? trace_preempt_on+0x20/0xc0
[   24.824320]  ? __pfx_kthread+0x10/0x10
[   24.824340]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.824361]  ? calculate_sigpending+0x7b/0xa0
[   24.824384]  ? __pfx_kthread+0x10/0x10
[   24.824405]  ret_from_fork+0x116/0x1d0
[   24.824423]  ? __pfx_kthread+0x10/0x10
[   24.824445]  ret_from_fork_asm+0x1a/0x30
[   24.824476]  </TASK>
[   24.824488] 
[   24.839850] The buggy address belongs to the physical page:
[   24.840129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc
[   24.840373] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.840860] flags: 0x200000000000040(head|node=0|zone=2)
[   24.841401] page_type: f8(unknown)
[   24.841795] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.842716] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.843499] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.844397] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.844923] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff
[   24.845255] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.845562] page dumped because: kasan: bad access detected
[   24.845798] 
[   24.845883] Memory state around the buggy address:
[   24.846091]  ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.846379]  ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.846675] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.847422]                                                           ^
[   24.848166]  ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.848629]  ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.849381] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2chsWj6P6g4Yh42ScAolxoFf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2chsWj6P6g4Yh42ScAolxoFf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/bzImage
sha256sum	eb7410b0b69b19788d5882352e576aee30487b33703b12e52517fe201bd88014

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/modules.tar.xz
sha256sum	c3a441bb14076463ddc241205f7bbeb2eae739a3ece169faa37e10094e3dfd2b

durations

tests

boot	0
kunit	225.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit