lkft/linux-next-master - next-20250716 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 16, 2025, 12:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.405655] ==================================================================
[   30.405767] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.405817] Write of size 1 at addr fff00000c1d5d0eb by task kunit_try_catch/187
[   30.405867] 
[   30.406099] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.406198] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.406225] Hardware name: linux,dummy-virt (DT)
[   30.406292] Call trace:
[   30.406331]  show_stack+0x20/0x38 (C)
[   30.406392]  dump_stack_lvl+0x8c/0xd0
[   30.406457]  print_report+0x118/0x5d0
[   30.406500]  kasan_report+0xdc/0x128
[   30.406571]  __asan_report_store1_noabort+0x20/0x30
[   30.406621]  krealloc_more_oob_helper+0x60c/0x678
[   30.406688]  krealloc_more_oob+0x20/0x38
[   30.406738]  kunit_try_run_case+0x170/0x3f0
[   30.406785]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.407004]  kthread+0x328/0x630
[   30.407050]  ret_from_fork+0x10/0x20
[   30.407097] 
[   30.407114] Allocated by task 187:
[   30.407190]  kasan_save_stack+0x3c/0x68
[   30.407258]  kasan_save_track+0x20/0x40
[   30.407315]  kasan_save_alloc_info+0x40/0x58
[   30.407377]  __kasan_krealloc+0x118/0x178
[   30.407412]  krealloc_noprof+0x128/0x360
[   30.407450]  krealloc_more_oob_helper+0x168/0x678
[   30.407727]  krealloc_more_oob+0x20/0x38
[   30.407820]  kunit_try_run_case+0x170/0x3f0
[   30.407918]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.408035]  kthread+0x328/0x630
[   30.408145]  ret_from_fork+0x10/0x20
[   30.408279] 
[   30.408338] The buggy address belongs to the object at fff00000c1d5d000
[   30.408338]  which belongs to the cache kmalloc-256 of size 256
[   30.408396] The buggy address is located 0 bytes to the right of
[   30.408396]  allocated 235-byte region [fff00000c1d5d000, fff00000c1d5d0eb)
[   30.408459] 
[   30.408478] The buggy address belongs to the physical page:
[   30.408519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c
[   30.408571] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.408617] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.408666] page_type: f5(slab)
[   30.408743] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.408834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.408963] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.409065] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.409218] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff
[   30.409311] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.409400] page dumped because: kasan: bad access detected
[   30.409531] 
[   30.409549] Memory state around the buggy address:
[   30.409580]  fff00000c1d5cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.409757]  fff00000c1d5d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.409872] >fff00000c1d5d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.410003]                                                           ^
[   30.410109]  fff00000c1d5d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.410171]  fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.410289] ==================================================================
[   30.474348] ==================================================================
[   30.474468] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.474531] Write of size 1 at addr fff00000c9b220f0 by task kunit_try_catch/191
[   30.474595] 
[   30.474624] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.474806] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.474835] Hardware name: linux,dummy-virt (DT)
[   30.475006] Call trace:
[   30.475064]  show_stack+0x20/0x38 (C)
[   30.475155]  dump_stack_lvl+0x8c/0xd0
[   30.475231]  print_report+0x118/0x5d0
[   30.475294]  kasan_report+0xdc/0x128
[   30.475359]  __asan_report_store1_noabort+0x20/0x30
[   30.475425]  krealloc_more_oob_helper+0x5c0/0x678
[   30.475501]  krealloc_large_more_oob+0x20/0x38
[   30.475594]  kunit_try_run_case+0x170/0x3f0
[   30.475649]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.475701]  kthread+0x328/0x630
[   30.475742]  ret_from_fork+0x10/0x20
[   30.475787] 
[   30.475930] The buggy address belongs to the physical page:
[   30.475963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b20
[   30.476155] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.476267] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.476354] page_type: f8(unknown)
[   30.476456] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.476581] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.476675] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.476781] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.476897] head: 0bfffe0000000002 ffffc1ffc326c801 00000000ffffffff 00000000ffffffff
[   30.477017] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.477094] page dumped because: kasan: bad access detected
[   30.477124] 
[   30.477142] Memory state around the buggy address:
[   30.477173]  fff00000c9b21f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.477226]  fff00000c9b22000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.477268] >fff00000c9b22080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.477620]                                                              ^
[   30.477754]  fff00000c9b22100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.477857]  fff00000c9b22180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.477975] ==================================================================
[   30.470230] ==================================================================
[   30.470283] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.470334] Write of size 1 at addr fff00000c9b220eb by task kunit_try_catch/191
[   30.470389] 
[   30.470418] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.470501] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.470541] Hardware name: linux,dummy-virt (DT)
[   30.470571] Call trace:
[   30.470591]  show_stack+0x20/0x38 (C)
[   30.470886]  dump_stack_lvl+0x8c/0xd0
[   30.470980]  print_report+0x118/0x5d0
[   30.471026]  kasan_report+0xdc/0x128
[   30.471068]  __asan_report_store1_noabort+0x20/0x30
[   30.471311]  krealloc_more_oob_helper+0x60c/0x678
[   30.471396]  krealloc_large_more_oob+0x20/0x38
[   30.471454]  kunit_try_run_case+0x170/0x3f0
[   30.471541]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.471594]  kthread+0x328/0x630
[   30.471636]  ret_from_fork+0x10/0x20
[   30.471682] 
[   30.471702] The buggy address belongs to the physical page:
[   30.471733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b20
[   30.471983] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.472081] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.472196] page_type: f8(unknown)
[   30.472252] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.472351] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.472448] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.472538] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.472633] head: 0bfffe0000000002 ffffc1ffc326c801 00000000ffffffff 00000000ffffffff
[   30.472694] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.472794] page dumped because: kasan: bad access detected
[   30.472846] 
[   30.472864] Memory state around the buggy address:
[   30.472945]  fff00000c9b21f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.473018]  fff00000c9b22000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.473062] >fff00000c9b22080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.473099]                                                           ^
[   30.473175]  fff00000c9b22100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.473217]  fff00000c9b22180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.473254] ==================================================================
[   30.411156] ==================================================================
[   30.411220] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.411282] Write of size 1 at addr fff00000c1d5d0f0 by task kunit_try_catch/187
[   30.411348] 
[   30.411395] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT 
[   30.411478] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.411640] Hardware name: linux,dummy-virt (DT)
[   30.411676] Call trace:
[   30.411713]  show_stack+0x20/0x38 (C)
[   30.411838]  dump_stack_lvl+0x8c/0xd0
[   30.411955]  print_report+0x118/0x5d0
[   30.412078]  kasan_report+0xdc/0x128
[   30.412159]  __asan_report_store1_noabort+0x20/0x30
[   30.412209]  krealloc_more_oob_helper+0x5c0/0x678
[   30.412402]  krealloc_more_oob+0x20/0x38
[   30.412622]  kunit_try_run_case+0x170/0x3f0
[   30.412742]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.412850]  kthread+0x328/0x630
[   30.412976]  ret_from_fork+0x10/0x20
[   30.413041] 
[   30.413069] Allocated by task 187:
[   30.413415]  kasan_save_stack+0x3c/0x68
[   30.413776]  kasan_save_track+0x20/0x40
[   30.413856]  kasan_save_alloc_info+0x40/0x58
[   30.413973]  __kasan_krealloc+0x118/0x178
[   30.414019]  krealloc_noprof+0x128/0x360
[   30.414066]  krealloc_more_oob_helper+0x168/0x678
[   30.414231]  krealloc_more_oob+0x20/0x38
[   30.414430]  kunit_try_run_case+0x170/0x3f0
[   30.414508]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.414639]  kthread+0x328/0x630
[   30.414697]  ret_from_fork+0x10/0x20
[   30.414733] 
[   30.414863] The buggy address belongs to the object at fff00000c1d5d000
[   30.414863]  which belongs to the cache kmalloc-256 of size 256
[   30.415036] The buggy address is located 5 bytes to the right of
[   30.415036]  allocated 235-byte region [fff00000c1d5d000, fff00000c1d5d0eb)
[   30.415194] 
[   30.415272] The buggy address belongs to the physical page:
[   30.415338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d5c
[   30.415390] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.415669] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.415786] page_type: f5(slab)
[   30.415881] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.415977] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.416138] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.416188] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.416375] head: 0bfffe0000000001 ffffc1ffc3075701 00000000ffffffff 00000000ffffffff
[   30.416429] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.416676] page dumped because: kasan: bad access detected
[   30.416839] 
[   30.417242] Memory state around the buggy address:
[   30.417423]  fff00000c1d5cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.417642]  fff00000c1d5d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.417865] >fff00000c1d5d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.417930]                                                              ^
[   30.417986]  fff00000c1d5d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.418465]  fff00000c1d5d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.418614] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zxLYbkO55A3MZOuL8WgggPQedZ

job_id

TEST:linaro@lkft#2zxLeGb0Cz9DWdDOuIcvrHgzPHF

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxLeGb0Cz9DWdDOuIcvrHgzPHF

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLaFD9LrwPBdmkVRgfB1whiL3/Image.gz
sha256sum	52b0e0b4d3e1142256a1a9b955e87dd8182ac318909544344275afea897b330f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLaFD9LrwPBdmkVRgfB1whiL3/modules.tar.xz
sha256sum	45cab41eb8bcd09ba6c3a39112d26defc4ebbd207b893e79d28b0eac868edbc7

durations

tests

boot	0
kunit	166.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   23.082773] ==================================================================
[   23.083349] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   23.083702] Write of size 1 at addr ffff8881050f20f0 by task kunit_try_catch/209
[   23.084156] 
[   23.084288] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.084336] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.084348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.084367] Call Trace:
[   23.084379]  <TASK>
[   23.084393]  dump_stack_lvl+0x73/0xb0
[   23.084422]  print_report+0xd1/0x610
[   23.084444]  ? __virt_addr_valid+0x1db/0x2d0
[   23.084466]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.084489]  ? kasan_addr_to_slab+0x11/0xa0
[   23.084508]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.084531]  kasan_report+0x141/0x180
[   23.084587]  ? krealloc_more_oob_helper+0x7eb/0x930
[   23.084614]  __asan_report_store1_noabort+0x1b/0x30
[   23.084649]  krealloc_more_oob_helper+0x7eb/0x930
[   23.084672]  ? pick_task_fair+0xce/0x340
[   23.084697]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.084721]  ? __schedule+0x2079/0x2b60
[   23.084754]  ? schedule+0x7c/0x2e0
[   23.084773]  ? trace_hardirqs_on+0x37/0xe0
[   23.084796]  ? __schedule+0x2079/0x2b60
[   23.084817]  ? __pfx_read_tsc+0x10/0x10
[   23.084842]  krealloc_large_more_oob+0x1c/0x30
[   23.084864]  kunit_try_run_case+0x1a5/0x480
[   23.084953]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.084975]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.085009]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.085031]  ? __kthread_parkme+0x82/0x180
[   23.085051]  ? preempt_count_sub+0x50/0x80
[   23.085076]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.085100]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.085128]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.085154]  kthread+0x337/0x6f0
[   23.085172]  ? trace_preempt_on+0x20/0xc0
[   23.085194]  ? __pfx_kthread+0x10/0x10
[   23.085214]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.085236]  ? calculate_sigpending+0x7b/0xa0
[   23.085259]  ? __pfx_kthread+0x10/0x10
[   23.085288]  ret_from_fork+0x116/0x1d0
[   23.085307]  ? __pfx_kthread+0x10/0x10
[   23.085326]  ret_from_fork_asm+0x1a/0x30
[   23.085358]  </TASK>
[   23.085369] 
[   23.093316] The buggy address belongs to the physical page:
[   23.093688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0
[   23.094232] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.094543] flags: 0x200000000000040(head|node=0|zone=2)
[   23.094975] page_type: f8(unknown)
[   23.095099] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.095337] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.095722] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.096379] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.096778] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff
[   23.097229] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.097586] page dumped because: kasan: bad access detected
[   23.097813] 
[   23.097877] Memory state around the buggy address:
[   23.098023]  ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.098526]  ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.098825] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.099224]                                                              ^
[   23.099548]  ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.099932]  ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.100210] ==================================================================
[   22.896500] ==================================================================
[   22.897579] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   22.898145] Write of size 1 at addr ffff888105e500f0 by task kunit_try_catch/205
[   22.898449] 
[   22.898559] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   22.898606] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.898619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.898638] Call Trace:
[   22.899124]  <TASK>
[   22.899151]  dump_stack_lvl+0x73/0xb0
[   22.899183]  print_report+0xd1/0x610
[   22.899205]  ? __virt_addr_valid+0x1db/0x2d0
[   22.899227]  ? krealloc_more_oob_helper+0x7eb/0x930
[   22.899250]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.899288]  ? krealloc_more_oob_helper+0x7eb/0x930
[   22.899311]  kasan_report+0x141/0x180
[   22.899332]  ? krealloc_more_oob_helper+0x7eb/0x930
[   22.899359]  __asan_report_store1_noabort+0x1b/0x30
[   22.899383]  krealloc_more_oob_helper+0x7eb/0x930
[   22.899404]  ? __schedule+0x10c6/0x2b60
[   22.899425]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.899449]  ? finish_task_switch.isra.0+0x153/0x700
[   22.899470]  ? __switch_to+0x47/0xf80
[   22.899495]  ? __schedule+0x10c6/0x2b60
[   22.899516]  ? __pfx_read_tsc+0x10/0x10
[   22.899542]  krealloc_more_oob+0x1c/0x30
[   22.899563]  kunit_try_run_case+0x1a5/0x480
[   22.899586]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.899607]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.899629]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.899651]  ? __kthread_parkme+0x82/0x180
[   22.899670]  ? preempt_count_sub+0x50/0x80
[   22.899691]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.899713]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.899739]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.899764]  kthread+0x337/0x6f0
[   22.899783]  ? trace_preempt_on+0x20/0xc0
[   22.899805]  ? __pfx_kthread+0x10/0x10
[   22.899825]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.899845]  ? calculate_sigpending+0x7b/0xa0
[   22.899907]  ? __pfx_kthread+0x10/0x10
[   22.899930]  ret_from_fork+0x116/0x1d0
[   22.899949]  ? __pfx_kthread+0x10/0x10
[   22.899968]  ret_from_fork_asm+0x1a/0x30
[   22.899998]  </TASK>
[   22.900008] 
[   22.911075] Allocated by task 205:
[   22.911196]  kasan_save_stack+0x45/0x70
[   22.911750]  kasan_save_track+0x18/0x40
[   22.912081]  kasan_save_alloc_info+0x3b/0x50
[   22.912242]  __kasan_krealloc+0x190/0x1f0
[   22.912617]  krealloc_noprof+0xf3/0x340
[   22.913056]  krealloc_more_oob_helper+0x1a9/0x930
[   22.913384]  krealloc_more_oob+0x1c/0x30
[   22.913664]  kunit_try_run_case+0x1a5/0x480
[   22.913818]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.914133]  kthread+0x337/0x6f0
[   22.914310]  ret_from_fork+0x116/0x1d0
[   22.914480]  ret_from_fork_asm+0x1a/0x30
[   22.915036] 
[   22.915113] The buggy address belongs to the object at ffff888105e50000
[   22.915113]  which belongs to the cache kmalloc-256 of size 256
[   22.916013] The buggy address is located 5 bytes to the right of
[   22.916013]  allocated 235-byte region [ffff888105e50000, ffff888105e500eb)
[   22.916665] 
[   22.916775] The buggy address belongs to the physical page:
[   22.917027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e50
[   22.917656] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.918074] flags: 0x200000000000040(head|node=0|zone=2)
[   22.918336] page_type: f5(slab)
[   22.918477] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.919251] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.919719] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.920157] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.920763] head: 0200000000000001 ffffea0004179401 00000000ffffffff 00000000ffffffff
[   22.921622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.922433] page dumped because: kasan: bad access detected
[   22.923120] 
[   22.923274] Memory state around the buggy address:
[   22.923817]  ffff888105e4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.924436]  ffff888105e50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.924906] >ffff888105e50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.925120]                                                              ^
[   22.925340]  ffff888105e50100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.925627]  ffff888105e50180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.926369] ==================================================================
[   22.874408] ==================================================================
[   22.874870] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   22.875192] Write of size 1 at addr ffff888105e500eb by task kunit_try_catch/205
[   22.875503] 
[   22.875626] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   22.875683] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.875695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   22.875717] Call Trace:
[   22.875730]  <TASK>
[   22.875751]  dump_stack_lvl+0x73/0xb0
[   22.875784]  print_report+0xd1/0x610
[   22.875807]  ? __virt_addr_valid+0x1db/0x2d0
[   22.875834]  ? krealloc_more_oob_helper+0x821/0x930
[   22.875877]  ? kasan_complete_mode_report_info+0x2a/0x200
[   22.875903]  ? krealloc_more_oob_helper+0x821/0x930
[   22.875927]  kasan_report+0x141/0x180
[   22.875949]  ? krealloc_more_oob_helper+0x821/0x930
[   22.875976]  __asan_report_store1_noabort+0x1b/0x30
[   22.875999]  krealloc_more_oob_helper+0x821/0x930
[   22.876020]  ? __schedule+0x10c6/0x2b60
[   22.876043]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   22.876066]  ? finish_task_switch.isra.0+0x153/0x700
[   22.876089]  ? __switch_to+0x47/0xf80
[   22.876115]  ? __schedule+0x10c6/0x2b60
[   22.876136]  ? __pfx_read_tsc+0x10/0x10
[   22.876162]  krealloc_more_oob+0x1c/0x30
[   22.876182]  kunit_try_run_case+0x1a5/0x480
[   22.876208]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.876229]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   22.876252]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   22.876283]  ? __kthread_parkme+0x82/0x180
[   22.876304]  ? preempt_count_sub+0x50/0x80
[   22.876337]  ? __pfx_kunit_try_run_case+0x10/0x10
[   22.876359]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.876386]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   22.876412]  kthread+0x337/0x6f0
[   22.876431]  ? trace_preempt_on+0x20/0xc0
[   22.876456]  ? __pfx_kthread+0x10/0x10
[   22.876475]  ? _raw_spin_unlock_irq+0x47/0x80
[   22.876495]  ? calculate_sigpending+0x7b/0xa0
[   22.876518]  ? __pfx_kthread+0x10/0x10
[   22.876556]  ret_from_fork+0x116/0x1d0
[   22.876575]  ? __pfx_kthread+0x10/0x10
[   22.876595]  ret_from_fork_asm+0x1a/0x30
[   22.876626]  </TASK>
[   22.876637] 
[   22.884130] Allocated by task 205:
[   22.884284]  kasan_save_stack+0x45/0x70
[   22.884484]  kasan_save_track+0x18/0x40
[   22.884695]  kasan_save_alloc_info+0x3b/0x50
[   22.884961]  __kasan_krealloc+0x190/0x1f0
[   22.885123]  krealloc_noprof+0xf3/0x340
[   22.885256]  krealloc_more_oob_helper+0x1a9/0x930
[   22.885419]  krealloc_more_oob+0x1c/0x30
[   22.885632]  kunit_try_run_case+0x1a5/0x480
[   22.885832]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   22.886167]  kthread+0x337/0x6f0
[   22.886351]  ret_from_fork+0x116/0x1d0
[   22.886536]  ret_from_fork_asm+0x1a/0x30
[   22.886729] 
[   22.886796] The buggy address belongs to the object at ffff888105e50000
[   22.886796]  which belongs to the cache kmalloc-256 of size 256
[   22.887373] The buggy address is located 0 bytes to the right of
[   22.887373]  allocated 235-byte region [ffff888105e50000, ffff888105e500eb)
[   22.887990] 
[   22.888074] The buggy address belongs to the physical page:
[   22.888288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e50
[   22.888527] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.888766] flags: 0x200000000000040(head|node=0|zone=2)
[   22.889075] page_type: f5(slab)
[   22.889242] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.889618] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.890006] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   22.890235] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.890488] head: 0200000000000001 ffffea0004179401 00000000ffffffff 00000000ffffffff
[   22.890920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.891276] page dumped because: kasan: bad access detected
[   22.891531] 
[   22.891646] Memory state around the buggy address:
[   22.891911]  ffff888105e4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.892199]  ffff888105e50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.892487] >ffff888105e50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.892775]                                                           ^
[   22.893099]  ffff888105e50100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.893372]  ffff888105e50180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.893680] ==================================================================
[   23.063790] ==================================================================
[   23.064562] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   23.064956] Write of size 1 at addr ffff8881050f20eb by task kunit_try_catch/209
[   23.065327] 
[   23.065491] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) 
[   23.065539] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.065558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.065578] Call Trace:
[   23.065590]  <TASK>
[   23.065607]  dump_stack_lvl+0x73/0xb0
[   23.065637]  print_report+0xd1/0x610
[   23.065703]  ? __virt_addr_valid+0x1db/0x2d0
[   23.065727]  ? krealloc_more_oob_helper+0x821/0x930
[   23.065749]  ? kasan_addr_to_slab+0x11/0xa0
[   23.065807]  ? krealloc_more_oob_helper+0x821/0x930
[   23.065830]  kasan_report+0x141/0x180
[   23.065852]  ? krealloc_more_oob_helper+0x821/0x930
[   23.065946]  __asan_report_store1_noabort+0x1b/0x30
[   23.065970]  krealloc_more_oob_helper+0x821/0x930
[   23.065993]  ? pick_task_fair+0xce/0x340
[   23.066018]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   23.066041]  ? __schedule+0x2079/0x2b60
[   23.066062]  ? schedule+0x7c/0x2e0
[   23.066081]  ? trace_hardirqs_on+0x37/0xe0
[   23.066104]  ? __schedule+0x2079/0x2b60
[   23.066124]  ? __pfx_read_tsc+0x10/0x10
[   23.066149]  krealloc_large_more_oob+0x1c/0x30
[   23.066171]  kunit_try_run_case+0x1a5/0x480
[   23.066194]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.066215]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.066237]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.066259]  ? __kthread_parkme+0x82/0x180
[   23.066291]  ? preempt_count_sub+0x50/0x80
[   23.066312]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.066335]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.066361]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.066387]  kthread+0x337/0x6f0
[   23.066406]  ? trace_preempt_on+0x20/0xc0
[   23.066428]  ? __pfx_kthread+0x10/0x10
[   23.066447]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.066468]  ? calculate_sigpending+0x7b/0xa0
[   23.066491]  ? __pfx_kthread+0x10/0x10
[   23.066512]  ret_from_fork+0x116/0x1d0
[   23.066530]  ? __pfx_kthread+0x10/0x10
[   23.066560]  ret_from_fork_asm+0x1a/0x30
[   23.066590]  </TASK>
[   23.066600] 
[   23.075518] The buggy address belongs to the physical page:
[   23.075730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0
[   23.075969] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.076464] flags: 0x200000000000040(head|node=0|zone=2)
[   23.076733] page_type: f8(unknown)
[   23.076901] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.077284] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.077812] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   23.078171] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   23.078416] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff
[   23.078664] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.078994] page dumped because: kasan: bad access detected
[   23.079292] 
[   23.079381] Memory state around the buggy address:
[   23.079661]  ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.080113]  ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.080443] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.080869]                                                           ^
[   23.081143]  ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.081372]  ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.081922] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zxLYbkO55A3MZOuL8WgggPQedZ

job_id

TEST:linaro@lkft#2zxLfHMSY6akRqbBhVsf5z5iz9e

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxLfHMSY6akRqbBhVsf5z5iz9e

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLbmLo3GA6FujcMpRElLVLfuq/bzImage
sha256sum	97fecc995324d61966003161d99859708a9b079452d45536b9403860fef72719

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxLbmLo3GA6FujcMpRElLVLfuq/modules.tar.xz
sha256sum	ce1222732442295d109620928fd8d84fb1cc2fb5dcb61e49ba48e8a442ce3bba

durations

tests

boot	0
kunit	232.49

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit