lkft/linux-next-master - next-20250717 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 17, 2025, 10:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.458881] ==================================================================
[   29.458933] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.458983] Write of size 1 at addr fff00000c91920f0 by task kunit_try_catch/191
[   29.459200] 
[   29.459240] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.459338] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.459364] Hardware name: linux,dummy-virt (DT)
[   29.459463] Call trace:
[   29.459489]  show_stack+0x20/0x38 (C)
[   29.459565]  dump_stack_lvl+0x8c/0xd0
[   29.459785]  print_report+0x118/0x5d0
[   29.459940]  kasan_report+0xdc/0x128
[   29.459988]  __asan_report_store1_noabort+0x20/0x30
[   29.460041]  krealloc_more_oob_helper+0x5c0/0x678
[   29.460104]  krealloc_large_more_oob+0x20/0x38
[   29.460191]  kunit_try_run_case+0x170/0x3f0
[   29.460257]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.460308]  kthread+0x328/0x630
[   29.460410]  ret_from_fork+0x10/0x20
[   29.460527] 
[   29.460621] The buggy address belongs to the physical page:
[   29.460696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109190
[   29.460804] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.460850] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.460901] page_type: f8(unknown)
[   29.460939] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.461123] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.461203] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.461328] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.461480] head: 0bfffe0000000002 ffffc1ffc3246401 00000000ffffffff 00000000ffffffff
[   29.461564] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.461640] page dumped because: kasan: bad access detected
[   29.461760] 
[   29.461819] Memory state around the buggy address:
[   29.461903]  fff00000c9191f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.462017]  fff00000c9192000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.462068] >fff00000c9192080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.462386]                                                              ^
[   29.462473]  fff00000c9192100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.462606]  fff00000c9192180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.462696] ==================================================================
[   29.452369] ==================================================================
[   29.452564] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.452750] Write of size 1 at addr fff00000c91920eb by task kunit_try_catch/191
[   29.452806] 
[   29.452842] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.452987] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.453047] Hardware name: linux,dummy-virt (DT)
[   29.453165] Call trace:
[   29.453225]  show_stack+0x20/0x38 (C)
[   29.453351]  dump_stack_lvl+0x8c/0xd0
[   29.453437]  print_report+0x118/0x5d0
[   29.453527]  kasan_report+0xdc/0x128
[   29.453649]  __asan_report_store1_noabort+0x20/0x30
[   29.453722]  krealloc_more_oob_helper+0x60c/0x678
[   29.454022]  krealloc_large_more_oob+0x20/0x38
[   29.454175]  kunit_try_run_case+0x170/0x3f0
[   29.454317]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.454442]  kthread+0x328/0x630
[   29.454560]  ret_from_fork+0x10/0x20
[   29.454609] 
[   29.454657] The buggy address belongs to the physical page:
[   29.454897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109190
[   29.455143] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.455227] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.455353] page_type: f8(unknown)
[   29.455448] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.455584] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.455678] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.455894] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.455952] head: 0bfffe0000000002 ffffc1ffc3246401 00000000ffffffff 00000000ffffffff
[   29.456006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.456083] page dumped because: kasan: bad access detected
[   29.456173] 
[   29.456240] Memory state around the buggy address:
[   29.456317]  fff00000c9191f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.456439]  fff00000c9192000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.456502] >fff00000c9192080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   29.456606]                                                           ^
[   29.456661]  fff00000c9192100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.456718]  fff00000c9192180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.456797] ==================================================================
[   29.397881] ==================================================================
[   29.398279] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   29.398356] Write of size 1 at addr fff00000c78094f0 by task kunit_try_catch/187
[   29.398566] 
[   29.398609] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.398859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.398887] Hardware name: linux,dummy-virt (DT)
[   29.398925] Call trace:
[   29.399093]  show_stack+0x20/0x38 (C)
[   29.399149]  dump_stack_lvl+0x8c/0xd0
[   29.399337]  print_report+0x118/0x5d0
[   29.399397]  kasan_report+0xdc/0x128
[   29.399729]  __asan_report_store1_noabort+0x20/0x30
[   29.399877]  krealloc_more_oob_helper+0x5c0/0x678
[   29.399950]  krealloc_more_oob+0x20/0x38
[   29.400152]  kunit_try_run_case+0x170/0x3f0
[   29.400381]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.400447]  kthread+0x328/0x630
[   29.400637]  ret_from_fork+0x10/0x20
[   29.400996] 
[   29.401017] Allocated by task 187:
[   29.401046]  kasan_save_stack+0x3c/0x68
[   29.401346]  kasan_save_track+0x20/0x40
[   29.401493]  kasan_save_alloc_info+0x40/0x58
[   29.401629]  __kasan_krealloc+0x118/0x178
[   29.401685]  krealloc_noprof+0x128/0x360
[   29.401743]  krealloc_more_oob_helper+0x168/0x678
[   29.401978]  krealloc_more_oob+0x20/0x38
[   29.402190]  kunit_try_run_case+0x170/0x3f0
[   29.402253]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.402507]  kthread+0x328/0x630
[   29.402654]  ret_from_fork+0x10/0x20
[   29.402763] 
[   29.402798] The buggy address belongs to the object at fff00000c7809400
[   29.402798]  which belongs to the cache kmalloc-256 of size 256
[   29.402855] The buggy address is located 5 bytes to the right of
[   29.402855]  allocated 235-byte region [fff00000c7809400, fff00000c78094eb)
[   29.402972] 
[   29.403002] The buggy address belongs to the physical page:
[   29.403040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   29.403110] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.403167] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.403223] page_type: f5(slab)
[   29.403282] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.403340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.403389] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.403436] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.403484] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   29.403540] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.403578] page dumped because: kasan: bad access detected
[   29.403613] 
[   29.403631] Memory state around the buggy address:
[   29.403660]  fff00000c7809380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.403702]  fff00000c7809400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.403751] >fff00000c7809480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.403786]                                                              ^
[   29.403824]  fff00000c7809500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.403864]  fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.403908] ==================================================================
[   29.388157] ==================================================================
[   29.388441] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   29.388509] Write of size 1 at addr fff00000c78094eb by task kunit_try_catch/187
[   29.388997] 
[   29.389217] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT 
[   29.389315] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.389498] Hardware name: linux,dummy-virt (DT)
[   29.389534] Call trace:
[   29.389575]  show_stack+0x20/0x38 (C)
[   29.389651]  dump_stack_lvl+0x8c/0xd0
[   29.389708]  print_report+0x118/0x5d0
[   29.389753]  kasan_report+0xdc/0x128
[   29.389800]  __asan_report_store1_noabort+0x20/0x30
[   29.389848]  krealloc_more_oob_helper+0x60c/0x678
[   29.389913]  krealloc_more_oob+0x20/0x38
[   29.389960]  kunit_try_run_case+0x170/0x3f0
[   29.390015]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.390087]  kthread+0x328/0x630
[   29.390129]  ret_from_fork+0x10/0x20
[   29.390188] 
[   29.390212] Allocated by task 187:
[   29.390241]  kasan_save_stack+0x3c/0x68
[   29.390279]  kasan_save_track+0x20/0x40
[   29.390323]  kasan_save_alloc_info+0x40/0x58
[   29.390359]  __kasan_krealloc+0x118/0x178
[   29.390394]  krealloc_noprof+0x128/0x360
[   29.390432]  krealloc_more_oob_helper+0x168/0x678
[   29.390471]  krealloc_more_oob+0x20/0x38
[   29.390516]  kunit_try_run_case+0x170/0x3f0
[   29.390557]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.390598]  kthread+0x328/0x630
[   29.390636]  ret_from_fork+0x10/0x20
[   29.390680] 
[   29.390699] The buggy address belongs to the object at fff00000c7809400
[   29.390699]  which belongs to the cache kmalloc-256 of size 256
[   29.390754] The buggy address is located 0 bytes to the right of
[   29.390754]  allocated 235-byte region [fff00000c7809400, fff00000c78094eb)
[   29.390826] 
[   29.390845] The buggy address belongs to the physical page:
[   29.390883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107808
[   29.390943] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.390997] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.391047] page_type: f5(slab)
[   29.391788] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.391893] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.392170] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   29.392232] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.392691] head: 0bfffe0000000001 ffffc1ffc31e0201 00000000ffffffff 00000000ffffffff
[   29.392802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.392979] page dumped because: kasan: bad access detected
[   29.393009] 
[   29.393359] Memory state around the buggy address:
[   29.393442]  fff00000c7809380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.393531]  fff00000c7809400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.393732] >fff00000c7809480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   29.393940]                                                           ^
[   29.394003]  fff00000c7809500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.394121]  fff00000c7809580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.394203] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwI23tpQTBG8fCn9UxRxbb3tr

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwI23tpQTBG8fCn9UxRxbb3tr

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/Image.gz
sha256sum	96fb88d4d7e7c3e6152876915e22498e21d41ed7aff45eb77676039904c4d08c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwEZAurXarO00lL6IwIbO30zH/modules.tar.xz
sha256sum	dcc013962c933691dd3d8528b3dca35a1d1690294b48c5891b1bcdd298eff6aa

durations

tests

boot	0
kunit	174.13

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.301138] ==================================================================
[   25.302294] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   25.302663] Write of size 1 at addr ffff8881060c46eb by task kunit_try_catch/205
[   25.302875] 
[   25.302957] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.303009] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.303021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.303042] Call Trace:
[   25.303056]  <TASK>
[   25.303074]  dump_stack_lvl+0x73/0xb0
[   25.303117]  print_report+0xd1/0x610
[   25.303139]  ? __virt_addr_valid+0x1db/0x2d0
[   25.303164]  ? krealloc_more_oob_helper+0x821/0x930
[   25.303187]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.303211]  ? krealloc_more_oob_helper+0x821/0x930
[   25.303234]  kasan_report+0x141/0x180
[   25.303266]  ? krealloc_more_oob_helper+0x821/0x930
[   25.303293]  __asan_report_store1_noabort+0x1b/0x30
[   25.303329]  krealloc_more_oob_helper+0x821/0x930
[   25.303350]  ? __schedule+0x10c6/0x2b60
[   25.303373]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.303396]  ? finish_task_switch.isra.0+0x153/0x700
[   25.303417]  ? __switch_to+0x47/0xf80
[   25.303444]  ? __schedule+0x10c6/0x2b60
[   25.303465]  ? __pfx_read_tsc+0x10/0x10
[   25.303489]  krealloc_more_oob+0x1c/0x30
[   25.303510]  kunit_try_run_case+0x1a5/0x480
[   25.303534]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.303555]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.303577]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.303599]  ? __kthread_parkme+0x82/0x180
[   25.303623]  ? preempt_count_sub+0x50/0x80
[   25.303644]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.303667]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.303688]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.303710]  kthread+0x337/0x6f0
[   25.303734]  ? trace_preempt_on+0x20/0xc0
[   25.303759]  ? __pfx_kthread+0x10/0x10
[   25.303778]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.303800]  ? calculate_sigpending+0x7b/0xa0
[   25.303824]  ? __pfx_kthread+0x10/0x10
[   25.303844]  ret_from_fork+0x116/0x1d0
[   25.303862]  ? __pfx_kthread+0x10/0x10
[   25.303881]  ret_from_fork_asm+0x1a/0x30
[   25.303913]  </TASK>
[   25.303923] 
[   25.316679] Allocated by task 205:
[   25.316805]  kasan_save_stack+0x45/0x70
[   25.317125]  kasan_save_track+0x18/0x40
[   25.317401]  kasan_save_alloc_info+0x3b/0x50
[   25.317991]  __kasan_krealloc+0x190/0x1f0
[   25.318185]  krealloc_noprof+0xf3/0x340
[   25.318317]  krealloc_more_oob_helper+0x1a9/0x930
[   25.318724]  krealloc_more_oob+0x1c/0x30
[   25.319338]  kunit_try_run_case+0x1a5/0x480
[   25.319554]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.320067]  kthread+0x337/0x6f0
[   25.320526]  ret_from_fork+0x116/0x1d0
[   25.320893]  ret_from_fork_asm+0x1a/0x30
[   25.321313] 
[   25.321382] The buggy address belongs to the object at ffff8881060c4600
[   25.321382]  which belongs to the cache kmalloc-256 of size 256
[   25.321723] The buggy address is located 0 bytes to the right of
[   25.321723]  allocated 235-byte region [ffff8881060c4600, ffff8881060c46eb)
[   25.322073] 
[   25.322177] The buggy address belongs to the physical page:
[   25.322342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4
[   25.323127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.323349] flags: 0x200000000000040(head|node=0|zone=2)
[   25.323714] page_type: f5(slab)
[   25.323886] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.324294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.324837] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.325427] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.325854] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff
[   25.326190] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.326729] page dumped because: kasan: bad access detected
[   25.327091] 
[   25.327237] Memory state around the buggy address:
[   25.327692]  ffff8881060c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.327982]  ffff8881060c4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.328577] >ffff8881060c4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.328987]                                                           ^
[   25.329625]  ffff8881060c4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.329967]  ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.330271] ==================================================================
[   25.492265] ==================================================================
[   25.493032] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   25.493586] Write of size 1 at addr ffff88810602e0eb by task kunit_try_catch/209
[   25.493884] 
[   25.493976] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.494025] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.494036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.494057] Call Trace:
[   25.494069]  <TASK>
[   25.494097]  dump_stack_lvl+0x73/0xb0
[   25.494129]  print_report+0xd1/0x610
[   25.494150]  ? __virt_addr_valid+0x1db/0x2d0
[   25.494174]  ? krealloc_more_oob_helper+0x821/0x930
[   25.494196]  ? kasan_addr_to_slab+0x11/0xa0
[   25.494215]  ? krealloc_more_oob_helper+0x821/0x930
[   25.494237]  kasan_report+0x141/0x180
[   25.494271]  ? krealloc_more_oob_helper+0x821/0x930
[   25.494308]  __asan_report_store1_noabort+0x1b/0x30
[   25.494331]  krealloc_more_oob_helper+0x821/0x930
[   25.494352]  ? __schedule+0x10c6/0x2b60
[   25.494374]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.494397]  ? finish_task_switch.isra.0+0x153/0x700
[   25.494418]  ? __switch_to+0x47/0xf80
[   25.494442]  ? __schedule+0x10c6/0x2b60
[   25.494463]  ? __pfx_read_tsc+0x10/0x10
[   25.494487]  krealloc_large_more_oob+0x1c/0x30
[   25.494508]  kunit_try_run_case+0x1a5/0x480
[   25.494532]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.494552]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.494574]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.494596]  ? __kthread_parkme+0x82/0x180
[   25.494619]  ? preempt_count_sub+0x50/0x80
[   25.494640]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.494663]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.494684]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.494707]  kthread+0x337/0x6f0
[   25.494725]  ? trace_preempt_on+0x20/0xc0
[   25.494748]  ? __pfx_kthread+0x10/0x10
[   25.494767]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.494788]  ? calculate_sigpending+0x7b/0xa0
[   25.494811]  ? __pfx_kthread+0x10/0x10
[   25.494831]  ret_from_fork+0x116/0x1d0
[   25.494849]  ? __pfx_kthread+0x10/0x10
[   25.494868]  ret_from_fork_asm+0x1a/0x30
[   25.494899]  </TASK>
[   25.494909] 
[   25.502970] The buggy address belongs to the physical page:
[   25.503268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c
[   25.503663] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.504003] flags: 0x200000000000040(head|node=0|zone=2)
[   25.504189] page_type: f8(unknown)
[   25.504514] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.504913] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.505245] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.505624] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.506005] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff
[   25.506387] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.506702] page dumped because: kasan: bad access detected
[   25.506890] 
[   25.506950] Memory state around the buggy address:
[   25.507105]  ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.509951]  ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.510517] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.511253]                                                           ^
[   25.511494]  ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.511706]  ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.512313] ==================================================================
[   25.513576] ==================================================================
[   25.513800] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   25.514034] Write of size 1 at addr ffff88810602e0f0 by task kunit_try_catch/209
[   25.514256] 
[   25.514331] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.514377] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.514389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.514409] Call Trace:
[   25.514422]  <TASK>
[   25.514435]  dump_stack_lvl+0x73/0xb0
[   25.514462]  print_report+0xd1/0x610
[   25.514483]  ? __virt_addr_valid+0x1db/0x2d0
[   25.514505]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.514526]  ? kasan_addr_to_slab+0x11/0xa0
[   25.514545]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.514567]  kasan_report+0x141/0x180
[   25.514587]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.514614]  __asan_report_store1_noabort+0x1b/0x30
[   25.514637]  krealloc_more_oob_helper+0x7eb/0x930
[   25.514657]  ? __schedule+0x10c6/0x2b60
[   25.514678]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.514701]  ? finish_task_switch.isra.0+0x153/0x700
[   25.514721]  ? __switch_to+0x47/0xf80
[   25.514745]  ? __schedule+0x10c6/0x2b60
[   25.514766]  ? __pfx_read_tsc+0x10/0x10
[   25.514790]  krealloc_large_more_oob+0x1c/0x30
[   25.514812]  kunit_try_run_case+0x1a5/0x480
[   25.514833]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.514854]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.514875]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.514897]  ? __kthread_parkme+0x82/0x180
[   25.514920]  ? preempt_count_sub+0x50/0x80
[   25.514941]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.514962]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.514984]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.515005]  kthread+0x337/0x6f0
[   25.515023]  ? trace_preempt_on+0x20/0xc0
[   25.515046]  ? __pfx_kthread+0x10/0x10
[   25.515065]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.516267]  ? calculate_sigpending+0x7b/0xa0
[   25.516336]  ? __pfx_kthread+0x10/0x10
[   25.516384]  ret_from_fork+0x116/0x1d0
[   25.516416]  ? __pfx_kthread+0x10/0x10
[   25.516436]  ret_from_fork_asm+0x1a/0x30
[   25.516467]  </TASK>
[   25.516478] 
[   25.529690] The buggy address belongs to the physical page:
[   25.530392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c
[   25.530953] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.531187] flags: 0x200000000000040(head|node=0|zone=2)
[   25.531817] page_type: f8(unknown)
[   25.532235] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.532941] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.533770] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.534047] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.534293] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff
[   25.534518] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.534735] page dumped because: kasan: bad access detected
[   25.534897] 
[   25.534958] Memory state around the buggy address:
[   25.535178]  ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.535785]  ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.536586] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.537213]                                                              ^
[   25.537821]  ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.538534]  ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.539133] ==================================================================
[   25.331272] ==================================================================
[   25.331823] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   25.332143] Write of size 1 at addr ffff8881060c46f0 by task kunit_try_catch/205
[   25.332627] 
[   25.332751] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) 
[   25.332818] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.332829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.332849] Call Trace:
[   25.332879]  <TASK>
[   25.332895]  dump_stack_lvl+0x73/0xb0
[   25.332925]  print_report+0xd1/0x610
[   25.332946]  ? __virt_addr_valid+0x1db/0x2d0
[   25.332968]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.332990]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.333015]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.333038]  kasan_report+0x141/0x180
[   25.333059]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.333097]  __asan_report_store1_noabort+0x1b/0x30
[   25.333120]  krealloc_more_oob_helper+0x7eb/0x930
[   25.333141]  ? __schedule+0x10c6/0x2b60
[   25.333163]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.333186]  ? finish_task_switch.isra.0+0x153/0x700
[   25.333206]  ? __switch_to+0x47/0xf80
[   25.333231]  ? __schedule+0x10c6/0x2b60
[   25.333252]  ? __pfx_read_tsc+0x10/0x10
[   25.333275]  krealloc_more_oob+0x1c/0x30
[   25.333295]  kunit_try_run_case+0x1a5/0x480
[   25.333319]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.333340]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.333362]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.333385]  ? __kthread_parkme+0x82/0x180
[   25.333408]  ? preempt_count_sub+0x50/0x80
[   25.333430]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.333452]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.333711]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.333740]  kthread+0x337/0x6f0
[   25.333759]  ? trace_preempt_on+0x20/0xc0
[   25.333783]  ? __pfx_kthread+0x10/0x10
[   25.333802]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.333823]  ? calculate_sigpending+0x7b/0xa0
[   25.333846]  ? __pfx_kthread+0x10/0x10
[   25.333866]  ret_from_fork+0x116/0x1d0
[   25.333884]  ? __pfx_kthread+0x10/0x10
[   25.333903]  ret_from_fork_asm+0x1a/0x30
[   25.333939]  </TASK>
[   25.333949] 
[   25.344883] Allocated by task 205:
[   25.345229]  kasan_save_stack+0x45/0x70
[   25.345494]  kasan_save_track+0x18/0x40
[   25.345877]  kasan_save_alloc_info+0x3b/0x50
[   25.346112]  __kasan_krealloc+0x190/0x1f0
[   25.346462]  krealloc_noprof+0xf3/0x340
[   25.346811]  krealloc_more_oob_helper+0x1a9/0x930
[   25.347050]  krealloc_more_oob+0x1c/0x30
[   25.347529]  kunit_try_run_case+0x1a5/0x480
[   25.347821]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.348005]  kthread+0x337/0x6f0
[   25.348184]  ret_from_fork+0x116/0x1d0
[   25.348640]  ret_from_fork_asm+0x1a/0x30
[   25.349073] 
[   25.349158] The buggy address belongs to the object at ffff8881060c4600
[   25.349158]  which belongs to the cache kmalloc-256 of size 256
[   25.350053] The buggy address is located 5 bytes to the right of
[   25.350053]  allocated 235-byte region [ffff8881060c4600, ffff8881060c46eb)
[   25.350790] 
[   25.351036] The buggy address belongs to the physical page:
[   25.351324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4
[   25.351957] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.352547] flags: 0x200000000000040(head|node=0|zone=2)
[   25.352833] page_type: f5(slab)
[   25.353055] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.353635] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.354164] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.354649] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.355109] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff
[   25.355664] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.356051] page dumped because: kasan: bad access detected
[   25.356364] 
[   25.356796] Memory state around the buggy address:
[   25.357007]  ffff8881060c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.357598]  ffff8881060c4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.357916] >ffff8881060c4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.358234]                                                              ^
[   25.358782]  ffff8881060c4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.359207]  ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.359711] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zzwDWobl1PenKrl7aC3Q4y8R2x

job_id

TEST:linaro@lkft#2zzwJ32YYH3rsbvUvNRbDDLdWs9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zzwJ32YYH3rsbvUvNRbDDLdWs9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/bzImage
sha256sum	07a1e7c475fbe0d7581a28da7be9cafbb328e6becefa6ecbfcd42fdce3b22356

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zzwFbnsZn5bg7jA5R4UbAZ06xn/modules.tar.xz
sha256sum	651adbeb72ad9ee19188d99d2b877df4dd037d2a48b86a8a968b1eb4c3477806

durations

tests

boot	0
kunit	236.22

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit