lkft/linux-next-master - next-20250722 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 22, 2025, 5:13 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.220659] ==================================================================
[   30.220946] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.221018] Write of size 1 at addr fff00000c9aea0eb by task kunit_try_catch/191
[   30.221067] 
[   30.221102] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   30.221188] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   30.221216] Hardware name: linux,dummy-virt (DT)
[   30.221246] Call trace:
[   30.221268]  show_stack+0x20/0x38 (C)
[   30.221315]  dump_stack_lvl+0x8c/0xd0
[   30.221361]  print_report+0x118/0x5e8
[   30.221404]  kasan_report+0xdc/0x128
[   30.221445]  __asan_report_store1_noabort+0x20/0x30
[   30.221493]  krealloc_more_oob_helper+0x60c/0x678
[   30.221541]  krealloc_large_more_oob+0x20/0x38
[   30.221588]  kunit_try_run_case+0x170/0x3f0
[   30.221634]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.221684]  kthread+0x328/0x630
[   30.221725]  ret_from_fork+0x10/0x20
[   30.221770] 
[   30.221789] The buggy address belongs to the physical page:
[   30.221838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8
[   30.221889] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.221932] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.221981] page_type: f8(unknown)
[   30.222018] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.222064] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.222175] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.222291] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.222461] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff
[   30.222516] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.222562] page dumped because: kasan: bad access detected
[   30.222591] 
[   30.222608] Memory state around the buggy address:
[   30.222837]  fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.223107]  fff00000c9aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.223989] >fff00000c9aea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.224052]                                                           ^
[   30.224139]  fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.224183]  fff00000c9aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.224269] ==================================================================
[   30.144348] ==================================================================
[   30.144842] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.144994] Write of size 1 at addr fff00000c81a4cf0 by task kunit_try_catch/187
[   30.145106] 
[   30.145157] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   30.145522] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   30.145659] Hardware name: linux,dummy-virt (DT)
[   30.145727] Call trace:
[   30.145796]  show_stack+0x20/0x38 (C)
[   30.145959]  dump_stack_lvl+0x8c/0xd0
[   30.146060]  print_report+0x118/0x5e8
[   30.146167]  kasan_report+0xdc/0x128
[   30.146220]  __asan_report_store1_noabort+0x20/0x30
[   30.146277]  krealloc_more_oob_helper+0x5c0/0x678
[   30.146326]  krealloc_more_oob+0x20/0x38
[   30.146371]  kunit_try_run_case+0x170/0x3f0
[   30.146425]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.146484]  kthread+0x328/0x630
[   30.146533]  ret_from_fork+0x10/0x20
[   30.146579] 
[   30.146597] Allocated by task 187:
[   30.146626]  kasan_save_stack+0x3c/0x68
[   30.146671]  kasan_save_track+0x20/0x40
[   30.146706]  kasan_save_alloc_info+0x40/0x58
[   30.146752]  __kasan_krealloc+0x118/0x178
[   30.146786]  krealloc_noprof+0x128/0x360
[   30.147140]  krealloc_more_oob_helper+0x168/0x678
[   30.147408]  krealloc_more_oob+0x20/0x38
[   30.147670]  kunit_try_run_case+0x170/0x3f0
[   30.147848]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.148021]  kthread+0x328/0x630
[   30.148107]  ret_from_fork+0x10/0x20
[   30.148214] 
[   30.148482] The buggy address belongs to the object at fff00000c81a4c00
[   30.148482]  which belongs to the cache kmalloc-256 of size 256
[   30.148749] The buggy address is located 5 bytes to the right of
[   30.148749]  allocated 235-byte region [fff00000c81a4c00, fff00000c81a4ceb)
[   30.148954] 
[   30.149032] The buggy address belongs to the physical page:
[   30.149135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081a4
[   30.149190] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.149252] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.149677] page_type: f5(slab)
[   30.150161] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.150230] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.150658] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.150743] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.150847] head: 0bfffe0000000001 ffffc1ffc3206901 00000000ffffffff 00000000ffffffff
[   30.151493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.151604] page dumped because: kasan: bad access detected
[   30.151781] 
[   30.151880] Memory state around the buggy address:
[   30.152050]  fff00000c81a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.152137]  fff00000c81a4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.152213] >fff00000c81a4c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.152416]                                                              ^
[   30.152496]  fff00000c81a4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.152601]  fff00000c81a4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.152656] ==================================================================
[   30.227205] ==================================================================
[   30.227253] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.227304] Write of size 1 at addr fff00000c9aea0f0 by task kunit_try_catch/191
[   30.227352] 
[   30.227380] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   30.227465] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   30.227492] Hardware name: linux,dummy-virt (DT)
[   30.227521] Call trace:
[   30.227542]  show_stack+0x20/0x38 (C)
[   30.227587]  dump_stack_lvl+0x8c/0xd0
[   30.227641]  print_report+0x118/0x5e8
[   30.227685]  kasan_report+0xdc/0x128
[   30.227727]  __asan_report_store1_noabort+0x20/0x30
[   30.227776]  krealloc_more_oob_helper+0x5c0/0x678
[   30.228083]  krealloc_large_more_oob+0x20/0x38
[   30.228162]  kunit_try_run_case+0x170/0x3f0
[   30.228209]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.228261]  kthread+0x328/0x630
[   30.228494]  ret_from_fork+0x10/0x20
[   30.228799] 
[   30.228846] The buggy address belongs to the physical page:
[   30.228993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae8
[   30.229062] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.229105] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.229503] page_type: f8(unknown)
[   30.229625] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.229676] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.229783] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.230014] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.230502] head: 0bfffe0000000002 ffffc1ffc326ba01 00000000ffffffff 00000000ffffffff
[   30.230728] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.230969] page dumped because: kasan: bad access detected
[   30.231241] 
[   30.231268] Memory state around the buggy address:
[   30.231300]  fff00000c9ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.231636]  fff00000c9aea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.231851] >fff00000c9aea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.231961]                                                              ^
[   30.232222]  fff00000c9aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.232457]  fff00000c9aea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.232604] ==================================================================
[   30.136043] ==================================================================
[   30.136100] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.136156] Write of size 1 at addr fff00000c81a4ceb by task kunit_try_catch/187
[   30.136204] 
[   30.136236] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250722 #1 PREEMPT 
[   30.136320] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   30.136348] Hardware name: linux,dummy-virt (DT)
[   30.136378] Call trace:
[   30.136400]  show_stack+0x20/0x38 (C)
[   30.136447]  dump_stack_lvl+0x8c/0xd0
[   30.136491]  print_report+0x118/0x5e8
[   30.136534]  kasan_report+0xdc/0x128
[   30.136577]  __asan_report_store1_noabort+0x20/0x30
[   30.136627]  krealloc_more_oob_helper+0x60c/0x678
[   30.136676]  krealloc_more_oob+0x20/0x38
[   30.136721]  kunit_try_run_case+0x170/0x3f0
[   30.136768]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.137727]  kthread+0x328/0x630
[   30.137925]  ret_from_fork+0x10/0x20
[   30.138032] 
[   30.138135] Allocated by task 187:
[   30.138170]  kasan_save_stack+0x3c/0x68
[   30.138256]  kasan_save_track+0x20/0x40
[   30.138451]  kasan_save_alloc_info+0x40/0x58
[   30.138497]  __kasan_krealloc+0x118/0x178
[   30.138737]  krealloc_noprof+0x128/0x360
[   30.138841]  krealloc_more_oob_helper+0x168/0x678
[   30.138888]  krealloc_more_oob+0x20/0x38
[   30.138926]  kunit_try_run_case+0x170/0x3f0
[   30.139016]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.139235]  kthread+0x328/0x630
[   30.139392]  ret_from_fork+0x10/0x20
[   30.139525] 
[   30.139685] The buggy address belongs to the object at fff00000c81a4c00
[   30.139685]  which belongs to the cache kmalloc-256 of size 256
[   30.140069] The buggy address is located 0 bytes to the right of
[   30.140069]  allocated 235-byte region [fff00000c81a4c00, fff00000c81a4ceb)
[   30.140161] 
[   30.140489] The buggy address belongs to the physical page:
[   30.140660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1081a4
[   30.140737] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.140791] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.141018] page_type: f5(slab)
[   30.141261] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.141432] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.141527] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.141666] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.141753] head: 0bfffe0000000001 ffffc1ffc3206901 00000000ffffffff 00000000ffffffff
[   30.141829] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.142020] page dumped because: kasan: bad access detected
[   30.142294] 
[   30.142405] Memory state around the buggy address:
[   30.142496]  fff00000c81a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.142587]  fff00000c81a4c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.142846] >fff00000c81a4c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.142940]                                                           ^
[   30.143222]  fff00000c81a4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.143360]  fff00000c81a4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.143505] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30DTUf0OK0VH9qRRuXmJxNbWT3c

job_id

TEST:linaro@lkft#30DTZX2OzvYa7G43GSjb9LZqhSf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30DTZX2OzvYa7G43GSjb9LZqhSf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/Image.gz
sha256sum	d1cc5806bf2ddfbb3802a0a4fd0f8138bf5c842af834ddb398ed867c7a51e5d1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTVttUIAyPDjqFb1jPwYpI4UI/modules.tar.xz
sha256sum	452c7cc5a7d7fdc2801beb99bb9725c2d2534c879c8c3f4ae12898cd8ccb0426

durations

tests

boot	0
kunit	164.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   24.721318] ==================================================================
[   24.721991] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.722301] Write of size 1 at addr ffff888104a0faeb by task kunit_try_catch/204
[   24.722818] 
[   24.722932] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   24.722980] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.722993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.723014] Call Trace:
[   24.723027]  <TASK>
[   24.723042]  dump_stack_lvl+0x73/0xb0
[   24.723075]  print_report+0xd1/0x640
[   24.723099]  ? __virt_addr_valid+0x1db/0x2d0
[   24.723124]  ? krealloc_more_oob_helper+0x821/0x930
[   24.723147]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.723188]  ? krealloc_more_oob_helper+0x821/0x930
[   24.723212]  kasan_report+0x141/0x180
[   24.723235]  ? krealloc_more_oob_helper+0x821/0x930
[   24.723263]  __asan_report_store1_noabort+0x1b/0x30
[   24.723287]  krealloc_more_oob_helper+0x821/0x930
[   24.723310]  ? __schedule+0x10da/0x2b60
[   24.723335]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.723359]  ? finish_task_switch.isra.0+0x153/0x700
[   24.723381]  ? __switch_to+0x47/0xf80
[   24.723412]  ? __schedule+0x10da/0x2b60
[   24.723437]  ? __pfx_read_tsc+0x10/0x10
[   24.723513]  krealloc_more_oob+0x1c/0x30
[   24.723539]  kunit_try_run_case+0x1a5/0x480
[   24.723565]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.723588]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.723613]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.723637]  ? __kthread_parkme+0x82/0x180
[   24.723658]  ? preempt_count_sub+0x50/0x80
[   24.723680]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.723704]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.723727]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.723752]  kthread+0x337/0x6f0
[   24.723772]  ? trace_preempt_on+0x20/0xc0
[   24.723797]  ? __pfx_kthread+0x10/0x10
[   24.723817]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.723854]  ? calculate_sigpending+0x7b/0xa0
[   24.723878]  ? __pfx_kthread+0x10/0x10
[   24.723899]  ret_from_fork+0x116/0x1d0
[   24.723919]  ? __pfx_kthread+0x10/0x10
[   24.723940]  ret_from_fork_asm+0x1a/0x30
[   24.723971]  </TASK>
[   24.723982] 
[   24.733129] Allocated by task 204:
[   24.733306]  kasan_save_stack+0x45/0x70
[   24.734018]  kasan_save_track+0x18/0x40
[   24.734414]  kasan_save_alloc_info+0x3b/0x50
[   24.734686]  __kasan_krealloc+0x190/0x1f0
[   24.734882]  krealloc_noprof+0xf3/0x340
[   24.735061]  krealloc_more_oob_helper+0x1a9/0x930
[   24.735662]  krealloc_more_oob+0x1c/0x30
[   24.736191]  kunit_try_run_case+0x1a5/0x480
[   24.736408]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.736820]  kthread+0x337/0x6f0
[   24.737012]  ret_from_fork+0x116/0x1d0
[   24.737432]  ret_from_fork_asm+0x1a/0x30
[   24.737922] 
[   24.738029] The buggy address belongs to the object at ffff888104a0fa00
[   24.738029]  which belongs to the cache kmalloc-256 of size 256
[   24.739124] The buggy address is located 0 bytes to the right of
[   24.739124]  allocated 235-byte region [ffff888104a0fa00, ffff888104a0faeb)
[   24.739999] 
[   24.740100] The buggy address belongs to the physical page:
[   24.740641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a0e
[   24.741137] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.741452] flags: 0x200000000000040(head|node=0|zone=2)
[   24.741989] page_type: f5(slab)
[   24.742343] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.742891] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.743447] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.743964] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.744709] head: 0200000000000001 ffffea0004128381 00000000ffffffff 00000000ffffffff
[   24.745134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.745619] page dumped because: kasan: bad access detected
[   24.745841] 
[   24.745913] Memory state around the buggy address:
[   24.746098]  ffff888104a0f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.747054]  ffff888104a0fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.747547] >ffff888104a0fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.748046]                                                           ^
[   24.748722]  ffff888104a0fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.749333]  ffff888104a0fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.749778] ==================================================================
[   24.889952] ==================================================================
[   24.890388] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.890718] Write of size 1 at addr ffff88810618e0eb by task kunit_try_catch/208
[   24.891114] 
[   24.891378] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   24.891430] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.891443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.891464] Call Trace:
[   24.891477]  <TASK>
[   24.891493]  dump_stack_lvl+0x73/0xb0
[   24.891525]  print_report+0xd1/0x640
[   24.891549]  ? __virt_addr_valid+0x1db/0x2d0
[   24.891574]  ? krealloc_more_oob_helper+0x821/0x930
[   24.891598]  ? kasan_addr_to_slab+0x11/0xa0
[   24.891673]  ? krealloc_more_oob_helper+0x821/0x930
[   24.891698]  kasan_report+0x141/0x180
[   24.891721]  ? krealloc_more_oob_helper+0x821/0x930
[   24.891749]  __asan_report_store1_noabort+0x1b/0x30
[   24.891774]  krealloc_more_oob_helper+0x821/0x930
[   24.891796]  ? __schedule+0x10da/0x2b60
[   24.891822]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.891860]  ? finish_task_switch.isra.0+0x153/0x700
[   24.891882]  ? __switch_to+0x47/0xf80
[   24.891910]  ? __schedule+0x10da/0x2b60
[   24.891935]  ? __pfx_read_tsc+0x10/0x10
[   24.891960]  krealloc_large_more_oob+0x1c/0x30
[   24.891984]  kunit_try_run_case+0x1a5/0x480
[   24.892009]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.892032]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.892057]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.892082]  ? __kthread_parkme+0x82/0x180
[   24.892102]  ? preempt_count_sub+0x50/0x80
[   24.892126]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.892151]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.892185]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.892210]  kthread+0x337/0x6f0
[   24.892231]  ? trace_preempt_on+0x20/0xc0
[   24.892255]  ? __pfx_kthread+0x10/0x10
[   24.892276]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.892299]  ? calculate_sigpending+0x7b/0xa0
[   24.892324]  ? __pfx_kthread+0x10/0x10
[   24.892345]  ret_from_fork+0x116/0x1d0
[   24.892365]  ? __pfx_kthread+0x10/0x10
[   24.892385]  ret_from_fork_asm+0x1a/0x30
[   24.892417]  </TASK>
[   24.892428] 
[   24.900174] The buggy address belongs to the physical page:
[   24.900417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c
[   24.901622] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.901901] flags: 0x200000000000040(head|node=0|zone=2)
[   24.902150] page_type: f8(unknown)
[   24.902280] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.902869] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.903228] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.903537] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.903874] head: 0200000000000002 ffffea0004186301 00000000ffffffff 00000000ffffffff
[   24.904614] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.904970] page dumped because: kasan: bad access detected
[   24.905461] 
[   24.905557] Memory state around the buggy address:
[   24.905982]  ffff88810618df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.906679]  ffff88810618e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.907155] >ffff88810618e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.907635]                                                           ^
[   24.908140]  ffff88810618e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.908573]  ffff88810618e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.908877] ==================================================================
[   24.910674] ==================================================================
[   24.911283] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.912129] Write of size 1 at addr ffff88810618e0f0 by task kunit_try_catch/208
[   24.912432] 
[   24.912904] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   24.912958] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.912972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.912993] Call Trace:
[   24.913006]  <TASK>
[   24.913021]  dump_stack_lvl+0x73/0xb0
[   24.913051]  print_report+0xd1/0x640
[   24.913075]  ? __virt_addr_valid+0x1db/0x2d0
[   24.913098]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.913122]  ? kasan_addr_to_slab+0x11/0xa0
[   24.913144]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.913292]  kasan_report+0x141/0x180
[   24.913322]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.913352]  __asan_report_store1_noabort+0x1b/0x30
[   24.913377]  krealloc_more_oob_helper+0x7eb/0x930
[   24.913401]  ? __schedule+0x10da/0x2b60
[   24.913478]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.913504]  ? finish_task_switch.isra.0+0x153/0x700
[   24.913526]  ? __switch_to+0x47/0xf80
[   24.913553]  ? __schedule+0x10da/0x2b60
[   24.913577]  ? __pfx_read_tsc+0x10/0x10
[   24.913602]  krealloc_large_more_oob+0x1c/0x30
[   24.913625]  kunit_try_run_case+0x1a5/0x480
[   24.913650]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.913673]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.913697]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.913722]  ? __kthread_parkme+0x82/0x180
[   24.913743]  ? preempt_count_sub+0x50/0x80
[   24.913765]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.913789]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.913813]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.913846]  kthread+0x337/0x6f0
[   24.913867]  ? trace_preempt_on+0x20/0xc0
[   24.913889]  ? __pfx_kthread+0x10/0x10
[   24.913910]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.913934]  ? calculate_sigpending+0x7b/0xa0
[   24.913958]  ? __pfx_kthread+0x10/0x10
[   24.913979]  ret_from_fork+0x116/0x1d0
[   24.913999]  ? __pfx_kthread+0x10/0x10
[   24.914020]  ret_from_fork_asm+0x1a/0x30
[   24.914051]  </TASK>
[   24.914062] 
[   24.922566] The buggy address belongs to the physical page:
[   24.922788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c
[   24.923140] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.923625] flags: 0x200000000000040(head|node=0|zone=2)
[   24.923903] page_type: f8(unknown)
[   24.924061] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.924298] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.924690] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.925166] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.925426] head: 0200000000000002 ffffea0004186301 00000000ffffffff 00000000ffffffff
[   24.925973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.926361] page dumped because: kasan: bad access detected
[   24.926585] 
[   24.926657] Memory state around the buggy address:
[   24.926873]  ffff88810618df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.927092]  ffff88810618e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.927312] >ffff88810618e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.927527]                                                              ^
[   24.927843]  ffff88810618e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.928351]  ffff88810618e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.928798] ==================================================================
[   24.750308] ==================================================================
[   24.750678] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.751022] Write of size 1 at addr ffff888104a0faf0 by task kunit_try_catch/204
[   24.751326] 
[   24.751476] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) 
[   24.751523] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.751535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.751555] Call Trace:
[   24.751572]  <TASK>
[   24.751588]  dump_stack_lvl+0x73/0xb0
[   24.751614]  print_report+0xd1/0x640
[   24.751637]  ? __virt_addr_valid+0x1db/0x2d0
[   24.751662]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.751685]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.751712]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.751736]  kasan_report+0x141/0x180
[   24.751758]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.751786]  __asan_report_store1_noabort+0x1b/0x30
[   24.751811]  krealloc_more_oob_helper+0x7eb/0x930
[   24.751845]  ? __schedule+0x10da/0x2b60
[   24.751870]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.751895]  ? finish_task_switch.isra.0+0x153/0x700
[   24.751917]  ? __switch_to+0x47/0xf80
[   24.751944]  ? __schedule+0x10da/0x2b60
[   24.751969]  ? __pfx_read_tsc+0x10/0x10
[   24.751994]  krealloc_more_oob+0x1c/0x30
[   24.752016]  kunit_try_run_case+0x1a5/0x480
[   24.752041]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.752063]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.752088]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.752113]  ? __kthread_parkme+0x82/0x180
[   24.752133]  ? preempt_count_sub+0x50/0x80
[   24.752155]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.752179]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.752203]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.752226]  kthread+0x337/0x6f0
[   24.752246]  ? trace_preempt_on+0x20/0xc0
[   24.752269]  ? __pfx_kthread+0x10/0x10
[   24.752290]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.752313]  ? calculate_sigpending+0x7b/0xa0
[   24.752337]  ? __pfx_kthread+0x10/0x10
[   24.752359]  ret_from_fork+0x116/0x1d0
[   24.752379]  ? __pfx_kthread+0x10/0x10
[   24.752399]  ret_from_fork_asm+0x1a/0x30
[   24.752430]  </TASK>
[   24.752441] 
[   24.760981] Allocated by task 204:
[   24.761136]  kasan_save_stack+0x45/0x70
[   24.761340]  kasan_save_track+0x18/0x40
[   24.761658]  kasan_save_alloc_info+0x3b/0x50
[   24.761892]  __kasan_krealloc+0x190/0x1f0
[   24.762042]  krealloc_noprof+0xf3/0x340
[   24.762181]  krealloc_more_oob_helper+0x1a9/0x930
[   24.762340]  krealloc_more_oob+0x1c/0x30
[   24.762476]  kunit_try_run_case+0x1a5/0x480
[   24.762675]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.763225]  kthread+0x337/0x6f0
[   24.763396]  ret_from_fork+0x116/0x1d0
[   24.763580]  ret_from_fork_asm+0x1a/0x30
[   24.763936] 
[   24.764011] The buggy address belongs to the object at ffff888104a0fa00
[   24.764011]  which belongs to the cache kmalloc-256 of size 256
[   24.764789] The buggy address is located 5 bytes to the right of
[   24.764789]  allocated 235-byte region [ffff888104a0fa00, ffff888104a0faeb)
[   24.765263] 
[   24.765366] The buggy address belongs to the physical page:
[   24.765893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a0e
[   24.766228] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.766587] flags: 0x200000000000040(head|node=0|zone=2)
[   24.766803] page_type: f5(slab)
[   24.766983] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.767231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.767475] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.767710] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.768055] head: 0200000000000001 ffffea0004128381 00000000ffffffff 00000000ffffffff
[   24.768760] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.769121] page dumped because: kasan: bad access detected
[   24.769409] 
[   24.769650] Memory state around the buggy address:
[   24.769818]  ffff888104a0f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.770054]  ffff888104a0fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.770617] >ffff888104a0fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.770961]                                                              ^
[   24.771337]  ffff888104a0fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.771606]  ffff888104a0fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.771997] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30DTUf0OK0VH9qRRuXmJxNbWT3c

job_id

TEST:linaro@lkft#30DTaY6z8UwWD3YGu9YRztFNOsK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30DTaY6z8UwWD3YGu9YRztFNOsK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTXAeOhEZKsCgysZTjz87X5dZ/bzImage
sha256sum	1dd9efd1ac1eaef764f151ccb4e75e2e5c7d980bfbf23ba6be71db9b997a5fe3

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30DTXAeOhEZKsCgysZTjz87X5dZ/modules.tar.xz
sha256sum	9563d5b087e0cfc4afa89d2de9a36b56201d28fc6e930509c5f9737522fc7569

durations

tests

boot	0
kunit	240.24

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit