lkft/linux-next-master - next-20250723 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 23, 2025, 3:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   30.254124] ==================================================================
[   30.254473] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.254561] Write of size 1 at addr fff00000c9ae60eb by task kunit_try_catch/193
[   30.254614] 
[   30.254827] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.255101] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.255167] Hardware name: linux,dummy-virt (DT)
[   30.255217] Call trace:
[   30.255245]  show_stack+0x20/0x38 (C)
[   30.255816]  dump_stack_lvl+0x8c/0xd0
[   30.256069]  print_report+0x118/0x5e8
[   30.256127]  kasan_report+0xdc/0x128
[   30.256171]  __asan_report_store1_noabort+0x20/0x30
[   30.256218]  krealloc_more_oob_helper+0x60c/0x678
[   30.256418]  krealloc_large_more_oob+0x20/0x38
[   30.256886]  kunit_try_run_case+0x170/0x3f0
[   30.257072]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.257230]  kthread+0x328/0x630
[   30.257319]  ret_from_fork+0x10/0x20
[   30.257461] 
[   30.257501] The buggy address belongs to the physical page:
[   30.257556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae4
[   30.257675] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.257745] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.257957] page_type: f8(unknown)
[   30.258164] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.258275] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.258367] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.258585] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.258698] head: 0bfffe0000000002 ffffc1ffc326b901 00000000ffffffff 00000000ffffffff
[   30.258884] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.259016] page dumped because: kasan: bad access detected
[   30.259057] 
[   30.259085] Memory state around the buggy address:
[   30.259249]  fff00000c9ae5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.259640]  fff00000c9ae6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.259869] >fff00000c9ae6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.259923]                                                           ^
[   30.260276]  fff00000c9ae6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.260410]  fff00000c9ae6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.260474] ==================================================================
[   30.169020] ==================================================================
[   30.169078] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   30.169132] Write of size 1 at addr fff00000c91e62eb by task kunit_try_catch/189
[   30.169195] 
[   30.169225] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.169565] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.169604] Hardware name: linux,dummy-virt (DT)
[   30.169725] Call trace:
[   30.169809]  show_stack+0x20/0x38 (C)
[   30.169884]  dump_stack_lvl+0x8c/0xd0
[   30.169941]  print_report+0x118/0x5e8
[   30.169984]  kasan_report+0xdc/0x128
[   30.170032]  __asan_report_store1_noabort+0x20/0x30
[   30.170258]  krealloc_more_oob_helper+0x60c/0x678
[   30.170353]  krealloc_more_oob+0x20/0x38
[   30.170469]  kunit_try_run_case+0x170/0x3f0
[   30.170521]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.170577]  kthread+0x328/0x630
[   30.170631]  ret_from_fork+0x10/0x20
[   30.170678] 
[   30.170697] Allocated by task 189:
[   30.170756]  kasan_save_stack+0x3c/0x68
[   30.170917]  kasan_save_track+0x20/0x40
[   30.170951]  kasan_save_alloc_info+0x40/0x58
[   30.170987]  __kasan_krealloc+0x118/0x178
[   30.171021]  krealloc_noprof+0x128/0x360
[   30.171055]  krealloc_more_oob_helper+0x168/0x678
[   30.171395]  krealloc_more_oob+0x20/0x38
[   30.171457]  kunit_try_run_case+0x170/0x3f0
[   30.171493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.171535]  kthread+0x328/0x630
[   30.171914]  ret_from_fork+0x10/0x20
[   30.171966] 
[   30.171988] The buggy address belongs to the object at fff00000c91e6200
[   30.171988]  which belongs to the cache kmalloc-256 of size 256
[   30.172046] The buggy address is located 0 bytes to the right of
[   30.172046]  allocated 235-byte region [fff00000c91e6200, fff00000c91e62eb)
[   30.172108] 
[   30.172129] The buggy address belongs to the physical page:
[   30.172166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091e6
[   30.172237] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.172327] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.172444] page_type: f5(slab)
[   30.172480] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.172779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.173379] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.173446] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.174007] head: 0bfffe0000000001 ffffc1ffc3247981 00000000ffffffff 00000000ffffffff
[   30.174058] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.174096] page dumped because: kasan: bad access detected
[   30.174125] 
[   30.174142] Memory state around the buggy address:
[   30.174957]  fff00000c91e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.175297]  fff00000c91e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.175812] >fff00000c91e6280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.175878]                                                           ^
[   30.176483]  fff00000c91e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.176766]  fff00000c91e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.177180] ==================================================================
[   30.179035] ==================================================================
[   30.180670] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.181075] Write of size 1 at addr fff00000c91e62f0 by task kunit_try_catch/189
[   30.181520] 
[   30.182073] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.182878] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.182920] Hardware name: linux,dummy-virt (DT)
[   30.183789] Call trace:
[   30.183832]  show_stack+0x20/0x38 (C)
[   30.184194]  dump_stack_lvl+0x8c/0xd0
[   30.184248]  print_report+0x118/0x5e8
[   30.184292]  kasan_report+0xdc/0x128
[   30.184333]  __asan_report_store1_noabort+0x20/0x30
[   30.184380]  krealloc_more_oob_helper+0x5c0/0x678
[   30.185395]  krealloc_more_oob+0x20/0x38
[   30.185849]  kunit_try_run_case+0x170/0x3f0
[   30.186081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.186709]  kthread+0x328/0x630
[   30.187195]  ret_from_fork+0x10/0x20
[   30.187339] 
[   30.187406] Allocated by task 189:
[   30.187434]  kasan_save_stack+0x3c/0x68
[   30.187476]  kasan_save_track+0x20/0x40
[   30.188499]  kasan_save_alloc_info+0x40/0x58
[   30.188554]  __kasan_krealloc+0x118/0x178
[   30.189350]  krealloc_noprof+0x128/0x360
[   30.189509]  krealloc_more_oob_helper+0x168/0x678
[   30.189657]  krealloc_more_oob+0x20/0x38
[   30.190054]  kunit_try_run_case+0x170/0x3f0
[   30.190548]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.190743]  kthread+0x328/0x630
[   30.191050]  ret_from_fork+0x10/0x20
[   30.191463] 
[   30.191502] The buggy address belongs to the object at fff00000c91e6200
[   30.191502]  which belongs to the cache kmalloc-256 of size 256
[   30.192129] The buggy address is located 5 bytes to the right of
[   30.192129]  allocated 235-byte region [fff00000c91e6200, fff00000c91e62eb)
[   30.192252] 
[   30.192858] The buggy address belongs to the physical page:
[   30.192929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091e6
[   30.193728] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.193786] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.194531] page_type: f5(slab)
[   30.194615] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.194850] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.195233] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   30.195752] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.195859] head: 0bfffe0000000001 ffffc1ffc3247981 00000000ffffffff 00000000ffffffff
[   30.195940] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.196685] page dumped because: kasan: bad access detected
[   30.196724] 
[   30.196745] Memory state around the buggy address:
[   30.197299]  fff00000c91e6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.197490]  fff00000c91e6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.197581] >fff00000c91e6280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   30.197734]                                                              ^
[   30.198467]  fff00000c91e6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.198762]  fff00000c91e6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.199129] ==================================================================
[   30.263613] ==================================================================
[   30.263668] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   30.263996] Write of size 1 at addr fff00000c9ae60f0 by task kunit_try_catch/193
[   30.264127] 
[   30.264165] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT 
[   30.264249] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.264402] Hardware name: linux,dummy-virt (DT)
[   30.264464] Call trace:
[   30.264488]  show_stack+0x20/0x38 (C)
[   30.264772]  dump_stack_lvl+0x8c/0xd0
[   30.265019]  print_report+0x118/0x5e8
[   30.265073]  kasan_report+0xdc/0x128
[   30.265116]  __asan_report_store1_noabort+0x20/0x30
[   30.265163]  krealloc_more_oob_helper+0x5c0/0x678
[   30.265635]  krealloc_large_more_oob+0x20/0x38
[   30.265735]  kunit_try_run_case+0x170/0x3f0
[   30.265931]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.266155]  kthread+0x328/0x630
[   30.266227]  ret_from_fork+0x10/0x20
[   30.266541] 
[   30.266670] The buggy address belongs to the physical page:
[   30.266838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109ae4
[   30.267068] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.267195] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.267421] page_type: f8(unknown)
[   30.267659] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.267775] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.267832] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.268158] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.268310] head: 0bfffe0000000002 ffffc1ffc326b901 00000000ffffffff 00000000ffffffff
[   30.268385] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.268667] page dumped because: kasan: bad access detected
[   30.268883] 
[   30.268984] Memory state around the buggy address:
[   30.269018]  fff00000c9ae5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.269309]  fff00000c9ae6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.269473] >fff00000c9ae6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   30.269566]                                                              ^
[   30.269634]  fff00000c9ae6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.269681]  fff00000c9ae6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.269743] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3i68xlwMFkooOhGrPcdOJwq6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3i68xlwMFkooOhGrPcdOJwq6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/Image.gz
sha256sum	b30e1898089cf202216a8d94747025c3be63110289f9fb6007e080b423a71d05

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3dqLJvp4LyPfe7hM64XXnTL3/modules.tar.xz
sha256sum	eb69e4b4edadc912a9040d92071e298890d9adf22425e3972f798522efd0a9a6

durations

tests

boot	0
kunit	175.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   24.726592] ==================================================================
[   24.727554] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.728038] Write of size 1 at addr ffff8881048150f0 by task kunit_try_catch/205
[   24.728886] 
[   24.729093] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.729144] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.729168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.729190] Call Trace:
[   24.729203]  <TASK>
[   24.729222]  dump_stack_lvl+0x73/0xb0
[   24.729254]  print_report+0xd1/0x640
[   24.729277]  ? __virt_addr_valid+0x1db/0x2d0
[   24.729302]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.729325]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.729350]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.729374]  kasan_report+0x141/0x180
[   24.729519]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.729548]  __asan_report_store1_noabort+0x1b/0x30
[   24.729574]  krealloc_more_oob_helper+0x7eb/0x930
[   24.729597]  ? __schedule+0x10da/0x2b60
[   24.729623]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.729646]  ? finish_task_switch.isra.0+0x153/0x700
[   24.729668]  ? __switch_to+0x47/0xf80
[   24.729694]  ? __schedule+0x10da/0x2b60
[   24.729718]  ? __pfx_read_tsc+0x10/0x10
[   24.729743]  krealloc_more_oob+0x1c/0x30
[   24.729764]  kunit_try_run_case+0x1a5/0x480
[   24.729790]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.729812]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.729836]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.729861]  ? __kthread_parkme+0x82/0x180
[   24.729881]  ? preempt_count_sub+0x50/0x80
[   24.729904]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.729927]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.729958]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.729981]  kthread+0x337/0x6f0
[   24.730001]  ? trace_preempt_on+0x20/0xc0
[   24.730026]  ? __pfx_kthread+0x10/0x10
[   24.730047]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.730070]  ? calculate_sigpending+0x7b/0xa0
[   24.730094]  ? __pfx_kthread+0x10/0x10
[   24.730115]  ret_from_fork+0x116/0x1d0
[   24.730134]  ? __pfx_kthread+0x10/0x10
[   24.730167]  ret_from_fork_asm+0x1a/0x30
[   24.730198]  </TASK>
[   24.730210] 
[   24.745683] Allocated by task 205:
[   24.746098]  kasan_save_stack+0x45/0x70
[   24.746278]  kasan_save_track+0x18/0x40
[   24.746422]  kasan_save_alloc_info+0x3b/0x50
[   24.746792]  __kasan_krealloc+0x190/0x1f0
[   24.747459]  krealloc_noprof+0xf3/0x340
[   24.747825]  krealloc_more_oob_helper+0x1a9/0x930
[   24.748379]  krealloc_more_oob+0x1c/0x30
[   24.748730]  kunit_try_run_case+0x1a5/0x480
[   24.749167]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.749347]  kthread+0x337/0x6f0
[   24.749670]  ret_from_fork+0x116/0x1d0
[   24.750069]  ret_from_fork_asm+0x1a/0x30
[   24.750528] 
[   24.750710] The buggy address belongs to the object at ffff888104815000
[   24.750710]  which belongs to the cache kmalloc-256 of size 256
[   24.751530] The buggy address is located 5 bytes to the right of
[   24.751530]  allocated 235-byte region [ffff888104815000, ffff8881048150eb)
[   24.752572] 
[   24.752763] The buggy address belongs to the physical page:
[   24.753309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104814
[   24.754164] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.754472] flags: 0x200000000000040(head|node=0|zone=2)
[   24.754643] page_type: f5(slab)
[   24.754790] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.755553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.756295] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.757179] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.758067] head: 0200000000000001 ffffea0004120501 00000000ffffffff 00000000ffffffff
[   24.758367] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.759141] page dumped because: kasan: bad access detected
[   24.759718] 
[   24.759784] Memory state around the buggy address:
[   24.759932]  ffff888104814f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.760137]  ffff888104815000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.760358] >ffff888104815080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.760845]                                                              ^
[   24.761548]  ffff888104815100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.762299]  ffff888104815180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.763040] ==================================================================
[   24.932553] ==================================================================
[   24.932903] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.933222] Write of size 1 at addr ffff8881060da0f0 by task kunit_try_catch/209
[   24.933820] 
[   24.933924] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.933974] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.933986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.934006] Call Trace:
[   24.934019]  <TASK>
[   24.934037]  dump_stack_lvl+0x73/0xb0
[   24.934069]  print_report+0xd1/0x640
[   24.934091]  ? __virt_addr_valid+0x1db/0x2d0
[   24.934116]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.934139]  ? kasan_addr_to_slab+0x11/0xa0
[   24.934174]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.934198]  kasan_report+0x141/0x180
[   24.934219]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.934247]  __asan_report_store1_noabort+0x1b/0x30
[   24.934271]  krealloc_more_oob_helper+0x7eb/0x930
[   24.934293]  ? __schedule+0x10da/0x2b60
[   24.934318]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.934341]  ? finish_task_switch.isra.0+0x153/0x700
[   24.934362]  ? __switch_to+0x47/0xf80
[   24.934606]  ? __schedule+0x10da/0x2b60
[   24.934636]  ? __pfx_read_tsc+0x10/0x10
[   24.934661]  krealloc_large_more_oob+0x1c/0x30
[   24.934685]  kunit_try_run_case+0x1a5/0x480
[   24.934711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.934733]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.934757]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.934782]  ? __kthread_parkme+0x82/0x180
[   24.934802]  ? preempt_count_sub+0x50/0x80
[   24.934825]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.934848]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.934872]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.934894]  kthread+0x337/0x6f0
[   24.934915]  ? trace_preempt_on+0x20/0xc0
[   24.934939]  ? __pfx_kthread+0x10/0x10
[   24.934975]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.934998]  ? calculate_sigpending+0x7b/0xa0
[   24.935022]  ? __pfx_kthread+0x10/0x10
[   24.935043]  ret_from_fork+0x116/0x1d0
[   24.935063]  ? __pfx_kthread+0x10/0x10
[   24.935083]  ret_from_fork_asm+0x1a/0x30
[   24.935115]  </TASK>
[   24.935126] 
[   24.943984] The buggy address belongs to the physical page:
[   24.944277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8
[   24.944646] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.945020] flags: 0x200000000000040(head|node=0|zone=2)
[   24.945589] page_type: f8(unknown)
[   24.945764] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.946119] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.946435] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.946805] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.947252] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff
[   24.947610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.947964] page dumped because: kasan: bad access detected
[   24.948250] 
[   24.948607] Memory state around the buggy address:
[   24.948869]  ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.949111]  ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.949491] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.949812]                                                              ^
[   24.950234]  ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.950576]  ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.950910] ==================================================================
[   24.904834] ==================================================================
[   24.906091] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.906494] Write of size 1 at addr ffff8881060da0eb by task kunit_try_catch/209
[   24.906906] 
[   24.907900] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.907965] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.907978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.908000] Call Trace:
[   24.908017]  <TASK>
[   24.908038]  dump_stack_lvl+0x73/0xb0
[   24.908072]  print_report+0xd1/0x640
[   24.908096]  ? __virt_addr_valid+0x1db/0x2d0
[   24.908121]  ? krealloc_more_oob_helper+0x821/0x930
[   24.908158]  ? kasan_addr_to_slab+0x11/0xa0
[   24.908179]  ? krealloc_more_oob_helper+0x821/0x930
[   24.908202]  kasan_report+0x141/0x180
[   24.908224]  ? krealloc_more_oob_helper+0x821/0x930
[   24.908252]  __asan_report_store1_noabort+0x1b/0x30
[   24.908276]  krealloc_more_oob_helper+0x821/0x930
[   24.908298]  ? __schedule+0x10da/0x2b60
[   24.908323]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.908346]  ? finish_task_switch.isra.0+0x153/0x700
[   24.908423]  ? __switch_to+0x47/0xf80
[   24.908457]  ? __schedule+0x10da/0x2b60
[   24.908481]  ? __pfx_read_tsc+0x10/0x10
[   24.908505]  krealloc_large_more_oob+0x1c/0x30
[   24.908528]  kunit_try_run_case+0x1a5/0x480
[   24.908554]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.908576]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.908600]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.908625]  ? __kthread_parkme+0x82/0x180
[   24.908645]  ? preempt_count_sub+0x50/0x80
[   24.908668]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.908691]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.908714]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.908736]  kthread+0x337/0x6f0
[   24.908757]  ? trace_preempt_on+0x20/0xc0
[   24.908781]  ? __pfx_kthread+0x10/0x10
[   24.908801]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.908824]  ? calculate_sigpending+0x7b/0xa0
[   24.908848]  ? __pfx_kthread+0x10/0x10
[   24.908868]  ret_from_fork+0x116/0x1d0
[   24.908888]  ? __pfx_kthread+0x10/0x10
[   24.908908]  ret_from_fork_asm+0x1a/0x30
[   24.908941]  </TASK>
[   24.908952] 
[   24.922637] The buggy address belongs to the physical page:
[   24.923121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8
[   24.923947] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.924623] flags: 0x200000000000040(head|node=0|zone=2)
[   24.925074] page_type: f8(unknown)
[   24.925214] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.925525] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.926181] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.926901] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.927729] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff
[   24.928224] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.928627] page dumped because: kasan: bad access detected
[   24.929186] 
[   24.929337] Memory state around the buggy address:
[   24.929807]  ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.930486]  ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.930699] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.930902]                                                           ^
[   24.931228]  ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.931497]  ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.931847] ==================================================================
[   24.685561] ==================================================================
[   24.686058] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.686616] Write of size 1 at addr ffff8881048150eb by task kunit_try_catch/205
[   24.687634] 
[   24.687880] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) 
[   24.687937] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.687950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.687972] Call Trace:
[   24.687986]  <TASK>
[   24.688005]  dump_stack_lvl+0x73/0xb0
[   24.688039]  print_report+0xd1/0x640
[   24.688064]  ? __virt_addr_valid+0x1db/0x2d0
[   24.688088]  ? krealloc_more_oob_helper+0x821/0x930
[   24.688111]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.688136]  ? krealloc_more_oob_helper+0x821/0x930
[   24.688171]  kasan_report+0x141/0x180
[   24.688193]  ? krealloc_more_oob_helper+0x821/0x930
[   24.688220]  __asan_report_store1_noabort+0x1b/0x30
[   24.688244]  krealloc_more_oob_helper+0x821/0x930
[   24.688266]  ? __schedule+0x10da/0x2b60
[   24.688405]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.688525]  ? finish_task_switch.isra.0+0x153/0x700
[   24.688550]  ? __switch_to+0x47/0xf80
[   24.688591]  ? __schedule+0x10da/0x2b60
[   24.688616]  ? __pfx_read_tsc+0x10/0x10
[   24.688640]  krealloc_more_oob+0x1c/0x30
[   24.688662]  kunit_try_run_case+0x1a5/0x480
[   24.688688]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.688710]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.688734]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.688759]  ? __kthread_parkme+0x82/0x180
[   24.688778]  ? preempt_count_sub+0x50/0x80
[   24.688801]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.688824]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.688846]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.688869]  kthread+0x337/0x6f0
[   24.688888]  ? trace_preempt_on+0x20/0xc0
[   24.688914]  ? __pfx_kthread+0x10/0x10
[   24.688934]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.688967]  ? calculate_sigpending+0x7b/0xa0
[   24.688992]  ? __pfx_kthread+0x10/0x10
[   24.689012]  ret_from_fork+0x116/0x1d0
[   24.689032]  ? __pfx_kthread+0x10/0x10
[   24.689052]  ret_from_fork_asm+0x1a/0x30
[   24.689083]  </TASK>
[   24.689094] 
[   24.705645] Allocated by task 205:
[   24.705885]  kasan_save_stack+0x45/0x70
[   24.706319]  kasan_save_track+0x18/0x40
[   24.706693]  kasan_save_alloc_info+0x3b/0x50
[   24.707253]  __kasan_krealloc+0x190/0x1f0
[   24.707716]  krealloc_noprof+0xf3/0x340
[   24.708170]  krealloc_more_oob_helper+0x1a9/0x930
[   24.708635]  krealloc_more_oob+0x1c/0x30
[   24.709100]  kunit_try_run_case+0x1a5/0x480
[   24.709504]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.710034]  kthread+0x337/0x6f0
[   24.710330]  ret_from_fork+0x116/0x1d0
[   24.710466]  ret_from_fork_asm+0x1a/0x30
[   24.711033] 
[   24.711253] The buggy address belongs to the object at ffff888104815000
[   24.711253]  which belongs to the cache kmalloc-256 of size 256
[   24.712686] The buggy address is located 0 bytes to the right of
[   24.712686]  allocated 235-byte region [ffff888104815000, ffff8881048150eb)
[   24.713414] 
[   24.713507] The buggy address belongs to the physical page:
[   24.713691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104814
[   24.713937] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.714953] flags: 0x200000000000040(head|node=0|zone=2)
[   24.715460] page_type: f5(slab)
[   24.715818] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.716745] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.717567] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   24.718448] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.719212] head: 0200000000000001 ffffea0004120501 00000000ffffffff 00000000ffffffff
[   24.719798] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.720074] page dumped because: kasan: bad access detected
[   24.720785] 
[   24.720954] Memory state around the buggy address:
[   24.721551]  ffff888104814f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.722275]  ffff888104815000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.723074] >ffff888104815080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.723312]                                                           ^
[   24.723979]  ffff888104815100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.724729]  ffff888104815180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.725274] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30G3cJ1sbXw9qzJ7BlfPJWioYpf

job_id

TEST:linaro@lkft#30G3j74iQKw0QFlrSngm0dpeaMJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30G3j74iQKw0QFlrSngm0dpeaMJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/bzImage
sha256sum	371f4f87cae012670505649e4e687713b51a0312ceeb0d149c78e0b6bf6d272b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30G3fQvMn9HcF0DxVKKJ5x3GX38/modules.tar.xz
sha256sum	1a60ff32537a1f4915659be5386778e0052a5e702d5e77815e3fc933dbd119e2

durations

tests

boot	0
kunit	253.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit