lkft/linux-next-master - next-20250724 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 24, 2025, 4:41 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.297301] ==================================================================
[   32.297437] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   32.297553] Write of size 1 at addr fff00000c8575ceb by task kunit_try_catch/187
[   32.297605] 
[   32.297682] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   32.297783] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.297828] Hardware name: linux,dummy-virt (DT)
[   32.297861] Call trace:
[   32.297981]  show_stack+0x20/0x38 (C)
[   32.298035]  dump_stack_lvl+0x8c/0xd0
[   32.298081]  print_report+0x118/0x5e8
[   32.298249]  kasan_report+0xdc/0x128
[   32.298367]  __asan_report_store1_noabort+0x20/0x30
[   32.298419]  krealloc_more_oob_helper+0x60c/0x678
[   32.298467]  krealloc_more_oob+0x20/0x38
[   32.298701]  kunit_try_run_case+0x170/0x3f0
[   32.298775]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.298909]  kthread+0x328/0x630
[   32.298971]  ret_from_fork+0x10/0x20
[   32.299108] 
[   32.299147] Allocated by task 187:
[   32.299177]  kasan_save_stack+0x3c/0x68
[   32.299216]  kasan_save_track+0x20/0x40
[   32.299276]  kasan_save_alloc_info+0x40/0x58
[   32.299314]  __kasan_krealloc+0x118/0x178
[   32.299348]  krealloc_noprof+0x128/0x360
[   32.299412]  krealloc_more_oob_helper+0x168/0x678
[   32.299453]  krealloc_more_oob+0x20/0x38
[   32.299490]  kunit_try_run_case+0x170/0x3f0
[   32.299526]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.299707]  kthread+0x328/0x630
[   32.299841]  ret_from_fork+0x10/0x20
[   32.299932] 
[   32.300030] The buggy address belongs to the object at fff00000c8575c00
[   32.300030]  which belongs to the cache kmalloc-256 of size 256
[   32.300135] The buggy address is located 0 bytes to the right of
[   32.300135]  allocated 235-byte region [fff00000c8575c00, fff00000c8575ceb)
[   32.300254] 
[   32.300333] The buggy address belongs to the physical page:
[   32.300372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108574
[   32.300657] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.300807] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.300909] page_type: f5(slab)
[   32.301004] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.301109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.301223] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.301272] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.301724] head: 0bfffe0000000001 ffffc1ffc3215d01 00000000ffffffff 00000000ffffffff
[   32.301836] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.301971] page dumped because: kasan: bad access detected
[   32.302012] 
[   32.302031] Memory state around the buggy address:
[   32.302184]  fff00000c8575b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.302398]  fff00000c8575c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.302532] >fff00000c8575c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.302683]                                                           ^
[   32.302768]  fff00000c8575d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.302850]  fff00000c8575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.302934] ==================================================================
[   32.304001] ==================================================================
[   32.304056] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   32.304254] Write of size 1 at addr fff00000c8575cf0 by task kunit_try_catch/187
[   32.304339] 
[   32.304373] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   32.304490] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.304713] Hardware name: linux,dummy-virt (DT)
[   32.304802] Call trace:
[   32.304853]  show_stack+0x20/0x38 (C)
[   32.305216]  dump_stack_lvl+0x8c/0xd0
[   32.305286]  print_report+0x118/0x5e8
[   32.305371]  kasan_report+0xdc/0x128
[   32.305416]  __asan_report_store1_noabort+0x20/0x30
[   32.305488]  krealloc_more_oob_helper+0x5c0/0x678
[   32.305552]  krealloc_more_oob+0x20/0x38
[   32.305618]  kunit_try_run_case+0x170/0x3f0
[   32.305693]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.305976]  kthread+0x328/0x630
[   32.306046]  ret_from_fork+0x10/0x20
[   32.306119] 
[   32.306189] Allocated by task 187:
[   32.306237]  kasan_save_stack+0x3c/0x68
[   32.306294]  kasan_save_track+0x20/0x40
[   32.306329]  kasan_save_alloc_info+0x40/0x58
[   32.306412]  __kasan_krealloc+0x118/0x178
[   32.306447]  krealloc_noprof+0x128/0x360
[   32.306481]  krealloc_more_oob_helper+0x168/0x678
[   32.306566]  krealloc_more_oob+0x20/0x38
[   32.306603]  kunit_try_run_case+0x170/0x3f0
[   32.306638]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.306945]  kthread+0x328/0x630
[   32.307093]  ret_from_fork+0x10/0x20
[   32.307184] 
[   32.307292] The buggy address belongs to the object at fff00000c8575c00
[   32.307292]  which belongs to the cache kmalloc-256 of size 256
[   32.307406] The buggy address is located 5 bytes to the right of
[   32.307406]  allocated 235-byte region [fff00000c8575c00, fff00000c8575ceb)
[   32.307520] 
[   32.307569] The buggy address belongs to the physical page:
[   32.307664] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108574
[   32.308066] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.308173] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.308282] page_type: f5(slab)
[   32.308366] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.308465] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.308588] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.308685] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.308762] head: 0bfffe0000000001 ffffc1ffc3215d01 00000000ffffffff 00000000ffffffff
[   32.308810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.308990] page dumped because: kasan: bad access detected
[   32.309021] 
[   32.309039] Memory state around the buggy address:
[   32.309070]  fff00000c8575b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.309112]  fff00000c8575c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.309334] >fff00000c8575c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.309391]                                                              ^
[   32.309661]  fff00000c8575d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.309822]  fff00000c8575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.309947] ==================================================================
[   32.354702] ==================================================================
[   32.354779] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   32.354846] Write of size 1 at addr fff00000c99620f0 by task kunit_try_catch/191
[   32.354930] 
[   32.355038] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   32.355203] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.355280] Hardware name: linux,dummy-virt (DT)
[   32.355331] Call trace:
[   32.355353]  show_stack+0x20/0x38 (C)
[   32.355401]  dump_stack_lvl+0x8c/0xd0
[   32.355462]  print_report+0x118/0x5e8
[   32.355722]  kasan_report+0xdc/0x128
[   32.355937]  __asan_report_store1_noabort+0x20/0x30
[   32.356065]  krealloc_more_oob_helper+0x5c0/0x678
[   32.356265]  krealloc_large_more_oob+0x20/0x38
[   32.356385]  kunit_try_run_case+0x170/0x3f0
[   32.356498]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.356605]  kthread+0x328/0x630
[   32.356688]  ret_from_fork+0x10/0x20
[   32.356795] 
[   32.356827] The buggy address belongs to the physical page:
[   32.356882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109960
[   32.357254] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.357316] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.357369] page_type: f8(unknown)
[   32.357416] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.357465] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.357512] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.357558] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.357605] head: 0bfffe0000000002 ffffc1ffc3265801 00000000ffffffff 00000000ffffffff
[   32.358221] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.358306] page dumped because: kasan: bad access detected
[   32.358363] 
[   32.358410] Memory state around the buggy address:
[   32.358613]  fff00000c9961f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.358878]  fff00000c9962000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.359052] >fff00000c9962080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   32.359123]                                                              ^
[   32.359165]  fff00000c9962100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.359478]  fff00000c9962180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.359692] ==================================================================
[   32.350317] ==================================================================
[   32.350403] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   32.350465] Write of size 1 at addr fff00000c99620eb by task kunit_try_catch/191
[   32.350515] 
[   32.350552] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   32.350636] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.350663] Hardware name: linux,dummy-virt (DT)
[   32.350694] Call trace:
[   32.350717]  show_stack+0x20/0x38 (C)
[   32.350779]  dump_stack_lvl+0x8c/0xd0
[   32.350830]  print_report+0x118/0x5e8
[   32.350873]  kasan_report+0xdc/0x128
[   32.350914]  __asan_report_store1_noabort+0x20/0x30
[   32.351326]  krealloc_more_oob_helper+0x60c/0x678
[   32.351427]  krealloc_large_more_oob+0x20/0x38
[   32.351498]  kunit_try_run_case+0x170/0x3f0
[   32.351580]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.351678]  kthread+0x328/0x630
[   32.351742]  ret_from_fork+0x10/0x20
[   32.351859] 
[   32.351882] The buggy address belongs to the physical page:
[   32.351957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109960
[   32.352020] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.352066] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.352119] page_type: f8(unknown)
[   32.352192] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.352242] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.352290] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.352336] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.352537] head: 0bfffe0000000002 ffffc1ffc3265801 00000000ffffffff 00000000ffffffff
[   32.352598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.352689] page dumped because: kasan: bad access detected
[   32.352757] 
[   32.352776] Memory state around the buggy address:
[   32.352835]  fff00000c9961f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.352898]  fff00000c9962000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.352984] >fff00000c9962080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   32.353043]                                                           ^
[   32.353110]  fff00000c9962100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.353196]  fff00000c9962180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.353266] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30J3nY7QtuR6zFySSP24ERynb1Z

job_id

TEST:linaro@lkft#30J3tHAcCAzoumluJGVN0kuxFDU

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30J3tHAcCAzoumluJGVN0kuxFDU

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3pDsC9KNl7rr3iXBXH40Gq9W/Image.gz
sha256sum	544207c1b5a9d2840223bd62064127622ccefa2f812415650f45a51bca8475e6

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/arm64/rootfs.ext4.xz
sha256sum	4416595f610fe19a3fb374a6dd0942354bf27ddb827c7f1e8e5524ec95492466

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3pDsC9KNl7rr3iXBXH40Gq9W/modules.tar.xz
sha256sum	ae69e33cdc746370be45d97b12d0ee81e77ef54ca003ba881eec2f93d7e2865c

durations

tests

boot	0
kunit	170.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   26.418523] ==================================================================
[   26.418944] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   26.419206] Write of size 1 at addr ffff8881003958eb by task kunit_try_catch/204
[   26.419434] 
[   26.419524] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   26.419594] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.419609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.419631] Call Trace:
[   26.419645]  <TASK>
[   26.419666]  dump_stack_lvl+0x73/0xb0
[   26.419696]  print_report+0xd1/0x640
[   26.419719]  ? __virt_addr_valid+0x1db/0x2d0
[   26.419744]  ? krealloc_more_oob_helper+0x821/0x930
[   26.419767]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.419793]  ? krealloc_more_oob_helper+0x821/0x930
[   26.419816]  kasan_report+0x141/0x180
[   26.419838]  ? krealloc_more_oob_helper+0x821/0x930
[   26.419865]  __asan_report_store1_noabort+0x1b/0x30
[   26.419889]  krealloc_more_oob_helper+0x821/0x930
[   26.419911]  ? __schedule+0x10da/0x2b60
[   26.419936]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.419959]  ? finish_task_switch.isra.0+0x153/0x700
[   26.419981]  ? __switch_to+0x47/0xf80
[   26.420007]  ? __schedule+0x10da/0x2b60
[   26.420030]  ? __pfx_read_tsc+0x10/0x10
[   26.420055]  krealloc_more_oob+0x1c/0x30
[   26.420075]  kunit_try_run_case+0x1a5/0x480
[   26.420101]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.420122]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.420146]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.420171]  ? __kthread_parkme+0x82/0x180
[   26.420190]  ? preempt_count_sub+0x50/0x80
[   26.420212]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.420235]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.420257]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.420280]  kthread+0x337/0x6f0
[   26.420299]  ? trace_preempt_on+0x20/0xc0
[   26.420324]  ? __pfx_kthread+0x10/0x10
[   26.420343]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.420366]  ? calculate_sigpending+0x7b/0xa0
[   26.420390]  ? __pfx_kthread+0x10/0x10
[   26.420410]  ret_from_fork+0x116/0x1d0
[   26.420429]  ? __pfx_kthread+0x10/0x10
[   26.420449]  ret_from_fork_asm+0x1a/0x30
[   26.420480]  </TASK>
[   26.420490] 
[   26.441645] Allocated by task 204:
[   26.442128]  kasan_save_stack+0x45/0x70
[   26.442551]  kasan_save_track+0x18/0x40
[   26.442706]  kasan_save_alloc_info+0x3b/0x50
[   26.442861]  __kasan_krealloc+0x190/0x1f0
[   26.443273]  krealloc_noprof+0xf3/0x340
[   26.443665]  krealloc_more_oob_helper+0x1a9/0x930
[   26.444158]  krealloc_more_oob+0x1c/0x30
[   26.444562]  kunit_try_run_case+0x1a5/0x480
[   26.444965]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.445556]  kthread+0x337/0x6f0
[   26.445696]  ret_from_fork+0x116/0x1d0
[   26.445825]  ret_from_fork_asm+0x1a/0x30
[   26.445992] 
[   26.446156] The buggy address belongs to the object at ffff888100395800
[   26.446156]  which belongs to the cache kmalloc-256 of size 256
[   26.447308] The buggy address is located 0 bytes to the right of
[   26.447308]  allocated 235-byte region [ffff888100395800, ffff8881003958eb)
[   26.448652] 
[   26.448815] The buggy address belongs to the physical page:
[   26.449268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   26.449511] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.450133] flags: 0x200000000000040(head|node=0|zone=2)
[   26.450316] page_type: f5(slab)
[   26.450435] raw: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004
[   26.450672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.451176] head: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004
[   26.451903] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.452820] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff
[   26.453606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.454385] page dumped because: kasan: bad access detected
[   26.454962] 
[   26.455103] Memory state around the buggy address:
[   26.455364]  ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.455585]  ffff888100395800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.455833] >ffff888100395880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.456437]                                                           ^
[   26.457108]  ffff888100395900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.457724]  ffff888100395980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.458368] ==================================================================
[   26.459273] ==================================================================
[   26.459593] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   26.459838] Write of size 1 at addr ffff8881003958f0 by task kunit_try_catch/204
[   26.460089] 
[   26.460210] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   26.460262] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.460276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.460297] Call Trace:
[   26.460312]  <TASK>
[   26.460330]  dump_stack_lvl+0x73/0xb0
[   26.460357]  print_report+0xd1/0x640
[   26.460379]  ? __virt_addr_valid+0x1db/0x2d0
[   26.460403]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.460425]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.460451]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.460474]  kasan_report+0x141/0x180
[   26.460496]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.460524]  __asan_report_store1_noabort+0x1b/0x30
[   26.460548]  krealloc_more_oob_helper+0x7eb/0x930
[   26.460593]  ? __schedule+0x10da/0x2b60
[   26.460620]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.460831]  ? finish_task_switch.isra.0+0x153/0x700
[   26.460854]  ? __switch_to+0x47/0xf80
[   26.460880]  ? __schedule+0x10da/0x2b60
[   26.460904]  ? __pfx_read_tsc+0x10/0x10
[   26.460940]  krealloc_more_oob+0x1c/0x30
[   26.460962]  kunit_try_run_case+0x1a5/0x480
[   26.460988]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.461010]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.461035]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.461060]  ? __kthread_parkme+0x82/0x180
[   26.461081]  ? preempt_count_sub+0x50/0x80
[   26.461103]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.461127]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.461150]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.461173]  kthread+0x337/0x6f0
[   26.461194]  ? trace_preempt_on+0x20/0xc0
[   26.461218]  ? __pfx_kthread+0x10/0x10
[   26.461238]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.461261]  ? calculate_sigpending+0x7b/0xa0
[   26.461284]  ? __pfx_kthread+0x10/0x10
[   26.461305]  ret_from_fork+0x116/0x1d0
[   26.461324]  ? __pfx_kthread+0x10/0x10
[   26.461344]  ret_from_fork_asm+0x1a/0x30
[   26.461376]  </TASK>
[   26.461386] 
[   26.473423] Allocated by task 204:
[   26.473724]  kasan_save_stack+0x45/0x70
[   26.474207]  kasan_save_track+0x18/0x40
[   26.474506]  kasan_save_alloc_info+0x3b/0x50
[   26.474905]  __kasan_krealloc+0x190/0x1f0
[   26.475210]  krealloc_noprof+0xf3/0x340
[   26.475393]  krealloc_more_oob_helper+0x1a9/0x930
[   26.475611]  krealloc_more_oob+0x1c/0x30
[   26.475785]  kunit_try_run_case+0x1a5/0x480
[   26.476330]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.476615]  kthread+0x337/0x6f0
[   26.476911]  ret_from_fork+0x116/0x1d0
[   26.477362]  ret_from_fork_asm+0x1a/0x30
[   26.477699] 
[   26.477938] The buggy address belongs to the object at ffff888100395800
[   26.477938]  which belongs to the cache kmalloc-256 of size 256
[   26.478746] The buggy address is located 5 bytes to the right of
[   26.478746]  allocated 235-byte region [ffff888100395800, ffff8881003958eb)
[   26.479590] 
[   26.479694] The buggy address belongs to the physical page:
[   26.480140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   26.480878] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.481553] flags: 0x200000000000040(head|node=0|zone=2)
[   26.481870] page_type: f5(slab)
[   26.482208] raw: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004
[   26.482700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.483266] head: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004
[   26.483825] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.484355] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff
[   26.484939] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.485474] page dumped because: kasan: bad access detected
[   26.485695] 
[   26.485766] Memory state around the buggy address:
[   26.486011]  ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.486305]  ffff888100395800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.486657] >ffff888100395880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   26.487098]                                                              ^
[   26.487322]  ffff888100395900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.487645]  ffff888100395980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.487958] ==================================================================
[   26.631088] ==================================================================
[   26.631530] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   26.632133] Write of size 1 at addr ffff88810616a0eb by task kunit_try_catch/208
[   26.632443] 
[   26.632535] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   26.632596] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.632609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.632629] Call Trace:
[   26.632642]  <TASK>
[   26.632660]  dump_stack_lvl+0x73/0xb0
[   26.632694]  print_report+0xd1/0x640
[   26.632718]  ? __virt_addr_valid+0x1db/0x2d0
[   26.632743]  ? krealloc_more_oob_helper+0x821/0x930
[   26.632766]  ? kasan_addr_to_slab+0x11/0xa0
[   26.632787]  ? krealloc_more_oob_helper+0x821/0x930
[   26.632810]  kasan_report+0x141/0x180
[   26.632832]  ? krealloc_more_oob_helper+0x821/0x930
[   26.632860]  __asan_report_store1_noabort+0x1b/0x30
[   26.632883]  krealloc_more_oob_helper+0x821/0x930
[   26.632904]  ? __schedule+0x10da/0x2b60
[   26.632930]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.633068]  ? finish_task_switch.isra.0+0x153/0x700
[   26.633092]  ? __switch_to+0x47/0xf80
[   26.633119]  ? __schedule+0x10da/0x2b60
[   26.633143]  ? __pfx_read_tsc+0x10/0x10
[   26.633168]  krealloc_large_more_oob+0x1c/0x30
[   26.633191]  kunit_try_run_case+0x1a5/0x480
[   26.633216]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.633238]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.633262]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.633286]  ? __kthread_parkme+0x82/0x180
[   26.633306]  ? preempt_count_sub+0x50/0x80
[   26.633328]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.633351]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.633373]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.633396]  kthread+0x337/0x6f0
[   26.633416]  ? trace_preempt_on+0x20/0xc0
[   26.633440]  ? __pfx_kthread+0x10/0x10
[   26.633460]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.633482]  ? calculate_sigpending+0x7b/0xa0
[   26.633506]  ? __pfx_kthread+0x10/0x10
[   26.633526]  ret_from_fork+0x116/0x1d0
[   26.633545]  ? __pfx_kthread+0x10/0x10
[   26.633564]  ret_from_fork_asm+0x1a/0x30
[   26.633608]  </TASK>
[   26.633619] 
[   26.646264] The buggy address belongs to the physical page:
[   26.646509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106168
[   26.647336] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.647675] flags: 0x200000000000040(head|node=0|zone=2)
[   26.648079] page_type: f8(unknown)
[   26.648260] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.648564] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.648800] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.649322] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.649654] head: 0200000000000002 ffffea0004185a01 00000000ffffffff 00000000ffffffff
[   26.650482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.650877] page dumped because: kasan: bad access detected
[   26.651264] 
[   26.651362] Memory state around the buggy address:
[   26.651586]  ffff888106169f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.651880]  ffff88810616a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.652350] >ffff88810616a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.652668]                                                           ^
[   26.653212]  ffff88810616a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.653591]  ffff88810616a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.654080] ==================================================================
[   26.654636] ==================================================================
[   26.654913] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   26.655887] Write of size 1 at addr ffff88810616a0f0 by task kunit_try_catch/208
[   26.656264] 
[   26.656359] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   26.656475] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.656543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.656564] Call Trace:
[   26.656587]  <TASK>
[   26.656603]  dump_stack_lvl+0x73/0xb0
[   26.656630]  print_report+0xd1/0x640
[   26.656652]  ? __virt_addr_valid+0x1db/0x2d0
[   26.656674]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.656696]  ? kasan_addr_to_slab+0x11/0xa0
[   26.656716]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.656738]  kasan_report+0x141/0x180
[   26.656760]  ? krealloc_more_oob_helper+0x7eb/0x930
[   26.656868]  __asan_report_store1_noabort+0x1b/0x30
[   26.656897]  krealloc_more_oob_helper+0x7eb/0x930
[   26.656920]  ? __schedule+0x10da/0x2b60
[   26.656944]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   26.656967]  ? finish_task_switch.isra.0+0x153/0x700
[   26.656989]  ? __switch_to+0x47/0xf80
[   26.657014]  ? __schedule+0x10da/0x2b60
[   26.657038]  ? __pfx_read_tsc+0x10/0x10
[   26.657063]  krealloc_large_more_oob+0x1c/0x30
[   26.657085]  kunit_try_run_case+0x1a5/0x480
[   26.657108]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.657130]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.657154]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.657178]  ? __kthread_parkme+0x82/0x180
[   26.657197]  ? preempt_count_sub+0x50/0x80
[   26.657219]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.657242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.657265]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.657288]  kthread+0x337/0x6f0
[   26.657308]  ? trace_preempt_on+0x20/0xc0
[   26.657331]  ? __pfx_kthread+0x10/0x10
[   26.657351]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.657374]  ? calculate_sigpending+0x7b/0xa0
[   26.657397]  ? __pfx_kthread+0x10/0x10
[   26.657417]  ret_from_fork+0x116/0x1d0
[   26.657436]  ? __pfx_kthread+0x10/0x10
[   26.657455]  ret_from_fork_asm+0x1a/0x30
[   26.657487]  </TASK>
[   26.657497] 
[   26.667952] The buggy address belongs to the physical page:
[   26.668445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106168
[   26.668756] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.669331] flags: 0x200000000000040(head|node=0|zone=2)
[   26.669571] page_type: f8(unknown)
[   26.670017] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.670301] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.670752] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.671224] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.671552] head: 0200000000000002 ffffea0004185a01 00000000ffffffff 00000000ffffffff
[   26.672202] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.672519] page dumped because: kasan: bad access detected
[   26.672771] 
[   26.673084] Memory state around the buggy address:
[   26.673264]  ffff888106169f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.673681]  ffff88810616a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.674090] >ffff88810616a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   26.674517]                                                              ^
[   26.674959]  ffff88810616a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.675366]  ffff88810616a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.675627] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30J3nY7QtuR6zFySSP24ERynb1Z

job_id

TEST:linaro@lkft#30J3uLzhpviDmlOWY3P9BXfcBAH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30J3uLzhpviDmlOWY3P9BXfcBAH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3qksL4GBwzrde5mtPKhFeFEL/bzImage
sha256sum	af4ccad1f72d598f267023cce1cb43d5ed4bda226a707e01686be85dd90634f7

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/amd64/rootfs.ext4.xz
sha256sum	f011d4ee6daca8ff6eb107b3ab1eb085d1f77f9019361779f04403719dd7a135

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30J3qksL4GBwzrde5mtPKhFeFEL/modules.tar.xz
sha256sum	7c95098d7c3fc4ab7a627a48c0cdbf1fa3d50531e33653f38a4f14abeedf82da

durations

tests

boot	0
kunit	254.60

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit