lkft/linux-next-master - next-20250725 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 25, 2025, 3:13 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.273726] ==================================================================
[   32.273878] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   32.273940] Write of size 1 at addr fff00000c9b260eb by task kunit_try_catch/192
[   32.274129] 
[   32.274164] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   32.274381] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.274576] Hardware name: linux,dummy-virt (DT)
[   32.274620] Call trace:
[   32.274701]  show_stack+0x20/0x38 (C)
[   32.274752]  dump_stack_lvl+0x8c/0xd0
[   32.274799]  print_report+0x118/0x5e8
[   32.274881]  kasan_report+0xdc/0x128
[   32.275039]  __asan_report_store1_noabort+0x20/0x30
[   32.275361]  krealloc_more_oob_helper+0x60c/0x678
[   32.275512]  krealloc_large_more_oob+0x20/0x38
[   32.275703]  kunit_try_run_case+0x170/0x3f0
[   32.275785]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.275889]  kthread+0x328/0x630
[   32.275934]  ret_from_fork+0x10/0x20
[   32.276422] 
[   32.276552] The buggy address belongs to the physical page:
[   32.276717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24
[   32.276855] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.276930] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.277170] page_type: f8(unknown)
[   32.277345] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.277463] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.277673] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.277780] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.277937] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff
[   32.278023] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.278338] page dumped because: kasan: bad access detected
[   32.278537] 
[   32.278629] Memory state around the buggy address:
[   32.278766]  fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.278875]  fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.279039] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   32.279079]                                                           ^
[   32.279140]  fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.279196]  fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.279370] ==================================================================
[   32.201519] ==================================================================
[   32.201604] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   32.201734] Write of size 1 at addr fff00000c8754cf0 by task kunit_try_catch/188
[   32.201784] 
[   32.201815] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   32.201899] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.201935] Hardware name: linux,dummy-virt (DT)
[   32.201965] Call trace:
[   32.201986]  show_stack+0x20/0x38 (C)
[   32.202032]  dump_stack_lvl+0x8c/0xd0
[   32.202078]  print_report+0x118/0x5e8
[   32.202121]  kasan_report+0xdc/0x128
[   32.202171]  __asan_report_store1_noabort+0x20/0x30
[   32.202224]  krealloc_more_oob_helper+0x5c0/0x678
[   32.202273]  krealloc_more_oob+0x20/0x38
[   32.202318]  kunit_try_run_case+0x170/0x3f0
[   32.202362]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.202412]  kthread+0x328/0x630
[   32.202461]  ret_from_fork+0x10/0x20
[   32.202506] 
[   32.202525] Allocated by task 188:
[   32.202558]  kasan_save_stack+0x3c/0x68
[   32.202605]  kasan_save_track+0x20/0x40
[   32.202649]  kasan_save_alloc_info+0x40/0x58
[   32.202685]  __kasan_krealloc+0x118/0x178
[   32.202719]  krealloc_noprof+0x128/0x360
[   32.202757]  krealloc_more_oob_helper+0x168/0x678
[   32.202796]  krealloc_more_oob+0x20/0x38
[   32.202832]  kunit_try_run_case+0x170/0x3f0
[   32.202878]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.202919]  kthread+0x328/0x630
[   32.203525]  ret_from_fork+0x10/0x20
[   32.203586] 
[   32.203607] The buggy address belongs to the object at fff00000c8754c00
[   32.203607]  which belongs to the cache kmalloc-256 of size 256
[   32.204098] The buggy address is located 5 bytes to the right of
[   32.204098]  allocated 235-byte region [fff00000c8754c00, fff00000c8754ceb)
[   32.204271] 
[   32.204357] The buggy address belongs to the physical page:
[   32.204447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108754
[   32.204548] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.204778] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.205083] page_type: f5(slab)
[   32.205153] raw: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002
[   32.205246] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.206010] head: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002
[   32.206463] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.206740] head: 0bfffe0000000001 ffffc1ffc321d501 00000000ffffffff 00000000ffffffff
[   32.207127] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.207174] page dumped because: kasan: bad access detected
[   32.207429] 
[   32.207637] Memory state around the buggy address:
[   32.207738]  fff00000c8754b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.207785]  fff00000c8754c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.207879] >fff00000c8754c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.208019]                                                              ^
[   32.208390]  fff00000c8754d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.208492]  fff00000c8754d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.208721] ==================================================================
[   32.280671] ==================================================================
[   32.280769] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   32.280825] Write of size 1 at addr fff00000c9b260f0 by task kunit_try_catch/192
[   32.280882] 
[   32.280911] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   32.281315] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.281359] Hardware name: linux,dummy-virt (DT)
[   32.281705] Call trace:
[   32.281933]  show_stack+0x20/0x38 (C)
[   32.282151]  dump_stack_lvl+0x8c/0xd0
[   32.282212]  print_report+0x118/0x5e8
[   32.282257]  kasan_report+0xdc/0x128
[   32.282334]  __asan_report_store1_noabort+0x20/0x30
[   32.282387]  krealloc_more_oob_helper+0x5c0/0x678
[   32.282436]  krealloc_large_more_oob+0x20/0x38
[   32.282527]  kunit_try_run_case+0x170/0x3f0
[   32.282583]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.282634]  kthread+0x328/0x630
[   32.282685]  ret_from_fork+0x10/0x20
[   32.282730] 
[   32.282749] The buggy address belongs to the physical page:
[   32.282780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b24
[   32.282838] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.282881] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.282929] page_type: f8(unknown)
[   32.283109] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.283156] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.283593] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.283767] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.283853] head: 0bfffe0000000002 ffffc1ffc326c901 00000000ffffffff 00000000ffffffff
[   32.284035] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.284085] page dumped because: kasan: bad access detected
[   32.284114] 
[   32.284379] Memory state around the buggy address:
[   32.284534]  fff00000c9b25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.284587]  fff00000c9b26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.284840] >fff00000c9b26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   32.284931]                                                              ^
[   32.285099]  fff00000c9b26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.285166]  fff00000c9b26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.285252] ==================================================================
[   32.189566] ==================================================================
[   32.189626] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   32.189697] Write of size 1 at addr fff00000c8754ceb by task kunit_try_catch/188
[   32.190165] 
[   32.190297] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   32.190439] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.190786] Hardware name: linux,dummy-virt (DT)
[   32.190945] Call trace:
[   32.191027]  show_stack+0x20/0x38 (C)
[   32.191138]  dump_stack_lvl+0x8c/0xd0
[   32.191246]  print_report+0x118/0x5e8
[   32.191397]  kasan_report+0xdc/0x128
[   32.191461]  __asan_report_store1_noabort+0x20/0x30
[   32.191542]  krealloc_more_oob_helper+0x60c/0x678
[   32.191593]  krealloc_more_oob+0x20/0x38
[   32.191649]  kunit_try_run_case+0x170/0x3f0
[   32.192052]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.192320]  kthread+0x328/0x630
[   32.192456]  ret_from_fork+0x10/0x20
[   32.192741] 
[   32.192893] Allocated by task 188:
[   32.192965]  kasan_save_stack+0x3c/0x68
[   32.193297]  kasan_save_track+0x20/0x40
[   32.193408]  kasan_save_alloc_info+0x40/0x58
[   32.193527]  __kasan_krealloc+0x118/0x178
[   32.193736]  krealloc_noprof+0x128/0x360
[   32.194014]  krealloc_more_oob_helper+0x168/0x678
[   32.194264]  krealloc_more_oob+0x20/0x38
[   32.194340]  kunit_try_run_case+0x170/0x3f0
[   32.194473]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.194534]  kthread+0x328/0x630
[   32.194574]  ret_from_fork+0x10/0x20
[   32.194609] 
[   32.194629] The buggy address belongs to the object at fff00000c8754c00
[   32.194629]  which belongs to the cache kmalloc-256 of size 256
[   32.194698] The buggy address is located 0 bytes to the right of
[   32.194698]  allocated 235-byte region [fff00000c8754c00, fff00000c8754ceb)
[   32.194769] 
[   32.194798] The buggy address belongs to the physical page:
[   32.194835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108754
[   32.194886] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.194936] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.195160] page_type: f5(slab)
[   32.195498] raw: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002
[   32.195781] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.195960] head: 0bfffe0000000040 fff00000c0001b40 ffffc1ffc311d680 dead000000000002
[   32.196064] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.196224] head: 0bfffe0000000001 ffffc1ffc321d501 00000000ffffffff 00000000ffffffff
[   32.196334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.196606] page dumped because: kasan: bad access detected
[   32.196746] 
[   32.196908] Memory state around the buggy address:
[   32.197032]  fff00000c8754b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.197194]  fff00000c8754c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.197461] >fff00000c8754c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   32.197555]                                                           ^
[   32.197744]  fff00000c8754d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.197930]  fff00000c8754d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.198089] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30LiGXj2ae9l37rDh9ES2ygGLcy

job_id

TEST:linaro@lkft#30LiLIPqWNQvRNRqDtBDxUwGxZz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30LiLIPqWNQvRNRqDtBDxUwGxZz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiHjVcRKNbgRBrU4jkvDoxC50/Image.gz
sha256sum	1f162015f4a75f9e6216abaa8065e831691a375e1ff18255465960f4188e179e

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/arm64/rootfs.ext4.xz
sha256sum	4416595f610fe19a3fb374a6dd0942354bf27ddb827c7f1e8e5524ec95492466

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiHjVcRKNbgRBrU4jkvDoxC50/modules.tar.xz
sha256sum	874d5b7c11e52abbdf6f386f72a342d5a69f5ce0dd54af8193144a32e6d2a204

durations

tests

boot	0
kunit	181.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   25.493443] ==================================================================
[   25.493788] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   25.494206] Write of size 1 at addr ffff888102b420f0 by task kunit_try_catch/209
[   25.494593] 
[   25.494701] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   25.494748] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.494780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.494809] Call Trace:
[   25.494822]  <TASK>
[   25.494837]  dump_stack_lvl+0x73/0xb0
[   25.494866]  print_report+0xd1/0x640
[   25.494957]  ? __virt_addr_valid+0x1db/0x2d0
[   25.494983]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.495007]  ? kasan_addr_to_slab+0x11/0xa0
[   25.495028]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.495052]  kasan_report+0x141/0x180
[   25.495084]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.495113]  __asan_report_store1_noabort+0x1b/0x30
[   25.495138]  krealloc_more_oob_helper+0x7eb/0x930
[   25.495160]  ? __schedule+0x10da/0x2b60
[   25.495218]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.495243]  ? finish_task_switch.isra.0+0x153/0x700
[   25.495265]  ? __switch_to+0x47/0xf80
[   25.495292]  ? __schedule+0x10da/0x2b60
[   25.495313]  ? __pfx_read_tsc+0x10/0x10
[   25.495368]  krealloc_large_more_oob+0x1c/0x30
[   25.495392]  kunit_try_run_case+0x1a5/0x480
[   25.495417]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.495440]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.495462]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.495520]  ? __kthread_parkme+0x82/0x180
[   25.495540]  ? preempt_count_sub+0x50/0x80
[   25.495563]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.495588]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.495613]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.495659]  kthread+0x337/0x6f0
[   25.495680]  ? trace_preempt_on+0x20/0xc0
[   25.495705]  ? __pfx_kthread+0x10/0x10
[   25.495726]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.495751]  ? calculate_sigpending+0x7b/0xa0
[   25.495776]  ? __pfx_kthread+0x10/0x10
[   25.495811]  ret_from_fork+0x116/0x1d0
[   25.495831]  ? __pfx_kthread+0x10/0x10
[   25.495851]  ret_from_fork_asm+0x1a/0x30
[   25.495884]  </TASK>
[   25.495894] 
[   25.504445] The buggy address belongs to the physical page:
[   25.504686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40
[   25.505149] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.505566] flags: 0x200000000000040(head|node=0|zone=2)
[   25.505872] page_type: f8(unknown)
[   25.506054] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.506405] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.506742] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.507212] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.507540] head: 0200000000000002 ffffea00040ad001 00000000ffffffff 00000000ffffffff
[   25.507870] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.508335] page dumped because: kasan: bad access detected
[   25.508592] 
[   25.508673] Memory state around the buggy address:
[   25.508996]  ffff888102b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.509316]  ffff888102b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.509640] >ffff888102b42080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.509984]                                                              ^
[   25.510356]  ffff888102b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.510660]  ffff888102b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.510930] ==================================================================
[   25.290940] ==================================================================
[   25.291678] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   25.292339] Write of size 1 at addr ffff8881049ad8f0 by task kunit_try_catch/205
[   25.292656] 
[   25.292764] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   25.292810] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.292822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.292841] Call Trace:
[   25.292853]  <TASK>
[   25.293227]  dump_stack_lvl+0x73/0xb0
[   25.293264]  print_report+0xd1/0x640
[   25.293288]  ? __virt_addr_valid+0x1db/0x2d0
[   25.293311]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.293335]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.293362]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.293387]  kasan_report+0x141/0x180
[   25.293410]  ? krealloc_more_oob_helper+0x7eb/0x930
[   25.293439]  __asan_report_store1_noabort+0x1b/0x30
[   25.293465]  krealloc_more_oob_helper+0x7eb/0x930
[   25.293488]  ? __schedule+0x10da/0x2b60
[   25.293512]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.293537]  ? finish_task_switch.isra.0+0x153/0x700
[   25.293560]  ? __switch_to+0x47/0xf80
[   25.293586]  ? __schedule+0x10da/0x2b60
[   25.293607]  ? __pfx_read_tsc+0x10/0x10
[   25.293632]  krealloc_more_oob+0x1c/0x30
[   25.293655]  kunit_try_run_case+0x1a5/0x480
[   25.293679]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.293702]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.293725]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.293752]  ? __kthread_parkme+0x82/0x180
[   25.293773]  ? preempt_count_sub+0x50/0x80
[   25.293852]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.293877]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.293902]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.293926]  kthread+0x337/0x6f0
[   25.293959]  ? trace_preempt_on+0x20/0xc0
[   25.293984]  ? __pfx_kthread+0x10/0x10
[   25.294005]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.294031]  ? calculate_sigpending+0x7b/0xa0
[   25.294065]  ? __pfx_kthread+0x10/0x10
[   25.294088]  ret_from_fork+0x116/0x1d0
[   25.294107]  ? __pfx_kthread+0x10/0x10
[   25.294129]  ret_from_fork_asm+0x1a/0x30
[   25.294161]  </TASK>
[   25.294172] 
[   25.304736] Allocated by task 205:
[   25.304928]  kasan_save_stack+0x45/0x70
[   25.305168]  kasan_save_track+0x18/0x40
[   25.305886]  kasan_save_alloc_info+0x3b/0x50
[   25.306111]  __kasan_krealloc+0x190/0x1f0
[   25.306459]  krealloc_noprof+0xf3/0x340
[   25.306701]  krealloc_more_oob_helper+0x1a9/0x930
[   25.307067]  krealloc_more_oob+0x1c/0x30
[   25.307273]  kunit_try_run_case+0x1a5/0x480
[   25.307602]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.308014]  kthread+0x337/0x6f0
[   25.308190]  ret_from_fork+0x116/0x1d0
[   25.308502]  ret_from_fork_asm+0x1a/0x30
[   25.308708] 
[   25.309023] The buggy address belongs to the object at ffff8881049ad800
[   25.309023]  which belongs to the cache kmalloc-256 of size 256
[   25.309528] The buggy address is located 5 bytes to the right of
[   25.309528]  allocated 235-byte region [ffff8881049ad800, ffff8881049ad8eb)
[   25.310425] 
[   25.310525] The buggy address belongs to the physical page:
[   25.310747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ac
[   25.311472] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.311758] flags: 0x200000000000040(head|node=0|zone=2)
[   25.312253] page_type: f5(slab)
[   25.312442] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   25.313110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.313435] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   25.314082] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.314511] head: 0200000000000001 ffffea0004126b01 00000000ffffffff 00000000ffffffff
[   25.314819] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.315342] page dumped because: kasan: bad access detected
[   25.315591] 
[   25.315763] Memory state around the buggy address:
[   25.316125]  ffff8881049ad780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.316755]  ffff8881049ad800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.317259] >ffff8881049ad880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.317575]                                                              ^
[   25.318175]  ffff8881049ad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.318445]  ffff8881049ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.318750] ==================================================================
[   25.467437] ==================================================================
[   25.467818] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   25.468477] Write of size 1 at addr ffff888102b420eb by task kunit_try_catch/209
[   25.468732] 
[   25.468818] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   25.468868] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.468881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.468901] Call Trace:
[   25.468915]  <TASK>
[   25.468933]  dump_stack_lvl+0x73/0xb0
[   25.469445]  print_report+0xd1/0x640
[   25.469472]  ? __virt_addr_valid+0x1db/0x2d0
[   25.469504]  ? krealloc_more_oob_helper+0x821/0x930
[   25.469528]  ? kasan_addr_to_slab+0x11/0xa0
[   25.469549]  ? krealloc_more_oob_helper+0x821/0x930
[   25.469574]  kasan_report+0x141/0x180
[   25.469597]  ? krealloc_more_oob_helper+0x821/0x930
[   25.469626]  __asan_report_store1_noabort+0x1b/0x30
[   25.469651]  krealloc_more_oob_helper+0x821/0x930
[   25.469674]  ? __schedule+0x10da/0x2b60
[   25.469696]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.469720]  ? finish_task_switch.isra.0+0x153/0x700
[   25.469742]  ? __switch_to+0x47/0xf80
[   25.469774]  ? __schedule+0x10da/0x2b60
[   25.469794]  ? __pfx_read_tsc+0x10/0x10
[   25.469819]  krealloc_large_more_oob+0x1c/0x30
[   25.469842]  kunit_try_run_case+0x1a5/0x480
[   25.469867]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.469890]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.469912]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.469939]  ? __kthread_parkme+0x82/0x180
[   25.469969]  ? preempt_count_sub+0x50/0x80
[   25.469992]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.470016]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.470040]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.470064]  kthread+0x337/0x6f0
[   25.470084]  ? trace_preempt_on+0x20/0xc0
[   25.470106]  ? __pfx_kthread+0x10/0x10
[   25.470178]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.470203]  ? calculate_sigpending+0x7b/0xa0
[   25.470228]  ? __pfx_kthread+0x10/0x10
[   25.470249]  ret_from_fork+0x116/0x1d0
[   25.470269]  ? __pfx_kthread+0x10/0x10
[   25.470290]  ret_from_fork_asm+0x1a/0x30
[   25.470330]  </TASK>
[   25.470342] 
[   25.484000] The buggy address belongs to the physical page:
[   25.484705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40
[   25.485602] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.486464] flags: 0x200000000000040(head|node=0|zone=2)
[   25.487114] page_type: f8(unknown)
[   25.487600] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.488379] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.488638] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.488892] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.489266] head: 0200000000000002 ffffea00040ad001 00000000ffffffff 00000000ffffffff
[   25.489611] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.489908] page dumped because: kasan: bad access detected
[   25.490182] 
[   25.490299] Memory state around the buggy address:
[   25.490544]  ffff888102b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.490988]  ffff888102b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.491419] >ffff888102b42080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   25.491806]                                                           ^
[   25.492208]  ffff888102b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.492502]  ffff888102b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.492824] ==================================================================
[   25.266383] ==================================================================
[   25.267508] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   25.267821] Write of size 1 at addr ffff8881049ad8eb by task kunit_try_catch/205
[   25.268244] 
[   25.268362] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   25.268411] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.268423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.268444] Call Trace:
[   25.268457]  <TASK>
[   25.268473]  dump_stack_lvl+0x73/0xb0
[   25.268504]  print_report+0xd1/0x640
[   25.268528]  ? __virt_addr_valid+0x1db/0x2d0
[   25.268552]  ? krealloc_more_oob_helper+0x821/0x930
[   25.268577]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.268604]  ? krealloc_more_oob_helper+0x821/0x930
[   25.268628]  kasan_report+0x141/0x180
[   25.268651]  ? krealloc_more_oob_helper+0x821/0x930
[   25.268681]  __asan_report_store1_noabort+0x1b/0x30
[   25.268706]  krealloc_more_oob_helper+0x821/0x930
[   25.268729]  ? __schedule+0x10da/0x2b60
[   25.268751]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   25.268776]  ? finish_task_switch.isra.0+0x153/0x700
[   25.268799]  ? __switch_to+0x47/0xf80
[   25.268828]  ? __schedule+0x10da/0x2b60
[   25.268849]  ? __pfx_read_tsc+0x10/0x10
[   25.268875]  krealloc_more_oob+0x1c/0x30
[   25.268897]  kunit_try_run_case+0x1a5/0x480
[   25.268923]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.268958]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.268981]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.269019]  ? __kthread_parkme+0x82/0x180
[   25.269041]  ? preempt_count_sub+0x50/0x80
[   25.269065]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.269144]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.269170]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.269194]  kthread+0x337/0x6f0
[   25.269215]  ? trace_preempt_on+0x20/0xc0
[   25.269240]  ? __pfx_kthread+0x10/0x10
[   25.269262]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.269287]  ? calculate_sigpending+0x7b/0xa0
[   25.269311]  ? __pfx_kthread+0x10/0x10
[   25.269334]  ret_from_fork+0x116/0x1d0
[   25.269353]  ? __pfx_kthread+0x10/0x10
[   25.269375]  ret_from_fork_asm+0x1a/0x30
[   25.269407]  </TASK>
[   25.269418] 
[   25.277539] Allocated by task 205:
[   25.277679]  kasan_save_stack+0x45/0x70
[   25.277847]  kasan_save_track+0x18/0x40
[   25.278271]  kasan_save_alloc_info+0x3b/0x50
[   25.278534]  __kasan_krealloc+0x190/0x1f0
[   25.278695]  krealloc_noprof+0xf3/0x340
[   25.278986]  krealloc_more_oob_helper+0x1a9/0x930
[   25.279172]  krealloc_more_oob+0x1c/0x30
[   25.279308]  kunit_try_run_case+0x1a5/0x480
[   25.279572]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.279900]  kthread+0x337/0x6f0
[   25.280052]  ret_from_fork+0x116/0x1d0
[   25.280189]  ret_from_fork_asm+0x1a/0x30
[   25.280329] 
[   25.280395] The buggy address belongs to the object at ffff8881049ad800
[   25.280395]  which belongs to the cache kmalloc-256 of size 256
[   25.280920] The buggy address is located 0 bytes to the right of
[   25.280920]  allocated 235-byte region [ffff8881049ad800, ffff8881049ad8eb)
[   25.281613] 
[   25.281705] The buggy address belongs to the physical page:
[   25.282193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ac
[   25.282454] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.282688] flags: 0x200000000000040(head|node=0|zone=2)
[   25.282929] page_type: f5(slab)
[   25.283110] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   25.283457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.284876] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   25.285306] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.285552] head: 0200000000000001 ffffea0004126b01 00000000ffffffff 00000000ffffffff
[   25.286110] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.286407] page dumped because: kasan: bad access detected
[   25.286656] 
[   25.286745] Memory state around the buggy address:
[   25.286962]  ffff8881049ad780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.288036]  ffff8881049ad800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.288380] >ffff8881049ad880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   25.288686]                                                           ^
[   25.289291]  ffff8881049ad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.289615]  ffff8881049ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.289864] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30LiGXj2ae9l37rDh9ES2ygGLcy

job_id

TEST:linaro@lkft#30LiMSmAFBIdZSnFjQilSiHXbFX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30LiMSmAFBIdZSnFjQilSiHXbFX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiIkEIWzwcOizdgCfJhHvoQ2t/bzImage
sha256sum	cb04a09100e7bb1b25ec1cd9eb8a6652066b7b698c4172d9166a486dc8b0154b

rootfs

url	https://storage.tuxboot.com/debian/20250722/trixie/amd64/rootfs.ext4.xz
sha256sum	f011d4ee6daca8ff6eb107b3ab1eb085d1f77f9019361779f04403719dd7a135

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30LiIkEIWzwcOizdgCfJhHvoQ2t/modules.tar.xz
sha256sum	3b07c3dc3b89c919b40bced1758d16b0994c9e96155d8408ee1a634b63ef2280

durations

tests

boot	0
kunit	227.73

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit