lkft/linux-mainline-master - v6.16-rc4-123-g4c06e63b9203 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 3, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.396308] ==================================================================
[   19.396416] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.396537] Write of size 1 at addr fff00000c17b30f0 by task kunit_try_catch/156
[   19.396650] 
[   19.396718] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.396890] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.396948] Hardware name: linux,dummy-virt (DT)
[   19.397017] Call trace:
[   19.397535]  show_stack+0x20/0x38 (C)
[   19.397890]  dump_stack_lvl+0x8c/0xd0
[   19.398088]  print_report+0x118/0x608
[   19.398199]  kasan_report+0xdc/0x128
[   19.398360]  __asan_report_store1_noabort+0x20/0x30
[   19.398467]  krealloc_more_oob_helper+0x5c0/0x678
[   19.398554]  krealloc_more_oob+0x20/0x38
[   19.398645]  kunit_try_run_case+0x170/0x3f0
[   19.398744]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.399293]  kthread+0x328/0x630
[   19.399741]  ret_from_fork+0x10/0x20
[   19.399871] 
[   19.399936] Allocated by task 156:
[   19.399998]  kasan_save_stack+0x3c/0x68
[   19.400100]  kasan_save_track+0x20/0x40
[   19.400200]  kasan_save_alloc_info+0x40/0x58
[   19.400289]  __kasan_krealloc+0x118/0x178
[   19.400371]  krealloc_noprof+0x128/0x360
[   19.400463]  krealloc_more_oob_helper+0x168/0x678
[   19.400570]  krealloc_more_oob+0x20/0x38
[   19.400705]  kunit_try_run_case+0x170/0x3f0
[   19.400825]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.400936]  kthread+0x328/0x630
[   19.401008]  ret_from_fork+0x10/0x20
[   19.401107] 
[   19.401177] The buggy address belongs to the object at fff00000c17b3000
[   19.401177]  which belongs to the cache kmalloc-256 of size 256
[   19.401319] The buggy address is located 5 bytes to the right of
[   19.401319]  allocated 235-byte region [fff00000c17b3000, fff00000c17b30eb)
[   19.401486] 
[   19.401549] The buggy address belongs to the physical page:
[   19.401653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b2
[   19.401798] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.401922] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.402068] page_type: f5(slab)
[   19.402154] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.402627] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.402769] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.402891] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.403034] head: 0bfffe0000000001 ffffc1ffc305ec81 00000000ffffffff 00000000ffffffff
[   19.403184] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.403272] page dumped because: kasan: bad access detected
[   19.403341] 
[   19.403380] Memory state around the buggy address:
[   19.403447]  fff00000c17b2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.403537]  fff00000c17b3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.403666] >fff00000c17b3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.403751]                                                              ^
[   19.403837]  fff00000c17b3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.403929]  fff00000c17b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.404012] ==================================================================
[   19.473628] ==================================================================
[   19.474093] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.474479] Write of size 1 at addr fff00000c656e0eb by task kunit_try_catch/160
[   19.474660] 
[   19.474721] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.475005] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.475086] Hardware name: linux,dummy-virt (DT)
[   19.475152] Call trace:
[   19.475198]  show_stack+0x20/0x38 (C)
[   19.475592]  dump_stack_lvl+0x8c/0xd0
[   19.475790]  print_report+0x118/0x608
[   19.476113]  kasan_report+0xdc/0x128
[   19.476167]  __asan_report_store1_noabort+0x20/0x30
[   19.476217]  krealloc_more_oob_helper+0x60c/0x678
[   19.476286]  krealloc_large_more_oob+0x20/0x38
[   19.476347]  kunit_try_run_case+0x170/0x3f0
[   19.476397]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.476449]  kthread+0x328/0x630
[   19.476507]  ret_from_fork+0x10/0x20
[   19.476564] 
[   19.476589] The buggy address belongs to the physical page:
[   19.476623] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656c
[   19.476676] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.476723] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.476776] page_type: f8(unknown)
[   19.476817] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.476867] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.476914] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.476961] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.477008] head: 0bfffe0000000002 ffffc1ffc3195b01 00000000ffffffff 00000000ffffffff
[   19.477072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.477111] page dumped because: kasan: bad access detected
[   19.477142] 
[   19.477159] Memory state around the buggy address:
[   19.477191]  fff00000c656df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.477232]  fff00000c656e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.477273] >fff00000c656e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.477309]                                                           ^
[   19.477347]  fff00000c656e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.477387]  fff00000c656e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.477423] ==================================================================
[   19.485296] ==================================================================
[   19.485406] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.485516] Write of size 1 at addr fff00000c656e0f0 by task kunit_try_catch/160
[   19.485623] 
[   19.487677] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.487915] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.487984] Hardware name: linux,dummy-virt (DT)
[   19.488076] Call trace:
[   19.488132]  show_stack+0x20/0x38 (C)
[   19.488262]  dump_stack_lvl+0x8c/0xd0
[   19.488384]  print_report+0x118/0x608
[   19.488603]  kasan_report+0xdc/0x128
[   19.488967]  __asan_report_store1_noabort+0x20/0x30
[   19.489169]  krealloc_more_oob_helper+0x5c0/0x678
[   19.489595]  krealloc_large_more_oob+0x20/0x38
[   19.490003]  kunit_try_run_case+0x170/0x3f0
[   19.490182]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.490317]  kthread+0x328/0x630
[   19.490446]  ret_from_fork+0x10/0x20
[   19.490543] 
[   19.490862] The buggy address belongs to the physical page:
[   19.490944] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656c
[   19.491284] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.491383] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.491840] page_type: f8(unknown)
[   19.491926] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.492099] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.492207] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.492317] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.492435] head: 0bfffe0000000002 ffffc1ffc3195b01 00000000ffffffff 00000000ffffffff
[   19.492561] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.492658] page dumped because: kasan: bad access detected
[   19.492732] 
[   19.492778] Memory state around the buggy address:
[   19.492853]  fff00000c656df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.492957]  fff00000c656e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.493593] >fff00000c656e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.493714]                                                              ^
[   19.493796]  fff00000c656e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.493874]  fff00000c656e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.493950] ==================================================================
[   19.384135] ==================================================================
[   19.384266] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.384382] Write of size 1 at addr fff00000c17b30eb by task kunit_try_catch/156
[   19.384500] 
[   19.384575] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.384761] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.384821] Hardware name: linux,dummy-virt (DT)
[   19.384897] Call trace:
[   19.384947]  show_stack+0x20/0x38 (C)
[   19.385063]  dump_stack_lvl+0x8c/0xd0
[   19.385161]  print_report+0x118/0x608
[   19.385261]  kasan_report+0xdc/0x128
[   19.385369]  __asan_report_store1_noabort+0x20/0x30
[   19.385475]  krealloc_more_oob_helper+0x60c/0x678
[   19.385567]  krealloc_more_oob+0x20/0x38
[   19.385659]  kunit_try_run_case+0x170/0x3f0
[   19.385767]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.386497]  kthread+0x328/0x630
[   19.386660]  ret_from_fork+0x10/0x20
[   19.386793] 
[   19.386836] Allocated by task 156:
[   19.386959]  kasan_save_stack+0x3c/0x68
[   19.387099]  kasan_save_track+0x20/0x40
[   19.387189]  kasan_save_alloc_info+0x40/0x58
[   19.387668]  __kasan_krealloc+0x118/0x178
[   19.387809]  krealloc_noprof+0x128/0x360
[   19.387901]  krealloc_more_oob_helper+0x168/0x678
[   19.388042]  krealloc_more_oob+0x20/0x38
[   19.388493]  kunit_try_run_case+0x170/0x3f0
[   19.388654]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.388771]  kthread+0x328/0x630
[   19.388858]  ret_from_fork+0x10/0x20
[   19.388931] 
[   19.388974] The buggy address belongs to the object at fff00000c17b3000
[   19.388974]  which belongs to the cache kmalloc-256 of size 256
[   19.389623] The buggy address is located 0 bytes to the right of
[   19.389623]  allocated 235-byte region [fff00000c17b3000, fff00000c17b30eb)
[   19.390115] 
[   19.390204] The buggy address belongs to the physical page:
[   19.390292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b2
[   19.390655] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.390808] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.391138] page_type: f5(slab)
[   19.391389] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.391706] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.391855] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.391964] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.392507] head: 0bfffe0000000001 ffffc1ffc305ec81 00000000ffffffff 00000000ffffffff
[   19.392640] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.392725] page dumped because: kasan: bad access detected
[   19.393204] 
[   19.393285] Memory state around the buggy address:
[   19.393409]  fff00000c17b2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.393499]  fff00000c17b3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.393867] >fff00000c17b3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.394069]                                                           ^
[   19.394168]  fff00000c17b3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.394267]  fff00000c17b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.394337] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zNv5yvBPQPFs0AlDSVKFmCWGjk

job_id

TEST:linaro@lkft#2zNvAH2g4ermDeisaxH4EvgiTxa

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNvAH2g4ermDeisaxH4EvgiTxa

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv76IuwowkYB4Sjr8DEDXB6KX/Image.gz
sha256sum	90ec95b90bf87b5324c2dbcf89d31393975c6b7e5ec37927e4403529f8acf5c3

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv76IuwowkYB4Sjr8DEDXB6KX/modules.tar.xz
sha256sum	f86904e93834acd0f5a270dfcf178475dde11d8026543e037dd3a943f3bfae11

durations

tests

boot	0
kunit	273.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.290492] ==================================================================
[   11.291365] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.292115] Write of size 1 at addr ffff888102aa20eb by task kunit_try_catch/177
[   11.293186] 
[   11.293301] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.293347] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.293359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.293495] Call Trace:
[   11.293510]  <TASK>
[   11.293525]  dump_stack_lvl+0x73/0xb0
[   11.293556]  print_report+0xd1/0x650
[   11.293578]  ? __virt_addr_valid+0x1db/0x2d0
[   11.293601]  ? krealloc_more_oob_helper+0x821/0x930
[   11.293622]  ? kasan_addr_to_slab+0x11/0xa0
[   11.293641]  ? krealloc_more_oob_helper+0x821/0x930
[   11.293663]  kasan_report+0x141/0x180
[   11.293684]  ? krealloc_more_oob_helper+0x821/0x930
[   11.293710]  __asan_report_store1_noabort+0x1b/0x30
[   11.293729]  krealloc_more_oob_helper+0x821/0x930
[   11.293750]  ? __schedule+0x10cc/0x2b60
[   11.293771]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.293794]  ? finish_task_switch.isra.0+0x153/0x700
[   11.293815]  ? __switch_to+0x47/0xf50
[   11.293840]  ? __schedule+0x10cc/0x2b60
[   11.293859]  ? __pfx_read_tsc+0x10/0x10
[   11.293883]  krealloc_large_more_oob+0x1c/0x30
[   11.293904]  kunit_try_run_case+0x1a5/0x480
[   11.293927]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.293948]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.293969]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.293990]  ? __kthread_parkme+0x82/0x180
[   11.294011]  ? preempt_count_sub+0x50/0x80
[   11.294032]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.294054]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.294075]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.294096]  kthread+0x337/0x6f0
[   11.294114]  ? trace_preempt_on+0x20/0xc0
[   11.294149]  ? __pfx_kthread+0x10/0x10
[   11.294168]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.294200]  ? calculate_sigpending+0x7b/0xa0
[   11.294223]  ? __pfx_kthread+0x10/0x10
[   11.294243]  ret_from_fork+0x116/0x1d0
[   11.294260]  ? __pfx_kthread+0x10/0x10
[   11.294279]  ret_from_fork_asm+0x1a/0x30
[   11.294308]  </TASK>
[   11.294319] 
[   11.305078] The buggy address belongs to the physical page:
[   11.305371] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0
[   11.305884] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.306544] flags: 0x200000000000040(head|node=0|zone=2)
[   11.306800] page_type: f8(unknown)
[   11.306954] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.307561] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.307985] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.308552] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.309009] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff
[   11.309597] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.310014] page dumped because: kasan: bad access detected
[   11.310520] 
[   11.310620] Memory state around the buggy address:
[   11.310817]  ffff888102aa1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.311253]  ffff888102aa2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.311777] >ffff888102aa2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.312075]                                                           ^
[   11.312837]  ffff888102aa2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.313280]  ffff888102aa2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.313841] ==================================================================
[   11.314605] ==================================================================
[   11.314921] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.315364] Write of size 1 at addr ffff888102aa20f0 by task kunit_try_catch/177
[   11.316228] 
[   11.316506] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.316551] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.316563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.316582] Call Trace:
[   11.316593]  <TASK>
[   11.316608]  dump_stack_lvl+0x73/0xb0
[   11.316636]  print_report+0xd1/0x650
[   11.316657]  ? __virt_addr_valid+0x1db/0x2d0
[   11.316679]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.316702]  ? kasan_addr_to_slab+0x11/0xa0
[   11.316723]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.316747]  kasan_report+0x141/0x180
[   11.316768]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.316794]  __asan_report_store1_noabort+0x1b/0x30
[   11.316813]  krealloc_more_oob_helper+0x7eb/0x930
[   11.316834]  ? __schedule+0x10cc/0x2b60
[   11.316854]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.316877]  ? finish_task_switch.isra.0+0x153/0x700
[   11.316897]  ? __switch_to+0x47/0xf50
[   11.316920]  ? __schedule+0x10cc/0x2b60
[   11.316940]  ? __pfx_read_tsc+0x10/0x10
[   11.316962]  krealloc_large_more_oob+0x1c/0x30
[   11.316983]  kunit_try_run_case+0x1a5/0x480
[   11.317006]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.317026]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.317047]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.317069]  ? __kthread_parkme+0x82/0x180
[   11.317089]  ? preempt_count_sub+0x50/0x80
[   11.317111]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.317151]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.317173]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.317195]  kthread+0x337/0x6f0
[   11.317213]  ? trace_preempt_on+0x20/0xc0
[   11.317234]  ? __pfx_kthread+0x10/0x10
[   11.317255]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.317274]  ? calculate_sigpending+0x7b/0xa0
[   11.317296]  ? __pfx_kthread+0x10/0x10
[   11.317317]  ret_from_fork+0x116/0x1d0
[   11.317334]  ? __pfx_kthread+0x10/0x10
[   11.317353]  ret_from_fork_asm+0x1a/0x30
[   11.317381]  </TASK>
[   11.317392] 
[   11.328868] The buggy address belongs to the physical page:
[   11.329407] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0
[   11.329851] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.330339] flags: 0x200000000000040(head|node=0|zone=2)
[   11.330720] page_type: f8(unknown)
[   11.330891] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.331609] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.332052] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.332659] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.333096] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff
[   11.333575] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.333983] page dumped because: kasan: bad access detected
[   11.334414] 
[   11.334509] Memory state around the buggy address:
[   11.334750]  ffff888102aa1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.335043]  ffff888102aa2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.335630] >ffff888102aa2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.335982]                                                              ^
[   11.336655]  ffff888102aa2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.336979]  ffff888102aa2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.337448] ==================================================================
[   11.081276] ==================================================================
[   11.082970] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.083779] Write of size 1 at addr ffff88810295b4eb by task kunit_try_catch/173
[   11.084024] 
[   11.084118] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.084172] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.084184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.084204] Call Trace:
[   11.084215]  <TASK>
[   11.084230]  dump_stack_lvl+0x73/0xb0
[   11.084320]  print_report+0xd1/0x650
[   11.084344]  ? __virt_addr_valid+0x1db/0x2d0
[   11.084515]  ? krealloc_more_oob_helper+0x821/0x930
[   11.084543]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.084741]  ? krealloc_more_oob_helper+0x821/0x930
[   11.084773]  kasan_report+0x141/0x180
[   11.084808]  ? krealloc_more_oob_helper+0x821/0x930
[   11.084835]  __asan_report_store1_noabort+0x1b/0x30
[   11.084855]  krealloc_more_oob_helper+0x821/0x930
[   11.084876]  ? __schedule+0x10cc/0x2b60
[   11.084898]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.084921]  ? finish_task_switch.isra.0+0x153/0x700
[   11.084943]  ? __switch_to+0x47/0xf50
[   11.084969]  ? __schedule+0x10cc/0x2b60
[   11.084989]  ? __pfx_read_tsc+0x10/0x10
[   11.085012]  krealloc_more_oob+0x1c/0x30
[   11.085032]  kunit_try_run_case+0x1a5/0x480
[   11.085056]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.085077]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.085099]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.085241]  ? __kthread_parkme+0x82/0x180
[   11.085268]  ? preempt_count_sub+0x50/0x80
[   11.085290]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.085312]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.085334]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.085355]  kthread+0x337/0x6f0
[   11.085373]  ? trace_preempt_on+0x20/0xc0
[   11.085395]  ? __pfx_kthread+0x10/0x10
[   11.085414]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.085433]  ? calculate_sigpending+0x7b/0xa0
[   11.085456]  ? __pfx_kthread+0x10/0x10
[   11.085476]  ret_from_fork+0x116/0x1d0
[   11.085493]  ? __pfx_kthread+0x10/0x10
[   11.085511]  ret_from_fork_asm+0x1a/0x30
[   11.085541]  </TASK>
[   11.085551] 
[   11.100579] Allocated by task 173:
[   11.100840]  kasan_save_stack+0x45/0x70
[   11.100986]  kasan_save_track+0x18/0x40
[   11.101116]  kasan_save_alloc_info+0x3b/0x50
[   11.101272]  __kasan_krealloc+0x190/0x1f0
[   11.101443]  krealloc_noprof+0xf3/0x340
[   11.101631]  krealloc_more_oob_helper+0x1a9/0x930
[   11.101864]  krealloc_more_oob+0x1c/0x30
[   11.102060]  kunit_try_run_case+0x1a5/0x480
[   11.102416]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.102638]  kthread+0x337/0x6f0
[   11.102756]  ret_from_fork+0x116/0x1d0
[   11.102941]  ret_from_fork_asm+0x1a/0x30
[   11.103151] 
[   11.103276] The buggy address belongs to the object at ffff88810295b400
[   11.103276]  which belongs to the cache kmalloc-256 of size 256
[   11.103762] The buggy address is located 0 bytes to the right of
[   11.103762]  allocated 235-byte region [ffff88810295b400, ffff88810295b4eb)
[   11.104193] 
[   11.104302] The buggy address belongs to the physical page:
[   11.104703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10295a
[   11.105033] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.105354] flags: 0x200000000000040(head|node=0|zone=2)
[   11.105558] page_type: f5(slab)
[   11.105728] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.106119] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.106394] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.106750] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.107035] head: 0200000000000001 ffffea00040a5681 00000000ffffffff 00000000ffffffff
[   11.107266] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.107742] page dumped because: kasan: bad access detected
[   11.107959] 
[   11.108056] Memory state around the buggy address:
[   11.108241]  ffff88810295b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.108450]  ffff88810295b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.108658] >ffff88810295b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.108863]                                                           ^
[   11.109056]  ffff88810295b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.109273]  ffff88810295b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.109479] ==================================================================
[   11.112263] ==================================================================
[   11.112596] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.113146] Write of size 1 at addr ffff88810295b4f0 by task kunit_try_catch/173
[   11.113630] 
[   11.113737] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.113780] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.113791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.113811] Call Trace:
[   11.113825]  <TASK>
[   11.113840]  dump_stack_lvl+0x73/0xb0
[   11.113866]  print_report+0xd1/0x650
[   11.113887]  ? __virt_addr_valid+0x1db/0x2d0
[   11.113909]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.113930]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.113951]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.113973]  kasan_report+0x141/0x180
[   11.113994]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.114022]  __asan_report_store1_noabort+0x1b/0x30
[   11.114041]  krealloc_more_oob_helper+0x7eb/0x930
[   11.114062]  ? __schedule+0x10cc/0x2b60
[   11.114082]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.114105]  ? finish_task_switch.isra.0+0x153/0x700
[   11.114144]  ? __switch_to+0x47/0xf50
[   11.114168]  ? __schedule+0x10cc/0x2b60
[   11.114189]  ? __pfx_read_tsc+0x10/0x10
[   11.114211]  krealloc_more_oob+0x1c/0x30
[   11.114231]  kunit_try_run_case+0x1a5/0x480
[   11.114254]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.114274]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.114295]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.114317]  ? __kthread_parkme+0x82/0x180
[   11.114336]  ? preempt_count_sub+0x50/0x80
[   11.114357]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.114379]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.114401]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.114423]  kthread+0x337/0x6f0
[   11.114442]  ? trace_preempt_on+0x20/0xc0
[   11.114464]  ? __pfx_kthread+0x10/0x10
[   11.114483]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.114502]  ? calculate_sigpending+0x7b/0xa0
[   11.114534]  ? __pfx_kthread+0x10/0x10
[   11.114554]  ret_from_fork+0x116/0x1d0
[   11.114571]  ? __pfx_kthread+0x10/0x10
[   11.114590]  ret_from_fork_asm+0x1a/0x30
[   11.114619]  </TASK>
[   11.114629] 
[   11.126689] Allocated by task 173:
[   11.126861]  kasan_save_stack+0x45/0x70
[   11.127054]  kasan_save_track+0x18/0x40
[   11.127866]  kasan_save_alloc_info+0x3b/0x50
[   11.128307]  __kasan_krealloc+0x190/0x1f0
[   11.128772]  krealloc_noprof+0xf3/0x340
[   11.129019]  krealloc_more_oob_helper+0x1a9/0x930
[   11.129448]  krealloc_more_oob+0x1c/0x30
[   11.129649]  kunit_try_run_case+0x1a5/0x480
[   11.129836]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.130070]  kthread+0x337/0x6f0
[   11.130658]  ret_from_fork+0x116/0x1d0
[   11.130919]  ret_from_fork_asm+0x1a/0x30
[   11.131335] 
[   11.131719] The buggy address belongs to the object at ffff88810295b400
[   11.131719]  which belongs to the cache kmalloc-256 of size 256
[   11.132598] The buggy address is located 5 bytes to the right of
[   11.132598]  allocated 235-byte region [ffff88810295b400, ffff88810295b4eb)
[   11.133474] 
[   11.133573] The buggy address belongs to the physical page:
[   11.133811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10295a
[   11.134150] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.134742] flags: 0x200000000000040(head|node=0|zone=2)
[   11.134989] page_type: f5(slab)
[   11.135168] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.136267] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.137176] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.137679] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.137919] head: 0200000000000001 ffffea00040a5681 00000000ffffffff 00000000ffffffff
[   11.138248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.138867] page dumped because: kasan: bad access detected
[   11.139134] 
[   11.139247] Memory state around the buggy address:
[   11.139746]  ffff88810295b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.140417]  ffff88810295b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.141225] >ffff88810295b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.141913]                                                              ^
[   11.142593]  ffff88810295b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.143153]  ffff88810295b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.143616] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zNv5yvBPQPFs0AlDSVKFmCWGjk

job_id

TEST:linaro@lkft#2zNvBO4D4nc0xKyTPLk608IUly0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNvBO4D4nc0xKyTPLk608IUly0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv836Th26QbKhGWrQRhDUjHyV/bzImage
sha256sum	48253da22fbaa889314b6cbcef930a574b8fb498c8287c6334dfcaaac35d2646

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv836Th26QbKhGWrQRhDUjHyV/modules.tar.xz
sha256sum	ceda07de898d2f66eaee5047a2cf908012cff52074f56af21475cacb7f203cfd

durations

tests

boot	0
kunit	203.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit