lkft/linux-mainline-master - v6.16-rc4-13-g66701750d556 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 1, 2025, 11:08 a.m.

Environment
qemu-arm64
qemu-x86_64

[   18.248111] ==================================================================
[   18.248195] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.248586] Write of size 1 at addr fff00000c0b9b6f0 by task kunit_try_catch/157
[   18.248666] 
[   18.248750] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.248868] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.248899] Hardware name: linux,dummy-virt (DT)
[   18.248946] Call trace:
[   18.248971]  show_stack+0x20/0x38 (C)
[   18.249027]  dump_stack_lvl+0x8c/0xd0
[   18.249098]  print_report+0x118/0x608
[   18.249162]  kasan_report+0xdc/0x128
[   18.249221]  __asan_report_store1_noabort+0x20/0x30
[   18.249284]  krealloc_more_oob_helper+0x5c0/0x678
[   18.249344]  krealloc_more_oob+0x20/0x38
[   18.249393]  kunit_try_run_case+0x170/0x3f0
[   18.249446]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.249514]  kthread+0x328/0x630
[   18.249560]  ret_from_fork+0x10/0x20
[   18.249623] 
[   18.249643] Allocated by task 157:
[   18.249674]  kasan_save_stack+0x3c/0x68
[   18.249719]  kasan_save_track+0x20/0x40
[   18.249773]  kasan_save_alloc_info+0x40/0x58
[   18.249817]  __kasan_krealloc+0x118/0x178
[   18.249858]  krealloc_noprof+0x128/0x360
[   18.249898]  krealloc_more_oob_helper+0x168/0x678
[   18.249939]  krealloc_more_oob+0x20/0x38
[   18.249980]  kunit_try_run_case+0x170/0x3f0
[   18.250030]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.250077]  kthread+0x328/0x630
[   18.250121]  ret_from_fork+0x10/0x20
[   18.250170] 
[   18.250191] The buggy address belongs to the object at fff00000c0b9b600
[   18.250191]  which belongs to the cache kmalloc-256 of size 256
[   18.250255] The buggy address is located 5 bytes to the right of
[   18.250255]  allocated 235-byte region [fff00000c0b9b600, fff00000c0b9b6eb)
[   18.250325] 
[   18.250347] The buggy address belongs to the physical page:
[   18.250383] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a
[   18.250767] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.250838] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.250901] page_type: f5(slab)
[   18.250950] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.251199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.251302] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.251448] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.251523] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff
[   18.251607] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.251650] page dumped because: kasan: bad access detected
[   18.251684] 
[   18.251703] Memory state around the buggy address:
[   18.251740]  fff00000c0b9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.251932]  fff00000c0b9b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.251987] >fff00000c0b9b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.252071]                                                              ^
[   18.252240]  fff00000c0b9b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.252306]  fff00000c0b9b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.252348] ==================================================================
[   18.310859] ==================================================================
[   18.310916] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.310974] Write of size 1 at addr fff00000c64b60f0 by task kunit_try_catch/161
[   18.311028] 
[   18.311064] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.311214] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.311244] Hardware name: linux,dummy-virt (DT)
[   18.311310] Call trace:
[   18.311350]  show_stack+0x20/0x38 (C)
[   18.311424]  dump_stack_lvl+0x8c/0xd0
[   18.311476]  print_report+0x118/0x608
[   18.311526]  kasan_report+0xdc/0x128
[   18.311574]  __asan_report_store1_noabort+0x20/0x30
[   18.311625]  krealloc_more_oob_helper+0x5c0/0x678
[   18.311678]  krealloc_large_more_oob+0x20/0x38
[   18.311775]  kunit_try_run_case+0x170/0x3f0
[   18.311880]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.312033]  kthread+0x328/0x630
[   18.312159]  ret_from_fork+0x10/0x20
[   18.312296] 
[   18.312320] The buggy address belongs to the physical page:
[   18.312397] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b4
[   18.312471] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.312524] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.312583] page_type: f8(unknown)
[   18.312655] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.312713] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.312766] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.312819] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.312872] head: 0bfffe0000000002 ffffc1ffc3192d01 00000000ffffffff 00000000ffffffff
[   18.312924] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.312990] page dumped because: kasan: bad access detected
[   18.313024] 
[   18.313043] Memory state around the buggy address:
[   18.313126]  fff00000c64b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.313244]  fff00000c64b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.313365] >fff00000c64b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.313530]                                                              ^
[   18.313625]  fff00000c64b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.313712]  fff00000c64b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.313828] ==================================================================
[   18.305986] ==================================================================
[   18.306074] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.306409] Write of size 1 at addr fff00000c64b60eb by task kunit_try_catch/161
[   18.306496] 
[   18.306543] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.306664] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.306707] Hardware name: linux,dummy-virt (DT)
[   18.306744] Call trace:
[   18.306798]  show_stack+0x20/0x38 (C)
[   18.306858]  dump_stack_lvl+0x8c/0xd0
[   18.306911]  print_report+0x118/0x608
[   18.307058]  kasan_report+0xdc/0x128
[   18.307367]  __asan_report_store1_noabort+0x20/0x30
[   18.307522]  krealloc_more_oob_helper+0x60c/0x678
[   18.307626]  krealloc_large_more_oob+0x20/0x38
[   18.307784]  kunit_try_run_case+0x170/0x3f0
[   18.307924]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.307982]  kthread+0x328/0x630
[   18.308030]  ret_from_fork+0x10/0x20
[   18.308111] 
[   18.308150] The buggy address belongs to the physical page:
[   18.308188] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064b4
[   18.308250] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.308304] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.308368] page_type: f8(unknown)
[   18.308611] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.308686] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.308780] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.308905] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.308958] head: 0bfffe0000000002 ffffc1ffc3192d01 00000000ffffffff 00000000ffffffff
[   18.309277] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.309335] page dumped because: kasan: bad access detected
[   18.309371] 
[   18.309390] Memory state around the buggy address:
[   18.309429]  fff00000c64b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.309478]  fff00000c64b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.309525] >fff00000c64b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.309567]                                                           ^
[   18.309614]  fff00000c64b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.309660]  fff00000c64b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.309703] ==================================================================
[   18.239503] ==================================================================
[   18.239649] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.239729] Write of size 1 at addr fff00000c0b9b6eb by task kunit_try_catch/157
[   18.239909] 
[   18.239956] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.240053] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.240082] Hardware name: linux,dummy-virt (DT)
[   18.240351] Call trace:
[   18.240403]  show_stack+0x20/0x38 (C)
[   18.240539]  dump_stack_lvl+0x8c/0xd0
[   18.240678]  print_report+0x118/0x608
[   18.240796]  kasan_report+0xdc/0x128
[   18.240923]  __asan_report_store1_noabort+0x20/0x30
[   18.241039]  krealloc_more_oob_helper+0x60c/0x678
[   18.241188]  krealloc_more_oob+0x20/0x38
[   18.241238]  kunit_try_run_case+0x170/0x3f0
[   18.241604]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.241962]  kthread+0x328/0x630
[   18.242075]  ret_from_fork+0x10/0x20
[   18.242234] 
[   18.242377] Allocated by task 157:
[   18.242439]  kasan_save_stack+0x3c/0x68
[   18.242546]  kasan_save_track+0x20/0x40
[   18.242654]  kasan_save_alloc_info+0x40/0x58
[   18.242765]  __kasan_krealloc+0x118/0x178
[   18.242907]  krealloc_noprof+0x128/0x360
[   18.243003]  krealloc_more_oob_helper+0x168/0x678
[   18.243098]  krealloc_more_oob+0x20/0x38
[   18.243189]  kunit_try_run_case+0x170/0x3f0
[   18.243249]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.243299]  kthread+0x328/0x630
[   18.243334]  ret_from_fork+0x10/0x20
[   18.243373] 
[   18.243395] The buggy address belongs to the object at fff00000c0b9b600
[   18.243395]  which belongs to the cache kmalloc-256 of size 256
[   18.243459] The buggy address is located 0 bytes to the right of
[   18.243459]  allocated 235-byte region [fff00000c0b9b600, fff00000c0b9b6eb)
[   18.243530] 
[   18.243783] The buggy address belongs to the physical page:
[   18.243839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a
[   18.243904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.243970] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.244034] page_type: f5(slab)
[   18.244104] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.244401] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.244535] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.244593] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.244646] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff
[   18.244899] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.244982] page dumped because: kasan: bad access detected
[   18.245053] 
[   18.245075] Memory state around the buggy address:
[   18.245437]  fff00000c0b9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.245521]  fff00000c0b9b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.245607] >fff00000c0b9b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.245703]                                                           ^
[   18.245803]  fff00000c0b9b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.245850]  fff00000c0b9b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.245911] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zGr6Ce6Ri2B5pZnaXSzRDbxhyc

job_id

TEST:linaro@lkft#2zGrALjnpHgW8eWeNu7OhsmdqQI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zGrALjnpHgW8eWeNu7OhsmdqQI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zGr7BGRYbYig5LdRleNR5RdPjT/Image.gz
sha256sum	5a02784fbab48390be9171d4f1e523abdd150bc80f088fc7c2fb05b24554e195

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zGr7BGRYbYig5LdRleNR5RdPjT/modules.tar.xz
sha256sum	213360982ceced70a8982889efd2a9532dbadabc32c48aa9381566c7566bb32e

durations

tests

boot	0
kunit	203.39

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.354551] ==================================================================
[   11.354853] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.355189] Write of size 1 at addr ffff8881027be0f0 by task kunit_try_catch/177
[   11.355488] 
[   11.355604] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.355757] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.355769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.355789] Call Trace:
[   11.355808]  <TASK>
[   11.355828]  dump_stack_lvl+0x73/0xb0
[   11.355858]  print_report+0xd1/0x650
[   11.355882]  ? __virt_addr_valid+0x1db/0x2d0
[   11.355904]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.356137]  ? kasan_addr_to_slab+0x11/0xa0
[   11.356162]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.356185]  kasan_report+0x141/0x180
[   11.356206]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.356233]  __asan_report_store1_noabort+0x1b/0x30
[   11.356253]  krealloc_more_oob_helper+0x7eb/0x930
[   11.356274]  ? __schedule+0x10cc/0x2b60
[   11.356295]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.356339]  ? finish_task_switch.isra.0+0x153/0x700
[   11.356360]  ? __switch_to+0x47/0xf50
[   11.356405]  ? __schedule+0x10cc/0x2b60
[   11.356424]  ? __pfx_read_tsc+0x10/0x10
[   11.356448]  krealloc_large_more_oob+0x1c/0x30
[   11.356488]  kunit_try_run_case+0x1a5/0x480
[   11.356512]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.356533]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.356556]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.356578]  ? __kthread_parkme+0x82/0x180
[   11.356598]  ? preempt_count_sub+0x50/0x80
[   11.356619]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.356641]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.356662]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.356684]  kthread+0x337/0x6f0
[   11.356701]  ? trace_preempt_on+0x20/0xc0
[   11.356724]  ? __pfx_kthread+0x10/0x10
[   11.356743]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.356763]  ? calculate_sigpending+0x7b/0xa0
[   11.356785]  ? __pfx_kthread+0x10/0x10
[   11.356805]  ret_from_fork+0x116/0x1d0
[   11.356822]  ? __pfx_kthread+0x10/0x10
[   11.356841]  ret_from_fork_asm+0x1a/0x30
[   11.356871]  </TASK>
[   11.356881] 
[   11.366130] The buggy address belongs to the physical page:
[   11.366362] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc
[   11.366844] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.367292] flags: 0x200000000000040(head|node=0|zone=2)
[   11.367600] page_type: f8(unknown)
[   11.367788] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.368345] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.368634] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.368865] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.369202] head: 0200000000000002 ffffea000409ef01 00000000ffffffff 00000000ffffffff
[   11.369861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.370171] page dumped because: kasan: bad access detected
[   11.370506] 
[   11.370592] Memory state around the buggy address:
[   11.370857]  ffff8881027bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.371197]  ffff8881027be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.371421] >ffff8881027be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.371807]                                                              ^
[   11.372600]  ffff8881027be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.373281]  ffff8881027be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.373587] ==================================================================
[   11.332013] ==================================================================
[   11.332520] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.332908] Write of size 1 at addr ffff8881027be0eb by task kunit_try_catch/177
[   11.333209] 
[   11.333367] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.333426] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.333438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.333479] Call Trace:
[   11.333493]  <TASK>
[   11.333527]  dump_stack_lvl+0x73/0xb0
[   11.333572]  print_report+0xd1/0x650
[   11.333595]  ? __virt_addr_valid+0x1db/0x2d0
[   11.333620]  ? krealloc_more_oob_helper+0x821/0x930
[   11.333642]  ? kasan_addr_to_slab+0x11/0xa0
[   11.333661]  ? krealloc_more_oob_helper+0x821/0x930
[   11.333683]  kasan_report+0x141/0x180
[   11.333704]  ? krealloc_more_oob_helper+0x821/0x930
[   11.333739]  __asan_report_store1_noabort+0x1b/0x30
[   11.333759]  krealloc_more_oob_helper+0x821/0x930
[   11.333780]  ? __schedule+0x10cc/0x2b60
[   11.333801]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.333824]  ? finish_task_switch.isra.0+0x153/0x700
[   11.333847]  ? __switch_to+0x47/0xf50
[   11.333873]  ? __schedule+0x10cc/0x2b60
[   11.333893]  ? __pfx_read_tsc+0x10/0x10
[   11.333918]  krealloc_large_more_oob+0x1c/0x30
[   11.333940]  kunit_try_run_case+0x1a5/0x480
[   11.333966]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.333987]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.334010]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.334032]  ? __kthread_parkme+0x82/0x180
[   11.334053]  ? preempt_count_sub+0x50/0x80
[   11.334074]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.334096]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.334117]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.334158]  kthread+0x337/0x6f0
[   11.334176]  ? trace_preempt_on+0x20/0xc0
[   11.334200]  ? __pfx_kthread+0x10/0x10
[   11.334219]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.334239]  ? calculate_sigpending+0x7b/0xa0
[   11.334262]  ? __pfx_kthread+0x10/0x10
[   11.334282]  ret_from_fork+0x116/0x1d0
[   11.334299]  ? __pfx_kthread+0x10/0x10
[   11.334335]  ret_from_fork_asm+0x1a/0x30
[   11.334366]  </TASK>
[   11.334387] 
[   11.343862] The buggy address belongs to the physical page:
[   11.344070] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027bc
[   11.345226] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.345736] flags: 0x200000000000040(head|node=0|zone=2)
[   11.346353] page_type: f8(unknown)
[   11.346541] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.347201] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.347530] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.348528] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.349224] head: 0200000000000002 ffffea000409ef01 00000000ffffffff 00000000ffffffff
[   11.349548] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.349856] page dumped because: kasan: bad access detected
[   11.350126] 
[   11.350217] Memory state around the buggy address:
[   11.350423]  ffff8881027bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.351326]  ffff8881027be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.351624] >ffff8881027be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.352451]                                                           ^
[   11.353155]  ffff8881027be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.353451]  ffff8881027be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.353918] ==================================================================
[   11.156709] ==================================================================
[   11.157578] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.158367] Write of size 1 at addr ffff88810033b6eb by task kunit_try_catch/173
[   11.158858] 
[   11.159080] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.159129] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.159140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.159183] Call Trace:
[   11.159198]  <TASK>
[   11.159216]  dump_stack_lvl+0x73/0xb0
[   11.159247]  print_report+0xd1/0x650
[   11.159270]  ? __virt_addr_valid+0x1db/0x2d0
[   11.159292]  ? krealloc_more_oob_helper+0x821/0x930
[   11.159314]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.159335]  ? krealloc_more_oob_helper+0x821/0x930
[   11.159357]  kasan_report+0x141/0x180
[   11.159387]  ? krealloc_more_oob_helper+0x821/0x930
[   11.159414]  __asan_report_store1_noabort+0x1b/0x30
[   11.159433]  krealloc_more_oob_helper+0x821/0x930
[   11.159453]  ? __schedule+0x10cc/0x2b60
[   11.159474]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.159497]  ? finish_task_switch.isra.0+0x153/0x700
[   11.159519]  ? __switch_to+0x47/0xf50
[   11.159543]  ? __schedule+0x10cc/0x2b60
[   11.159580]  ? __pfx_read_tsc+0x10/0x10
[   11.159603]  krealloc_more_oob+0x1c/0x30
[   11.159623]  kunit_try_run_case+0x1a5/0x480
[   11.159647]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.159667]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.159689]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.159710]  ? __kthread_parkme+0x82/0x180
[   11.159730]  ? preempt_count_sub+0x50/0x80
[   11.159751]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.159773]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.159794]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.159815]  kthread+0x337/0x6f0
[   11.159833]  ? trace_preempt_on+0x20/0xc0
[   11.159855]  ? __pfx_kthread+0x10/0x10
[   11.159874]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.159894]  ? calculate_sigpending+0x7b/0xa0
[   11.159933]  ? __pfx_kthread+0x10/0x10
[   11.159953]  ret_from_fork+0x116/0x1d0
[   11.159970]  ? __pfx_kthread+0x10/0x10
[   11.159989]  ret_from_fork_asm+0x1a/0x30
[   11.160018]  </TASK>
[   11.160029] 
[   11.171205] Allocated by task 173:
[   11.171359]  kasan_save_stack+0x45/0x70
[   11.171519]  kasan_save_track+0x18/0x40
[   11.171820]  kasan_save_alloc_info+0x3b/0x50
[   11.172239]  __kasan_krealloc+0x190/0x1f0
[   11.172630]  krealloc_noprof+0xf3/0x340
[   11.173036]  krealloc_more_oob_helper+0x1a9/0x930
[   11.173480]  krealloc_more_oob+0x1c/0x30
[   11.173893]  kunit_try_run_case+0x1a5/0x480
[   11.174333]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.174877]  kthread+0x337/0x6f0
[   11.175167]  ret_from_fork+0x116/0x1d0
[   11.175587]  ret_from_fork_asm+0x1a/0x30
[   11.175996] 
[   11.176186] The buggy address belongs to the object at ffff88810033b600
[   11.176186]  which belongs to the cache kmalloc-256 of size 256
[   11.176872] The buggy address is located 0 bytes to the right of
[   11.176872]  allocated 235-byte region [ffff88810033b600, ffff88810033b6eb)
[   11.177443] 
[   11.177531] The buggy address belongs to the physical page:
[   11.177871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a
[   11.178598] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.179073] flags: 0x200000000000040(head|node=0|zone=2)
[   11.179546] page_type: f5(slab)
[   11.179770] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.180230] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.180599] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.180832] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.181524] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff
[   11.182303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.182894] page dumped because: kasan: bad access detected
[   11.183308] 
[   11.183484] Memory state around the buggy address:
[   11.183999]  ffff88810033b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.184244]  ffff88810033b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.184477] >ffff88810033b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.184691]                                                           ^
[   11.185057]  ffff88810033b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.185514]  ffff88810033b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.185793] ==================================================================
[   11.186764] ==================================================================
[   11.187022] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.187323] Write of size 1 at addr ffff88810033b6f0 by task kunit_try_catch/173
[   11.188270] 
[   11.188406] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.188452] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.188464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.188484] Call Trace:
[   11.188495]  <TASK>
[   11.188514]  dump_stack_lvl+0x73/0xb0
[   11.188544]  print_report+0xd1/0x650
[   11.188567]  ? __virt_addr_valid+0x1db/0x2d0
[   11.188589]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.188611]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.188631]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.188654]  kasan_report+0x141/0x180
[   11.188674]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.188700]  __asan_report_store1_noabort+0x1b/0x30
[   11.188720]  krealloc_more_oob_helper+0x7eb/0x930
[   11.188741]  ? __schedule+0x10cc/0x2b60
[   11.188763]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.188786]  ? finish_task_switch.isra.0+0x153/0x700
[   11.188807]  ? __switch_to+0x47/0xf50
[   11.188832]  ? __schedule+0x10cc/0x2b60
[   11.188852]  ? __pfx_read_tsc+0x10/0x10
[   11.188875]  krealloc_more_oob+0x1c/0x30
[   11.188895]  kunit_try_run_case+0x1a5/0x480
[   11.188919]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.188941]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.188963]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.188984]  ? __kthread_parkme+0x82/0x180
[   11.189004]  ? preempt_count_sub+0x50/0x80
[   11.189025]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.189047]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.189068]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.189089]  kthread+0x337/0x6f0
[   11.189107]  ? trace_preempt_on+0x20/0xc0
[   11.189129]  ? __pfx_kthread+0x10/0x10
[   11.189148]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.189167]  ? calculate_sigpending+0x7b/0xa0
[   11.189190]  ? __pfx_kthread+0x10/0x10
[   11.189210]  ret_from_fork+0x116/0x1d0
[   11.189227]  ? __pfx_kthread+0x10/0x10
[   11.189245]  ret_from_fork_asm+0x1a/0x30
[   11.189274]  </TASK>
[   11.189285] 
[   11.197195] Allocated by task 173:
[   11.197416]  kasan_save_stack+0x45/0x70
[   11.197621]  kasan_save_track+0x18/0x40
[   11.197809]  kasan_save_alloc_info+0x3b/0x50
[   11.198014]  __kasan_krealloc+0x190/0x1f0
[   11.198174]  krealloc_noprof+0xf3/0x340
[   11.198307]  krealloc_more_oob_helper+0x1a9/0x930
[   11.198938]  krealloc_more_oob+0x1c/0x30
[   11.199422]  kunit_try_run_case+0x1a5/0x480
[   11.199642]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.199857]  kthread+0x337/0x6f0
[   11.200067]  ret_from_fork+0x116/0x1d0
[   11.200244]  ret_from_fork_asm+0x1a/0x30
[   11.200434] 
[   11.200505] The buggy address belongs to the object at ffff88810033b600
[   11.200505]  which belongs to the cache kmalloc-256 of size 256
[   11.201359] The buggy address is located 5 bytes to the right of
[   11.201359]  allocated 235-byte region [ffff88810033b600, ffff88810033b6eb)
[   11.201894] 
[   11.202280] The buggy address belongs to the physical page:
[   11.202480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033a
[   11.202734] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.203070] flags: 0x200000000000040(head|node=0|zone=2)
[   11.203492] page_type: f5(slab)
[   11.203716] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.204118] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.204444] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.204678] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.205016] head: 0200000000000001 ffffea000400ce81 00000000ffffffff 00000000ffffffff
[   11.205363] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.205710] page dumped because: kasan: bad access detected
[   11.205963] 
[   11.206036] Memory state around the buggy address:
[   11.206269]  ffff88810033b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.206562]  ffff88810033b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.206778] >ffff88810033b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.207057]                                                              ^
[   11.207658]  ffff88810033b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.207927]  ffff88810033b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.208472] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zGr6Ce6Ri2B5pZnaXSzRDbxhyc

job_id

TEST:linaro@lkft#2zGrBKAaMqMXfzerKDOguhlxeG5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zGrBKAaMqMXfzerKDOguhlxeG5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zGr8I9me2hETTSnuhqzw1ys3Jo/bzImage
sha256sum	166ea90a45c6965d6c837e0dd704bb6700e09c75c0aace06087c5a275b39f58c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zGr8I9me2hETTSnuhqzw1ys3Jo/modules.tar.xz
sha256sum	e61e1a4b702041c012eeae402a8ee5d6df5446ae660b5e733687269ac5311f1b

durations

tests

boot	0
kunit	234.89

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit