lkft/linux-mainline-master - v6.16-rc4-286-gc435a4f487e8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 4, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.874408] ==================================================================
[   17.874502] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.874904] Write of size 1 at addr fff00000c5d292f0 by task kunit_try_catch/156
[   17.875446] 
[   17.875731] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.875831] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.875857] Hardware name: linux,dummy-virt (DT)
[   17.876211] Call trace:
[   17.876266]  show_stack+0x20/0x38 (C)
[   17.876402]  dump_stack_lvl+0x8c/0xd0
[   17.876506]  print_report+0x118/0x608
[   17.876565]  kasan_report+0xdc/0x128
[   17.876942]  __asan_report_store1_noabort+0x20/0x30
[   17.877159]  krealloc_more_oob_helper+0x5c0/0x678
[   17.877281]  krealloc_more_oob+0x20/0x38
[   17.877406]  kunit_try_run_case+0x170/0x3f0
[   17.877511]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.877672]  kthread+0x328/0x630
[   17.877752]  ret_from_fork+0x10/0x20
[   17.878056] 
[   17.878572] Allocated by task 156:
[   17.878628]  kasan_save_stack+0x3c/0x68
[   17.878757]  kasan_save_track+0x20/0x40
[   17.878897]  kasan_save_alloc_info+0x40/0x58
[   17.880076]  __kasan_krealloc+0x118/0x178
[   17.880114]  krealloc_noprof+0x128/0x360
[   17.880151]  krealloc_more_oob_helper+0x168/0x678
[   17.880189]  krealloc_more_oob+0x20/0x38
[   17.880224]  kunit_try_run_case+0x170/0x3f0
[   17.880259]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.880301]  kthread+0x328/0x630
[   17.880332]  ret_from_fork+0x10/0x20
[   17.880366] 
[   17.880385] The buggy address belongs to the object at fff00000c5d29200
[   17.880385]  which belongs to the cache kmalloc-256 of size 256
[   17.880440] The buggy address is located 5 bytes to the right of
[   17.880440]  allocated 235-byte region [fff00000c5d29200, fff00000c5d292eb)
[   17.880500] 
[   17.880519] The buggy address belongs to the physical page:
[   17.880551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d28
[   17.880604] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.880648] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.880699] page_type: f5(slab)
[   17.880736] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.880783] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.880842] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.880888] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.880934] head: 0bfffe0000000001 ffffc1ffc3174a01 00000000ffffffff 00000000ffffffff
[   17.880982] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.881020] page dumped because: kasan: bad access detected
[   17.881171] 
[   17.881387] Memory state around the buggy address:
[   17.881430]  fff00000c5d29180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.881619]  fff00000c5d29200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.881794] >fff00000c5d29280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.881967]                                                              ^
[   17.882056]  fff00000c5d29300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.882148]  fff00000c5d29380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.882464] ==================================================================
[   17.865122] ==================================================================
[   17.865184] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.865233] Write of size 1 at addr fff00000c5d292eb by task kunit_try_catch/156
[   17.865645] 
[   17.865692] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.866016] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.866071] Hardware name: linux,dummy-virt (DT)
[   17.866144] Call trace:
[   17.866214]  show_stack+0x20/0x38 (C)
[   17.866268]  dump_stack_lvl+0x8c/0xd0
[   17.866446]  print_report+0x118/0x608
[   17.866494]  kasan_report+0xdc/0x128
[   17.866567]  __asan_report_store1_noabort+0x20/0x30
[   17.866648]  krealloc_more_oob_helper+0x60c/0x678
[   17.866699]  krealloc_more_oob+0x20/0x38
[   17.866743]  kunit_try_run_case+0x170/0x3f0
[   17.866789]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.866850]  kthread+0x328/0x630
[   17.866894]  ret_from_fork+0x10/0x20
[   17.867185] 
[   17.867206] Allocated by task 156:
[   17.867236]  kasan_save_stack+0x3c/0x68
[   17.867545]  kasan_save_track+0x20/0x40
[   17.867615]  kasan_save_alloc_info+0x40/0x58
[   17.867731]  __kasan_krealloc+0x118/0x178
[   17.867772]  krealloc_noprof+0x128/0x360
[   17.868242]  krealloc_more_oob_helper+0x168/0x678
[   17.868363]  krealloc_more_oob+0x20/0x38
[   17.868617]  kunit_try_run_case+0x170/0x3f0
[   17.868831]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.868905]  kthread+0x328/0x630
[   17.869121]  ret_from_fork+0x10/0x20
[   17.869276] 
[   17.869414] The buggy address belongs to the object at fff00000c5d29200
[   17.869414]  which belongs to the cache kmalloc-256 of size 256
[   17.869527] The buggy address is located 0 bytes to the right of
[   17.869527]  allocated 235-byte region [fff00000c5d29200, fff00000c5d292eb)
[   17.869634] 
[   17.870058] The buggy address belongs to the physical page:
[   17.870191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d28
[   17.870325] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.870373] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.870591] page_type: f5(slab)
[   17.870826] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.870899] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.871075] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.871127] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.871526] head: 0bfffe0000000001 ffffc1ffc3174a01 00000000ffffffff 00000000ffffffff
[   17.871640] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.871784] page dumped because: kasan: bad access detected
[   17.871872] 
[   17.871891] Memory state around the buggy address:
[   17.872206]  fff00000c5d29180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.872253]  fff00000c5d29200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.872294] >fff00000c5d29280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.872370]                                                           ^
[   17.872431]  fff00000c5d29300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.872472]  fff00000c5d29380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.872509] ==================================================================
[   17.957872] ==================================================================
[   17.957917] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.957968] Write of size 1 at addr fff00000c76c20f0 by task kunit_try_catch/160
[   17.958015] 
[   17.958046] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.958123] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.958148] Hardware name: linux,dummy-virt (DT)
[   17.958178] Call trace:
[   17.958199]  show_stack+0x20/0x38 (C)
[   17.958245]  dump_stack_lvl+0x8c/0xd0
[   17.958292]  print_report+0x118/0x608
[   17.958337]  kasan_report+0xdc/0x128
[   17.958381]  __asan_report_store1_noabort+0x20/0x30
[   17.958427]  krealloc_more_oob_helper+0x5c0/0x678
[   17.958476]  krealloc_large_more_oob+0x20/0x38
[   17.958525]  kunit_try_run_case+0x170/0x3f0
[   17.958572]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.958623]  kthread+0x328/0x630
[   17.958664]  ret_from_fork+0x10/0x20
[   17.958709] 
[   17.958728] The buggy address belongs to the physical page:
[   17.958757] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c0
[   17.959600] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.959894] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.960138] page_type: f8(unknown)
[   17.960187] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.960400] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.960454] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.960535] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.960681] head: 0bfffe0000000002 ffffc1ffc31db001 00000000ffffffff 00000000ffffffff
[   17.960889] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.961069] page dumped because: kasan: bad access detected
[   17.961152] 
[   17.961257] Memory state around the buggy address:
[   17.961326]  fff00000c76c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.961417]  fff00000c76c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.961692] >fff00000c76c2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.961763]                                                              ^
[   17.961950]  fff00000c76c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.962282]  fff00000c76c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.962350] ==================================================================
[   17.953936] ==================================================================
[   17.954003] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.954070] Write of size 1 at addr fff00000c76c20eb by task kunit_try_catch/160
[   17.954119] 
[   17.954157] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.954238] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.954264] Hardware name: linux,dummy-virt (DT)
[   17.954297] Call trace:
[   17.954319]  show_stack+0x20/0x38 (C)
[   17.954369]  dump_stack_lvl+0x8c/0xd0
[   17.954416]  print_report+0x118/0x608
[   17.954461]  kasan_report+0xdc/0x128
[   17.954507]  __asan_report_store1_noabort+0x20/0x30
[   17.954554]  krealloc_more_oob_helper+0x60c/0x678
[   17.954601]  krealloc_large_more_oob+0x20/0x38
[   17.954648]  kunit_try_run_case+0x170/0x3f0
[   17.954695]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.954745]  kthread+0x328/0x630
[   17.955561]  ret_from_fork+0x10/0x20
[   17.955644] 
[   17.955943] The buggy address belongs to the physical page:
[   17.955983] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c0
[   17.956040] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.956550] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.956613] page_type: f8(unknown)
[   17.956869] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.956923] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.956971] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.957017] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.957063] head: 0bfffe0000000002 ffffc1ffc31db001 00000000ffffffff 00000000ffffffff
[   17.957109] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.957146] page dumped because: kasan: bad access detected
[   17.957176] 
[   17.957193] Memory state around the buggy address:
[   17.957226]  fff00000c76c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.957267]  fff00000c76c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.957307] >fff00000c76c2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.957344]                                                           ^
[   17.957381]  fff00000c76c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.957420]  fff00000c76c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.957456] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkRTcOxNG0RjFqEvXKm3x6sPC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkRTcOxNG0RjFqEvXKm3x6sPC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/Image.gz
sha256sum	5fbd8c3970ae36e29a834ce01bc6e4bd25f6cdde84c4785eddd5944e7fac6f3e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/modules.tar.xz
sha256sum	dab8e8682ec9a5cba2412ad5c71233241414072bbb9a1ce395053c4d1adb684f

durations

tests

boot	0
kunit	176.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.630500] ==================================================================
[   11.630977] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.631338] Write of size 1 at addr ffff8881027420eb by task kunit_try_catch/177
[   11.631840] 
[   11.631965] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.632015] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.632027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.632049] Call Trace:
[   11.632064]  <TASK>
[   11.632083]  dump_stack_lvl+0x73/0xb0
[   11.632116]  print_report+0xd1/0x650
[   11.632140]  ? __virt_addr_valid+0x1db/0x2d0
[   11.632161]  ? krealloc_more_oob_helper+0x821/0x930
[   11.632184]  ? kasan_addr_to_slab+0x11/0xa0
[   11.632203]  ? krealloc_more_oob_helper+0x821/0x930
[   11.632238]  kasan_report+0x141/0x180
[   11.632259]  ? krealloc_more_oob_helper+0x821/0x930
[   11.632286]  __asan_report_store1_noabort+0x1b/0x30
[   11.632305]  krealloc_more_oob_helper+0x821/0x930
[   11.632326]  ? __schedule+0x10cc/0x2b60
[   11.632347]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.632369]  ? finish_task_switch.isra.0+0x153/0x700
[   11.632391]  ? __switch_to+0x47/0xf50
[   11.632415]  ? __schedule+0x10cc/0x2b60
[   11.632434]  ? __pfx_read_tsc+0x10/0x10
[   11.632457]  krealloc_large_more_oob+0x1c/0x30
[   11.632478]  kunit_try_run_case+0x1a5/0x480
[   11.632503]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.632524]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.632547]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.632569]  ? __kthread_parkme+0x82/0x180
[   11.632590]  ? preempt_count_sub+0x50/0x80
[   11.632611]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.632633]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.632655]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.632676]  kthread+0x337/0x6f0
[   11.632694]  ? trace_preempt_on+0x20/0xc0
[   11.632717]  ? __pfx_kthread+0x10/0x10
[   11.632736]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.632755]  ? calculate_sigpending+0x7b/0xa0
[   11.632778]  ? __pfx_kthread+0x10/0x10
[   11.632805]  ret_from_fork+0x116/0x1d0
[   11.632822]  ? __pfx_kthread+0x10/0x10
[   11.632841]  ret_from_fork_asm+0x1a/0x30
[   11.632871]  </TASK>
[   11.632882] 
[   11.645000] The buggy address belongs to the physical page:
[   11.645349] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102740
[   11.645694] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.646010] flags: 0x200000000000040(head|node=0|zone=2)
[   11.646255] page_type: f8(unknown)
[   11.646771] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.647080] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.647525] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.647875] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.648444] head: 0200000000000002 ffffea000409d001 00000000ffffffff 00000000ffffffff
[   11.648766] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.649095] page dumped because: kasan: bad access detected
[   11.649574] 
[   11.649663] Memory state around the buggy address:
[   11.649946]  ffff888102741f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.650722]  ffff888102742000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.651136] >ffff888102742080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.651541]                                                           ^
[   11.652000]  ffff888102742100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.652592]  ffff888102742180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.652997] ==================================================================
[   11.449990] ==================================================================
[   11.451157] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.451833] Write of size 1 at addr ffff888100aa30eb by task kunit_try_catch/173
[   11.452140] 
[   11.452255] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.452308] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.452320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.452345] Call Trace:
[   11.452361]  <TASK>
[   11.452381]  dump_stack_lvl+0x73/0xb0
[   11.452418]  print_report+0xd1/0x650
[   11.452441]  ? __virt_addr_valid+0x1db/0x2d0
[   11.452465]  ? krealloc_more_oob_helper+0x821/0x930
[   11.452487]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.452509]  ? krealloc_more_oob_helper+0x821/0x930
[   11.452532]  kasan_report+0x141/0x180
[   11.452553]  ? krealloc_more_oob_helper+0x821/0x930
[   11.452580]  __asan_report_store1_noabort+0x1b/0x30
[   11.452599]  krealloc_more_oob_helper+0x821/0x930
[   11.452620]  ? __schedule+0x10cc/0x2b60
[   11.452641]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.452664]  ? finish_task_switch.isra.0+0x153/0x700
[   11.452686]  ? __switch_to+0x47/0xf50
[   11.452711]  ? __schedule+0x10cc/0x2b60
[   11.452731]  ? __pfx_read_tsc+0x10/0x10
[   11.452755]  krealloc_more_oob+0x1c/0x30
[   11.452775]  kunit_try_run_case+0x1a5/0x480
[   11.452809]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.452829]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.452852]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.452890]  ? __kthread_parkme+0x82/0x180
[   11.452911]  ? preempt_count_sub+0x50/0x80
[   11.452952]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.452975]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.452996]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.453019]  kthread+0x337/0x6f0
[   11.453037]  ? trace_preempt_on+0x20/0xc0
[   11.453059]  ? __pfx_kthread+0x10/0x10
[   11.453078]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.453098]  ? calculate_sigpending+0x7b/0xa0
[   11.453121]  ? __pfx_kthread+0x10/0x10
[   11.453141]  ret_from_fork+0x116/0x1d0
[   11.453159]  ? __pfx_kthread+0x10/0x10
[   11.453178]  ret_from_fork_asm+0x1a/0x30
[   11.453208]  </TASK>
[   11.453230] 
[   11.464063] Allocated by task 173:
[   11.464531]  kasan_save_stack+0x45/0x70
[   11.464762]  kasan_save_track+0x18/0x40
[   11.464957]  kasan_save_alloc_info+0x3b/0x50
[   11.465153]  __kasan_krealloc+0x190/0x1f0
[   11.465865]  krealloc_noprof+0xf3/0x340
[   11.466128]  krealloc_more_oob_helper+0x1a9/0x930
[   11.466780]  krealloc_more_oob+0x1c/0x30
[   11.467046]  kunit_try_run_case+0x1a5/0x480
[   11.467533]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.467910]  kthread+0x337/0x6f0
[   11.468076]  ret_from_fork+0x116/0x1d0
[   11.468580]  ret_from_fork_asm+0x1a/0x30
[   11.468858] 
[   11.468957] The buggy address belongs to the object at ffff888100aa3000
[   11.468957]  which belongs to the cache kmalloc-256 of size 256
[   11.469897] The buggy address is located 0 bytes to the right of
[   11.469897]  allocated 235-byte region [ffff888100aa3000, ffff888100aa30eb)
[   11.470678] 
[   11.470783] The buggy address belongs to the physical page:
[   11.471029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa2
[   11.471867] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.472166] flags: 0x200000000000040(head|node=0|zone=2)
[   11.472675] page_type: f5(slab)
[   11.472859] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.473171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.473851] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.474170] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.474508] head: 0200000000000001 ffffea000402a881 00000000ffffffff 00000000ffffffff
[   11.474857] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.475131] page dumped because: kasan: bad access detected
[   11.475482] 
[   11.475559] Memory state around the buggy address:
[   11.475837]  ffff888100aa2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.476118]  ffff888100aa3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.476498] >ffff888100aa3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.476795]                                                           ^
[   11.477138]  ffff888100aa3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.477707]  ffff888100aa3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.478002] ==================================================================
[   11.653738] ==================================================================
[   11.654011] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.654303] Write of size 1 at addr ffff8881027420f0 by task kunit_try_catch/177
[   11.654630] 
[   11.654743] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.654790] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.654802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.654823] Call Trace:
[   11.654845]  <TASK>
[   11.654864]  dump_stack_lvl+0x73/0xb0
[   11.654895]  print_report+0xd1/0x650
[   11.654916]  ? __virt_addr_valid+0x1db/0x2d0
[   11.654938]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.654959]  ? kasan_addr_to_slab+0x11/0xa0
[   11.654978]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.655000]  kasan_report+0x141/0x180
[   11.655020]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.655047]  __asan_report_store1_noabort+0x1b/0x30
[   11.655066]  krealloc_more_oob_helper+0x7eb/0x930
[   11.655087]  ? __schedule+0x10cc/0x2b60
[   11.655108]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.655130]  ? finish_task_switch.isra.0+0x153/0x700
[   11.655151]  ? __switch_to+0x47/0xf50
[   11.655175]  ? __schedule+0x10cc/0x2b60
[   11.655195]  ? __pfx_read_tsc+0x10/0x10
[   11.655733]  krealloc_large_more_oob+0x1c/0x30
[   11.655776]  kunit_try_run_case+0x1a5/0x480
[   11.655801]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.655822]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.655845]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.655866]  ? __kthread_parkme+0x82/0x180
[   11.655886]  ? preempt_count_sub+0x50/0x80
[   11.655908]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.655929]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.655950]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.655971]  kthread+0x337/0x6f0
[   11.655989]  ? trace_preempt_on+0x20/0xc0
[   11.656012]  ? __pfx_kthread+0x10/0x10
[   11.656031]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.656051]  ? calculate_sigpending+0x7b/0xa0
[   11.656074]  ? __pfx_kthread+0x10/0x10
[   11.656094]  ret_from_fork+0x116/0x1d0
[   11.656112]  ? __pfx_kthread+0x10/0x10
[   11.656131]  ret_from_fork_asm+0x1a/0x30
[   11.656160]  </TASK>
[   11.656171] 
[   11.664293] The buggy address belongs to the physical page:
[   11.664591] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102740
[   11.664894] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.665279] flags: 0x200000000000040(head|node=0|zone=2)
[   11.665529] page_type: f8(unknown)
[   11.665675] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.665977] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.666352] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.666580] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.666871] head: 0200000000000002 ffffea000409d001 00000000ffffffff 00000000ffffffff
[   11.667532] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.667853] page dumped because: kasan: bad access detected
[   11.668091] 
[   11.668262] Memory state around the buggy address:
[   11.668465]  ffff888102741f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.668680]  ffff888102742000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.668984] >ffff888102742080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.669316]                                                              ^
[   11.669599]  ffff888102742100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.669843]  ffff888102742180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.670080] ==================================================================
[   11.478765] ==================================================================
[   11.479023] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.479720] Write of size 1 at addr ffff888100aa30f0 by task kunit_try_catch/173
[   11.480022] 
[   11.480156] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.480205] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.480230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.480253] Call Trace:
[   11.480274]  <TASK>
[   11.480293]  dump_stack_lvl+0x73/0xb0
[   11.480328]  print_report+0xd1/0x650
[   11.480352]  ? __virt_addr_valid+0x1db/0x2d0
[   11.480373]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.480396]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.480417]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.480440]  kasan_report+0x141/0x180
[   11.480533]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.480562]  __asan_report_store1_noabort+0x1b/0x30
[   11.480605]  krealloc_more_oob_helper+0x7eb/0x930
[   11.480626]  ? __schedule+0x10cc/0x2b60
[   11.480648]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.480684]  ? finish_task_switch.isra.0+0x153/0x700
[   11.480707]  ? __switch_to+0x47/0xf50
[   11.480732]  ? __schedule+0x10cc/0x2b60
[   11.480751]  ? __pfx_read_tsc+0x10/0x10
[   11.480776]  krealloc_more_oob+0x1c/0x30
[   11.480808]  kunit_try_run_case+0x1a5/0x480
[   11.480833]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.480854]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.480876]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.480897]  ? __kthread_parkme+0x82/0x180
[   11.480916]  ? preempt_count_sub+0x50/0x80
[   11.480937]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.480959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.480980]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.481018]  kthread+0x337/0x6f0
[   11.481037]  ? trace_preempt_on+0x20/0xc0
[   11.481059]  ? __pfx_kthread+0x10/0x10
[   11.481078]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.481097]  ? calculate_sigpending+0x7b/0xa0
[   11.481120]  ? __pfx_kthread+0x10/0x10
[   11.481141]  ret_from_fork+0x116/0x1d0
[   11.481158]  ? __pfx_kthread+0x10/0x10
[   11.481177]  ret_from_fork_asm+0x1a/0x30
[   11.481664]  </TASK>
[   11.481685] 
[   11.491202] Allocated by task 173:
[   11.491382]  kasan_save_stack+0x45/0x70
[   11.491668]  kasan_save_track+0x18/0x40
[   11.492073]  kasan_save_alloc_info+0x3b/0x50
[   11.492305]  __kasan_krealloc+0x190/0x1f0
[   11.492651]  krealloc_noprof+0xf3/0x340
[   11.492808]  krealloc_more_oob_helper+0x1a9/0x930
[   11.493037]  krealloc_more_oob+0x1c/0x30
[   11.493404]  kunit_try_run_case+0x1a5/0x480
[   11.493617]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.493855]  kthread+0x337/0x6f0
[   11.494011]  ret_from_fork+0x116/0x1d0
[   11.494142]  ret_from_fork_asm+0x1a/0x30
[   11.494604] 
[   11.494765] The buggy address belongs to the object at ffff888100aa3000
[   11.494765]  which belongs to the cache kmalloc-256 of size 256
[   11.495324] The buggy address is located 5 bytes to the right of
[   11.495324]  allocated 235-byte region [ffff888100aa3000, ffff888100aa30eb)
[   11.495879] 
[   11.495969] The buggy address belongs to the physical page:
[   11.496239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa2
[   11.496682] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.497039] flags: 0x200000000000040(head|node=0|zone=2)
[   11.497367] page_type: f5(slab)
[   11.497495] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.497832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.498170] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.498568] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.498898] head: 0200000000000001 ffffea000402a881 00000000ffffffff 00000000ffffffff
[   11.499199] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.499939] page dumped because: kasan: bad access detected
[   11.500567] 
[   11.500663] Memory state around the buggy address:
[   11.500869]  ffff888100aa2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.501194]  ffff888100aa3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.501631] >ffff888100aa3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.501920]                                                              ^
[   11.502181]  ffff888100aa3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.502562]  ffff888100aa3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.502868] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkSQgslXQ0Ma2lkWOt6lQxZV2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkSQgslXQ0Ma2lkWOt6lQxZV2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/bzImage
sha256sum	5c9564af88356106f181c7ebae8640f61710877fc0d04924c2c06faa7f0185e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/modules.tar.xz
sha256sum	61c61d46d81ee697a25111ed181eb7917f8709c9a7ef58842accb53e5ed282f2

durations

tests

boot	0
kunit	245.23

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit