lkft/linux-mainline-master - v6.16-rc4-308-ga79a588fc176 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 5, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   18.823589] ==================================================================
[   18.823800] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.824029] Write of size 1 at addr fff00000c78520eb by task kunit_try_catch/161
[   18.824185] 
[   18.824247] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.824697] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.824845] Hardware name: linux,dummy-virt (DT)
[   18.825000] Call trace:
[   18.825068]  show_stack+0x20/0x38 (C)
[   18.825309]  dump_stack_lvl+0x8c/0xd0
[   18.825428]  print_report+0x118/0x608
[   18.825521]  kasan_report+0xdc/0x128
[   18.825624]  __asan_report_store1_noabort+0x20/0x30
[   18.825729]  krealloc_more_oob_helper+0x60c/0x678
[   18.825835]  krealloc_large_more_oob+0x20/0x38
[   18.825938]  kunit_try_run_case+0x170/0x3f0
[   18.826431]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.826616]  kthread+0x328/0x630
[   18.826704]  ret_from_fork+0x10/0x20
[   18.826966] 
[   18.827019] The buggy address belongs to the physical page:
[   18.827092] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   18.827269] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.827387] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.827506] page_type: f8(unknown)
[   18.827592] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.827705] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.827816] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.827933] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.828042] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   18.828145] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.828241] page dumped because: kasan: bad access detected
[   18.828312] 
[   18.828351] Memory state around the buggy address:
[   18.828434]  fff00000c7851f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.828540]  fff00000c7852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.828639] >fff00000c7852080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.828724]                                                           ^
[   18.828814]  fff00000c7852100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.828923]  fff00000c7852180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.829006] ==================================================================
[   18.831248] ==================================================================
[   18.831435] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.831548] Write of size 1 at addr fff00000c78520f0 by task kunit_try_catch/161
[   18.831659] 
[   18.831726] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.831884] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.832115] Hardware name: linux,dummy-virt (DT)
[   18.832205] Call trace:
[   18.832252]  show_stack+0x20/0x38 (C)
[   18.832460]  dump_stack_lvl+0x8c/0xd0
[   18.832647]  print_report+0x118/0x608
[   18.832818]  kasan_report+0xdc/0x128
[   18.832996]  __asan_report_store1_noabort+0x20/0x30
[   18.833095]  krealloc_more_oob_helper+0x5c0/0x678
[   18.833512]  krealloc_large_more_oob+0x20/0x38
[   18.833632]  kunit_try_run_case+0x170/0x3f0
[   18.833834]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.833957]  kthread+0x328/0x630
[   18.834138]  ret_from_fork+0x10/0x20
[   18.834322] 
[   18.834388] The buggy address belongs to the physical page:
[   18.834467] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   18.834559] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.834648] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.834748] page_type: f8(unknown)
[   18.834833] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.834945] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.835056] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.835439] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.835699] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   18.835817] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.836107] page dumped because: kasan: bad access detected
[   18.836226] 
[   18.836516] Memory state around the buggy address:
[   18.836641]  fff00000c7851f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.836756]  fff00000c7852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.836846] >fff00000c7852080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.836933]                                                              ^
[   18.837024]  fff00000c7852100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.837390]  fff00000c7852180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.837634] ==================================================================
[   18.713855] ==================================================================
[   18.714163] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.714292] Write of size 1 at addr fff00000c091f6f0 by task kunit_try_catch/157
[   18.714424] 
[   18.714507] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.714675] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.714727] Hardware name: linux,dummy-virt (DT)
[   18.714781] Call trace:
[   18.714817]  show_stack+0x20/0x38 (C)
[   18.714910]  dump_stack_lvl+0x8c/0xd0
[   18.715009]  print_report+0x118/0x608
[   18.715114]  kasan_report+0xdc/0x128
[   18.715216]  __asan_report_store1_noabort+0x20/0x30
[   18.715821]  krealloc_more_oob_helper+0x5c0/0x678
[   18.716023]  krealloc_more_oob+0x20/0x38
[   18.716217]  kunit_try_run_case+0x170/0x3f0
[   18.716435]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.716654]  kthread+0x328/0x630
[   18.716846]  ret_from_fork+0x10/0x20
[   18.717185] 
[   18.717234] Allocated by task 157:
[   18.717397]  kasan_save_stack+0x3c/0x68
[   18.717585]  kasan_save_track+0x20/0x40
[   18.717661]  kasan_save_alloc_info+0x40/0x58
[   18.717980]  __kasan_krealloc+0x118/0x178
[   18.718133]  krealloc_noprof+0x128/0x360
[   18.718298]  krealloc_more_oob_helper+0x168/0x678
[   18.718489]  krealloc_more_oob+0x20/0x38
[   18.718787]  kunit_try_run_case+0x170/0x3f0
[   18.718913]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.719020]  kthread+0x328/0x630
[   18.719172]  ret_from_fork+0x10/0x20
[   18.719294] 
[   18.719343] The buggy address belongs to the object at fff00000c091f600
[   18.719343]  which belongs to the cache kmalloc-256 of size 256
[   18.719465] The buggy address is located 5 bytes to the right of
[   18.719465]  allocated 235-byte region [fff00000c091f600, fff00000c091f6eb)
[   18.719596] 
[   18.719639] The buggy address belongs to the physical page:
[   18.719970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10091e
[   18.720154] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.720489] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.720608] page_type: f5(slab)
[   18.720770] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.720972] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.721168] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.721269] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.721591] head: 0bfffe0000000001 ffffc1ffc3024781 00000000ffffffff 00000000ffffffff
[   18.721694] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.721870] page dumped because: kasan: bad access detected
[   18.722170] 
[   18.722215] Memory state around the buggy address:
[   18.722298]  fff00000c091f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.722542]  fff00000c091f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.722748] >fff00000c091f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.722871]                                                              ^
[   18.722956]  fff00000c091f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.723053]  fff00000c091f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.723140] ==================================================================
[   18.700922] ==================================================================
[   18.701219] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.701334] Write of size 1 at addr fff00000c091f6eb by task kunit_try_catch/157
[   18.701454] 
[   18.701525] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.701640] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.701668] Hardware name: linux,dummy-virt (DT)
[   18.701700] Call trace:
[   18.701723]  show_stack+0x20/0x38 (C)
[   18.701774]  dump_stack_lvl+0x8c/0xd0
[   18.701822]  print_report+0x118/0x608
[   18.701867]  kasan_report+0xdc/0x128
[   18.701912]  __asan_report_store1_noabort+0x20/0x30
[   18.701959]  krealloc_more_oob_helper+0x60c/0x678
[   18.702037]  krealloc_more_oob+0x20/0x38
[   18.702134]  kunit_try_run_case+0x170/0x3f0
[   18.702365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.702516]  kthread+0x328/0x630
[   18.702620]  ret_from_fork+0x10/0x20
[   18.702843] 
[   18.702888] Allocated by task 157:
[   18.703172]  kasan_save_stack+0x3c/0x68
[   18.703321]  kasan_save_track+0x20/0x40
[   18.703511]  kasan_save_alloc_info+0x40/0x58
[   18.703670]  __kasan_krealloc+0x118/0x178
[   18.703907]  krealloc_noprof+0x128/0x360
[   18.704025]  krealloc_more_oob_helper+0x168/0x678
[   18.704153]  krealloc_more_oob+0x20/0x38
[   18.704499]  kunit_try_run_case+0x170/0x3f0
[   18.704906]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.705401]  kthread+0x328/0x630
[   18.705691]  ret_from_fork+0x10/0x20
[   18.705803] 
[   18.705845] The buggy address belongs to the object at fff00000c091f600
[   18.705845]  which belongs to the cache kmalloc-256 of size 256
[   18.706281] The buggy address is located 0 bytes to the right of
[   18.706281]  allocated 235-byte region [fff00000c091f600, fff00000c091f6eb)
[   18.706965] 
[   18.707009] The buggy address belongs to the physical page:
[   18.707069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10091e
[   18.707173] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.707689] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.707817] page_type: f5(slab)
[   18.707897] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.708013] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.708163] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.708290] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.708417] head: 0bfffe0000000001 ffffc1ffc3024781 00000000ffffffff 00000000ffffffff
[   18.708517] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.708606] page dumped because: kasan: bad access detected
[   18.708676] 
[   18.708715] Memory state around the buggy address:
[   18.708782]  fff00000c091f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.708878]  fff00000c091f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.708970] >fff00000c091f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.709052]                                                           ^
[   18.710470]  fff00000c091f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.711040]  fff00000c091f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.711239] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9lY7pmzTyF5GZT87TbkuZzBC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9lY7pmzTyF5GZT87TbkuZzBC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/Image.gz
sha256sum	d911e61984c5ccbd01c648abc160f807c2efba8f94f7c18dc8b8d0a36d529c56

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/modules.tar.xz
sha256sum	229f6c9e52037b561fbd9dc9141868d0d6dc0d1d276f92a71b0be16dd31c079a

durations

tests

boot	0
kunit	261.61

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.358083] ==================================================================
[   13.358452] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.358799] Write of size 1 at addr ffff8881026f20f0 by task kunit_try_catch/177
[   13.359100] 
[   13.359231] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.359283] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.359297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.359321] Call Trace:
[   13.359342]  <TASK>
[   13.359362]  dump_stack_lvl+0x73/0xb0
[   13.359394]  print_report+0xd1/0x650
[   13.359420]  ? __virt_addr_valid+0x1db/0x2d0
[   13.359448]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.359475]  ? kasan_addr_to_slab+0x11/0xa0
[   13.359499]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.359527]  kasan_report+0x141/0x180
[   13.359552]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.359584]  __asan_report_store1_noabort+0x1b/0x30
[   13.359608]  krealloc_more_oob_helper+0x7eb/0x930
[   13.359634]  ? __schedule+0x10cc/0x2b60
[   13.360024]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.360058]  ? finish_task_switch.isra.0+0x153/0x700
[   13.360083]  ? __switch_to+0x47/0xf50
[   13.360113]  ? __schedule+0x10cc/0x2b60
[   13.360137]  ? __pfx_read_tsc+0x10/0x10
[   13.360166]  krealloc_large_more_oob+0x1c/0x30
[   13.360194]  kunit_try_run_case+0x1a5/0x480
[   13.360222]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.360247]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.360275]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.360301]  ? __kthread_parkme+0x82/0x180
[   13.360326]  ? preempt_count_sub+0x50/0x80
[   13.360352]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.360380]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.360406]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.360432]  kthread+0x337/0x6f0
[   13.360455]  ? trace_preempt_on+0x20/0xc0
[   13.360482]  ? __pfx_kthread+0x10/0x10
[   13.360506]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.360530]  ? calculate_sigpending+0x7b/0xa0
[   13.360558]  ? __pfx_kthread+0x10/0x10
[   13.360583]  ret_from_fork+0x116/0x1d0
[   13.360604]  ? __pfx_kthread+0x10/0x10
[   13.360628]  ret_from_fork_asm+0x1a/0x30
[   13.360681]  </TASK>
[   13.360694] 
[   13.370714] The buggy address belongs to the physical page:
[   13.371063] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0
[   13.371366] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.371741] flags: 0x200000000000040(head|node=0|zone=2)
[   13.372120] page_type: f8(unknown)
[   13.372342] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.372761] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.373196] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.373531] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.373907] head: 0200000000000002 ffffea000409bc01 00000000ffffffff 00000000ffffffff
[   13.374529] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.374850] page dumped because: kasan: bad access detected
[   13.375063] 
[   13.375148] Memory state around the buggy address:
[   13.375440]  ffff8881026f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.375830]  ffff8881026f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.376292] >ffff8881026f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.376579]                                                              ^
[   13.376876]  ffff8881026f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.377305]  ffff8881026f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.377694] ==================================================================
[   13.105201] ==================================================================
[   13.106162] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.106580] Write of size 1 at addr ffff8881003414eb by task kunit_try_catch/173
[   13.107095] 
[   13.107252] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.107313] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.107350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.107377] Call Trace:
[   13.107409]  <TASK>
[   13.107432]  dump_stack_lvl+0x73/0xb0
[   13.107471]  print_report+0xd1/0x650
[   13.107498]  ? __virt_addr_valid+0x1db/0x2d0
[   13.107527]  ? krealloc_more_oob_helper+0x821/0x930
[   13.107555]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.107581]  ? krealloc_more_oob_helper+0x821/0x930
[   13.107609]  kasan_report+0x141/0x180
[   13.107635]  ? krealloc_more_oob_helper+0x821/0x930
[   13.107685]  __asan_report_store1_noabort+0x1b/0x30
[   13.107710]  krealloc_more_oob_helper+0x821/0x930
[   13.107736]  ? __schedule+0x10cc/0x2b60
[   13.107763]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.107791]  ? finish_task_switch.isra.0+0x153/0x700
[   13.107818]  ? __switch_to+0x47/0xf50
[   13.107849]  ? __schedule+0x10cc/0x2b60
[   13.107874]  ? __pfx_read_tsc+0x10/0x10
[   13.107904]  krealloc_more_oob+0x1c/0x30
[   13.107930]  kunit_try_run_case+0x1a5/0x480
[   13.107961]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.107986]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.108015]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.108041]  ? __kthread_parkme+0x82/0x180
[   13.108067]  ? preempt_count_sub+0x50/0x80
[   13.108094]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.108121]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.108147]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.108174]  kthread+0x337/0x6f0
[   13.108197]  ? trace_preempt_on+0x20/0xc0
[   13.108225]  ? __pfx_kthread+0x10/0x10
[   13.108249]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.108273]  ? calculate_sigpending+0x7b/0xa0
[   13.108302]  ? __pfx_kthread+0x10/0x10
[   13.108327]  ret_from_fork+0x116/0x1d0
[   13.108348]  ? __pfx_kthread+0x10/0x10
[   13.108372]  ret_from_fork_asm+0x1a/0x30
[   13.108410]  </TASK>
[   13.108424] 
[   13.119555] Allocated by task 173:
[   13.119740]  kasan_save_stack+0x45/0x70
[   13.121381]  kasan_save_track+0x18/0x40
[   13.122103]  kasan_save_alloc_info+0x3b/0x50
[   13.122327]  __kasan_krealloc+0x190/0x1f0
[   13.122503]  krealloc_noprof+0xf3/0x340
[   13.122999]  krealloc_more_oob_helper+0x1a9/0x930
[   13.123911]  krealloc_more_oob+0x1c/0x30
[   13.124412]  kunit_try_run_case+0x1a5/0x480
[   13.125125]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.125926]  kthread+0x337/0x6f0
[   13.126487]  ret_from_fork+0x116/0x1d0
[   13.127024]  ret_from_fork_asm+0x1a/0x30
[   13.127454] 
[   13.127551] The buggy address belongs to the object at ffff888100341400
[   13.127551]  which belongs to the cache kmalloc-256 of size 256
[   13.128486] The buggy address is located 0 bytes to the right of
[   13.128486]  allocated 235-byte region [ffff888100341400, ffff8881003414eb)
[   13.130028] 
[   13.130235] The buggy address belongs to the physical page:
[   13.130875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.131212] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.131487] flags: 0x200000000000040(head|node=0|zone=2)
[   13.132053] page_type: f5(slab)
[   13.132416] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.132784] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.133579] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.134262] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.135247] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.135544] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.135853] page dumped because: kasan: bad access detected
[   13.136063] 
[   13.136152] Memory state around the buggy address:
[   13.136345]  ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.137707]  ffff888100341400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.139296] >ffff888100341480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.140425]                                                           ^
[   13.141739]  ffff888100341500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.143066]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.144191] ==================================================================
[   13.336874] ==================================================================
[   13.337436] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.338114] Write of size 1 at addr ffff8881026f20eb by task kunit_try_catch/177
[   13.338455] 
[   13.338579] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.338634] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.338663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.338691] Call Trace:
[   13.338706]  <TASK>
[   13.338728]  dump_stack_lvl+0x73/0xb0
[   13.338764]  print_report+0xd1/0x650
[   13.338790]  ? __virt_addr_valid+0x1db/0x2d0
[   13.338818]  ? krealloc_more_oob_helper+0x821/0x930
[   13.338845]  ? kasan_addr_to_slab+0x11/0xa0
[   13.338869]  ? krealloc_more_oob_helper+0x821/0x930
[   13.338897]  kasan_report+0x141/0x180
[   13.338923]  ? krealloc_more_oob_helper+0x821/0x930
[   13.338956]  __asan_report_store1_noabort+0x1b/0x30
[   13.338980]  krealloc_more_oob_helper+0x821/0x930
[   13.339006]  ? __schedule+0x10cc/0x2b60
[   13.339032]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.339060]  ? finish_task_switch.isra.0+0x153/0x700
[   13.339086]  ? __switch_to+0x47/0xf50
[   13.339117]  ? __schedule+0x10cc/0x2b60
[   13.339142]  ? __pfx_read_tsc+0x10/0x10
[   13.339171]  krealloc_large_more_oob+0x1c/0x30
[   13.339197]  kunit_try_run_case+0x1a5/0x480
[   13.339227]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.339252]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.339280]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.339306]  ? __kthread_parkme+0x82/0x180
[   13.339329]  ? preempt_count_sub+0x50/0x80
[   13.339355]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.339383]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.339409]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.339435]  kthread+0x337/0x6f0
[   13.339458]  ? trace_preempt_on+0x20/0xc0
[   13.339486]  ? __pfx_kthread+0x10/0x10
[   13.339510]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.339534]  ? calculate_sigpending+0x7b/0xa0
[   13.339562]  ? __pfx_kthread+0x10/0x10
[   13.339587]  ret_from_fork+0x116/0x1d0
[   13.339608]  ? __pfx_kthread+0x10/0x10
[   13.339658]  ret_from_fork_asm+0x1a/0x30
[   13.339697]  </TASK>
[   13.339712] 
[   13.349373] The buggy address belongs to the physical page:
[   13.350035] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0
[   13.350414] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.350799] flags: 0x200000000000040(head|node=0|zone=2)
[   13.351079] page_type: f8(unknown)
[   13.351261] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.351575] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.352037] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.352426] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.352719] head: 0200000000000002 ffffea000409bc01 00000000ffffffff 00000000ffffffff
[   13.353010] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.353588] page dumped because: kasan: bad access detected
[   13.354411] 
[   13.354508] Memory state around the buggy address:
[   13.354714]  ffff8881026f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.355037]  ffff8881026f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.355684] >ffff8881026f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.356128]                                                           ^
[   13.356601]  ffff8881026f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.357021]  ffff8881026f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.357425] ==================================================================
[   13.145926] ==================================================================
[   13.148227] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.148602] Write of size 1 at addr ffff8881003414f0 by task kunit_try_catch/173
[   13.149268] 
[   13.149491] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.149547] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.149562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.149588] Call Trace:
[   13.149606]  <TASK>
[   13.149629]  dump_stack_lvl+0x73/0xb0
[   13.149681]  print_report+0xd1/0x650
[   13.149707]  ? __virt_addr_valid+0x1db/0x2d0
[   13.149735]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.150076]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.150115]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.150143]  kasan_report+0x141/0x180
[   13.150170]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.150203]  __asan_report_store1_noabort+0x1b/0x30
[   13.150226]  krealloc_more_oob_helper+0x7eb/0x930
[   13.150251]  ? __schedule+0x10cc/0x2b60
[   13.150278]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.150305]  ? finish_task_switch.isra.0+0x153/0x700
[   13.150332]  ? __switch_to+0x47/0xf50
[   13.150362]  ? __schedule+0x10cc/0x2b60
[   13.150386]  ? __pfx_read_tsc+0x10/0x10
[   13.150414]  krealloc_more_oob+0x1c/0x30
[   13.150447]  kunit_try_run_case+0x1a5/0x480
[   13.150476]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.150500]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.150528]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.150554]  ? __kthread_parkme+0x82/0x180
[   13.150577]  ? preempt_count_sub+0x50/0x80
[   13.150603]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.150630]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.150671]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.150697]  kthread+0x337/0x6f0
[   13.150719]  ? trace_preempt_on+0x20/0xc0
[   13.150747]  ? __pfx_kthread+0x10/0x10
[   13.150865]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.150891]  ? calculate_sigpending+0x7b/0xa0
[   13.150919]  ? __pfx_kthread+0x10/0x10
[   13.150943]  ret_from_fork+0x116/0x1d0
[   13.150965]  ? __pfx_kthread+0x10/0x10
[   13.150988]  ret_from_fork_asm+0x1a/0x30
[   13.151023]  </TASK>
[   13.151037] 
[   13.164351] Allocated by task 173:
[   13.164582]  kasan_save_stack+0x45/0x70
[   13.164811]  kasan_save_track+0x18/0x40
[   13.165159]  kasan_save_alloc_info+0x3b/0x50
[   13.165400]  __kasan_krealloc+0x190/0x1f0
[   13.165640]  krealloc_noprof+0xf3/0x340
[   13.165866]  krealloc_more_oob_helper+0x1a9/0x930
[   13.166721]  krealloc_more_oob+0x1c/0x30
[   13.167064]  kunit_try_run_case+0x1a5/0x480
[   13.167302]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.167600]  kthread+0x337/0x6f0
[   13.167896]  ret_from_fork+0x116/0x1d0
[   13.168100]  ret_from_fork_asm+0x1a/0x30
[   13.168358] 
[   13.168480] The buggy address belongs to the object at ffff888100341400
[   13.168480]  which belongs to the cache kmalloc-256 of size 256
[   13.169685] The buggy address is located 5 bytes to the right of
[   13.169685]  allocated 235-byte region [ffff888100341400, ffff8881003414eb)
[   13.171119] 
[   13.171263] The buggy address belongs to the physical page:
[   13.171669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.172190] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.172545] flags: 0x200000000000040(head|node=0|zone=2)
[   13.173005] page_type: f5(slab)
[   13.173217] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.173572] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.173923] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.174564] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.174953] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.175477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.175930] page dumped because: kasan: bad access detected
[   13.176403] 
[   13.176525] Memory state around the buggy address:
[   13.176793]  ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.177323]  ffff888100341400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.177719] >ffff888100341480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.178111]                                                              ^
[   13.178486]  ffff888100341500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.179004]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.179360] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9mkQQgPe0x67T169Rj4E3EKb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9mkQQgPe0x67T169Rj4E3EKb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/bzImage
sha256sum	e6462f167ba39a4560973d29e3ca2b81ea2e7cac79fe6da863e3a5afb12c21c7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/modules.tar.xz
sha256sum	f0ef2394c8d178534891fc564988b24b7b350755baf7b1a12ef32113ab0e4297

durations

tests

boot	0
kunit	252.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit