lkft/linux-mainline-master - v6.16-rc4-324-g1f988d0788f5 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 6, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.883753] ==================================================================
[   17.883808] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.883857] Write of size 1 at addr fff00000c0b97aeb by task kunit_try_catch/156
[   17.883912] 
[   17.883949] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.884132] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.884159] Hardware name: linux,dummy-virt (DT)
[   17.884329] Call trace:
[   17.884369]  show_stack+0x20/0x38 (C)
[   17.884558]  dump_stack_lvl+0x8c/0xd0
[   17.884611]  print_report+0x118/0x608
[   17.884682]  kasan_report+0xdc/0x128
[   17.884727]  __asan_report_store1_noabort+0x20/0x30
[   17.884905]  krealloc_more_oob_helper+0x60c/0x678
[   17.885080]  krealloc_more_oob+0x20/0x38
[   17.885156]  kunit_try_run_case+0x170/0x3f0
[   17.885214]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.885279]  kthread+0x328/0x630
[   17.885346]  ret_from_fork+0x10/0x20
[   17.885412] 
[   17.885434] Allocated by task 156:
[   17.885463]  kasan_save_stack+0x3c/0x68
[   17.885579]  kasan_save_track+0x20/0x40
[   17.885679]  kasan_save_alloc_info+0x40/0x58
[   17.885764]  __kasan_krealloc+0x118/0x178
[   17.885833]  krealloc_noprof+0x128/0x360
[   17.885869]  krealloc_more_oob_helper+0x168/0x678
[   17.885907]  krealloc_more_oob+0x20/0x38
[   17.885942]  kunit_try_run_case+0x170/0x3f0
[   17.885978]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.886210]  kthread+0x328/0x630
[   17.886460]  ret_from_fork+0x10/0x20
[   17.886695] 
[   17.886787] The buggy address belongs to the object at fff00000c0b97a00
[   17.886787]  which belongs to the cache kmalloc-256 of size 256
[   17.887053] The buggy address is located 0 bytes to the right of
[   17.887053]  allocated 235-byte region [fff00000c0b97a00, fff00000c0b97aeb)
[   17.887319] 
[   17.887464] The buggy address belongs to the physical page:
[   17.887500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   17.887553] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.887980] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.888076] page_type: f5(slab)
[   17.888153] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.888300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.888451] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.888548] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.888595] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   17.888641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.888679] page dumped because: kasan: bad access detected
[   17.888718] 
[   17.888735] Memory state around the buggy address:
[   17.888765]  fff00000c0b97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.888806]  fff00000c0b97a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.888847] >fff00000c0b97a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.888894]                                                           ^
[   17.888941]  fff00000c0b97b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.888983]  fff00000c0b97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.889021] ==================================================================
[   17.945151] ==================================================================
[   17.945208] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.945254] Write of size 1 at addr fff00000c78420f0 by task kunit_try_catch/160
[   17.945317] 
[   17.945347] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.945465] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.945560] Hardware name: linux,dummy-virt (DT)
[   17.945739] Call trace:
[   17.945765]  show_stack+0x20/0x38 (C)
[   17.945814]  dump_stack_lvl+0x8c/0xd0
[   17.945858]  print_report+0x118/0x608
[   17.945910]  kasan_report+0xdc/0x128
[   17.946022]  __asan_report_store1_noabort+0x20/0x30
[   17.946125]  krealloc_more_oob_helper+0x5c0/0x678
[   17.946307]  krealloc_large_more_oob+0x20/0x38
[   17.946408]  kunit_try_run_case+0x170/0x3f0
[   17.946474]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.946752]  kthread+0x328/0x630
[   17.946893]  ret_from_fork+0x10/0x20
[   17.947071] 
[   17.947132] The buggy address belongs to the physical page:
[   17.947162] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   17.947463] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.947548] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.947699] page_type: f8(unknown)
[   17.947825] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.947877] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.947978] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.949731] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.949785] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   17.949832] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.950137] page dumped because: kasan: bad access detected
[   17.950169] 
[   17.950187] Memory state around the buggy address:
[   17.950520]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.950565]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.950605] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.950755]                                                              ^
[   17.950798]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.950839]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.950875] ==================================================================
[   17.890518] ==================================================================
[   17.890584] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.890639] Write of size 1 at addr fff00000c0b97af0 by task kunit_try_catch/156
[   17.890693] 
[   17.890742] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.890818] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.890843] Hardware name: linux,dummy-virt (DT)
[   17.890878] Call trace:
[   17.890997]  show_stack+0x20/0x38 (C)
[   17.891044]  dump_stack_lvl+0x8c/0xd0
[   17.891088]  print_report+0x118/0x608
[   17.891134]  kasan_report+0xdc/0x128
[   17.891314]  __asan_report_store1_noabort+0x20/0x30
[   17.891376]  krealloc_more_oob_helper+0x5c0/0x678
[   17.891477]  krealloc_more_oob+0x20/0x38
[   17.891542]  kunit_try_run_case+0x170/0x3f0
[   17.891589]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.891657]  kthread+0x328/0x630
[   17.891782]  ret_from_fork+0x10/0x20
[   17.891830] 
[   17.891848] Allocated by task 156:
[   17.891874]  kasan_save_stack+0x3c/0x68
[   17.891913]  kasan_save_track+0x20/0x40
[   17.891948]  kasan_save_alloc_info+0x40/0x58
[   17.891986]  __kasan_krealloc+0x118/0x178
[   17.892216]  krealloc_noprof+0x128/0x360
[   17.892267]  krealloc_more_oob_helper+0x168/0x678
[   17.892403]  krealloc_more_oob+0x20/0x38
[   17.892534]  kunit_try_run_case+0x170/0x3f0
[   17.892600]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.892643]  kthread+0x328/0x630
[   17.892771]  ret_from_fork+0x10/0x20
[   17.892807] 
[   17.892826] The buggy address belongs to the object at fff00000c0b97a00
[   17.892826]  which belongs to the cache kmalloc-256 of size 256
[   17.892989] The buggy address is located 5 bytes to the right of
[   17.892989]  allocated 235-byte region [fff00000c0b97a00, fff00000c0b97aeb)
[   17.893060] 
[   17.893079] The buggy address belongs to the physical page:
[   17.893157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   17.893244] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.893290] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.893338] page_type: f5(slab)
[   17.893373] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.893482] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.893620] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.893776] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.893875] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   17.893930] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.893968] page dumped because: kasan: bad access detected
[   17.894005] 
[   17.894022] Memory state around the buggy address:
[   17.894052]  fff00000c0b97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.894093]  fff00000c0b97a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.894133] >fff00000c0b97a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.894178]                                                              ^
[   17.894225]  fff00000c0b97b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.894287]  fff00000c0b97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.894330] ==================================================================
[   17.941065] ==================================================================
[   17.941134] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.941240] Write of size 1 at addr fff00000c78420eb by task kunit_try_catch/160
[   17.941293] 
[   17.941339] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.941443] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.941470] Hardware name: linux,dummy-virt (DT)
[   17.941623] Call trace:
[   17.941645]  show_stack+0x20/0x38 (C)
[   17.941695]  dump_stack_lvl+0x8c/0xd0
[   17.941748]  print_report+0x118/0x608
[   17.941887]  kasan_report+0xdc/0x128
[   17.942037]  __asan_report_store1_noabort+0x20/0x30
[   17.942125]  krealloc_more_oob_helper+0x60c/0x678
[   17.942266]  krealloc_large_more_oob+0x20/0x38
[   17.942587]  kunit_try_run_case+0x170/0x3f0
[   17.942720]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.942841]  kthread+0x328/0x630
[   17.942937]  ret_from_fork+0x10/0x20
[   17.943054] 
[   17.943104] The buggy address belongs to the physical page:
[   17.943134] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   17.943407] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.943542] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.943676] page_type: f8(unknown)
[   17.943723] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.943820] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.943967] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.944015] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.944312] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   17.944391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.944440] page dumped because: kasan: bad access detected
[   17.944470] 
[   17.944489] Memory state around the buggy address:
[   17.944555]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.944606]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.944646] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.944696]                                                           ^
[   17.944733]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.944789]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.944826] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zUyns4bBvJgsOeHTwSzB14BtXy

job_id

TEST:linaro@lkft#2zUyssrHyt2jcP8yPQqYdfR4u49

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zUyssrHyt2jcP8yPQqYdfR4u49

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUypMiNO3jFX9e8gXLicpOScyJ/Image.gz
sha256sum	20138ff04fbdb8b45f1eeb9004b1d0cf48a53b032c3e8f76779495b2c7e2954a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUypMiNO3jFX9e8gXLicpOScyJ/modules.tar.xz
sha256sum	ae84c0452ffc57473194b7ff1a0410047a3c87f102f4efa2c73a07bec335e1f4

durations

tests

boot	0
kunit	172.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.427419] ==================================================================
[   11.427997] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.428672] Write of size 1 at addr ffff888102b720f0 by task kunit_try_catch/177
[   11.429143] 
[   11.429243] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.429287] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.429298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.429318] Call Trace:
[   11.429332]  <TASK>
[   11.429350]  dump_stack_lvl+0x73/0xb0
[   11.429381]  print_report+0xd1/0x650
[   11.429404]  ? __virt_addr_valid+0x1db/0x2d0
[   11.429428]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.429451]  ? kasan_addr_to_slab+0x11/0xa0
[   11.429471]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.429494]  kasan_report+0x141/0x180
[   11.429516]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.429544]  __asan_report_store1_noabort+0x1b/0x30
[   11.429564]  krealloc_more_oob_helper+0x7eb/0x930
[   11.429586]  ? __schedule+0x10cc/0x2b60
[   11.429608]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.429632]  ? finish_task_switch.isra.0+0x153/0x700
[   11.429654]  ? __switch_to+0x47/0xf50
[   11.429680]  ? __schedule+0x10cc/0x2b60
[   11.429701]  ? __pfx_read_tsc+0x10/0x10
[   11.429725]  krealloc_large_more_oob+0x1c/0x30
[   11.429747]  kunit_try_run_case+0x1a5/0x480
[   11.429773]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.429794]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.429817]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.429840]  ? __kthread_parkme+0x82/0x180
[   11.429860]  ? preempt_count_sub+0x50/0x80
[   11.429883]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.429906]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.429940]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.429962]  kthread+0x337/0x6f0
[   11.429981]  ? trace_preempt_on+0x20/0xc0
[   11.430005]  ? __pfx_kthread+0x10/0x10
[   11.430025]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.430045]  ? calculate_sigpending+0x7b/0xa0
[   11.430071]  ? __pfx_kthread+0x10/0x10
[   11.430092]  ret_from_fork+0x116/0x1d0
[   11.430110]  ? __pfx_kthread+0x10/0x10
[   11.430130]  ret_from_fork_asm+0x1a/0x30
[   11.430160]  </TASK>
[   11.430172] 
[   11.437860] The buggy address belongs to the physical page:
[   11.438128] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70
[   11.438436] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.438746] flags: 0x200000000000040(head|node=0|zone=2)
[   11.439009] page_type: f8(unknown)
[   11.439141] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.439372] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.439941] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.440441] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.440671] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff
[   11.441080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.441425] page dumped because: kasan: bad access detected
[   11.441636] 
[   11.441709] Memory state around the buggy address:
[   11.441869]  ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.442402]  ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.442709] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.442923]                                                              ^
[   11.443148]  ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.443565]  ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.444245] ==================================================================
[   11.399122] ==================================================================
[   11.399773] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.400038] Write of size 1 at addr ffff888102b720eb by task kunit_try_catch/177
[   11.400659] 
[   11.400861] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.400906] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.400918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.400950] Call Trace:
[   11.400963]  <TASK>
[   11.400980]  dump_stack_lvl+0x73/0xb0
[   11.401009]  print_report+0xd1/0x650
[   11.401031]  ? __virt_addr_valid+0x1db/0x2d0
[   11.401054]  ? krealloc_more_oob_helper+0x821/0x930
[   11.401078]  ? kasan_addr_to_slab+0x11/0xa0
[   11.401098]  ? krealloc_more_oob_helper+0x821/0x930
[   11.401121]  kasan_report+0x141/0x180
[   11.401143]  ? krealloc_more_oob_helper+0x821/0x930
[   11.401171]  __asan_report_store1_noabort+0x1b/0x30
[   11.401191]  krealloc_more_oob_helper+0x821/0x930
[   11.401212]  ? __schedule+0x10cc/0x2b60
[   11.401234]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.401258]  ? finish_task_switch.isra.0+0x153/0x700
[   11.401279]  ? __switch_to+0x47/0xf50
[   11.401304]  ? __schedule+0x10cc/0x2b60
[   11.401324]  ? __pfx_read_tsc+0x10/0x10
[   11.401348]  krealloc_large_more_oob+0x1c/0x30
[   11.401370]  kunit_try_run_case+0x1a5/0x480
[   11.401394]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.401416]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.401439]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.401461]  ? __kthread_parkme+0x82/0x180
[   11.401482]  ? preempt_count_sub+0x50/0x80
[   11.401504]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.401538]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.401559]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.401582]  kthread+0x337/0x6f0
[   11.401601]  ? trace_preempt_on+0x20/0xc0
[   11.401624]  ? __pfx_kthread+0x10/0x10
[   11.401644]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.401664]  ? calculate_sigpending+0x7b/0xa0
[   11.401687]  ? __pfx_kthread+0x10/0x10
[   11.401708]  ret_from_fork+0x116/0x1d0
[   11.401726]  ? __pfx_kthread+0x10/0x10
[   11.401746]  ret_from_fork_asm+0x1a/0x30
[   11.401776]  </TASK>
[   11.401788] 
[   11.415498] The buggy address belongs to the physical page:
[   11.416077] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70
[   11.416977] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.417834] flags: 0x200000000000040(head|node=0|zone=2)
[   11.418355] page_type: f8(unknown)
[   11.418632] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.418951] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.419356] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.420210] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.421101] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff
[   11.421785] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.422332] page dumped because: kasan: bad access detected
[   11.422603] 
[   11.422762] Memory state around the buggy address:
[   11.423235]  ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.423873]  ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.424328] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.424805]                                                           ^
[   11.425259]  ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.425487]  ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.426309] ==================================================================
[   11.157537] ==================================================================
[   11.158011] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.158645] Write of size 1 at addr ffff888100aa00eb by task kunit_try_catch/173
[   11.159244] 
[   11.159366] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.159423] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.159435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.159456] Call Trace:
[   11.159479]  <TASK>
[   11.159506]  dump_stack_lvl+0x73/0xb0
[   11.159535]  print_report+0xd1/0x650
[   11.159558]  ? __virt_addr_valid+0x1db/0x2d0
[   11.159582]  ? krealloc_more_oob_helper+0x821/0x930
[   11.159604]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.159670]  ? krealloc_more_oob_helper+0x821/0x930
[   11.159696]  kasan_report+0x141/0x180
[   11.159739]  ? krealloc_more_oob_helper+0x821/0x930
[   11.159767]  __asan_report_store1_noabort+0x1b/0x30
[   11.159797]  krealloc_more_oob_helper+0x821/0x930
[   11.159818]  ? __schedule+0x10cc/0x2b60
[   11.159840]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.159863]  ? finish_task_switch.isra.0+0x153/0x700
[   11.159884]  ? __switch_to+0x47/0xf50
[   11.159911]  ? __schedule+0x10cc/0x2b60
[   11.159942]  ? __pfx_read_tsc+0x10/0x10
[   11.159966]  krealloc_more_oob+0x1c/0x30
[   11.159986]  kunit_try_run_case+0x1a5/0x480
[   11.160010]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.160031]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.160055]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.160077]  ? __kthread_parkme+0x82/0x180
[   11.160098]  ? preempt_count_sub+0x50/0x80
[   11.160120]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.160143]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.160165]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.160187]  kthread+0x337/0x6f0
[   11.160206]  ? trace_preempt_on+0x20/0xc0
[   11.160230]  ? __pfx_kthread+0x10/0x10
[   11.160250]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.160271]  ? calculate_sigpending+0x7b/0xa0
[   11.160294]  ? __pfx_kthread+0x10/0x10
[   11.160315]  ret_from_fork+0x116/0x1d0
[   11.160333]  ? __pfx_kthread+0x10/0x10
[   11.160354]  ret_from_fork_asm+0x1a/0x30
[   11.160385]  </TASK>
[   11.160396] 
[   11.174078] Allocated by task 173:
[   11.174447]  kasan_save_stack+0x45/0x70
[   11.174775]  kasan_save_track+0x18/0x40
[   11.174916]  kasan_save_alloc_info+0x3b/0x50
[   11.175108]  __kasan_krealloc+0x190/0x1f0
[   11.175496]  krealloc_noprof+0xf3/0x340
[   11.175909]  krealloc_more_oob_helper+0x1a9/0x930
[   11.176416]  krealloc_more_oob+0x1c/0x30
[   11.176874]  kunit_try_run_case+0x1a5/0x480
[   11.177289]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.177806]  kthread+0x337/0x6f0
[   11.177954]  ret_from_fork+0x116/0x1d0
[   11.178108]  ret_from_fork_asm+0x1a/0x30
[   11.178495] 
[   11.178747] The buggy address belongs to the object at ffff888100aa0000
[   11.178747]  which belongs to the cache kmalloc-256 of size 256
[   11.179956] The buggy address is located 0 bytes to the right of
[   11.179956]  allocated 235-byte region [ffff888100aa0000, ffff888100aa00eb)
[   11.180543] 
[   11.180726] The buggy address belongs to the physical page:
[   11.181333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   11.182127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.182663] flags: 0x200000000000040(head|node=0|zone=2)
[   11.183203] page_type: f5(slab)
[   11.183449] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.183958] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.184525] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.185235] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.185673] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   11.185907] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.186332] page dumped because: kasan: bad access detected
[   11.186875] 
[   11.187070] Memory state around the buggy address:
[   11.187708]  ffff888100a9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.188457]  ffff888100aa0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.189261] >ffff888100aa0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.189820]                                                           ^
[   11.190039]  ffff888100aa0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.190774]  ffff888100aa0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.191525] ==================================================================
[   11.192305] ==================================================================
[   11.192914] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.193679] Write of size 1 at addr ffff888100aa00f0 by task kunit_try_catch/173
[   11.194522] 
[   11.194714] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.194758] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.194781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.194810] Call Trace:
[   11.194824]  <TASK>
[   11.194840]  dump_stack_lvl+0x73/0xb0
[   11.194880]  print_report+0xd1/0x650
[   11.194903]  ? __virt_addr_valid+0x1db/0x2d0
[   11.194925]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.194957]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.194979]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.195002]  kasan_report+0x141/0x180
[   11.195024]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.195052]  __asan_report_store1_noabort+0x1b/0x30
[   11.195072]  krealloc_more_oob_helper+0x7eb/0x930
[   11.195095]  ? __schedule+0x10cc/0x2b60
[   11.195124]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.195148]  ? finish_task_switch.isra.0+0x153/0x700
[   11.195169]  ? __switch_to+0x47/0xf50
[   11.195194]  ? __schedule+0x10cc/0x2b60
[   11.195215]  ? __pfx_read_tsc+0x10/0x10
[   11.195240]  krealloc_more_oob+0x1c/0x30
[   11.195260]  kunit_try_run_case+0x1a5/0x480
[   11.195284]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.195306]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.195328]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.195352]  ? __kthread_parkme+0x82/0x180
[   11.195372]  ? preempt_count_sub+0x50/0x80
[   11.195394]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.195417]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.195440]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.195479]  kthread+0x337/0x6f0
[   11.195499]  ? trace_preempt_on+0x20/0xc0
[   11.195522]  ? __pfx_kthread+0x10/0x10
[   11.195542]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.195563]  ? calculate_sigpending+0x7b/0xa0
[   11.195587]  ? __pfx_kthread+0x10/0x10
[   11.195608]  ret_from_fork+0x116/0x1d0
[   11.195626]  ? __pfx_kthread+0x10/0x10
[   11.195647]  ret_from_fork_asm+0x1a/0x30
[   11.195680]  </TASK>
[   11.195693] 
[   11.208551] Allocated by task 173:
[   11.208740]  kasan_save_stack+0x45/0x70
[   11.209035]  kasan_save_track+0x18/0x40
[   11.209195]  kasan_save_alloc_info+0x3b/0x50
[   11.209369]  __kasan_krealloc+0x190/0x1f0
[   11.209573]  krealloc_noprof+0xf3/0x340
[   11.209789]  krealloc_more_oob_helper+0x1a9/0x930
[   11.209955]  krealloc_more_oob+0x1c/0x30
[   11.210353]  kunit_try_run_case+0x1a5/0x480
[   11.210595]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.210859]  kthread+0x337/0x6f0
[   11.211000]  ret_from_fork+0x116/0x1d0
[   11.211403]  ret_from_fork_asm+0x1a/0x30
[   11.211673] 
[   11.211773] The buggy address belongs to the object at ffff888100aa0000
[   11.211773]  which belongs to the cache kmalloc-256 of size 256
[   11.212354] The buggy address is located 5 bytes to the right of
[   11.212354]  allocated 235-byte region [ffff888100aa0000, ffff888100aa00eb)
[   11.213074] 
[   11.213181] The buggy address belongs to the physical page:
[   11.213481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   11.213811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.214065] flags: 0x200000000000040(head|node=0|zone=2)
[   11.214303] page_type: f5(slab)
[   11.214472] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.214766] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.215304] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.215694] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.216046] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   11.216360] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.216616] page dumped because: kasan: bad access detected
[   11.217133] 
[   11.217236] Memory state around the buggy address:
[   11.217519]  ffff888100a9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.217817]  ffff888100aa0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.218128] >ffff888100aa0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.218481]                                                              ^
[   11.218978]  ffff888100aa0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.219345]  ffff888100aa0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.219709] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zUyns4bBvJgsOeHTwSzB14BtXy

job_id

TEST:linaro@lkft#2zUyu2HzOIhrWdigGxE1n02NgIH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zUyu2HzOIhrWdigGxE1n02NgIH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUyqpSVEGJuU14lZjYbktxi5ks/bzImage
sha256sum	eb3a236ffe04c7b8cec8d887ec6c90f532d889cb3e6061e4be63b00dbfbee3e8

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUyqpSVEGJuU14lZjYbktxi5ks/modules.tar.xz
sha256sum	5901b75e8ac24e9b96c3260a67030d9eb9e0418b66a6907ac121941a493d3a5e

durations

tests

boot	0
kunit	227.24

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit