lkft/linux-mainline-master - v6.16-rc4-49-gb4911fb0b060 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 2, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.017899] ==================================================================
[   18.017973] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.018026] Write of size 1 at addr fff00000c17aa4f0 by task kunit_try_catch/156
[   18.018100] 
[   18.018129] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.018502] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.018558] Hardware name: linux,dummy-virt (DT)
[   18.018611] Call trace:
[   18.018639]  show_stack+0x20/0x38 (C)
[   18.018715]  dump_stack_lvl+0x8c/0xd0
[   18.018787]  print_report+0x118/0x608
[   18.018855]  kasan_report+0xdc/0x128
[   18.018965]  __asan_report_store1_noabort+0x20/0x30
[   18.019020]  krealloc_more_oob_helper+0x5c0/0x678
[   18.019068]  krealloc_more_oob+0x20/0x38
[   18.019113]  kunit_try_run_case+0x170/0x3f0
[   18.019158]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.019362]  kthread+0x328/0x630
[   18.019446]  ret_from_fork+0x10/0x20
[   18.019493] 
[   18.019511] Allocated by task 156:
[   18.019537]  kasan_save_stack+0x3c/0x68
[   18.019588]  kasan_save_track+0x20/0x40
[   18.019625]  kasan_save_alloc_info+0x40/0x58
[   18.019662]  __kasan_krealloc+0x118/0x178
[   18.019698]  krealloc_noprof+0x128/0x360
[   18.019733]  krealloc_more_oob_helper+0x168/0x678
[   18.019770]  krealloc_more_oob+0x20/0x38
[   18.019805]  kunit_try_run_case+0x170/0x3f0
[   18.019841]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.019883]  kthread+0x328/0x630
[   18.020038]  ret_from_fork+0x10/0x20
[   18.020120] 
[   18.020152] The buggy address belongs to the object at fff00000c17aa400
[   18.020152]  which belongs to the cache kmalloc-256 of size 256
[   18.020224] The buggy address is located 5 bytes to the right of
[   18.020224]  allocated 235-byte region [fff00000c17aa400, fff00000c17aa4eb)
[   18.020286] 
[   18.020304] The buggy address belongs to the physical page:
[   18.020538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017aa
[   18.020612] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.020656] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.020734] page_type: f5(slab)
[   18.020772] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.020974] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.021070] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.021159] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.021274] head: 0bfffe0000000001 ffffc1ffc305ea81 00000000ffffffff 00000000ffffffff
[   18.021390] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.021503] page dumped because: kasan: bad access detected
[   18.021541] 
[   18.021558] Memory state around the buggy address:
[   18.021599]  fff00000c17aa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.021640]  fff00000c17aa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.021723] >fff00000c17aa480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.021761]                                                              ^
[   18.021909]  fff00000c17aa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.021973]  fff00000c17aa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.022096] ==================================================================
[   18.013253] ==================================================================
[   18.013427] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.013500] Write of size 1 at addr fff00000c17aa4eb by task kunit_try_catch/156
[   18.013550] 
[   18.013612] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.013691] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.013717] Hardware name: linux,dummy-virt (DT)
[   18.013747] Call trace:
[   18.013767]  show_stack+0x20/0x38 (C)
[   18.013986]  dump_stack_lvl+0x8c/0xd0
[   18.014073]  print_report+0x118/0x608
[   18.014135]  kasan_report+0xdc/0x128
[   18.014181]  __asan_report_store1_noabort+0x20/0x30
[   18.014245]  krealloc_more_oob_helper+0x60c/0x678
[   18.014305]  krealloc_more_oob+0x20/0x38
[   18.014357]  kunit_try_run_case+0x170/0x3f0
[   18.014404]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.014644]  kthread+0x328/0x630
[   18.014699]  ret_from_fork+0x10/0x20
[   18.014809] 
[   18.014896] Allocated by task 156:
[   18.014963]  kasan_save_stack+0x3c/0x68
[   18.015006]  kasan_save_track+0x20/0x40
[   18.015042]  kasan_save_alloc_info+0x40/0x58
[   18.015080]  __kasan_krealloc+0x118/0x178
[   18.015115]  krealloc_noprof+0x128/0x360
[   18.015152]  krealloc_more_oob_helper+0x168/0x678
[   18.015324]  krealloc_more_oob+0x20/0x38
[   18.015402]  kunit_try_run_case+0x170/0x3f0
[   18.015481]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.015525]  kthread+0x328/0x630
[   18.015612]  ret_from_fork+0x10/0x20
[   18.015648] 
[   18.015685] The buggy address belongs to the object at fff00000c17aa400
[   18.015685]  which belongs to the cache kmalloc-256 of size 256
[   18.015748] The buggy address is located 0 bytes to the right of
[   18.015748]  allocated 235-byte region [fff00000c17aa400, fff00000c17aa4eb)
[   18.015809] 
[   18.015828] The buggy address belongs to the physical page:
[   18.015973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017aa
[   18.016028] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.016073] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.016126] page_type: f5(slab)
[   18.016221] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.016318] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.016368] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.016414] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.016476] head: 0bfffe0000000001 ffffc1ffc305ea81 00000000ffffffff 00000000ffffffff
[   18.016523] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.016561] page dumped because: kasan: bad access detected
[   18.016601] 
[   18.016640] Memory state around the buggy address:
[   18.016670]  fff00000c17aa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.016874]  fff00000c17aa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.016948] >fff00000c17aa480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.017010]                                                           ^
[   18.017092]  fff00000c17aa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.017138]  fff00000c17aa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.017203] ==================================================================
[   18.059966] ==================================================================
[   18.060016] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.060063] Write of size 1 at addr fff00000c65a20eb by task kunit_try_catch/160
[   18.060110] 
[   18.060139] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.060216] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.060242] Hardware name: linux,dummy-virt (DT)
[   18.060271] Call trace:
[   18.060309]  show_stack+0x20/0x38 (C)
[   18.060385]  dump_stack_lvl+0x8c/0xd0
[   18.060469]  print_report+0x118/0x608
[   18.060569]  kasan_report+0xdc/0x128
[   18.060627]  __asan_report_store1_noabort+0x20/0x30
[   18.060680]  krealloc_more_oob_helper+0x60c/0x678
[   18.060973]  krealloc_large_more_oob+0x20/0x38
[   18.061057]  kunit_try_run_case+0x170/0x3f0
[   18.061115]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.061249]  kthread+0x328/0x630
[   18.061375]  ret_from_fork+0x10/0x20
[   18.061485] 
[   18.061505] The buggy address belongs to the physical page:
[   18.061536] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   18.061594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.061640] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.061689] page_type: f8(unknown)
[   18.061867] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.061956] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.062067] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.062208] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.062273] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   18.062680] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.062849] page dumped because: kasan: bad access detected
[   18.063005] 
[   18.063073] Memory state around the buggy address:
[   18.063138]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.063233]  fff00000c65a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.063305] >fff00000c65a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.063361]                                                           ^
[   18.063474]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.063563]  fff00000c65a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.063738] ==================================================================
[   18.065080] ==================================================================
[   18.065124] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.065168] Write of size 1 at addr fff00000c65a20f0 by task kunit_try_catch/160
[   18.065215] 
[   18.065244] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.065320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.065346] Hardware name: linux,dummy-virt (DT)
[   18.065374] Call trace:
[   18.065395]  show_stack+0x20/0x38 (C)
[   18.065441]  dump_stack_lvl+0x8c/0xd0
[   18.065485]  print_report+0x118/0x608
[   18.065530]  kasan_report+0xdc/0x128
[   18.065590]  __asan_report_store1_noabort+0x20/0x30
[   18.065687]  krealloc_more_oob_helper+0x5c0/0x678
[   18.065742]  krealloc_large_more_oob+0x20/0x38
[   18.065789]  kunit_try_run_case+0x170/0x3f0
[   18.065851]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.065901]  kthread+0x328/0x630
[   18.065959]  ret_from_fork+0x10/0x20
[   18.066021] 
[   18.066183] The buggy address belongs to the physical page:
[   18.066213] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   18.066262] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.066343] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.066435] page_type: f8(unknown)
[   18.066471] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.066557] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.066658] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.066743] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.066825] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   18.066913] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.066997] page dumped because: kasan: bad access detected
[   18.067033] 
[   18.067050] Memory state around the buggy address:
[   18.067079]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.067118]  fff00000c65a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.067159] >fff00000c65a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.067194]                                                              ^
[   18.067230]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.067269]  fff00000c65a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.067304] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zL5tkJx538LuS4CC9waWjZdK7d

job_id

TEST:linaro@lkft#2zL5ylmx7RUmOXetsb6wmQNCL9F

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zL5ylmx7RUmOXetsb6wmQNCL9F

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5vHipoBPqphspWb9Jr5L3zfM/Image.gz
sha256sum	46de3631a51390d3b1ef1f4d0f673673bc6fcd4a3090b598579b0620c3b1dd78

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5vHipoBPqphspWb9Jr5L3zfM/modules.tar.xz
sha256sum	d74cbfeb470e49b375c874ea6ef4751c3c1b7037bd9d5ae91e3faaa6801aa5c4

durations

tests

boot	0
kunit	180.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.196193] ==================================================================
[   11.196663] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.197151] Write of size 1 at addr ffff8881028ce0eb by task kunit_try_catch/179
[   11.197464] 
[   11.197577] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.197620] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.197632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.197652] Call Trace:
[   11.197665]  <TASK>
[   11.197681]  dump_stack_lvl+0x73/0xb0
[   11.197712]  print_report+0xd1/0x650
[   11.197734]  ? __virt_addr_valid+0x1db/0x2d0
[   11.197755]  ? krealloc_more_oob_helper+0x821/0x930
[   11.197840]  ? kasan_addr_to_slab+0x11/0xa0
[   11.197863]  ? krealloc_more_oob_helper+0x821/0x930
[   11.197886]  kasan_report+0x141/0x180
[   11.197907]  ? krealloc_more_oob_helper+0x821/0x930
[   11.197933]  __asan_report_store1_noabort+0x1b/0x30
[   11.197953]  krealloc_more_oob_helper+0x821/0x930
[   11.197974]  ? __schedule+0x10cc/0x2b60
[   11.197995]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.198017]  ? finish_task_switch.isra.0+0x153/0x700
[   11.198039]  ? __switch_to+0x47/0xf50
[   11.198065]  ? __schedule+0x10cc/0x2b60
[   11.198084]  ? __pfx_read_tsc+0x10/0x10
[   11.198108]  krealloc_large_more_oob+0x1c/0x30
[   11.198129]  kunit_try_run_case+0x1a5/0x480
[   11.198152]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.198173]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.198195]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.198216]  ? __kthread_parkme+0x82/0x180
[   11.198235]  ? preempt_count_sub+0x50/0x80
[   11.198257]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.198279]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.198301]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.198323]  kthread+0x337/0x6f0
[   11.198341]  ? trace_preempt_on+0x20/0xc0
[   11.198364]  ? __pfx_kthread+0x10/0x10
[   11.198395]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.198414]  ? calculate_sigpending+0x7b/0xa0
[   11.198437]  ? __pfx_kthread+0x10/0x10
[   11.198457]  ret_from_fork+0x116/0x1d0
[   11.198475]  ? __pfx_kthread+0x10/0x10
[   11.198494]  ret_from_fork_asm+0x1a/0x30
[   11.198523]  </TASK>
[   11.198534] 
[   11.206757] The buggy address belongs to the physical page:
[   11.207009] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc
[   11.207307] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.207644] flags: 0x200000000000040(head|node=0|zone=2)
[   11.207834] page_type: f8(unknown)
[   11.208032] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.208297] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.209026] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.209290] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.209535] head: 0200000000000002 ffffea00040a3301 00000000ffffffff 00000000ffffffff
[   11.209884] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.210373] page dumped because: kasan: bad access detected
[   11.210562] 
[   11.210633] Memory state around the buggy address:
[   11.210834]  ffff8881028cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.211159]  ffff8881028ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.211490] >ffff8881028ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.211815]                                                           ^
[   11.212144]  ffff8881028ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.212516]  ffff8881028ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.212822] ==================================================================
[   11.213300] ==================================================================
[   11.213802] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.214163] Write of size 1 at addr ffff8881028ce0f0 by task kunit_try_catch/179
[   11.214425] 
[   11.214511] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.214550] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.214561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.214631] Call Trace:
[   11.214645]  <TASK>
[   11.214661]  dump_stack_lvl+0x73/0xb0
[   11.214687]  print_report+0xd1/0x650
[   11.214709]  ? __virt_addr_valid+0x1db/0x2d0
[   11.214730]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.214752]  ? kasan_addr_to_slab+0x11/0xa0
[   11.214771]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.214794]  kasan_report+0x141/0x180
[   11.214815]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.214842]  __asan_report_store1_noabort+0x1b/0x30
[   11.214862]  krealloc_more_oob_helper+0x7eb/0x930
[   11.214882]  ? __schedule+0x10cc/0x2b60
[   11.214903]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.214925]  ? finish_task_switch.isra.0+0x153/0x700
[   11.214947]  ? __switch_to+0x47/0xf50
[   11.214971]  ? __schedule+0x10cc/0x2b60
[   11.214991]  ? __pfx_read_tsc+0x10/0x10
[   11.215013]  krealloc_large_more_oob+0x1c/0x30
[   11.215034]  kunit_try_run_case+0x1a5/0x480
[   11.215057]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.215078]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.215101]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.215123]  ? __kthread_parkme+0x82/0x180
[   11.215146]  ? preempt_count_sub+0x50/0x80
[   11.215169]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.215192]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.215213]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.215236]  kthread+0x337/0x6f0
[   11.215254]  ? trace_preempt_on+0x20/0xc0
[   11.215278]  ? __pfx_kthread+0x10/0x10
[   11.215298]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.215317]  ? calculate_sigpending+0x7b/0xa0
[   11.215340]  ? __pfx_kthread+0x10/0x10
[   11.215360]  ret_from_fork+0x116/0x1d0
[   11.215388]  ? __pfx_kthread+0x10/0x10
[   11.215408]  ret_from_fork_asm+0x1a/0x30
[   11.215437]  </TASK>
[   11.215447] 
[   11.225168] The buggy address belongs to the physical page:
[   11.225430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028cc
[   11.226187] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.226979] flags: 0x200000000000040(head|node=0|zone=2)
[   11.227236] page_type: f8(unknown)
[   11.227415] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.227732] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.228498] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.229021] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.229550] head: 0200000000000002 ffffea00040a3301 00000000ffffffff 00000000ffffffff
[   11.230179] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.230500] page dumped because: kasan: bad access detected
[   11.231117] 
[   11.231227] Memory state around the buggy address:
[   11.231446]  ffff8881028cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.232065]  ffff8881028ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.232337] >ffff8881028ce080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.232753]                                                              ^
[   11.233044]  ffff8881028ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.233340]  ffff8881028ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.234074] ==================================================================
[   11.040084] ==================================================================
[   11.040490] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.040992] Write of size 1 at addr ffff888100a21cf0 by task kunit_try_catch/175
[   11.041385] 
[   11.041501] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.041673] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.041688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.041708] Call Trace:
[   11.041721]  <TASK>
[   11.041738]  dump_stack_lvl+0x73/0xb0
[   11.041829]  print_report+0xd1/0x650
[   11.041852]  ? __virt_addr_valid+0x1db/0x2d0
[   11.041885]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.041907]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.041927]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.041950]  kasan_report+0x141/0x180
[   11.041970]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.041999]  __asan_report_store1_noabort+0x1b/0x30
[   11.042018]  krealloc_more_oob_helper+0x7eb/0x930
[   11.042040]  ? __schedule+0x10cc/0x2b60
[   11.042061]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.042084]  ? finish_task_switch.isra.0+0x153/0x700
[   11.042105]  ? __switch_to+0x47/0xf50
[   11.042130]  ? __schedule+0x10cc/0x2b60
[   11.042149]  ? __pfx_read_tsc+0x10/0x10
[   11.042172]  krealloc_more_oob+0x1c/0x30
[   11.042192]  kunit_try_run_case+0x1a5/0x480
[   11.042215]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.042236]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.042258]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.042279]  ? __kthread_parkme+0x82/0x180
[   11.042299]  ? preempt_count_sub+0x50/0x80
[   11.042320]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.042342]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.042363]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.042393]  kthread+0x337/0x6f0
[   11.042412]  ? trace_preempt_on+0x20/0xc0
[   11.042437]  ? __pfx_kthread+0x10/0x10
[   11.042457]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.042479]  ? calculate_sigpending+0x7b/0xa0
[   11.042504]  ? __pfx_kthread+0x10/0x10
[   11.042524]  ret_from_fork+0x116/0x1d0
[   11.042541]  ? __pfx_kthread+0x10/0x10
[   11.042627]  ret_from_fork_asm+0x1a/0x30
[   11.042660]  </TASK>
[   11.042670] 
[   11.052146] Allocated by task 175:
[   11.052420]  kasan_save_stack+0x45/0x70
[   11.052707]  kasan_save_track+0x18/0x40
[   11.052961]  kasan_save_alloc_info+0x3b/0x50
[   11.053263]  __kasan_krealloc+0x190/0x1f0
[   11.053462]  krealloc_noprof+0xf3/0x340
[   11.053659]  krealloc_more_oob_helper+0x1a9/0x930
[   11.053887]  krealloc_more_oob+0x1c/0x30
[   11.054059]  kunit_try_run_case+0x1a5/0x480
[   11.054264]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.054517]  kthread+0x337/0x6f0
[   11.054690]  ret_from_fork+0x116/0x1d0
[   11.054865]  ret_from_fork_asm+0x1a/0x30
[   11.055054] 
[   11.055132] The buggy address belongs to the object at ffff888100a21c00
[   11.055132]  which belongs to the cache kmalloc-256 of size 256
[   11.055825] The buggy address is located 5 bytes to the right of
[   11.055825]  allocated 235-byte region [ffff888100a21c00, ffff888100a21ceb)
[   11.056244] 
[   11.056447] The buggy address belongs to the physical page:
[   11.057058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a20
[   11.057490] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.057958] flags: 0x200000000000040(head|node=0|zone=2)
[   11.058234] page_type: f5(slab)
[   11.058410] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.058916] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.059261] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.059684] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.060058] head: 0200000000000001 ffffea0004028801 00000000ffffffff 00000000ffffffff
[   11.060385] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.060889] page dumped because: kasan: bad access detected
[   11.061192] 
[   11.061271] Memory state around the buggy address:
[   11.061512]  ffff888100a21b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.062216]  ffff888100a21c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.062588] >ffff888100a21c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.062972]                                                              ^
[   11.063326]  ffff888100a21d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.063683]  ffff888100a21d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.064043] ==================================================================
[   11.009260] ==================================================================
[   11.009779] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.010142] Write of size 1 at addr ffff888100a21ceb by task kunit_try_catch/175
[   11.010469] 
[   11.010573] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.010619] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.010630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.010650] Call Trace:
[   11.010662]  <TASK>
[   11.010680]  dump_stack_lvl+0x73/0xb0
[   11.010708]  print_report+0xd1/0x650
[   11.010731]  ? __virt_addr_valid+0x1db/0x2d0
[   11.010753]  ? krealloc_more_oob_helper+0x821/0x930
[   11.010775]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.010796]  ? krealloc_more_oob_helper+0x821/0x930
[   11.010818]  kasan_report+0x141/0x180
[   11.010838]  ? krealloc_more_oob_helper+0x821/0x930
[   11.010866]  __asan_report_store1_noabort+0x1b/0x30
[   11.010887]  krealloc_more_oob_helper+0x821/0x930
[   11.010908]  ? __schedule+0x10cc/0x2b60
[   11.010930]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.010954]  ? finish_task_switch.isra.0+0x153/0x700
[   11.010976]  ? __switch_to+0x47/0xf50
[   11.011001]  ? __schedule+0x10cc/0x2b60
[   11.011021]  ? __pfx_read_tsc+0x10/0x10
[   11.011045]  krealloc_more_oob+0x1c/0x30
[   11.011065]  kunit_try_run_case+0x1a5/0x480
[   11.011090]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.011111]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.011134]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.011155]  ? __kthread_parkme+0x82/0x180
[   11.011176]  ? preempt_count_sub+0x50/0x80
[   11.011198]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.011220]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.011241]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.011262]  kthread+0x337/0x6f0
[   11.011280]  ? trace_preempt_on+0x20/0xc0
[   11.011303]  ? __pfx_kthread+0x10/0x10
[   11.011323]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.011342]  ? calculate_sigpending+0x7b/0xa0
[   11.011364]  ? __pfx_kthread+0x10/0x10
[   11.011876]  ret_from_fork+0x116/0x1d0
[   11.011903]  ? __pfx_kthread+0x10/0x10
[   11.011939]  ret_from_fork_asm+0x1a/0x30
[   11.011970]  </TASK>
[   11.011982] 
[   11.027402] Allocated by task 175:
[   11.027737]  kasan_save_stack+0x45/0x70
[   11.028008]  kasan_save_track+0x18/0x40
[   11.028263]  kasan_save_alloc_info+0x3b/0x50
[   11.028506]  __kasan_krealloc+0x190/0x1f0
[   11.028837]  krealloc_noprof+0xf3/0x340
[   11.029045]  krealloc_more_oob_helper+0x1a9/0x930
[   11.029363]  krealloc_more_oob+0x1c/0x30
[   11.029625]  kunit_try_run_case+0x1a5/0x480
[   11.029861]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.030153]  kthread+0x337/0x6f0
[   11.030333]  ret_from_fork+0x116/0x1d0
[   11.030521]  ret_from_fork_asm+0x1a/0x30
[   11.030723] 
[   11.030814] The buggy address belongs to the object at ffff888100a21c00
[   11.030814]  which belongs to the cache kmalloc-256 of size 256
[   11.031300] The buggy address is located 0 bytes to the right of
[   11.031300]  allocated 235-byte region [ffff888100a21c00, ffff888100a21ceb)
[   11.031804] 
[   11.031896] The buggy address belongs to the physical page:
[   11.032129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a20
[   11.032822] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.033096] flags: 0x200000000000040(head|node=0|zone=2)
[   11.033358] page_type: f5(slab)
[   11.033726] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.034151] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.034534] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.034978] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.035362] head: 0200000000000001 ffffea0004028801 00000000ffffffff 00000000ffffffff
[   11.035833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.036188] page dumped because: kasan: bad access detected
[   11.036491] 
[   11.036819] Memory state around the buggy address:
[   11.037084]  ffff888100a21b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.037399]  ffff888100a21c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.037879] >ffff888100a21c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.038167]                                                           ^
[   11.038497]  ffff888100a21d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.038953]  ffff888100a21d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.039326] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zL5tkJx538LuS4CC9waWjZdK7d

job_id

TEST:linaro@lkft#2zL5zlszAixv4ecBxA6y5NBqJN9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zL5zlszAixv4ecBxA6y5NBqJN9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5wq7HD1gQUpnzhQ3oVfhXshA/bzImage
sha256sum	3bbeae719ec4e3d054aa4f7182084297f368dd78ad89b802ac2716a533024f9e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5wq7HD1gQUpnzhQ3oVfhXshA/modules.tar.xz
sha256sum	72afdabe9ed24c806af37874c7f2185119042be8fabeecff4d0a7e1fd5ed0d93

durations

tests

boot	0
kunit	218.60

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit