lkft/linux-mainline-master - v6.16-rc5-121-gbc9ff192a6c9 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 10, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.836821] ==================================================================
[   15.837257] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.837390] Write of size 1 at addr fff00000c663e0f0 by task kunit_try_catch/160
[   15.837443] 
[   15.837478] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   15.837689] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.837717] Hardware name: linux,dummy-virt (DT)
[   15.838190] Call trace:
[   15.838285]  show_stack+0x20/0x38 (C)
[   15.838505]  dump_stack_lvl+0x8c/0xd0
[   15.838603]  print_report+0x118/0x608
[   15.838727]  kasan_report+0xdc/0x128
[   15.838805]  __asan_report_store1_noabort+0x20/0x30
[   15.839033]  krealloc_more_oob_helper+0x5c0/0x678
[   15.839363]  krealloc_large_more_oob+0x20/0x38
[   15.839422]  kunit_try_run_case+0x170/0x3f0
[   15.839801]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.839956]  kthread+0x328/0x630
[   15.840327]  ret_from_fork+0x10/0x20
[   15.840475] 
[   15.840532] The buggy address belongs to the physical page:
[   15.840651] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10663c
[   15.840945] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.841121] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.841383] page_type: f8(unknown)
[   15.841492] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.841877] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.841968] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.842381] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.842463] head: 0bfffe0000000002 ffffc1ffc3198f01 00000000ffffffff 00000000ffffffff
[   15.842601] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.842689] page dumped because: kasan: bad access detected
[   15.842882] 
[   15.843044] Memory state around the buggy address:
[   15.844136]  fff00000c663df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.844186]  fff00000c663e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.844227] >fff00000c663e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.844263]                                                              ^
[   15.844302]  fff00000c663e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.844342]  fff00000c663e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.844378] ==================================================================
[   15.783071] ==================================================================
[   15.783266] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.783321] Write of size 1 at addr fff00000c17b6af0 by task kunit_try_catch/156
[   15.783369] 
[   15.783409] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   15.783488] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.783514] Hardware name: linux,dummy-virt (DT)
[   15.783550] Call trace:
[   15.783580]  show_stack+0x20/0x38 (C)
[   15.783635]  dump_stack_lvl+0x8c/0xd0
[   15.783690]  print_report+0x118/0x608
[   15.783749]  kasan_report+0xdc/0x128
[   15.783795]  __asan_report_store1_noabort+0x20/0x30
[   15.783847]  krealloc_more_oob_helper+0x5c0/0x678
[   15.783902]  krealloc_more_oob+0x20/0x38
[   15.783956]  kunit_try_run_case+0x170/0x3f0
[   15.784012]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.784066]  kthread+0x328/0x630
[   15.784135]  ret_from_fork+0x10/0x20
[   15.784191] 
[   15.784209] Allocated by task 156:
[   15.784235]  kasan_save_stack+0x3c/0x68
[   15.784274]  kasan_save_track+0x20/0x40
[   15.784410]  kasan_save_alloc_info+0x40/0x58
[   15.784580]  __kasan_krealloc+0x118/0x178
[   15.784626]  krealloc_noprof+0x128/0x360
[   15.784693]  krealloc_more_oob_helper+0x168/0x678
[   15.784740]  krealloc_more_oob+0x20/0x38
[   15.784776]  kunit_try_run_case+0x170/0x3f0
[   15.784813]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.784856]  kthread+0x328/0x630
[   15.784889]  ret_from_fork+0x10/0x20
[   15.784929] 
[   15.784949] The buggy address belongs to the object at fff00000c17b6a00
[   15.784949]  which belongs to the cache kmalloc-256 of size 256
[   15.785003] The buggy address is located 5 bytes to the right of
[   15.785003]  allocated 235-byte region [fff00000c17b6a00, fff00000c17b6aeb)
[   15.785064] 
[   15.785177] The buggy address belongs to the physical page:
[   15.785328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b6
[   15.785384] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.785429] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.785499] page_type: f5(slab)
[   15.785556] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.785623] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.785672] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.785719] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.785803] head: 0bfffe0000000001 ffffc1ffc305ed81 00000000ffffffff 00000000ffffffff
[   15.786094] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.786165] page dumped because: kasan: bad access detected
[   15.786248] 
[   15.786275] Memory state around the buggy address:
[   15.786306]  fff00000c17b6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.786366]  fff00000c17b6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.786406] >fff00000c17b6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.786442]                                                              ^
[   15.786701]  fff00000c17b6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.786798]  fff00000c17b6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.786857] ==================================================================
[   15.826489] ==================================================================
[   15.826548] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.826613] Write of size 1 at addr fff00000c663e0eb by task kunit_try_catch/160
[   15.826672] 
[   15.826710] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   15.826791] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.826817] Hardware name: linux,dummy-virt (DT)
[   15.826848] Call trace:
[   15.826871]  show_stack+0x20/0x38 (C)
[   15.828027]  dump_stack_lvl+0x8c/0xd0
[   15.828124]  print_report+0x118/0x608
[   15.828499]  kasan_report+0xdc/0x128
[   15.828813]  __asan_report_store1_noabort+0x20/0x30
[   15.828958]  krealloc_more_oob_helper+0x60c/0x678
[   15.829294]  krealloc_large_more_oob+0x20/0x38
[   15.829510]  kunit_try_run_case+0x170/0x3f0
[   15.829809]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.830021]  kthread+0x328/0x630
[   15.830131]  ret_from_fork+0x10/0x20
[   15.830186] 
[   15.830233] The buggy address belongs to the physical page:
[   15.830671] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10663c
[   15.830855] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.831035] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.831108] page_type: f8(unknown)
[   15.831231] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.831283] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.831353] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.831412] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.831468] head: 0bfffe0000000002 ffffc1ffc3198f01 00000000ffffffff 00000000ffffffff
[   15.831516] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.831555] page dumped because: kasan: bad access detected
[   15.831595] 
[   15.831613] Memory state around the buggy address:
[   15.831653]  fff00000c663df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.831703]  fff00000c663e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.831744] >fff00000c663e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.831808]                                                           ^
[   15.831852]  fff00000c663e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.831893]  fff00000c663e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.831945] ==================================================================
[   15.776455] ==================================================================
[   15.776528] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.776645] Write of size 1 at addr fff00000c17b6aeb by task kunit_try_catch/156
[   15.776701] 
[   15.776748] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   15.776848] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.776874] Hardware name: linux,dummy-virt (DT)
[   15.776914] Call trace:
[   15.776954]  show_stack+0x20/0x38 (C)
[   15.777006]  dump_stack_lvl+0x8c/0xd0
[   15.777062]  print_report+0x118/0x608
[   15.777122]  kasan_report+0xdc/0x128
[   15.777168]  __asan_report_store1_noabort+0x20/0x30
[   15.777501]  krealloc_more_oob_helper+0x60c/0x678
[   15.777572]  krealloc_more_oob+0x20/0x38
[   15.777627]  kunit_try_run_case+0x170/0x3f0
[   15.777678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.777732]  kthread+0x328/0x630
[   15.778121]  ret_from_fork+0x10/0x20
[   15.778396] 
[   15.778422] Allocated by task 156:
[   15.778452]  kasan_save_stack+0x3c/0x68
[   15.778497]  kasan_save_track+0x20/0x40
[   15.778533]  kasan_save_alloc_info+0x40/0x58
[   15.778678]  __kasan_krealloc+0x118/0x178
[   15.778873]  krealloc_noprof+0x128/0x360
[   15.779028]  krealloc_more_oob_helper+0x168/0x678
[   15.779130]  krealloc_more_oob+0x20/0x38
[   15.779208]  kunit_try_run_case+0x170/0x3f0
[   15.779277]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.779343]  kthread+0x328/0x630
[   15.779406]  ret_from_fork+0x10/0x20
[   15.779464] 
[   15.779535] The buggy address belongs to the object at fff00000c17b6a00
[   15.779535]  which belongs to the cache kmalloc-256 of size 256
[   15.779643] The buggy address is located 0 bytes to the right of
[   15.779643]  allocated 235-byte region [fff00000c17b6a00, fff00000c17b6aeb)
[   15.779705] 
[   15.779750] The buggy address belongs to the physical page:
[   15.779796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b6
[   15.780127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.780216] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.780315] page_type: f5(slab)
[   15.780377] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.780741] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.780909] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.781027] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.781094] head: 0bfffe0000000001 ffffc1ffc305ed81 00000000ffffffff 00000000ffffffff
[   15.781141] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.781419] page dumped because: kasan: bad access detected
[   15.781467] 
[   15.781547] Memory state around the buggy address:
[   15.781608]  fff00000c17b6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.781672]  fff00000c17b6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.781744] >fff00000c17b6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.781845]                                                           ^
[   15.781902]  fff00000c17b6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.781957]  fff00000c17b6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.782016] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zhh1TJxKKGPTGH75tVSg7ZQ5K3

job_id

TEST:linaro@lkft#2zhh6X6WqdeLDmlh57VpXaQEIUm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zhh6X6WqdeLDmlh57VpXaQEIUm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh2whOnzYxMMUeqyuTKj9MhA1/Image.gz
sha256sum	6a33a49c12017576e8ec763ec43b279cc0364750541d180ab972292e17b20e1f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh2whOnzYxMMUeqyuTKj9MhA1/modules.tar.xz
sha256sum	763eb41fbf87dbccc620abd6da1c60b3280f435cb05c0722314c5afc56c818a8

durations

tests

boot	0
kunit	169.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.542416] ==================================================================
[   12.542741] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.543008] Write of size 1 at addr ffff8881021160f0 by task kunit_try_catch/177
[   12.543263] 
[   12.543595] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.543640] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.543651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.543669] Call Trace:
[   12.543682]  <TASK>
[   12.543695]  dump_stack_lvl+0x73/0xb0
[   12.543724]  print_report+0xd1/0x650
[   12.543746]  ? __virt_addr_valid+0x1db/0x2d0
[   12.543768]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.543791]  ? kasan_addr_to_slab+0x11/0xa0
[   12.543812]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.543836]  kasan_report+0x141/0x180
[   12.543858]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.543886]  __asan_report_store1_noabort+0x1b/0x30
[   12.543912]  krealloc_more_oob_helper+0x7eb/0x930
[   12.543934]  ? __schedule+0x10cc/0x2b60
[   12.543956]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.543980]  ? finish_task_switch.isra.0+0x153/0x700
[   12.544003]  ? __switch_to+0x47/0xf50
[   12.544027]  ? __schedule+0x10cc/0x2b60
[   12.544047]  ? __pfx_read_tsc+0x10/0x10
[   12.544070]  krealloc_large_more_oob+0x1c/0x30
[   12.544093]  kunit_try_run_case+0x1a5/0x480
[   12.544116]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.544139]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.544161]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.544189]  ? __kthread_parkme+0x82/0x180
[   12.544209]  ? preempt_count_sub+0x50/0x80
[   12.544231]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.544255]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.544278]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.544303]  kthread+0x337/0x6f0
[   12.544321]  ? trace_preempt_on+0x20/0xc0
[   12.544344]  ? __pfx_kthread+0x10/0x10
[   12.544429]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.544451]  ? calculate_sigpending+0x7b/0xa0
[   12.544474]  ? __pfx_kthread+0x10/0x10
[   12.544495]  ret_from_fork+0x116/0x1d0
[   12.544513]  ? __pfx_kthread+0x10/0x10
[   12.544533]  ret_from_fork_asm+0x1a/0x30
[   12.544562]  </TASK>
[   12.544571] 
[   12.552404] The buggy address belongs to the physical page:
[   12.552778] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102114
[   12.553111] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.553586] flags: 0x200000000000040(head|node=0|zone=2)
[   12.553807] page_type: f8(unknown)
[   12.553932] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.554186] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.554902] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.555407] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.555718] head: 0200000000000002 ffffea0004084501 00000000ffffffff 00000000ffffffff
[   12.555979] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.556212] page dumped because: kasan: bad access detected
[   12.556469] 
[   12.556562] Memory state around the buggy address:
[   12.556782]  ffff888102115f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.557130]  ffff888102116000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.557346] >ffff888102116080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.557687]                                                              ^
[   12.557998]  ffff888102116100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.558313]  ffff888102116180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.558638] ==================================================================
[   12.365257] ==================================================================
[   12.365766] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.366154] Write of size 1 at addr ffff8881003586f0 by task kunit_try_catch/173
[   12.366626] 
[   12.366735] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.366807] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.366818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.366837] Call Trace:
[   12.366850]  <TASK>
[   12.366864]  dump_stack_lvl+0x73/0xb0
[   12.366891]  print_report+0xd1/0x650
[   12.366913]  ? __virt_addr_valid+0x1db/0x2d0
[   12.366965]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.366988]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.367011]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367035]  kasan_report+0x141/0x180
[   12.367057]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367117]  __asan_report_store1_noabort+0x1b/0x30
[   12.367143]  krealloc_more_oob_helper+0x7eb/0x930
[   12.367165]  ? __schedule+0x10cc/0x2b60
[   12.367187]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.367211]  ? finish_task_switch.isra.0+0x153/0x700
[   12.367232]  ? __switch_to+0x47/0xf50
[   12.367256]  ? __schedule+0x10cc/0x2b60
[   12.367276]  ? __pfx_read_tsc+0x10/0x10
[   12.367300]  krealloc_more_oob+0x1c/0x30
[   12.367321]  kunit_try_run_case+0x1a5/0x480
[   12.367414]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.367457]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.367480]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.367504]  ? __kthread_parkme+0x82/0x180
[   12.367523]  ? preempt_count_sub+0x50/0x80
[   12.367546]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.367570]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.367593]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.367618]  kthread+0x337/0x6f0
[   12.367676]  ? trace_preempt_on+0x20/0xc0
[   12.367699]  ? __pfx_kthread+0x10/0x10
[   12.367719]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.367740]  ? calculate_sigpending+0x7b/0xa0
[   12.367762]  ? __pfx_kthread+0x10/0x10
[   12.367784]  ret_from_fork+0x116/0x1d0
[   12.367833]  ? __pfx_kthread+0x10/0x10
[   12.367853]  ret_from_fork_asm+0x1a/0x30
[   12.367883]  </TASK>
[   12.367892] 
[   12.382118] Allocated by task 173:
[   12.382522]  kasan_save_stack+0x45/0x70
[   12.382940]  kasan_save_track+0x18/0x40
[   12.383079]  kasan_save_alloc_info+0x3b/0x50
[   12.383228]  __kasan_krealloc+0x190/0x1f0
[   12.383444]  krealloc_noprof+0xf3/0x340
[   12.383889]  krealloc_more_oob_helper+0x1a9/0x930
[   12.384547]  krealloc_more_oob+0x1c/0x30
[   12.384953]  kunit_try_run_case+0x1a5/0x480
[   12.385411]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.385993]  kthread+0x337/0x6f0
[   12.386310]  ret_from_fork+0x116/0x1d0
[   12.386776]  ret_from_fork_asm+0x1a/0x30
[   12.386927] 
[   12.387040] The buggy address belongs to the object at ffff888100358600
[   12.387040]  which belongs to the cache kmalloc-256 of size 256
[   12.388150] The buggy address is located 5 bytes to the right of
[   12.388150]  allocated 235-byte region [ffff888100358600, ffff8881003586eb)
[   12.389087] 
[   12.389266] The buggy address belongs to the physical page:
[   12.389797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100358
[   12.390738] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.391238] flags: 0x200000000000040(head|node=0|zone=2)
[   12.391782] page_type: f5(slab)
[   12.392099] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.392850] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.393327] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.393936] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.394710] head: 0200000000000001 ffffea000400d601 00000000ffffffff 00000000ffffffff
[   12.394953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.395181] page dumped because: kasan: bad access detected
[   12.395359] 
[   12.395529] Memory state around the buggy address:
[   12.396084]  ffff888100358580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.396844]  ffff888100358600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.397533] >ffff888100358680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.398281]                                                              ^
[   12.399012]  ffff888100358700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.400163]  ffff888100358780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.400859] ==================================================================
[   12.525279] ==================================================================
[   12.526065] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.526346] Write of size 1 at addr ffff8881021160eb by task kunit_try_catch/177
[   12.526784] 
[   12.526939] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.526980] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.526991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.527009] Call Trace:
[   12.527020]  <TASK>
[   12.527035]  dump_stack_lvl+0x73/0xb0
[   12.527062]  print_report+0xd1/0x650
[   12.527084]  ? __virt_addr_valid+0x1db/0x2d0
[   12.527105]  ? krealloc_more_oob_helper+0x821/0x930
[   12.527128]  ? kasan_addr_to_slab+0x11/0xa0
[   12.527149]  ? krealloc_more_oob_helper+0x821/0x930
[   12.527172]  kasan_report+0x141/0x180
[   12.527194]  ? krealloc_more_oob_helper+0x821/0x930
[   12.527222]  __asan_report_store1_noabort+0x1b/0x30
[   12.527249]  krealloc_more_oob_helper+0x821/0x930
[   12.527272]  ? __schedule+0x10cc/0x2b60
[   12.527294]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.527318]  ? finish_task_switch.isra.0+0x153/0x700
[   12.527340]  ? __switch_to+0x47/0xf50
[   12.527389]  ? __schedule+0x10cc/0x2b60
[   12.527410]  ? __pfx_read_tsc+0x10/0x10
[   12.527433]  krealloc_large_more_oob+0x1c/0x30
[   12.527456]  kunit_try_run_case+0x1a5/0x480
[   12.527479]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.527501]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.527524]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.527547]  ? __kthread_parkme+0x82/0x180
[   12.527568]  ? preempt_count_sub+0x50/0x80
[   12.527590]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.527613]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.527637]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.527661]  kthread+0x337/0x6f0
[   12.527680]  ? trace_preempt_on+0x20/0xc0
[   12.527702]  ? __pfx_kthread+0x10/0x10
[   12.527722]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.527743]  ? calculate_sigpending+0x7b/0xa0
[   12.527766]  ? __pfx_kthread+0x10/0x10
[   12.527787]  ret_from_fork+0x116/0x1d0
[   12.527805]  ? __pfx_kthread+0x10/0x10
[   12.527825]  ret_from_fork_asm+0x1a/0x30
[   12.527855]  </TASK>
[   12.527864] 
[   12.535550] The buggy address belongs to the physical page:
[   12.535730] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102114
[   12.536082] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.536653] flags: 0x200000000000040(head|node=0|zone=2)
[   12.536874] page_type: f8(unknown)
[   12.537032] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.537300] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.537798] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.538101] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.538549] head: 0200000000000002 ffffea0004084501 00000000ffffffff 00000000ffffffff
[   12.538826] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.539049] page dumped because: kasan: bad access detected
[   12.539218] 
[   12.539315] Memory state around the buggy address:
[   12.539544]  ffff888102115f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.539858]  ffff888102116000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.540447] >ffff888102116080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.540658]                                                           ^
[   12.540851]  ffff888102116100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.541479]  ffff888102116180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.541947] ==================================================================
[   12.343024] ==================================================================
[   12.343826] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.344176] Write of size 1 at addr ffff8881003586eb by task kunit_try_catch/173
[   12.344570] 
[   12.344684] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.344735] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.344746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.344764] Call Trace:
[   12.344775]  <TASK>
[   12.344800]  dump_stack_lvl+0x73/0xb0
[   12.344837]  print_report+0xd1/0x650
[   12.344859]  ? __virt_addr_valid+0x1db/0x2d0
[   12.344891]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344914]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.344937]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344960]  kasan_report+0x141/0x180
[   12.344983]  ? krealloc_more_oob_helper+0x821/0x930
[   12.345011]  __asan_report_store1_noabort+0x1b/0x30
[   12.345038]  krealloc_more_oob_helper+0x821/0x930
[   12.345069]  ? __schedule+0x10cc/0x2b60
[   12.345091]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.345115]  ? finish_task_switch.isra.0+0x153/0x700
[   12.345148]  ? __switch_to+0x47/0xf50
[   12.345174]  ? __schedule+0x10cc/0x2b60
[   12.345194]  ? __pfx_read_tsc+0x10/0x10
[   12.345218]  krealloc_more_oob+0x1c/0x30
[   12.345239]  kunit_try_run_case+0x1a5/0x480
[   12.345272]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.345294]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.345317]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.345402]  ? __kthread_parkme+0x82/0x180
[   12.345426]  ? preempt_count_sub+0x50/0x80
[   12.345461]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.345485]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.345509]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.345534]  kthread+0x337/0x6f0
[   12.345552]  ? trace_preempt_on+0x20/0xc0
[   12.345574]  ? __pfx_kthread+0x10/0x10
[   12.345594]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.345615]  ? calculate_sigpending+0x7b/0xa0
[   12.345638]  ? __pfx_kthread+0x10/0x10
[   12.345659]  ret_from_fork+0x116/0x1d0
[   12.345677]  ? __pfx_kthread+0x10/0x10
[   12.345696]  ret_from_fork_asm+0x1a/0x30
[   12.345726]  </TASK>
[   12.345736] 
[   12.354231] Allocated by task 173:
[   12.354587]  kasan_save_stack+0x45/0x70
[   12.354822]  kasan_save_track+0x18/0x40
[   12.355001]  kasan_save_alloc_info+0x3b/0x50
[   12.355232]  __kasan_krealloc+0x190/0x1f0
[   12.355491]  krealloc_noprof+0xf3/0x340
[   12.355698]  krealloc_more_oob_helper+0x1a9/0x930
[   12.355918]  krealloc_more_oob+0x1c/0x30
[   12.356112]  kunit_try_run_case+0x1a5/0x480
[   12.356327]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.356663]  kthread+0x337/0x6f0
[   12.356791]  ret_from_fork+0x116/0x1d0
[   12.356923]  ret_from_fork_asm+0x1a/0x30
[   12.357061] 
[   12.357167] The buggy address belongs to the object at ffff888100358600
[   12.357167]  which belongs to the cache kmalloc-256 of size 256
[   12.357839] The buggy address is located 0 bytes to the right of
[   12.357839]  allocated 235-byte region [ffff888100358600, ffff8881003586eb)
[   12.358320] 
[   12.358401] The buggy address belongs to the physical page:
[   12.358571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100358
[   12.359011] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.359441] flags: 0x200000000000040(head|node=0|zone=2)
[   12.359679] page_type: f5(slab)
[   12.359835] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.360141] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.361322] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.361584] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.361819] head: 0200000000000001 ffffea000400d601 00000000ffffffff 00000000ffffffff
[   12.362049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.362275] page dumped because: kasan: bad access detected
[   12.362453] 
[   12.362523] Memory state around the buggy address:
[   12.362678]  ffff888100358580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.362892]  ffff888100358600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.363103] >ffff888100358680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.363312]                                                           ^
[   12.363722]  ffff888100358700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.364046]  ffff888100358780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.364520] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zhh1TJxKKGPTGH75tVSg7ZQ5K3

job_id

TEST:linaro@lkft#2zhh7dPmlkqdlppZDQ6XzM0iF30

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zhh7dPmlkqdlppZDQ6XzM0iF30

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh4brPbFRP8L5HT7aQLwDEuSt/bzImage
sha256sum	51ed52f1f68ba5ea27b558c10c847ec34107981e2f70718cbc1574acf045c7d6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zhh4brPbFRP8L5HT7aQLwDEuSt/modules.tar.xz
sha256sum	39c646aa7715edec9a01d30f4285c974624ae561cc143942bb43adde90a6040d

durations

tests

boot	0
kunit	203.16

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit