lkft/linux-mainline-master - v6.16-rc5-224-g379f604cc3dc - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 12, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.063880] ==================================================================
[   19.064024] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.064226] Write of size 1 at addr fff00000c440a8f0 by task kunit_try_catch/157
[   19.064513] 
[   19.064627] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.064923] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.064996] Hardware name: linux,dummy-virt (DT)
[   19.065104] Call trace:
[   19.065173]  show_stack+0x20/0x38 (C)
[   19.065282]  dump_stack_lvl+0x8c/0xd0
[   19.065437]  print_report+0x118/0x608
[   19.065551]  kasan_report+0xdc/0x128
[   19.065661]  __asan_report_store1_noabort+0x20/0x30
[   19.065784]  krealloc_more_oob_helper+0x5c0/0x678
[   19.065920]  krealloc_more_oob+0x20/0x38
[   19.066036]  kunit_try_run_case+0x170/0x3f0
[   19.066160]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.066341]  kthread+0x328/0x630
[   19.066488]  ret_from_fork+0x10/0x20
[   19.066673] 
[   19.066739] Allocated by task 157:
[   19.066872]  kasan_save_stack+0x3c/0x68
[   19.066959]  kasan_save_track+0x20/0x40
[   19.067345]  kasan_save_alloc_info+0x40/0x58
[   19.067475]  __kasan_krealloc+0x118/0x178
[   19.067667]  krealloc_noprof+0x128/0x360
[   19.067766]  krealloc_more_oob_helper+0x168/0x678
[   19.067870]  krealloc_more_oob+0x20/0x38
[   19.067956]  kunit_try_run_case+0x170/0x3f0
[   19.068058]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.068142]  kthread+0x328/0x630
[   19.068209]  ret_from_fork+0x10/0x20
[   19.068285] 
[   19.068326] The buggy address belongs to the object at fff00000c440a800
[   19.068326]  which belongs to the cache kmalloc-256 of size 256
[   19.068701] The buggy address is located 5 bytes to the right of
[   19.068701]  allocated 235-byte region [fff00000c440a800, fff00000c440a8eb)
[   19.068923] 
[   19.068974] The buggy address belongs to the physical page:
[   19.069047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10440a
[   19.069172] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.069286] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.069406] page_type: f5(slab)
[   19.069498] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.069621] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.069742] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.070143] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.070879] head: 0bfffe0000000001 ffffc1ffc3110281 00000000ffffffff 00000000ffffffff
[   19.071111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.071217] page dumped because: kasan: bad access detected
[   19.071290] 
[   19.071335] Memory state around the buggy address:
[   19.071411]  fff00000c440a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.071538]  fff00000c440a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.071641] >fff00000c440a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.071726]                                                              ^
[   19.071835]  fff00000c440a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.071944]  fff00000c440a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.072042] ==================================================================
[   19.193034] ==================================================================
[   19.193325] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.193437] Write of size 1 at addr fff00000c79060f0 by task kunit_try_catch/161
[   19.193546] 
[   19.193640] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.193811] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.193894] Hardware name: linux,dummy-virt (DT)
[   19.193954] Call trace:
[   19.193994]  show_stack+0x20/0x38 (C)
[   19.194098]  dump_stack_lvl+0x8c/0xd0
[   19.194150]  print_report+0x118/0x608
[   19.194205]  kasan_report+0xdc/0x128
[   19.194254]  __asan_report_store1_noabort+0x20/0x30
[   19.194309]  krealloc_more_oob_helper+0x5c0/0x678
[   19.194361]  krealloc_large_more_oob+0x20/0x38
[   19.194412]  kunit_try_run_case+0x170/0x3f0
[   19.194462]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.194517]  kthread+0x328/0x630
[   19.194580]  ret_from_fork+0x10/0x20
[   19.194634] 
[   19.194658] The buggy address belongs to the physical page:
[   19.194693] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107904
[   19.194749] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.194797] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.194901] page_type: f8(unknown)
[   19.194986] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.195142] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.195347] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.195528] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.195709] head: 0bfffe0000000002 ffffc1ffc31e4101 00000000ffffffff 00000000ffffffff
[   19.196666] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.197245] page dumped because: kasan: bad access detected
[   19.197334] 
[   19.197455] Memory state around the buggy address:
[   19.197544]  fff00000c7905f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.197721]  fff00000c7906000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.197840] >fff00000c7906080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.197917]                                                              ^
[   19.197990]  fff00000c7906100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.198069]  fff00000c7906180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.198136] ==================================================================
[   19.186225] ==================================================================
[   19.186418] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.186597] Write of size 1 at addr fff00000c79060eb by task kunit_try_catch/161
[   19.186707] 
[   19.186780] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.186955] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.187016] Hardware name: linux,dummy-virt (DT)
[   19.187087] Call trace:
[   19.187134]  show_stack+0x20/0x38 (C)
[   19.187248]  dump_stack_lvl+0x8c/0xd0
[   19.187402]  print_report+0x118/0x608
[   19.187552]  kasan_report+0xdc/0x128
[   19.187695]  __asan_report_store1_noabort+0x20/0x30
[   19.187856]  krealloc_more_oob_helper+0x60c/0x678
[   19.187951]  krealloc_large_more_oob+0x20/0x38
[   19.188055]  kunit_try_run_case+0x170/0x3f0
[   19.188363]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.188480]  kthread+0x328/0x630
[   19.188578]  ret_from_fork+0x10/0x20
[   19.188674] 
[   19.188748] The buggy address belongs to the physical page:
[   19.189461] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107904
[   19.189592] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.189700] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.189830] page_type: f8(unknown)
[   19.189912] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.190007] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.190130] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.190232] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.190325] head: 0bfffe0000000002 ffffc1ffc31e4101 00000000ffffffff 00000000ffffffff
[   19.190424] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.190503] page dumped because: kasan: bad access detected
[   19.190860] 
[   19.190915] Memory state around the buggy address:
[   19.191007]  fff00000c7905f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.191164]  fff00000c7906000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.191307] >fff00000c7906080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.191435]                                                           ^
[   19.191569]  fff00000c7906100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.191674]  fff00000c7906180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.191807] ==================================================================
[   19.052428] ==================================================================
[   19.052711] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.053131] Write of size 1 at addr fff00000c440a8eb by task kunit_try_catch/157
[   19.053308] 
[   19.053389] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.053553] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.053605] Hardware name: linux,dummy-virt (DT)
[   19.053668] Call trace:
[   19.053715]  show_stack+0x20/0x38 (C)
[   19.053843]  dump_stack_lvl+0x8c/0xd0
[   19.054392]  print_report+0x118/0x608
[   19.054755]  kasan_report+0xdc/0x128
[   19.055106]  __asan_report_store1_noabort+0x20/0x30
[   19.055347]  krealloc_more_oob_helper+0x60c/0x678
[   19.055625]  krealloc_more_oob+0x20/0x38
[   19.055754]  kunit_try_run_case+0x170/0x3f0
[   19.055874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.055992]  kthread+0x328/0x630
[   19.056230]  ret_from_fork+0x10/0x20
[   19.056682] 
[   19.056745] Allocated by task 157:
[   19.056992]  kasan_save_stack+0x3c/0x68
[   19.057104]  kasan_save_track+0x20/0x40
[   19.057430]  kasan_save_alloc_info+0x40/0x58
[   19.057665]  __kasan_krealloc+0x118/0x178
[   19.057929]  krealloc_noprof+0x128/0x360
[   19.058067]  krealloc_more_oob_helper+0x168/0x678
[   19.058177]  krealloc_more_oob+0x20/0x38
[   19.058263]  kunit_try_run_case+0x170/0x3f0
[   19.058353]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.058438]  kthread+0x328/0x630
[   19.058500]  ret_from_fork+0x10/0x20
[   19.059045] 
[   19.059104] The buggy address belongs to the object at fff00000c440a800
[   19.059104]  which belongs to the cache kmalloc-256 of size 256
[   19.059180] The buggy address is located 0 bytes to the right of
[   19.059180]  allocated 235-byte region [fff00000c440a800, fff00000c440a8eb)
[   19.059246] 
[   19.059270] The buggy address belongs to the physical page:
[   19.059305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10440a
[   19.059367] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.059418] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.059478] page_type: f5(slab)
[   19.059525] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.059578] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.059630] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.059683] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.059734] head: 0bfffe0000000001 ffffc1ffc3110281 00000000ffffffff 00000000ffffffff
[   19.059783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.059854] page dumped because: kasan: bad access detected
[   19.059928] 
[   19.059977] Memory state around the buggy address:
[   19.060071]  fff00000c440a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.060171]  fff00000c440a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.060272] >fff00000c440a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.060361]                                                           ^
[   19.060453]  fff00000c440a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.060583]  fff00000c440a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.060662] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlverRb5fPdptEkZ6zMvlyzm1I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlverRb5fPdptEkZ6zMvlyzm1I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/Image.gz
sha256sum	c9e48236e89d2de4ae2e1bd084878fc8548c676082f395c1121631c860b60412

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/modules.tar.xz
sha256sum	e24d92e515f54e515d26355283c0915768fc78096b724afb30cb660de602c681

durations

tests

boot	0
kunit	290.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.239918] ==================================================================
[   12.240317] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.240562] Write of size 1 at addr ffff88810034b4eb by task kunit_try_catch/174
[   12.240935] 
[   12.241065] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.241109] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.241120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.241140] Call Trace:
[   12.241152]  <TASK>
[   12.241167]  dump_stack_lvl+0x73/0xb0
[   12.241195]  print_report+0xd1/0x650
[   12.241217]  ? __virt_addr_valid+0x1db/0x2d0
[   12.241241]  ? krealloc_more_oob_helper+0x821/0x930
[   12.241266]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.241289]  ? krealloc_more_oob_helper+0x821/0x930
[   12.241313]  kasan_report+0x141/0x180
[   12.241335]  ? krealloc_more_oob_helper+0x821/0x930
[   12.241364]  __asan_report_store1_noabort+0x1b/0x30
[   12.241390]  krealloc_more_oob_helper+0x821/0x930
[   12.241412]  ? __schedule+0x10cc/0x2b60
[   12.241434]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.241459]  ? finish_task_switch.isra.0+0x153/0x700
[   12.241483]  ? __switch_to+0x47/0xf50
[   12.241509]  ? __schedule+0x10cc/0x2b60
[   12.241530]  ? __pfx_read_tsc+0x10/0x10
[   12.241600]  krealloc_more_oob+0x1c/0x30
[   12.241622]  kunit_try_run_case+0x1a5/0x480
[   12.241946]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.241973]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.241998]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.242022]  ? __kthread_parkme+0x82/0x180
[   12.242043]  ? preempt_count_sub+0x50/0x80
[   12.242066]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.242091]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.242115]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.242140]  kthread+0x337/0x6f0
[   12.242159]  ? trace_preempt_on+0x20/0xc0
[   12.242184]  ? __pfx_kthread+0x10/0x10
[   12.242204]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.242226]  ? calculate_sigpending+0x7b/0xa0
[   12.242250]  ? __pfx_kthread+0x10/0x10
[   12.242271]  ret_from_fork+0x116/0x1d0
[   12.242289]  ? __pfx_kthread+0x10/0x10
[   12.242310]  ret_from_fork_asm+0x1a/0x30
[   12.242340]  </TASK>
[   12.242351] 
[   12.254758] Allocated by task 174:
[   12.255325]  kasan_save_stack+0x45/0x70
[   12.255520]  kasan_save_track+0x18/0x40
[   12.255942]  kasan_save_alloc_info+0x3b/0x50
[   12.256148]  __kasan_krealloc+0x190/0x1f0
[   12.256292]  krealloc_noprof+0xf3/0x340
[   12.256492]  krealloc_more_oob_helper+0x1a9/0x930
[   12.256703]  krealloc_more_oob+0x1c/0x30
[   12.257210]  kunit_try_run_case+0x1a5/0x480
[   12.257398]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.257876]  kthread+0x337/0x6f0
[   12.258125]  ret_from_fork+0x116/0x1d0
[   12.258320]  ret_from_fork_asm+0x1a/0x30
[   12.258610] 
[   12.258789] The buggy address belongs to the object at ffff88810034b400
[   12.258789]  which belongs to the cache kmalloc-256 of size 256
[   12.259399] The buggy address is located 0 bytes to the right of
[   12.259399]  allocated 235-byte region [ffff88810034b400, ffff88810034b4eb)
[   12.260165] 
[   12.260440] The buggy address belongs to the physical page:
[   12.260671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a
[   12.261319] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.261658] flags: 0x200000000000040(head|node=0|zone=2)
[   12.261968] page_type: f5(slab)
[   12.262209] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.262521] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.262835] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.263236] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.263622] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff
[   12.264201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.264512] page dumped because: kasan: bad access detected
[   12.264952] 
[   12.265053] Memory state around the buggy address:
[   12.265248]  ffff88810034b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.265560]  ffff88810034b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.266154] >ffff88810034b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.266407]                                                           ^
[   12.266730]  ffff88810034b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.267377]  ffff88810034b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.267908] ==================================================================
[   12.268638] ==================================================================
[   12.269395] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.269851] Write of size 1 at addr ffff88810034b4f0 by task kunit_try_catch/174
[   12.270144] 
[   12.270251] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.270290] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.270300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.270318] Call Trace:
[   12.270329]  <TASK>
[   12.270344]  dump_stack_lvl+0x73/0xb0
[   12.270377]  print_report+0xd1/0x650
[   12.270399]  ? __virt_addr_valid+0x1db/0x2d0
[   12.270422]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.270445]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.270468]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.270493]  kasan_report+0x141/0x180
[   12.270515]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.270543]  __asan_report_store1_noabort+0x1b/0x30
[   12.270568]  krealloc_more_oob_helper+0x7eb/0x930
[   12.270591]  ? __schedule+0x10cc/0x2b60
[   12.270613]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.270638]  ? finish_task_switch.isra.0+0x153/0x700
[   12.270971]  ? __switch_to+0x47/0xf50
[   12.270998]  ? __schedule+0x10cc/0x2b60
[   12.271020]  ? __pfx_read_tsc+0x10/0x10
[   12.271045]  krealloc_more_oob+0x1c/0x30
[   12.271067]  kunit_try_run_case+0x1a5/0x480
[   12.271092]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.271115]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.271139]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.271162]  ? __kthread_parkme+0x82/0x180
[   12.271183]  ? preempt_count_sub+0x50/0x80
[   12.271206]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.271230]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.271254]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.271278]  kthread+0x337/0x6f0
[   12.271298]  ? trace_preempt_on+0x20/0xc0
[   12.271320]  ? __pfx_kthread+0x10/0x10
[   12.271341]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.271362]  ? calculate_sigpending+0x7b/0xa0
[   12.271386]  ? __pfx_kthread+0x10/0x10
[   12.271407]  ret_from_fork+0x116/0x1d0
[   12.271425]  ? __pfx_kthread+0x10/0x10
[   12.271445]  ret_from_fork_asm+0x1a/0x30
[   12.271476]  </TASK>
[   12.271487] 
[   12.281894] Allocated by task 174:
[   12.282025]  kasan_save_stack+0x45/0x70
[   12.282170]  kasan_save_track+0x18/0x40
[   12.282366]  kasan_save_alloc_info+0x3b/0x50
[   12.282576]  __kasan_krealloc+0x190/0x1f0
[   12.282770]  krealloc_noprof+0xf3/0x340
[   12.282903]  krealloc_more_oob_helper+0x1a9/0x930
[   12.283646]  krealloc_more_oob+0x1c/0x30
[   12.283883]  kunit_try_run_case+0x1a5/0x480
[   12.284073]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.284280]  kthread+0x337/0x6f0
[   12.284439]  ret_from_fork+0x116/0x1d0
[   12.284615]  ret_from_fork_asm+0x1a/0x30
[   12.285268] 
[   12.285369] The buggy address belongs to the object at ffff88810034b400
[   12.285369]  which belongs to the cache kmalloc-256 of size 256
[   12.286323] The buggy address is located 5 bytes to the right of
[   12.286323]  allocated 235-byte region [ffff88810034b400, ffff88810034b4eb)
[   12.287540] 
[   12.287720] The buggy address belongs to the physical page:
[   12.287974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a
[   12.288295] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.288598] flags: 0x200000000000040(head|node=0|zone=2)
[   12.289265] page_type: f5(slab)
[   12.289564] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.290009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.290324] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.290618] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.291006] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff
[   12.291248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.291476] page dumped because: kasan: bad access detected
[   12.291655] 
[   12.291728] Memory state around the buggy address:
[   12.292311]  ffff88810034b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.293194]  ffff88810034b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.293418] >ffff88810034b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.293629]                                                              ^
[   12.294375]  ffff88810034b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.295252]  ffff88810034b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.296113] ==================================================================
[   12.435944] ==================================================================
[   12.436396] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.436893] Write of size 1 at addr ffff8881029520eb by task kunit_try_catch/178
[   12.437183] 
[   12.437311] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.437353] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.437364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.437382] Call Trace:
[   12.437394]  <TASK>
[   12.437408]  dump_stack_lvl+0x73/0xb0
[   12.437438]  print_report+0xd1/0x650
[   12.437461]  ? __virt_addr_valid+0x1db/0x2d0
[   12.437485]  ? krealloc_more_oob_helper+0x821/0x930
[   12.437509]  ? kasan_addr_to_slab+0x11/0xa0
[   12.437529]  ? krealloc_more_oob_helper+0x821/0x930
[   12.437573]  kasan_report+0x141/0x180
[   12.437608]  ? krealloc_more_oob_helper+0x821/0x930
[   12.437637]  __asan_report_store1_noabort+0x1b/0x30
[   12.437900]  krealloc_more_oob_helper+0x821/0x930
[   12.437925]  ? __schedule+0x10cc/0x2b60
[   12.437948]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.437974]  ? finish_task_switch.isra.0+0x153/0x700
[   12.437997]  ? __switch_to+0x47/0xf50
[   12.438021]  ? __schedule+0x10cc/0x2b60
[   12.438042]  ? __pfx_read_tsc+0x10/0x10
[   12.438066]  krealloc_large_more_oob+0x1c/0x30
[   12.438090]  kunit_try_run_case+0x1a5/0x480
[   12.438114]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.438137]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.438161]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.438184]  ? __kthread_parkme+0x82/0x180
[   12.438205]  ? preempt_count_sub+0x50/0x80
[   12.438228]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.438252]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.438276]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.438301]  kthread+0x337/0x6f0
[   12.438320]  ? trace_preempt_on+0x20/0xc0
[   12.438343]  ? __pfx_kthread+0x10/0x10
[   12.438369]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.438391]  ? calculate_sigpending+0x7b/0xa0
[   12.438415]  ? __pfx_kthread+0x10/0x10
[   12.438436]  ret_from_fork+0x116/0x1d0
[   12.438455]  ? __pfx_kthread+0x10/0x10
[   12.438475]  ret_from_fork_asm+0x1a/0x30
[   12.438505]  </TASK>
[   12.438516] 
[   12.447111] The buggy address belongs to the physical page:
[   12.447293] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.447636] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.447979] flags: 0x200000000000040(head|node=0|zone=2)
[   12.448222] page_type: f8(unknown)
[   12.448396] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.448900] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.449340] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.449843] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.450328] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.450563] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.451248] page dumped because: kasan: bad access detected
[   12.451530] 
[   12.451642] Memory state around the buggy address:
[   12.451986]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.452330]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.452593] >ffff888102952080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.453120]                                                           ^
[   12.453405]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.453928]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.454218] ==================================================================
[   12.454856] ==================================================================
[   12.455226] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.455900] Write of size 1 at addr ffff8881029520f0 by task kunit_try_catch/178
[   12.456171] 
[   12.456285] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.456326] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.456336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.456355] Call Trace:
[   12.456367]  <TASK>
[   12.456382]  dump_stack_lvl+0x73/0xb0
[   12.456433]  print_report+0xd1/0x650
[   12.456455]  ? __virt_addr_valid+0x1db/0x2d0
[   12.456479]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.456502]  ? kasan_addr_to_slab+0x11/0xa0
[   12.456522]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.456546]  kasan_report+0x141/0x180
[   12.456583]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.456613]  __asan_report_store1_noabort+0x1b/0x30
[   12.456652]  krealloc_more_oob_helper+0x7eb/0x930
[   12.456675]  ? __schedule+0x10cc/0x2b60
[   12.456711]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.456736]  ? finish_task_switch.isra.0+0x153/0x700
[   12.456787]  ? __switch_to+0x47/0xf50
[   12.456812]  ? __schedule+0x10cc/0x2b60
[   12.456847]  ? __pfx_read_tsc+0x10/0x10
[   12.456884]  krealloc_large_more_oob+0x1c/0x30
[   12.456921]  kunit_try_run_case+0x1a5/0x480
[   12.456945]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.457027]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.457052]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.457076]  ? __kthread_parkme+0x82/0x180
[   12.457096]  ? preempt_count_sub+0x50/0x80
[   12.457119]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.457143]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.457167]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.457192]  kthread+0x337/0x6f0
[   12.457211]  ? trace_preempt_on+0x20/0xc0
[   12.457234]  ? __pfx_kthread+0x10/0x10
[   12.457254]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.457276]  ? calculate_sigpending+0x7b/0xa0
[   12.457300]  ? __pfx_kthread+0x10/0x10
[   12.457321]  ret_from_fork+0x116/0x1d0
[   12.457339]  ? __pfx_kthread+0x10/0x10
[   12.457359]  ret_from_fork_asm+0x1a/0x30
[   12.457390]  </TASK>
[   12.457400] 
[   12.468373] The buggy address belongs to the physical page:
[   12.468790] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.469139] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.469599] flags: 0x200000000000040(head|node=0|zone=2)
[   12.470228] page_type: f8(unknown)
[   12.470507] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.471055] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.471400] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.472075] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.472483] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.473023] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.473469] page dumped because: kasan: bad access detected
[   12.474046] 
[   12.474151] Memory state around the buggy address:
[   12.474342]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.474856]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.475173] >ffff888102952080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.475487]                                                              ^
[   12.476033]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.476279]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.476711] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlvfyTmTyminRKXkr1Gwqf6AqT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlvfyTmTyminRKXkr1Gwqf6AqT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/bzImage
sha256sum	f2525a42db3db7704392b60a0a7b6300b86c21d1b4e3f0c9a4ee165428e9e2ac

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/modules.tar.xz
sha256sum	3e7e7b5cd868a19ceea397cd34a8ca08bcda09aac07bf76e95a38de35372b59a

durations

tests

boot	0
kunit	211.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit