lkft/linux-mainline-master - v6.16-rc5-266-g3f31a806a62e - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 12, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.557960] ==================================================================
[   16.558021] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.558074] Write of size 1 at addr fff00000c47860eb by task kunit_try_catch/156
[   16.558125] 
[   16.558156] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.558250] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.559482] Hardware name: linux,dummy-virt (DT)
[   16.559531] Call trace:
[   16.559710]  show_stack+0x20/0x38 (C)
[   16.559844]  dump_stack_lvl+0x8c/0xd0
[   16.559892]  print_report+0x118/0x5d0
[   16.560737]  kasan_report+0xdc/0x128
[   16.561076]  __asan_report_store1_noabort+0x20/0x30
[   16.561344]  krealloc_more_oob_helper+0x60c/0x678
[   16.561520]  krealloc_more_oob+0x20/0x38
[   16.561565]  kunit_try_run_case+0x170/0x3f0
[   16.561611]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.561662]  kthread+0x328/0x630
[   16.561707]  ret_from_fork+0x10/0x20
[   16.562587] 
[   16.562611] Allocated by task 156:
[   16.562902]  kasan_save_stack+0x3c/0x68
[   16.563076]  kasan_save_track+0x20/0x40
[   16.563196]  kasan_save_alloc_info+0x40/0x58
[   16.563279]  __kasan_krealloc+0x118/0x178
[   16.563320]  krealloc_noprof+0x128/0x360
[   16.563357]  krealloc_more_oob_helper+0x168/0x678
[   16.563398]  krealloc_more_oob+0x20/0x38
[   16.563433]  kunit_try_run_case+0x170/0x3f0
[   16.563470]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.563512]  kthread+0x328/0x630
[   16.563543]  ret_from_fork+0x10/0x20
[   16.564240] 
[   16.564267] The buggy address belongs to the object at fff00000c4786000
[   16.564267]  which belongs to the cache kmalloc-256 of size 256
[   16.564395] The buggy address is located 0 bytes to the right of
[   16.564395]  allocated 235-byte region [fff00000c4786000, fff00000c47860eb)
[   16.564644] 
[   16.564702] The buggy address belongs to the physical page:
[   16.564740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104786
[   16.564959] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.565186] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.565662] page_type: f5(slab)
[   16.565716] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.566088] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.566429] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.566614] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.566753] head: 0bfffe0000000001 ffffc1ffc311e181 00000000ffffffff 00000000ffffffff
[   16.566801] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.567246] page dumped because: kasan: bad access detected
[   16.567382] 
[   16.567400] Memory state around the buggy address:
[   16.567434]  fff00000c4785f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.567477]  fff00000c4786000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.568242] >fff00000c4786080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.568460]                                                           ^
[   16.568577]  fff00000c4786100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.568633]  fff00000c4786180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.568671] ==================================================================
[   16.573585] ==================================================================
[   16.573639] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.575257] Write of size 1 at addr fff00000c47860f0 by task kunit_try_catch/156
[   16.575645] 
[   16.575679] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.575827] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.575855] Hardware name: linux,dummy-virt (DT)
[   16.575886] Call trace:
[   16.575909]  show_stack+0x20/0x38 (C)
[   16.575959]  dump_stack_lvl+0x8c/0xd0
[   16.576004]  print_report+0x118/0x5d0
[   16.576049]  kasan_report+0xdc/0x128
[   16.576093]  __asan_report_store1_noabort+0x20/0x30
[   16.576143]  krealloc_more_oob_helper+0x5c0/0x678
[   16.576204]  krealloc_more_oob+0x20/0x38
[   16.576291]  kunit_try_run_case+0x170/0x3f0
[   16.576393]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.576516]  kthread+0x328/0x630
[   16.576616]  ret_from_fork+0x10/0x20
[   16.576753] 
[   16.576804] Allocated by task 156:
[   16.576920]  kasan_save_stack+0x3c/0x68
[   16.576984]  kasan_save_track+0x20/0x40
[   16.577020]  kasan_save_alloc_info+0x40/0x58
[   16.577059]  __kasan_krealloc+0x118/0x178
[   16.577095]  krealloc_noprof+0x128/0x360
[   16.577131]  krealloc_more_oob_helper+0x168/0x678
[   16.577413]  krealloc_more_oob+0x20/0x38
[   16.577517]  kunit_try_run_case+0x170/0x3f0
[   16.577596]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.577691]  kthread+0x328/0x630
[   16.577761]  ret_from_fork+0x10/0x20
[   16.577825] 
[   16.577924] The buggy address belongs to the object at fff00000c4786000
[   16.577924]  which belongs to the cache kmalloc-256 of size 256
[   16.578039] The buggy address is located 5 bytes to the right of
[   16.578039]  allocated 235-byte region [fff00000c4786000, fff00000c47860eb)
[   16.578473] 
[   16.578506] The buggy address belongs to the physical page:
[   16.578537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104786
[   16.578603] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.578653] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.578711] page_type: f5(slab)
[   16.578760] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.578811] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.578869] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.578933] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.578991] head: 0bfffe0000000001 ffffc1ffc311e181 00000000ffffffff 00000000ffffffff
[   16.579039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.579078] page dumped because: kasan: bad access detected
[   16.579109] 
[   16.579126] Memory state around the buggy address:
[   16.579165]  fff00000c4785f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.579257]  fff00000c4786000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.579300] >fff00000c4786080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.579337]                                                              ^
[   16.579375]  fff00000c4786100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.579416]  fff00000c4786180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.579453] ==================================================================
[   16.634643] ==================================================================
[   16.634698] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.634743] Write of size 1 at addr fff00000c665e0f0 by task kunit_try_catch/160
[   16.634792] 
[   16.634819] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.635075] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.635123] Hardware name: linux,dummy-virt (DT)
[   16.635153] Call trace:
[   16.635334]  show_stack+0x20/0x38 (C)
[   16.635498]  dump_stack_lvl+0x8c/0xd0
[   16.635546]  print_report+0x118/0x5d0
[   16.635592]  kasan_report+0xdc/0x128
[   16.635887]  __asan_report_store1_noabort+0x20/0x30
[   16.636055]  krealloc_more_oob_helper+0x5c0/0x678
[   16.636223]  krealloc_large_more_oob+0x20/0x38
[   16.636322]  kunit_try_run_case+0x170/0x3f0
[   16.636404]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.636550]  kthread+0x328/0x630
[   16.636618]  ret_from_fork+0x10/0x20
[   16.636734] 
[   16.636753] The buggy address belongs to the physical page:
[   16.636801] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10665c
[   16.637007] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.637252] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.637422] page_type: f8(unknown)
[   16.637595] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.637766] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.637856] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.638095] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.638264] head: 0bfffe0000000002 ffffc1ffc3199701 00000000ffffffff 00000000ffffffff
[   16.638441] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.638536] page dumped because: kasan: bad access detected
[   16.638646] 
[   16.638844] Memory state around the buggy address:
[   16.638922]  fff00000c665df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.638972]  fff00000c665e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.639015] >fff00000c665e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.639250]                                                              ^
[   16.639300]  fff00000c665e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.639417]  fff00000c665e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.639496] ==================================================================
[   16.629809] ==================================================================
[   16.629909] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.630043] Write of size 1 at addr fff00000c665e0eb by task kunit_try_catch/160
[   16.630095] 
[   16.630126] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.630344] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.630372] Hardware name: linux,dummy-virt (DT)
[   16.630401] Call trace:
[   16.630574]  show_stack+0x20/0x38 (C)
[   16.630666]  dump_stack_lvl+0x8c/0xd0
[   16.630721]  print_report+0x118/0x5d0
[   16.630766]  kasan_report+0xdc/0x128
[   16.630895]  __asan_report_store1_noabort+0x20/0x30
[   16.630981]  krealloc_more_oob_helper+0x60c/0x678
[   16.631109]  krealloc_large_more_oob+0x20/0x38
[   16.631183]  kunit_try_run_case+0x170/0x3f0
[   16.631288]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.631425]  kthread+0x328/0x630
[   16.631471]  ret_from_fork+0x10/0x20
[   16.631628] 
[   16.631651] The buggy address belongs to the physical page:
[   16.631682] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10665c
[   16.631815] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.631885] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.632034] page_type: f8(unknown)
[   16.632106] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.632284] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.632373] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.632497] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.632576] head: 0bfffe0000000002 ffffc1ffc3199701 00000000ffffffff 00000000ffffffff
[   16.632642] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.632834] page dumped because: kasan: bad access detected
[   16.632995] 
[   16.633076] Memory state around the buggy address:
[   16.633145]  fff00000c665df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.633277]  fff00000c665e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.633356] >fff00000c665e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.633473]                                                           ^
[   16.633588]  fff00000c665e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.633657]  fff00000c665e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.633695] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2znL9QWSKh9jtM3vTXwXjWrQIyK

job_id

TEST:linaro@lkft#2znLDVLP3ZXG8pfhY1jEbNie9dN

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2znLDVLP3ZXG8pfhY1jEbNie9dN

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLAbhqx7JKeEJepxMHIK2e3q3/Image.gz
sha256sum	2076283a81f0cbb0cb655b0b1a6f1f543a528d6518b44450c43376cd43cb9fb5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLAbhqx7JKeEJepxMHIK2e3q3/modules.tar.xz
sha256sum	8e0ad1fd79bc59f15b066f7e6b46d18cbb8a16a6dd13f47c309f97c71ffc31d7

durations

tests

boot	0
kunit	172.04

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.509317] ==================================================================
[   12.509935] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.511122] Write of size 1 at addr ffff8881003484eb by task kunit_try_catch/173
[   12.511428] 
[   12.511519] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.511562] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.511574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.511596] Call Trace:
[   12.511608]  <TASK>
[   12.511623]  dump_stack_lvl+0x73/0xb0
[   12.511654]  print_report+0xd1/0x610
[   12.511677]  ? __virt_addr_valid+0x1db/0x2d0
[   12.511701]  ? krealloc_more_oob_helper+0x821/0x930
[   12.511726]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.511750]  ? krealloc_more_oob_helper+0x821/0x930
[   12.511775]  kasan_report+0x141/0x180
[   12.511797]  ? krealloc_more_oob_helper+0x821/0x930
[   12.511827]  __asan_report_store1_noabort+0x1b/0x30
[   12.511852]  krealloc_more_oob_helper+0x821/0x930
[   12.511877]  ? __schedule+0x10cc/0x2b60
[   12.511900]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.511925]  ? finish_task_switch.isra.0+0x153/0x700
[   12.511950]  ? __switch_to+0x47/0xf50
[   12.511984]  ? __schedule+0x10cc/0x2b60
[   12.512006]  ? __pfx_read_tsc+0x10/0x10
[   12.512030]  krealloc_more_oob+0x1c/0x30
[   12.512052]  kunit_try_run_case+0x1a5/0x480
[   12.512077]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.512101]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.512124]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.512149]  ? __kthread_parkme+0x82/0x180
[   12.512174]  ? preempt_count_sub+0x50/0x80
[   12.512198]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.512223]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.512248]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.512538]  kthread+0x337/0x6f0
[   12.512579]  ? trace_preempt_on+0x20/0xc0
[   12.512605]  ? __pfx_kthread+0x10/0x10
[   12.512661]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.512684]  ? calculate_sigpending+0x7b/0xa0
[   12.512709]  ? __pfx_kthread+0x10/0x10
[   12.512731]  ret_from_fork+0x116/0x1d0
[   12.512750]  ? __pfx_kthread+0x10/0x10
[   12.512771]  ret_from_fork_asm+0x1a/0x30
[   12.512802]  </TASK>
[   12.512813] 
[   12.530538] Allocated by task 173:
[   12.530955]  kasan_save_stack+0x45/0x70
[   12.531154]  kasan_save_track+0x18/0x40
[   12.531435]  kasan_save_alloc_info+0x3b/0x50
[   12.531971]  __kasan_krealloc+0x190/0x1f0
[   12.532514]  krealloc_noprof+0xf3/0x340
[   12.532793]  krealloc_more_oob_helper+0x1a9/0x930
[   12.533259]  krealloc_more_oob+0x1c/0x30
[   12.533430]  kunit_try_run_case+0x1a5/0x480
[   12.533797]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.534357]  kthread+0x337/0x6f0
[   12.534485]  ret_from_fork+0x116/0x1d0
[   12.534619]  ret_from_fork_asm+0x1a/0x30
[   12.534767] 
[   12.534843] The buggy address belongs to the object at ffff888100348400
[   12.534843]  which belongs to the cache kmalloc-256 of size 256
[   12.535348] The buggy address is located 0 bytes to the right of
[   12.535348]  allocated 235-byte region [ffff888100348400, ffff8881003484eb)
[   12.535918] 
[   12.536111] The buggy address belongs to the physical page:
[   12.536693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100348
[   12.537511] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.537925] flags: 0x200000000000040(head|node=0|zone=2)
[   12.538514] page_type: f5(slab)
[   12.538903] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.539699] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.540331] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.540797] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.541365] head: 0200000000000001 ffffea000400d201 00000000ffffffff 00000000ffffffff
[   12.541600] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.541829] page dumped because: kasan: bad access detected
[   12.542073] 
[   12.542236] Memory state around the buggy address:
[   12.542811]  ffff888100348380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.543689]  ffff888100348400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.544453] >ffff888100348480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.545199]                                                           ^
[   12.545866]  ffff888100348500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.546710]  ffff888100348580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.547578] ==================================================================
[   12.722714] ==================================================================
[   12.723569] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.724239] Write of size 1 at addr ffff888102bea0eb by task kunit_try_catch/177
[   12.724482] 
[   12.724576] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.724623] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.724633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.724655] Call Trace:
[   12.724667]  <TASK>
[   12.724683]  dump_stack_lvl+0x73/0xb0
[   12.724714]  print_report+0xd1/0x610
[   12.724736]  ? __virt_addr_valid+0x1db/0x2d0
[   12.724760]  ? krealloc_more_oob_helper+0x821/0x930
[   12.724784]  ? kasan_addr_to_slab+0x11/0xa0
[   12.724804]  ? krealloc_more_oob_helper+0x821/0x930
[   12.724828]  kasan_report+0x141/0x180
[   12.724849]  ? krealloc_more_oob_helper+0x821/0x930
[   12.724878]  __asan_report_store1_noabort+0x1b/0x30
[   12.724903]  krealloc_more_oob_helper+0x821/0x930
[   12.724925]  ? __schedule+0x10cc/0x2b60
[   12.724948]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.724973]  ? finish_task_switch.isra.0+0x153/0x700
[   12.724997]  ? __switch_to+0x47/0xf50
[   12.725022]  ? __schedule+0x10cc/0x2b60
[   12.725042]  ? __pfx_read_tsc+0x10/0x10
[   12.725066]  krealloc_large_more_oob+0x1c/0x30
[   12.725089]  kunit_try_run_case+0x1a5/0x480
[   12.725114]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.725136]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.725160]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.725184]  ? __kthread_parkme+0x82/0x180
[   12.725205]  ? preempt_count_sub+0x50/0x80
[   12.725228]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.725252]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.725286]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.725311]  kthread+0x337/0x6f0
[   12.725329]  ? trace_preempt_on+0x20/0xc0
[   12.725353]  ? __pfx_kthread+0x10/0x10
[   12.725502]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.725524]  ? calculate_sigpending+0x7b/0xa0
[   12.725549]  ? __pfx_kthread+0x10/0x10
[   12.725570]  ret_from_fork+0x116/0x1d0
[   12.725589]  ? __pfx_kthread+0x10/0x10
[   12.725609]  ret_from_fork_asm+0x1a/0x30
[   12.725640]  </TASK>
[   12.725652] 
[   12.736026] The buggy address belongs to the physical page:
[   12.736315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8
[   12.736635] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.736934] flags: 0x200000000000040(head|node=0|zone=2)
[   12.737162] page_type: f8(unknown)
[   12.737338] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.737674] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.737995] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.738819] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.739208] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff
[   12.739629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.740052] page dumped because: kasan: bad access detected
[   12.740384] 
[   12.740590] Memory state around the buggy address:
[   12.740866]  ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.741228]  ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.741569] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.741868]                                                           ^
[   12.742144]  ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.742445]  ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.742749] ==================================================================
[   12.548512] ==================================================================
[   12.549325] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.550109] Write of size 1 at addr ffff8881003484f0 by task kunit_try_catch/173
[   12.550527] 
[   12.550625] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.550952] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.550978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.551000] Call Trace:
[   12.551039]  <TASK>
[   12.551058]  dump_stack_lvl+0x73/0xb0
[   12.551091]  print_report+0xd1/0x610
[   12.551114]  ? __virt_addr_valid+0x1db/0x2d0
[   12.551138]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.551163]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.551187]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.551211]  kasan_report+0x141/0x180
[   12.551233]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.551276]  __asan_report_store1_noabort+0x1b/0x30
[   12.551304]  krealloc_more_oob_helper+0x7eb/0x930
[   12.551327]  ? __schedule+0x10cc/0x2b60
[   12.551350]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.551375]  ? finish_task_switch.isra.0+0x153/0x700
[   12.551399]  ? __switch_to+0x47/0xf50
[   12.551425]  ? __schedule+0x10cc/0x2b60
[   12.551446]  ? __pfx_read_tsc+0x10/0x10
[   12.551470]  krealloc_more_oob+0x1c/0x30
[   12.551492]  kunit_try_run_case+0x1a5/0x480
[   12.551517]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.551540]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.551565]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.551589]  ? __kthread_parkme+0x82/0x180
[   12.551610]  ? preempt_count_sub+0x50/0x80
[   12.551633]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.551657]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.551682]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.551707]  kthread+0x337/0x6f0
[   12.551726]  ? trace_preempt_on+0x20/0xc0
[   12.551750]  ? __pfx_kthread+0x10/0x10
[   12.551771]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.551792]  ? calculate_sigpending+0x7b/0xa0
[   12.551817]  ? __pfx_kthread+0x10/0x10
[   12.551838]  ret_from_fork+0x116/0x1d0
[   12.551856]  ? __pfx_kthread+0x10/0x10
[   12.551877]  ret_from_fork_asm+0x1a/0x30
[   12.551908]  </TASK>
[   12.551919] 
[   12.565887] Allocated by task 173:
[   12.566076]  kasan_save_stack+0x45/0x70
[   12.566441]  kasan_save_track+0x18/0x40
[   12.566883]  kasan_save_alloc_info+0x3b/0x50
[   12.567417]  __kasan_krealloc+0x190/0x1f0
[   12.567859]  krealloc_noprof+0xf3/0x340
[   12.568286]  krealloc_more_oob_helper+0x1a9/0x930
[   12.568728]  krealloc_more_oob+0x1c/0x30
[   12.569185]  kunit_try_run_case+0x1a5/0x480
[   12.569597]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.570253]  kthread+0x337/0x6f0
[   12.570609]  ret_from_fork+0x116/0x1d0
[   12.570836]  ret_from_fork_asm+0x1a/0x30
[   12.571119] 
[   12.571357] The buggy address belongs to the object at ffff888100348400
[   12.571357]  which belongs to the cache kmalloc-256 of size 256
[   12.572404] The buggy address is located 5 bytes to the right of
[   12.572404]  allocated 235-byte region [ffff888100348400, ffff8881003484eb)
[   12.573147] 
[   12.573323] The buggy address belongs to the physical page:
[   12.573779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100348
[   12.574209] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.574862] flags: 0x200000000000040(head|node=0|zone=2)
[   12.575056] page_type: f5(slab)
[   12.575498] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.576132] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.576564] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.576798] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.577049] head: 0200000000000001 ffffea000400d201 00000000ffffffff 00000000ffffffff
[   12.577424] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.577916] page dumped because: kasan: bad access detected
[   12.578549] 
[   12.578862] Memory state around the buggy address:
[   12.579337]  ffff888100348380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.579562]  ffff888100348400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.579779] >ffff888100348480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.579990]                                                              ^
[   12.580196]  ffff888100348500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.580422]  ffff888100348580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.580636] ==================================================================
[   12.744018] ==================================================================
[   12.744391] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.744827] Write of size 1 at addr ffff888102bea0f0 by task kunit_try_catch/177
[   12.745348] 
[   12.745456] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.745499] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.745511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.745532] Call Trace:
[   12.745543]  <TASK>
[   12.745557]  dump_stack_lvl+0x73/0xb0
[   12.745586]  print_report+0xd1/0x610
[   12.745608]  ? __virt_addr_valid+0x1db/0x2d0
[   12.745632]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.745656]  ? kasan_addr_to_slab+0x11/0xa0
[   12.745676]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.745890]  kasan_report+0x141/0x180
[   12.745913]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.745943]  __asan_report_store1_noabort+0x1b/0x30
[   12.745968]  krealloc_more_oob_helper+0x7eb/0x930
[   12.745991]  ? __schedule+0x10cc/0x2b60
[   12.746014]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.746039]  ? finish_task_switch.isra.0+0x153/0x700
[   12.746063]  ? __switch_to+0x47/0xf50
[   12.746089]  ? __schedule+0x10cc/0x2b60
[   12.746109]  ? __pfx_read_tsc+0x10/0x10
[   12.746133]  krealloc_large_more_oob+0x1c/0x30
[   12.746156]  kunit_try_run_case+0x1a5/0x480
[   12.746182]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.746204]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.746228]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.746252]  ? __kthread_parkme+0x82/0x180
[   12.746286]  ? preempt_count_sub+0x50/0x80
[   12.746309]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.746333]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.746359]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.746384]  kthread+0x337/0x6f0
[   12.746403]  ? trace_preempt_on+0x20/0xc0
[   12.746426]  ? __pfx_kthread+0x10/0x10
[   12.746447]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.746468]  ? calculate_sigpending+0x7b/0xa0
[   12.746493]  ? __pfx_kthread+0x10/0x10
[   12.746514]  ret_from_fork+0x116/0x1d0
[   12.746532]  ? __pfx_kthread+0x10/0x10
[   12.746552]  ret_from_fork_asm+0x1a/0x30
[   12.746583]  </TASK>
[   12.746593] 
[   12.756198] The buggy address belongs to the physical page:
[   12.756475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8
[   12.756821] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.757143] flags: 0x200000000000040(head|node=0|zone=2)
[   12.757389] page_type: f8(unknown)
[   12.757557] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.758437] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.759180] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.759935] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.760672] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff
[   12.761392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.762097] page dumped because: kasan: bad access detected
[   12.762644] 
[   12.762806] Memory state around the buggy address:
[   12.763336]  ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.763815]  ffff888102bea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.764042] >ffff888102bea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.764259]                                                              ^
[   12.764993]  ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.765654]  ffff888102bea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.766315] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2znL9QWSKh9jtM3vTXwXjWrQIyK

job_id

TEST:linaro@lkft#2znLEOh778NdzqxXvclxM6kz90I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2znLEOh778NdzqxXvclxM6kz90I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLBZJ8DrV0sDu6ze15nNjIKDA/bzImage
sha256sum	2a1fe3c86694600225737fe879edc46b86f5b64f276401d78943c1237bad361e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLBZJ8DrV0sDu6ze15nNjIKDA/modules.tar.xz
sha256sum	446d0d0ad74df0e03d659bdb36c8438b61b4b4a20a71ccdbc36ae4991603fc00

durations

tests

boot	0
kunit	245.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit