lkft/linux-mainline-master - v6.16-rc6-121-g6832a9317eee - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 17, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.447090] ==================================================================
[   16.447173] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.447236] Write of size 1 at addr fff00000c0b97ef0 by task kunit_try_catch/156
[   16.447283] 
[   16.447319] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.447398] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.447440] Hardware name: linux,dummy-virt (DT)
[   16.447471] Call trace:
[   16.447498]  show_stack+0x20/0x38 (C)
[   16.447546]  dump_stack_lvl+0x8c/0xd0
[   16.447592]  print_report+0x118/0x5d0
[   16.447636]  kasan_report+0xdc/0x128
[   16.447679]  __asan_report_store1_noabort+0x20/0x30
[   16.447746]  krealloc_more_oob_helper+0x5c0/0x678
[   16.448285]  krealloc_more_oob+0x20/0x38
[   16.448469]  kunit_try_run_case+0x170/0x3f0
[   16.448624]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.448677]  kthread+0x328/0x630
[   16.448877]  ret_from_fork+0x10/0x20
[   16.449165] 
[   16.449285] Allocated by task 156:
[   16.449500]  kasan_save_stack+0x3c/0x68
[   16.449655]  kasan_save_track+0x20/0x40
[   16.449754]  kasan_save_alloc_info+0x40/0x58
[   16.449922]  __kasan_krealloc+0x118/0x178
[   16.449983]  krealloc_noprof+0x128/0x360
[   16.450304]  krealloc_more_oob_helper+0x168/0x678
[   16.450438]  krealloc_more_oob+0x20/0x38
[   16.450557]  kunit_try_run_case+0x170/0x3f0
[   16.450702]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.450800]  kthread+0x328/0x630
[   16.450925]  ret_from_fork+0x10/0x20
[   16.451000] 
[   16.451066] The buggy address belongs to the object at fff00000c0b97e00
[   16.451066]  which belongs to the cache kmalloc-256 of size 256
[   16.451400] The buggy address is located 5 bytes to the right of
[   16.451400]  allocated 235-byte region [fff00000c0b97e00, fff00000c0b97eeb)
[   16.451701] 
[   16.451877] The buggy address belongs to the physical page:
[   16.451944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   16.452053] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.452149] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.452348] page_type: f5(slab)
[   16.452432] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.452601] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.452651] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.452704] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.453114] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   16.453166] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.453205] page dumped because: kasan: bad access detected
[   16.453241] 
[   16.453259] Memory state around the buggy address:
[   16.453288]  fff00000c0b97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.453329]  fff00000c0b97e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.453368] >fff00000c0b97e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.453403]                                                              ^
[   16.453440]  fff00000c0b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.453481]  fff00000c0b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.453516] ==================================================================
[   16.437842] ==================================================================
[   16.438027] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.438093] Write of size 1 at addr fff00000c0b97eeb by task kunit_try_catch/156
[   16.438397] 
[   16.438454] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.438561] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.438588] Hardware name: linux,dummy-virt (DT)
[   16.438651] Call trace:
[   16.438677]  show_stack+0x20/0x38 (C)
[   16.438730]  dump_stack_lvl+0x8c/0xd0
[   16.439031]  print_report+0x118/0x5d0
[   16.439122]  kasan_report+0xdc/0x128
[   16.439194]  __asan_report_store1_noabort+0x20/0x30
[   16.439252]  krealloc_more_oob_helper+0x60c/0x678
[   16.439300]  krealloc_more_oob+0x20/0x38
[   16.439344]  kunit_try_run_case+0x170/0x3f0
[   16.439393]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.439607]  kthread+0x328/0x630
[   16.439857]  ret_from_fork+0x10/0x20
[   16.440078] 
[   16.440098] Allocated by task 156:
[   16.440128]  kasan_save_stack+0x3c/0x68
[   16.440544]  kasan_save_track+0x20/0x40
[   16.440693]  kasan_save_alloc_info+0x40/0x58
[   16.440772]  __kasan_krealloc+0x118/0x178
[   16.440909]  krealloc_noprof+0x128/0x360
[   16.440997]  krealloc_more_oob_helper+0x168/0x678
[   16.441272]  krealloc_more_oob+0x20/0x38
[   16.441416]  kunit_try_run_case+0x170/0x3f0
[   16.441588]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.441732]  kthread+0x328/0x630
[   16.441918]  ret_from_fork+0x10/0x20
[   16.441977] 
[   16.442155] The buggy address belongs to the object at fff00000c0b97e00
[   16.442155]  which belongs to the cache kmalloc-256 of size 256
[   16.442353] The buggy address is located 0 bytes to the right of
[   16.442353]  allocated 235-byte region [fff00000c0b97e00, fff00000c0b97eeb)
[   16.442468] 
[   16.442534] The buggy address belongs to the physical page:
[   16.442770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   16.442946] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.443117] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.443268] page_type: f5(slab)
[   16.443466] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.443727] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.443832] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.443991] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.444187] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   16.444396] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.444470] page dumped because: kasan: bad access detected
[   16.444622] 
[   16.444711] Memory state around the buggy address:
[   16.444818]  fff00000c0b97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.444885]  fff00000c0b97e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.444960] >fff00000c0b97e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.445230]                                                           ^
[   16.445440]  fff00000c0b97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.445605]  fff00000c0b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.445687] ==================================================================
[   16.503665] ==================================================================
[   16.503725] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.503783] Write of size 1 at addr fff00000c78a20eb by task kunit_try_catch/160
[   16.503831] 
[   16.503879] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.503957] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.503982] Hardware name: linux,dummy-virt (DT)
[   16.504028] Call trace:
[   16.504050]  show_stack+0x20/0x38 (C)
[   16.504099]  dump_stack_lvl+0x8c/0xd0
[   16.504146]  print_report+0x118/0x5d0
[   16.504191]  kasan_report+0xdc/0x128
[   16.504234]  __asan_report_store1_noabort+0x20/0x30
[   16.504284]  krealloc_more_oob_helper+0x60c/0x678
[   16.504330]  krealloc_large_more_oob+0x20/0x38
[   16.504375]  kunit_try_run_case+0x170/0x3f0
[   16.504422]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.504472]  kthread+0x328/0x630
[   16.504512]  ret_from_fork+0x10/0x20
[   16.504558] 
[   16.504578] The buggy address belongs to the physical page:
[   16.504609] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a0
[   16.504661] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.504705] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.504757] page_type: f8(unknown)
[   16.504794] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.504893] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.505003] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.505147] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.505320] head: 0bfffe0000000002 ffffc1ffc31e2801 00000000ffffffff 00000000ffffffff
[   16.505448] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.505508] page dumped because: kasan: bad access detected
[   16.505586] 
[   16.505639] Memory state around the buggy address:
[   16.505678]  fff00000c78a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.505718]  fff00000c78a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.505757] >fff00000c78a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.505793]                                                           ^
[   16.505830]  fff00000c78a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.505879]  fff00000c78a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.505915] ==================================================================
[   16.506651] ==================================================================
[   16.506697] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.506947] Write of size 1 at addr fff00000c78a20f0 by task kunit_try_catch/160
[   16.507008] 
[   16.507067] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.507354] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.507495] Hardware name: linux,dummy-virt (DT)
[   16.507543] Call trace:
[   16.507612]  show_stack+0x20/0x38 (C)
[   16.507663]  dump_stack_lvl+0x8c/0xd0
[   16.507709]  print_report+0x118/0x5d0
[   16.507855]  kasan_report+0xdc/0x128
[   16.508083]  __asan_report_store1_noabort+0x20/0x30
[   16.508208]  krealloc_more_oob_helper+0x5c0/0x678
[   16.508304]  krealloc_large_more_oob+0x20/0x38
[   16.508526]  kunit_try_run_case+0x170/0x3f0
[   16.508606]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.508698]  kthread+0x328/0x630
[   16.508791]  ret_from_fork+0x10/0x20
[   16.509007] 
[   16.509046] The buggy address belongs to the physical page:
[   16.509076] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a0
[   16.509254] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.509299] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.509347] page_type: f8(unknown)
[   16.509383] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.509430] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.509561] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.509661] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.509775] head: 0bfffe0000000002 ffffc1ffc31e2801 00000000ffffffff 00000000ffffffff
[   16.509821] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.509878] page dumped because: kasan: bad access detected
[   16.509907] 
[   16.509924] Memory state around the buggy address:
[   16.509953]  fff00000c78a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.509993]  fff00000c78a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.510137] >fff00000c78a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.510294]                                                              ^
[   16.510375]  fff00000c78a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.510431]  fff00000c78a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.510534] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T6gpYLeLGmQWpD00AWQfumjV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T6gpYLeLGmQWpD00AWQfumjV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/Image.gz
sha256sum	1e8a96425b394266b80f5a87f3e4c17a0920d75b386a58c4ea821fbec08b62cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/modules.tar.xz
sha256sum	2d1b6550fa3f9a7bcd72ff05007bba0c70779bc2a8f1888e75b7d4efc5d9e554

durations

tests

boot	0
kunit	176.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.865622] ==================================================================
[   11.865962] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.866280] Write of size 1 at addr ffff888100351ef0 by task kunit_try_catch/173
[   11.866585] 
[   11.866702] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.866745] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.866756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.866778] Call Trace:
[   11.866797]  <TASK>
[   11.866815]  dump_stack_lvl+0x73/0xb0
[   11.866864]  print_report+0xd1/0x610
[   11.866887]  ? __virt_addr_valid+0x1db/0x2d0
[   11.866910]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.866933]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.866955]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.866979]  kasan_report+0x141/0x180
[   11.867000]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.867028]  __asan_report_store1_noabort+0x1b/0x30
[   11.867061]  krealloc_more_oob_helper+0x7eb/0x930
[   11.867083]  ? __schedule+0x10cc/0x2b60
[   11.867105]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.867129]  ? finish_task_switch.isra.0+0x153/0x700
[   11.867151]  ? __switch_to+0x47/0xf50
[   11.867178]  ? __schedule+0x10cc/0x2b60
[   11.867200]  ? __pfx_read_tsc+0x10/0x10
[   11.867225]  krealloc_more_oob+0x1c/0x30
[   11.867245]  kunit_try_run_case+0x1a5/0x480
[   11.867270]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.867291]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.867315]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.867338]  ? __kthread_parkme+0x82/0x180
[   11.867358]  ? preempt_count_sub+0x50/0x80
[   11.867380]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.867404]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.867427]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.867450]  kthread+0x337/0x6f0
[   11.867469]  ? trace_preempt_on+0x20/0xc0
[   11.867492]  ? __pfx_kthread+0x10/0x10
[   11.867511]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.867532]  ? calculate_sigpending+0x7b/0xa0
[   11.867555]  ? __pfx_kthread+0x10/0x10
[   11.867593]  ret_from_fork+0x116/0x1d0
[   11.867611]  ? __pfx_kthread+0x10/0x10
[   11.867630]  ret_from_fork_asm+0x1a/0x30
[   11.867662]  </TASK>
[   11.867672] 
[   11.879150] Allocated by task 173:
[   11.879314]  kasan_save_stack+0x45/0x70
[   11.879540]  kasan_save_track+0x18/0x40
[   11.879781]  kasan_save_alloc_info+0x3b/0x50
[   11.879938]  __kasan_krealloc+0x190/0x1f0
[   11.880152]  krealloc_noprof+0xf3/0x340
[   11.880453]  krealloc_more_oob_helper+0x1a9/0x930
[   11.880844]  krealloc_more_oob+0x1c/0x30
[   11.881021]  kunit_try_run_case+0x1a5/0x480
[   11.881223]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.881441]  kthread+0x337/0x6f0
[   11.881610]  ret_from_fork+0x116/0x1d0
[   11.881810]  ret_from_fork_asm+0x1a/0x30
[   11.881949] 
[   11.882151] The buggy address belongs to the object at ffff888100351e00
[   11.882151]  which belongs to the cache kmalloc-256 of size 256
[   11.882568] The buggy address is located 5 bytes to the right of
[   11.882568]  allocated 235-byte region [ffff888100351e00, ffff888100351eeb)
[   11.883272] 
[   11.883349] The buggy address belongs to the physical page:
[   11.883586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.884159] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.884503] flags: 0x200000000000040(head|node=0|zone=2)
[   11.884758] page_type: f5(slab)
[   11.884954] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.885271] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.885580] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.885948] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.886359] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.886685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.886919] page dumped because: kasan: bad access detected
[   11.887301] 
[   11.887403] Memory state around the buggy address:
[   11.887613]  ffff888100351d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.888150]  ffff888100351e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.888441] >ffff888100351e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.888723]                                                              ^
[   11.889080]  ffff888100351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.889374]  ffff888100351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.889679] ==================================================================
[   12.042040] ==================================================================
[   12.042936] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.044357] Write of size 1 at addr ffff888102b320f0 by task kunit_try_catch/177
[   12.045042] 
[   12.045339] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.045386] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.045397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.045418] Call Trace:
[   12.045431]  <TASK>
[   12.045448]  dump_stack_lvl+0x73/0xb0
[   12.045478]  print_report+0xd1/0x610
[   12.045500]  ? __virt_addr_valid+0x1db/0x2d0
[   12.045523]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.045545]  ? kasan_addr_to_slab+0x11/0xa0
[   12.045565]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.045589]  kasan_report+0x141/0x180
[   12.045610]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.045638]  __asan_report_store1_noabort+0x1b/0x30
[   12.045663]  krealloc_more_oob_helper+0x7eb/0x930
[   12.045684]  ? __schedule+0x10cc/0x2b60
[   12.045707]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.045731]  ? finish_task_switch.isra.0+0x153/0x700
[   12.045753]  ? __switch_to+0x47/0xf50
[   12.045779]  ? __schedule+0x10cc/0x2b60
[   12.045800]  ? __pfx_read_tsc+0x10/0x10
[   12.045825]  krealloc_large_more_oob+0x1c/0x30
[   12.045855]  kunit_try_run_case+0x1a5/0x480
[   12.045880]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.045901]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.045924]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.045947]  ? __kthread_parkme+0x82/0x180
[   12.045967]  ? preempt_count_sub+0x50/0x80
[   12.045990]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.046013]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.046035]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.046070]  kthread+0x337/0x6f0
[   12.046088]  ? trace_preempt_on+0x20/0xc0
[   12.046112]  ? __pfx_kthread+0x10/0x10
[   12.046131]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.046152]  ? calculate_sigpending+0x7b/0xa0
[   12.046175]  ? __pfx_kthread+0x10/0x10
[   12.046196]  ret_from_fork+0x116/0x1d0
[   12.046218]  ? __pfx_kthread+0x10/0x10
[   12.046238]  ret_from_fork_asm+0x1a/0x30
[   12.046270]  </TASK>
[   12.046279] 
[   12.060755] The buggy address belongs to the physical page:
[   12.061477] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30
[   12.062190] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.062431] flags: 0x200000000000040(head|node=0|zone=2)
[   12.062715] page_type: f8(unknown)
[   12.063112] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.063838] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.064498] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.065335] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.065781] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff
[   12.066485] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.067099] page dumped because: kasan: bad access detected
[   12.067273] 
[   12.067342] Memory state around the buggy address:
[   12.067497]  ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.068004]  ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.068709] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.069402]                                                              ^
[   12.070095]  ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.070944]  ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.071538] ==================================================================
[   11.834575] ==================================================================
[   11.835369] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.836087] Write of size 1 at addr ffff888100351eeb by task kunit_try_catch/173
[   11.836403] 
[   11.836613] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.836660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.836671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.836693] Call Trace:
[   11.836705]  <TASK>
[   11.836723]  dump_stack_lvl+0x73/0xb0
[   11.836756]  print_report+0xd1/0x610
[   11.836779]  ? __virt_addr_valid+0x1db/0x2d0
[   11.836804]  ? krealloc_more_oob_helper+0x821/0x930
[   11.836840]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.836862]  ? krealloc_more_oob_helper+0x821/0x930
[   11.836886]  kasan_report+0x141/0x180
[   11.836907]  ? krealloc_more_oob_helper+0x821/0x930
[   11.836946]  __asan_report_store1_noabort+0x1b/0x30
[   11.836970]  krealloc_more_oob_helper+0x821/0x930
[   11.836991]  ? __schedule+0x10cc/0x2b60
[   11.837026]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.837059]  ? finish_task_switch.isra.0+0x153/0x700
[   11.837083]  ? __switch_to+0x47/0xf50
[   11.837110]  ? __schedule+0x10cc/0x2b60
[   11.837131]  ? __pfx_read_tsc+0x10/0x10
[   11.837156]  krealloc_more_oob+0x1c/0x30
[   11.837177]  kunit_try_run_case+0x1a5/0x480
[   11.837203]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.837224]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.837249]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.837272]  ? __kthread_parkme+0x82/0x180
[   11.837293]  ? preempt_count_sub+0x50/0x80
[   11.837315]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.837338]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.837361]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.837384]  kthread+0x337/0x6f0
[   11.837402]  ? trace_preempt_on+0x20/0xc0
[   11.837426]  ? __pfx_kthread+0x10/0x10
[   11.837446]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.837466]  ? calculate_sigpending+0x7b/0xa0
[   11.837491]  ? __pfx_kthread+0x10/0x10
[   11.837511]  ret_from_fork+0x116/0x1d0
[   11.837529]  ? __pfx_kthread+0x10/0x10
[   11.837548]  ret_from_fork_asm+0x1a/0x30
[   11.837581]  </TASK>
[   11.837592] 
[   11.851116] Allocated by task 173:
[   11.852010]  kasan_save_stack+0x45/0x70
[   11.852763]  kasan_save_track+0x18/0x40
[   11.853905]  kasan_save_alloc_info+0x3b/0x50
[   11.854238]  __kasan_krealloc+0x190/0x1f0
[   11.854406]  krealloc_noprof+0xf3/0x340
[   11.854789]  krealloc_more_oob_helper+0x1a9/0x930
[   11.855150]  krealloc_more_oob+0x1c/0x30
[   11.855353]  kunit_try_run_case+0x1a5/0x480
[   11.855562]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.855948]  kthread+0x337/0x6f0
[   11.856102]  ret_from_fork+0x116/0x1d0
[   11.856328]  ret_from_fork_asm+0x1a/0x30
[   11.856552] 
[   11.856697] The buggy address belongs to the object at ffff888100351e00
[   11.856697]  which belongs to the cache kmalloc-256 of size 256
[   11.857360] The buggy address is located 0 bytes to the right of
[   11.857360]  allocated 235-byte region [ffff888100351e00, ffff888100351eeb)
[   11.858166] 
[   11.858280] The buggy address belongs to the physical page:
[   11.858536] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.858925] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.859318] flags: 0x200000000000040(head|node=0|zone=2)
[   11.859558] page_type: f5(slab)
[   11.859769] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.860169] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.860508] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.860936] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.861292] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.861620] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.862034] page dumped because: kasan: bad access detected
[   11.862299] 
[   11.862374] Memory state around the buggy address:
[   11.862640]  ffff888100351d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.863228]  ffff888100351e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.863555] >ffff888100351e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.863951]                                                           ^
[   11.864286]  ffff888100351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.864603]  ffff888100351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.864983] ==================================================================
[   12.014461] ==================================================================
[   12.015555] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.015883] Write of size 1 at addr ffff888102b320eb by task kunit_try_catch/177
[   12.016640] 
[   12.016953] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.017003] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.017015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.017037] Call Trace:
[   12.017062]  <TASK>
[   12.017080]  dump_stack_lvl+0x73/0xb0
[   12.017112]  print_report+0xd1/0x610
[   12.017134]  ? __virt_addr_valid+0x1db/0x2d0
[   12.017156]  ? krealloc_more_oob_helper+0x821/0x930
[   12.017179]  ? kasan_addr_to_slab+0x11/0xa0
[   12.017198]  ? krealloc_more_oob_helper+0x821/0x930
[   12.017221]  kasan_report+0x141/0x180
[   12.017243]  ? krealloc_more_oob_helper+0x821/0x930
[   12.017271]  __asan_report_store1_noabort+0x1b/0x30
[   12.017295]  krealloc_more_oob_helper+0x821/0x930
[   12.017318]  ? __schedule+0x10cc/0x2b60
[   12.017340]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.017364]  ? finish_task_switch.isra.0+0x153/0x700
[   12.017386]  ? __switch_to+0x47/0xf50
[   12.017412]  ? __schedule+0x10cc/0x2b60
[   12.017433]  ? __pfx_read_tsc+0x10/0x10
[   12.017457]  krealloc_large_more_oob+0x1c/0x30
[   12.017479]  kunit_try_run_case+0x1a5/0x480
[   12.017505]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.017526]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.017550]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.017573]  ? __kthread_parkme+0x82/0x180
[   12.017594]  ? preempt_count_sub+0x50/0x80
[   12.017617]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.017652]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.017675]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.017699]  kthread+0x337/0x6f0
[   12.017728]  ? trace_preempt_on+0x20/0xc0
[   12.017751]  ? __pfx_kthread+0x10/0x10
[   12.017771]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.017791]  ? calculate_sigpending+0x7b/0xa0
[   12.017832]  ? __pfx_kthread+0x10/0x10
[   12.017852]  ret_from_fork+0x116/0x1d0
[   12.017870]  ? __pfx_kthread+0x10/0x10
[   12.017889]  ret_from_fork_asm+0x1a/0x30
[   12.017922]  </TASK>
[   12.017933] 
[   12.031513] The buggy address belongs to the physical page:
[   12.031956] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30
[   12.032832] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.033540] flags: 0x200000000000040(head|node=0|zone=2)
[   12.034125] page_type: f8(unknown)
[   12.034451] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.034900] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.035151] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.035387] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.035641] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff
[   12.036121] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.036851] page dumped because: kasan: bad access detected
[   12.037338] 
[   12.037493] Memory state around the buggy address:
[   12.037975]  ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.038729]  ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.039398] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.040048]                                                           ^
[   12.040759]  ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.041329]  ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.041549] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T7xoEYOckNLikE6jjEAHHRA9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T7xoEYOckNLikE6jjEAHHRA9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/bzImage
sha256sum	d878b5e59deae208baa4e6d482e984445ae0ec4af3b5020650447f9d4a2c4b26

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/modules.tar.xz
sha256sum	291fe06cceb324f9770dcb63da3c986fce8e7a389aa66d36243b066e98ed6839

durations

tests

boot	0
kunit	276.12

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit