lkft/linux-mainline-master - v6.16-rc6-237-gc7de79e662b8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 18, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.185676] ==================================================================
[   15.185725] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.185774] Write of size 1 at addr fff00000c17354f0 by task kunit_try_catch/156
[   15.186124] 
[   15.186478] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.187170] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.187268] Hardware name: linux,dummy-virt (DT)
[   15.187390] Call trace:
[   15.187485]  show_stack+0x20/0x38 (C)
[   15.187865]  dump_stack_lvl+0x8c/0xd0
[   15.188017]  print_report+0x118/0x5d0
[   15.188132]  kasan_report+0xdc/0x128
[   15.188458]  __asan_report_store1_noabort+0x20/0x30
[   15.188580]  krealloc_more_oob_helper+0x5c0/0x678
[   15.188851]  krealloc_more_oob+0x20/0x38
[   15.189022]  kunit_try_run_case+0x170/0x3f0
[   15.189204]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.189287]  kthread+0x328/0x630
[   15.189537]  ret_from_fork+0x10/0x20
[   15.189703] 
[   15.189727] Allocated by task 156:
[   15.189755]  kasan_save_stack+0x3c/0x68
[   15.189821]  kasan_save_track+0x20/0x40
[   15.190042]  kasan_save_alloc_info+0x40/0x58
[   15.190095]  __kasan_krealloc+0x118/0x178
[   15.190133]  krealloc_noprof+0x128/0x360
[   15.190169]  krealloc_more_oob_helper+0x168/0x678
[   15.190351]  krealloc_more_oob+0x20/0x38
[   15.190432]  kunit_try_run_case+0x170/0x3f0
[   15.190484]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.190526]  kthread+0x328/0x630
[   15.190570]  ret_from_fork+0x10/0x20
[   15.190607] 
[   15.190626] The buggy address belongs to the object at fff00000c1735400
[   15.190626]  which belongs to the cache kmalloc-256 of size 256
[   15.190699] The buggy address is located 5 bytes to the right of
[   15.190699]  allocated 235-byte region [fff00000c1735400, fff00000c17354eb)
[   15.190766] 
[   15.190785] The buggy address belongs to the physical page:
[   15.190816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101734
[   15.190883] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.190928] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.190977] page_type: f5(slab)
[   15.191015] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.191072] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.191130] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.191186] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.191247] head: 0bfffe0000000001 ffffc1ffc305cd01 00000000ffffffff 00000000ffffffff
[   15.191303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.191351] page dumped because: kasan: bad access detected
[   15.191414] 
[   15.191662] Memory state around the buggy address:
[   15.192413]  fff00000c1735380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.192533]  fff00000c1735400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.192596] >fff00000c1735480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.192833]                                                              ^
[   15.193356]  fff00000c1735500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.193435]  fff00000c1735580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.193558] ==================================================================
[   15.271806] ==================================================================
[   15.272041] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.272132] Write of size 1 at addr fff00000c77560f0 by task kunit_try_catch/160
[   15.272398] 
[   15.272453] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.272540] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.272700] Hardware name: linux,dummy-virt (DT)
[   15.272917] Call trace:
[   15.272952]  show_stack+0x20/0x38 (C)
[   15.273006]  dump_stack_lvl+0x8c/0xd0
[   15.273192]  print_report+0x118/0x5d0
[   15.273275]  kasan_report+0xdc/0x128
[   15.273363]  __asan_report_store1_noabort+0x20/0x30
[   15.273416]  krealloc_more_oob_helper+0x5c0/0x678
[   15.273662]  krealloc_large_more_oob+0x20/0x38
[   15.273816]  kunit_try_run_case+0x170/0x3f0
[   15.273941]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.274014]  kthread+0x328/0x630
[   15.274406]  ret_from_fork+0x10/0x20
[   15.274510] 
[   15.274588] The buggy address belongs to the physical page:
[   15.274665] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.274783] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.274925] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.275013] page_type: f8(unknown)
[   15.275517] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.275649] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.275774] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.275824] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.276046] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.276423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.276513] page dumped because: kasan: bad access detected
[   15.276622] 
[   15.276661] Memory state around the buggy address:
[   15.276693]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.277352]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.277425] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.277532]                                                              ^
[   15.277729]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.277816]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.277985] ==================================================================
[   15.176273] ==================================================================
[   15.176351] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.176613] Write of size 1 at addr fff00000c17354eb by task kunit_try_catch/156
[   15.176831] 
[   15.176874] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.176959] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.176993] Hardware name: linux,dummy-virt (DT)
[   15.177137] Call trace:
[   15.177163]  show_stack+0x20/0x38 (C)
[   15.177217]  dump_stack_lvl+0x8c/0xd0
[   15.177271]  print_report+0x118/0x5d0
[   15.177322]  kasan_report+0xdc/0x128
[   15.177376]  __asan_report_store1_noabort+0x20/0x30
[   15.177428]  krealloc_more_oob_helper+0x60c/0x678
[   15.177831]  krealloc_more_oob+0x20/0x38
[   15.177992]  kunit_try_run_case+0x170/0x3f0
[   15.178045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.178484]  kthread+0x328/0x630
[   15.178624]  ret_from_fork+0x10/0x20
[   15.178805] 
[   15.178858] Allocated by task 156:
[   15.178991]  kasan_save_stack+0x3c/0x68
[   15.179094]  kasan_save_track+0x20/0x40
[   15.179133]  kasan_save_alloc_info+0x40/0x58
[   15.179477]  __kasan_krealloc+0x118/0x178
[   15.179849]  krealloc_noprof+0x128/0x360
[   15.180121]  krealloc_more_oob_helper+0x168/0x678
[   15.180230]  krealloc_more_oob+0x20/0x38
[   15.180317]  kunit_try_run_case+0x170/0x3f0
[   15.180478]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.180702]  kthread+0x328/0x630
[   15.180817]  ret_from_fork+0x10/0x20
[   15.180987] 
[   15.181043] The buggy address belongs to the object at fff00000c1735400
[   15.181043]  which belongs to the cache kmalloc-256 of size 256
[   15.181153] The buggy address is located 0 bytes to the right of
[   15.181153]  allocated 235-byte region [fff00000c1735400, fff00000c17354eb)
[   15.181218] 
[   15.181247] The buggy address belongs to the physical page:
[   15.181279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101734
[   15.182025] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.182119] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.182177] page_type: f5(slab)
[   15.182917] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.183122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.183249] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.183403] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.183545] head: 0bfffe0000000001 ffffc1ffc305cd01 00000000ffffffff 00000000ffffffff
[   15.183608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.183690] page dumped because: kasan: bad access detected
[   15.183721] 
[   15.183739] Memory state around the buggy address:
[   15.183784]  fff00000c1735380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.183827]  fff00000c1735400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.183868] >fff00000c1735480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.183905]                                                           ^
[   15.183943]  fff00000c1735500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.183983]  fff00000c1735580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.184021] ==================================================================
[   15.263584] ==================================================================
[   15.263791] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.263859] Write of size 1 at addr fff00000c77560eb by task kunit_try_catch/160
[   15.264234] 
[   15.264287] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.264388] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.264416] Hardware name: linux,dummy-virt (DT)
[   15.264763] Call trace:
[   15.264804]  show_stack+0x20/0x38 (C)
[   15.264978]  dump_stack_lvl+0x8c/0xd0
[   15.265070]  print_report+0x118/0x5d0
[   15.265260]  kasan_report+0xdc/0x128
[   15.265401]  __asan_report_store1_noabort+0x20/0x30
[   15.265790]  krealloc_more_oob_helper+0x60c/0x678
[   15.265990]  krealloc_large_more_oob+0x20/0x38
[   15.266150]  kunit_try_run_case+0x170/0x3f0
[   15.266246]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.266601]  kthread+0x328/0x630
[   15.266807]  ret_from_fork+0x10/0x20
[   15.267049] 
[   15.267129] The buggy address belongs to the physical page:
[   15.267283] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.267456] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.267616] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.267832] page_type: f8(unknown)
[   15.267916] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.267974] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.268419] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.268526] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.268710] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.269090] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.269255] page dumped because: kasan: bad access detected
[   15.269419] 
[   15.269451] Memory state around the buggy address:
[   15.269621]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.269683]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.269940] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.270009]                                                           ^
[   15.270480]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.270640]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.270695] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

304I74qE3r0xJScpa5F21DtNBKi

job_id

TEST:linaro@lkft#304IAoS8ehJbrsRCCdrQhkPrtZI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/304IAoS8ehJbrsRCCdrQhkPrtZI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I87Uo6xzzZ3NSNcslasZfSRN/Image.gz
sha256sum	2327c644062cfbec906717af44c5e27e8b69bcddd820709922f2265ba777660d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I87Uo6xzzZ3NSNcslasZfSRN/modules.tar.xz
sha256sum	eeb00a0e627a7c6809728a0593d4dbfc62943b3f4d5fd935f13ba3f570db6496

durations

tests

boot	0
kunit	171.20

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   11.735979] ==================================================================
[   11.736754] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.737013] Write of size 1 at addr ffff888100343ef0 by task kunit_try_catch/175
[   11.737239] 
[   11.737337] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.737378] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.737389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.737408] Call Trace:
[   11.737419]  <TASK>
[   11.737432]  dump_stack_lvl+0x73/0xb0
[   11.737524]  print_report+0xd1/0x610
[   11.737546]  ? __virt_addr_valid+0x1db/0x2d0
[   11.737593]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.737617]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.737638]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.737676]  kasan_report+0x141/0x180
[   11.737697]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.737813]  __asan_report_store1_noabort+0x1b/0x30
[   11.737842]  krealloc_more_oob_helper+0x7eb/0x930
[   11.737864]  ? __schedule+0x10cc/0x2b60
[   11.737885]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.737909]  ? finish_task_switch.isra.0+0x153/0x700
[   11.737931]  ? __switch_to+0x47/0xf50
[   11.737955]  ? __schedule+0x10cc/0x2b60
[   11.737984]  ? __pfx_read_tsc+0x10/0x10
[   11.738007]  krealloc_more_oob+0x1c/0x30
[   11.738398]  kunit_try_run_case+0x1a5/0x480
[   11.738424]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.738461]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.738488]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.738512]  ? __kthread_parkme+0x82/0x180
[   11.738532]  ? preempt_count_sub+0x50/0x80
[   11.738554]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.738577]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.738601]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.738624]  kthread+0x337/0x6f0
[   11.738643]  ? trace_preempt_on+0x20/0xc0
[   11.738664]  ? __pfx_kthread+0x10/0x10
[   11.738684]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.738704]  ? calculate_sigpending+0x7b/0xa0
[   11.738727]  ? __pfx_kthread+0x10/0x10
[   11.738747]  ret_from_fork+0x116/0x1d0
[   11.738765]  ? __pfx_kthread+0x10/0x10
[   11.738784]  ret_from_fork_asm+0x1a/0x30
[   11.738814]  </TASK>
[   11.738823] 
[   11.756711] Allocated by task 175:
[   11.757241]  kasan_save_stack+0x45/0x70
[   11.757569]  kasan_save_track+0x18/0x40
[   11.757711]  kasan_save_alloc_info+0x3b/0x50
[   11.757859]  __kasan_krealloc+0x190/0x1f0
[   11.757995]  krealloc_noprof+0xf3/0x340
[   11.758696]  krealloc_more_oob_helper+0x1a9/0x930
[   11.759525]  krealloc_more_oob+0x1c/0x30
[   11.760029]  kunit_try_run_case+0x1a5/0x480
[   11.760640]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.761248]  kthread+0x337/0x6f0
[   11.761567]  ret_from_fork+0x116/0x1d0
[   11.761711]  ret_from_fork_asm+0x1a/0x30
[   11.761853] 
[   11.761927] The buggy address belongs to the object at ffff888100343e00
[   11.761927]  which belongs to the cache kmalloc-256 of size 256
[   11.763089] The buggy address is located 5 bytes to the right of
[   11.763089]  allocated 235-byte region [ffff888100343e00, ffff888100343eeb)
[   11.764753] 
[   11.765070] The buggy address belongs to the physical page:
[   11.765713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   11.766197] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.766998] flags: 0x200000000000040(head|node=0|zone=2)
[   11.767487] page_type: f5(slab)
[   11.767925] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.768756] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.769017] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.770054] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.770797] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   11.771211] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.771934] page dumped because: kasan: bad access detected
[   11.772530] 
[   11.772681] Memory state around the buggy address:
[   11.773042]  ffff888100343d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.773529]  ffff888100343e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.774283] >ffff888100343e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.774653]                                                              ^
[   11.775323]  ffff888100343f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.775828]  ffff888100343f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.776090] ==================================================================
[   11.924547] ==================================================================
[   11.925643] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.926355] Write of size 1 at addr ffff8881028aa0eb by task kunit_try_catch/179
[   11.926680] 
[   11.926775] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.926821] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.926832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.926853] Call Trace:
[   11.926866]  <TASK>
[   11.926882]  dump_stack_lvl+0x73/0xb0
[   11.926911]  print_report+0xd1/0x610
[   11.926933]  ? __virt_addr_valid+0x1db/0x2d0
[   11.926958]  ? krealloc_more_oob_helper+0x821/0x930
[   11.926981]  ? kasan_addr_to_slab+0x11/0xa0
[   11.927001]  ? krealloc_more_oob_helper+0x821/0x930
[   11.927026]  kasan_report+0x141/0x180
[   11.927046]  ? krealloc_more_oob_helper+0x821/0x930
[   11.927074]  __asan_report_store1_noabort+0x1b/0x30
[   11.927099]  krealloc_more_oob_helper+0x821/0x930
[   11.927122]  ? __schedule+0x10cc/0x2b60
[   11.927146]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.927171]  ? finish_task_switch.isra.0+0x153/0x700
[   11.927194]  ? __switch_to+0x47/0xf50
[   11.927219]  ? __schedule+0x10cc/0x2b60
[   11.927239]  ? __pfx_read_tsc+0x10/0x10
[   11.927263]  krealloc_large_more_oob+0x1c/0x30
[   11.927297]  kunit_try_run_case+0x1a5/0x480
[   11.927321]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.927344]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.927368]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.927391]  ? __kthread_parkme+0x82/0x180
[   11.927411]  ? preempt_count_sub+0x50/0x80
[   11.927433]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.927464]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.927487]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.927512]  kthread+0x337/0x6f0
[   11.927532]  ? trace_preempt_on+0x20/0xc0
[   11.927556]  ? __pfx_kthread+0x10/0x10
[   11.927576]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.927623]  ? calculate_sigpending+0x7b/0xa0
[   11.927648]  ? __pfx_kthread+0x10/0x10
[   11.927669]  ret_from_fork+0x116/0x1d0
[   11.927687]  ? __pfx_kthread+0x10/0x10
[   11.927706]  ret_from_fork_asm+0x1a/0x30
[   11.927736]  </TASK>
[   11.927746] 
[   11.938120] The buggy address belongs to the physical page:
[   11.938619] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028a8
[   11.939031] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.939413] flags: 0x200000000000040(head|node=0|zone=2)
[   11.939949] page_type: f8(unknown)
[   11.940081] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.940480] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.940822] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.941079] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.941511] head: 0200000000000002 ffffea00040a2a01 00000000ffffffff 00000000ffffffff
[   11.942157] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.942952] page dumped because: kasan: bad access detected
[   11.943501] 
[   11.943657] Memory state around the buggy address:
[   11.944115]  ffff8881028a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.944544]  ffff8881028aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.944772] >ffff8881028aa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.944988]                                                           ^
[   11.945281]  ffff8881028aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.945593]  ffff8881028aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.945883] ==================================================================
[   11.701794] ==================================================================
[   11.702291] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.702813] Write of size 1 at addr ffff888100343eeb by task kunit_try_catch/175
[   11.703425] 
[   11.703566] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.703610] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.703621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.703642] Call Trace:
[   11.703654]  <TASK>
[   11.703669]  dump_stack_lvl+0x73/0xb0
[   11.703698]  print_report+0xd1/0x610
[   11.703719]  ? __virt_addr_valid+0x1db/0x2d0
[   11.703742]  ? krealloc_more_oob_helper+0x821/0x930
[   11.703765]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.703787]  ? krealloc_more_oob_helper+0x821/0x930
[   11.703811]  kasan_report+0x141/0x180
[   11.703924]  ? krealloc_more_oob_helper+0x821/0x930
[   11.703957]  __asan_report_store1_noabort+0x1b/0x30
[   11.703981]  krealloc_more_oob_helper+0x821/0x930
[   11.704003]  ? __schedule+0x10cc/0x2b60
[   11.704097]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.704122]  ? finish_task_switch.isra.0+0x153/0x700
[   11.704145]  ? __switch_to+0x47/0xf50
[   11.704170]  ? __schedule+0x10cc/0x2b60
[   11.704191]  ? __pfx_read_tsc+0x10/0x10
[   11.704214]  krealloc_more_oob+0x1c/0x30
[   11.704235]  kunit_try_run_case+0x1a5/0x480
[   11.704259]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.704294]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.704317]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.704339]  ? __kthread_parkme+0x82/0x180
[   11.704359]  ? preempt_count_sub+0x50/0x80
[   11.704381]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.704403]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.704426]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.704449]  kthread+0x337/0x6f0
[   11.704467]  ? trace_preempt_on+0x20/0xc0
[   11.704489]  ? __pfx_kthread+0x10/0x10
[   11.704508]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.704529]  ? calculate_sigpending+0x7b/0xa0
[   11.704551]  ? __pfx_kthread+0x10/0x10
[   11.704572]  ret_from_fork+0x116/0x1d0
[   11.704589]  ? __pfx_kthread+0x10/0x10
[   11.704608]  ret_from_fork_asm+0x1a/0x30
[   11.704638]  </TASK>
[   11.704648] 
[   11.717025] Allocated by task 175:
[   11.717537]  kasan_save_stack+0x45/0x70
[   11.717741]  kasan_save_track+0x18/0x40
[   11.717928]  kasan_save_alloc_info+0x3b/0x50
[   11.718394]  __kasan_krealloc+0x190/0x1f0
[   11.718756]  krealloc_noprof+0xf3/0x340
[   11.718973]  krealloc_more_oob_helper+0x1a9/0x930
[   11.719418]  krealloc_more_oob+0x1c/0x30
[   11.719708]  kunit_try_run_case+0x1a5/0x480
[   11.719918]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.720387]  kthread+0x337/0x6f0
[   11.720740]  ret_from_fork+0x116/0x1d0
[   11.721116]  ret_from_fork_asm+0x1a/0x30
[   11.721439] 
[   11.721717] The buggy address belongs to the object at ffff888100343e00
[   11.721717]  which belongs to the cache kmalloc-256 of size 256
[   11.722883] The buggy address is located 0 bytes to the right of
[   11.722883]  allocated 235-byte region [ffff888100343e00, ffff888100343eeb)
[   11.723958] 
[   11.724242] The buggy address belongs to the physical page:
[   11.724844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   11.725471] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.726234] flags: 0x200000000000040(head|node=0|zone=2)
[   11.726675] page_type: f5(slab)
[   11.727007] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.727496] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.728237] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.728721] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.729328] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   11.729791] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.730218] page dumped because: kasan: bad access detected
[   11.730686] 
[   11.730758] Memory state around the buggy address:
[   11.730915]  ffff888100343d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.731472]  ffff888100343e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.732153] >ffff888100343e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.733178]                                                           ^
[   11.733429]  ffff888100343f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.734462]  ffff888100343f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.734920] ==================================================================
[   11.946287] ==================================================================
[   11.946621] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.946933] Write of size 1 at addr ffff8881028aa0f0 by task kunit_try_catch/179
[   11.947286] 
[   11.947421] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.947461] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.947472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.947489] Call Trace:
[   11.947503]  <TASK>
[   11.947515]  dump_stack_lvl+0x73/0xb0
[   11.947540]  print_report+0xd1/0x610
[   11.947560]  ? __virt_addr_valid+0x1db/0x2d0
[   11.947581]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.947604]  ? kasan_addr_to_slab+0x11/0xa0
[   11.947623]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.947647]  kasan_report+0x141/0x180
[   11.947667]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.947695]  __asan_report_store1_noabort+0x1b/0x30
[   11.947718]  krealloc_more_oob_helper+0x7eb/0x930
[   11.947740]  ? __schedule+0x10cc/0x2b60
[   11.947761]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.947784]  ? finish_task_switch.isra.0+0x153/0x700
[   11.947806]  ? __switch_to+0x47/0xf50
[   11.947829]  ? __schedule+0x10cc/0x2b60
[   11.947850]  ? __pfx_read_tsc+0x10/0x10
[   11.947872]  krealloc_large_more_oob+0x1c/0x30
[   11.947894]  kunit_try_run_case+0x1a5/0x480
[   11.947917]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.947939]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.947961]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.947984]  ? __kthread_parkme+0x82/0x180
[   11.948002]  ? preempt_count_sub+0x50/0x80
[   11.948036]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.948059]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.948082]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.948105]  kthread+0x337/0x6f0
[   11.948124]  ? trace_preempt_on+0x20/0xc0
[   11.948145]  ? __pfx_kthread+0x10/0x10
[   11.948164]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.948184]  ? calculate_sigpending+0x7b/0xa0
[   11.948207]  ? __pfx_kthread+0x10/0x10
[   11.948227]  ret_from_fork+0x116/0x1d0
[   11.948244]  ? __pfx_kthread+0x10/0x10
[   11.948263]  ret_from_fork_asm+0x1a/0x30
[   11.948302]  </TASK>
[   11.948310] 
[   11.956828] The buggy address belongs to the physical page:
[   11.957254] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028a8
[   11.958096] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.958355] flags: 0x200000000000040(head|node=0|zone=2)
[   11.958987] page_type: f8(unknown)
[   11.959595] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.960330] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.960802] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.961409] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.961763] head: 0200000000000002 ffffea00040a2a01 00000000ffffffff 00000000ffffffff
[   11.962303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.962940] page dumped because: kasan: bad access detected
[   11.963421] 
[   11.963671] Memory state around the buggy address:
[   11.963887]  ffff8881028a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.964508]  ffff8881028aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.964844] >ffff8881028aa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.965416]                                                              ^
[   11.965877]  ffff8881028aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.966504]  ffff8881028aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.966941] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

304I74qE3r0xJScpa5F21DtNBKi

job_id

TEST:linaro@lkft#304IBtjw5gAFiQFtjheOZVsLnJd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/304IBtjw5gAFiQFtjheOZVsLnJd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I8v4gAXANgVsBFBP9Xgpwo9H/bzImage
sha256sum	74b158d3087b541db14488f1c5db89bcaabd464c1e74c13c892d531ea76b1c6d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I8v4gAXANgVsBFBP9Xgpwo9H/modules.tar.xz
sha256sum	82d2eca680645b0e05a8b7307d7b91914de6f6b8f19a6a17cfb131cfaa8719a0

durations

tests

boot	0
kunit	221.87

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit