lkft/linux-mainline-master - v6.16-rc6-253-g4871b7cb27f4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 19, 2025, 11:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.108204] ==================================================================
[   15.108259] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.108309] Write of size 1 at addr fff00000c175cceb by task kunit_try_catch/157
[   15.108357] 
[   15.108388] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.108466] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.108500] Hardware name: linux,dummy-virt (DT)
[   15.108659] Call trace:
[   15.108681]  show_stack+0x20/0x38 (C)
[   15.108866]  dump_stack_lvl+0x8c/0xd0
[   15.108912]  print_report+0x118/0x5d0
[   15.108957]  kasan_report+0xdc/0x128
[   15.109002]  __asan_report_store1_noabort+0x20/0x30
[   15.109051]  krealloc_more_oob_helper+0x60c/0x678
[   15.109099]  krealloc_more_oob+0x20/0x38
[   15.109143]  kunit_try_run_case+0x170/0x3f0
[   15.109191]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.109241]  kthread+0x328/0x630
[   15.109282]  ret_from_fork+0x10/0x20
[   15.109329] 
[   15.109347] Allocated by task 157:
[   15.109374]  kasan_save_stack+0x3c/0x68
[   15.109413]  kasan_save_track+0x20/0x40
[   15.109449]  kasan_save_alloc_info+0x40/0x58
[   15.109487]  __kasan_krealloc+0x118/0x178
[   15.109523]  krealloc_noprof+0x128/0x360
[   15.109568]  krealloc_more_oob_helper+0x168/0x678
[   15.109605]  krealloc_more_oob+0x20/0x38
[   15.109640]  kunit_try_run_case+0x170/0x3f0
[   15.109675]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.109716]  kthread+0x328/0x630
[   15.109747]  ret_from_fork+0x10/0x20
[   15.109782] 
[   15.109800] The buggy address belongs to the object at fff00000c175cc00
[   15.109800]  which belongs to the cache kmalloc-256 of size 256
[   15.110050] The buggy address is located 0 bytes to the right of
[   15.110050]  allocated 235-byte region [fff00000c175cc00, fff00000c175cceb)
[   15.110299] 
[   15.110321] The buggy address belongs to the physical page:
[   15.110499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175c
[   15.110905] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.111050] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.111218] page_type: f5(slab)
[   15.111257] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.111308] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.111392] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.111537] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.111619] head: 0bfffe0000000001 ffffc1ffc305d701 00000000ffffffff 00000000ffffffff
[   15.111699] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.111738] page dumped because: kasan: bad access detected
[   15.111768] 
[   15.111786] Memory state around the buggy address:
[   15.112120]  fff00000c175cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.112196]  fff00000c175cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.112239] >fff00000c175cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.112323]                                                           ^
[   15.112672]  fff00000c175cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.112779]  fff00000c175cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.112915] ==================================================================
[   15.203252] ==================================================================
[   15.203308] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.203357] Write of size 1 at addr fff00000c64160f0 by task kunit_try_catch/161
[   15.203405] 
[   15.203745] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.204115] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.204143] Hardware name: linux,dummy-virt (DT)
[   15.204172] Call trace:
[   15.204195]  show_stack+0x20/0x38 (C)
[   15.204244]  dump_stack_lvl+0x8c/0xd0
[   15.204487]  print_report+0x118/0x5d0
[   15.204589]  kasan_report+0xdc/0x128
[   15.204845]  __asan_report_store1_noabort+0x20/0x30
[   15.205083]  krealloc_more_oob_helper+0x5c0/0x678
[   15.205144]  krealloc_large_more_oob+0x20/0x38
[   15.205191]  kunit_try_run_case+0x170/0x3f0
[   15.205242]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.205293]  kthread+0x328/0x630
[   15.205334]  ret_from_fork+0x10/0x20
[   15.205379] 
[   15.205841] The buggy address belongs to the physical page:
[   15.206080] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414
[   15.206135] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.206369] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.206688] page_type: f8(unknown)
[   15.206930] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.207005] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.207086] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.207528] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.207783] head: 0bfffe0000000002 ffffc1ffc3190501 00000000ffffffff 00000000ffffffff
[   15.207833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.207873] page dumped because: kasan: bad access detected
[   15.207903] 
[   15.207921] Memory state around the buggy address:
[   15.208073]  fff00000c6415f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.208122]  fff00000c6416000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.208563] >fff00000c6416080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.208606]                                                              ^
[   15.208647]  fff00000c6416100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.208687]  fff00000c6416180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.209292] ==================================================================
[   15.117408] ==================================================================
[   15.117556] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.117654] Write of size 1 at addr fff00000c175ccf0 by task kunit_try_catch/157
[   15.117704] 
[   15.117761] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.117863] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.117889] Hardware name: linux,dummy-virt (DT)
[   15.117965] Call trace:
[   15.118091]  show_stack+0x20/0x38 (C)
[   15.118142]  dump_stack_lvl+0x8c/0xd0
[   15.118424]  print_report+0x118/0x5d0
[   15.118491]  kasan_report+0xdc/0x128
[   15.118547]  __asan_report_store1_noabort+0x20/0x30
[   15.118598]  krealloc_more_oob_helper+0x5c0/0x678
[   15.118646]  krealloc_more_oob+0x20/0x38
[   15.118690]  kunit_try_run_case+0x170/0x3f0
[   15.118736]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.118787]  kthread+0x328/0x630
[   15.118828]  ret_from_fork+0x10/0x20
[   15.118886] 
[   15.118904] Allocated by task 157:
[   15.118931]  kasan_save_stack+0x3c/0x68
[   15.118972]  kasan_save_track+0x20/0x40
[   15.119008]  kasan_save_alloc_info+0x40/0x58
[   15.119343]  __kasan_krealloc+0x118/0x178
[   15.119384]  krealloc_noprof+0x128/0x360
[   15.119465]  krealloc_more_oob_helper+0x168/0x678
[   15.119524]  krealloc_more_oob+0x20/0x38
[   15.119752]  kunit_try_run_case+0x170/0x3f0
[   15.119788]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.119830]  kthread+0x328/0x630
[   15.119860]  ret_from_fork+0x10/0x20
[   15.119894] 
[   15.119913] The buggy address belongs to the object at fff00000c175cc00
[   15.119913]  which belongs to the cache kmalloc-256 of size 256
[   15.119979] The buggy address is located 5 bytes to the right of
[   15.119979]  allocated 235-byte region [fff00000c175cc00, fff00000c175cceb)
[   15.120041] 
[   15.120167] The buggy address belongs to the physical page:
[   15.120252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175c
[   15.120507] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.120565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.120617] page_type: f5(slab)
[   15.120655] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.120705] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.120753] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.120800] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.120846] head: 0bfffe0000000001 ffffc1ffc305d701 00000000ffffffff 00000000ffffffff
[   15.120904] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.120942] page dumped because: kasan: bad access detected
[   15.120972] 
[   15.121094] Memory state around the buggy address:
[   15.121128]  fff00000c175cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.121170]  fff00000c175cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.121285] >fff00000c175cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.121874]                                                              ^
[   15.121934]  fff00000c175cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.122039]  fff00000c175cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.122108] ==================================================================
[   15.194156] ==================================================================
[   15.194254] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.194346] Write of size 1 at addr fff00000c64160eb by task kunit_try_catch/161
[   15.194395] 
[   15.194539] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.195156] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.195213] Hardware name: linux,dummy-virt (DT)
[   15.195246] Call trace:
[   15.195455]  show_stack+0x20/0x38 (C)
[   15.195512]  dump_stack_lvl+0x8c/0xd0
[   15.195817]  print_report+0x118/0x5d0
[   15.195940]  kasan_report+0xdc/0x128
[   15.196272]  __asan_report_store1_noabort+0x20/0x30
[   15.196649]  krealloc_more_oob_helper+0x60c/0x678
[   15.197300]  krealloc_large_more_oob+0x20/0x38
[   15.197350]  kunit_try_run_case+0x170/0x3f0
[   15.197738]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.198163]  kthread+0x328/0x630
[   15.198212]  ret_from_fork+0x10/0x20
[   15.198318] 
[   15.198339] The buggy address belongs to the physical page:
[   15.198476] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414
[   15.198894] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.199134] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.199317] page_type: f8(unknown)
[   15.199714] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.200132] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.200210] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.200540] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.200659] head: 0bfffe0000000002 ffffc1ffc3190501 00000000ffffffff 00000000ffffffff
[   15.200710] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.200749] page dumped because: kasan: bad access detected
[   15.200785] 
[   15.200805] Memory state around the buggy address:
[   15.200836]  fff00000c6415f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.201471]  fff00000c6416000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.201520] >fff00000c6416080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.201861]                                                           ^
[   15.202044]  fff00000c6416100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.202097]  fff00000c6416180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.202300] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hjrHVuMhrP4C74zJJY45Voxp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hjrHVuMhrP4C74zJJY45Voxp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/Image.gz
sha256sum	c169ac4c7e9b0e4bbf64da467768ab89f00b0225b3c522460b0d6d662bcd1ac5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/modules.tar.xz
sha256sum	999d2f5e28bad9d0877e65fac807375f30017fd2497321fa0aded245299f46f3

durations

tests

boot	0
kunit	166.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   11.675355] ==================================================================
[   11.676006] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.676618] Write of size 1 at addr ffff8881003382eb by task kunit_try_catch/174
[   11.676981] 
[   11.677231] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.677387] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.677399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.677422] Call Trace:
[   11.677435]  <TASK>
[   11.677452]  dump_stack_lvl+0x73/0xb0
[   11.677484]  print_report+0xd1/0x610
[   11.677518]  ? __virt_addr_valid+0x1db/0x2d0
[   11.677542]  ? krealloc_more_oob_helper+0x821/0x930
[   11.677565]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.677587]  ? krealloc_more_oob_helper+0x821/0x930
[   11.677610]  kasan_report+0x141/0x180
[   11.677631]  ? krealloc_more_oob_helper+0x821/0x930
[   11.677659]  __asan_report_store1_noabort+0x1b/0x30
[   11.677683]  krealloc_more_oob_helper+0x821/0x930
[   11.677704]  ? __schedule+0x10cc/0x2b60
[   11.677727]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.677752]  ? __kasan_check_write+0x18/0x20
[   11.677770]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.677792]  ? irqentry_exit+0x2a/0x60
[   11.677813]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.677836]  ? trace_hardirqs_on+0x37/0xe0
[   11.677859]  ? __pfx_read_tsc+0x10/0x10
[   11.677884]  krealloc_more_oob+0x1c/0x30
[   11.677905]  kunit_try_run_case+0x1a5/0x480
[   11.677930]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.677953]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.677975]  ? __kthread_parkme+0x82/0x180
[   11.677995]  ? preempt_count_sub+0x50/0x80
[   11.678019]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.678041]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.678064]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.678089]  kthread+0x337/0x6f0
[   11.678107]  ? trace_preempt_on+0x20/0xc0
[   11.678128]  ? __pfx_kthread+0x10/0x10
[   11.678148]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.678179]  ? calculate_sigpending+0x7b/0xa0
[   11.678209]  ? __pfx_kthread+0x10/0x10
[   11.678229]  ret_from_fork+0x116/0x1d0
[   11.678248]  ? __pfx_kthread+0x10/0x10
[   11.678267]  ret_from_fork_asm+0x1a/0x30
[   11.678299]  </TASK>
[   11.678309] 
[   11.687665] Allocated by task 174:
[   11.687891]  kasan_save_stack+0x45/0x70
[   11.688040]  kasan_save_track+0x18/0x40
[   11.688459]  kasan_save_alloc_info+0x3b/0x50
[   11.688683]  __kasan_krealloc+0x190/0x1f0
[   11.688931]  krealloc_noprof+0xf3/0x340
[   11.689240]  krealloc_more_oob_helper+0x1a9/0x930
[   11.689508]  krealloc_more_oob+0x1c/0x30
[   11.689652]  kunit_try_run_case+0x1a5/0x480
[   11.689896]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.690142]  kthread+0x337/0x6f0
[   11.690475]  ret_from_fork+0x116/0x1d0
[   11.690641]  ret_from_fork_asm+0x1a/0x30
[   11.690813] 
[   11.690907] The buggy address belongs to the object at ffff888100338200
[   11.690907]  which belongs to the cache kmalloc-256 of size 256
[   11.691534] The buggy address is located 0 bytes to the right of
[   11.691534]  allocated 235-byte region [ffff888100338200, ffff8881003382eb)
[   11.692046] 
[   11.692141] The buggy address belongs to the physical page:
[   11.692580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   11.692948] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.693441] flags: 0x200000000000040(head|node=0|zone=2)
[   11.693698] page_type: f5(slab)
[   11.693907] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.694297] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.694737] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.695077] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.695461] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   11.695778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.696009] page dumped because: kasan: bad access detected
[   11.696568] 
[   11.696850] Memory state around the buggy address:
[   11.697172]  ffff888100338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.697508]  ffff888100338200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.697778] >ffff888100338280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.698141]                                                           ^
[   11.698626]  ffff888100338300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.698932]  ffff888100338380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.699459] ==================================================================
[   11.859320] ==================================================================
[   11.859747] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.859997] Write of size 1 at addr ffff88810391a0eb by task kunit_try_catch/178
[   11.860787] 
[   11.861008] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.861064] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.861074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.861095] Call Trace:
[   11.861107]  <TASK>
[   11.861124]  dump_stack_lvl+0x73/0xb0
[   11.861154]  print_report+0xd1/0x610
[   11.861175]  ? __virt_addr_valid+0x1db/0x2d0
[   11.861198]  ? krealloc_more_oob_helper+0x821/0x930
[   11.861221]  ? kasan_addr_to_slab+0x11/0xa0
[   11.861241]  ? krealloc_more_oob_helper+0x821/0x930
[   11.861265]  kasan_report+0x141/0x180
[   11.861286]  ? krealloc_more_oob_helper+0x821/0x930
[   11.861313]  __asan_report_store1_noabort+0x1b/0x30
[   11.861337]  krealloc_more_oob_helper+0x821/0x930
[   11.861359]  ? __schedule+0x10cc/0x2b60
[   11.861381]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.861404]  ? finish_task_switch.isra.0+0x153/0x700
[   11.861426]  ? __switch_to+0x47/0xf50
[   11.861452]  ? __schedule+0x10cc/0x2b60
[   11.861522]  ? __pfx_read_tsc+0x10/0x10
[   11.861546]  krealloc_large_more_oob+0x1c/0x30
[   11.861580]  kunit_try_run_case+0x1a5/0x480
[   11.861605]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.861626]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.861649]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.861672]  ? __kthread_parkme+0x82/0x180
[   11.861692]  ? preempt_count_sub+0x50/0x80
[   11.861714]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.861737]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.861760]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.861783]  kthread+0x337/0x6f0
[   11.861801]  ? trace_preempt_on+0x20/0xc0
[   11.861823]  ? __pfx_kthread+0x10/0x10
[   11.861843]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.861863]  ? calculate_sigpending+0x7b/0xa0
[   11.861887]  ? __pfx_kthread+0x10/0x10
[   11.861908]  ret_from_fork+0x116/0x1d0
[   11.861925]  ? __pfx_kthread+0x10/0x10
[   11.861945]  ret_from_fork_asm+0x1a/0x30
[   11.861976]  </TASK>
[   11.861986] 
[   11.879353] The buggy address belongs to the physical page:
[   11.879802] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103918
[   11.880061] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.880727] flags: 0x200000000000040(head|node=0|zone=2)
[   11.881251] page_type: f8(unknown)
[   11.881652] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.882615] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.883317] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.884223] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.884828] head: 0200000000000002 ffffea00040e4601 00000000ffffffff 00000000ffffffff
[   11.885624] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.886150] page dumped because: kasan: bad access detected
[   11.886737] 
[   11.886893] Memory state around the buggy address:
[   11.887117]  ffff888103919f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.887902]  ffff88810391a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.888548] >ffff88810391a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.888763]                                                           ^
[   11.888964]  ffff88810391a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.889678]  ffff88810391a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.890425] ==================================================================
[   11.700216] ==================================================================
[   11.700509] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.700828] Write of size 1 at addr ffff8881003382f0 by task kunit_try_catch/174
[   11.701434] 
[   11.701585] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.701633] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.701644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.701664] Call Trace:
[   11.701682]  <TASK>
[   11.701697]  dump_stack_lvl+0x73/0xb0
[   11.701727]  print_report+0xd1/0x610
[   11.701748]  ? __virt_addr_valid+0x1db/0x2d0
[   11.701770]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.701793]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.701816]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.701839]  kasan_report+0x141/0x180
[   11.701860]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.701888]  __asan_report_store1_noabort+0x1b/0x30
[   11.701912]  krealloc_more_oob_helper+0x7eb/0x930
[   11.701933]  ? __schedule+0x10cc/0x2b60
[   11.701955]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.701980]  ? __kasan_check_write+0x18/0x20
[   11.702037]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.702061]  ? irqentry_exit+0x2a/0x60
[   11.702081]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.702306]  ? trace_hardirqs_on+0x37/0xe0
[   11.702336]  ? __pfx_read_tsc+0x10/0x10
[   11.702372]  krealloc_more_oob+0x1c/0x30
[   11.702394]  kunit_try_run_case+0x1a5/0x480
[   11.702418]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.702441]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.702464]  ? __kthread_parkme+0x82/0x180
[   11.702483]  ? preempt_count_sub+0x50/0x80
[   11.702515]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.702538]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.702560]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.702583]  kthread+0x337/0x6f0
[   11.702601]  ? trace_preempt_on+0x20/0xc0
[   11.702622]  ? __pfx_kthread+0x10/0x10
[   11.702642]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.702663]  ? calculate_sigpending+0x7b/0xa0
[   11.702686]  ? __pfx_kthread+0x10/0x10
[   11.702706]  ret_from_fork+0x116/0x1d0
[   11.702724]  ? __pfx_kthread+0x10/0x10
[   11.702743]  ret_from_fork_asm+0x1a/0x30
[   11.702772]  </TASK>
[   11.702782] 
[   11.712354] Allocated by task 174:
[   11.712622]  kasan_save_stack+0x45/0x70
[   11.712844]  kasan_save_track+0x18/0x40
[   11.713124]  kasan_save_alloc_info+0x3b/0x50
[   11.713423]  __kasan_krealloc+0x190/0x1f0
[   11.713619]  krealloc_noprof+0xf3/0x340
[   11.713794]  krealloc_more_oob_helper+0x1a9/0x930
[   11.714018]  krealloc_more_oob+0x1c/0x30
[   11.714450]  kunit_try_run_case+0x1a5/0x480
[   11.714672]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.714851]  kthread+0x337/0x6f0
[   11.714971]  ret_from_fork+0x116/0x1d0
[   11.715135]  ret_from_fork_asm+0x1a/0x30
[   11.715328] 
[   11.715422] The buggy address belongs to the object at ffff888100338200
[   11.715422]  which belongs to the cache kmalloc-256 of size 256
[   11.715961] The buggy address is located 5 bytes to the right of
[   11.715961]  allocated 235-byte region [ffff888100338200, ffff8881003382eb)
[   11.716626] 
[   11.716727] The buggy address belongs to the physical page:
[   11.716980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   11.717444] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.717711] flags: 0x200000000000040(head|node=0|zone=2)
[   11.717967] page_type: f5(slab)
[   11.718421] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.718775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.719066] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.719833] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.720172] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   11.720618] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.720964] page dumped because: kasan: bad access detected
[   11.721139] 
[   11.721216] Memory state around the buggy address:
[   11.721564]  ffff888100338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.722036]  ffff888100338200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.722341] >ffff888100338280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.722644]                                                              ^
[   11.722922]  ffff888100338300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.723527]  ffff888100338380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.723749] ==================================================================
[   11.891999] ==================================================================
[   11.892821] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.893424] Write of size 1 at addr ffff88810391a0f0 by task kunit_try_catch/178
[   11.894323] 
[   11.894485] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.894543] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.894554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.894575] Call Trace:
[   11.894590]  <TASK>
[   11.894635]  dump_stack_lvl+0x73/0xb0
[   11.894666]  print_report+0xd1/0x610
[   11.894689]  ? __virt_addr_valid+0x1db/0x2d0
[   11.894712]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.894734]  ? kasan_addr_to_slab+0x11/0xa0
[   11.894754]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.894777]  kasan_report+0x141/0x180
[   11.894799]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.894827]  __asan_report_store1_noabort+0x1b/0x30
[   11.894850]  krealloc_more_oob_helper+0x7eb/0x930
[   11.894872]  ? __schedule+0x10cc/0x2b60
[   11.894894]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.894917]  ? finish_task_switch.isra.0+0x153/0x700
[   11.894941]  ? __switch_to+0x47/0xf50
[   11.894965]  ? __schedule+0x10cc/0x2b60
[   11.894986]  ? __pfx_read_tsc+0x10/0x10
[   11.895009]  krealloc_large_more_oob+0x1c/0x30
[   11.895031]  kunit_try_run_case+0x1a5/0x480
[   11.895147]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.895183]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.895207]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.895229]  ? __kthread_parkme+0x82/0x180
[   11.895249]  ? preempt_count_sub+0x50/0x80
[   11.895271]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.895294]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.895317]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.895340]  kthread+0x337/0x6f0
[   11.895358]  ? trace_preempt_on+0x20/0xc0
[   11.895382]  ? __pfx_kthread+0x10/0x10
[   11.895401]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.895421]  ? calculate_sigpending+0x7b/0xa0
[   11.895445]  ? __pfx_kthread+0x10/0x10
[   11.895465]  ret_from_fork+0x116/0x1d0
[   11.895483]  ? __pfx_kthread+0x10/0x10
[   11.895512]  ret_from_fork_asm+0x1a/0x30
[   11.895542]  </TASK>
[   11.895552] 
[   11.904726] The buggy address belongs to the physical page:
[   11.905075] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103918
[   11.905672] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.905979] flags: 0x200000000000040(head|node=0|zone=2)
[   11.906160] page_type: f8(unknown)
[   11.906295] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.906668] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.907312] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.907672] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.908306] head: 0200000000000002 ffffea00040e4601 00000000ffffffff 00000000ffffffff
[   11.908685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.908961] page dumped because: kasan: bad access detected
[   11.909131] 
[   11.909199] Memory state around the buggy address:
[   11.909740]  ffff888103919f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.910154]  ffff88810391a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.910672] >ffff88810391a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.910973]                                                              ^
[   11.911574]  ffff88810391a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.911846]  ffff88810391a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.912240] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hkxk4umYymvAHR1enE6Lr0J7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hkxk4umYymvAHR1enE6Lr0J7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/bzImage
sha256sum	4b79c38ff9b1d3fd5b9bc01d29127c64ba58368915842f230bb5db740b0e37c2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/modules.tar.xz
sha256sum	3ef36255dcc209be48379112d67feb901ccf616788896aa1facf84baa027e63e

durations

tests

boot	0
kunit	219.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit