lkft/linux-mainline-master - v6.16-rc6-279-gbf61759db409 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 19, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.126083] ==================================================================
[   15.126213] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.126307] Write of size 1 at addr fff00000c60f60f0 by task kunit_try_catch/160
[   15.126371] 
[   15.126500] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.127305] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.127339] Hardware name: linux,dummy-virt (DT)
[   15.127368] Call trace:
[   15.127395]  show_stack+0x20/0x38 (C)
[   15.127500]  dump_stack_lvl+0x8c/0xd0
[   15.127597]  print_report+0x118/0x5d0
[   15.127659]  kasan_report+0xdc/0x128
[   15.127713]  __asan_report_store1_noabort+0x20/0x30
[   15.127763]  krealloc_more_oob_helper+0x5c0/0x678
[   15.127903]  krealloc_large_more_oob+0x20/0x38
[   15.127962]  kunit_try_run_case+0x170/0x3f0
[   15.128045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.128097]  kthread+0x328/0x630
[   15.128138]  ret_from_fork+0x10/0x20
[   15.128196] 
[   15.128268] The buggy address belongs to the physical page:
[   15.128322] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   15.128373] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.128417] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.128466] page_type: f8(unknown)
[   15.128554] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.128615] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.128664] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.128755] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.128936] head: 0bfffe0000000002 ffffc1ffc3183d01 00000000ffffffff 00000000ffffffff
[   15.129064] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.129130] page dumped because: kasan: bad access detected
[   15.129164] 
[   15.129181] Memory state around the buggy address:
[   15.129211]  fff00000c60f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.129251]  fff00000c60f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.129292] >fff00000c60f6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.129330]                                                              ^
[   15.129509]  fff00000c60f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.129586]  fff00000c60f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.129775] ==================================================================
[   15.122385] ==================================================================
[   15.122438] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.122488] Write of size 1 at addr fff00000c60f60eb by task kunit_try_catch/160
[   15.122536] 
[   15.122566] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.122653] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.122768] Hardware name: linux,dummy-virt (DT)
[   15.122799] Call trace:
[   15.122877]  show_stack+0x20/0x38 (C)
[   15.123114]  dump_stack_lvl+0x8c/0xd0
[   15.123167]  print_report+0x118/0x5d0
[   15.123221]  kasan_report+0xdc/0x128
[   15.123404]  __asan_report_store1_noabort+0x20/0x30
[   15.123489]  krealloc_more_oob_helper+0x60c/0x678
[   15.123581]  krealloc_large_more_oob+0x20/0x38
[   15.124215]  kunit_try_run_case+0x170/0x3f0
[   15.124298]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.124426]  kthread+0x328/0x630
[   15.124489]  ret_from_fork+0x10/0x20
[   15.124616] 
[   15.124674] The buggy address belongs to the physical page:
[   15.124715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   15.124766] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.124831] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.124923] page_type: f8(unknown)
[   15.124961] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.125022] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.125071] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.125130] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.125178] head: 0bfffe0000000002 ffffc1ffc3183d01 00000000ffffffff 00000000ffffffff
[   15.125224] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.125282] page dumped because: kasan: bad access detected
[   15.125321] 
[   15.125393] Memory state around the buggy address:
[   15.125423]  fff00000c60f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.125486]  fff00000c60f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.125563] >fff00000c60f6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.125747]                                                           ^
[   15.125784]  fff00000c60f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.125826]  fff00000c60f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.125862] ==================================================================
[   15.075311] ==================================================================
[   15.075365] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.075466] Write of size 1 at addr fff00000c5c3c6eb by task kunit_try_catch/156
[   15.075516] 
[   15.075546] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.075635] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.075741] Hardware name: linux,dummy-virt (DT)
[   15.075772] Call trace:
[   15.075794]  show_stack+0x20/0x38 (C)
[   15.075850]  dump_stack_lvl+0x8c/0xd0
[   15.075904]  print_report+0x118/0x5d0
[   15.075997]  kasan_report+0xdc/0x128
[   15.076045]  __asan_report_store1_noabort+0x20/0x30
[   15.076131]  krealloc_more_oob_helper+0x60c/0x678
[   15.076294]  krealloc_more_oob+0x20/0x38
[   15.076372]  kunit_try_run_case+0x170/0x3f0
[   15.076420]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.076602]  kthread+0x328/0x630
[   15.076647]  ret_from_fork+0x10/0x20
[   15.076722] 
[   15.076740] Allocated by task 156:
[   15.076770]  kasan_save_stack+0x3c/0x68
[   15.076835]  kasan_save_track+0x20/0x40
[   15.076871]  kasan_save_alloc_info+0x40/0x58
[   15.076929]  __kasan_krealloc+0x118/0x178
[   15.076994]  krealloc_noprof+0x128/0x360
[   15.077126]  krealloc_more_oob_helper+0x168/0x678
[   15.077163]  krealloc_more_oob+0x20/0x38
[   15.077198]  kunit_try_run_case+0x170/0x3f0
[   15.077234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.077313]  kthread+0x328/0x630
[   15.077362]  ret_from_fork+0x10/0x20
[   15.077408] 
[   15.077428] The buggy address belongs to the object at fff00000c5c3c600
[   15.077428]  which belongs to the cache kmalloc-256 of size 256
[   15.077584] The buggy address is located 0 bytes to the right of
[   15.077584]  allocated 235-byte region [fff00000c5c3c600, fff00000c5c3c6eb)
[   15.077652] 
[   15.077680] The buggy address belongs to the physical page:
[   15.077766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c3c
[   15.077826] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.078233] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.078334] page_type: f5(slab)
[   15.078406] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.078473] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.078522] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.078570] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.078712] head: 0bfffe0000000001 ffffc1ffc3170f01 00000000ffffffff 00000000ffffffff
[   15.078763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.078802] page dumped because: kasan: bad access detected
[   15.078848] 
[   15.078866] Memory state around the buggy address:
[   15.078992]  fff00000c5c3c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.079164]  fff00000c5c3c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.079206] >fff00000c5c3c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.079249]                                                           ^
[   15.079287]  fff00000c5c3c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.079447]  fff00000c5c3c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.079485] ==================================================================
[   15.081365] ==================================================================
[   15.081413] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.081459] Write of size 1 at addr fff00000c5c3c6f0 by task kunit_try_catch/156
[   15.081506] 
[   15.081533] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.081619] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.082090] Hardware name: linux,dummy-virt (DT)
[   15.082135] Call trace:
[   15.082157]  show_stack+0x20/0x38 (C)
[   15.082217]  dump_stack_lvl+0x8c/0xd0
[   15.082349]  print_report+0x118/0x5d0
[   15.082395]  kasan_report+0xdc/0x128
[   15.082549]  __asan_report_store1_noabort+0x20/0x30
[   15.082668]  krealloc_more_oob_helper+0x5c0/0x678
[   15.082725]  krealloc_more_oob+0x20/0x38
[   15.082769]  kunit_try_run_case+0x170/0x3f0
[   15.082814]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.082866]  kthread+0x328/0x630
[   15.082908]  ret_from_fork+0x10/0x20
[   15.082954] 
[   15.082978] Allocated by task 156:
[   15.083113]  kasan_save_stack+0x3c/0x68
[   15.083158]  kasan_save_track+0x20/0x40
[   15.083305]  kasan_save_alloc_info+0x40/0x58
[   15.083481]  __kasan_krealloc+0x118/0x178
[   15.083523]  krealloc_noprof+0x128/0x360
[   15.083652]  krealloc_more_oob_helper+0x168/0x678
[   15.084449]  krealloc_more_oob+0x20/0x38
[   15.084519]  kunit_try_run_case+0x170/0x3f0
[   15.084568]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.084610]  kthread+0x328/0x630
[   15.084657]  ret_from_fork+0x10/0x20
[   15.084702] 
[   15.084721] The buggy address belongs to the object at fff00000c5c3c600
[   15.084721]  which belongs to the cache kmalloc-256 of size 256
[   15.084775] The buggy address is located 5 bytes to the right of
[   15.084775]  allocated 235-byte region [fff00000c5c3c600, fff00000c5c3c6eb)
[   15.084928] 
[   15.084987] The buggy address belongs to the physical page:
[   15.085022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c3c
[   15.085148] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.085194] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.085243] page_type: f5(slab)
[   15.085278] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.085422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.085485] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.085737] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.085790] head: 0bfffe0000000001 ffffc1ffc3170f01 00000000ffffffff 00000000ffffffff
[   15.085837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.085876] page dumped because: kasan: bad access detected
[   15.085905] 
[   15.085925] Memory state around the buggy address:
[   15.085955]  fff00000c5c3c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.085995]  fff00000c5c3c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.086037] >fff00000c5c3c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.086074]                                                              ^
[   15.086111]  fff00000c5c3c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.086152]  fff00000c5c3c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.086198] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077NNFJrWWkcAy8IID5ILATusq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077NNFJrWWkcAy8IID5ILATusq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/Image.gz
sha256sum	4fb6bfc3e42cafc0ebb4a145f4b0e856366a60f4ad09bf55eaf187601ba57254

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/modules.tar.xz
sha256sum	e970ffe65eabeeb4747aabb09f86153746494bc2902552f8c3f7db6a8fa892c6

durations

tests

boot	0
kunit	180.80

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   11.607928] ==================================================================
[   11.609049] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.609618] Write of size 1 at addr ffff8881003504eb by task kunit_try_catch/173
[   11.610208] 
[   11.610421] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.610473] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.610485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.610505] Call Trace:
[   11.610515]  <TASK>
[   11.610529]  dump_stack_lvl+0x73/0xb0
[   11.610557]  print_report+0xd1/0x610
[   11.610578]  ? __virt_addr_valid+0x1db/0x2d0
[   11.610599]  ? krealloc_more_oob_helper+0x821/0x930
[   11.610621]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.610642]  ? krealloc_more_oob_helper+0x821/0x930
[   11.610664]  kasan_report+0x141/0x180
[   11.610685]  ? krealloc_more_oob_helper+0x821/0x930
[   11.610713]  __asan_report_store1_noabort+0x1b/0x30
[   11.610736]  krealloc_more_oob_helper+0x821/0x930
[   11.610756]  ? __schedule+0x10cc/0x2b60
[   11.610778]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.610801]  ? finish_task_switch.isra.0+0x153/0x700
[   11.610822]  ? __switch_to+0x47/0xf50
[   11.610847]  ? __schedule+0x10cc/0x2b60
[   11.610867]  ? __pfx_read_tsc+0x10/0x10
[   11.610891]  krealloc_more_oob+0x1c/0x30
[   11.610911]  kunit_try_run_case+0x1a5/0x480
[   11.610935]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.610956]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.610978]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.611000]  ? __kthread_parkme+0x82/0x180
[   11.611032]  ? preempt_count_sub+0x50/0x80
[   11.611054]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.611076]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.611098]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.611120]  kthread+0x337/0x6f0
[   11.611139]  ? trace_preempt_on+0x20/0xc0
[   11.611160]  ? __pfx_kthread+0x10/0x10
[   11.611180]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.611200]  ? calculate_sigpending+0x7b/0xa0
[   11.611223]  ? __pfx_kthread+0x10/0x10
[   11.611244]  ret_from_fork+0x116/0x1d0
[   11.611261]  ? __pfx_kthread+0x10/0x10
[   11.611281]  ret_from_fork_asm+0x1a/0x30
[   11.611310]  </TASK>
[   11.611320] 
[   11.625474] Allocated by task 173:
[   11.625892]  kasan_save_stack+0x45/0x70
[   11.626307]  kasan_save_track+0x18/0x40
[   11.626814]  kasan_save_alloc_info+0x3b/0x50
[   11.627091]  __kasan_krealloc+0x190/0x1f0
[   11.627499]  krealloc_noprof+0xf3/0x340
[   11.627691]  krealloc_more_oob_helper+0x1a9/0x930
[   11.628214]  krealloc_more_oob+0x1c/0x30
[   11.628478]  kunit_try_run_case+0x1a5/0x480
[   11.628884]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.629096]  kthread+0x337/0x6f0
[   11.629264]  ret_from_fork+0x116/0x1d0
[   11.629605]  ret_from_fork_asm+0x1a/0x30
[   11.630109] 
[   11.630299] The buggy address belongs to the object at ffff888100350400
[   11.630299]  which belongs to the cache kmalloc-256 of size 256
[   11.631571] The buggy address is located 0 bytes to the right of
[   11.631571]  allocated 235-byte region [ffff888100350400, ffff8881003504eb)
[   11.631957] 
[   11.632039] The buggy address belongs to the physical page:
[   11.632207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.632455] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.632757] flags: 0x200000000000040(head|node=0|zone=2)
[   11.633001] page_type: f5(slab)
[   11.633133] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.633682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.634011] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.634304] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.634640] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.634865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.635184] page dumped because: kasan: bad access detected
[   11.635447] 
[   11.635559] Memory state around the buggy address:
[   11.635731]  ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.635938]  ffff888100350400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.636538] >ffff888100350480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.636889]                                                           ^
[   11.637217]  ffff888100350500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.637423]  ffff888100350580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.637929] ==================================================================
[   11.638549] ==================================================================
[   11.638840] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.639246] Write of size 1 at addr ffff8881003504f0 by task kunit_try_catch/173
[   11.639673] 
[   11.639814] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.639854] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.639865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.639883] Call Trace:
[   11.639893]  <TASK>
[   11.639907]  dump_stack_lvl+0x73/0xb0
[   11.639933]  print_report+0xd1/0x610
[   11.639954]  ? __virt_addr_valid+0x1db/0x2d0
[   11.639975]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.639997]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.640029]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.640052]  kasan_report+0x141/0x180
[   11.640073]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.640100]  __asan_report_store1_noabort+0x1b/0x30
[   11.640123]  krealloc_more_oob_helper+0x7eb/0x930
[   11.640143]  ? __schedule+0x10cc/0x2b60
[   11.640165]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.640187]  ? finish_task_switch.isra.0+0x153/0x700
[   11.640208]  ? __switch_to+0x47/0xf50
[   11.640231]  ? __schedule+0x10cc/0x2b60
[   11.640251]  ? __pfx_read_tsc+0x10/0x10
[   11.640276]  krealloc_more_oob+0x1c/0x30
[   11.640296]  kunit_try_run_case+0x1a5/0x480
[   11.640319]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.640340]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.640363]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.640403]  ? __kthread_parkme+0x82/0x180
[   11.640422]  ? preempt_count_sub+0x50/0x80
[   11.640482]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.640504]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.640526]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.640548]  kthread+0x337/0x6f0
[   11.640566]  ? trace_preempt_on+0x20/0xc0
[   11.640588]  ? __pfx_kthread+0x10/0x10
[   11.640608]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.640628]  ? calculate_sigpending+0x7b/0xa0
[   11.640651]  ? __pfx_kthread+0x10/0x10
[   11.640671]  ret_from_fork+0x116/0x1d0
[   11.640689]  ? __pfx_kthread+0x10/0x10
[   11.640708]  ret_from_fork_asm+0x1a/0x30
[   11.640737]  </TASK>
[   11.640746] 
[   11.648652] Allocated by task 173:
[   11.648808]  kasan_save_stack+0x45/0x70
[   11.649076]  kasan_save_track+0x18/0x40
[   11.649316]  kasan_save_alloc_info+0x3b/0x50
[   11.649663]  __kasan_krealloc+0x190/0x1f0
[   11.649809]  krealloc_noprof+0xf3/0x340
[   11.649943]  krealloc_more_oob_helper+0x1a9/0x930
[   11.650157]  krealloc_more_oob+0x1c/0x30
[   11.650355]  kunit_try_run_case+0x1a5/0x480
[   11.650591]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.651030]  kthread+0x337/0x6f0
[   11.651170]  ret_from_fork+0x116/0x1d0
[   11.651330]  ret_from_fork_asm+0x1a/0x30
[   11.651656] 
[   11.651768] The buggy address belongs to the object at ffff888100350400
[   11.651768]  which belongs to the cache kmalloc-256 of size 256
[   11.652291] The buggy address is located 5 bytes to the right of
[   11.652291]  allocated 235-byte region [ffff888100350400, ffff8881003504eb)
[   11.652877] 
[   11.652988] The buggy address belongs to the physical page:
[   11.653225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.653616] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.653984] flags: 0x200000000000040(head|node=0|zone=2)
[   11.654196] page_type: f5(slab)
[   11.654362] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.654663] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.655055] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.655287] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.655517] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.655747] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.655975] page dumped because: kasan: bad access detected
[   11.656427] 
[   11.656615] Memory state around the buggy address:
[   11.656837]  ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.657491]  ffff888100350400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.658155] >ffff888100350480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.658614]                                                              ^
[   11.658818]  ffff888100350500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.659043]  ffff888100350580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.659254] ==================================================================
[   11.799329] ==================================================================
[   11.799994] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.800343] Write of size 1 at addr ffff888102a3a0eb by task kunit_try_catch/177
[   11.800742] 
[   11.800875] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.800934] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.800945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.800964] Call Trace:
[   11.800980]  <TASK>
[   11.800995]  dump_stack_lvl+0x73/0xb0
[   11.801044]  print_report+0xd1/0x610
[   11.801066]  ? __virt_addr_valid+0x1db/0x2d0
[   11.801099]  ? krealloc_more_oob_helper+0x821/0x930
[   11.801122]  ? kasan_addr_to_slab+0x11/0xa0
[   11.801141]  ? krealloc_more_oob_helper+0x821/0x930
[   11.801175]  kasan_report+0x141/0x180
[   11.801196]  ? krealloc_more_oob_helper+0x821/0x930
[   11.801223]  __asan_report_store1_noabort+0x1b/0x30
[   11.801258]  krealloc_more_oob_helper+0x821/0x930
[   11.801279]  ? __schedule+0x10cc/0x2b60
[   11.801302]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.801336]  ? finish_task_switch.isra.0+0x153/0x700
[   11.801359]  ? __switch_to+0x47/0xf50
[   11.801492]  ? __schedule+0x10cc/0x2b60
[   11.801516]  ? __pfx_read_tsc+0x10/0x10
[   11.801540]  krealloc_large_more_oob+0x1c/0x30
[   11.801576]  kunit_try_run_case+0x1a5/0x480
[   11.801600]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.801622]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.801656]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.801678]  ? __kthread_parkme+0x82/0x180
[   11.801698]  ? preempt_count_sub+0x50/0x80
[   11.801748]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.801772]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.801806]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.801828]  kthread+0x337/0x6f0
[   11.801847]  ? trace_preempt_on+0x20/0xc0
[   11.801869]  ? __pfx_kthread+0x10/0x10
[   11.801889]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.801909]  ? calculate_sigpending+0x7b/0xa0
[   11.801932]  ? __pfx_kthread+0x10/0x10
[   11.801953]  ret_from_fork+0x116/0x1d0
[   11.801970]  ? __pfx_kthread+0x10/0x10
[   11.801990]  ret_from_fork_asm+0x1a/0x30
[   11.802030]  </TASK>
[   11.802041] 
[   11.810496] The buggy address belongs to the physical page:
[   11.810765] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.811687] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.811926] flags: 0x200000000000040(head|node=0|zone=2)
[   11.812157] page_type: f8(unknown)
[   11.812353] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.813048] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.813421] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.813954] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.814273] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.814695] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.814927] page dumped because: kasan: bad access detected
[   11.815187] 
[   11.815281] Memory state around the buggy address:
[   11.815553]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.815958]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.816546] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.816813]                                                           ^
[   11.817130]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.817567]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.817861] ==================================================================
[   11.818349] ==================================================================
[   11.818762] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.819171] Write of size 1 at addr ffff888102a3a0f0 by task kunit_try_catch/177
[   11.819559] 
[   11.819901] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.819946] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.819957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.820024] Call Trace:
[   11.820036]  <TASK>
[   11.820050]  dump_stack_lvl+0x73/0xb0
[   11.820123]  print_report+0xd1/0x610
[   11.820144]  ? __virt_addr_valid+0x1db/0x2d0
[   11.820178]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.820200]  ? kasan_addr_to_slab+0x11/0xa0
[   11.820219]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.820242]  kasan_report+0x141/0x180
[   11.820263]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.820290]  __asan_report_store1_noabort+0x1b/0x30
[   11.820313]  krealloc_more_oob_helper+0x7eb/0x930
[   11.820334]  ? __schedule+0x10cc/0x2b60
[   11.820356]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.820437]  ? finish_task_switch.isra.0+0x153/0x700
[   11.820459]  ? __switch_to+0x47/0xf50
[   11.820484]  ? __schedule+0x10cc/0x2b60
[   11.820504]  ? __pfx_read_tsc+0x10/0x10
[   11.820528]  krealloc_large_more_oob+0x1c/0x30
[   11.820550]  kunit_try_run_case+0x1a5/0x480
[   11.820574]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.820596]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.820618]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.820640]  ? __kthread_parkme+0x82/0x180
[   11.820659]  ? preempt_count_sub+0x50/0x80
[   11.820681]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.820703]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.820725]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.820747]  kthread+0x337/0x6f0
[   11.820777]  ? trace_preempt_on+0x20/0xc0
[   11.820817]  ? __pfx_kthread+0x10/0x10
[   11.820837]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.820857]  ? calculate_sigpending+0x7b/0xa0
[   11.820879]  ? __pfx_kthread+0x10/0x10
[   11.820900]  ret_from_fork+0x116/0x1d0
[   11.820917]  ? __pfx_kthread+0x10/0x10
[   11.820937]  ret_from_fork_asm+0x1a/0x30
[   11.820972]  </TASK>
[   11.820982] 
[   11.830925] The buggy address belongs to the physical page:
[   11.831194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.831809] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.832209] flags: 0x200000000000040(head|node=0|zone=2)
[   11.832590] page_type: f8(unknown)
[   11.832855] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.833144] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.833543] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.833980] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.834339] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.834788] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.835145] page dumped because: kasan: bad access detected
[   11.835363] 
[   11.835613] Memory state around the buggy address:
[   11.835849]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.836152]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.836591] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.836881]                                                              ^
[   11.837125]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.837484]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.838019] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077OUKeH4klMzGPpiURQkIkRoq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077OUKeH4klMzGPpiURQkIkRoq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/bzImage
sha256sum	688f7e44f740c230bc3dd9986a1dcb2217f21e43e087467b257af26e6d1daa91

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/modules.tar.xz
sha256sum	42f1ae1d624ca92b080f0b1da8d82c9161e8e8c5828ad9bdb8670b6bf906480e

durations

tests

boot	0
kunit	203.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit