lkft/linux-mainline-master - v6.16-rc6-281-gf4a40a4282f4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 20, 2025, 11:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.229231] ==================================================================
[   15.229336] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.229424] Write of size 1 at addr fff00000c61444eb by task kunit_try_catch/156
[   15.229475] 
[   15.229553] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.229658] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.229698] Hardware name: linux,dummy-virt (DT)
[   15.229748] Call trace:
[   15.229798]  show_stack+0x20/0x38 (C)
[   15.229846]  dump_stack_lvl+0x8c/0xd0
[   15.229890]  print_report+0x118/0x5d0
[   15.230068]  kasan_report+0xdc/0x128
[   15.230232]  __asan_report_store1_noabort+0x20/0x30
[   15.230290]  krealloc_more_oob_helper+0x60c/0x678
[   15.230337]  krealloc_more_oob+0x20/0x38
[   15.230398]  kunit_try_run_case+0x170/0x3f0
[   15.230448]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.230498]  kthread+0x328/0x630
[   15.230537]  ret_from_fork+0x10/0x20
[   15.230693] 
[   15.230732] Allocated by task 156:
[   15.230804]  kasan_save_stack+0x3c/0x68
[   15.230847]  kasan_save_track+0x20/0x40
[   15.230883]  kasan_save_alloc_info+0x40/0x58
[   15.230921]  __kasan_krealloc+0x118/0x178
[   15.230974]  krealloc_noprof+0x128/0x360
[   15.231018]  krealloc_more_oob_helper+0x168/0x678
[   15.231056]  krealloc_more_oob+0x20/0x38
[   15.231117]  kunit_try_run_case+0x170/0x3f0
[   15.231217]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.231383]  kthread+0x328/0x630
[   15.231446]  ret_from_fork+0x10/0x20
[   15.231481] 
[   15.231500] The buggy address belongs to the object at fff00000c6144400
[   15.231500]  which belongs to the cache kmalloc-256 of size 256
[   15.231555] The buggy address is located 0 bytes to the right of
[   15.231555]  allocated 235-byte region [fff00000c6144400, fff00000c61444eb)
[   15.231940] 
[   15.232000] The buggy address belongs to the physical page:
[   15.232091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   15.232152] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.232233] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.232356] page_type: f5(slab)
[   15.232428] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.232565] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.232752] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.232859] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.232918] head: 0bfffe0000000001 ffffc1ffc3185101 00000000ffffffff 00000000ffffffff
[   15.233203] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.233296] page dumped because: kasan: bad access detected
[   15.233350] 
[   15.233367] Memory state around the buggy address:
[   15.233398]  fff00000c6144380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.233439]  fff00000c6144400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.233480] >fff00000c6144480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.233523]                                                           ^
[   15.233571]  fff00000c6144500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.233612]  fff00000c6144580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.233648] ==================================================================
[   15.274466] ==================================================================
[   15.274521] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.274646] Write of size 1 at addr fff00000c77560eb by task kunit_try_catch/160
[   15.274709] 
[   15.274739] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.275033] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.275176] Hardware name: linux,dummy-virt (DT)
[   15.275275] Call trace:
[   15.275336]  show_stack+0x20/0x38 (C)
[   15.275501]  dump_stack_lvl+0x8c/0xd0
[   15.275565]  print_report+0x118/0x5d0
[   15.275632]  kasan_report+0xdc/0x128
[   15.275688]  __asan_report_store1_noabort+0x20/0x30
[   15.275738]  krealloc_more_oob_helper+0x60c/0x678
[   15.275785]  krealloc_large_more_oob+0x20/0x38
[   15.275830]  kunit_try_run_case+0x170/0x3f0
[   15.276023]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.276158]  kthread+0x328/0x630
[   15.276303]  ret_from_fork+0x10/0x20
[   15.276391] 
[   15.276485] The buggy address belongs to the physical page:
[   15.276595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.276678] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.276724] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.277002] page_type: f8(unknown)
[   15.277177] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.277290] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.277378] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.277523] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.277590] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.277706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.277750] page dumped because: kasan: bad access detected
[   15.277799] 
[   15.277816] Memory state around the buggy address:
[   15.277850]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.277894]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.277937] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.277972]                                                           ^
[   15.278010]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.278050]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.278088] ==================================================================
[   15.234055] ==================================================================
[   15.234111] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.234158] Write of size 1 at addr fff00000c61444f0 by task kunit_try_catch/156
[   15.234205] 
[   15.234252] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.234329] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.234392] Hardware name: linux,dummy-virt (DT)
[   15.234424] Call trace:
[   15.234445]  show_stack+0x20/0x38 (C)
[   15.234490]  dump_stack_lvl+0x8c/0xd0
[   15.234534]  print_report+0x118/0x5d0
[   15.234580]  kasan_report+0xdc/0x128
[   15.234625]  __asan_report_store1_noabort+0x20/0x30
[   15.234687]  krealloc_more_oob_helper+0x5c0/0x678
[   15.234808]  krealloc_more_oob+0x20/0x38
[   15.234860]  kunit_try_run_case+0x170/0x3f0
[   15.234905]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.235001]  kthread+0x328/0x630
[   15.235051]  ret_from_fork+0x10/0x20
[   15.235096] 
[   15.235114] Allocated by task 156:
[   15.235141]  kasan_save_stack+0x3c/0x68
[   15.235201]  kasan_save_track+0x20/0x40
[   15.235313]  kasan_save_alloc_info+0x40/0x58
[   15.235437]  __kasan_krealloc+0x118/0x178
[   15.235592]  krealloc_noprof+0x128/0x360
[   15.235710]  krealloc_more_oob_helper+0x168/0x678
[   15.235750]  krealloc_more_oob+0x20/0x38
[   15.235785]  kunit_try_run_case+0x170/0x3f0
[   15.235838]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.236128]  kthread+0x328/0x630
[   15.236229]  ret_from_fork+0x10/0x20
[   15.236349] 
[   15.236443] The buggy address belongs to the object at fff00000c6144400
[   15.236443]  which belongs to the cache kmalloc-256 of size 256
[   15.236579] The buggy address is located 5 bytes to the right of
[   15.236579]  allocated 235-byte region [fff00000c6144400, fff00000c61444eb)
[   15.236749] 
[   15.236798] The buggy address belongs to the physical page:
[   15.236861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   15.237019] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.237100] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.237150] page_type: f5(slab)
[   15.237186] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.237234] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.237281] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.237338] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.237395] head: 0bfffe0000000001 ffffc1ffc3185101 00000000ffffffff 00000000ffffffff
[   15.237451] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.237500] page dumped because: kasan: bad access detected
[   15.237537] 
[   15.237555] Memory state around the buggy address:
[   15.237584]  fff00000c6144380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.237626]  fff00000c6144400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.237676] >fff00000c6144480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.237712]                                                              ^
[   15.237750]  fff00000c6144500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.237791]  fff00000c6144580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.237827] ==================================================================
[   15.280726] ==================================================================
[   15.280885] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.280973] Write of size 1 at addr fff00000c77560f0 by task kunit_try_catch/160
[   15.281034] 
[   15.281126] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.281230] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.281256] Hardware name: linux,dummy-virt (DT)
[   15.281286] Call trace:
[   15.281306]  show_stack+0x20/0x38 (C)
[   15.281353]  dump_stack_lvl+0x8c/0xd0
[   15.281397]  print_report+0x118/0x5d0
[   15.281445]  kasan_report+0xdc/0x128
[   15.281489]  __asan_report_store1_noabort+0x20/0x30
[   15.281719]  krealloc_more_oob_helper+0x5c0/0x678
[   15.281898]  krealloc_large_more_oob+0x20/0x38
[   15.282064]  kunit_try_run_case+0x170/0x3f0
[   15.282131]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.282253]  kthread+0x328/0x630
[   15.282362]  ret_from_fork+0x10/0x20
[   15.282501] 
[   15.282697] The buggy address belongs to the physical page:
[   15.282859] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.282963] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.283059] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.283167] page_type: f8(unknown)
[   15.283271] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.283341] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.283400] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.283456] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.283503] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.283566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.283605] page dumped because: kasan: bad access detected
[   15.283644] 
[   15.283680] Memory state around the buggy address:
[   15.283711]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.283762]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.283803] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.283854]                                                              ^
[   15.283899]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.283939]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.283977] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308WwJaHQwF9GiJmP1YPiPqA012

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308WwJaHQwF9GiJmP1YPiPqA012

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/Image.gz
sha256sum	4d2e0511bab027133f01b2172d6d8558efd2b45bcadc263c5cacdb0ac44741cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/modules.tar.xz
sha256sum	18d5d5576d3740ea20de31396b726912b8f91395c442996d953fc58d4a74f8e9

durations

tests

boot	0
kunit	197.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.049393] ==================================================================
[   12.049903] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.050169] Write of size 1 at addr ffff8881029a20eb by task kunit_try_catch/177
[   12.050621] 
[   12.050812] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.050857] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.050867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.050887] Call Trace:
[   12.050898]  <TASK>
[   12.050925]  dump_stack_lvl+0x73/0xb0
[   12.050956]  print_report+0xd1/0x610
[   12.050976]  ? __virt_addr_valid+0x1db/0x2d0
[   12.050999]  ? krealloc_more_oob_helper+0x821/0x930
[   12.051021]  ? kasan_addr_to_slab+0x11/0xa0
[   12.051040]  ? krealloc_more_oob_helper+0x821/0x930
[   12.051067]  kasan_report+0x141/0x180
[   12.051088]  ? krealloc_more_oob_helper+0x821/0x930
[   12.051115]  __asan_report_store1_noabort+0x1b/0x30
[   12.051138]  krealloc_more_oob_helper+0x821/0x930
[   12.051159]  ? __schedule+0x10cc/0x2b60
[   12.051180]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.051203]  ? finish_task_switch.isra.0+0x153/0x700
[   12.051225]  ? __switch_to+0x47/0xf50
[   12.051250]  ? __schedule+0x10cc/0x2b60
[   12.051270]  ? __pfx_read_tsc+0x10/0x10
[   12.051293]  krealloc_large_more_oob+0x1c/0x30
[   12.051314]  kunit_try_run_case+0x1a5/0x480
[   12.051338]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.051407]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.051432]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.051454]  ? __kthread_parkme+0x82/0x180
[   12.051473]  ? preempt_count_sub+0x50/0x80
[   12.051495]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.051517]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.051539]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.051561]  kthread+0x337/0x6f0
[   12.051579]  ? trace_preempt_on+0x20/0xc0
[   12.051601]  ? __pfx_kthread+0x10/0x10
[   12.051620]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.051640]  ? calculate_sigpending+0x7b/0xa0
[   12.051663]  ? __pfx_kthread+0x10/0x10
[   12.051683]  ret_from_fork+0x116/0x1d0
[   12.051701]  ? __pfx_kthread+0x10/0x10
[   12.051720]  ret_from_fork_asm+0x1a/0x30
[   12.051749]  </TASK>
[   12.051759] 
[   12.064090] The buggy address belongs to the physical page:
[   12.064460] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a0
[   12.064759] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.065342] flags: 0x200000000000040(head|node=0|zone=2)
[   12.065998] page_type: f8(unknown)
[   12.066280] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.066724] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.067149] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.067629] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.067982] head: 0200000000000002 ffffea00040a6801 00000000ffffffff 00000000ffffffff
[   12.068324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.068941] page dumped because: kasan: bad access detected
[   12.069264] 
[   12.069364] Memory state around the buggy address:
[   12.069820]  ffff8881029a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.070246]  ffff8881029a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.070901] >ffff8881029a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.071232]                                                           ^
[   12.071680]  ffff8881029a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.072094]  ffff8881029a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.072554] ==================================================================
[   11.895485] ==================================================================
[   11.895784] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.896133] Write of size 1 at addr ffff888100a96ef0 by task kunit_try_catch/173
[   11.896531] 
[   11.896638] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.896678] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.896689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.896707] Call Trace:
[   11.896722]  <TASK>
[   11.896735]  dump_stack_lvl+0x73/0xb0
[   11.896762]  print_report+0xd1/0x610
[   11.896782]  ? __virt_addr_valid+0x1db/0x2d0
[   11.896802]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.896824]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.896855]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.896878]  kasan_report+0x141/0x180
[   11.896898]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.896941]  __asan_report_store1_noabort+0x1b/0x30
[   11.896965]  krealloc_more_oob_helper+0x7eb/0x930
[   11.896995]  ? __schedule+0x10cc/0x2b60
[   11.897016]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.897038]  ? finish_task_switch.isra.0+0x153/0x700
[   11.897059]  ? __switch_to+0x47/0xf50
[   11.897084]  ? __schedule+0x10cc/0x2b60
[   11.897106]  ? __pfx_read_tsc+0x10/0x10
[   11.897128]  krealloc_more_oob+0x1c/0x30
[   11.897148]  kunit_try_run_case+0x1a5/0x480
[   11.897171]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.897192]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.897213]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.897235]  ? __kthread_parkme+0x82/0x180
[   11.897253]  ? preempt_count_sub+0x50/0x80
[   11.897275]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.897297]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.897319]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.897362]  kthread+0x337/0x6f0
[   11.897381]  ? trace_preempt_on+0x20/0xc0
[   11.897403]  ? __pfx_kthread+0x10/0x10
[   11.897432]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.897452]  ? calculate_sigpending+0x7b/0xa0
[   11.897475]  ? __pfx_kthread+0x10/0x10
[   11.897495]  ret_from_fork+0x116/0x1d0
[   11.897512]  ? __pfx_kthread+0x10/0x10
[   11.897531]  ret_from_fork_asm+0x1a/0x30
[   11.897560]  </TASK>
[   11.897569] 
[   11.905888] Allocated by task 173:
[   11.906137]  kasan_save_stack+0x45/0x70
[   11.906418]  kasan_save_track+0x18/0x40
[   11.906622]  kasan_save_alloc_info+0x3b/0x50
[   11.906801]  __kasan_krealloc+0x190/0x1f0
[   11.907011]  krealloc_noprof+0xf3/0x340
[   11.907210]  krealloc_more_oob_helper+0x1a9/0x930
[   11.907587]  krealloc_more_oob+0x1c/0x30
[   11.907872]  kunit_try_run_case+0x1a5/0x480
[   11.908077]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.908259]  kthread+0x337/0x6f0
[   11.908567]  ret_from_fork+0x116/0x1d0
[   11.908923]  ret_from_fork_asm+0x1a/0x30
[   11.909070] 
[   11.909142] The buggy address belongs to the object at ffff888100a96e00
[   11.909142]  which belongs to the cache kmalloc-256 of size 256
[   11.909495] The buggy address is located 5 bytes to the right of
[   11.909495]  allocated 235-byte region [ffff888100a96e00, ffff888100a96eeb)
[   11.909933] 
[   11.910012] The buggy address belongs to the physical page:
[   11.910260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   11.910720] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.911598] flags: 0x200000000000040(head|node=0|zone=2)
[   11.911974] page_type: f5(slab)
[   11.912125] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.912516] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.912751] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.913086] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.913458] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff
[   11.913997] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.914371] page dumped because: kasan: bad access detected
[   11.914645] 
[   11.914774] Memory state around the buggy address:
[   11.915004]  ffff888100a96d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.915296]  ffff888100a96e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.915781] >ffff888100a96e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.916102]                                                              ^
[   11.916445]  ffff888100a96f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.916825]  ffff888100a96f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.917140] ==================================================================
[   12.073726] ==================================================================
[   12.074323] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.075250] Write of size 1 at addr ffff8881029a20f0 by task kunit_try_catch/177
[   12.076045] 
[   12.076148] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.076189] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.076200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.076219] Call Trace:
[   12.076230]  <TASK>
[   12.076244]  dump_stack_lvl+0x73/0xb0
[   12.076274]  print_report+0xd1/0x610
[   12.076295]  ? __virt_addr_valid+0x1db/0x2d0
[   12.076316]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.076339]  ? kasan_addr_to_slab+0x11/0xa0
[   12.076358]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.076380]  kasan_report+0x141/0x180
[   12.076401]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.076428]  __asan_report_store1_noabort+0x1b/0x30
[   12.076457]  krealloc_more_oob_helper+0x7eb/0x930
[   12.076479]  ? __schedule+0x10cc/0x2b60
[   12.076500]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.076524]  ? finish_task_switch.isra.0+0x153/0x700
[   12.076544]  ? __switch_to+0x47/0xf50
[   12.076568]  ? __schedule+0x10cc/0x2b60
[   12.076588]  ? __pfx_read_tsc+0x10/0x10
[   12.076611]  krealloc_large_more_oob+0x1c/0x30
[   12.076632]  kunit_try_run_case+0x1a5/0x480
[   12.076655]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.076676]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.076698]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.076720]  ? __kthread_parkme+0x82/0x180
[   12.076738]  ? preempt_count_sub+0x50/0x80
[   12.076760]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.076782]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.076804]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.076826]  kthread+0x337/0x6f0
[   12.076844]  ? trace_preempt_on+0x20/0xc0
[   12.076865]  ? __pfx_kthread+0x10/0x10
[   12.076884]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.076904]  ? calculate_sigpending+0x7b/0xa0
[   12.076934]  ? __pfx_kthread+0x10/0x10
[   12.076954]  ret_from_fork+0x116/0x1d0
[   12.076971]  ? __pfx_kthread+0x10/0x10
[   12.076990]  ret_from_fork_asm+0x1a/0x30
[   12.077019]  </TASK>
[   12.077028] 
[   12.089104] The buggy address belongs to the physical page:
[   12.089642] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029a0
[   12.090326] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.090890] flags: 0x200000000000040(head|node=0|zone=2)
[   12.091089] page_type: f8(unknown)
[   12.091215] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.091821] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.092572] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.093281] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.094047] head: 0200000000000002 ffffea00040a6801 00000000ffffffff 00000000ffffffff
[   12.094281] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.095163] page dumped because: kasan: bad access detected
[   12.095769] 
[   12.095964] Memory state around the buggy address:
[   12.096189]  ffff8881029a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.096917]  ffff8881029a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.097136] >ffff8881029a2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.097347]                                                              ^
[   12.097562]  ffff8881029a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.097776]  ffff8881029a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.097997] ==================================================================
[   11.861574] ==================================================================
[   11.862242] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.862578] Write of size 1 at addr ffff888100a96eeb by task kunit_try_catch/173
[   11.863138] 
[   11.863229] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.863271] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.863283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.863304] Call Trace:
[   11.863314]  <TASK>
[   11.863327]  dump_stack_lvl+0x73/0xb0
[   11.863460]  print_report+0xd1/0x610
[   11.863485]  ? __virt_addr_valid+0x1db/0x2d0
[   11.863506]  ? krealloc_more_oob_helper+0x821/0x930
[   11.863529]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.863549]  ? krealloc_more_oob_helper+0x821/0x930
[   11.863572]  kasan_report+0x141/0x180
[   11.863592]  ? krealloc_more_oob_helper+0x821/0x930
[   11.863619]  __asan_report_store1_noabort+0x1b/0x30
[   11.863642]  krealloc_more_oob_helper+0x821/0x930
[   11.863662]  ? __schedule+0x10cc/0x2b60
[   11.863684]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.863706]  ? finish_task_switch.isra.0+0x153/0x700
[   11.863727]  ? __switch_to+0x47/0xf50
[   11.863752]  ? __schedule+0x10cc/0x2b60
[   11.863772]  ? __pfx_read_tsc+0x10/0x10
[   11.863794]  krealloc_more_oob+0x1c/0x30
[   11.863816]  kunit_try_run_case+0x1a5/0x480
[   11.863839]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.863860]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.863882]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.863904]  ? __kthread_parkme+0x82/0x180
[   11.863934]  ? preempt_count_sub+0x50/0x80
[   11.863956]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.863978]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.863999]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.864021]  kthread+0x337/0x6f0
[   11.864039]  ? trace_preempt_on+0x20/0xc0
[   11.864061]  ? __pfx_kthread+0x10/0x10
[   11.864080]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.864101]  ? calculate_sigpending+0x7b/0xa0
[   11.864123]  ? __pfx_kthread+0x10/0x10
[   11.864143]  ret_from_fork+0x116/0x1d0
[   11.864159]  ? __pfx_kthread+0x10/0x10
[   11.864178]  ret_from_fork_asm+0x1a/0x30
[   11.864207]  </TASK>
[   11.864216] 
[   11.876701] Allocated by task 173:
[   11.877217]  kasan_save_stack+0x45/0x70
[   11.877971]  kasan_save_track+0x18/0x40
[   11.878318]  kasan_save_alloc_info+0x3b/0x50
[   11.879063]  __kasan_krealloc+0x190/0x1f0
[   11.879815]  krealloc_noprof+0xf3/0x340
[   11.880257]  krealloc_more_oob_helper+0x1a9/0x930
[   11.881095]  krealloc_more_oob+0x1c/0x30
[   11.881548]  kunit_try_run_case+0x1a5/0x480
[   11.882191]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.882461]  kthread+0x337/0x6f0
[   11.882589]  ret_from_fork+0x116/0x1d0
[   11.882724]  ret_from_fork_asm+0x1a/0x30
[   11.882864] 
[   11.882968] The buggy address belongs to the object at ffff888100a96e00
[   11.882968]  which belongs to the cache kmalloc-256 of size 256
[   11.883392] The buggy address is located 0 bytes to the right of
[   11.883392]  allocated 235-byte region [ffff888100a96e00, ffff888100a96eeb)
[   11.884028] 
[   11.884115] The buggy address belongs to the physical page:
[   11.884806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96
[   11.885673] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.886259] flags: 0x200000000000040(head|node=0|zone=2)
[   11.886718] page_type: f5(slab)
[   11.887045] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.887528] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.887941] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.888732] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.889197] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff
[   11.889741] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.890435] page dumped because: kasan: bad access detected
[   11.891017] 
[   11.891094] Memory state around the buggy address:
[   11.891249]  ffff888100a96d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.891542]  ffff888100a96e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.892260] >ffff888100a96e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.893083]                                                           ^
[   11.893867]  ffff888100a96f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.894616]  ffff888100a96f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.895038] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308Wxco0Z10DyzYIW4nOQQqgkwI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308Wxco0Z10DyzYIW4nOQQqgkwI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/bzImage
sha256sum	aa8c3294f8e6a312d0005bf4942ab46073b3db37d1a255c29f470aad8b68ac89

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/modules.tar.xz
sha256sum	3f40af07dd0ca48c872811d115b0432b5fee72cae8136e55274a0e7676f09c6e

durations

tests

boot	0
kunit	198.91

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit