lkft/linux-mainline-master - v6.16-rc6-37-ge2291551827f - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 17, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.175310] ==================================================================
[   15.175368] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.175480] Write of size 1 at addr fff00000c09198f0 by task kunit_try_catch/157
[   15.175557] 
[   15.175650] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.175755] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.175782] Hardware name: linux,dummy-virt (DT)
[   15.175811] Call trace:
[   15.175850]  show_stack+0x20/0x38 (C)
[   15.176163]  dump_stack_lvl+0x8c/0xd0
[   15.176241]  print_report+0x118/0x5d0
[   15.176548]  kasan_report+0xdc/0x128
[   15.176688]  __asan_report_store1_noabort+0x20/0x30
[   15.176753]  krealloc_more_oob_helper+0x5c0/0x678
[   15.176830]  krealloc_more_oob+0x20/0x38
[   15.176974]  kunit_try_run_case+0x170/0x3f0
[   15.177081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.177256]  kthread+0x328/0x630
[   15.177319]  ret_from_fork+0x10/0x20
[   15.177492] 
[   15.177583] Allocated by task 157:
[   15.177662]  kasan_save_stack+0x3c/0x68
[   15.177976]  kasan_save_track+0x20/0x40
[   15.178198]  kasan_save_alloc_info+0x40/0x58
[   15.178726]  __kasan_kmalloc+0xd4/0xd8
[   15.178900]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   15.179057]  krealloc_noprof+0xdc/0x360
[   15.179118]  krealloc_more_oob_helper+0x168/0x678
[   15.179261]  krealloc_more_oob+0x20/0x38
[   15.179402]  kunit_try_run_case+0x170/0x3f0
[   15.179663]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.179870]  kthread+0x328/0x630
[   15.179957]  ret_from_fork+0x10/0x20
[   15.180091] 
[   15.180164] The buggy address belongs to the object at fff00000c0919800
[   15.180164]  which belongs to the cache kmalloc-256 of size 256
[   15.180245] The buggy address is located 5 bytes to the right of
[   15.180245]  allocated 235-byte region [fff00000c0919800, fff00000c09198eb)
[   15.180585] 
[   15.180675] The buggy address belongs to the physical page:
[   15.180755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100918
[   15.180831] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.180969] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.181184] page_type: f5(slab)
[   15.181437] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.181526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.181654] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.181818] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.181900] head: 0bfffe0000000001 ffffc1ffc3024601 00000000ffffffff 00000000ffffffff
[   15.181956] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.182127] page dumped because: kasan: bad access detected
[   15.182315] 
[   15.182336] Memory state around the buggy address:
[   15.182619]  fff00000c0919780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.182791]  fff00000c0919800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.182845] >fff00000c0919880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.182930]                                                              ^
[   15.182970]  fff00000c0919900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.183023]  fff00000c0919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.183060] ==================================================================
[   15.246352] ==================================================================
[   15.246404] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.246453] Write of size 1 at addr fff00000c65c60f0 by task kunit_try_catch/161
[   15.246511] 
[   15.246540] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.246618] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.246679] Hardware name: linux,dummy-virt (DT)
[   15.246710] Call trace:
[   15.246731]  show_stack+0x20/0x38 (C)
[   15.246778]  dump_stack_lvl+0x8c/0xd0
[   15.246824]  print_report+0x118/0x5d0
[   15.246868]  kasan_report+0xdc/0x128
[   15.246913]  __asan_report_store1_noabort+0x20/0x30
[   15.246974]  krealloc_more_oob_helper+0x5c0/0x678
[   15.247032]  krealloc_large_more_oob+0x20/0x38
[   15.247078]  kunit_try_run_case+0x170/0x3f0
[   15.247131]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.247183]  kthread+0x328/0x630
[   15.247224]  ret_from_fork+0x10/0x20
[   15.247269] 
[   15.247287] The buggy address belongs to the physical page:
[   15.247318] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c4
[   15.247380] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.247438] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.247488] page_type: f8(unknown)
[   15.247524] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.247583] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.247633] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.247681] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.247730] head: 0bfffe0000000002 ffffc1ffc3197101 00000000ffffffff 00000000ffffffff
[   15.247777] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.247825] page dumped because: kasan: bad access detected
[   15.247865] 
[   15.247889] Memory state around the buggy address:
[   15.247919]  fff00000c65c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.247960]  fff00000c65c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.248705] >fff00000c65c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.248749]                                                              ^
[   15.248789]  fff00000c65c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.248857]  fff00000c65c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.248904] ==================================================================
[   15.164887] ==================================================================
[   15.165152] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.165208] Write of size 1 at addr fff00000c09198eb by task kunit_try_catch/157
[   15.165257] 
[   15.165472] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.165582] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.165780] Hardware name: linux,dummy-virt (DT)
[   15.165886] Call trace:
[   15.165915]  show_stack+0x20/0x38 (C)
[   15.166127]  dump_stack_lvl+0x8c/0xd0
[   15.166317]  print_report+0x118/0x5d0
[   15.166420]  kasan_report+0xdc/0x128
[   15.166468]  __asan_report_store1_noabort+0x20/0x30
[   15.166745]  krealloc_more_oob_helper+0x60c/0x678
[   15.166941]  krealloc_more_oob+0x20/0x38
[   15.167000]  kunit_try_run_case+0x170/0x3f0
[   15.167401]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.167509]  kthread+0x328/0x630
[   15.167629]  ret_from_fork+0x10/0x20
[   15.167690] 
[   15.167708] Allocated by task 157:
[   15.167737]  kasan_save_stack+0x3c/0x68
[   15.168100]  kasan_save_track+0x20/0x40
[   15.168192]  kasan_save_alloc_info+0x40/0x58
[   15.168301]  __kasan_kmalloc+0xd4/0xd8
[   15.168425]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   15.168491]  krealloc_noprof+0xdc/0x360
[   15.168652]  krealloc_more_oob_helper+0x168/0x678
[   15.168835]  krealloc_more_oob+0x20/0x38
[   15.168904]  kunit_try_run_case+0x170/0x3f0
[   15.169035]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.169100]  kthread+0x328/0x630
[   15.169279]  ret_from_fork+0x10/0x20
[   15.169473] 
[   15.169581] The buggy address belongs to the object at fff00000c0919800
[   15.169581]  which belongs to the cache kmalloc-256 of size 256
[   15.169666] The buggy address is located 0 bytes to the right of
[   15.169666]  allocated 235-byte region [fff00000c0919800, fff00000c09198eb)
[   15.169805] 
[   15.169896] The buggy address belongs to the physical page:
[   15.169989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100918
[   15.170294] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.170483] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.170696] page_type: f5(slab)
[   15.170987] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.171053] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.171660] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.171824] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.171904] head: 0bfffe0000000001 ffffc1ffc3024601 00000000ffffffff 00000000ffffffff
[   15.172335] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.172675] page dumped because: kasan: bad access detected
[   15.172819] 
[   15.172888] Memory state around the buggy address:
[   15.172999]  fff00000c0919780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.173047]  fff00000c0919800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.173355] >fff00000c0919880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.173481]                                                           ^
[   15.173584]  fff00000c0919900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.173659]  fff00000c0919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.174000] ==================================================================
[   15.239016] ==================================================================
[   15.239074] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.239478] Write of size 1 at addr fff00000c65c60eb by task kunit_try_catch/161
[   15.239548] 
[   15.239583] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.239664] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.239737] Hardware name: linux,dummy-virt (DT)
[   15.239768] Call trace:
[   15.239788]  show_stack+0x20/0x38 (C)
[   15.240058]  dump_stack_lvl+0x8c/0xd0
[   15.240197]  print_report+0x118/0x5d0
[   15.240378]  kasan_report+0xdc/0x128
[   15.240439]  __asan_report_store1_noabort+0x20/0x30
[   15.240490]  krealloc_more_oob_helper+0x60c/0x678
[   15.240538]  krealloc_large_more_oob+0x20/0x38
[   15.240584]  kunit_try_run_case+0x170/0x3f0
[   15.240632]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.240683]  kthread+0x328/0x630
[   15.240722]  ret_from_fork+0x10/0x20
[   15.240769] 
[   15.241317] The buggy address belongs to the physical page:
[   15.241462] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c4
[   15.241714] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.241775] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.241945] page_type: f8(unknown)
[   15.242055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.242214] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.242300] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.242610] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.242776] head: 0bfffe0000000002 ffffc1ffc3197101 00000000ffffffff 00000000ffffffff
[   15.243126] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.243188] page dumped because: kasan: bad access detected
[   15.243246] 
[   15.243354] Memory state around the buggy address:
[   15.243429]  fff00000c65c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.243592]  fff00000c65c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.243818] >fff00000c65c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.243880]                                                           ^
[   15.244077]  fff00000c65c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.244505]  fff00000c65c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.244593] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3003M942ob4BTLEn8Aseea5B8RJ

job_id

TEST:linaro@lkft#3003QRiEnhxBi5vhC0jxaNVXmcS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3003QRiEnhxBi5vhC0jxaNVXmcS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003NHs0B68ZGBetkLilYavuDFy/Image.gz
sha256sum	9ef31b16479117b68c0f561eaeaa8823716042fb27d398853ce96cfca127f95e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003NHs0B68ZGBetkLilYavuDFy/modules.tar.xz
sha256sum	6dda0b757b3bcf288fc6551d8e2b1e653bdd9378e1cef459bf5759205275c144

durations

tests

boot	0
kunit	172.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.841732] ==================================================================
[   12.842475] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.842868] Write of size 1 at addr ffff888102a460f0 by task kunit_try_catch/177
[   12.843559] 
[   12.843674] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.843718] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.843730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.843750] Call Trace:
[   12.843762]  <TASK>
[   12.843776]  dump_stack_lvl+0x73/0xb0
[   12.843806]  print_report+0xd1/0x610
[   12.843828]  ? __virt_addr_valid+0x1db/0x2d0
[   12.843851]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.843875]  ? kasan_addr_to_slab+0x11/0xa0
[   12.843896]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.843921]  kasan_report+0x141/0x180
[   12.843942]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.843972]  __asan_report_store1_noabort+0x1b/0x30
[   12.843997]  krealloc_more_oob_helper+0x7eb/0x930
[   12.844020]  ? __schedule+0x10cc/0x2b60
[   12.844047]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.844073]  ? finish_task_switch.isra.0+0x153/0x700
[   12.844096]  ? __switch_to+0x47/0xf50
[   12.844120]  ? __schedule+0x10cc/0x2b60
[   12.844141]  ? __pfx_read_tsc+0x10/0x10
[   12.844165]  krealloc_large_more_oob+0x1c/0x30
[   12.844188]  kunit_try_run_case+0x1a5/0x480
[   12.844214]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.844237]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.844631]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.844657]  ? __kthread_parkme+0x82/0x180
[   12.844679]  ? preempt_count_sub+0x50/0x80
[   12.844703]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.844728]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.844761]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.844786]  kthread+0x337/0x6f0
[   12.844806]  ? trace_preempt_on+0x20/0xc0
[   12.844830]  ? __pfx_kthread+0x10/0x10
[   12.844850]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.844873]  ? calculate_sigpending+0x7b/0xa0
[   12.844897]  ? __pfx_kthread+0x10/0x10
[   12.844918]  ret_from_fork+0x116/0x1d0
[   12.844937]  ? __pfx_kthread+0x10/0x10
[   12.844957]  ret_from_fork_asm+0x1a/0x30
[   12.844988]  </TASK>
[   12.844998] 
[   12.852669] The buggy address belongs to the physical page:
[   12.852887] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44
[   12.853133] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.853501] flags: 0x200000000000040(head|node=0|zone=2)
[   12.853943] page_type: f8(unknown)
[   12.854086] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.854607] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.854907] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.855138] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.855842] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff
[   12.856141] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.856517] page dumped because: kasan: bad access detected
[   12.856782] 
[   12.856867] Memory state around the buggy address:
[   12.857056]  ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.857346]  ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.857609] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.857943]                                                              ^
[   12.858255]  ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.858510]  ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.858776] ==================================================================
[   12.659125] ==================================================================
[   12.659579] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.659979] Write of size 1 at addr ffff8881003428f0 by task kunit_try_catch/173
[   12.660488] 
[   12.660639] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.660697] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.660708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.660729] Call Trace:
[   12.660743]  <TASK>
[   12.660759]  dump_stack_lvl+0x73/0xb0
[   12.660788]  print_report+0xd1/0x610
[   12.660810]  ? __virt_addr_valid+0x1db/0x2d0
[   12.660832]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.660856]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.660879]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.660904]  kasan_report+0x141/0x180
[   12.660940]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.660969]  __asan_report_store1_noabort+0x1b/0x30
[   12.660994]  krealloc_more_oob_helper+0x7eb/0x930
[   12.661017]  ? __schedule+0x10cc/0x2b60
[   12.661038]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.661063]  ? finish_task_switch.isra.0+0x153/0x700
[   12.661086]  ? __switch_to+0x47/0xf50
[   12.661110]  ? __schedule+0x10cc/0x2b60
[   12.661131]  ? __pfx_read_tsc+0x10/0x10
[   12.661154]  krealloc_more_oob+0x1c/0x30
[   12.661176]  kunit_try_run_case+0x1a5/0x480
[   12.661199]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.661222]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.661464]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.661493]  ? __kthread_parkme+0x82/0x180
[   12.661526]  ? preempt_count_sub+0x50/0x80
[   12.661557]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.661582]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.661607]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.661633]  kthread+0x337/0x6f0
[   12.661652]  ? trace_preempt_on+0x20/0xc0
[   12.661676]  ? __pfx_kthread+0x10/0x10
[   12.661696]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.661718]  ? calculate_sigpending+0x7b/0xa0
[   12.661742]  ? __pfx_kthread+0x10/0x10
[   12.661763]  ret_from_fork+0x116/0x1d0
[   12.661781]  ? __pfx_kthread+0x10/0x10
[   12.661801]  ret_from_fork_asm+0x1a/0x30
[   12.661832]  </TASK>
[   12.661841] 
[   12.671078] Allocated by task 173:
[   12.671216]  kasan_save_stack+0x45/0x70
[   12.671366]  kasan_save_track+0x18/0x40
[   12.671500]  kasan_save_alloc_info+0x3b/0x50
[   12.671667]  __kasan_krealloc+0x190/0x1f0
[   12.672108]  krealloc_noprof+0xf3/0x340
[   12.672266]  krealloc_more_oob_helper+0x1a9/0x930
[   12.672429]  krealloc_more_oob+0x1c/0x30
[   12.672595]  kunit_try_run_case+0x1a5/0x480
[   12.672802]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.673058]  kthread+0x337/0x6f0
[   12.673228]  ret_from_fork+0x116/0x1d0
[   12.674641]  ret_from_fork_asm+0x1a/0x30
[   12.676428] 
[   12.676519] The buggy address belongs to the object at ffff888100342800
[   12.676519]  which belongs to the cache kmalloc-256 of size 256
[   12.677613] The buggy address is located 5 bytes to the right of
[   12.677613]  allocated 235-byte region [ffff888100342800, ffff8881003428eb)
[   12.678043] 
[   12.678123] The buggy address belongs to the physical page:
[   12.678310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.678568] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.678798] flags: 0x200000000000040(head|node=0|zone=2)
[   12.678974] page_type: f5(slab)
[   12.679097] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.679331] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.680032] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.680981] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.682107] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.682708] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.683216] page dumped because: kasan: bad access detected
[   12.683635] 
[   12.683717] Memory state around the buggy address:
[   12.683929]  ffff888100342780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.684777]  ffff888100342800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.685076] >ffff888100342880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.685634]                                                              ^
[   12.685984]  ffff888100342900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.686636]  ffff888100342980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.687086] ==================================================================
[   12.817951] ==================================================================
[   12.818448] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.819014] Write of size 1 at addr ffff888102a460eb by task kunit_try_catch/177
[   12.819300] 
[   12.819413] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.819460] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.819566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.819590] Call Trace:
[   12.819603]  <TASK>
[   12.819618]  dump_stack_lvl+0x73/0xb0
[   12.819651]  print_report+0xd1/0x610
[   12.819673]  ? __virt_addr_valid+0x1db/0x2d0
[   12.819698]  ? krealloc_more_oob_helper+0x821/0x930
[   12.819723]  ? kasan_addr_to_slab+0x11/0xa0
[   12.819743]  ? krealloc_more_oob_helper+0x821/0x930
[   12.819768]  kasan_report+0x141/0x180
[   12.819790]  ? krealloc_more_oob_helper+0x821/0x930
[   12.819819]  __asan_report_store1_noabort+0x1b/0x30
[   12.819845]  krealloc_more_oob_helper+0x821/0x930
[   12.819868]  ? __schedule+0x10cc/0x2b60
[   12.819890]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.819916]  ? finish_task_switch.isra.0+0x153/0x700
[   12.819940]  ? __switch_to+0x47/0xf50
[   12.819966]  ? __schedule+0x10cc/0x2b60
[   12.819987]  ? __pfx_read_tsc+0x10/0x10
[   12.820011]  krealloc_large_more_oob+0x1c/0x30
[   12.820035]  kunit_try_run_case+0x1a5/0x480
[   12.820066]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.820089]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.820113]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.820137]  ? __kthread_parkme+0x82/0x180
[   12.820158]  ? preempt_count_sub+0x50/0x80
[   12.820180]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.820205]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.820229]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.820266]  kthread+0x337/0x6f0
[   12.820285]  ? trace_preempt_on+0x20/0xc0
[   12.820309]  ? __pfx_kthread+0x10/0x10
[   12.820330]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.820351]  ? calculate_sigpending+0x7b/0xa0
[   12.820376]  ? __pfx_kthread+0x10/0x10
[   12.820397]  ret_from_fork+0x116/0x1d0
[   12.820455]  ? __pfx_kthread+0x10/0x10
[   12.820479]  ret_from_fork_asm+0x1a/0x30
[   12.820511]  </TASK>
[   12.820522] 
[   12.830611] The buggy address belongs to the physical page:
[   12.830864] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44
[   12.831198] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.831954] flags: 0x200000000000040(head|node=0|zone=2)
[   12.832393] page_type: f8(unknown)
[   12.832719] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.833210] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.833819] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.834146] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.834466] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff
[   12.835548] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.835984] page dumped because: kasan: bad access detected
[   12.836596] 
[   12.836697] Memory state around the buggy address:
[   12.836918]  ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.837191]  ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.837877] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.838177]                                                           ^
[   12.838779]  ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.839076]  ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.839364] ==================================================================
[   12.621477] ==================================================================
[   12.622000] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.622252] Write of size 1 at addr ffff8881003428eb by task kunit_try_catch/173
[   12.623255] 
[   12.623773] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.623820] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.623831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.623851] Call Trace:
[   12.623863]  <TASK>
[   12.623877]  dump_stack_lvl+0x73/0xb0
[   12.623908]  print_report+0xd1/0x610
[   12.623930]  ? __virt_addr_valid+0x1db/0x2d0
[   12.623952]  ? krealloc_more_oob_helper+0x821/0x930
[   12.623977]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.624000]  ? krealloc_more_oob_helper+0x821/0x930
[   12.624025]  kasan_report+0x141/0x180
[   12.624051]  ? krealloc_more_oob_helper+0x821/0x930
[   12.624080]  __asan_report_store1_noabort+0x1b/0x30
[   12.624105]  krealloc_more_oob_helper+0x821/0x930
[   12.624128]  ? __schedule+0x10cc/0x2b60
[   12.624150]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.624175]  ? finish_task_switch.isra.0+0x153/0x700
[   12.624198]  ? __switch_to+0x47/0xf50
[   12.624224]  ? __schedule+0x10cc/0x2b60
[   12.624372]  ? __pfx_read_tsc+0x10/0x10
[   12.624398]  krealloc_more_oob+0x1c/0x30
[   12.624421]  kunit_try_run_case+0x1a5/0x480
[   12.624446]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.624469]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.624493]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.624517]  ? __kthread_parkme+0x82/0x180
[   12.624538]  ? preempt_count_sub+0x50/0x80
[   12.624571]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.624595]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.624619]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.624645]  kthread+0x337/0x6f0
[   12.624663]  ? trace_preempt_on+0x20/0xc0
[   12.624686]  ? __pfx_kthread+0x10/0x10
[   12.624706]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.624728]  ? calculate_sigpending+0x7b/0xa0
[   12.624751]  ? __pfx_kthread+0x10/0x10
[   12.624772]  ret_from_fork+0x116/0x1d0
[   12.624791]  ? __pfx_kthread+0x10/0x10
[   12.624811]  ret_from_fork_asm+0x1a/0x30
[   12.624841]  </TASK>
[   12.624852] 
[   12.642822] Allocated by task 173:
[   12.643270]  kasan_save_stack+0x45/0x70
[   12.643729]  kasan_save_track+0x18/0x40
[   12.643881]  kasan_save_alloc_info+0x3b/0x50
[   12.644033]  __kasan_krealloc+0x190/0x1f0
[   12.644196]  krealloc_noprof+0xf3/0x340
[   12.644773]  krealloc_more_oob_helper+0x1a9/0x930
[   12.645153]  krealloc_more_oob+0x1c/0x30
[   12.645712]  kunit_try_run_case+0x1a5/0x480
[   12.646218]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.646825]  kthread+0x337/0x6f0
[   12.647149]  ret_from_fork+0x116/0x1d0
[   12.647610]  ret_from_fork_asm+0x1a/0x30
[   12.648034] 
[   12.648120] The buggy address belongs to the object at ffff888100342800
[   12.648120]  which belongs to the cache kmalloc-256 of size 256
[   12.649580] The buggy address is located 0 bytes to the right of
[   12.649580]  allocated 235-byte region [ffff888100342800, ffff8881003428eb)
[   12.650271] 
[   12.650467] The buggy address belongs to the physical page:
[   12.651334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.651938] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.652181] flags: 0x200000000000040(head|node=0|zone=2)
[   12.652740] page_type: f5(slab)
[   12.653062] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.653954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.654534] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.654789] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.655024] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.655330] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.655680] page dumped because: kasan: bad access detected
[   12.655895] 
[   12.656009] Memory state around the buggy address:
[   12.656231]  ffff888100342780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.656605]  ffff888100342800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.657057] >ffff888100342880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.657381]                                                           ^
[   12.657825]  ffff888100342900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.658101]  ffff888100342980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.658526] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3003M942ob4BTLEn8Aseea5B8RJ

job_id

TEST:linaro@lkft#3003RZF7XnQmdPtM5cUiAwKFtCz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3003RZF7XnQmdPtM5cUiAwKFtCz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003OTpuRWvyGUlL7jaPEGEgnga/bzImage
sha256sum	9e432f7c2ce284ae4c046a3c28b251bd05c2eeee0552939f78c78f7dfd4e4b62

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003OTpuRWvyGUlL7jaPEGEgnga/modules.tar.xz
sha256sum	0463dd5e8a00ad40cd4bcdb9cac1553cc5906788b61bb36c5984bb82fa7d83ab

durations

tests

boot	0
kunit	247.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit