lkft/linux-mainline-master - v6.16-rc6 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 13, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.699890] ==================================================================
[   15.699950] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.700000] Write of size 1 at addr fff00000c171deeb by task kunit_try_catch/157
[   15.700365] 
[   15.700644] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.700953] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.701120] Hardware name: linux,dummy-virt (DT)
[   15.701168] Call trace:
[   15.701237]  show_stack+0x20/0x38 (C)
[   15.701571]  dump_stack_lvl+0x8c/0xd0
[   15.701651]  print_report+0x118/0x5d0
[   15.701806]  kasan_report+0xdc/0x128
[   15.701884]  __asan_report_store1_noabort+0x20/0x30
[   15.702181]  krealloc_more_oob_helper+0x60c/0x678
[   15.702310]  krealloc_more_oob+0x20/0x38
[   15.702409]  kunit_try_run_case+0x170/0x3f0
[   15.702537]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.702601]  kthread+0x328/0x630
[   15.702651]  ret_from_fork+0x10/0x20
[   15.702942] 
[   15.703084] Allocated by task 157:
[   15.703141]  kasan_save_stack+0x3c/0x68
[   15.703337]  kasan_save_track+0x20/0x40
[   15.703476]  kasan_save_alloc_info+0x40/0x58
[   15.703625]  __kasan_krealloc+0x118/0x178
[   15.703700]  krealloc_noprof+0x128/0x360
[   15.703758]  krealloc_more_oob_helper+0x168/0x678
[   15.703890]  krealloc_more_oob+0x20/0x38
[   15.703957]  kunit_try_run_case+0x170/0x3f0
[   15.704011]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.704238]  kthread+0x328/0x630
[   15.704410]  ret_from_fork+0x10/0x20
[   15.704531] 
[   15.704553] The buggy address belongs to the object at fff00000c171de00
[   15.704553]  which belongs to the cache kmalloc-256 of size 256
[   15.704613] The buggy address is located 0 bytes to the right of
[   15.704613]  allocated 235-byte region [fff00000c171de00, fff00000c171deeb)
[   15.704683] 
[   15.704847] The buggy address belongs to the physical page:
[   15.704952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10171c
[   15.705148] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.705209] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.705308] page_type: f5(slab)
[   15.705366] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.705815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.705938] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.705988] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.706277] head: 0bfffe0000000001 ffffc1ffc305c701 00000000ffffffff 00000000ffffffff
[   15.706364] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.706455] page dumped because: kasan: bad access detected
[   15.706523] 
[   15.706541] Memory state around the buggy address:
[   15.706578]  fff00000c171dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.706856]  fff00000c171de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.706939] >fff00000c171de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.707012]                                                           ^
[   15.707369]  fff00000c171df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.707455]  fff00000c171df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.707536] ==================================================================
[   15.773952] ==================================================================
[   15.774008] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.774063] Write of size 1 at addr fff00000c66b60eb by task kunit_try_catch/161
[   15.774305] 
[   15.774352] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.774433] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.774817] Hardware name: linux,dummy-virt (DT)
[   15.774875] Call trace:
[   15.774924]  show_stack+0x20/0x38 (C)
[   15.774987]  dump_stack_lvl+0x8c/0xd0
[   15.775161]  print_report+0x118/0x5d0
[   15.775303]  kasan_report+0xdc/0x128
[   15.775355]  __asan_report_store1_noabort+0x20/0x30
[   15.775409]  krealloc_more_oob_helper+0x60c/0x678
[   15.775752]  krealloc_large_more_oob+0x20/0x38
[   15.775831]  kunit_try_run_case+0x170/0x3f0
[   15.775997]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.776082]  kthread+0x328/0x630
[   15.776138]  ret_from_fork+0x10/0x20
[   15.776268] 
[   15.776289] The buggy address belongs to the physical page:
[   15.776320] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066b4
[   15.776614] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.776714] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.776823] page_type: f8(unknown)
[   15.776889] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.777008] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.777114] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.777183] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.777570] head: 0bfffe0000000002 ffffc1ffc319ad01 00000000ffffffff 00000000ffffffff
[   15.777654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.777730] page dumped because: kasan: bad access detected
[   15.777830] 
[   15.777849] Memory state around the buggy address:
[   15.777899]  fff00000c66b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.778219]  fff00000c66b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.778291] >fff00000c66b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.778399]                                                           ^
[   15.778447]  fff00000c66b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.778526]  fff00000c66b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.778814] ==================================================================
[   15.781047] ==================================================================
[   15.781124] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.781187] Write of size 1 at addr fff00000c66b60f0 by task kunit_try_catch/161
[   15.781252] 
[   15.781568] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.781702] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.781731] Hardware name: linux,dummy-virt (DT)
[   15.781776] Call trace:
[   15.781797]  show_stack+0x20/0x38 (C)
[   15.781967]  dump_stack_lvl+0x8c/0xd0
[   15.782150]  print_report+0x118/0x5d0
[   15.782216]  kasan_report+0xdc/0x128
[   15.782335]  __asan_report_store1_noabort+0x20/0x30
[   15.782391]  krealloc_more_oob_helper+0x5c0/0x678
[   15.782459]  krealloc_large_more_oob+0x20/0x38
[   15.782775]  kunit_try_run_case+0x170/0x3f0
[   15.782850]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.783083]  kthread+0x328/0x630
[   15.783293]  ret_from_fork+0x10/0x20
[   15.783368] 
[   15.783397] The buggy address belongs to the physical page:
[   15.783434] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066b4
[   15.783545] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.783600] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.783660] page_type: f8(unknown)
[   15.783698] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.783904] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.783984] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.784187] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.784289] head: 0bfffe0000000002 ffffc1ffc319ad01 00000000ffffffff 00000000ffffffff
[   15.784439] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.784492] page dumped because: kasan: bad access detected
[   15.784523] 
[   15.784541] Memory state around the buggy address:
[   15.784577]  fff00000c66b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.784619]  fff00000c66b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.784905] >fff00000c66b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.785025]                                                              ^
[   15.785110]  fff00000c66b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.785161]  fff00000c66b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.785209] ==================================================================
[   15.710039] ==================================================================
[   15.710128] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.710186] Write of size 1 at addr fff00000c171def0 by task kunit_try_catch/157
[   15.710315] 
[   15.710373] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.710731] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.710785] Hardware name: linux,dummy-virt (DT)
[   15.710902] Call trace:
[   15.710942]  show_stack+0x20/0x38 (C)
[   15.710994]  dump_stack_lvl+0x8c/0xd0
[   15.711095]  print_report+0x118/0x5d0
[   15.711145]  kasan_report+0xdc/0x128
[   15.711369]  __asan_report_store1_noabort+0x20/0x30
[   15.711451]  krealloc_more_oob_helper+0x5c0/0x678
[   15.711736]  krealloc_more_oob+0x20/0x38
[   15.711908]  kunit_try_run_case+0x170/0x3f0
[   15.712040]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.712117]  kthread+0x328/0x630
[   15.712159]  ret_from_fork+0x10/0x20
[   15.712502] 
[   15.712523] Allocated by task 157:
[   15.712676]  kasan_save_stack+0x3c/0x68
[   15.712723]  kasan_save_track+0x20/0x40
[   15.712759]  kasan_save_alloc_info+0x40/0x58
[   15.712806]  __kasan_krealloc+0x118/0x178
[   15.713022]  krealloc_noprof+0x128/0x360
[   15.713173]  krealloc_more_oob_helper+0x168/0x678
[   15.713241]  krealloc_more_oob+0x20/0x38
[   15.713278]  kunit_try_run_case+0x170/0x3f0
[   15.713352]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.713411]  kthread+0x328/0x630
[   15.713443]  ret_from_fork+0x10/0x20
[   15.713487] 
[   15.713505] The buggy address belongs to the object at fff00000c171de00
[   15.713505]  which belongs to the cache kmalloc-256 of size 256
[   15.713572] The buggy address is located 5 bytes to the right of
[   15.713572]  allocated 235-byte region [fff00000c171de00, fff00000c171deeb)
[   15.713658] 
[   15.713691] The buggy address belongs to the physical page:
[   15.713722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10171c
[   15.713775] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.713844] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.713902] page_type: f5(slab)
[   15.713946] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.714005] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.714062] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.714119] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.714179] head: 0bfffe0000000001 ffffc1ffc305c701 00000000ffffffff 00000000ffffffff
[   15.714250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.714305] page dumped because: kasan: bad access detected
[   15.714344] 
[   15.714367] Memory state around the buggy address:
[   15.714422]  fff00000c171dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.714490]  fff00000c171de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.714543] >fff00000c171de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.714580]                                                              ^
[   15.714618]  fff00000c171df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.714665]  fff00000c171df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.714708] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zqAptjhcOzJ4yWziuszPhFuVFY

job_id

TEST:linaro@lkft#2zqAtvTnhA8tXUUOK3QDm2PF24C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAtvTnhA8tXUUOK3QDm2PF24C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAr1hYUrQW3RtaZkxautdt0BG/Image.gz
sha256sum	91974e256417c37307fb0eb79db4941b38ffb081f2b36dd1bf502ba6c5a3b85c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAr1hYUrQW3RtaZkxautdt0BG/modules.tar.xz
sha256sum	8ae65b38e3609075180c907454f6410350330e46fa245ab9d10ce638377cf59a

durations

tests

boot	0
kunit	168.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.550090] ==================================================================
[   16.550164] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.550245] Write of size 1 at addr fff00000c4518ceb by task kunit_try_catch/157
[   16.550295] 
[   16.550347] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.550652] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.550691] Hardware name: linux,dummy-virt (DT)
[   16.550721] Call trace:
[   16.550770]  show_stack+0x20/0x38 (C)
[   16.550996]  dump_stack_lvl+0x8c/0xd0
[   16.551054]  print_report+0x118/0x5d0
[   16.551100]  kasan_report+0xdc/0x128
[   16.551145]  __asan_report_store1_noabort+0x20/0x30
[   16.551207]  krealloc_more_oob_helper+0x60c/0x678
[   16.551254]  krealloc_more_oob+0x20/0x38
[   16.551299]  kunit_try_run_case+0x170/0x3f0
[   16.551372]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.551562]  kthread+0x328/0x630
[   16.551639]  ret_from_fork+0x10/0x20
[   16.551719] 
[   16.551770] Allocated by task 157:
[   16.551826]  kasan_save_stack+0x3c/0x68
[   16.551906]  kasan_save_track+0x20/0x40
[   16.552058]  kasan_save_alloc_info+0x40/0x58
[   16.552163]  __kasan_krealloc+0x118/0x178
[   16.552211]  krealloc_noprof+0x128/0x360
[   16.552455]  krealloc_more_oob_helper+0x168/0x678
[   16.552579]  krealloc_more_oob+0x20/0x38
[   16.552695]  kunit_try_run_case+0x170/0x3f0
[   16.552787]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.552942]  kthread+0x328/0x630
[   16.553015]  ret_from_fork+0x10/0x20
[   16.553071] 
[   16.553091] The buggy address belongs to the object at fff00000c4518c00
[   16.553091]  which belongs to the cache kmalloc-256 of size 256
[   16.553159] The buggy address is located 0 bytes to the right of
[   16.553159]  allocated 235-byte region [fff00000c4518c00, fff00000c4518ceb)
[   16.553235] 
[   16.553254] The buggy address belongs to the physical page:
[   16.553285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518
[   16.553339] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.553395] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.553449] page_type: f5(slab)
[   16.553495] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.553553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.553621] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.553669] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.553723] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff
[   16.553780] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.553830] page dumped because: kasan: bad access detected
[   16.553866] 
[   16.553883] Memory state around the buggy address:
[   16.553921]  fff00000c4518b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.553964]  fff00000c4518c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.554011] >fff00000c4518c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.554048]                                                           ^
[   16.554096]  fff00000c4518d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.554138]  fff00000c4518d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.554175] ==================================================================
[   16.556485] ==================================================================
[   16.556540] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.556614] Write of size 1 at addr fff00000c4518cf0 by task kunit_try_catch/157
[   16.556669] 
[   16.556698] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.556776] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.556802] Hardware name: linux,dummy-virt (DT)
[   16.556831] Call trace:
[   16.556852]  show_stack+0x20/0x38 (C)
[   16.556897]  dump_stack_lvl+0x8c/0xd0
[   16.556941]  print_report+0x118/0x5d0
[   16.557142]  kasan_report+0xdc/0x128
[   16.557226]  __asan_report_store1_noabort+0x20/0x30
[   16.557311]  krealloc_more_oob_helper+0x5c0/0x678
[   16.557376]  krealloc_more_oob+0x20/0x38
[   16.557451]  kunit_try_run_case+0x170/0x3f0
[   16.557515]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.557566]  kthread+0x328/0x630
[   16.557608]  ret_from_fork+0x10/0x20
[   16.557818] 
[   16.557923] Allocated by task 157:
[   16.557961]  kasan_save_stack+0x3c/0x68
[   16.558010]  kasan_save_track+0x20/0x40
[   16.558058]  kasan_save_alloc_info+0x40/0x58
[   16.558133]  __kasan_krealloc+0x118/0x178
[   16.558191]  krealloc_noprof+0x128/0x360
[   16.558228]  krealloc_more_oob_helper+0x168/0x678
[   16.558275]  krealloc_more_oob+0x20/0x38
[   16.558310]  kunit_try_run_case+0x170/0x3f0
[   16.558478]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.558610]  kthread+0x328/0x630
[   16.558649]  ret_from_fork+0x10/0x20
[   16.558683] 
[   16.558702] The buggy address belongs to the object at fff00000c4518c00
[   16.558702]  which belongs to the cache kmalloc-256 of size 256
[   16.558769] The buggy address is located 5 bytes to the right of
[   16.558769]  allocated 235-byte region [fff00000c4518c00, fff00000c4518ceb)
[   16.558833] 
[   16.558851] The buggy address belongs to the physical page:
[   16.558933] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518
[   16.558985] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.559047] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.559103] page_type: f5(slab)
[   16.559168] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.559231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.559280] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.559446] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.559712] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff
[   16.559802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.559893] page dumped because: kasan: bad access detected
[   16.559923] 
[   16.559941] Memory state around the buggy address:
[   16.559979]  fff00000c4518b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.560026]  fff00000c4518c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.560213] >fff00000c4518c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.560409]                                                              ^
[   16.560475]  fff00000c4518d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.560672]  fff00000c4518d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.560749] ==================================================================
[   16.608396] ==================================================================
[   16.608756] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.608840] Write of size 1 at addr fff00000c78320f0 by task kunit_try_catch/161
[   16.608895] 
[   16.608924] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.609015] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.609041] Hardware name: linux,dummy-virt (DT)
[   16.609070] Call trace:
[   16.609090]  show_stack+0x20/0x38 (C)
[   16.609317]  dump_stack_lvl+0x8c/0xd0
[   16.609408]  print_report+0x118/0x5d0
[   16.609484]  kasan_report+0xdc/0x128
[   16.609530]  __asan_report_store1_noabort+0x20/0x30
[   16.609597]  krealloc_more_oob_helper+0x5c0/0x678
[   16.609671]  krealloc_large_more_oob+0x20/0x38
[   16.609718]  kunit_try_run_case+0x170/0x3f0
[   16.609794]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.609846]  kthread+0x328/0x630
[   16.609894]  ret_from_fork+0x10/0x20
[   16.609941] 
[   16.609977] The buggy address belongs to the physical page:
[   16.610013] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107830
[   16.610275] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.610388] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.610462] page_type: f8(unknown)
[   16.610499] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.610566] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.610618] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.610667] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.610715] head: 0bfffe0000000002 ffffc1ffc31e0c01 00000000ffffffff 00000000ffffffff
[   16.610763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.610803] page dumped because: kasan: bad access detected
[   16.610832] 
[   16.610849] Memory state around the buggy address:
[   16.610991]  fff00000c7831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.611070]  fff00000c7832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.611132] >fff00000c7832080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.611219]                                                              ^
[   16.611281]  fff00000c7832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.611466]  fff00000c7832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.611513] ==================================================================
[   16.604329] ==================================================================
[   16.604390] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.604441] Write of size 1 at addr fff00000c78320eb by task kunit_try_catch/161
[   16.604645] 
[   16.604748] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.604832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.605147] Hardware name: linux,dummy-virt (DT)
[   16.605235] Call trace:
[   16.605265]  show_stack+0x20/0x38 (C)
[   16.605314]  dump_stack_lvl+0x8c/0xd0
[   16.605359]  print_report+0x118/0x5d0
[   16.605414]  kasan_report+0xdc/0x128
[   16.605461]  __asan_report_store1_noabort+0x20/0x30
[   16.605512]  krealloc_more_oob_helper+0x60c/0x678
[   16.605575]  krealloc_large_more_oob+0x20/0x38
[   16.605621]  kunit_try_run_case+0x170/0x3f0
[   16.605667]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.605718]  kthread+0x328/0x630
[   16.605758]  ret_from_fork+0x10/0x20
[   16.605804] 
[   16.605848] The buggy address belongs to the physical page:
[   16.605880] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107830
[   16.605940] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.606006] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.606082] page_type: f8(unknown)
[   16.606129] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.606190] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.606239] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.606287] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.606335] head: 0bfffe0000000002 ffffc1ffc31e0c01 00000000ffffffff 00000000ffffffff
[   16.606383] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.606667] page dumped because: kasan: bad access detected
[   16.606711] 
[   16.606728] Memory state around the buggy address:
[   16.606802]  fff00000c7831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.606891]  fff00000c7832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.607008] >fff00000c7832080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.607108]                                                           ^
[   16.607148]  fff00000c7832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.607214]  fff00000c7832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.607706] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zqAFfqIOxGLcXSxmIRvg01aRN8

job_id

TEST:linaro@lkft#2zqAL3z1Uwsecwff4F9eiE8LTwQ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAL3z1Uwsecwff4F9eiE8LTwQ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAHCzMADUVxqNcYOm5yIn8fV4/Image.gz
sha256sum	3301de7d03e943734eee038d439b5396ecf55f197ca9e5bf09da179d6dc89488

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAHCzMADUVxqNcYOm5yIn8fV4/modules.tar.xz
sha256sum	e81c255d24c32683641742211931fe0b81f9fc670f4f5aacee2b730bbb6c1c04

durations

tests

boot	0
kunit	176.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.343348] ==================================================================
[   12.343930] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.344508] Write of size 1 at addr ffff888103a0e0f0 by task kunit_try_catch/177
[   12.344804] 
[   12.344918] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.344962] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.344973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.344994] Call Trace:
[   12.345007]  <TASK>
[   12.345023]  dump_stack_lvl+0x73/0xb0
[   12.345055]  print_report+0xd1/0x610
[   12.345079]  ? __virt_addr_valid+0x1db/0x2d0
[   12.345104]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.345128]  ? kasan_addr_to_slab+0x11/0xa0
[   12.345151]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.345175]  kasan_report+0x141/0x180
[   12.345197]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.345226]  __asan_report_store1_noabort+0x1b/0x30
[   12.345251]  krealloc_more_oob_helper+0x7eb/0x930
[   12.345274]  ? __schedule+0x10cc/0x2b60
[   12.345297]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.345322]  ? finish_task_switch.isra.0+0x153/0x700
[   12.345347]  ? __switch_to+0x47/0xf50
[   12.345373]  ? __schedule+0x10cc/0x2b60
[   12.345394]  ? __pfx_read_tsc+0x10/0x10
[   12.345822]  krealloc_large_more_oob+0x1c/0x30
[   12.345848]  kunit_try_run_case+0x1a5/0x480
[   12.345876]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.345899]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.345925]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.345949]  ? __kthread_parkme+0x82/0x180
[   12.345971]  ? preempt_count_sub+0x50/0x80
[   12.345994]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.346018]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.346043]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.346068]  kthread+0x337/0x6f0
[   12.346086]  ? trace_preempt_on+0x20/0xc0
[   12.346110]  ? __pfx_kthread+0x10/0x10
[   12.346130]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.346152]  ? calculate_sigpending+0x7b/0xa0
[   12.346178]  ? __pfx_kthread+0x10/0x10
[   12.346199]  ret_from_fork+0x116/0x1d0
[   12.346217]  ? __pfx_kthread+0x10/0x10
[   12.346238]  ret_from_fork_asm+0x1a/0x30
[   12.346268]  </TASK>
[   12.346278] 
[   12.357340] The buggy address belongs to the physical page:
[   12.357589] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c
[   12.357892] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.358260] flags: 0x200000000000040(head|node=0|zone=2)
[   12.359306] page_type: f8(unknown)
[   12.359513] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.360711] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.360955] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.361190] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.361421] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff
[   12.362225] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.362728] page dumped because: kasan: bad access detected
[   12.363050] 
[   12.363173] Memory state around the buggy address:
[   12.363439]  ffff888103a0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.364021]  ffff888103a0e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.364234] >ffff888103a0e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.364471]                                                              ^
[   12.365258]  ffff888103a0e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.365825]  ffff888103a0e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.366246] ==================================================================
[   12.155939] ==================================================================
[   12.156486] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.156945] Write of size 1 at addr ffff8881003472f0 by task kunit_try_catch/173
[   12.157332] 
[   12.157606] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.157653] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.157664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.157684] Call Trace:
[   12.157695]  <TASK>
[   12.157832]  dump_stack_lvl+0x73/0xb0
[   12.157866]  print_report+0xd1/0x610
[   12.157888]  ? __virt_addr_valid+0x1db/0x2d0
[   12.157910]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.157934]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.157958]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.157983]  kasan_report+0x141/0x180
[   12.158005]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.158033]  __asan_report_store1_noabort+0x1b/0x30
[   12.158059]  krealloc_more_oob_helper+0x7eb/0x930
[   12.158082]  ? trace_hardirqs_on+0x37/0xe0
[   12.158107]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.158131]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.158160]  ? __pfx_krealloc_more_oob+0x10/0x10
[   12.158187]  krealloc_more_oob+0x1c/0x30
[   12.158209]  kunit_try_run_case+0x1a5/0x480
[   12.158233]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.158255]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.158278]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.158301]  ? __kthread_parkme+0x82/0x180
[   12.158321]  ? preempt_count_sub+0x50/0x80
[   12.158345]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.158370]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.158395]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.158432]  kthread+0x337/0x6f0
[   12.158464]  ? trace_preempt_on+0x20/0xc0
[   12.158486]  ? __pfx_kthread+0x10/0x10
[   12.158506]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.158528]  ? calculate_sigpending+0x7b/0xa0
[   12.158551]  ? __pfx_kthread+0x10/0x10
[   12.158574]  ret_from_fork+0x116/0x1d0
[   12.158592]  ? __pfx_kthread+0x10/0x10
[   12.158613]  ret_from_fork_asm+0x1a/0x30
[   12.158643]  </TASK>
[   12.158653] 
[   12.169091] Allocated by task 173:
[   12.169232]  kasan_save_stack+0x45/0x70
[   12.169475]  kasan_save_track+0x18/0x40
[   12.169870]  kasan_save_alloc_info+0x3b/0x50
[   12.170218]  __kasan_krealloc+0x190/0x1f0
[   12.170403]  krealloc_noprof+0xf3/0x340
[   12.170639]  krealloc_more_oob_helper+0x1a9/0x930
[   12.170990]  krealloc_more_oob+0x1c/0x30
[   12.171163]  kunit_try_run_case+0x1a5/0x480
[   12.171440]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.171878]  kthread+0x337/0x6f0
[   12.172124]  ret_from_fork+0x116/0x1d0
[   12.172290]  ret_from_fork_asm+0x1a/0x30
[   12.172657] 
[   12.172760] The buggy address belongs to the object at ffff888100347200
[   12.172760]  which belongs to the cache kmalloc-256 of size 256
[   12.173266] The buggy address is located 5 bytes to the right of
[   12.173266]  allocated 235-byte region [ffff888100347200, ffff8881003472eb)
[   12.174013] 
[   12.174105] The buggy address belongs to the physical page:
[   12.174472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.174941] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.175318] flags: 0x200000000000040(head|node=0|zone=2)
[   12.175731] page_type: f5(slab)
[   12.175898] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.176191] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.176731] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.177032] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.177630] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.177994] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.178360] page dumped because: kasan: bad access detected
[   12.178698] 
[   12.178800] Memory state around the buggy address:
[   12.179274]  ffff888100347180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.179593]  ffff888100347200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.180073] >ffff888100347280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.180597]                                                              ^
[   12.180967]  ffff888100347300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.181235]  ffff888100347380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.181484] ==================================================================
[   12.126891] ==================================================================
[   12.127361] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.127970] Write of size 1 at addr ffff8881003472eb by task kunit_try_catch/173
[   12.128602] 
[   12.128728] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.128862] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.128875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.128896] Call Trace:
[   12.128908]  <TASK>
[   12.128922]  dump_stack_lvl+0x73/0xb0
[   12.128952]  print_report+0xd1/0x610
[   12.128974]  ? __virt_addr_valid+0x1db/0x2d0
[   12.128996]  ? krealloc_more_oob_helper+0x821/0x930
[   12.129021]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.129044]  ? krealloc_more_oob_helper+0x821/0x930
[   12.129069]  kasan_report+0x141/0x180
[   12.129090]  ? krealloc_more_oob_helper+0x821/0x930
[   12.129119]  __asan_report_store1_noabort+0x1b/0x30
[   12.129144]  krealloc_more_oob_helper+0x821/0x930
[   12.129167]  ? trace_hardirqs_on+0x37/0xe0
[   12.129191]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.129216]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.129247]  ? __pfx_krealloc_more_oob+0x10/0x10
[   12.129275]  krealloc_more_oob+0x1c/0x30
[   12.129296]  kunit_try_run_case+0x1a5/0x480
[   12.129321]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.129344]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.129369]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.129393]  ? __kthread_parkme+0x82/0x180
[   12.129512]  ? preempt_count_sub+0x50/0x80
[   12.129538]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.129563]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.129588]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.129613]  kthread+0x337/0x6f0
[   12.129632]  ? trace_preempt_on+0x20/0xc0
[   12.129654]  ? __pfx_kthread+0x10/0x10
[   12.129674]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.129696]  ? calculate_sigpending+0x7b/0xa0
[   12.129720]  ? __pfx_kthread+0x10/0x10
[   12.129741]  ret_from_fork+0x116/0x1d0
[   12.129762]  ? __pfx_kthread+0x10/0x10
[   12.129783]  ret_from_fork_asm+0x1a/0x30
[   12.129813]  </TASK>
[   12.129823] 
[   12.140359] Allocated by task 173:
[   12.140655]  kasan_save_stack+0x45/0x70
[   12.140919]  kasan_save_track+0x18/0x40
[   12.141254]  kasan_save_alloc_info+0x3b/0x50
[   12.141495]  __kasan_krealloc+0x190/0x1f0
[   12.141813]  krealloc_noprof+0xf3/0x340
[   12.141963]  krealloc_more_oob_helper+0x1a9/0x930
[   12.142275]  krealloc_more_oob+0x1c/0x30
[   12.142495]  kunit_try_run_case+0x1a5/0x480
[   12.142710]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.143250]  kthread+0x337/0x6f0
[   12.143381]  ret_from_fork+0x116/0x1d0
[   12.143811]  ret_from_fork_asm+0x1a/0x30
[   12.144120] 
[   12.144208] The buggy address belongs to the object at ffff888100347200
[   12.144208]  which belongs to the cache kmalloc-256 of size 256
[   12.145062] The buggy address is located 0 bytes to the right of
[   12.145062]  allocated 235-byte region [ffff888100347200, ffff8881003472eb)
[   12.145784] 
[   12.145874] The buggy address belongs to the physical page:
[   12.146137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.146701] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.147024] flags: 0x200000000000040(head|node=0|zone=2)
[   12.147692] page_type: f5(slab)
[   12.147873] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.148490] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.148983] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.149712] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.150076] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.150405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.151178] page dumped because: kasan: bad access detected
[   12.151403] 
[   12.151518] Memory state around the buggy address:
[   12.152347]  ffff888100347180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.153137]  ffff888100347200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.153556] >ffff888100347280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.153860]                                                           ^
[   12.154341]  ffff888100347300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.154816]  ffff888100347380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.155113] ==================================================================
[   12.322229] ==================================================================
[   12.323221] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.324186] Write of size 1 at addr ffff888103a0e0eb by task kunit_try_catch/177
[   12.324626] 
[   12.325119] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.325171] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.325183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.325205] Call Trace:
[   12.325227]  <TASK>
[   12.325244]  dump_stack_lvl+0x73/0xb0
[   12.325277]  print_report+0xd1/0x610
[   12.325301]  ? __virt_addr_valid+0x1db/0x2d0
[   12.325324]  ? krealloc_more_oob_helper+0x821/0x930
[   12.325348]  ? kasan_addr_to_slab+0x11/0xa0
[   12.325369]  ? krealloc_more_oob_helper+0x821/0x930
[   12.325393]  kasan_report+0x141/0x180
[   12.325425]  ? krealloc_more_oob_helper+0x821/0x930
[   12.325463]  __asan_report_store1_noabort+0x1b/0x30
[   12.325489]  krealloc_more_oob_helper+0x821/0x930
[   12.325512]  ? __schedule+0x10cc/0x2b60
[   12.325534]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.325560]  ? finish_task_switch.isra.0+0x153/0x700
[   12.325583]  ? __switch_to+0x47/0xf50
[   12.325610]  ? __schedule+0x10cc/0x2b60
[   12.325633]  ? __pfx_read_tsc+0x10/0x10
[   12.325657]  krealloc_large_more_oob+0x1c/0x30
[   12.325680]  kunit_try_run_case+0x1a5/0x480
[   12.325707]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.325730]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.325754]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.325778]  ? __kthread_parkme+0x82/0x180
[   12.325799]  ? preempt_count_sub+0x50/0x80
[   12.325822]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.325847]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.325871]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.325897]  kthread+0x337/0x6f0
[   12.325916]  ? trace_preempt_on+0x20/0xc0
[   12.325940]  ? __pfx_kthread+0x10/0x10
[   12.325960]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.325981]  ? calculate_sigpending+0x7b/0xa0
[   12.326006]  ? __pfx_kthread+0x10/0x10
[   12.326027]  ret_from_fork+0x116/0x1d0
[   12.326046]  ? __pfx_kthread+0x10/0x10
[   12.326066]  ret_from_fork_asm+0x1a/0x30
[   12.326096]  </TASK>
[   12.326107] 
[   12.334051] The buggy address belongs to the physical page:
[   12.334504] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c
[   12.334949] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.335247] flags: 0x200000000000040(head|node=0|zone=2)
[   12.335555] page_type: f8(unknown)
[   12.335741] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.335978] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.336317] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.337312] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.338021] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff
[   12.338315] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.339136] page dumped because: kasan: bad access detected
[   12.339505] 
[   12.339600] Memory state around the buggy address:
[   12.340051]  ffff888103a0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.340348]  ffff888103a0e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.340861] >ffff888103a0e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.341153]                                                           ^
[   12.341520]  ffff888103a0e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.341999]  ffff888103a0e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.342242] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zqAptjhcOzJ4yWziuszPhFuVFY

job_id

TEST:linaro@lkft#2zqAv13TsGihfIIXF8guTlDsAmU

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqAv13TsGihfIIXF8guTlDsAmU

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAs2J5eY5rg68b56XS35R9qg3/bzImage
sha256sum	a5ae9a8919e6b38e9247226ab11aad01782f9a98290c7aea89ce99f032cb03f8

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAs2J5eY5rg68b56XS35R9qg3/modules.tar.xz
sha256sum	4577f1e051624f39dc637674c41c494d4fccbc4fe65a319e30f4fa0cd97e9a6b

durations

tests

boot	0
kunit	220.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.417928] ==================================================================
[   12.418366] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.419030] Write of size 1 at addr ffff888100a308f0 by task kunit_try_catch/174
[   12.419490] 
[   12.419583] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.419626] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.419637] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.419657] Call Trace:
[   12.419668]  <TASK>
[   12.419682]  dump_stack_lvl+0x73/0xb0
[   12.419712]  print_report+0xd1/0x610
[   12.419734]  ? __virt_addr_valid+0x1db/0x2d0
[   12.419757]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.420091]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.420124]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.420150]  kasan_report+0x141/0x180
[   12.420191]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.420221]  __asan_report_store1_noabort+0x1b/0x30
[   12.420246]  krealloc_more_oob_helper+0x7eb/0x930
[   12.420270]  ? __schedule+0x10cc/0x2b60
[   12.420292]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.420317]  ? finish_task_switch.isra.0+0x153/0x700
[   12.420341]  ? __switch_to+0x47/0xf50
[   12.420366]  ? __schedule+0x10cc/0x2b60
[   12.420388]  ? __pfx_read_tsc+0x10/0x10
[   12.420413]  krealloc_more_oob+0x1c/0x30
[   12.420435]  kunit_try_run_case+0x1a5/0x480
[   12.420460]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.420483]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.420507]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.420531]  ? __kthread_parkme+0x82/0x180
[   12.420551]  ? preempt_count_sub+0x50/0x80
[   12.420574]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.420599]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.420623]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.420692]  kthread+0x337/0x6f0
[   12.420713]  ? trace_preempt_on+0x20/0xc0
[   12.420737]  ? __pfx_kthread+0x10/0x10
[   12.420758]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.420780]  ? calculate_sigpending+0x7b/0xa0
[   12.420804]  ? __pfx_kthread+0x10/0x10
[   12.420825]  ret_from_fork+0x116/0x1d0
[   12.420844]  ? __pfx_kthread+0x10/0x10
[   12.420865]  ret_from_fork_asm+0x1a/0x30
[   12.420897]  </TASK>
[   12.420907] 
[   12.434588] Allocated by task 174:
[   12.435003]  kasan_save_stack+0x45/0x70
[   12.435249]  kasan_save_track+0x18/0x40
[   12.435628]  kasan_save_alloc_info+0x3b/0x50
[   12.436146]  __kasan_krealloc+0x190/0x1f0
[   12.436333]  krealloc_noprof+0xf3/0x340
[   12.436471]  krealloc_more_oob_helper+0x1a9/0x930
[   12.436633]  krealloc_more_oob+0x1c/0x30
[   12.437087]  kunit_try_run_case+0x1a5/0x480
[   12.437553]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.438120]  kthread+0x337/0x6f0
[   12.438607]  ret_from_fork+0x116/0x1d0
[   12.439095]  ret_from_fork_asm+0x1a/0x30
[   12.439456] 
[   12.439531] The buggy address belongs to the object at ffff888100a30800
[   12.439531]  which belongs to the cache kmalloc-256 of size 256
[   12.440489] The buggy address is located 5 bytes to the right of
[   12.440489]  allocated 235-byte region [ffff888100a30800, ffff888100a308eb)
[   12.441521] 
[   12.441800] The buggy address belongs to the physical page:
[   12.442207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30
[   12.442458] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.442867] flags: 0x200000000000040(head|node=0|zone=2)
[   12.443442] page_type: f5(slab)
[   12.443817] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.444550] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.445459] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.446282] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.446574] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff
[   12.447016] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.447926] page dumped because: kasan: bad access detected
[   12.448453] 
[   12.448629] Memory state around the buggy address:
[   12.449124]  ffff888100a30780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.449512]  ffff888100a30800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.449801] >ffff888100a30880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.450465]                                                              ^
[   12.451283]  ffff888100a30900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.451932]  ffff888100a30980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.452185] ==================================================================
[   12.384502] ==================================================================
[   12.385522] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.386141] Write of size 1 at addr ffff888100a308eb by task kunit_try_catch/174
[   12.387224] 
[   12.387518] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.387568] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.387580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.387601] Call Trace:
[   12.387614]  <TASK>
[   12.387629]  dump_stack_lvl+0x73/0xb0
[   12.387781]  print_report+0xd1/0x610
[   12.387806]  ? __virt_addr_valid+0x1db/0x2d0
[   12.387831]  ? krealloc_more_oob_helper+0x821/0x930
[   12.387855]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.387911]  ? krealloc_more_oob_helper+0x821/0x930
[   12.387938]  kasan_report+0x141/0x180
[   12.387960]  ? krealloc_more_oob_helper+0x821/0x930
[   12.387989]  __asan_report_store1_noabort+0x1b/0x30
[   12.388014]  krealloc_more_oob_helper+0x821/0x930
[   12.388037]  ? __schedule+0x10cc/0x2b60
[   12.388071]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.388096]  ? finish_task_switch.isra.0+0x153/0x700
[   12.388129]  ? __switch_to+0x47/0xf50
[   12.388155]  ? __schedule+0x10cc/0x2b60
[   12.388176]  ? __pfx_read_tsc+0x10/0x10
[   12.388201]  krealloc_more_oob+0x1c/0x30
[   12.388223]  kunit_try_run_case+0x1a5/0x480
[   12.388249]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.388272]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.388296]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.388320]  ? __kthread_parkme+0x82/0x180
[   12.388342]  ? preempt_count_sub+0x50/0x80
[   12.388365]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.388389]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.388414]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.388439]  kthread+0x337/0x6f0
[   12.388458]  ? trace_preempt_on+0x20/0xc0
[   12.388481]  ? __pfx_kthread+0x10/0x10
[   12.388502]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.388523]  ? calculate_sigpending+0x7b/0xa0
[   12.388548]  ? __pfx_kthread+0x10/0x10
[   12.388569]  ret_from_fork+0x116/0x1d0
[   12.388588]  ? __pfx_kthread+0x10/0x10
[   12.388608]  ret_from_fork_asm+0x1a/0x30
[   12.388640]  </TASK>
[   12.388650] 
[   12.399882] Allocated by task 174:
[   12.400149]  kasan_save_stack+0x45/0x70
[   12.400577]  kasan_save_track+0x18/0x40
[   12.401041]  kasan_save_alloc_info+0x3b/0x50
[   12.401973]  __kasan_krealloc+0x190/0x1f0
[   12.402168]  krealloc_noprof+0xf3/0x340
[   12.402523]  krealloc_more_oob_helper+0x1a9/0x930
[   12.402994]  krealloc_more_oob+0x1c/0x30
[   12.403254]  kunit_try_run_case+0x1a5/0x480
[   12.403483]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.404093]  kthread+0x337/0x6f0
[   12.404360]  ret_from_fork+0x116/0x1d0
[   12.404667]  ret_from_fork_asm+0x1a/0x30
[   12.404876] 
[   12.405049] The buggy address belongs to the object at ffff888100a30800
[   12.405049]  which belongs to the cache kmalloc-256 of size 256
[   12.406420] The buggy address is located 0 bytes to the right of
[   12.406420]  allocated 235-byte region [ffff888100a30800, ffff888100a308eb)
[   12.407587] 
[   12.407738] The buggy address belongs to the physical page:
[   12.407920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30
[   12.408768] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.409536] flags: 0x200000000000040(head|node=0|zone=2)
[   12.409966] page_type: f5(slab)
[   12.410119] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.410794] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.411567] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.412092] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.412761] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff
[   12.412996] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.413522] page dumped because: kasan: bad access detected
[   12.414144] 
[   12.414330] Memory state around the buggy address:
[   12.414758]  ffff888100a30780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.415487]  ffff888100a30800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.416204] >ffff888100a30880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.416419]                                                           ^
[   12.416620]  ffff888100a30900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.416832]  ffff888100a30980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.417044] ==================================================================
[   12.621487] ==================================================================
[   12.622667] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.623492] Write of size 1 at addr ffff8881027ee0eb by task kunit_try_catch/178
[   12.624771] 
[   12.624959] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.625006] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.625018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.625039] Call Trace:
[   12.625064]  <TASK>
[   12.625080]  dump_stack_lvl+0x73/0xb0
[   12.625314]  print_report+0xd1/0x610
[   12.625344]  ? __virt_addr_valid+0x1db/0x2d0
[   12.625368]  ? krealloc_more_oob_helper+0x821/0x930
[   12.625393]  ? kasan_addr_to_slab+0x11/0xa0
[   12.625422]  ? krealloc_more_oob_helper+0x821/0x930
[   12.625449]  kasan_report+0x141/0x180
[   12.625471]  ? krealloc_more_oob_helper+0x821/0x930
[   12.625501]  __asan_report_store1_noabort+0x1b/0x30
[   12.625526]  krealloc_more_oob_helper+0x821/0x930
[   12.625549]  ? __schedule+0x10cc/0x2b60
[   12.625572]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.625598]  ? finish_task_switch.isra.0+0x153/0x700
[   12.625621]  ? __switch_to+0x47/0xf50
[   12.625770]  ? __schedule+0x10cc/0x2b60
[   12.625793]  ? __pfx_read_tsc+0x10/0x10
[   12.625820]  krealloc_large_more_oob+0x1c/0x30
[   12.625844]  kunit_try_run_case+0x1a5/0x480
[   12.625869]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.625894]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.625919]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.625943]  ? __kthread_parkme+0x82/0x180
[   12.625965]  ? preempt_count_sub+0x50/0x80
[   12.625988]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.626012]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.626036]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.626071]  kthread+0x337/0x6f0
[   12.626091]  ? trace_preempt_on+0x20/0xc0
[   12.626134]  ? __pfx_kthread+0x10/0x10
[   12.626154]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.626175]  ? calculate_sigpending+0x7b/0xa0
[   12.626201]  ? __pfx_kthread+0x10/0x10
[   12.626222]  ret_from_fork+0x116/0x1d0
[   12.626241]  ? __pfx_kthread+0x10/0x10
[   12.626261]  ret_from_fork_asm+0x1a/0x30
[   12.626292]  </TASK>
[   12.626302] 
[   12.641129] The buggy address belongs to the physical page:
[   12.641391] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027ec
[   12.641960] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.642556] flags: 0x200000000000040(head|node=0|zone=2)
[   12.643063] page_type: f8(unknown)
[   12.643259] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.643552] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.643863] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.644691] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.645353] head: 0200000000000002 ffffea000409fb01 00000000ffffffff 00000000ffffffff
[   12.645887] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.646409] page dumped because: kasan: bad access detected
[   12.646827] 
[   12.647310] Memory state around the buggy address:
[   12.647789]  ffff8881027edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.648273]  ffff8881027ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.648845] >ffff8881027ee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.649532]                                                           ^
[   12.649959]  ffff8881027ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.650749]  ffff8881027ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.651245] ==================================================================
[   12.652208] ==================================================================
[   12.652521] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.652843] Write of size 1 at addr ffff8881027ee0f0 by task kunit_try_catch/178
[   12.653763] 
[   12.654254] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.654308] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.654357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.654377] Call Trace:
[   12.654389]  <TASK>
[   12.654404]  dump_stack_lvl+0x73/0xb0
[   12.654435]  print_report+0xd1/0x610
[   12.654459]  ? __virt_addr_valid+0x1db/0x2d0
[   12.654481]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.654505]  ? kasan_addr_to_slab+0x11/0xa0
[   12.654526]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.654551]  kasan_report+0x141/0x180
[   12.654573]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.654602]  __asan_report_store1_noabort+0x1b/0x30
[   12.654627]  krealloc_more_oob_helper+0x7eb/0x930
[   12.654651]  ? __schedule+0x10cc/0x2b60
[   12.654674]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.654701]  ? finish_task_switch.isra.0+0x153/0x700
[   12.654729]  ? __switch_to+0x47/0xf50
[   12.654755]  ? __schedule+0x10cc/0x2b60
[   12.654776]  ? __pfx_read_tsc+0x10/0x10
[   12.654800]  krealloc_large_more_oob+0x1c/0x30
[   12.654824]  kunit_try_run_case+0x1a5/0x480
[   12.654849]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.654895]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.654920]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.654944]  ? __kthread_parkme+0x82/0x180
[   12.654964]  ? preempt_count_sub+0x50/0x80
[   12.654986]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.655011]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.655036]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.655072]  kthread+0x337/0x6f0
[   12.655091]  ? trace_preempt_on+0x20/0xc0
[   12.655131]  ? __pfx_kthread+0x10/0x10
[   12.655151]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.655173]  ? calculate_sigpending+0x7b/0xa0
[   12.655197]  ? __pfx_kthread+0x10/0x10
[   12.655218]  ret_from_fork+0x116/0x1d0
[   12.655237]  ? __pfx_kthread+0x10/0x10
[   12.655257]  ret_from_fork_asm+0x1a/0x30
[   12.655287]  </TASK>
[   12.655297] 
[   12.668816] The buggy address belongs to the physical page:
[   12.669001] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027ec
[   12.669347] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.670229] flags: 0x200000000000040(head|node=0|zone=2)
[   12.670788] page_type: f8(unknown)
[   12.671187] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.671747] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.672248] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.672759] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.673293] head: 0200000000000002 ffffea000409fb01 00000000ffffffff 00000000ffffffff
[   12.673527] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.674166] page dumped because: kasan: bad access detected
[   12.674651] 
[   12.674875] Memory state around the buggy address:
[   12.675358]  ffff8881027edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.676185]  ffff8881027ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.676499] >ffff8881027ee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.676863]                                                              ^
[   12.677591]  ffff8881027ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.678304]  ffff8881027ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.678953] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zqAFfqIOxGLcXSxmIRvg01aRN8

job_id

TEST:linaro@lkft#2zqALu2Oe2Lt2cHJbKxRgFXPxWl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zqALu2Oe2Lt2cHJbKxRgFXPxWl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAInDHTQ1MJ3zW9aHru7mEB1o/bzImage
sha256sum	09b1d683c7484c0b3ea40e0e68e7e24d5319ec104b1b54a03517d8beaf049d75

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zqAInDHTQ1MJ3zW9aHru7mEB1o/modules.tar.xz
sha256sum	f6b96df8ffcaeb8ef3eb0533f6e104b9adaa5cd8ccb9736c96c5a9b77c7165bb

durations

tests

boot	0
kunit	212.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit