lkft/sashal-linus-next - v6.13-rc7-43113-gc1aa1031ff8a - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 1, 2025, 3:08 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.807351] ==================================================================
[   16.807507] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.807925] Write of size 1 at addr fff00000c0b9bceb by task kunit_try_catch/157
[   16.808254] 
[   16.808607] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.808832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.808860] Hardware name: linux,dummy-virt (DT)
[   16.809224] Call trace:
[   16.809363]  show_stack+0x20/0x38 (C)
[   16.809419]  dump_stack_lvl+0x8c/0xd0
[   16.809618]  print_report+0x118/0x608
[   16.809709]  kasan_report+0xdc/0x128
[   16.809754]  __asan_report_store1_noabort+0x20/0x30
[   16.809801]  krealloc_more_oob_helper+0x60c/0x678
[   16.810000]  krealloc_more_oob+0x20/0x38
[   16.810049]  kunit_try_run_case+0x170/0x3f0
[   16.810099]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.810152]  kthread+0x328/0x630
[   16.810194]  ret_from_fork+0x10/0x20
[   16.810243] 
[   16.810563] Allocated by task 157:
[   16.810695]  kasan_save_stack+0x3c/0x68
[   16.810789]  kasan_save_track+0x20/0x40
[   16.810826]  kasan_save_alloc_info+0x40/0x58
[   16.810886]  __kasan_krealloc+0x118/0x178
[   16.810922]  krealloc_noprof+0x128/0x360
[   16.811296]  krealloc_more_oob_helper+0x168/0x678
[   16.811341]  krealloc_more_oob+0x20/0x38
[   16.811376]  kunit_try_run_case+0x170/0x3f0
[   16.811423]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.811476]  kthread+0x328/0x630
[   16.811507]  ret_from_fork+0x10/0x20
[   16.811928] 
[   16.811953] The buggy address belongs to the object at fff00000c0b9bc00
[   16.811953]  which belongs to the cache kmalloc-256 of size 256
[   16.812175] The buggy address is located 0 bytes to the right of
[   16.812175]  allocated 235-byte region [fff00000c0b9bc00, fff00000c0b9bceb)
[   16.812249] 
[   16.812269] The buggy address belongs to the physical page:
[   16.812306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a
[   16.812825] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.813063] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.813177] page_type: f5(slab)
[   16.813219] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.813274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.813352] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.813401] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.813692] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff
[   16.813834] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.813877] page dumped because: kasan: bad access detected
[   16.813908] 
[   16.814063] Memory state around the buggy address:
[   16.814099]  fff00000c0b9bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.814183]  fff00000c0b9bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.814327] >fff00000c0b9bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.814365]                                                           ^
[   16.814466]  fff00000c0b9bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.814514]  fff00000c0b9bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.814626] ==================================================================
[   16.886885] ==================================================================
[   16.886972] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.887187] Write of size 1 at addr fff00000c69320f0 by task kunit_try_catch/161
[   16.887419] 
[   16.887451] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.887532] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.887560] Hardware name: linux,dummy-virt (DT)
[   16.887602] Call trace:
[   16.887622]  show_stack+0x20/0x38 (C)
[   16.887668]  dump_stack_lvl+0x8c/0xd0
[   16.887981]  print_report+0x118/0x608
[   16.888303]  kasan_report+0xdc/0x128
[   16.888641]  __asan_report_store1_noabort+0x20/0x30
[   16.888794]  krealloc_more_oob_helper+0x5c0/0x678
[   16.888916]  krealloc_large_more_oob+0x20/0x38
[   16.888983]  kunit_try_run_case+0x170/0x3f0
[   16.889029]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.889340]  kthread+0x328/0x630
[   16.889424]  ret_from_fork+0x10/0x20
[   16.889472] 
[   16.889492] The buggy address belongs to the physical page:
[   16.889523] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106930
[   16.889614] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.889868] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.889929] page_type: f8(unknown)
[   16.890000] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.890149] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.890243] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.890292] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.890628] head: 0bfffe0000000002 ffffc1ffc31a4c01 00000000ffffffff 00000000ffffffff
[   16.890698] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.890787] page dumped because: kasan: bad access detected
[   16.890894] 
[   16.890912] Memory state around the buggy address:
[   16.890944]  fff00000c6931f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.890987]  fff00000c6932000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.891029] >fff00000c6932080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.891269]                                                              ^
[   16.891361]  fff00000c6932100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.891447]  fff00000c6932180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.891485] ==================================================================
[   16.879884] ==================================================================
[   16.879957] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.880020] Write of size 1 at addr fff00000c69320eb by task kunit_try_catch/161
[   16.880518] 
[   16.880620] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.880933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.880970] Hardware name: linux,dummy-virt (DT)
[   16.881070] Call trace:
[   16.881094]  show_stack+0x20/0x38 (C)
[   16.881148]  dump_stack_lvl+0x8c/0xd0
[   16.881638]  print_report+0x118/0x608
[   16.881741]  kasan_report+0xdc/0x128
[   16.881792]  __asan_report_store1_noabort+0x20/0x30
[   16.881839]  krealloc_more_oob_helper+0x60c/0x678
[   16.881887]  krealloc_large_more_oob+0x20/0x38
[   16.881933]  kunit_try_run_case+0x170/0x3f0
[   16.882038]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.882092]  kthread+0x328/0x630
[   16.882133]  ret_from_fork+0x10/0x20
[   16.882397] 
[   16.882480] The buggy address belongs to the physical page:
[   16.882514] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106930
[   16.882613] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.882662] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.882717] page_type: f8(unknown)
[   16.882760] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.882810] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.882869] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.882917] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.883159] head: 0bfffe0000000002 ffffc1ffc31a4c01 00000000ffffffff 00000000ffffffff
[   16.883289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.883452] page dumped because: kasan: bad access detected
[   16.883488] 
[   16.883757] Memory state around the buggy address:
[   16.883904]  fff00000c6931f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.884020]  fff00000c6932000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.884273] >fff00000c6932080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.884505]                                                           ^
[   16.884575]  fff00000c6932100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.884619]  fff00000c6932180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.884658] ==================================================================
[   16.815917] ==================================================================
[   16.816347] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.816451] Write of size 1 at addr fff00000c0b9bcf0 by task kunit_try_catch/157
[   16.816507] 
[   16.816540] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.816839] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.816870] Hardware name: linux,dummy-virt (DT)
[   16.816900] Call trace:
[   16.816920]  show_stack+0x20/0x38 (C)
[   16.816968]  dump_stack_lvl+0x8c/0xd0
[   16.817015]  print_report+0x118/0x608
[   16.817060]  kasan_report+0xdc/0x128
[   16.817130]  __asan_report_store1_noabort+0x20/0x30
[   16.817435]  krealloc_more_oob_helper+0x5c0/0x678
[   16.817746]  krealloc_more_oob+0x20/0x38
[   16.817912]  kunit_try_run_case+0x170/0x3f0
[   16.818073]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.818225]  kthread+0x328/0x630
[   16.818266]  ret_from_fork+0x10/0x20
[   16.818315] 
[   16.818333] Allocated by task 157:
[   16.818466]  kasan_save_stack+0x3c/0x68
[   16.818512]  kasan_save_track+0x20/0x40
[   16.818549]  kasan_save_alloc_info+0x40/0x58
[   16.818598]  __kasan_krealloc+0x118/0x178
[   16.818911]  krealloc_noprof+0x128/0x360
[   16.819034]  krealloc_more_oob_helper+0x168/0x678
[   16.819175]  krealloc_more_oob+0x20/0x38
[   16.819214]  kunit_try_run_case+0x170/0x3f0
[   16.819252]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.819605]  kthread+0x328/0x630
[   16.819665]  ret_from_fork+0x10/0x20
[   16.819798] 
[   16.819817] The buggy address belongs to the object at fff00000c0b9bc00
[   16.819817]  which belongs to the cache kmalloc-256 of size 256
[   16.819888] The buggy address is located 5 bytes to the right of
[   16.819888]  allocated 235-byte region [fff00000c0b9bc00, fff00000c0b9bceb)
[   16.819973] 
[   16.820057] The buggy address belongs to the physical page:
[   16.820118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b9a
[   16.820265] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.820313] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.820409] page_type: f5(slab)
[   16.820771] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.821043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.821272] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.821421] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.821471] head: 0bfffe0000000001 ffffc1ffc302e681 00000000ffffffff 00000000ffffffff
[   16.821557] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.821681] page dumped because: kasan: bad access detected
[   16.821723] 
[   16.821745] Memory state around the buggy address:
[   16.821800]  fff00000c0b9bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.821842]  fff00000c0b9bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.821883] >fff00000c0b9bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.821921]                                                              ^
[   16.821993]  fff00000c0b9bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.822145]  fff00000c0b9bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.822265] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zHKEi9O49DhNJUpxMLMiefbp3L

job_id

TEST:linaro@lkft#2zHKIIb7k2LkG7qRppW59lUrg8U

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zHKIIb7k2LkG7qRppW59lUrg8U

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKFl9sG3wnpHzZmfek4oLbn9j/Image.gz
sha256sum	e75e74df4814fa11846a7efec673873bef9c8756bbe2da22fe34e97c0541b174

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKFl9sG3wnpHzZmfek4oLbn9j/modules.tar.xz
sha256sum	674628aa7a27410086b2c333f185bc7f2390d598f63f5090de1b248066659744

durations

tests

boot	0
kunit	174.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.365142] ==================================================================
[   11.365524] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.366202] Write of size 1 at addr ffff888102a6e0f0 by task kunit_try_catch/177
[   11.366554] 
[   11.366677] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.366719] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.366730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.366759] Call Trace:
[   11.366770]  <TASK>
[   11.366785]  dump_stack_lvl+0x73/0xb0
[   11.366813]  print_report+0xd1/0x650
[   11.366848]  ? __virt_addr_valid+0x1db/0x2d0
[   11.366870]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.366892]  ? kasan_addr_to_slab+0x11/0xa0
[   11.366911]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.366933]  kasan_report+0x141/0x180
[   11.366954]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.366980]  __asan_report_store1_noabort+0x1b/0x30
[   11.367000]  krealloc_more_oob_helper+0x7eb/0x930
[   11.367030]  ? __schedule+0x10cc/0x2b60
[   11.367052]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.367074]  ? finish_task_switch.isra.0+0x153/0x700
[   11.367095]  ? __switch_to+0x47/0xf50
[   11.367121]  ? __schedule+0x10cc/0x2b60
[   11.367140]  ? __pfx_read_tsc+0x10/0x10
[   11.367163]  krealloc_large_more_oob+0x1c/0x30
[   11.367185]  kunit_try_run_case+0x1a5/0x480
[   11.367217]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.367237]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.367259]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.367291]  ? __kthread_parkme+0x82/0x180
[   11.367311]  ? preempt_count_sub+0x50/0x80
[   11.367332]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.367354]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.367385]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.367406]  kthread+0x337/0x6f0
[   11.367424]  ? trace_preempt_on+0x20/0xc0
[   11.367457]  ? __pfx_kthread+0x10/0x10
[   11.367476]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.367495]  ? calculate_sigpending+0x7b/0xa0
[   11.367518]  ? __pfx_kthread+0x10/0x10
[   11.367546]  ret_from_fork+0x116/0x1d0
[   11.367564]  ? __pfx_kthread+0x10/0x10
[   11.367583]  ret_from_fork_asm+0x1a/0x30
[   11.367623]  </TASK>
[   11.367633] 
[   11.375257] The buggy address belongs to the physical page:
[   11.375513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a6c
[   11.375981] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.376310] flags: 0x200000000000040(head|node=0|zone=2)
[   11.376579] page_type: f8(unknown)
[   11.376835] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.377166] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.377499] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.377862] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.378194] head: 0200000000000002 ffffea00040a9b01 00000000ffffffff 00000000ffffffff
[   11.378483] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.378890] page dumped because: kasan: bad access detected
[   11.379073] 
[   11.379142] Memory state around the buggy address:
[   11.379300]  ffff888102a6df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.379513]  ffff888102a6e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.379818] >ffff888102a6e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.380137]                                                              ^
[   11.380437]  ffff888102a6e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.380750]  ffff888102a6e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.381169] ==================================================================
[   11.347971] ==================================================================
[   11.348454] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.349190] Write of size 1 at addr ffff888102a6e0eb by task kunit_try_catch/177
[   11.349480] 
[   11.349621] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.349670] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.349682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.349704] Call Trace:
[   11.349716]  <TASK>
[   11.349735]  dump_stack_lvl+0x73/0xb0
[   11.349767]  print_report+0xd1/0x650
[   11.349802]  ? __virt_addr_valid+0x1db/0x2d0
[   11.349827]  ? krealloc_more_oob_helper+0x821/0x930
[   11.349849]  ? kasan_addr_to_slab+0x11/0xa0
[   11.349880]  ? krealloc_more_oob_helper+0x821/0x930
[   11.349903]  kasan_report+0x141/0x180
[   11.349923]  ? krealloc_more_oob_helper+0x821/0x930
[   11.349950]  __asan_report_store1_noabort+0x1b/0x30
[   11.349969]  krealloc_more_oob_helper+0x821/0x930
[   11.349990]  ? __schedule+0x10cc/0x2b60
[   11.350011]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.350043]  ? finish_task_switch.isra.0+0x153/0x700
[   11.350065]  ? __switch_to+0x47/0xf50
[   11.350091]  ? __schedule+0x10cc/0x2b60
[   11.350112]  ? __pfx_read_tsc+0x10/0x10
[   11.350145]  krealloc_large_more_oob+0x1c/0x30
[   11.350167]  kunit_try_run_case+0x1a5/0x480
[   11.350192]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.350224]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.350247]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.350268]  ? __kthread_parkme+0x82/0x180
[   11.350288]  ? preempt_count_sub+0x50/0x80
[   11.350310]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.350332]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.350353]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.350384]  kthread+0x337/0x6f0
[   11.350403]  ? trace_preempt_on+0x20/0xc0
[   11.350426]  ? __pfx_kthread+0x10/0x10
[   11.350445]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.350475]  ? calculate_sigpending+0x7b/0xa0
[   11.350500]  ? __pfx_kthread+0x10/0x10
[   11.350519]  ret_from_fork+0x116/0x1d0
[   11.350537]  ? __pfx_kthread+0x10/0x10
[   11.350557]  ret_from_fork_asm+0x1a/0x30
[   11.350586]  </TASK>
[   11.350598] 
[   11.358529] The buggy address belongs to the physical page:
[   11.358791] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a6c
[   11.359160] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.359494] flags: 0x200000000000040(head|node=0|zone=2)
[   11.359762] page_type: f8(unknown)
[   11.359946] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.360227] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.360514] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.360862] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.361177] head: 0200000000000002 ffffea00040a9b01 00000000ffffffff 00000000ffffffff
[   11.361403] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.361851] page dumped because: kasan: bad access detected
[   11.362085] 
[   11.362204] Memory state around the buggy address:
[   11.362364]  ffff888102a6df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.362577]  ffff888102a6e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.362789] >ffff888102a6e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.363162]                                                           ^
[   11.363453]  ffff888102a6e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.363762]  ffff888102a6e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.364083] ==================================================================
[   11.107898] ==================================================================
[   11.108391] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.108717] Write of size 1 at addr ffff88810033f0eb by task kunit_try_catch/173
[   11.109565] 
[   11.109845] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.109893] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.109904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.109926] Call Trace:
[   11.109937]  <TASK>
[   11.109954]  dump_stack_lvl+0x73/0xb0
[   11.109983]  print_report+0xd1/0x650
[   11.110007]  ? __virt_addr_valid+0x1db/0x2d0
[   11.110041]  ? krealloc_more_oob_helper+0x821/0x930
[   11.110127]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.110150]  ? krealloc_more_oob_helper+0x821/0x930
[   11.110185]  kasan_report+0x141/0x180
[   11.110206]  ? krealloc_more_oob_helper+0x821/0x930
[   11.110233]  __asan_report_store1_noabort+0x1b/0x30
[   11.110252]  krealloc_more_oob_helper+0x821/0x930
[   11.110272]  ? __schedule+0x10cc/0x2b60
[   11.110295]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.110318]  ? finish_task_switch.isra.0+0x153/0x700
[   11.110339]  ? __switch_to+0x47/0xf50
[   11.110365]  ? __schedule+0x10cc/0x2b60
[   11.110384]  ? __pfx_read_tsc+0x10/0x10
[   11.110408]  krealloc_more_oob+0x1c/0x30
[   11.110429]  kunit_try_run_case+0x1a5/0x480
[   11.110453]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.110473]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.110496]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.110516]  ? __kthread_parkme+0x82/0x180
[   11.110536]  ? preempt_count_sub+0x50/0x80
[   11.110557]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.110579]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.110600]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.110621]  kthread+0x337/0x6f0
[   11.110660]  ? trace_preempt_on+0x20/0xc0
[   11.110694]  ? __pfx_kthread+0x10/0x10
[   11.110713]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.110733]  ? calculate_sigpending+0x7b/0xa0
[   11.110755]  ? __pfx_kthread+0x10/0x10
[   11.110775]  ret_from_fork+0x116/0x1d0
[   11.110793]  ? __pfx_kthread+0x10/0x10
[   11.110812]  ret_from_fork_asm+0x1a/0x30
[   11.110841]  </TASK>
[   11.110853] 
[   11.124259] Allocated by task 173:
[   11.124618]  kasan_save_stack+0x45/0x70
[   11.125057]  kasan_save_track+0x18/0x40
[   11.125477]  kasan_save_alloc_info+0x3b/0x50
[   11.125784]  __kasan_krealloc+0x190/0x1f0
[   11.125925]  krealloc_noprof+0xf3/0x340
[   11.126073]  krealloc_more_oob_helper+0x1a9/0x930
[   11.126584]  krealloc_more_oob+0x1c/0x30
[   11.127044]  kunit_try_run_case+0x1a5/0x480
[   11.127444]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.127975]  kthread+0x337/0x6f0
[   11.128306]  ret_from_fork+0x116/0x1d0
[   11.128674]  ret_from_fork_asm+0x1a/0x30
[   11.129038] 
[   11.129146] The buggy address belongs to the object at ffff88810033f000
[   11.129146]  which belongs to the cache kmalloc-256 of size 256
[   11.129504] The buggy address is located 0 bytes to the right of
[   11.129504]  allocated 235-byte region [ffff88810033f000, ffff88810033f0eb)
[   11.130508] 
[   11.130726] The buggy address belongs to the physical page:
[   11.131264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   11.132028] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.132710] flags: 0x200000000000040(head|node=0|zone=2)
[   11.133326] page_type: f5(slab)
[   11.133633] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.134096] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.134329] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.134559] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.134832] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   11.135346] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.135634] page dumped because: kasan: bad access detected
[   11.135822] 
[   11.135901] Memory state around the buggy address:
[   11.136264]  ffff88810033ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.136759]  ffff88810033f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.137495] >ffff88810033f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.138445]                                                           ^
[   11.139096]  ffff88810033f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.139885]  ffff88810033f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.140610] ==================================================================
[   11.141496] ==================================================================
[   11.142327] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.142573] Write of size 1 at addr ffff88810033f0f0 by task kunit_try_catch/173
[   11.142859] 
[   11.142978] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.143099] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.143112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.143133] Call Trace:
[   11.143151]  <TASK>
[   11.143169]  dump_stack_lvl+0x73/0xb0
[   11.143197]  print_report+0xd1/0x650
[   11.143219]  ? __virt_addr_valid+0x1db/0x2d0
[   11.143242]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.143264]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.143284]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.143307]  kasan_report+0x141/0x180
[   11.143327]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.143353]  __asan_report_store1_noabort+0x1b/0x30
[   11.143374]  krealloc_more_oob_helper+0x7eb/0x930
[   11.143395]  ? __schedule+0x10cc/0x2b60
[   11.143416]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.143440]  ? finish_task_switch.isra.0+0x153/0x700
[   11.143461]  ? __switch_to+0x47/0xf50
[   11.143485]  ? __schedule+0x10cc/0x2b60
[   11.143504]  ? __pfx_read_tsc+0x10/0x10
[   11.143527]  krealloc_more_oob+0x1c/0x30
[   11.143547]  kunit_try_run_case+0x1a5/0x480
[   11.143570]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.143591]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.143613]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.143634]  ? __kthread_parkme+0x82/0x180
[   11.143653]  ? preempt_count_sub+0x50/0x80
[   11.143674]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.143696]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.143737]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.143759]  kthread+0x337/0x6f0
[   11.143778]  ? trace_preempt_on+0x20/0xc0
[   11.143801]  ? __pfx_kthread+0x10/0x10
[   11.143820]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.143839]  ? calculate_sigpending+0x7b/0xa0
[   11.143862]  ? __pfx_kthread+0x10/0x10
[   11.143882]  ret_from_fork+0x116/0x1d0
[   11.143899]  ? __pfx_kthread+0x10/0x10
[   11.143918]  ret_from_fork_asm+0x1a/0x30
[   11.143948]  </TASK>
[   11.143959] 
[   11.155128] Allocated by task 173:
[   11.155302]  kasan_save_stack+0x45/0x70
[   11.155485]  kasan_save_track+0x18/0x40
[   11.155919]  kasan_save_alloc_info+0x3b/0x50
[   11.156219]  __kasan_krealloc+0x190/0x1f0
[   11.156443]  krealloc_noprof+0xf3/0x340
[   11.156621]  krealloc_more_oob_helper+0x1a9/0x930
[   11.157080]  krealloc_more_oob+0x1c/0x30
[   11.157252]  kunit_try_run_case+0x1a5/0x480
[   11.157433]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.157931]  kthread+0x337/0x6f0
[   11.158187]  ret_from_fork+0x116/0x1d0
[   11.158521]  ret_from_fork_asm+0x1a/0x30
[   11.158942] 
[   11.159171] The buggy address belongs to the object at ffff88810033f000
[   11.159171]  which belongs to the cache kmalloc-256 of size 256
[   11.160078] The buggy address is located 5 bytes to the right of
[   11.160078]  allocated 235-byte region [ffff88810033f000, ffff88810033f0eb)
[   11.160932] 
[   11.161051] The buggy address belongs to the physical page:
[   11.161288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   11.161609] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.162610] flags: 0x200000000000040(head|node=0|zone=2)
[   11.163203] page_type: f5(slab)
[   11.163369] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.163943] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.164331] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.164857] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.165344] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   11.166043] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.166452] page dumped because: kasan: bad access detected
[   11.166965] 
[   11.167166] Memory state around the buggy address:
[   11.167519]  ffff88810033ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.168159]  ffff88810033f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.168586] >ffff88810033f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.169057]                                                              ^
[   11.169345]  ffff88810033f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.169631]  ffff88810033f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.170182] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zHKEi9O49DhNJUpxMLMiefbp3L

job_id

TEST:linaro@lkft#2zHKJB7Vmr3YpZNtQVPcNXGc03Y

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zHKJB7Vmr3YpZNtQVPcNXGc03Y

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKGWUMhHSR70srczhDqbaHRzn/bzImage
sha256sum	dbd6c6ee080c42d4ab34ddd560f751df4f05ac57b1c1574c3e8dabbf75044859

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zHKGWUMhHSR70srczhDqbaHRzn/modules.tar.xz
sha256sum	40c807fc7c31b6ab24c7f1122956d75b22da72c0f5973ee582d05cc412c6f22f

durations

tests

boot	0
kunit	218.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit