lkft/sashal-linus-next - v6.13-rc7-43689-g85c2c095929a - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 16, 2025, 3:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.490256] ==================================================================
[   16.490316] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.490371] Write of size 1 at addr fff00000c638a0eb by task kunit_try_catch/156
[   16.490420] 
[   16.490451] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.490539] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.490641] Hardware name: linux,dummy-virt (DT)
[   16.490672] Call trace:
[   16.490774]  show_stack+0x20/0x38 (C)
[   16.490972]  dump_stack_lvl+0x8c/0xd0
[   16.491079]  print_report+0x118/0x5d0
[   16.491304]  kasan_report+0xdc/0x128
[   16.491351]  __asan_report_store1_noabort+0x20/0x30
[   16.491402]  krealloc_more_oob_helper+0x60c/0x678
[   16.491450]  krealloc_more_oob+0x20/0x38
[   16.491650]  kunit_try_run_case+0x170/0x3f0
[   16.491706]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.491768]  kthread+0x328/0x630
[   16.492217]  ret_from_fork+0x10/0x20
[   16.492415] 
[   16.492617] Allocated by task 156:
[   16.492984]  kasan_save_stack+0x3c/0x68
[   16.493263]  kasan_save_track+0x20/0x40
[   16.493396]  kasan_save_alloc_info+0x40/0x58
[   16.493455]  __kasan_krealloc+0x118/0x178
[   16.493492]  krealloc_noprof+0x128/0x360
[   16.493586]  krealloc_more_oob_helper+0x168/0x678
[   16.493625]  krealloc_more_oob+0x20/0x38
[   16.493660]  kunit_try_run_case+0x170/0x3f0
[   16.493921]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.494084]  kthread+0x328/0x630
[   16.494120]  ret_from_fork+0x10/0x20
[   16.494169] 
[   16.494188] The buggy address belongs to the object at fff00000c638a000
[   16.494188]  which belongs to the cache kmalloc-256 of size 256
[   16.494247] The buggy address is located 0 bytes to the right of
[   16.494247]  allocated 235-byte region [fff00000c638a000, fff00000c638a0eb)
[   16.494311] 
[   16.494653] The buggy address belongs to the physical page:
[   16.494899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a
[   16.494962] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.495015] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.495342] page_type: f5(slab)
[   16.495389] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.495897] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.495952] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.496001] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.496075] head: 0bfffe0000000001 ffffc1ffc318e281 00000000ffffffff 00000000ffffffff
[   16.496231] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.496308] page dumped because: kasan: bad access detected
[   16.496593] 
[   16.496612] Memory state around the buggy address:
[   16.496719]  fff00000c6389f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.496835]  fff00000c638a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.496891] >fff00000c638a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.497007]                                                           ^
[   16.497047]  fff00000c638a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.497088]  fff00000c638a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.497212] ==================================================================
[   16.498659] ==================================================================
[   16.498757] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.498812] Write of size 1 at addr fff00000c638a0f0 by task kunit_try_catch/156
[   16.498884] 
[   16.499039] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.499196] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.499264] Hardware name: linux,dummy-virt (DT)
[   16.499295] Call trace:
[   16.499315]  show_stack+0x20/0x38 (C)
[   16.499670]  dump_stack_lvl+0x8c/0xd0
[   16.499848]  print_report+0x118/0x5d0
[   16.499988]  kasan_report+0xdc/0x128
[   16.500203]  __asan_report_store1_noabort+0x20/0x30
[   16.500326]  krealloc_more_oob_helper+0x5c0/0x678
[   16.500417]  krealloc_more_oob+0x20/0x38
[   16.500468]  kunit_try_run_case+0x170/0x3f0
[   16.500521]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.500942]  kthread+0x328/0x630
[   16.501197]  ret_from_fork+0x10/0x20
[   16.501339] 
[   16.501357] Allocated by task 156:
[   16.501481]  kasan_save_stack+0x3c/0x68
[   16.501522]  kasan_save_track+0x20/0x40
[   16.501559]  kasan_save_alloc_info+0x40/0x58
[   16.501618]  __kasan_krealloc+0x118/0x178
[   16.501968]  krealloc_noprof+0x128/0x360
[   16.502189]  krealloc_more_oob_helper+0x168/0x678
[   16.502270]  krealloc_more_oob+0x20/0x38
[   16.502306]  kunit_try_run_case+0x170/0x3f0
[   16.502381]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.502455]  kthread+0x328/0x630
[   16.502489]  ret_from_fork+0x10/0x20
[   16.502523] 
[   16.502542] The buggy address belongs to the object at fff00000c638a000
[   16.502542]  which belongs to the cache kmalloc-256 of size 256
[   16.502600] The buggy address is located 5 bytes to the right of
[   16.502600]  allocated 235-byte region [fff00000c638a000, fff00000c638a0eb)
[   16.502664] 
[   16.502684] The buggy address belongs to the physical page:
[   16.502725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638a
[   16.503050] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.503108] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.503348] page_type: f5(slab)
[   16.503764] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.503901] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.503951] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.504217] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.504367] head: 0bfffe0000000001 ffffc1ffc318e281 00000000ffffffff 00000000ffffffff
[   16.504429] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.504514] page dumped because: kasan: bad access detected
[   16.504675] 
[   16.504699] Memory state around the buggy address:
[   16.504740]  fff00000c6389f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.504841]  fff00000c638a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.504882] >fff00000c638a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.504923]                                                              ^
[   16.505024]  fff00000c638a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.505226]  fff00000c638a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.505264] ==================================================================
[   16.576766] ==================================================================
[   16.576833] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.576890] Write of size 1 at addr fff00000c78960f0 by task kunit_try_catch/160
[   16.577013] 
[   16.577097] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.577208] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.577263] Hardware name: linux,dummy-virt (DT)
[   16.577311] Call trace:
[   16.577356]  show_stack+0x20/0x38 (C)
[   16.577407]  dump_stack_lvl+0x8c/0xd0
[   16.577474]  print_report+0x118/0x5d0
[   16.577589]  kasan_report+0xdc/0x128
[   16.577654]  __asan_report_store1_noabort+0x20/0x30
[   16.577705]  krealloc_more_oob_helper+0x5c0/0x678
[   16.577956]  krealloc_large_more_oob+0x20/0x38
[   16.578069]  kunit_try_run_case+0x170/0x3f0
[   16.578137]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.578190]  kthread+0x328/0x630
[   16.578245]  ret_from_fork+0x10/0x20
[   16.578311] 
[   16.578336] The buggy address belongs to the physical page:
[   16.578385] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   16.578493] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.578557] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.578648] page_type: f8(unknown)
[   16.578761] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.578812] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.578896] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.578951] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.579017] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   16.579066] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.579113] page dumped because: kasan: bad access detected
[   16.579143] 
[   16.579187] Memory state around the buggy address:
[   16.579522]  fff00000c7895f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.579620]  fff00000c7896000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.579701] >fff00000c7896080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.579842]                                                              ^
[   16.579884]  fff00000c7896100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.579961]  fff00000c7896180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.580047] ==================================================================
[   16.561684] ==================================================================
[   16.561811] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.561883] Write of size 1 at addr fff00000c78960eb by task kunit_try_catch/160
[   16.561975] 
[   16.562011] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.562093] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.562119] Hardware name: linux,dummy-virt (DT)
[   16.562155] Call trace:
[   16.562329]  show_stack+0x20/0x38 (C)
[   16.562457]  dump_stack_lvl+0x8c/0xd0
[   16.562526]  print_report+0x118/0x5d0
[   16.562615]  kasan_report+0xdc/0x128
[   16.562660]  __asan_report_store1_noabort+0x20/0x30
[   16.562731]  krealloc_more_oob_helper+0x60c/0x678
[   16.562887]  krealloc_large_more_oob+0x20/0x38
[   16.563013]  kunit_try_run_case+0x170/0x3f0
[   16.563139]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.563317]  kthread+0x328/0x630
[   16.563399]  ret_from_fork+0x10/0x20
[   16.563454] 
[   16.563474] The buggy address belongs to the physical page:
[   16.563506] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107894
[   16.563765] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.564399] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.565792] page_type: f8(unknown)
[   16.565858] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.566336] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.566634] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.566686] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.568078] head: 0bfffe0000000002 ffffc1ffc31e2501 00000000ffffffff 00000000ffffffff
[   16.568478] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.568536] page dumped because: kasan: bad access detected
[   16.568568] 
[   16.568587] Memory state around the buggy address:
[   16.568619]  fff00000c7895f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.569307]  fff00000c7896000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.570396] >fff00000c7896080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.570774]                                                           ^
[   16.570926]  fff00000c7896100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.571271]  fff00000c7896180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.571802] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhPau2yAblffjobEYDaYG9UHu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhPau2yAblffjobEYDaYG9UHu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/Image.gz
sha256sum	2b0debcad36297881bc624782cf0edc33acb46b91709a8f0c31c1d114a03cebe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhN3VTNlTymq56lwQbyJq1gVx/modules.tar.xz
sha256sum	0b414e42fe2c93d65e38e631ab86e7681d93e88e3b96220c05e8c582fa2dd427

durations

tests

boot	0
kunit	186.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.365269] ==================================================================
[   12.365532] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.365950] Write of size 1 at addr ffff88810278a0f0 by task kunit_try_catch/177
[   12.366715] 
[   12.366958] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.367111] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.367123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.367141] Call Trace:
[   12.367155]  <TASK>
[   12.367169]  dump_stack_lvl+0x73/0xb0
[   12.367208]  print_report+0xd1/0x610
[   12.367231]  ? __virt_addr_valid+0x1db/0x2d0
[   12.367254]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367278]  ? kasan_addr_to_slab+0x11/0xa0
[   12.367299]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367324]  kasan_report+0x141/0x180
[   12.367346]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367376]  __asan_report_store1_noabort+0x1b/0x30
[   12.367401]  krealloc_more_oob_helper+0x7eb/0x930
[   12.367424]  ? __schedule+0x10cc/0x2b60
[   12.367446]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.367472]  ? finish_task_switch.isra.0+0x153/0x700
[   12.367495]  ? __switch_to+0x47/0xf50
[   12.367521]  ? __schedule+0x10cc/0x2b60
[   12.367543]  ? __pfx_read_tsc+0x10/0x10
[   12.367567]  krealloc_large_more_oob+0x1c/0x30
[   12.367591]  kunit_try_run_case+0x1a5/0x480
[   12.367616]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.367639]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.367663]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.367687]  ? __kthread_parkme+0x82/0x180
[   12.367708]  ? preempt_count_sub+0x50/0x80
[   12.367731]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.367767]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.367792]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.367817]  kthread+0x337/0x6f0
[   12.367837]  ? trace_preempt_on+0x20/0xc0
[   12.367861]  ? __pfx_kthread+0x10/0x10
[   12.367882]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.367904]  ? calculate_sigpending+0x7b/0xa0
[   12.367929]  ? __pfx_kthread+0x10/0x10
[   12.367951]  ret_from_fork+0x116/0x1d0
[   12.367970]  ? __pfx_kthread+0x10/0x10
[   12.368138]  ret_from_fork_asm+0x1a/0x30
[   12.368171]  </TASK>
[   12.368181] 
[   12.376383] The buggy address belongs to the physical page:
[   12.376670] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102788
[   12.376934] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.377456] flags: 0x200000000000040(head|node=0|zone=2)
[   12.377725] page_type: f8(unknown)
[   12.377963] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.378259] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.378605] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.378861] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.379094] head: 0200000000000002 ffffea000409e201 00000000ffffffff 00000000ffffffff
[   12.379441] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.379810] page dumped because: kasan: bad access detected
[   12.380074] 
[   12.380173] Memory state around the buggy address:
[   12.380408]  ffff888102789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.380924]  ffff88810278a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.381289] >ffff88810278a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.381595]                                                              ^
[   12.381869]  ffff88810278a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.382115]  ffff88810278a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.382435] ==================================================================
[   12.342148] ==================================================================
[   12.342791] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.343336] Write of size 1 at addr ffff88810278a0eb by task kunit_try_catch/177
[   12.343882] 
[   12.344359] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.344411] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.344423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.344445] Call Trace:
[   12.344457]  <TASK>
[   12.344474]  dump_stack_lvl+0x73/0xb0
[   12.344509]  print_report+0xd1/0x610
[   12.344532]  ? __virt_addr_valid+0x1db/0x2d0
[   12.344557]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344581]  ? kasan_addr_to_slab+0x11/0xa0
[   12.344602]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344627]  kasan_report+0x141/0x180
[   12.344649]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344679]  __asan_report_store1_noabort+0x1b/0x30
[   12.344705]  krealloc_more_oob_helper+0x821/0x930
[   12.344728]  ? __schedule+0x10cc/0x2b60
[   12.344766]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.344792]  ? finish_task_switch.isra.0+0x153/0x700
[   12.344816]  ? __switch_to+0x47/0xf50
[   12.344843]  ? __schedule+0x10cc/0x2b60
[   12.344865]  ? __pfx_read_tsc+0x10/0x10
[   12.344890]  krealloc_large_more_oob+0x1c/0x30
[   12.344914]  kunit_try_run_case+0x1a5/0x480
[   12.344940]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.344963]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.345048]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.345073]  ? __kthread_parkme+0x82/0x180
[   12.345095]  ? preempt_count_sub+0x50/0x80
[   12.345119]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.345144]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.345169]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.345195]  kthread+0x337/0x6f0
[   12.345214]  ? trace_preempt_on+0x20/0xc0
[   12.345238]  ? __pfx_kthread+0x10/0x10
[   12.345259]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.345281]  ? calculate_sigpending+0x7b/0xa0
[   12.345306]  ? __pfx_kthread+0x10/0x10
[   12.345328]  ret_from_fork+0x116/0x1d0
[   12.345347]  ? __pfx_kthread+0x10/0x10
[   12.345368]  ret_from_fork_asm+0x1a/0x30
[   12.345400]  </TASK>
[   12.345411] 
[   12.356441] The buggy address belongs to the physical page:
[   12.357074] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102788
[   12.357578] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.358020] flags: 0x200000000000040(head|node=0|zone=2)
[   12.358415] page_type: f8(unknown)
[   12.358591] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.358916] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.359413] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.359907] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.360380] head: 0200000000000002 ffffea000409e201 00000000ffffffff 00000000ffffffff
[   12.361031] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.361426] page dumped because: kasan: bad access detected
[   12.361655] 
[   12.361886] Memory state around the buggy address:
[   12.362151]  ffff888102789f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.362636]  ffff88810278a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.362929] >ffff88810278a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.363420]                                                           ^
[   12.363816]  ffff88810278a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.364247]  ffff88810278a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.364782] ==================================================================
[   12.153403] ==================================================================
[   12.153857] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.154312] Write of size 1 at addr ffff888100a322eb by task kunit_try_catch/173
[   12.154623] 
[   12.154741] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.154797] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.154809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.154830] Call Trace:
[   12.154841]  <TASK>
[   12.154856]  dump_stack_lvl+0x73/0xb0
[   12.154883]  print_report+0xd1/0x610
[   12.154905]  ? __virt_addr_valid+0x1db/0x2d0
[   12.154929]  ? krealloc_more_oob_helper+0x821/0x930
[   12.154953]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.154977]  ? krealloc_more_oob_helper+0x821/0x930
[   12.155013]  kasan_report+0x141/0x180
[   12.155035]  ? krealloc_more_oob_helper+0x821/0x930
[   12.155064]  __asan_report_store1_noabort+0x1b/0x30
[   12.155089]  krealloc_more_oob_helper+0x821/0x930
[   12.155112]  ? __schedule+0x10cc/0x2b60
[   12.155134]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.155159]  ? finish_task_switch.isra.0+0x153/0x700
[   12.155186]  ? __switch_to+0x47/0xf50
[   12.155213]  ? __schedule+0x10cc/0x2b60
[   12.155234]  ? __pfx_read_tsc+0x10/0x10
[   12.155258]  krealloc_more_oob+0x1c/0x30
[   12.155280]  kunit_try_run_case+0x1a5/0x480
[   12.155304]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.155327]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.155351]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.155375]  ? __kthread_parkme+0x82/0x180
[   12.155395]  ? preempt_count_sub+0x50/0x80
[   12.155418]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.155606]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.155640]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.155666]  kthread+0x337/0x6f0
[   12.155685]  ? trace_preempt_on+0x20/0xc0
[   12.155709]  ? __pfx_kthread+0x10/0x10
[   12.155730]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.155764]  ? calculate_sigpending+0x7b/0xa0
[   12.155789]  ? __pfx_kthread+0x10/0x10
[   12.155810]  ret_from_fork+0x116/0x1d0
[   12.155829]  ? __pfx_kthread+0x10/0x10
[   12.155849]  ret_from_fork_asm+0x1a/0x30
[   12.155880]  </TASK>
[   12.155889] 
[   12.164333] Allocated by task 173:
[   12.164514]  kasan_save_stack+0x45/0x70
[   12.164662]  kasan_save_track+0x18/0x40
[   12.164864]  kasan_save_alloc_info+0x3b/0x50
[   12.165251]  __kasan_krealloc+0x190/0x1f0
[   12.165449]  krealloc_noprof+0xf3/0x340
[   12.165646]  krealloc_more_oob_helper+0x1a9/0x930
[   12.165838]  krealloc_more_oob+0x1c/0x30
[   12.166085]  kunit_try_run_case+0x1a5/0x480
[   12.166298]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.166544]  kthread+0x337/0x6f0
[   12.166686]  ret_from_fork+0x116/0x1d0
[   12.166830]  ret_from_fork_asm+0x1a/0x30
[   12.166971] 
[   12.167043] The buggy address belongs to the object at ffff888100a32200
[   12.167043]  which belongs to the cache kmalloc-256 of size 256
[   12.167517] The buggy address is located 0 bytes to the right of
[   12.167517]  allocated 235-byte region [ffff888100a32200, ffff888100a322eb)
[   12.168093] 
[   12.168190] The buggy address belongs to the physical page:
[   12.168595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a32
[   12.168944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.169327] flags: 0x200000000000040(head|node=0|zone=2)
[   12.169596] page_type: f5(slab)
[   12.169716] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.170043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.170388] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.170813] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.171236] head: 0200000000000001 ffffea0004028c81 00000000ffffffff 00000000ffffffff
[   12.171495] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.171739] page dumped because: kasan: bad access detected
[   12.172008] 
[   12.172103] Memory state around the buggy address:
[   12.172324]  ffff888100a32180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.172783]  ffff888100a32200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.172997] >ffff888100a32280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.173485]                                                           ^
[   12.173807]  ffff888100a32300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.174123]  ffff888100a32380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.174337] ==================================================================
[   12.175149] ==================================================================
[   12.175443] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.175726] Write of size 1 at addr ffff888100a322f0 by task kunit_try_catch/173
[   12.175964] 
[   12.176072] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.176110] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.176121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.176139] Call Trace:
[   12.176152]  <TASK>
[   12.176164]  dump_stack_lvl+0x73/0xb0
[   12.176189]  print_report+0xd1/0x610
[   12.176209]  ? __virt_addr_valid+0x1db/0x2d0
[   12.176230]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.176496]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.176528]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.176554]  kasan_report+0x141/0x180
[   12.176576]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.176606]  __asan_report_store1_noabort+0x1b/0x30
[   12.176631]  krealloc_more_oob_helper+0x7eb/0x930
[   12.176654]  ? __schedule+0x10cc/0x2b60
[   12.176676]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.176702]  ? finish_task_switch.isra.0+0x153/0x700
[   12.176725]  ? __switch_to+0x47/0xf50
[   12.176750]  ? __schedule+0x10cc/0x2b60
[   12.176785]  ? __pfx_read_tsc+0x10/0x10
[   12.176809]  krealloc_more_oob+0x1c/0x30
[   12.176831]  kunit_try_run_case+0x1a5/0x480
[   12.176855]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.176878]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.176901]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.176925]  ? __kthread_parkme+0x82/0x180
[   12.176946]  ? preempt_count_sub+0x50/0x80
[   12.176969]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.177136]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.177163]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.177188]  kthread+0x337/0x6f0
[   12.177207]  ? trace_preempt_on+0x20/0xc0
[   12.177231]  ? __pfx_kthread+0x10/0x10
[   12.177251]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.177273]  ? calculate_sigpending+0x7b/0xa0
[   12.177297]  ? __pfx_kthread+0x10/0x10
[   12.177318]  ret_from_fork+0x116/0x1d0
[   12.177337]  ? __pfx_kthread+0x10/0x10
[   12.177357]  ret_from_fork_asm+0x1a/0x30
[   12.177387]  </TASK>
[   12.177397] 
[   12.189799] Allocated by task 173:
[   12.190212]  kasan_save_stack+0x45/0x70
[   12.190463]  kasan_save_track+0x18/0x40
[   12.190832]  kasan_save_alloc_info+0x3b/0x50
[   12.191207]  __kasan_krealloc+0x190/0x1f0
[   12.191403]  krealloc_noprof+0xf3/0x340
[   12.191734]  krealloc_more_oob_helper+0x1a9/0x930
[   12.191958]  krealloc_more_oob+0x1c/0x30
[   12.192389]  kunit_try_run_case+0x1a5/0x480
[   12.192690]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.192934]  kthread+0x337/0x6f0
[   12.193231]  ret_from_fork+0x116/0x1d0
[   12.193738]  ret_from_fork_asm+0x1a/0x30
[   12.193961] 
[   12.194160] The buggy address belongs to the object at ffff888100a32200
[   12.194160]  which belongs to the cache kmalloc-256 of size 256
[   12.194900] The buggy address is located 5 bytes to the right of
[   12.194900]  allocated 235-byte region [ffff888100a32200, ffff888100a322eb)
[   12.195766] 
[   12.195866] The buggy address belongs to the physical page:
[   12.196303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a32
[   12.196818] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.197256] flags: 0x200000000000040(head|node=0|zone=2)
[   12.197748] page_type: f5(slab)
[   12.197918] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.198547] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.199080] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.199405] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.200060] head: 0200000000000001 ffffea0004028c81 00000000ffffffff 00000000ffffffff
[   12.200390] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.201245] page dumped because: kasan: bad access detected
[   12.201825] 
[   12.201922] Memory state around the buggy address:
[   12.202617]  ffff888100a32180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.203168]  ffff888100a32200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.203839] >ffff888100a32280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.204459]                                                              ^
[   12.204917]  ffff888100a32300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.205242]  ffff888100a32380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.205884] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zxhLvJNzKfC2O2grt7A3kOWC6T

job_id

TEST:linaro@lkft#2zxhQRPGZHbRb85n8CYDdoCjSy0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zxhQRPGZHbRb85n8CYDdoCjSy0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/bzImage
sha256sum	94877b9cad13014eacc1b841cafb46b2097b45d947e8687ced9818c2ce733fa2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zxhNmGnSWM4SZJ5ZvQ7mQd6mJs/modules.tar.xz
sha256sum	6702e05d8ba94a91e49ea6d51a35ae017a4bc99ef9af93b264bfdbdbbf2ed2bf

durations

tests

boot	0
kunit	207.16

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit