lkft/sashal-linus-next - v6.13-rc7-44054-ga0826ac5bfa4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 20, 2025, 8:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.007875] ==================================================================
[   15.008717] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.008787] Write of size 1 at addr fff00000c5f4b4f0 by task kunit_try_catch/157
[   15.008847] 
[   15.008920] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.009220] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.009898] Hardware name: linux,dummy-virt (DT)
[   15.010199] Call trace:
[   15.010232]  show_stack+0x20/0x38 (C)
[   15.010284]  dump_stack_lvl+0x8c/0xd0
[   15.010355]  print_report+0x118/0x5d0
[   15.010426]  kasan_report+0xdc/0x128
[   15.010472]  __asan_report_store1_noabort+0x20/0x30
[   15.010522]  krealloc_more_oob_helper+0x5c0/0x678
[   15.010585]  krealloc_more_oob+0x20/0x38
[   15.010630]  kunit_try_run_case+0x170/0x3f0
[   15.010676]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.010728]  kthread+0x328/0x630
[   15.010775]  ret_from_fork+0x10/0x20
[   15.010848] 
[   15.010868] Allocated by task 157:
[   15.010895]  kasan_save_stack+0x3c/0x68
[   15.010945]  kasan_save_track+0x20/0x40
[   15.010992]  kasan_save_alloc_info+0x40/0x58
[   15.011034]  __kasan_krealloc+0x118/0x178
[   15.011079]  krealloc_noprof+0x128/0x360
[   15.011117]  krealloc_more_oob_helper+0x168/0x678
[   15.011167]  krealloc_more_oob+0x20/0x38
[   15.011223]  kunit_try_run_case+0x170/0x3f0
[   15.011261]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.011302]  kthread+0x328/0x630
[   15.011335]  ret_from_fork+0x10/0x20
[   15.011376] 
[   15.011395] The buggy address belongs to the object at fff00000c5f4b400
[   15.011395]  which belongs to the cache kmalloc-256 of size 256
[   15.011452] The buggy address is located 5 bytes to the right of
[   15.011452]  allocated 235-byte region [fff00000c5f4b400, fff00000c5f4b4eb)
[   15.011512] 
[   15.011532] The buggy address belongs to the physical page:
[   15.011561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f4a
[   15.011628] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.011682] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.011741] page_type: f5(slab)
[   15.011783] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.011841] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.011889] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.011935] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.011982] head: 0bfffe0000000001 ffffc1ffc317d281 00000000ffffffff 00000000ffffffff
[   15.012029] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.012067] page dumped because: kasan: bad access detected
[   15.012111] 
[   15.012130] Memory state around the buggy address:
[   15.012161]  fff00000c5f4b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.012677]  fff00000c5f4b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.013231] >fff00000c5f4b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.013275]                                                              ^
[   15.013314]  fff00000c5f4b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.013542]  fff00000c5f4b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.013641] ==================================================================
[   14.998563] ==================================================================
[   14.998810] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   14.998905] Write of size 1 at addr fff00000c5f4b4eb by task kunit_try_catch/157
[   14.999202] 
[   14.999241] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   14.999455] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.999483] Hardware name: linux,dummy-virt (DT)
[   14.999573] Call trace:
[   14.999597]  show_stack+0x20/0x38 (C)
[   14.999679]  dump_stack_lvl+0x8c/0xd0
[   14.999733]  print_report+0x118/0x5d0
[   14.999778]  kasan_report+0xdc/0x128
[   14.999823]  __asan_report_store1_noabort+0x20/0x30
[   14.999873]  krealloc_more_oob_helper+0x60c/0x678
[   15.000166]  krealloc_more_oob+0x20/0x38
[   15.000668]  kunit_try_run_case+0x170/0x3f0
[   15.000774]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.000841]  kthread+0x328/0x630
[   15.000960]  ret_from_fork+0x10/0x20
[   15.001205] 
[   15.001274] Allocated by task 157:
[   15.001390]  kasan_save_stack+0x3c/0x68
[   15.001434]  kasan_save_track+0x20/0x40
[   15.001490]  kasan_save_alloc_info+0x40/0x58
[   15.001561]  __kasan_krealloc+0x118/0x178
[   15.002004]  krealloc_noprof+0x128/0x360
[   15.002163]  krealloc_more_oob_helper+0x168/0x678
[   15.002333]  krealloc_more_oob+0x20/0x38
[   15.002426]  kunit_try_run_case+0x170/0x3f0
[   15.002464]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.002792]  kthread+0x328/0x630
[   15.002862]  ret_from_fork+0x10/0x20
[   15.003035] 
[   15.003104] The buggy address belongs to the object at fff00000c5f4b400
[   15.003104]  which belongs to the cache kmalloc-256 of size 256
[   15.003263] The buggy address is located 0 bytes to the right of
[   15.003263]  allocated 235-byte region [fff00000c5f4b400, fff00000c5f4b4eb)
[   15.003357] 
[   15.003395] The buggy address belongs to the physical page:
[   15.003428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f4a
[   15.003879] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.003984] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.004071] page_type: f5(slab)
[   15.004406] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.004630] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.004718] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.004860] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.005126] head: 0bfffe0000000001 ffffc1ffc317d281 00000000ffffffff 00000000ffffffff
[   15.005422] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.005506] page dumped because: kasan: bad access detected
[   15.005659] 
[   15.005724] Memory state around the buggy address:
[   15.005860]  fff00000c5f4b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.005946]  fff00000c5f4b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.006073] >fff00000c5f4b480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.006127]                                                           ^
[   15.006206]  fff00000c5f4b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.006767]  fff00000c5f4b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.006851] ==================================================================
[   15.080510] ==================================================================
[   15.080556] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.080602] Write of size 1 at addr fff00000c769e0f0 by task kunit_try_catch/161
[   15.081166] 
[   15.081253] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.081750] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.081785] Hardware name: linux,dummy-virt (DT)
[   15.081815] Call trace:
[   15.082244]  show_stack+0x20/0x38 (C)
[   15.082497]  dump_stack_lvl+0x8c/0xd0
[   15.082570]  print_report+0x118/0x5d0
[   15.082617]  kasan_report+0xdc/0x128
[   15.082662]  __asan_report_store1_noabort+0x20/0x30
[   15.082713]  krealloc_more_oob_helper+0x5c0/0x678
[   15.082771]  krealloc_large_more_oob+0x20/0x38
[   15.082834]  kunit_try_run_case+0x170/0x3f0
[   15.082880]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.082932]  kthread+0x328/0x630
[   15.082973]  ret_from_fork+0x10/0x20
[   15.083033] 
[   15.083070] The buggy address belongs to the physical page:
[   15.083106] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10769c
[   15.083157] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.083233] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.083290] page_type: f8(unknown)
[   15.083328] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.083376] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.083434] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.083489] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.083543] head: 0bfffe0000000002 ffffc1ffc31da701 00000000ffffffff 00000000ffffffff
[   15.083608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.083647] page dumped because: kasan: bad access detected
[   15.083677] 
[   15.083696] Memory state around the buggy address:
[   15.083726]  fff00000c769df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.083767]  fff00000c769e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.083808] >fff00000c769e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.083853]                                                              ^
[   15.083906]  fff00000c769e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.083946]  fff00000c769e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.083991] ==================================================================
[   15.071945] ==================================================================
[   15.072006] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.072397] Write of size 1 at addr fff00000c769e0eb by task kunit_try_catch/161
[   15.072729] 
[   15.072857] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.073100] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.073127] Hardware name: linux,dummy-virt (DT)
[   15.073195] Call trace:
[   15.073218]  show_stack+0x20/0x38 (C)
[   15.073478]  dump_stack_lvl+0x8c/0xd0
[   15.073685]  print_report+0x118/0x5d0
[   15.073806]  kasan_report+0xdc/0x128
[   15.073955]  __asan_report_store1_noabort+0x20/0x30
[   15.074046]  krealloc_more_oob_helper+0x60c/0x678
[   15.074410]  krealloc_large_more_oob+0x20/0x38
[   15.074554]  kunit_try_run_case+0x170/0x3f0
[   15.074689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.074768]  kthread+0x328/0x630
[   15.074894]  ret_from_fork+0x10/0x20
[   15.075020] 
[   15.075096] The buggy address belongs to the physical page:
[   15.075127] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10769c
[   15.075458] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.075766] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.075934] page_type: f8(unknown)
[   15.075992] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.076066] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.076477] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.076584] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.076682] head: 0bfffe0000000002 ffffc1ffc31da701 00000000ffffffff 00000000ffffffff
[   15.076825] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.076990] page dumped because: kasan: bad access detected
[   15.077052] 
[   15.077071] Memory state around the buggy address:
[   15.077125]  fff00000c769df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.077505]  fff00000c769e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.077607] >fff00000c769e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.077706]                                                           ^
[   15.077892]  fff00000c769e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.078045]  fff00000c769e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.078085] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

309aWYwhlSaX86OR0tyxd83BkVP

job_id

TEST:linaro@lkft#309aanSV96FyzA0myvVcjb3yGd6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309aanSV96FyzA0myvVcjb3yGd6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aXwXoGoTp4GczYC9pgbmH2fu/Image.gz
sha256sum	dd3efc46eaa5f6736b74b81818643c0723c262296650250cc4efcb52f7cb79a7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aXwXoGoTp4GczYC9pgbmH2fu/modules.tar.xz
sha256sum	f1c09dfa4ab8134d947ef1ee155c8283abaf591e8ee31c2f7bd7de0ce8dedb59

durations

tests

boot	0
kunit	165.81

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.549273] ==================================================================
[   12.549797] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.550160] Write of size 1 at addr ffff88810035a2eb by task kunit_try_catch/174
[   12.550887] 
[   12.550985] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.551031] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.551042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.551063] Call Trace:
[   12.551073]  <TASK>
[   12.551088]  dump_stack_lvl+0x73/0xb0
[   12.551119]  print_report+0xd1/0x610
[   12.551141]  ? __virt_addr_valid+0x1db/0x2d0
[   12.551163]  ? krealloc_more_oob_helper+0x821/0x930
[   12.551186]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.551208]  ? krealloc_more_oob_helper+0x821/0x930
[   12.551231]  kasan_report+0x141/0x180
[   12.551253]  ? krealloc_more_oob_helper+0x821/0x930
[   12.551281]  __asan_report_store1_noabort+0x1b/0x30
[   12.551305]  krealloc_more_oob_helper+0x821/0x930
[   12.551327]  ? __schedule+0x10c6/0x2b60
[   12.551349]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.551372]  ? finish_task_switch.isra.0+0x153/0x700
[   12.551394]  ? __switch_to+0x47/0xf50
[   12.551420]  ? __schedule+0x10c6/0x2b60
[   12.551441]  ? __pfx_read_tsc+0x10/0x10
[   12.551464]  krealloc_more_oob+0x1c/0x30
[   12.551499]  kunit_try_run_case+0x1a5/0x480
[   12.551523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.551545]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.551568]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.551590]  ? __kthread_parkme+0x82/0x180
[   12.551610]  ? preempt_count_sub+0x50/0x80
[   12.551632]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.551655]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.551679]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.551703]  kthread+0x337/0x6f0
[   12.551722]  ? trace_preempt_on+0x20/0xc0
[   12.551744]  ? __pfx_kthread+0x10/0x10
[   12.551764]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.551848]  ? calculate_sigpending+0x7b/0xa0
[   12.551874]  ? __pfx_kthread+0x10/0x10
[   12.551895]  ret_from_fork+0x116/0x1d0
[   12.551914]  ? __pfx_kthread+0x10/0x10
[   12.551934]  ret_from_fork_asm+0x1a/0x30
[   12.551964]  </TASK>
[   12.551974] 
[   12.560395] Allocated by task 174:
[   12.560560]  kasan_save_stack+0x45/0x70
[   12.560711]  kasan_save_track+0x18/0x40
[   12.560849]  kasan_save_alloc_info+0x3b/0x50
[   12.561236]  __kasan_krealloc+0x190/0x1f0
[   12.561447]  krealloc_noprof+0xf3/0x340
[   12.561657]  krealloc_more_oob_helper+0x1a9/0x930
[   12.561980]  krealloc_more_oob+0x1c/0x30
[   12.562161]  kunit_try_run_case+0x1a5/0x480
[   12.562492]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.562743]  kthread+0x337/0x6f0
[   12.563122]  ret_from_fork+0x116/0x1d0
[   12.563281]  ret_from_fork_asm+0x1a/0x30
[   12.563426] 
[   12.563516] The buggy address belongs to the object at ffff88810035a200
[   12.563516]  which belongs to the cache kmalloc-256 of size 256
[   12.563957] The buggy address is located 0 bytes to the right of
[   12.563957]  allocated 235-byte region [ffff88810035a200, ffff88810035a2eb)
[   12.564531] 
[   12.564630] The buggy address belongs to the physical page:
[   12.565064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10035a
[   12.565314] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.565949] flags: 0x200000000000040(head|node=0|zone=2)
[   12.566278] page_type: f5(slab)
[   12.566720] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.567017] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.567538] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.567782] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.568037] head: 0200000000000001 ffffea000400d681 00000000ffffffff 00000000ffffffff
[   12.568433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.568783] page dumped because: kasan: bad access detected
[   12.568965] 
[   12.569036] Memory state around the buggy address:
[   12.569196]  ffff88810035a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.569900]  ffff88810035a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.570583] >ffff88810035a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.570839]                                                           ^
[   12.571045]  ffff88810035a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.571606]  ffff88810035a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.572138] ==================================================================
[   12.723827] ==================================================================
[   12.724320] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.724666] Write of size 1 at addr ffff8881028120eb by task kunit_try_catch/178
[   12.724983] 
[   12.725384] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.725438] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.725450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.725487] Call Trace:
[   12.725501]  <TASK>
[   12.725517]  dump_stack_lvl+0x73/0xb0
[   12.725550]  print_report+0xd1/0x610
[   12.725573]  ? __virt_addr_valid+0x1db/0x2d0
[   12.725597]  ? krealloc_more_oob_helper+0x821/0x930
[   12.725621]  ? kasan_addr_to_slab+0x11/0xa0
[   12.725641]  ? krealloc_more_oob_helper+0x821/0x930
[   12.725665]  kasan_report+0x141/0x180
[   12.725687]  ? krealloc_more_oob_helper+0x821/0x930
[   12.725715]  __asan_report_store1_noabort+0x1b/0x30
[   12.725739]  krealloc_more_oob_helper+0x821/0x930
[   12.725762]  ? __schedule+0x10c6/0x2b60
[   12.725785]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.725809]  ? finish_task_switch.isra.0+0x153/0x700
[   12.725832]  ? __switch_to+0x47/0xf50
[   12.725859]  ? __schedule+0x10c6/0x2b60
[   12.725881]  ? __pfx_read_tsc+0x10/0x10
[   12.725905]  krealloc_large_more_oob+0x1c/0x30
[   12.725928]  kunit_try_run_case+0x1a5/0x480
[   12.725954]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.725976]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.726000]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.726023]  ? __kthread_parkme+0x82/0x180
[   12.726304]  ? preempt_count_sub+0x50/0x80
[   12.726333]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.726359]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.726383]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.726407]  kthread+0x337/0x6f0
[   12.726428]  ? trace_preempt_on+0x20/0xc0
[   12.726452]  ? __pfx_kthread+0x10/0x10
[   12.726486]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.726509]  ? calculate_sigpending+0x7b/0xa0
[   12.726533]  ? __pfx_kthread+0x10/0x10
[   12.726555]  ret_from_fork+0x116/0x1d0
[   12.726574]  ? __pfx_kthread+0x10/0x10
[   12.726594]  ret_from_fork_asm+0x1a/0x30
[   12.726626]  </TASK>
[   12.726636] 
[   12.735261] The buggy address belongs to the physical page:
[   12.735499] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102810
[   12.735765] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.736125] flags: 0x200000000000040(head|node=0|zone=2)
[   12.736395] page_type: f8(unknown)
[   12.736593] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.737132] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.737488] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.737739] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.738425] head: 0200000000000002 ffffea00040a0401 00000000ffffffff 00000000ffffffff
[   12.738810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.739137] page dumped because: kasan: bad access detected
[   12.739324] 
[   12.739399] Memory state around the buggy address:
[   12.739584]  ffff888102811f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.740235]  ffff888102812000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.740596] >ffff888102812080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.741174]                                                           ^
[   12.741464]  ffff888102812100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.741730]  ffff888102812180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.741998] ==================================================================
[   12.572870] ==================================================================
[   12.573179] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.573509] Write of size 1 at addr ffff88810035a2f0 by task kunit_try_catch/174
[   12.573890] 
[   12.574000] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.574044] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.574054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.574075] Call Trace:
[   12.574087]  <TASK>
[   12.574100]  dump_stack_lvl+0x73/0xb0
[   12.574133]  print_report+0xd1/0x610
[   12.574154]  ? __virt_addr_valid+0x1db/0x2d0
[   12.574174]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.574197]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.574218]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.574241]  kasan_report+0x141/0x180
[   12.574263]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.574291]  __asan_report_store1_noabort+0x1b/0x30
[   12.574314]  krealloc_more_oob_helper+0x7eb/0x930
[   12.574336]  ? __schedule+0x10c6/0x2b60
[   12.574358]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.574382]  ? finish_task_switch.isra.0+0x153/0x700
[   12.574403]  ? __switch_to+0x47/0xf50
[   12.574427]  ? __schedule+0x10c6/0x2b60
[   12.574448]  ? __pfx_read_tsc+0x10/0x10
[   12.574483]  krealloc_more_oob+0x1c/0x30
[   12.574504]  kunit_try_run_case+0x1a5/0x480
[   12.574527]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574549]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.574571]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.574593]  ? __kthread_parkme+0x82/0x180
[   12.574612]  ? preempt_count_sub+0x50/0x80
[   12.574634]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574657]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.574680]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.574702]  kthread+0x337/0x6f0
[   12.574721]  ? trace_preempt_on+0x20/0xc0
[   12.574743]  ? __pfx_kthread+0x10/0x10
[   12.574763]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.574783]  ? calculate_sigpending+0x7b/0xa0
[   12.574806]  ? __pfx_kthread+0x10/0x10
[   12.574827]  ret_from_fork+0x116/0x1d0
[   12.574844]  ? __pfx_kthread+0x10/0x10
[   12.574865]  ret_from_fork_asm+0x1a/0x30
[   12.574894]  </TASK>
[   12.574903] 
[   12.583637] Allocated by task 174:
[   12.583825]  kasan_save_stack+0x45/0x70
[   12.584038]  kasan_save_track+0x18/0x40
[   12.584308]  kasan_save_alloc_info+0x3b/0x50
[   12.584530]  __kasan_krealloc+0x190/0x1f0
[   12.584689]  krealloc_noprof+0xf3/0x340
[   12.585005]  krealloc_more_oob_helper+0x1a9/0x930
[   12.585175]  krealloc_more_oob+0x1c/0x30
[   12.585317]  kunit_try_run_case+0x1a5/0x480
[   12.585625]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.585913]  kthread+0x337/0x6f0
[   12.586037]  ret_from_fork+0x116/0x1d0
[   12.586178]  ret_from_fork_asm+0x1a/0x30
[   12.586545] 
[   12.586645] The buggy address belongs to the object at ffff88810035a200
[   12.586645]  which belongs to the cache kmalloc-256 of size 256
[   12.587218] The buggy address is located 5 bytes to the right of
[   12.587218]  allocated 235-byte region [ffff88810035a200, ffff88810035a2eb)
[   12.588298] 
[   12.588428] The buggy address belongs to the physical page:
[   12.588680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10035a
[   12.589998] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.590319] flags: 0x200000000000040(head|node=0|zone=2)
[   12.590599] page_type: f5(slab)
[   12.590737] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.591463] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.591925] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.592546] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.592836] head: 0200000000000001 ffffea000400d681 00000000ffffffff 00000000ffffffff
[   12.593438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.593905] page dumped because: kasan: bad access detected
[   12.594260] 
[   12.594365] Memory state around the buggy address:
[   12.594615]  ffff88810035a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.595152]  ffff88810035a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.595540] >ffff88810035a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.595854]                                                              ^
[   12.596501]  ffff88810035a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.596758]  ffff88810035a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.597352] ==================================================================
[   12.742693] ==================================================================
[   12.743438] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.743734] Write of size 1 at addr ffff8881028120f0 by task kunit_try_catch/178
[   12.744732] 
[   12.745023] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.745073] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.745086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.745109] Call Trace:
[   12.745124]  <TASK>
[   12.745139]  dump_stack_lvl+0x73/0xb0
[   12.745171]  print_report+0xd1/0x610
[   12.745195]  ? __virt_addr_valid+0x1db/0x2d0
[   12.745217]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.745241]  ? kasan_addr_to_slab+0x11/0xa0
[   12.745261]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.745285]  kasan_report+0x141/0x180
[   12.745307]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.745336]  __asan_report_store1_noabort+0x1b/0x30
[   12.745361]  krealloc_more_oob_helper+0x7eb/0x930
[   12.745383]  ? __schedule+0x10c6/0x2b60
[   12.745406]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.745431]  ? finish_task_switch.isra.0+0x153/0x700
[   12.745453]  ? __switch_to+0x47/0xf50
[   12.745492]  ? __schedule+0x10c6/0x2b60
[   12.745514]  ? __pfx_read_tsc+0x10/0x10
[   12.745538]  krealloc_large_more_oob+0x1c/0x30
[   12.745562]  kunit_try_run_case+0x1a5/0x480
[   12.745586]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.745633]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.745657]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.745681]  ? __kthread_parkme+0x82/0x180
[   12.745702]  ? preempt_count_sub+0x50/0x80
[   12.745740]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.745765]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.745799]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.745822]  kthread+0x337/0x6f0
[   12.745843]  ? trace_preempt_on+0x20/0xc0
[   12.745866]  ? __pfx_kthread+0x10/0x10
[   12.745887]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.745910]  ? calculate_sigpending+0x7b/0xa0
[   12.745934]  ? __pfx_kthread+0x10/0x10
[   12.745955]  ret_from_fork+0x116/0x1d0
[   12.745974]  ? __pfx_kthread+0x10/0x10
[   12.746015]  ret_from_fork_asm+0x1a/0x30
[   12.746046]  </TASK>
[   12.746056] 
[   12.755499] The buggy address belongs to the physical page:
[   12.755738] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102810
[   12.756103] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.756490] flags: 0x200000000000040(head|node=0|zone=2)
[   12.757183] page_type: f8(unknown)
[   12.757376] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.757711] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.758144] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.758579] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.758933] head: 0200000000000002 ffffea00040a0401 00000000ffffffff 00000000ffffffff
[   12.759252] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.759619] page dumped because: kasan: bad access detected
[   12.759953] 
[   12.760057] Memory state around the buggy address:
[   12.760289]  ffff888102811f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.760823]  ffff888102812000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.761266] >ffff888102812080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.761511]                                                              ^
[   12.761859]  ffff888102812100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.762502]  ffff888102812180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.762937] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

309aWYwhlSaX86OR0tyxd83BkVP

job_id

TEST:linaro@lkft#309abhHRloGo6mUcqoKlDU4ru3c

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/309abhHRloGo6mUcqoKlDU4ru3c

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aZB5NzMRrrXvciMs4oS7OUp5/bzImage
sha256sum	5de0322184970aef882697713de6fec8525f446885c5f985efe758dc3916b299

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/309aZB5NzMRrrXvciMs4oS7OUp5/modules.tar.xz
sha256sum	864aee9916a5d44816f3b48962b2c1a6fbaa1d2aa14a1b69233d00be09ee20a2

durations

tests

boot	0
kunit	226.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit