lkft/linux-next-master - next-20250616 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 16, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.036486] ==================================================================
[   19.036618] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.036775] Write of size 1 at addr fff00000c66160f0 by task kunit_try_catch/169
[   19.036971] 
[   19.037067] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.037324] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.037382] Hardware name: linux,dummy-virt (DT)
[   19.037452] Call trace:
[   19.037501]  show_stack+0x20/0x38 (C)
[   19.037600]  dump_stack_lvl+0x8c/0xd0
[   19.037706]  print_report+0x118/0x608
[   19.037802]  kasan_report+0xdc/0x128
[   19.037922]  __asan_report_store1_noabort+0x20/0x30
[   19.038049]  krealloc_more_oob_helper+0x5c0/0x678
[   19.038262]  krealloc_large_more_oob+0x20/0x38
[   19.038494]  kunit_try_run_case+0x170/0x3f0
[   19.038704]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.039481]  kthread+0x328/0x630
[   19.040196]  ret_from_fork+0x10/0x20
[   19.040416] 
[   19.040465] The buggy address belongs to the physical page:
[   19.041088] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614
[   19.041703] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.041957] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.042185] page_type: f8(unknown)
[   19.042713] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.042829] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.042956] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.043074] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.043200] head: 0bfffe0000000002 ffffc1ffc3198501 00000000ffffffff 00000000ffffffff
[   19.043417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.044350] page dumped because: kasan: bad access detected
[   19.045688] 
[   19.046039] Memory state around the buggy address:
[   19.046133]  fff00000c6615f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.046339]  fff00000c6616000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.046656] >fff00000c6616080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.047123]                                                              ^
[   19.047931]  fff00000c6616100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.048417]  fff00000c6616180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.048528] ==================================================================
[   19.027548] ==================================================================
[   19.027689] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.027821] Write of size 1 at addr fff00000c66160eb by task kunit_try_catch/169
[   19.028816] 
[   19.028917] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.029344] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.029400] Hardware name: linux,dummy-virt (DT)
[   19.029444] Call trace:
[   19.029475]  show_stack+0x20/0x38 (C)
[   19.029638]  dump_stack_lvl+0x8c/0xd0
[   19.029916]  print_report+0x118/0x608
[   19.030136]  kasan_report+0xdc/0x128
[   19.030354]  __asan_report_store1_noabort+0x20/0x30
[   19.030582]  krealloc_more_oob_helper+0x60c/0x678
[   19.030722]  krealloc_large_more_oob+0x20/0x38
[   19.030854]  kunit_try_run_case+0x170/0x3f0
[   19.030977]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.031090]  kthread+0x328/0x630
[   19.031176]  ret_from_fork+0x10/0x20
[   19.031492] 
[   19.031548] The buggy address belongs to the physical page:
[   19.031686] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614
[   19.031954] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.032164] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.032383] page_type: f8(unknown)
[   19.032744] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.032940] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.033143] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.033364] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.033665] head: 0bfffe0000000002 ffffc1ffc3198501 00000000ffffffff 00000000ffffffff
[   19.033845] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.033950] page dumped because: kasan: bad access detected
[   19.034026] 
[   19.034088] Memory state around the buggy address:
[   19.034207]  fff00000c6615f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.034364]  fff00000c6616000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.034474] >fff00000c6616080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.034571]                                                           ^
[   19.034674]  fff00000c6616100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.034786]  fff00000c6616180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.034898] ==================================================================
[   18.918450] ==================================================================
[   18.918567] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.918688] Write of size 1 at addr fff00000c604d0f0 by task kunit_try_catch/165
[   18.918814] 
[   18.918907] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   18.919120] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.919191] Hardware name: linux,dummy-virt (DT)
[   18.919266] Call trace:
[   18.919324]  show_stack+0x20/0x38 (C)
[   18.919446]  dump_stack_lvl+0x8c/0xd0
[   18.919560]  print_report+0x118/0x608
[   18.919673]  kasan_report+0xdc/0x128
[   18.919785]  __asan_report_store1_noabort+0x20/0x30
[   18.920359]  krealloc_more_oob_helper+0x5c0/0x678
[   18.920547]  krealloc_more_oob+0x20/0x38
[   18.920711]  kunit_try_run_case+0x170/0x3f0
[   18.920931]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.921353]  kthread+0x328/0x630
[   18.921463]  ret_from_fork+0x10/0x20
[   18.921703] 
[   18.921752] Allocated by task 165:
[   18.921903]  kasan_save_stack+0x3c/0x68
[   18.922132]  kasan_save_track+0x20/0x40
[   18.922333]  kasan_save_alloc_info+0x40/0x58
[   18.922649]  __kasan_krealloc+0x118/0x178
[   18.922743]  krealloc_noprof+0x128/0x360
[   18.922940]  krealloc_more_oob_helper+0x168/0x678
[   18.923237]  krealloc_more_oob+0x20/0x38
[   18.923418]  kunit_try_run_case+0x170/0x3f0
[   18.923623]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.923847]  kthread+0x328/0x630
[   18.924143]  ret_from_fork+0x10/0x20
[   18.924239] 
[   18.924358] The buggy address belongs to the object at fff00000c604d000
[   18.924358]  which belongs to the cache kmalloc-256 of size 256
[   18.924623] The buggy address is located 5 bytes to the right of
[   18.924623]  allocated 235-byte region [fff00000c604d000, fff00000c604d0eb)
[   18.924806] 
[   18.924866] The buggy address belongs to the physical page:
[   18.924944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604c
[   18.925081] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.925198] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.925332] page_type: f5(slab)
[   18.925429] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.925541] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.925670] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.926353] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.926535] head: 0bfffe0000000001 ffffc1ffc3181301 00000000ffffffff 00000000ffffffff
[   18.926695] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.926803] page dumped because: kasan: bad access detected
[   18.926894] 
[   18.926991] Memory state around the buggy address:
[   18.927092]  fff00000c604cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.927198]  fff00000c604d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.927293] >fff00000c604d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.927406]                                                              ^
[   18.927497]  fff00000c604d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.927581]  fff00000c604d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.927670] ==================================================================
[   18.904394] ==================================================================
[   18.904558] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.904953] Write of size 1 at addr fff00000c604d0eb by task kunit_try_catch/165
[   18.905354] 
[   18.905940] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   18.906323] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.906520] Hardware name: linux,dummy-virt (DT)
[   18.906717] Call trace:
[   18.906968]  show_stack+0x20/0x38 (C)
[   18.907108]  dump_stack_lvl+0x8c/0xd0
[   18.907476]  print_report+0x118/0x608
[   18.908052]  kasan_report+0xdc/0x128
[   18.908358]  __asan_report_store1_noabort+0x20/0x30
[   18.908540]  krealloc_more_oob_helper+0x60c/0x678
[   18.908709]  krealloc_more_oob+0x20/0x38
[   18.908894]  kunit_try_run_case+0x170/0x3f0
[   18.909047]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.909629]  kthread+0x328/0x630
[   18.909819]  ret_from_fork+0x10/0x20
[   18.910056] 
[   18.910111] Allocated by task 165:
[   18.910245]  kasan_save_stack+0x3c/0x68
[   18.910858]  kasan_save_track+0x20/0x40
[   18.911036]  kasan_save_alloc_info+0x40/0x58
[   18.911589]  __kasan_krealloc+0x118/0x178
[   18.912160]  krealloc_noprof+0x128/0x360
[   18.912310]  krealloc_more_oob_helper+0x168/0x678
[   18.912859]  krealloc_more_oob+0x20/0x38
[   18.912999]  kunit_try_run_case+0x170/0x3f0
[   18.913081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.913172]  kthread+0x328/0x630
[   18.913245]  ret_from_fork+0x10/0x20
[   18.913316] 
[   18.913360] The buggy address belongs to the object at fff00000c604d000
[   18.913360]  which belongs to the cache kmalloc-256 of size 256
[   18.913488] The buggy address is located 0 bytes to the right of
[   18.913488]  allocated 235-byte region [fff00000c604d000, fff00000c604d0eb)
[   18.913623] 
[   18.913665] The buggy address belongs to the physical page:
[   18.913740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604c
[   18.913901] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.914052] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.914217] page_type: f5(slab)
[   18.914336] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.914490] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.914697] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.914818] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.914959] head: 0bfffe0000000001 ffffc1ffc3181301 00000000ffffffff 00000000ffffffff
[   18.915088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.915203] page dumped because: kasan: bad access detected
[   18.915277] 
[   18.915323] Memory state around the buggy address:
[   18.915396]  fff00000c604cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.915491]  fff00000c604d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.915597] >fff00000c604d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.915702]                                                           ^
[   18.915826]  fff00000c604d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.915942]  fff00000c604d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.916034] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya0zPCLTsXcgMlhuwl4B74eGRP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya0zPCLTsXcgMlhuwl4B74eGRP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/Image.gz
sha256sum	a07f652b6ef2a3b23147f3c325e2115d921a305a0923eab0aef242be63afbe4f

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/modules.tar.xz
sha256sum	793787324999d0aa7d217eac21d3f904d0017c4f6b9bafdc8cd21afd90a18cf2

durations

tests

boot	0
kunit	252.96

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.178120] ==================================================================
[   11.178850] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.179115] Write of size 1 at addr ffff888102a8a0eb by task kunit_try_catch/185
[   11.179326] 
[   11.179467] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.179557] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.179582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.179617] Call Trace:
[   11.179872]  <TASK>
[   11.179910]  dump_stack_lvl+0x73/0xb0
[   11.180053]  print_report+0xd1/0x650
[   11.180076]  ? __virt_addr_valid+0x1db/0x2d0
[   11.180102]  ? krealloc_more_oob_helper+0x821/0x930
[   11.180125]  ? kasan_addr_to_slab+0x11/0xa0
[   11.180145]  ? krealloc_more_oob_helper+0x821/0x930
[   11.180167]  kasan_report+0x141/0x180
[   11.180188]  ? krealloc_more_oob_helper+0x821/0x930
[   11.180216]  __asan_report_store1_noabort+0x1b/0x30
[   11.180239]  krealloc_more_oob_helper+0x821/0x930
[   11.180260]  ? __schedule+0x10cc/0x2b60
[   11.180282]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.180305]  ? finish_task_switch.isra.0+0x153/0x700
[   11.180327]  ? __switch_to+0x47/0xf50
[   11.180353]  ? __schedule+0x10cc/0x2b60
[   11.180372]  ? __pfx_read_tsc+0x10/0x10
[   11.180462]  krealloc_large_more_oob+0x1c/0x30
[   11.180486]  kunit_try_run_case+0x1a5/0x480
[   11.180511]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.180532]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.180554]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.180575]  ? __kthread_parkme+0x82/0x180
[   11.180595]  ? preempt_count_sub+0x50/0x80
[   11.180617]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.180639]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.180661]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.180682]  kthread+0x337/0x6f0
[   11.180701]  ? trace_preempt_on+0x20/0xc0
[   11.180725]  ? __pfx_kthread+0x10/0x10
[   11.180745]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.180764]  ? calculate_sigpending+0x7b/0xa0
[   11.180788]  ? __pfx_kthread+0x10/0x10
[   11.180808]  ret_from_fork+0x116/0x1d0
[   11.180825]  ? __pfx_kthread+0x10/0x10
[   11.180845]  ret_from_fork_asm+0x1a/0x30
[   11.180875]  </TASK>
[   11.180886] 
[   11.196021] The buggy address belongs to the physical page:
[   11.196198] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88
[   11.196432] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.196644] flags: 0x200000000000040(head|node=0|zone=2)
[   11.196974] page_type: f8(unknown)
[   11.197174] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.197457] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.197730] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.198105] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.198405] head: 0200000000000002 ffffea00040aa201 00000000ffffffff 00000000ffffffff
[   11.198716] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.199156] page dumped because: kasan: bad access detected
[   11.199381] 
[   11.199789] Memory state around the buggy address:
[   11.200005]  ffff888102a89f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.200283]  ffff888102a8a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.201274] >ffff888102a8a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.201947]                                                           ^
[   11.202464]  ffff888102a8a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.202981]  ffff888102a8a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.203266] ==================================================================
[   10.976287] ==================================================================
[   10.976860] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.977118] Write of size 1 at addr ffff8881003352eb by task kunit_try_catch/181
[   10.977332] 
[   10.977482] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   10.977529] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.977540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.977559] Call Trace:
[   10.977571]  <TASK>
[   10.977587]  dump_stack_lvl+0x73/0xb0
[   10.977616]  print_report+0xd1/0x650
[   10.977637]  ? __virt_addr_valid+0x1db/0x2d0
[   10.977660]  ? krealloc_more_oob_helper+0x821/0x930
[   10.977688]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.977709]  ? krealloc_more_oob_helper+0x821/0x930
[   10.977735]  kasan_report+0x141/0x180
[   10.977768]  ? krealloc_more_oob_helper+0x821/0x930
[   10.977795]  __asan_report_store1_noabort+0x1b/0x30
[   10.977817]  krealloc_more_oob_helper+0x821/0x930
[   10.977851]  ? __schedule+0x10cc/0x2b60
[   10.977871]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.977894]  ? finish_task_switch.isra.0+0x153/0x700
[   10.977915]  ? __switch_to+0x47/0xf50
[   10.977949]  ? __schedule+0x10cc/0x2b60
[   10.977969]  ? __pfx_read_tsc+0x10/0x10
[   10.977993]  krealloc_more_oob+0x1c/0x30
[   10.978013]  kunit_try_run_case+0x1a5/0x480
[   10.978038]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.978058]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.978079]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.978100]  ? __kthread_parkme+0x82/0x180
[   10.978120]  ? preempt_count_sub+0x50/0x80
[   10.978141]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.978163]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.978194]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.978216]  kthread+0x337/0x6f0
[   10.978234]  ? trace_preempt_on+0x20/0xc0
[   10.978268]  ? __pfx_kthread+0x10/0x10
[   10.978288]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.978307]  ? calculate_sigpending+0x7b/0xa0
[   10.978330]  ? __pfx_kthread+0x10/0x10
[   10.978351]  ret_from_fork+0x116/0x1d0
[   10.978369]  ? __pfx_kthread+0x10/0x10
[   10.978416]  ret_from_fork_asm+0x1a/0x30
[   10.978446]  </TASK>
[   10.978456] 
[   10.992586] Allocated by task 181:
[   10.992714]  kasan_save_stack+0x45/0x70
[   10.992850]  kasan_save_track+0x18/0x40
[   10.992987]  kasan_save_alloc_info+0x3b/0x50
[   10.993129]  __kasan_krealloc+0x190/0x1f0
[   10.993259]  krealloc_noprof+0xf3/0x340
[   10.993387]  krealloc_more_oob_helper+0x1a9/0x930
[   10.993538]  krealloc_more_oob+0x1c/0x30
[   10.993667]  kunit_try_run_case+0x1a5/0x480
[   10.993810]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.994794]  kthread+0x337/0x6f0
[   10.994978]  ret_from_fork+0x116/0x1d0
[   10.995112]  ret_from_fork_asm+0x1a/0x30
[   10.995246] 
[   10.995314] The buggy address belongs to the object at ffff888100335200
[   10.995314]  which belongs to the cache kmalloc-256 of size 256
[   10.995941] The buggy address is located 0 bytes to the right of
[   10.995941]  allocated 235-byte region [ffff888100335200, ffff8881003352eb)
[   10.996550] 
[   10.996656] The buggy address belongs to the physical page:
[   10.996921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100334
[   10.997292] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.997602] flags: 0x200000000000040(head|node=0|zone=2)
[   10.997781] page_type: f5(slab)
[   10.997901] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.998244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.998654] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.998879] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.999131] head: 0200000000000001 ffffea000400cd01 00000000ffffffff 00000000ffffffff
[   10.999538] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.999864] page dumped because: kasan: bad access detected
[   11.000102] 
[   11.000177] Memory state around the buggy address:
[   11.000329]  ffff888100335180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.000660]  ffff888100335200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.000975] >ffff888100335280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.001438]                                                           ^
[   11.001715]  ffff888100335300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.001998]  ffff888100335380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.002327] ==================================================================
[   11.204678] ==================================================================
[   11.204983] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.205301] Write of size 1 at addr ffff888102a8a0f0 by task kunit_try_catch/185
[   11.205915] 
[   11.206478] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.206530] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.206555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.206573] Call Trace:
[   11.206590]  <TASK>
[   11.206637]  dump_stack_lvl+0x73/0xb0
[   11.206669]  print_report+0xd1/0x650
[   11.206691]  ? __virt_addr_valid+0x1db/0x2d0
[   11.206716]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.206738]  ? kasan_addr_to_slab+0x11/0xa0
[   11.206758]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.206781]  kasan_report+0x141/0x180
[   11.206801]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.206828]  __asan_report_store1_noabort+0x1b/0x30
[   11.206851]  krealloc_more_oob_helper+0x7eb/0x930
[   11.206872]  ? __schedule+0x10cc/0x2b60
[   11.206893]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.206916]  ? finish_task_switch.isra.0+0x153/0x700
[   11.206948]  ? __switch_to+0x47/0xf50
[   11.206973]  ? __schedule+0x10cc/0x2b60
[   11.206994]  ? __pfx_read_tsc+0x10/0x10
[   11.207018]  krealloc_large_more_oob+0x1c/0x30
[   11.207039]  kunit_try_run_case+0x1a5/0x480
[   11.207062]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.207083]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.207104]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.207125]  ? __kthread_parkme+0x82/0x180
[   11.207145]  ? preempt_count_sub+0x50/0x80
[   11.207166]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.207188]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.207210]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.207231]  kthread+0x337/0x6f0
[   11.207250]  ? trace_preempt_on+0x20/0xc0
[   11.207273]  ? __pfx_kthread+0x10/0x10
[   11.207293]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.207312]  ? calculate_sigpending+0x7b/0xa0
[   11.207336]  ? __pfx_kthread+0x10/0x10
[   11.207356]  ret_from_fork+0x116/0x1d0
[   11.207374]  ? __pfx_kthread+0x10/0x10
[   11.207406]  ret_from_fork_asm+0x1a/0x30
[   11.207436]  </TASK>
[   11.207447] 
[   11.219695] The buggy address belongs to the physical page:
[   11.220053] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88
[   11.220355] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.221036] flags: 0x200000000000040(head|node=0|zone=2)
[   11.221509] page_type: f8(unknown)
[   11.221724] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.222045] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.222348] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.222945] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.223544] head: 0200000000000002 ffffea00040aa201 00000000ffffffff 00000000ffffffff
[   11.223989] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.224292] page dumped because: kasan: bad access detected
[   11.224914] 
[   11.225180] Memory state around the buggy address:
[   11.225520]  ffff888102a89f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.226160]  ffff888102a8a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.226645] >ffff888102a8a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.227071]                                                              ^
[   11.227345]  ffff888102a8a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.227857]  ffff888102a8a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.228156] ==================================================================
[   11.004734] ==================================================================
[   11.005059] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.005963] Write of size 1 at addr ffff8881003352f0 by task kunit_try_catch/181
[   11.006405] 
[   11.006749] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.006800] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.006811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.006829] Call Trace:
[   11.006840]  <TASK>
[   11.006855]  dump_stack_lvl+0x73/0xb0
[   11.006885]  print_report+0xd1/0x650
[   11.006906]  ? __virt_addr_valid+0x1db/0x2d0
[   11.006928]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.006962]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.006982]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.007004]  kasan_report+0x141/0x180
[   11.007026]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.007052]  __asan_report_store1_noabort+0x1b/0x30
[   11.007075]  krealloc_more_oob_helper+0x7eb/0x930
[   11.007096]  ? __schedule+0x10cc/0x2b60
[   11.007116]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.007139]  ? finish_task_switch.isra.0+0x153/0x700
[   11.007160]  ? __switch_to+0x47/0xf50
[   11.007185]  ? __schedule+0x10cc/0x2b60
[   11.007204]  ? __pfx_read_tsc+0x10/0x10
[   11.007228]  krealloc_more_oob+0x1c/0x30
[   11.007247]  kunit_try_run_case+0x1a5/0x480
[   11.007269]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.007289]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.007310]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.007332]  ? __kthread_parkme+0x82/0x180
[   11.007351]  ? preempt_count_sub+0x50/0x80
[   11.007372]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.007405]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.007427]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.007448]  kthread+0x337/0x6f0
[   11.007466]  ? trace_preempt_on+0x20/0xc0
[   11.007488]  ? __pfx_kthread+0x10/0x10
[   11.007508]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.007528]  ? calculate_sigpending+0x7b/0xa0
[   11.007550]  ? __pfx_kthread+0x10/0x10
[   11.007570]  ret_from_fork+0x116/0x1d0
[   11.007587]  ? __pfx_kthread+0x10/0x10
[   11.007607]  ret_from_fork_asm+0x1a/0x30
[   11.007636]  </TASK>
[   11.007647] 
[   11.018253] Allocated by task 181:
[   11.018809]  kasan_save_stack+0x45/0x70
[   11.019026]  kasan_save_track+0x18/0x40
[   11.019335]  kasan_save_alloc_info+0x3b/0x50
[   11.019913]  __kasan_krealloc+0x190/0x1f0
[   11.020208]  krealloc_noprof+0xf3/0x340
[   11.020374]  krealloc_more_oob_helper+0x1a9/0x930
[   11.020869]  krealloc_more_oob+0x1c/0x30
[   11.021192]  kunit_try_run_case+0x1a5/0x480
[   11.021573]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.021831]  kthread+0x337/0x6f0
[   11.021997]  ret_from_fork+0x116/0x1d0
[   11.022166]  ret_from_fork_asm+0x1a/0x30
[   11.022342] 
[   11.022809] The buggy address belongs to the object at ffff888100335200
[   11.022809]  which belongs to the cache kmalloc-256 of size 256
[   11.023386] The buggy address is located 5 bytes to the right of
[   11.023386]  allocated 235-byte region [ffff888100335200, ffff8881003352eb)
[   11.024151] 
[   11.024235] The buggy address belongs to the physical page:
[   11.024866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100334
[   11.025350] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.025886] flags: 0x200000000000040(head|node=0|zone=2)
[   11.026137] page_type: f5(slab)
[   11.026288] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.027285] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.028024] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.028585] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.028894] head: 0200000000000001 ffffea000400cd01 00000000ffffffff 00000000ffffffff
[   11.029205] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.029855] page dumped because: kasan: bad access detected
[   11.030335] 
[   11.030672] Memory state around the buggy address:
[   11.031137]  ffff888100335180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.031747]  ffff888100335200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.032048] >ffff888100335280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.032332]                                                              ^
[   11.032899]  ffff888100335300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.033530]  ffff888100335380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.033833] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya10TrtOeZqMJoigZUQQpnbsgW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya10TrtOeZqMJoigZUQQpnbsgW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/bzImage
sha256sum	4d3d55ec68ee13601f4cba6535beaaa179877198316f6d49c7d2754d39d25d99

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/modules.tar.xz
sha256sum	6a0e4a1142b545d837c764528373cb157bd626a8fd062931e1825203c7bce58f

durations

tests

boot	0
kunit	134.01

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit