lkft/linux-next-master - next-20250718 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 18, 2025, 1:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   31.345100] ==================================================================
[   31.345157] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   31.345211] Write of size 1 at addr fff00000c8f61aeb by task kunit_try_catch/187
[   31.345258] 
[   31.345289] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.345369] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.345394] Hardware name: linux,dummy-virt (DT)
[   31.345424] Call trace:
[   31.345445]  show_stack+0x20/0x38 (C)
[   31.345491]  dump_stack_lvl+0x8c/0xd0
[   31.345537]  print_report+0x118/0x5e8
[   31.345579]  kasan_report+0xdc/0x128
[   31.345620]  __asan_report_store1_noabort+0x20/0x30
[   31.345667]  krealloc_more_oob_helper+0x60c/0x678
[   31.345715]  krealloc_more_oob+0x20/0x38
[   31.345759]  kunit_try_run_case+0x170/0x3f0
[   31.345803]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.345852]  kthread+0x328/0x630
[   31.345892]  ret_from_fork+0x10/0x20
[   31.345937] 
[   31.345955] Allocated by task 187:
[   31.345982]  kasan_save_stack+0x3c/0x68
[   31.346017]  kasan_save_track+0x20/0x40
[   31.346056]  kasan_save_alloc_info+0x40/0x58
[   31.346101]  __kasan_krealloc+0x118/0x178
[   31.346376]  krealloc_noprof+0x128/0x360
[   31.346424]  krealloc_more_oob_helper+0x168/0x678
[   31.346466]  krealloc_more_oob+0x20/0x38
[   31.346550]  kunit_try_run_case+0x170/0x3f0
[   31.346585]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.346625]  kthread+0x328/0x630
[   31.346656]  ret_from_fork+0x10/0x20
[   31.346692] 
[   31.346710] The buggy address belongs to the object at fff00000c8f61a00
[   31.346710]  which belongs to the cache kmalloc-256 of size 256
[   31.346779] The buggy address is located 0 bytes to the right of
[   31.346779]  allocated 235-byte region [fff00000c8f61a00, fff00000c8f61aeb)
[   31.346841] 
[   31.346860] The buggy address belongs to the physical page:
[   31.346892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f60
[   31.346942] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.346994] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.347043] page_type: f5(slab)
[   31.347089] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.347146] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.347193] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.347239] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.347286] head: 0bfffe0000000001 ffffc1ffc323d801 00000000ffffffff 00000000ffffffff
[   31.347340] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.347379] page dumped because: kasan: bad access detected
[   31.347407] 
[   31.347432] Memory state around the buggy address:
[   31.347462]  fff00000c8f61980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.347504]  fff00000c8f61a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.347554] >fff00000c8f61a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   31.347590]                                                           ^
[   31.347628]  fff00000c8f61b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.347669]  fff00000c8f61b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.347704] ==================================================================
[   31.412486] ==================================================================
[   31.412554] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   31.412636] Write of size 1 at addr fff00000c9b120eb by task kunit_try_catch/191
[   31.412877] 
[   31.412927] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.413189] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.413244] Hardware name: linux,dummy-virt (DT)
[   31.413303] Call trace:
[   31.413332]  show_stack+0x20/0x38 (C)
[   31.413385]  dump_stack_lvl+0x8c/0xd0
[   31.413607]  print_report+0x118/0x5e8
[   31.413806]  kasan_report+0xdc/0x128
[   31.413922]  __asan_report_store1_noabort+0x20/0x30
[   31.413971]  krealloc_more_oob_helper+0x60c/0x678
[   31.414180]  krealloc_large_more_oob+0x20/0x38
[   31.414249]  kunit_try_run_case+0x170/0x3f0
[   31.414454]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.414529]  kthread+0x328/0x630
[   31.414572]  ret_from_fork+0x10/0x20
[   31.414619] 
[   31.414668] The buggy address belongs to the physical page:
[   31.414798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10
[   31.414853] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.414899] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.415108] page_type: f8(unknown)
[   31.415188] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.415339] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.415532] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.415608] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.415739] head: 0bfffe0000000002 ffffc1ffc326c401 00000000ffffffff 00000000ffffffff
[   31.415805] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.415888] page dumped because: kasan: bad access detected
[   31.416055] 
[   31.416089] Memory state around the buggy address:
[   31.416278]  fff00000c9b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.416336]  fff00000c9b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.416453] >fff00000c9b12080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   31.416545]                                                           ^
[   31.416719]  fff00000c9b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.416793]  fff00000c9b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.416910] ==================================================================
[   31.349143] ==================================================================
[   31.349212] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   31.349277] Write of size 1 at addr fff00000c8f61af0 by task kunit_try_catch/187
[   31.349397] 
[   31.349445] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.349532] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.349607] Hardware name: linux,dummy-virt (DT)
[   31.349645] Call trace:
[   31.349666]  show_stack+0x20/0x38 (C)
[   31.349713]  dump_stack_lvl+0x8c/0xd0
[   31.349916]  print_report+0x118/0x5e8
[   31.350063]  kasan_report+0xdc/0x128
[   31.350202]  __asan_report_store1_noabort+0x20/0x30
[   31.350277]  krealloc_more_oob_helper+0x5c0/0x678
[   31.350354]  krealloc_more_oob+0x20/0x38
[   31.350446]  kunit_try_run_case+0x170/0x3f0
[   31.350512]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.350563]  kthread+0x328/0x630
[   31.350664]  ret_from_fork+0x10/0x20
[   31.350711] 
[   31.350730] Allocated by task 187:
[   31.350773]  kasan_save_stack+0x3c/0x68
[   31.350818]  kasan_save_track+0x20/0x40
[   31.351057]  kasan_save_alloc_info+0x40/0x58
[   31.351208]  __kasan_krealloc+0x118/0x178
[   31.351266]  krealloc_noprof+0x128/0x360
[   31.351323]  krealloc_more_oob_helper+0x168/0x678
[   31.351382]  krealloc_more_oob+0x20/0x38
[   31.351463]  kunit_try_run_case+0x170/0x3f0
[   31.351501]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.351557]  kthread+0x328/0x630
[   31.351606]  ret_from_fork+0x10/0x20
[   31.351693] 
[   31.351711] The buggy address belongs to the object at fff00000c8f61a00
[   31.351711]  which belongs to the cache kmalloc-256 of size 256
[   31.351797] The buggy address is located 5 bytes to the right of
[   31.351797]  allocated 235-byte region [fff00000c8f61a00, fff00000c8f61aeb)
[   31.352616] 
[   31.352654] The buggy address belongs to the physical page:
[   31.352686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108f60
[   31.352738] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.353064] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.353144] page_type: f5(slab)
[   31.353206] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.353365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.353452] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   31.353566] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.353641] head: 0bfffe0000000001 ffffc1ffc323d801 00000000ffffffff 00000000ffffffff
[   31.353973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.354036] page dumped because: kasan: bad access detected
[   31.354121] 
[   31.354182] Memory state around the buggy address:
[   31.354251]  fff00000c8f61980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.354305]  fff00000c8f61a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.354633] >fff00000c8f61a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   31.354675]                                                              ^
[   31.355062]  fff00000c8f61b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.355130]  fff00000c8f61b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.355251] ==================================================================
[   31.417815] ==================================================================
[   31.417891] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   31.417957] Write of size 1 at addr fff00000c9b120f0 by task kunit_try_catch/191
[   31.418093] 
[   31.418127] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.418215] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.418241] Hardware name: linux,dummy-virt (DT)
[   31.418270] Call trace:
[   31.418546]  show_stack+0x20/0x38 (C)
[   31.418624]  dump_stack_lvl+0x8c/0xd0
[   31.418671]  print_report+0x118/0x5e8
[   31.418715]  kasan_report+0xdc/0x128
[   31.418852]  __asan_report_store1_noabort+0x20/0x30
[   31.418930]  krealloc_more_oob_helper+0x5c0/0x678
[   31.418996]  krealloc_large_more_oob+0x20/0x38
[   31.419103]  kunit_try_run_case+0x170/0x3f0
[   31.419147]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.419211]  kthread+0x328/0x630
[   31.419505]  ret_from_fork+0x10/0x20
[   31.419586] 
[   31.419618] The buggy address belongs to the physical page:
[   31.419726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109b10
[   31.419818] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.420001] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.420139] page_type: f8(unknown)
[   31.420180] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.420427] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.420616] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.420691] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.420758] head: 0bfffe0000000002 ffffc1ffc326c401 00000000ffffffff 00000000ffffffff
[   31.420902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.421005] page dumped because: kasan: bad access detected
[   31.421037] 
[   31.421054] Memory state around the buggy address:
[   31.421389]  fff00000c9b11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.421716]  fff00000c9b12000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.421853] >fff00000c9b12080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   31.421935]                                                              ^
[   31.421994]  fff00000c9b12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.422265]  fff00000c9b12180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.422512] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3036v5IOku9kbGwPAxMzAEIc53c

job_id

TEST:linaro@lkft#3036zhqEIPBB9ZWiNqxrt9yzBCZ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3036zhqEIPBB9ZWiNqxrt9yzBCZ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036wEt97kKkGLPer9c9xRyYEUW/Image.gz
sha256sum	ef45bb451b92e0e364dae8f4a03204dbe06c728b275ab06b9f73ab6225c4cc39

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036wEt97kKkGLPer9c9xRyYEUW/modules.tar.xz
sha256sum	5b93974edad32ed66a90059bce180e27102c332dbf4de7f92fd7321ca4fe262a

durations

tests

boot	0
kunit	167.80

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   24.564470] ==================================================================
[   24.564877] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.565131] Write of size 1 at addr ffff888102b3e0eb by task kunit_try_catch/208
[   24.565467] 
[   24.565578] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.565627] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.565638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.565660] Call Trace:
[   24.565674]  <TASK>
[   24.565692]  dump_stack_lvl+0x73/0xb0
[   24.565723]  print_report+0xd1/0x640
[   24.565744]  ? __virt_addr_valid+0x1db/0x2d0
[   24.565832]  ? krealloc_more_oob_helper+0x821/0x930
[   24.565856]  ? kasan_addr_to_slab+0x11/0xa0
[   24.565875]  ? krealloc_more_oob_helper+0x821/0x930
[   24.565911]  kasan_report+0x141/0x180
[   24.565931]  ? krealloc_more_oob_helper+0x821/0x930
[   24.565958]  __asan_report_store1_noabort+0x1b/0x30
[   24.565981]  krealloc_more_oob_helper+0x821/0x930
[   24.566002]  ? __schedule+0x10da/0x2b60
[   24.566025]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.566048]  ? finish_task_switch.isra.0+0x153/0x700
[   24.566069]  ? __switch_to+0x47/0xf80
[   24.566094]  ? __schedule+0x10da/0x2b60
[   24.566115]  ? __pfx_read_tsc+0x10/0x10
[   24.566173]  krealloc_large_more_oob+0x1c/0x30
[   24.566205]  kunit_try_run_case+0x1a5/0x480
[   24.566229]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.566261]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.566294]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.566359]  ? __kthread_parkme+0x82/0x180
[   24.566379]  ? preempt_count_sub+0x50/0x80
[   24.566400]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.566433]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.566455]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.566476]  kthread+0x337/0x6f0
[   24.566528]  ? trace_preempt_on+0x20/0xc0
[   24.566554]  ? __pfx_kthread+0x10/0x10
[   24.566573]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.566618]  ? calculate_sigpending+0x7b/0xa0
[   24.566688]  ? __pfx_kthread+0x10/0x10
[   24.566709]  ret_from_fork+0x116/0x1d0
[   24.566728]  ? __pfx_kthread+0x10/0x10
[   24.566758]  ret_from_fork_asm+0x1a/0x30
[   24.566800]  </TASK>
[   24.566811] 
[   24.578064] The buggy address belongs to the physical page:
[   24.578465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3c
[   24.578753] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.579200] flags: 0x200000000000040(head|node=0|zone=2)
[   24.579374] page_type: f8(unknown)
[   24.579546] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.580000] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.580347] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.580660] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.580942] head: 0200000000000002 ffffea00040acf01 00000000ffffffff 00000000ffffffff
[   24.581313] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.581539] page dumped because: kasan: bad access detected
[   24.581794] 
[   24.582087] Memory state around the buggy address:
[   24.582341]  ffff888102b3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.582617]  ffff888102b3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.582963] >ffff888102b3e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.583288]                                                           ^
[   24.583535]  ffff888102b3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.583912]  ffff888102b3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.584197] ==================================================================
[   24.341210] ==================================================================
[   24.342798] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   24.343974] Write of size 1 at addr ffff888105937ceb by task kunit_try_catch/204
[   24.344224] 
[   24.344318] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.344369] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.344380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.344403] Call Trace:
[   24.344415]  <TASK>
[   24.344433]  dump_stack_lvl+0x73/0xb0
[   24.344468]  print_report+0xd1/0x640
[   24.344493]  ? __virt_addr_valid+0x1db/0x2d0
[   24.344520]  ? krealloc_more_oob_helper+0x821/0x930
[   24.344542]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.344569]  ? krealloc_more_oob_helper+0x821/0x930
[   24.344592]  kasan_report+0x141/0x180
[   24.344613]  ? krealloc_more_oob_helper+0x821/0x930
[   24.344640]  __asan_report_store1_noabort+0x1b/0x30
[   24.344664]  krealloc_more_oob_helper+0x821/0x930
[   24.344688]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.344709]  ? irqentry_exit+0x2a/0x60
[   24.344732]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.344760]  ? __pfx_krealloc_more_oob+0x10/0x10
[   24.344784]  krealloc_more_oob+0x1c/0x30
[   24.344804]  kunit_try_run_case+0x1a5/0x480
[   24.344830]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.344851]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.344884]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.344916]  ? __kthread_parkme+0x82/0x180
[   24.344936]  ? preempt_count_sub+0x50/0x80
[   24.344959]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.344981]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.345003]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.345025]  kthread+0x337/0x6f0
[   24.345044]  ? trace_preempt_on+0x20/0xc0
[   24.345068]  ? __pfx_kthread+0x10/0x10
[   24.345087]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.345118]  ? calculate_sigpending+0x7b/0xa0
[   24.345141]  ? __pfx_kthread+0x10/0x10
[   24.345161]  ret_from_fork+0x116/0x1d0
[   24.345208]  ? __pfx_kthread+0x10/0x10
[   24.345228]  ret_from_fork_asm+0x1a/0x30
[   24.345258]  </TASK>
[   24.345270] 
[   24.361648] Allocated by task 204:
[   24.362065]  kasan_save_stack+0x45/0x70
[   24.362551]  kasan_save_track+0x18/0x40
[   24.362879]  kasan_save_alloc_info+0x3b/0x50
[   24.363031]  __kasan_krealloc+0x190/0x1f0
[   24.363159]  krealloc_noprof+0xf3/0x340
[   24.363982]  krealloc_more_oob_helper+0x1a9/0x930
[   24.364635]  krealloc_more_oob+0x1c/0x30
[   24.365142]  kunit_try_run_case+0x1a5/0x480
[   24.365712]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.365988]  kthread+0x337/0x6f0
[   24.366163]  ret_from_fork+0x116/0x1d0
[   24.366347]  ret_from_fork_asm+0x1a/0x30
[   24.366527] 
[   24.366615] The buggy address belongs to the object at ffff888105937c00
[   24.366615]  which belongs to the cache kmalloc-256 of size 256
[   24.367098] The buggy address is located 0 bytes to the right of
[   24.367098]  allocated 235-byte region [ffff888105937c00, ffff888105937ceb)
[   24.367597] 
[   24.367684] The buggy address belongs to the physical page:
[   24.367912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105936
[   24.368884] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.369315] flags: 0x200000000000040(head|node=0|zone=2)
[   24.369702] page_type: f5(slab)
[   24.370155] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.370881] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.371231] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.371542] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.372410] head: 0200000000000001 ffffea0004164d81 00000000ffffffff 00000000ffffffff
[   24.373098] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.373649] page dumped because: kasan: bad access detected
[   24.374327] 
[   24.374430] Memory state around the buggy address:
[   24.374866]  ffff888105937b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.375167]  ffff888105937c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.375753] >ffff888105937c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.376280]                                                           ^
[   24.376553]  ffff888105937d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.377399]  ffff888105937d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.378139] ==================================================================
[   24.584615] ==================================================================
[   24.584942] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.585250] Write of size 1 at addr ffff888102b3e0f0 by task kunit_try_catch/208
[   24.585561] 
[   24.585647] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.585693] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.585704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.585726] Call Trace:
[   24.585744]  <TASK>
[   24.585759]  dump_stack_lvl+0x73/0xb0
[   24.585789]  print_report+0xd1/0x640
[   24.585810]  ? __virt_addr_valid+0x1db/0x2d0
[   24.585833]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.585855]  ? kasan_addr_to_slab+0x11/0xa0
[   24.585874]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.585897]  kasan_report+0x141/0x180
[   24.585918]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.585944]  __asan_report_store1_noabort+0x1b/0x30
[   24.585968]  krealloc_more_oob_helper+0x7eb/0x930
[   24.585989]  ? __schedule+0x10da/0x2b60
[   24.586012]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.586035]  ? finish_task_switch.isra.0+0x153/0x700
[   24.586055]  ? __switch_to+0x47/0xf80
[   24.586080]  ? __schedule+0x10da/0x2b60
[   24.586102]  ? __pfx_read_tsc+0x10/0x10
[   24.586125]  krealloc_large_more_oob+0x1c/0x30
[   24.586146]  kunit_try_run_case+0x1a5/0x480
[   24.586170]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.586201]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.586234]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.586265]  ? __kthread_parkme+0x82/0x180
[   24.586285]  ? preempt_count_sub+0x50/0x80
[   24.586307]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.586329]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.586352]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.586373]  kthread+0x337/0x6f0
[   24.586392]  ? trace_preempt_on+0x20/0xc0
[   24.586415]  ? __pfx_kthread+0x10/0x10
[   24.586434]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.586463]  ? calculate_sigpending+0x7b/0xa0
[   24.586486]  ? __pfx_kthread+0x10/0x10
[   24.586506]  ret_from_fork+0x116/0x1d0
[   24.586525]  ? __pfx_kthread+0x10/0x10
[   24.586544]  ret_from_fork_asm+0x1a/0x30
[   24.586575]  </TASK>
[   24.586586] 
[   24.594334] The buggy address belongs to the physical page:
[   24.594558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b3c
[   24.594992] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.595292] flags: 0x200000000000040(head|node=0|zone=2)
[   24.595505] page_type: f8(unknown)
[   24.595680] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.596023] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.596310] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.596812] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.597075] head: 0200000000000002 ffffea00040acf01 00000000ffffffff 00000000ffffffff
[   24.597416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.597709] page dumped because: kasan: bad access detected
[   24.597903] 
[   24.597966] Memory state around the buggy address:
[   24.598115]  ffff888102b3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.598412]  ffff888102b3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.598932] >ffff888102b3e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.599153]                                                              ^
[   24.599471]  ffff888102b3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.599778]  ffff888102b3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.600048] ==================================================================
[   24.379199] ==================================================================
[   24.379514] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   24.380038] Write of size 1 at addr ffff888105937cf0 by task kunit_try_catch/204
[   24.380716] 
[   24.381026] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.381080] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.381092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.381234] Call Trace:
[   24.381257]  <TASK>
[   24.381275]  dump_stack_lvl+0x73/0xb0
[   24.381311]  print_report+0xd1/0x640
[   24.381335]  ? __virt_addr_valid+0x1db/0x2d0
[   24.381359]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.381416]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.381441]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.381464]  kasan_report+0x141/0x180
[   24.381485]  ? krealloc_more_oob_helper+0x7eb/0x930
[   24.381512]  __asan_report_store1_noabort+0x1b/0x30
[   24.381535]  krealloc_more_oob_helper+0x7eb/0x930
[   24.381558]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   24.381580]  ? irqentry_exit+0x2a/0x60
[   24.381602]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   24.381631]  ? __pfx_krealloc_more_oob+0x10/0x10
[   24.381655]  krealloc_more_oob+0x1c/0x30
[   24.381675]  kunit_try_run_case+0x1a5/0x480
[   24.381699]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.381721]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.381755]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.381866]  ? __kthread_parkme+0x82/0x180
[   24.381889]  ? preempt_count_sub+0x50/0x80
[   24.381912]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.381934]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.381957]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.381979]  kthread+0x337/0x6f0
[   24.381997]  ? trace_preempt_on+0x20/0xc0
[   24.382020]  ? __pfx_kthread+0x10/0x10
[   24.382040]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.382069]  ? calculate_sigpending+0x7b/0xa0
[   24.382092]  ? __pfx_kthread+0x10/0x10
[   24.382113]  ret_from_fork+0x116/0x1d0
[   24.382132]  ? __pfx_kthread+0x10/0x10
[   24.382151]  ret_from_fork_asm+0x1a/0x30
[   24.382193]  </TASK>
[   24.382204] 
[   24.394127] Allocated by task 204:
[   24.394645]  kasan_save_stack+0x45/0x70
[   24.394898]  kasan_save_track+0x18/0x40
[   24.395233]  kasan_save_alloc_info+0x3b/0x50
[   24.395487]  __kasan_krealloc+0x190/0x1f0
[   24.395660]  krealloc_noprof+0xf3/0x340
[   24.396105]  krealloc_more_oob_helper+0x1a9/0x930
[   24.396404]  krealloc_more_oob+0x1c/0x30
[   24.396891]  kunit_try_run_case+0x1a5/0x480
[   24.397248]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.397498]  kthread+0x337/0x6f0
[   24.397659]  ret_from_fork+0x116/0x1d0
[   24.398066]  ret_from_fork_asm+0x1a/0x30
[   24.398522] 
[   24.398633] The buggy address belongs to the object at ffff888105937c00
[   24.398633]  which belongs to the cache kmalloc-256 of size 256
[   24.399609] The buggy address is located 5 bytes to the right of
[   24.399609]  allocated 235-byte region [ffff888105937c00, ffff888105937ceb)
[   24.400581] 
[   24.400842] The buggy address belongs to the physical page:
[   24.401098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105936
[   24.401430] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.401731] flags: 0x200000000000040(head|node=0|zone=2)
[   24.402285] page_type: f5(slab)
[   24.402585] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.403260] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.403711] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.404214] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.404534] head: 0200000000000001 ffffea0004164d81 00000000ffffffff 00000000ffffffff
[   24.405061] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.405564] page dumped because: kasan: bad access detected
[   24.405932] 
[   24.406160] Memory state around the buggy address:
[   24.406370]  ffff888105937b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.406667]  ffff888105937c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.407416] >ffff888105937c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.407898]                                                              ^
[   24.408236]  ffff888105937d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.408734]  ffff888105937d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.409273] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3036v5IOku9kbGwPAxMzAEIc53c

job_id

TEST:linaro@lkft#30370jamGaSAgcfW3PKLOLBtw8U

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30370jamGaSAgcfW3PKLOLBtw8U

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036xDpRrR5V90dzCJK3rrsTyNi/bzImage
sha256sum	fe25299d7ea64504487f8eb839cd1708aceb4f0c82b81f45634bb8a73b3edfa6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3036xDpRrR5V90dzCJK3rrsTyNi/modules.tar.xz
sha256sum	bb9109246fd36b7a8249a4772c2bee7e93157a7bc523efedb3b113d0ba7942ea

durations

tests

boot	0
kunit	224.21

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned