lkft/sashal-linus-next - v6.13-rc7-43108-gb6b7fc407c99 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 1, 2025, 12:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.273717] ==================================================================
[   17.273830] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.274016] Write of size 1 at addr fff00000c663a0f0 by task kunit_try_catch/160
[   17.274070] 
[   17.274156] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.274246] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.274340] Hardware name: linux,dummy-virt (DT)
[   17.274375] Call trace:
[   17.274396]  show_stack+0x20/0x38 (C)
[   17.274473]  dump_stack_lvl+0x8c/0xd0
[   17.274735]  print_report+0x118/0x608
[   17.274913]  kasan_report+0xdc/0x128
[   17.275143]  __asan_report_store1_noabort+0x20/0x30
[   17.275525]  krealloc_more_oob_helper+0x5c0/0x678
[   17.275584]  krealloc_large_more_oob+0x20/0x38
[   17.276117]  kunit_try_run_case+0x170/0x3f0
[   17.276236]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.276473]  kthread+0x328/0x630
[   17.276525]  ret_from_fork+0x10/0x20
[   17.276808] 
[   17.276994] The buggy address belongs to the physical page:
[   17.277156] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106638
[   17.277403] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.277471] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.277821] page_type: f8(unknown)
[   17.277978] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.278234] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.278549] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.278813] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.279234] head: 0bfffe0000000002 ffffc1ffc3198e01 00000000ffffffff 00000000ffffffff
[   17.279313] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.279356] page dumped because: kasan: bad access detected
[   17.279552] 
[   17.279602] Memory state around the buggy address:
[   17.279656]  fff00000c6639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.279870]  fff00000c663a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.279922] >fff00000c663a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.280122]                                                              ^
[   17.280269]  fff00000c663a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.280476]  fff00000c663a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.280674] ==================================================================
[   17.261294] ==================================================================
[   17.261354] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.261409] Write of size 1 at addr fff00000c663a0eb by task kunit_try_catch/160
[   17.261475] 
[   17.261509] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.261588] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.261614] Hardware name: linux,dummy-virt (DT)
[   17.261646] Call trace:
[   17.261668]  show_stack+0x20/0x38 (C)
[   17.261785]  dump_stack_lvl+0x8c/0xd0
[   17.261847]  print_report+0x118/0x608
[   17.261894]  kasan_report+0xdc/0x128
[   17.261948]  __asan_report_store1_noabort+0x20/0x30
[   17.262005]  krealloc_more_oob_helper+0x60c/0x678
[   17.262053]  krealloc_large_more_oob+0x20/0x38
[   17.262100]  kunit_try_run_case+0x170/0x3f0
[   17.262148]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.262200]  kthread+0x328/0x630
[   17.262249]  ret_from_fork+0x10/0x20
[   17.262302] 
[   17.262322] The buggy address belongs to the physical page:
[   17.262355] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106638
[   17.262409] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.263910] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.264037] page_type: f8(unknown)
[   17.264281] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.264345] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.264436] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.264993] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.265062] head: 0bfffe0000000002 ffffc1ffc3198e01 00000000ffffffff 00000000ffffffff
[   17.265187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.265595] page dumped because: kasan: bad access detected
[   17.265789] 
[   17.265928] Memory state around the buggy address:
[   17.266066]  fff00000c6639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.266130]  fff00000c663a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.266532] >fff00000c663a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.266692]                                                           ^
[   17.266751]  fff00000c663a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.267137]  fff00000c663a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.267259] ==================================================================
[   17.192532] ==================================================================
[   17.192689] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.192809] Write of size 1 at addr fff00000c46ffaf0 by task kunit_try_catch/156
[   17.192905] 
[   17.193043] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.193122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.193147] Hardware name: linux,dummy-virt (DT)
[   17.193186] Call trace:
[   17.193207]  show_stack+0x20/0x38 (C)
[   17.193299]  dump_stack_lvl+0x8c/0xd0
[   17.193364]  print_report+0x118/0x608
[   17.193462]  kasan_report+0xdc/0x128
[   17.193509]  __asan_report_store1_noabort+0x20/0x30
[   17.193672]  krealloc_more_oob_helper+0x5c0/0x678
[   17.193877]  krealloc_more_oob+0x20/0x38
[   17.193971]  kunit_try_run_case+0x170/0x3f0
[   17.194056]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.194108]  kthread+0x328/0x630
[   17.194239]  ret_from_fork+0x10/0x20
[   17.194315] 
[   17.194334] Allocated by task 156:
[   17.194360]  kasan_save_stack+0x3c/0x68
[   17.194437]  kasan_save_track+0x20/0x40
[   17.194514]  kasan_save_alloc_info+0x40/0x58
[   17.194561]  __kasan_krealloc+0x118/0x178
[   17.194616]  krealloc_noprof+0x128/0x360
[   17.194653]  krealloc_more_oob_helper+0x168/0x678
[   17.194691]  krealloc_more_oob+0x20/0x38
[   17.194998]  kunit_try_run_case+0x170/0x3f0
[   17.195059]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.195636]  kthread+0x328/0x630
[   17.195690]  ret_from_fork+0x10/0x20
[   17.195753] 
[   17.195772] The buggy address belongs to the object at fff00000c46ffa00
[   17.195772]  which belongs to the cache kmalloc-256 of size 256
[   17.196181] The buggy address is located 5 bytes to the right of
[   17.196181]  allocated 235-byte region [fff00000c46ffa00, fff00000c46ffaeb)
[   17.196253] 
[   17.196272] The buggy address belongs to the physical page:
[   17.196389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046fe
[   17.196467] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.196515] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.196626] page_type: f5(slab)
[   17.196665] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.196714] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.196923] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.197021] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.197102] head: 0bfffe0000000001 ffffc1ffc311bf81 00000000ffffffff 00000000ffffffff
[   17.197547] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.197687] page dumped because: kasan: bad access detected
[   17.197838] 
[   17.197856] Memory state around the buggy address:
[   17.197887]  fff00000c46ff980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.198300]  fff00000c46ffa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.198854] >fff00000c46ffa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.198961]                                                              ^
[   17.199085]  fff00000c46ffb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.199156]  fff00000c46ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.199194] ==================================================================
[   17.185322] ==================================================================
[   17.185382] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.185434] Write of size 1 at addr fff00000c46ffaeb by task kunit_try_catch/156
[   17.185496] 
[   17.185527] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.185607] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.185759] Hardware name: linux,dummy-virt (DT)
[   17.185801] Call trace:
[   17.185823]  show_stack+0x20/0x38 (C)
[   17.185873]  dump_stack_lvl+0x8c/0xd0
[   17.186120]  print_report+0x118/0x608
[   17.186216]  kasan_report+0xdc/0x128
[   17.186294]  __asan_report_store1_noabort+0x20/0x30
[   17.186378]  krealloc_more_oob_helper+0x60c/0x678
[   17.186494]  krealloc_more_oob+0x20/0x38
[   17.186569]  kunit_try_run_case+0x170/0x3f0
[   17.186761]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.187190]  kthread+0x328/0x630
[   17.187334]  ret_from_fork+0x10/0x20
[   17.187434] 
[   17.187594] Allocated by task 156:
[   17.187685]  kasan_save_stack+0x3c/0x68
[   17.187846]  kasan_save_track+0x20/0x40
[   17.187884]  kasan_save_alloc_info+0x40/0x58
[   17.187933]  __kasan_krealloc+0x118/0x178
[   17.187971]  krealloc_noprof+0x128/0x360
[   17.188834]  krealloc_more_oob_helper+0x168/0x678
[   17.188948]  krealloc_more_oob+0x20/0x38
[   17.189066]  kunit_try_run_case+0x170/0x3f0
[   17.189160]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.189204]  kthread+0x328/0x630
[   17.189597]  ret_from_fork+0x10/0x20
[   17.189724] 
[   17.189840] The buggy address belongs to the object at fff00000c46ffa00
[   17.189840]  which belongs to the cache kmalloc-256 of size 256
[   17.189988] The buggy address is located 0 bytes to the right of
[   17.189988]  allocated 235-byte region [fff00000c46ffa00, fff00000c46ffaeb)
[   17.190129] 
[   17.190266] The buggy address belongs to the physical page:
[   17.190353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046fe
[   17.190409] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.190474] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.190527] page_type: f5(slab)
[   17.190565] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.190629] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.190681] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.190737] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.190796] head: 0bfffe0000000001 ffffc1ffc311bf81 00000000ffffffff 00000000ffffffff
[   17.190854] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.190924] page dumped because: kasan: bad access detected
[   17.190991] 
[   17.191009] Memory state around the buggy address:
[   17.191040]  fff00000c46ff980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.191323]  fff00000c46ffa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.191457] >fff00000c46ffa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.191498]                                                           ^
[   17.191575]  fff00000c46ffb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.191654]  fff00000c46ffb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.191693] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zFZ7AA8ZD9Hxk7VnRiY3mXiAkW

job_id

TEST:linaro@lkft#2zFZAgR4HGSChCPu8KuJLPt15ei

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zFZAgR4HGSChCPu8KuJLPt15ei

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/Image.gz
sha256sum	f21f2f7031b771bca830a5b3afef9252dc911b1937cfdab3c3cb3770ee1dfdef

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8Eq0rkowvxSWbsvfUT0ci3V/modules.tar.xz
sha256sum	373376c87789d93a6bf9062ae250416e65b9f0b18e5cf538a39cc351f73c170d

durations

tests

boot	0
kunit	175.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.096693] ==================================================================
[   11.097057] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.097527] Write of size 1 at addr ffff8881003410f0 by task kunit_try_catch/173
[   11.097777] 
[   11.097861] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.097899] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.097911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.097930] Call Trace:
[   11.097943]  <TASK>
[   11.097955]  dump_stack_lvl+0x73/0xb0
[   11.097981]  print_report+0xd1/0x650
[   11.098002]  ? __virt_addr_valid+0x1db/0x2d0
[   11.098037]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.098110]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.098133]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.098155]  kasan_report+0x141/0x180
[   11.098177]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.098204]  __asan_report_store1_noabort+0x1b/0x30
[   11.098224]  krealloc_more_oob_helper+0x7eb/0x930
[   11.098245]  ? __schedule+0x10cc/0x2b60
[   11.098266]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.098290]  ? finish_task_switch.isra.0+0x153/0x700
[   11.098310]  ? __switch_to+0x47/0xf50
[   11.098334]  ? __schedule+0x10cc/0x2b60
[   11.098354]  ? __pfx_read_tsc+0x10/0x10
[   11.098377]  krealloc_more_oob+0x1c/0x30
[   11.098397]  kunit_try_run_case+0x1a5/0x480
[   11.098420]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.098441]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.098461]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.098482]  ? __kthread_parkme+0x82/0x180
[   11.098501]  ? preempt_count_sub+0x50/0x80
[   11.098522]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.098544]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.098565]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.098587]  kthread+0x337/0x6f0
[   11.098605]  ? trace_preempt_on+0x20/0xc0
[   11.098627]  ? __pfx_kthread+0x10/0x10
[   11.098646]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.098666]  ? calculate_sigpending+0x7b/0xa0
[   11.098688]  ? __pfx_kthread+0x10/0x10
[   11.098709]  ret_from_fork+0x116/0x1d0
[   11.098726]  ? __pfx_kthread+0x10/0x10
[   11.098745]  ret_from_fork_asm+0x1a/0x30
[   11.098773]  </TASK>
[   11.098784] 
[   11.106728] Allocated by task 173:
[   11.107060]  kasan_save_stack+0x45/0x70
[   11.107501]  kasan_save_track+0x18/0x40
[   11.107905]  kasan_save_alloc_info+0x3b/0x50
[   11.108167]  __kasan_krealloc+0x190/0x1f0
[   11.108307]  krealloc_noprof+0xf3/0x340
[   11.108440]  krealloc_more_oob_helper+0x1a9/0x930
[   11.108595]  krealloc_more_oob+0x1c/0x30
[   11.108731]  kunit_try_run_case+0x1a5/0x480
[   11.108873]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.109403]  kthread+0x337/0x6f0
[   11.109589]  ret_from_fork+0x116/0x1d0
[   11.109784]  ret_from_fork_asm+0x1a/0x30
[   11.109984] 
[   11.110193] The buggy address belongs to the object at ffff888100341000
[   11.110193]  which belongs to the cache kmalloc-256 of size 256
[   11.110750] The buggy address is located 5 bytes to the right of
[   11.110750]  allocated 235-byte region [ffff888100341000, ffff8881003410eb)
[   11.111423] 
[   11.111500] The buggy address belongs to the physical page:
[   11.111679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   11.112040] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.112615] flags: 0x200000000000040(head|node=0|zone=2)
[   11.112792] page_type: f5(slab)
[   11.112910] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.113426] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.113940] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.114344] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.114579] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   11.114809] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.115539] page dumped because: kasan: bad access detected
[   11.116459] 
[   11.116648] Memory state around the buggy address:
[   11.117382]  ffff888100340f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.118246]  ffff888100341000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.119103] >ffff888100341080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.119975]                                                              ^
[   11.120790]  ffff888100341100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.121580]  ffff888100341180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.121807] ==================================================================
[   11.075181] ==================================================================
[   11.075619] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.075939] Write of size 1 at addr ffff8881003410eb by task kunit_try_catch/173
[   11.076298] 
[   11.076391] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.076433] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.076445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.076465] Call Trace:
[   11.076476]  <TASK>
[   11.076492]  dump_stack_lvl+0x73/0xb0
[   11.076520]  print_report+0xd1/0x650
[   11.076541]  ? __virt_addr_valid+0x1db/0x2d0
[   11.076563]  ? krealloc_more_oob_helper+0x821/0x930
[   11.076585]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.076605]  ? krealloc_more_oob_helper+0x821/0x930
[   11.076628]  kasan_report+0x141/0x180
[   11.076648]  ? krealloc_more_oob_helper+0x821/0x930
[   11.076676]  __asan_report_store1_noabort+0x1b/0x30
[   11.076696]  krealloc_more_oob_helper+0x821/0x930
[   11.076719]  ? __schedule+0x10cc/0x2b60
[   11.076742]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.076766]  ? finish_task_switch.isra.0+0x153/0x700
[   11.076788]  ? __switch_to+0x47/0xf50
[   11.076813]  ? __schedule+0x10cc/0x2b60
[   11.076833]  ? __pfx_read_tsc+0x10/0x10
[   11.076857]  krealloc_more_oob+0x1c/0x30
[   11.076877]  kunit_try_run_case+0x1a5/0x480
[   11.076902]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.076923]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.076946]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.076969]  ? __kthread_parkme+0x82/0x180
[   11.076989]  ? preempt_count_sub+0x50/0x80
[   11.077010]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.077044]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.077066]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.077088]  kthread+0x337/0x6f0
[   11.077106]  ? trace_preempt_on+0x20/0xc0
[   11.077129]  ? __pfx_kthread+0x10/0x10
[   11.077159]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.077178]  ? calculate_sigpending+0x7b/0xa0
[   11.077202]  ? __pfx_kthread+0x10/0x10
[   11.077222]  ret_from_fork+0x116/0x1d0
[   11.077239]  ? __pfx_kthread+0x10/0x10
[   11.077258]  ret_from_fork_asm+0x1a/0x30
[   11.077288]  </TASK>
[   11.077299] 
[   11.085657] Allocated by task 173:
[   11.085835]  kasan_save_stack+0x45/0x70
[   11.085985]  kasan_save_track+0x18/0x40
[   11.086183]  kasan_save_alloc_info+0x3b/0x50
[   11.086459]  __kasan_krealloc+0x190/0x1f0
[   11.086608]  krealloc_noprof+0xf3/0x340
[   11.086744]  krealloc_more_oob_helper+0x1a9/0x930
[   11.086970]  krealloc_more_oob+0x1c/0x30
[   11.087178]  kunit_try_run_case+0x1a5/0x480
[   11.087332]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.087507]  kthread+0x337/0x6f0
[   11.087761]  ret_from_fork+0x116/0x1d0
[   11.087957]  ret_from_fork_asm+0x1a/0x30
[   11.088245] 
[   11.088351] The buggy address belongs to the object at ffff888100341000
[   11.088351]  which belongs to the cache kmalloc-256 of size 256
[   11.088871] The buggy address is located 0 bytes to the right of
[   11.088871]  allocated 235-byte region [ffff888100341000, ffff8881003410eb)
[   11.089528] 
[   11.089631] The buggy address belongs to the physical page:
[   11.089889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   11.090145] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.090373] flags: 0x200000000000040(head|node=0|zone=2)
[   11.090557] page_type: f5(slab)
[   11.090721] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.091074] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.091690] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.091929] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.092535] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   11.092930] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.093510] page dumped because: kasan: bad access detected
[   11.093746] 
[   11.093829] Memory state around the buggy address:
[   11.094109]  ffff888100340f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.094494]  ffff888100341000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.094779] >ffff888100341080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.095002]                                                           ^
[   11.095216]  ffff888100341100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.095455]  ffff888100341180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.095814] ==================================================================
[   11.267814] ==================================================================
[   11.268894] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.269752] Write of size 1 at addr ffff8881029ba0eb by task kunit_try_catch/177
[   11.270417] 
[   11.270536] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.270580] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.270592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.270612] Call Trace:
[   11.270625]  <TASK>
[   11.270639]  dump_stack_lvl+0x73/0xb0
[   11.270668]  print_report+0xd1/0x650
[   11.270691]  ? __virt_addr_valid+0x1db/0x2d0
[   11.270714]  ? krealloc_more_oob_helper+0x821/0x930
[   11.270736]  ? kasan_addr_to_slab+0x11/0xa0
[   11.270756]  ? krealloc_more_oob_helper+0x821/0x930
[   11.270779]  kasan_report+0x141/0x180
[   11.270800]  ? krealloc_more_oob_helper+0x821/0x930
[   11.270827]  __asan_report_store1_noabort+0x1b/0x30
[   11.270846]  krealloc_more_oob_helper+0x821/0x930
[   11.270867]  ? __schedule+0x10cc/0x2b60
[   11.270888]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.270910]  ? finish_task_switch.isra.0+0x153/0x700
[   11.270932]  ? __switch_to+0x47/0xf50
[   11.270957]  ? __schedule+0x10cc/0x2b60
[   11.270977]  ? __pfx_read_tsc+0x10/0x10
[   11.271000]  krealloc_large_more_oob+0x1c/0x30
[   11.271022]  kunit_try_run_case+0x1a5/0x480
[   11.271063]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.271084]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.271106]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.271127]  ? __kthread_parkme+0x82/0x180
[   11.271147]  ? preempt_count_sub+0x50/0x80
[   11.271168]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.271190]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.271211]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.271297]  kthread+0x337/0x6f0
[   11.271318]  ? trace_preempt_on+0x20/0xc0
[   11.271355]  ? __pfx_kthread+0x10/0x10
[   11.271375]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.271395]  ? calculate_sigpending+0x7b/0xa0
[   11.271417]  ? __pfx_kthread+0x10/0x10
[   11.271438]  ret_from_fork+0x116/0x1d0
[   11.271455]  ? __pfx_kthread+0x10/0x10
[   11.271475]  ret_from_fork_asm+0x1a/0x30
[   11.271504]  </TASK>
[   11.271514] 
[   11.284918] The buggy address belongs to the physical page:
[   11.285137] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b8
[   11.285524] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.285910] flags: 0x200000000000040(head|node=0|zone=2)
[   11.286261] page_type: f8(unknown)
[   11.286392] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.286754] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.287114] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.287427] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.287802] head: 0200000000000002 ffffea00040a6e01 00000000ffffffff 00000000ffffffff
[   11.288288] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.288614] page dumped because: kasan: bad access detected
[   11.288850] 
[   11.288950] Memory state around the buggy address:
[   11.289294]  ffff8881029b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.289565]  ffff8881029ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.289856] >ffff8881029ba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.290247]                                                           ^
[   11.290596]  ffff8881029ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.290901]  ffff8881029ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.291319] ==================================================================
[   11.292736] ==================================================================
[   11.293134] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.293482] Write of size 1 at addr ffff8881029ba0f0 by task kunit_try_catch/177
[   11.293777] 
[   11.293909] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.293948] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.293960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.293979] Call Trace:
[   11.293993]  <TASK>
[   11.294008]  dump_stack_lvl+0x73/0xb0
[   11.294091]  print_report+0xd1/0x650
[   11.294130]  ? __virt_addr_valid+0x1db/0x2d0
[   11.294151]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.294184]  ? kasan_addr_to_slab+0x11/0xa0
[   11.294204]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.294226]  kasan_report+0x141/0x180
[   11.294255]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.294282]  __asan_report_store1_noabort+0x1b/0x30
[   11.294301]  krealloc_more_oob_helper+0x7eb/0x930
[   11.294333]  ? __schedule+0x10cc/0x2b60
[   11.294353]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.294376]  ? finish_task_switch.isra.0+0x153/0x700
[   11.294396]  ? __switch_to+0x47/0xf50
[   11.294428]  ? __schedule+0x10cc/0x2b60
[   11.294448]  ? __pfx_read_tsc+0x10/0x10
[   11.294471]  krealloc_large_more_oob+0x1c/0x30
[   11.294502]  kunit_try_run_case+0x1a5/0x480
[   11.294525]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.294546]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.294567]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.294597]  ? __kthread_parkme+0x82/0x180
[   11.294617]  ? preempt_count_sub+0x50/0x80
[   11.294640]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.294672]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.294693]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.294715]  kthread+0x337/0x6f0
[   11.294733]  ? trace_preempt_on+0x20/0xc0
[   11.294754]  ? __pfx_kthread+0x10/0x10
[   11.294773]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.294793]  ? calculate_sigpending+0x7b/0xa0
[   11.294815]  ? __pfx_kthread+0x10/0x10
[   11.294835]  ret_from_fork+0x116/0x1d0
[   11.294852]  ? __pfx_kthread+0x10/0x10
[   11.294871]  ret_from_fork_asm+0x1a/0x30
[   11.294900]  </TASK>
[   11.294910] 
[   11.303152] The buggy address belongs to the physical page:
[   11.303366] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029b8
[   11.303718] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.304302] flags: 0x200000000000040(head|node=0|zone=2)
[   11.304594] page_type: f8(unknown)
[   11.304788] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.305148] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.305444] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.305804] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.306098] head: 0200000000000002 ffffea00040a6e01 00000000ffffffff 00000000ffffffff
[   11.306469] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.306831] page dumped because: kasan: bad access detected
[   11.307156] 
[   11.307257] Memory state around the buggy address:
[   11.307478]  ffff8881029b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.307794]  ffff8881029ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.308039] >ffff8881029ba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.308420]                                                              ^
[   11.308730]  ffff8881029ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.309003]  ffff8881029ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.309528] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zFZ7AA8ZD9Hxk7VnRiY3mXiAkW

job_id

TEST:linaro@lkft#2zFZBUndPDS8X4MXFxkaR3tx0zz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zFZBUndPDS8X4MXFxkaR3tx0zz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8tbap7DwB8PZ4EuveLWZXOa/bzImage
sha256sum	fdab25edf269586788f4854ddc82bfb248384cd49a929fd8a11612d5c6323a6b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zFZ8tbap7DwB8PZ4EuveLWZXOa/modules.tar.xz
sha256sum	b870eec76e2de65ecab7668dc6c268dfb8fbc1fee9d4a7541f1df48cf623d5fd

durations

tests

boot	0
kunit	204.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit