lkft/sashal-linus-next - v6.13-rc7-43165-gcfb37db724c4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 3, 2025, 6:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.679500] ==================================================================
[   16.679928] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.680142] Write of size 1 at addr fff00000c78060eb by task kunit_try_catch/160
[   16.680207] 
[   16.680242] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.680322] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.680347] Hardware name: linux,dummy-virt (DT)
[   16.680377] Call trace:
[   16.680708]  show_stack+0x20/0x38 (C)
[   16.680931]  dump_stack_lvl+0x8c/0xd0
[   16.680986]  print_report+0x118/0x608
[   16.681382]  kasan_report+0xdc/0x128
[   16.681479]  __asan_report_store1_noabort+0x20/0x30
[   16.681567]  krealloc_more_oob_helper+0x60c/0x678
[   16.681764]  krealloc_large_more_oob+0x20/0x38
[   16.681963]  kunit_try_run_case+0x170/0x3f0
[   16.682202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.682390]  kthread+0x328/0x630
[   16.682767]  ret_from_fork+0x10/0x20
[   16.683146] 
[   16.683203] The buggy address belongs to the physical page:
[   16.683243] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107804
[   16.683655] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.683769] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.683893] page_type: f8(unknown)
[   16.684363] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.684462] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.684528] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.684738] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.684998] head: 0bfffe0000000002 ffffc1ffc31e0101 00000000ffffffff 00000000ffffffff
[   16.685087] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.685132] page dumped because: kasan: bad access detected
[   16.685162] 
[   16.685360] Memory state around the buggy address:
[   16.685455]  fff00000c7805f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.685664]  fff00000c7806000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.685759] >fff00000c7806080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.685811]                                                           ^
[   16.685978]  fff00000c7806100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.686191]  fff00000c7806180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.686348] ==================================================================
[   16.600282] ==================================================================
[   16.600423] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.600523] Write of size 1 at addr fff00000c59ab2eb by task kunit_try_catch/156
[   16.600583] 
[   16.600678] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.600758] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.600784] Hardware name: linux,dummy-virt (DT)
[   16.601039] Call trace:
[   16.601198]  show_stack+0x20/0x38 (C)
[   16.601291]  dump_stack_lvl+0x8c/0xd0
[   16.601349]  print_report+0x118/0x608
[   16.601396]  kasan_report+0xdc/0x128
[   16.601498]  __asan_report_store1_noabort+0x20/0x30
[   16.601552]  krealloc_more_oob_helper+0x60c/0x678
[   16.601599]  krealloc_more_oob+0x20/0x38
[   16.601658]  kunit_try_run_case+0x170/0x3f0
[   16.601704]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.601755]  kthread+0x328/0x630
[   16.601807]  ret_from_fork+0x10/0x20
[   16.601863] 
[   16.601896] Allocated by task 156:
[   16.601939]  kasan_save_stack+0x3c/0x68
[   16.601993]  kasan_save_track+0x20/0x40
[   16.602037]  kasan_save_alloc_info+0x40/0x58
[   16.602076]  __kasan_krealloc+0x118/0x178
[   16.602120]  krealloc_noprof+0x128/0x360
[   16.602161]  krealloc_more_oob_helper+0x168/0x678
[   16.602214]  krealloc_more_oob+0x20/0x38
[   16.602257]  kunit_try_run_case+0x170/0x3f0
[   16.602293]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.602334]  kthread+0x328/0x630
[   16.602380]  ret_from_fork+0x10/0x20
[   16.602431] 
[   16.602451] The buggy address belongs to the object at fff00000c59ab200
[   16.602451]  which belongs to the cache kmalloc-256 of size 256
[   16.602514] The buggy address is located 0 bytes to the right of
[   16.602514]  allocated 235-byte region [fff00000c59ab200, fff00000c59ab2eb)
[   16.602574] 
[   16.602593] The buggy address belongs to the physical page:
[   16.602624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa
[   16.602693] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.602752] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.602803] page_type: f5(slab)
[   16.602863] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.602921] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.602968] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.603025] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.603282] head: 0bfffe0000000001 ffffc1ffc3166a81 00000000ffffffff 00000000ffffffff
[   16.603898] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.603960] page dumped because: kasan: bad access detected
[   16.604214] 
[   16.604264] Memory state around the buggy address:
[   16.604543]  fff00000c59ab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.604648]  fff00000c59ab200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.604694] >fff00000c59ab280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.605668]                                                           ^
[   16.605741]  fff00000c59ab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.605876]  fff00000c59ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.605945] ==================================================================
[   16.691532] ==================================================================
[   16.691584] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.691633] Write of size 1 at addr fff00000c78060f0 by task kunit_try_catch/160
[   16.691681] 
[   16.691711] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.691787] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.691832] Hardware name: linux,dummy-virt (DT)
[   16.691867] Call trace:
[   16.691889]  show_stack+0x20/0x38 (C)
[   16.691936]  dump_stack_lvl+0x8c/0xd0
[   16.691980]  print_report+0x118/0x608
[   16.692049]  kasan_report+0xdc/0x128
[   16.692096]  __asan_report_store1_noabort+0x20/0x30
[   16.692143]  krealloc_more_oob_helper+0x5c0/0x678
[   16.692201]  krealloc_large_more_oob+0x20/0x38
[   16.692247]  kunit_try_run_case+0x170/0x3f0
[   16.692292]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.692342]  kthread+0x328/0x630
[   16.692382]  ret_from_fork+0x10/0x20
[   16.692428] 
[   16.692453] The buggy address belongs to the physical page:
[   16.692482] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107804
[   16.693152] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.693250] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.693615] page_type: f8(unknown)
[   16.693934] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.694100] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.694244] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.694367] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.694471] head: 0bfffe0000000002 ffffc1ffc31e0101 00000000ffffffff 00000000ffffffff
[   16.694526] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.694731] page dumped because: kasan: bad access detected
[   16.694938] 
[   16.694959] Memory state around the buggy address:
[   16.695023]  fff00000c7805f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.695456]  fff00000c7806000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.695543] >fff00000c7806080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.695701]                                                              ^
[   16.695810]  fff00000c7806100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.695926]  fff00000c7806180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.696128] ==================================================================
[   16.606911] ==================================================================
[   16.607362] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.607430] Write of size 1 at addr fff00000c59ab2f0 by task kunit_try_catch/156
[   16.607717] 
[   16.607811] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.608151] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.608272] Hardware name: linux,dummy-virt (DT)
[   16.608456] Call trace:
[   16.608483]  show_stack+0x20/0x38 (C)
[   16.608770]  dump_stack_lvl+0x8c/0xd0
[   16.608830]  print_report+0x118/0x608
[   16.608875]  kasan_report+0xdc/0x128
[   16.608919]  __asan_report_store1_noabort+0x20/0x30
[   16.608964]  krealloc_more_oob_helper+0x5c0/0x678
[   16.609340]  krealloc_more_oob+0x20/0x38
[   16.609440]  kunit_try_run_case+0x170/0x3f0
[   16.609691]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.609948]  kthread+0x328/0x630
[   16.610327]  ret_from_fork+0x10/0x20
[   16.610558] 
[   16.610625] Allocated by task 156:
[   16.610799]  kasan_save_stack+0x3c/0x68
[   16.610915]  kasan_save_track+0x20/0x40
[   16.611243]  kasan_save_alloc_info+0x40/0x58
[   16.611336]  __kasan_krealloc+0x118/0x178
[   16.611381]  krealloc_noprof+0x128/0x360
[   16.611562]  krealloc_more_oob_helper+0x168/0x678
[   16.611655]  krealloc_more_oob+0x20/0x38
[   16.611863]  kunit_try_run_case+0x170/0x3f0
[   16.611908]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.611995]  kthread+0x328/0x630
[   16.612181]  ret_from_fork+0x10/0x20
[   16.612363] 
[   16.612503] The buggy address belongs to the object at fff00000c59ab200
[   16.612503]  which belongs to the cache kmalloc-256 of size 256
[   16.612587] The buggy address is located 5 bytes to the right of
[   16.612587]  allocated 235-byte region [fff00000c59ab200, fff00000c59ab2eb)
[   16.612676] 
[   16.612705] The buggy address belongs to the physical page:
[   16.613060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059aa
[   16.613143] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.613272] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.613348] page_type: f5(slab)
[   16.613539] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.613653] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.613933] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.614071] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.614655] head: 0bfffe0000000001 ffffc1ffc3166a81 00000000ffffffff 00000000ffffffff
[   16.614801] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.615010] page dumped because: kasan: bad access detected
[   16.615074] 
[   16.615092] Memory state around the buggy address:
[   16.615268]  fff00000c59ab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.615472]  fff00000c59ab200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.615578] >fff00000c59ab280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.615618]                                                              ^
[   16.615686]  fff00000c59ab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.615877]  fff00000c59ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.616056] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL5oRbEmqaoyhMhEOvLzS6IfC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL5oRbEmqaoyhMhEOvLzS6IfC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/Image.gz
sha256sum	75bd93f2a9f934a99efc331115dacf43cd61683d1338c69f56928f4e505c4b9f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL2hrVcCo1WcxmghqCiEPqPCd/modules.tar.xz
sha256sum	ba9b1a7bf6af40dbc6b67719635e8125d452a6738f5e6a1c543b4789f281320d

durations

tests

boot	0
kunit	167.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.273264] ==================================================================
[   11.274298] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.274830] Write of size 1 at addr ffff8881029fe0eb by task kunit_try_catch/178
[   11.275058] 
[   11.275160] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.275215] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.275227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.275247] Call Trace:
[   11.275260]  <TASK>
[   11.275276]  dump_stack_lvl+0x73/0xb0
[   11.275304]  print_report+0xd1/0x650
[   11.275327]  ? __virt_addr_valid+0x1db/0x2d0
[   11.275349]  ? krealloc_more_oob_helper+0x821/0x930
[   11.275372]  ? kasan_addr_to_slab+0x11/0xa0
[   11.275391]  ? krealloc_more_oob_helper+0x821/0x930
[   11.275414]  kasan_report+0x141/0x180
[   11.275435]  ? krealloc_more_oob_helper+0x821/0x930
[   11.275462]  __asan_report_store1_noabort+0x1b/0x30
[   11.275482]  krealloc_more_oob_helper+0x821/0x930
[   11.275503]  ? __schedule+0x10cc/0x2b60
[   11.275524]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.275547]  ? finish_task_switch.isra.0+0x153/0x700
[   11.275569]  ? __switch_to+0x47/0xf50
[   11.275593]  ? __schedule+0x10cc/0x2b60
[   11.275613]  ? __pfx_read_tsc+0x10/0x10
[   11.275637]  krealloc_large_more_oob+0x1c/0x30
[   11.275659]  kunit_try_run_case+0x1a5/0x480
[   11.275683]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.275705]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.275727]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.275749]  ? __kthread_parkme+0x82/0x180
[   11.275769]  ? preempt_count_sub+0x50/0x80
[   11.275791]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.275813]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.275834]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.275856]  kthread+0x337/0x6f0
[   11.275874]  ? trace_preempt_on+0x20/0xc0
[   11.275897]  ? __pfx_kthread+0x10/0x10
[   11.275917]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.275937]  ? calculate_sigpending+0x7b/0xa0
[   11.275960]  ? __pfx_kthread+0x10/0x10
[   11.275980]  ret_from_fork+0x116/0x1d0
[   11.275997]  ? __pfx_kthread+0x10/0x10
[   11.276017]  ret_from_fork_asm+0x1a/0x30
[   11.276046]  </TASK>
[   11.276057] 
[   11.284061] The buggy address belongs to the physical page:
[   11.284315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc
[   11.284695] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.285069] flags: 0x200000000000040(head|node=0|zone=2)
[   11.285316] page_type: f8(unknown)
[   11.285505] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.285738] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.286133] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.286508] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.286942] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff
[   11.287310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.287540] page dumped because: kasan: bad access detected
[   11.287936] 
[   11.288122] Memory state around the buggy address:
[   11.288322]  ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.288598]  ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.288817] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.289034]                                                           ^
[   11.289407]  ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.289746]  ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.290031] ==================================================================
[   11.090875] ==================================================================
[   11.091481] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.091833] Write of size 1 at addr ffff888100aa82f0 by task kunit_try_catch/174
[   11.092253] 
[   11.092347] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.092387] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.092397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.092416] Call Trace:
[   11.092430]  <TASK>
[   11.092445]  dump_stack_lvl+0x73/0xb0
[   11.092470]  print_report+0xd1/0x650
[   11.092491]  ? __virt_addr_valid+0x1db/0x2d0
[   11.092511]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.092533]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.092553]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.092576]  kasan_report+0x141/0x180
[   11.092596]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.092624]  __asan_report_store1_noabort+0x1b/0x30
[   11.092643]  krealloc_more_oob_helper+0x7eb/0x930
[   11.092664]  ? __schedule+0x10cc/0x2b60
[   11.092685]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.092707]  ? finish_task_switch.isra.0+0x153/0x700
[   11.092727]  ? __switch_to+0x47/0xf50
[   11.092750]  ? __schedule+0x10cc/0x2b60
[   11.092769]  ? __pfx_read_tsc+0x10/0x10
[   11.092792]  krealloc_more_oob+0x1c/0x30
[   11.092812]  kunit_try_run_case+0x1a5/0x480
[   11.092834]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.092855]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.092876]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.092898]  ? __kthread_parkme+0x82/0x180
[   11.092916]  ? preempt_count_sub+0x50/0x80
[   11.092937]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.092959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.092981]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.093002]  kthread+0x337/0x6f0
[   11.093020]  ? trace_preempt_on+0x20/0xc0
[   11.093042]  ? __pfx_kthread+0x10/0x10
[   11.093062]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.093081]  ? calculate_sigpending+0x7b/0xa0
[   11.093103]  ? __pfx_kthread+0x10/0x10
[   11.093136]  ret_from_fork+0x116/0x1d0
[   11.093153]  ? __pfx_kthread+0x10/0x10
[   11.093173]  ret_from_fork_asm+0x1a/0x30
[   11.093202]  </TASK>
[   11.093212] 
[   11.101064] Allocated by task 174:
[   11.101333]  kasan_save_stack+0x45/0x70
[   11.101562]  kasan_save_track+0x18/0x40
[   11.101760]  kasan_save_alloc_info+0x3b/0x50
[   11.101922]  __kasan_krealloc+0x190/0x1f0
[   11.102134]  krealloc_noprof+0xf3/0x340
[   11.102423]  krealloc_more_oob_helper+0x1a9/0x930
[   11.102593]  krealloc_more_oob+0x1c/0x30
[   11.102741]  kunit_try_run_case+0x1a5/0x480
[   11.102946]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.103437]  kthread+0x337/0x6f0
[   11.103638]  ret_from_fork+0x116/0x1d0
[   11.103785]  ret_from_fork_asm+0x1a/0x30
[   11.103984] 
[   11.104081] The buggy address belongs to the object at ffff888100aa8200
[   11.104081]  which belongs to the cache kmalloc-256 of size 256
[   11.104597] The buggy address is located 5 bytes to the right of
[   11.104597]  allocated 235-byte region [ffff888100aa8200, ffff888100aa82eb)
[   11.105236] 
[   11.105338] The buggy address belongs to the physical page:
[   11.105614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8
[   11.105915] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.106281] flags: 0x200000000000040(head|node=0|zone=2)
[   11.106488] page_type: f5(slab)
[   11.106639] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.106980] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.107555] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.107863] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.108264] head: 0200000000000001 ffffea000402aa01 00000000ffffffff 00000000ffffffff
[   11.108544] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.108889] page dumped because: kasan: bad access detected
[   11.109218] 
[   11.109294] Memory state around the buggy address:
[   11.109505]  ffff888100aa8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.109788]  ffff888100aa8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.110098] >ffff888100aa8280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.110433]                                                              ^
[   11.110740]  ffff888100aa8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.111027]  ffff888100aa8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.111321] ==================================================================
[   11.069948] ==================================================================
[   11.070391] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.070708] Write of size 1 at addr ffff888100aa82eb by task kunit_try_catch/174
[   11.071012] 
[   11.071152] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.071196] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.071212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.071232] Call Trace:
[   11.071244]  <TASK>
[   11.071258]  dump_stack_lvl+0x73/0xb0
[   11.071288]  print_report+0xd1/0x650
[   11.071310]  ? __virt_addr_valid+0x1db/0x2d0
[   11.071352]  ? krealloc_more_oob_helper+0x821/0x930
[   11.071375]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.071396]  ? krealloc_more_oob_helper+0x821/0x930
[   11.071419]  kasan_report+0x141/0x180
[   11.071439]  ? krealloc_more_oob_helper+0x821/0x930
[   11.071466]  __asan_report_store1_noabort+0x1b/0x30
[   11.071486]  krealloc_more_oob_helper+0x821/0x930
[   11.071507]  ? __schedule+0x10cc/0x2b60
[   11.071528]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.071551]  ? finish_task_switch.isra.0+0x153/0x700
[   11.071574]  ? __switch_to+0x47/0xf50
[   11.071600]  ? __schedule+0x10cc/0x2b60
[   11.071620]  ? __pfx_read_tsc+0x10/0x10
[   11.071644]  krealloc_more_oob+0x1c/0x30
[   11.071664]  kunit_try_run_case+0x1a5/0x480
[   11.071689]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.071709]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.071731]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.071752]  ? __kthread_parkme+0x82/0x180
[   11.071772]  ? preempt_count_sub+0x50/0x80
[   11.071794]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.071815]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.071837]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.071858]  kthread+0x337/0x6f0
[   11.071876]  ? trace_preempt_on+0x20/0xc0
[   11.071899]  ? __pfx_kthread+0x10/0x10
[   11.071919]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.071938]  ? calculate_sigpending+0x7b/0xa0
[   11.071961]  ? __pfx_kthread+0x10/0x10
[   11.071981]  ret_from_fork+0x116/0x1d0
[   11.071998]  ? __pfx_kthread+0x10/0x10
[   11.072017]  ret_from_fork_asm+0x1a/0x30
[   11.072047]  </TASK>
[   11.072058] 
[   11.080317] Allocated by task 174:
[   11.080509]  kasan_save_stack+0x45/0x70
[   11.080705]  kasan_save_track+0x18/0x40
[   11.080890]  kasan_save_alloc_info+0x3b/0x50
[   11.081092]  __kasan_krealloc+0x190/0x1f0
[   11.081403]  krealloc_noprof+0xf3/0x340
[   11.081575]  krealloc_more_oob_helper+0x1a9/0x930
[   11.081770]  krealloc_more_oob+0x1c/0x30
[   11.081957]  kunit_try_run_case+0x1a5/0x480
[   11.082242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.082479]  kthread+0x337/0x6f0
[   11.082649]  ret_from_fork+0x116/0x1d0
[   11.082822]  ret_from_fork_asm+0x1a/0x30
[   11.082994] 
[   11.083066] The buggy address belongs to the object at ffff888100aa8200
[   11.083066]  which belongs to the cache kmalloc-256 of size 256
[   11.083734] The buggy address is located 0 bytes to the right of
[   11.083734]  allocated 235-byte region [ffff888100aa8200, ffff888100aa82eb)
[   11.084394] 
[   11.084473] The buggy address belongs to the physical page:
[   11.084651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8
[   11.084935] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.085371] flags: 0x200000000000040(head|node=0|zone=2)
[   11.085626] page_type: f5(slab)
[   11.085797] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.086063] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.086427] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.086789] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.087386] head: 0200000000000001 ffffea000402aa01 00000000ffffffff 00000000ffffffff
[   11.087726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.087994] page dumped because: kasan: bad access detected
[   11.088261] 
[   11.088380] Memory state around the buggy address:
[   11.088608]  ffff888100aa8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.088921]  ffff888100aa8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.089291] >ffff888100aa8280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.089614]                                                           ^
[   11.089818]  ffff888100aa8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.090104]  ffff888100aa8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.090473] ==================================================================
[   11.290589] ==================================================================
[   11.290826] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.291064] Write of size 1 at addr ffff8881029fe0f0 by task kunit_try_catch/178
[   11.291633] 
[   11.291753] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.291792] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.291804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.291832] Call Trace:
[   11.291847]  <TASK>
[   11.291861]  dump_stack_lvl+0x73/0xb0
[   11.291886]  print_report+0xd1/0x650
[   11.291907]  ? __virt_addr_valid+0x1db/0x2d0
[   11.291928]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.291950]  ? kasan_addr_to_slab+0x11/0xa0
[   11.291970]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.291993]  kasan_report+0x141/0x180
[   11.292013]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.292041]  __asan_report_store1_noabort+0x1b/0x30
[   11.292061]  krealloc_more_oob_helper+0x7eb/0x930
[   11.292082]  ? __schedule+0x10cc/0x2b60
[   11.292102]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.292136]  ? finish_task_switch.isra.0+0x153/0x700
[   11.292156]  ? __switch_to+0x47/0xf50
[   11.292180]  ? __schedule+0x10cc/0x2b60
[   11.292200]  ? __pfx_read_tsc+0x10/0x10
[   11.292223]  krealloc_large_more_oob+0x1c/0x30
[   11.292245]  kunit_try_run_case+0x1a5/0x480
[   11.292269]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.292291]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.292314]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.292345]  ? __kthread_parkme+0x82/0x180
[   11.292366]  ? preempt_count_sub+0x50/0x80
[   11.292388]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.292410]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.292432]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.292454]  kthread+0x337/0x6f0
[   11.292472]  ? trace_preempt_on+0x20/0xc0
[   11.292495]  ? __pfx_kthread+0x10/0x10
[   11.292515]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.292535]  ? calculate_sigpending+0x7b/0xa0
[   11.292558]  ? __pfx_kthread+0x10/0x10
[   11.292578]  ret_from_fork+0x116/0x1d0
[   11.292596]  ? __pfx_kthread+0x10/0x10
[   11.292615]  ret_from_fork_asm+0x1a/0x30
[   11.292644]  </TASK>
[   11.292654] 
[   11.300964] The buggy address belongs to the physical page:
[   11.301203] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc
[   11.301828] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.302059] flags: 0x200000000000040(head|node=0|zone=2)
[   11.302486] page_type: f8(unknown)
[   11.302842] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.303146] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.303563] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.303800] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.304035] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff
[   11.304540] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.305121] page dumped because: kasan: bad access detected
[   11.307223] 
[   11.307333] Memory state around the buggy address:
[   11.307547]  ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.308344]  ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.308578] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.308791]                                                              ^
[   11.308995]  ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.309308]  ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.309608] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zNL1O2cp9dmCFBEgSs8WkyJh4y

job_id

TEST:linaro@lkft#2zNL6lw8QpiLx2X80bHtYDEoIkO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNL6lw8QpiLx2X80bHtYDEoIkO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/bzImage
sha256sum	f913311db6c7753aa3ccadda2e754832cad135a441849c4a73d7959c2b6c87e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNL3q4rWFiUvmEYLQ3BXdIYSKX/modules.tar.xz
sha256sum	43ae06e48ef12e1aba423c47b6cdbc55af315831d6ed3f78d515cc08d1dc28a1

durations

tests

boot	0
kunit	204.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit