lkft/sashal-linus-next - v6.13-rc7-43418-g558c6dd4d863 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 5, 2025, 5:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.174326] ==================================================================
[   18.174408] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.174563] Write of size 1 at addr fff00000c78460eb by task kunit_try_catch/160
[   18.174679] 
[   18.174760] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.174857] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.175031] Hardware name: linux,dummy-virt (DT)
[   18.175068] Call trace:
[   18.175089]  show_stack+0x20/0x38 (C)
[   18.175139]  dump_stack_lvl+0x8c/0xd0
[   18.175304]  print_report+0x118/0x608
[   18.175464]  kasan_report+0xdc/0x128
[   18.175579]  __asan_report_store1_noabort+0x20/0x30
[   18.175761]  krealloc_more_oob_helper+0x60c/0x678
[   18.175848]  krealloc_large_more_oob+0x20/0x38
[   18.176117]  kunit_try_run_case+0x170/0x3f0
[   18.176463]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.176605]  kthread+0x328/0x630
[   18.176724]  ret_from_fork+0x10/0x20
[   18.176781] 
[   18.176802] The buggy address belongs to the physical page:
[   18.177178] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   18.177350] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.177468] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.177643] page_type: f8(unknown)
[   18.177711] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.178278] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.178489] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.178669] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.178748] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   18.178801] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.178839] page dumped because: kasan: bad access detected
[   18.178881] 
[   18.178899] Memory state around the buggy address:
[   18.179294]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.179380]  fff00000c7846000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.179441] >fff00000c7846080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.179566]                                                           ^
[   18.179613]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.179698]  fff00000c7846180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.179832] ==================================================================
[   18.102552] ==================================================================
[   18.102699] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   18.102844] Write of size 1 at addr fff00000c47a58eb by task kunit_try_catch/156
[   18.102906] 
[   18.103081] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.103163] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.103188] Hardware name: linux,dummy-virt (DT)
[   18.103302] Call trace:
[   18.103362]  show_stack+0x20/0x38 (C)
[   18.103676]  dump_stack_lvl+0x8c/0xd0
[   18.103827]  print_report+0x118/0x608
[   18.103962]  kasan_report+0xdc/0x128
[   18.104048]  __asan_report_store1_noabort+0x20/0x30
[   18.104095]  krealloc_more_oob_helper+0x60c/0x678
[   18.104180]  krealloc_more_oob+0x20/0x38
[   18.104227]  kunit_try_run_case+0x170/0x3f0
[   18.104278]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.104340]  kthread+0x328/0x630
[   18.104390]  ret_from_fork+0x10/0x20
[   18.104437] 
[   18.104456] Allocated by task 156:
[   18.104501]  kasan_save_stack+0x3c/0x68
[   18.104553]  kasan_save_track+0x20/0x40
[   18.104592]  kasan_save_alloc_info+0x40/0x58
[   18.104639]  __kasan_krealloc+0x118/0x178
[   18.104676]  krealloc_noprof+0x128/0x360
[   18.104712]  krealloc_more_oob_helper+0x168/0x678
[   18.104749]  krealloc_more_oob+0x20/0x38
[   18.104785]  kunit_try_run_case+0x170/0x3f0
[   18.104821]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.104977]  kthread+0x328/0x630
[   18.105161]  ret_from_fork+0x10/0x20
[   18.105250] 
[   18.105377] The buggy address belongs to the object at fff00000c47a5800
[   18.105377]  which belongs to the cache kmalloc-256 of size 256
[   18.105470] The buggy address is located 0 bytes to the right of
[   18.105470]  allocated 235-byte region [fff00000c47a5800, fff00000c47a58eb)
[   18.105730] 
[   18.105995] The buggy address belongs to the physical page:
[   18.106174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047a4
[   18.106279] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.106391] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.106443] page_type: f5(slab)
[   18.106480] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.106704] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.106884] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.106976] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.107069] head: 0bfffe0000000001 ffffc1ffc311e901 00000000ffffffff 00000000ffffffff
[   18.107188] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.107455] page dumped because: kasan: bad access detected
[   18.107621] 
[   18.107745] Memory state around the buggy address:
[   18.107825]  fff00000c47a5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.107879]  fff00000c47a5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.108117] >fff00000c47a5880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.108321]                                                           ^
[   18.108411]  fff00000c47a5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.108464]  fff00000c47a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.108501] ==================================================================
[   18.111607] ==================================================================
[   18.112890] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.112954] Write of size 1 at addr fff00000c47a58f0 by task kunit_try_catch/156
[   18.113569] 
[   18.114187] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.114690] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.114739] Hardware name: linux,dummy-virt (DT)
[   18.114779] Call trace:
[   18.115690]  show_stack+0x20/0x38 (C)
[   18.115743]  dump_stack_lvl+0x8c/0xd0
[   18.115788]  print_report+0x118/0x608
[   18.115833]  kasan_report+0xdc/0x128
[   18.115891]  __asan_report_store1_noabort+0x20/0x30
[   18.115940]  krealloc_more_oob_helper+0x5c0/0x678
[   18.115987]  krealloc_more_oob+0x20/0x38
[   18.116032]  kunit_try_run_case+0x170/0x3f0
[   18.116077]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.116128]  kthread+0x328/0x630
[   18.116168]  ret_from_fork+0x10/0x20
[   18.116218] 
[   18.116236] Allocated by task 156:
[   18.116263]  kasan_save_stack+0x3c/0x68
[   18.116303]  kasan_save_track+0x20/0x40
[   18.116339]  kasan_save_alloc_info+0x40/0x58
[   18.116377]  __kasan_krealloc+0x118/0x178
[   18.116414]  krealloc_noprof+0x128/0x360
[   18.116449]  krealloc_more_oob_helper+0x168/0x678
[   18.116487]  krealloc_more_oob+0x20/0x38
[   18.116522]  kunit_try_run_case+0x170/0x3f0
[   18.116559]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.116601]  kthread+0x328/0x630
[   18.116632]  ret_from_fork+0x10/0x20
[   18.116665] 
[   18.116683] The buggy address belongs to the object at fff00000c47a5800
[   18.116683]  which belongs to the cache kmalloc-256 of size 256
[   18.116737] The buggy address is located 5 bytes to the right of
[   18.116737]  allocated 235-byte region [fff00000c47a5800, fff00000c47a58eb)
[   18.116797] 
[   18.116816] The buggy address belongs to the physical page:
[   18.116846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1047a4
[   18.116905] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.116950] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.116998] page_type: f5(slab)
[   18.117034] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.117082] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.117129] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.117175] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.117221] head: 0bfffe0000000001 ffffc1ffc311e901 00000000ffffffff 00000000ffffffff
[   18.117267] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.117305] page dumped because: kasan: bad access detected
[   18.117334] 
[   18.117351] Memory state around the buggy address:
[   18.117380]  fff00000c47a5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.117421]  fff00000c47a5800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.117461] >fff00000c47a5880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.117497]                                                              ^
[   18.117534]  fff00000c47a5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.117574]  fff00000c47a5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.117610] ==================================================================
[   18.182787] ==================================================================
[   18.182970] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   18.183067] Write of size 1 at addr fff00000c78460f0 by task kunit_try_catch/160
[   18.183314] 
[   18.183350] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.183582] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.183691] Hardware name: linux,dummy-virt (DT)
[   18.184151] Call trace:
[   18.184305]  show_stack+0x20/0x38 (C)
[   18.184609]  dump_stack_lvl+0x8c/0xd0
[   18.184679]  print_report+0x118/0x608
[   18.184725]  kasan_report+0xdc/0x128
[   18.184902]  __asan_report_store1_noabort+0x20/0x30
[   18.185107]  krealloc_more_oob_helper+0x5c0/0x678
[   18.185195]  krealloc_large_more_oob+0x20/0x38
[   18.185682]  kunit_try_run_case+0x170/0x3f0
[   18.185809]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.185887]  kthread+0x328/0x630
[   18.186075]  ret_from_fork+0x10/0x20
[   18.186343] 
[   18.186429] The buggy address belongs to the physical page:
[   18.186500] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107844
[   18.186572] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.186625] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.186795] page_type: f8(unknown)
[   18.186840] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.186903] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.186973] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.187044] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.187091] head: 0bfffe0000000002 ffffc1ffc31e1101 00000000ffffffff 00000000ffffffff
[   18.187137] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.187175] page dumped because: kasan: bad access detected
[   18.187232] 
[   18.187252] Memory state around the buggy address:
[   18.187301]  fff00000c7845f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.187343]  fff00000c7846000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.187405] >fff00000c7846080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.187447]                                                              ^
[   18.187486]  fff00000c7846100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.187537]  fff00000c7846180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.187574] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrWDq0bEi1EjtPufprycAKDeO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrWDq0bEi1EjtPufprycAKDeO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/Image.gz
sha256sum	c37d8937dcd7669a560694b12aa880cb8a3fca13f19914a1dd4b319a7759a1c4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrTdUkZ0clW81cymm7tPjaj68/modules.tar.xz
sha256sum	54680ff2ac79b5b7aaf875ee8ccdcad9cb40402efd743a3b1747b89f302da86f

durations

tests

boot	0
kunit	171.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.420314] ==================================================================
[   11.420820] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.421245] Write of size 1 at addr ffff888102a260f0 by task kunit_try_catch/178
[   11.421639] 
[   11.421785] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.421827] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.421838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.421858] Call Trace:
[   11.421871]  <TASK>
[   11.421886]  dump_stack_lvl+0x73/0xb0
[   11.421912]  print_report+0xd1/0x650
[   11.421933]  ? __virt_addr_valid+0x1db/0x2d0
[   11.421954]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.421978]  ? kasan_addr_to_slab+0x11/0xa0
[   11.422009]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.422032]  kasan_report+0x141/0x180
[   11.422053]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.422092]  __asan_report_store1_noabort+0x1b/0x30
[   11.422112]  krealloc_more_oob_helper+0x7eb/0x930
[   11.422134]  ? __schedule+0x10cc/0x2b60
[   11.422155]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.422180]  ? finish_task_switch.isra.0+0x153/0x700
[   11.422200]  ? __switch_to+0x47/0xf50
[   11.422224]  ? __schedule+0x10cc/0x2b60
[   11.422245]  ? __pfx_read_tsc+0x10/0x10
[   11.422268]  krealloc_large_more_oob+0x1c/0x30
[   11.422290]  kunit_try_run_case+0x1a5/0x480
[   11.422313]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.422344]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.422365]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.422387]  ? __kthread_parkme+0x82/0x180
[   11.422418]  ? preempt_count_sub+0x50/0x80
[   11.422440]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.422472]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.422494]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.422525]  kthread+0x337/0x6f0
[   11.422544]  ? trace_preempt_on+0x20/0xc0
[   11.422566]  ? __pfx_kthread+0x10/0x10
[   11.422586]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.422617]  ? calculate_sigpending+0x7b/0xa0
[   11.422640]  ? __pfx_kthread+0x10/0x10
[   11.422662]  ret_from_fork+0x116/0x1d0
[   11.422680]  ? __pfx_kthread+0x10/0x10
[   11.422700]  ret_from_fork_asm+0x1a/0x30
[   11.422738]  </TASK>
[   11.422748] 
[   11.430124] The buggy address belongs to the physical page:
[   11.430405] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a24
[   11.430797] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.431043] flags: 0x200000000000040(head|node=0|zone=2)
[   11.431307] page_type: f8(unknown)
[   11.431508] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.431924] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.432201] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.432561] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.432929] head: 0200000000000002 ffffea00040a8901 00000000ffffffff 00000000ffffffff
[   11.433262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.433591] page dumped because: kasan: bad access detected
[   11.433877] 
[   11.433948] Memory state around the buggy address:
[   11.434103]  ffff888102a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.434316]  ffff888102a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.434898] >ffff888102a26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.435157]                                                              ^
[   11.435363]  ffff888102a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.435590]  ffff888102a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.436156] ==================================================================
[   11.181294] ==================================================================
[   11.182381] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.183028] Write of size 1 at addr ffff888100ab40eb by task kunit_try_catch/174
[   11.183746] 
[   11.183861] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.184007] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.184020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.184041] Call Trace:
[   11.184055]  <TASK>
[   11.184072]  dump_stack_lvl+0x73/0xb0
[   11.184112]  print_report+0xd1/0x650
[   11.184135]  ? __virt_addr_valid+0x1db/0x2d0
[   11.184158]  ? krealloc_more_oob_helper+0x821/0x930
[   11.184181]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.184202]  ? krealloc_more_oob_helper+0x821/0x930
[   11.184225]  kasan_report+0x141/0x180
[   11.184246]  ? krealloc_more_oob_helper+0x821/0x930
[   11.184274]  __asan_report_store1_noabort+0x1b/0x30
[   11.184294]  krealloc_more_oob_helper+0x821/0x930
[   11.184315]  ? __schedule+0x10cc/0x2b60
[   11.184336]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.184360]  ? finish_task_switch.isra.0+0x153/0x700
[   11.184381]  ? __switch_to+0x47/0xf50
[   11.184407]  ? __schedule+0x10cc/0x2b60
[   11.184428]  ? __pfx_read_tsc+0x10/0x10
[   11.184451]  krealloc_more_oob+0x1c/0x30
[   11.184482]  kunit_try_run_case+0x1a5/0x480
[   11.184506]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.184527]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.184549]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.184571]  ? __kthread_parkme+0x82/0x180
[   11.184591]  ? preempt_count_sub+0x50/0x80
[   11.184613]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.184636]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.184657]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.184680]  kthread+0x337/0x6f0
[   11.184699]  ? trace_preempt_on+0x20/0xc0
[   11.184722]  ? __pfx_kthread+0x10/0x10
[   11.184741]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.184761]  ? calculate_sigpending+0x7b/0xa0
[   11.184784]  ? __pfx_kthread+0x10/0x10
[   11.184805]  ret_from_fork+0x116/0x1d0
[   11.184822]  ? __pfx_kthread+0x10/0x10
[   11.184842]  ret_from_fork_asm+0x1a/0x30
[   11.184872]  </TASK>
[   11.184884] 
[   11.196079] Allocated by task 174:
[   11.196320]  kasan_save_stack+0x45/0x70
[   11.196517]  kasan_save_track+0x18/0x40
[   11.196712]  kasan_save_alloc_info+0x3b/0x50
[   11.197171]  __kasan_krealloc+0x190/0x1f0
[   11.197607]  krealloc_noprof+0xf3/0x340
[   11.197963]  krealloc_more_oob_helper+0x1a9/0x930
[   11.198448]  krealloc_more_oob+0x1c/0x30
[   11.198649]  kunit_try_run_case+0x1a5/0x480
[   11.199025]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.199415]  kthread+0x337/0x6f0
[   11.199705]  ret_from_fork+0x116/0x1d0
[   11.199861]  ret_from_fork_asm+0x1a/0x30
[   11.200129] 
[   11.200231] The buggy address belongs to the object at ffff888100ab4000
[   11.200231]  which belongs to the cache kmalloc-256 of size 256
[   11.201103] The buggy address is located 0 bytes to the right of
[   11.201103]  allocated 235-byte region [ffff888100ab4000, ffff888100ab40eb)
[   11.201929] 
[   11.202133] The buggy address belongs to the physical page:
[   11.202589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4
[   11.202946] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.203245] flags: 0x200000000000040(head|node=0|zone=2)
[   11.203556] page_type: f5(slab)
[   11.203714] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.203999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.204362] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.204668] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.204962] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff
[   11.205487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.205832] page dumped because: kasan: bad access detected
[   11.206035] 
[   11.206133] Memory state around the buggy address:
[   11.206350]  ffff888100ab3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.206743]  ffff888100ab4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.207021] >ffff888100ab4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.207301]                                                           ^
[   11.207641]  ffff888100ab4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.207953]  ffff888100ab4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.208513] ==================================================================
[   11.400179] ==================================================================
[   11.401057] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.401872] Write of size 1 at addr ffff888102a260eb by task kunit_try_catch/178
[   11.402340] 
[   11.402432] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.402489] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.402501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.402521] Call Trace:
[   11.402534]  <TASK>
[   11.402549]  dump_stack_lvl+0x73/0xb0
[   11.402577]  print_report+0xd1/0x650
[   11.402598]  ? __virt_addr_valid+0x1db/0x2d0
[   11.402619]  ? krealloc_more_oob_helper+0x821/0x930
[   11.402641]  ? kasan_addr_to_slab+0x11/0xa0
[   11.402661]  ? krealloc_more_oob_helper+0x821/0x930
[   11.402695]  kasan_report+0x141/0x180
[   11.402717]  ? krealloc_more_oob_helper+0x821/0x930
[   11.402745]  __asan_report_store1_noabort+0x1b/0x30
[   11.402765]  krealloc_more_oob_helper+0x821/0x930
[   11.402787]  ? __schedule+0x10cc/0x2b60
[   11.402808]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.402832]  ? finish_task_switch.isra.0+0x153/0x700
[   11.402864]  ? __switch_to+0x47/0xf50
[   11.402888]  ? __schedule+0x10cc/0x2b60
[   11.402909]  ? __pfx_read_tsc+0x10/0x10
[   11.402944]  krealloc_large_more_oob+0x1c/0x30
[   11.402966]  kunit_try_run_case+0x1a5/0x480
[   11.402990]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.403011]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.403033]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.403055]  ? __kthread_parkme+0x82/0x180
[   11.403074]  ? preempt_count_sub+0x50/0x80
[   11.403097]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.403120]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.403142]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.403164]  kthread+0x337/0x6f0
[   11.403182]  ? trace_preempt_on+0x20/0xc0
[   11.403204]  ? __pfx_kthread+0x10/0x10
[   11.403224]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.403244]  ? calculate_sigpending+0x7b/0xa0
[   11.403266]  ? __pfx_kthread+0x10/0x10
[   11.403287]  ret_from_fork+0x116/0x1d0
[   11.403304]  ? __pfx_kthread+0x10/0x10
[   11.403324]  ret_from_fork_asm+0x1a/0x30
[   11.403353]  </TASK>
[   11.403365] 
[   11.413562] The buggy address belongs to the physical page:
[   11.413880] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a24
[   11.414426] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.414664] flags: 0x200000000000040(head|node=0|zone=2)
[   11.414866] page_type: f8(unknown)
[   11.415117] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.415433] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.415676] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.416024] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.416374] head: 0200000000000002 ffffea00040a8901 00000000ffffffff 00000000ffffffff
[   11.416632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.417008] page dumped because: kasan: bad access detected
[   11.417251] 
[   11.417320] Memory state around the buggy address:
[   11.417608]  ffff888102a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.418111]  ffff888102a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.418445] >ffff888102a26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.418712]                                                           ^
[   11.419113]  ffff888102a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.419482]  ffff888102a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.419798] ==================================================================
[   11.208997] ==================================================================
[   11.209273] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.209791] Write of size 1 at addr ffff888100ab40f0 by task kunit_try_catch/174
[   11.210349] 
[   11.210450] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.210506] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.210518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.210538] Call Trace:
[   11.210554]  <TASK>
[   11.210569]  dump_stack_lvl+0x73/0xb0
[   11.210596]  print_report+0xd1/0x650
[   11.210618]  ? __virt_addr_valid+0x1db/0x2d0
[   11.210639]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.210661]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.210682]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.210705]  kasan_report+0x141/0x180
[   11.210726]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.210754]  __asan_report_store1_noabort+0x1b/0x30
[   11.210774]  krealloc_more_oob_helper+0x7eb/0x930
[   11.210795]  ? __schedule+0x10cc/0x2b60
[   11.210817]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.210840]  ? finish_task_switch.isra.0+0x153/0x700
[   11.210860]  ? __switch_to+0x47/0xf50
[   11.210885]  ? __schedule+0x10cc/0x2b60
[   11.210905]  ? __pfx_read_tsc+0x10/0x10
[   11.210928]  krealloc_more_oob+0x1c/0x30
[   11.210948]  kunit_try_run_case+0x1a5/0x480
[   11.210971]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.210992]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.211014]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.211035]  ? __kthread_parkme+0x82/0x180
[   11.211054]  ? preempt_count_sub+0x50/0x80
[   11.211076]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.211098]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.211119]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.211141]  kthread+0x337/0x6f0
[   11.211159]  ? trace_preempt_on+0x20/0xc0
[   11.211181]  ? __pfx_kthread+0x10/0x10
[   11.211201]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.211221]  ? calculate_sigpending+0x7b/0xa0
[   11.211243]  ? __pfx_kthread+0x10/0x10
[   11.211263]  ret_from_fork+0x116/0x1d0
[   11.211281]  ? __pfx_kthread+0x10/0x10
[   11.211300]  ret_from_fork_asm+0x1a/0x30
[   11.211386]  </TASK>
[   11.211400] 
[   11.219875] Allocated by task 174:
[   11.220067]  kasan_save_stack+0x45/0x70
[   11.220356]  kasan_save_track+0x18/0x40
[   11.220597]  kasan_save_alloc_info+0x3b/0x50
[   11.220864]  __kasan_krealloc+0x190/0x1f0
[   11.221060]  krealloc_noprof+0xf3/0x340
[   11.221383]  krealloc_more_oob_helper+0x1a9/0x930
[   11.221604]  krealloc_more_oob+0x1c/0x30
[   11.221937]  kunit_try_run_case+0x1a5/0x480
[   11.222151]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.222520]  kthread+0x337/0x6f0
[   11.222713]  ret_from_fork+0x116/0x1d0
[   11.222874]  ret_from_fork_asm+0x1a/0x30
[   11.223012] 
[   11.223084] The buggy address belongs to the object at ffff888100ab4000
[   11.223084]  which belongs to the cache kmalloc-256 of size 256
[   11.223911] The buggy address is located 5 bytes to the right of
[   11.223911]  allocated 235-byte region [ffff888100ab4000, ffff888100ab40eb)
[   11.224639] 
[   11.224807] The buggy address belongs to the physical page:
[   11.225021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4
[   11.225887] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.226242] flags: 0x200000000000040(head|node=0|zone=2)
[   11.226435] page_type: f5(slab)
[   11.226610] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.228400] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.229089] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.229345] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.229599] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff
[   11.229833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.230067] page dumped because: kasan: bad access detected
[   11.230246] 
[   11.230319] Memory state around the buggy address:
[   11.231784]  ffff888100ab3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.232960]  ffff888100ab4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.234404] >ffff888100ab4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.234752]                                                              ^
[   11.235489]  ffff888100ab4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.235793]  ffff888100ab4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.236189] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zSrST9Gzuem1PP5NJnVdpLyEja

job_id

TEST:linaro@lkft#2zSrX3orQWFDB1hBYGYI2ScAyiH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zSrX3orQWFDB1hBYGYI2ScAyiH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/bzImage
sha256sum	4a2ec3783c3fcf44f65d4d40ee2c81be96bf4d87b6db1ab01308c5fbd0723b99

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zSrURTUzYoapFdn0PE0tv507cO/modules.tar.xz
sha256sum	9f0760e2bc35f8a8e1fdf686c304d05bf0ea231e498a0100efa46359e97d8474

durations

tests

boot	0
kunit	205.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit