lkft/sashal-linus-next - v6.13-rc7-43420-g0bb7ecc6c892 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 9, 2025, 12:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.408001] ==================================================================
[   19.408070] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.408125] Write of size 1 at addr fff00000c46e00f0 by task kunit_try_catch/157
[   19.408174] 
[   19.408813] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.409293] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.409322] Hardware name: linux,dummy-virt (DT)
[   19.409352] Call trace:
[   19.409375]  show_stack+0x20/0x38 (C)
[   19.409445]  dump_stack_lvl+0x8c/0xd0
[   19.409491]  print_report+0x118/0x608
[   19.409539]  kasan_report+0xdc/0x128
[   19.409585]  __asan_report_store1_noabort+0x20/0x30
[   19.409636]  krealloc_more_oob_helper+0x5c0/0x678
[   19.409688]  krealloc_more_oob+0x20/0x38
[   19.409736]  kunit_try_run_case+0x170/0x3f0
[   19.409784]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.409836]  kthread+0x328/0x630
[   19.409879]  ret_from_fork+0x10/0x20
[   19.409927] 
[   19.409947] Allocated by task 157:
[   19.409975]  kasan_save_stack+0x3c/0x68
[   19.410015]  kasan_save_track+0x20/0x40
[   19.410052]  kasan_save_alloc_info+0x40/0x58
[   19.410091]  __kasan_krealloc+0x118/0x178
[   19.410129]  krealloc_noprof+0x128/0x360
[   19.410165]  krealloc_more_oob_helper+0x168/0x678
[   19.410203]  krealloc_more_oob+0x20/0x38
[   19.410239]  kunit_try_run_case+0x170/0x3f0
[   19.410275]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.410318]  kthread+0x328/0x630
[   19.410352]  ret_from_fork+0x10/0x20
[   19.410388] 
[   19.410415] The buggy address belongs to the object at fff00000c46e0000
[   19.410415]  which belongs to the cache kmalloc-256 of size 256
[   19.410471] The buggy address is located 5 bytes to the right of
[   19.410471]  allocated 235-byte region [fff00000c46e0000, fff00000c46e00eb)
[   19.410534] 
[   19.410554] The buggy address belongs to the physical page:
[   19.410584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e0
[   19.410636] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.410684] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.412191] page_type: f5(slab)
[   19.412239] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.412289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.412345] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.412394] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.412454] head: 0bfffe0000000001 ffffc1ffc311b801 00000000ffffffff 00000000ffffffff
[   19.412503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.412543] page dumped because: kasan: bad access detected
[   19.412573] 
[   19.412590] Memory state around the buggy address:
[   19.412622]  fff00000c46dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.412664]  fff00000c46e0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.412705] >fff00000c46e0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.412742]                                                              ^
[   19.412784]  fff00000c46e0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.412826]  fff00000c46e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.412863] ==================================================================
[   19.399646] ==================================================================
[   19.399921] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.400108] Write of size 1 at addr fff00000c46e00eb by task kunit_try_catch/157
[   19.400158] 
[   19.400186] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.400265] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.400291] Hardware name: linux,dummy-virt (DT)
[   19.400320] Call trace:
[   19.400340]  show_stack+0x20/0x38 (C)
[   19.400388]  dump_stack_lvl+0x8c/0xd0
[   19.400445]  print_report+0x118/0x608
[   19.400491]  kasan_report+0xdc/0x128
[   19.400537]  __asan_report_store1_noabort+0x20/0x30
[   19.400588]  krealloc_more_oob_helper+0x60c/0x678
[   19.400636]  krealloc_more_oob+0x20/0x38
[   19.400681]  kunit_try_run_case+0x170/0x3f0
[   19.400729]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.400781]  kthread+0x328/0x630
[   19.400824]  ret_from_fork+0x10/0x20
[   19.400870] 
[   19.400888] Allocated by task 157:
[   19.400916]  kasan_save_stack+0x3c/0x68
[   19.400956]  kasan_save_track+0x20/0x40
[   19.400993]  kasan_save_alloc_info+0x40/0x58
[   19.401032]  __kasan_krealloc+0x118/0x178
[   19.401077]  krealloc_noprof+0x128/0x360
[   19.401114]  krealloc_more_oob_helper+0x168/0x678
[   19.401152]  krealloc_more_oob+0x20/0x38
[   19.401188]  kunit_try_run_case+0x170/0x3f0
[   19.401268]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.401313]  kthread+0x328/0x630
[   19.401347]  ret_from_fork+0x10/0x20
[   19.401383] 
[   19.401411] The buggy address belongs to the object at fff00000c46e0000
[   19.401411]  which belongs to the cache kmalloc-256 of size 256
[   19.401492] The buggy address is located 0 bytes to the right of
[   19.401492]  allocated 235-byte region [fff00000c46e0000, fff00000c46e00eb)
[   19.401557] 
[   19.401576] The buggy address belongs to the physical page:
[   19.401606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046e0
[   19.401658] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.401903] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.402023] page_type: f5(slab)
[   19.402174] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.402284] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.402421] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.402516] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.402577] head: 0bfffe0000000001 ffffc1ffc311b801 00000000ffffffff 00000000ffffffff
[   19.402658] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.402700] page dumped because: kasan: bad access detected
[   19.402730] 
[   19.402747] Memory state around the buggy address:
[   19.402778]  fff00000c46dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.402858]  fff00000c46e0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.403041] >fff00000c46e0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.403090]                                                           ^
[   19.403139]  fff00000c46e0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.403189]  fff00000c46e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.403367] ==================================================================
[   19.483319] ==================================================================
[   19.483390] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.484297] Write of size 1 at addr fff00000c76ba0eb by task kunit_try_catch/161
[   19.484507] 
[   19.484821] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.485170] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.485207] Hardware name: linux,dummy-virt (DT)
[   19.485511] Call trace:
[   19.485537]  show_stack+0x20/0x38 (C)
[   19.485730]  dump_stack_lvl+0x8c/0xd0
[   19.485779]  print_report+0x118/0x608
[   19.485825]  kasan_report+0xdc/0x128
[   19.485871]  __asan_report_store1_noabort+0x20/0x30
[   19.485922]  krealloc_more_oob_helper+0x60c/0x678
[   19.485972]  krealloc_large_more_oob+0x20/0x38
[   19.486892]  kunit_try_run_case+0x170/0x3f0
[   19.486954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.487221]  kthread+0x328/0x630
[   19.487589]  ret_from_fork+0x10/0x20
[   19.487850] 
[   19.488254] The buggy address belongs to the physical page:
[   19.488287] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076b8
[   19.488619] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.488852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.489344] page_type: f8(unknown)
[   19.489438] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.489927] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.490225] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.490294] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.490879] head: 0bfffe0000000002 ffffc1ffc31dae01 00000000ffffffff 00000000ffffffff
[   19.491130] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.491392] page dumped because: kasan: bad access detected
[   19.491475] 
[   19.491493] Memory state around the buggy address:
[   19.491528]  fff00000c76b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.491935]  fff00000c76ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.492111] >fff00000c76ba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.492158]                                                           ^
[   19.492197]  fff00000c76ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.492857]  fff00000c76ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.492902] ==================================================================
[   19.494360] ==================================================================
[   19.494424] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.494482] Write of size 1 at addr fff00000c76ba0f0 by task kunit_try_catch/161
[   19.494530] 
[   19.494562] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.494643] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.494670] Hardware name: linux,dummy-virt (DT)
[   19.494700] Call trace:
[   19.494722]  show_stack+0x20/0x38 (C)
[   19.494770]  dump_stack_lvl+0x8c/0xd0
[   19.494817]  print_report+0x118/0x608
[   19.494864]  kasan_report+0xdc/0x128
[   19.496094]  __asan_report_store1_noabort+0x20/0x30
[   19.496215]  krealloc_more_oob_helper+0x5c0/0x678
[   19.496266]  krealloc_large_more_oob+0x20/0x38
[   19.496357]  kunit_try_run_case+0x170/0x3f0
[   19.496527]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.496830]  kthread+0x328/0x630
[   19.497267]  ret_from_fork+0x10/0x20
[   19.497353] 
[   19.497840] The buggy address belongs to the physical page:
[   19.498080] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076b8
[   19.498281] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.498733] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.499105] page_type: f8(unknown)
[   19.499187] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.500456] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.500764] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.501336] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.501455] head: 0bfffe0000000002 ffffc1ffc31dae01 00000000ffffffff 00000000ffffffff
[   19.502040] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.502208] page dumped because: kasan: bad access detected
[   19.502240] 
[   19.502258] Memory state around the buggy address:
[   19.502289]  fff00000c76b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.502332]  fff00000c76ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.502373] >fff00000c76ba080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.502588]                                                              ^
[   19.502663]  fff00000c76ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.502705]  fff00000c76ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.502742] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAEs3GnocWqbWkV7rOIaC0ynd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAEs3GnocWqbWkV7rOIaC0ynd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/Image.gz
sha256sum	43942746c31837a748f7022cb72cf36f2b91f61e7d895fc8b55a1572e458e713

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcABpPI3ZfT1t9tMDG7X8q8lao/modules.tar.xz
sha256sum	8807b7479e37c86501e73242d675a1e38566097096d6197d93fffacaa4ec941e

durations

tests

boot	0
kunit	176.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.397714] ==================================================================
[   12.398276] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.398910] Write of size 1 at addr ffff88810a6120f0 by task kunit_try_catch/177
[   12.399633] 
[   12.399814] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.399858] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.399869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.399889] Call Trace:
[   12.399907]  <TASK>
[   12.399941]  dump_stack_lvl+0x73/0xb0
[   12.399972]  print_report+0xd1/0x650
[   12.399995]  ? __virt_addr_valid+0x1db/0x2d0
[   12.400409]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.400444]  ? kasan_addr_to_slab+0x11/0xa0
[   12.400465]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.400490]  kasan_report+0x141/0x180
[   12.400511]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.400539]  __asan_report_store1_noabort+0x1b/0x30
[   12.400564]  krealloc_more_oob_helper+0x7eb/0x930
[   12.400587]  ? __schedule+0x10cc/0x2b60
[   12.400609]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.400634]  ? finish_task_switch.isra.0+0x153/0x700
[   12.400657]  ? __switch_to+0x47/0xf50
[   12.400682]  ? __schedule+0x10cc/0x2b60
[   12.400703]  ? __pfx_read_tsc+0x10/0x10
[   12.400727]  krealloc_large_more_oob+0x1c/0x30
[   12.400751]  kunit_try_run_case+0x1a5/0x480
[   12.400776]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.400799]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.400822]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.400845]  ? __kthread_parkme+0x82/0x180
[   12.400866]  ? preempt_count_sub+0x50/0x80
[   12.400888]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.400912]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.400952]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.400978]  kthread+0x337/0x6f0
[   12.400996]  ? trace_preempt_on+0x20/0xc0
[   12.401019]  ? __pfx_kthread+0x10/0x10
[   12.401039]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.401061]  ? calculate_sigpending+0x7b/0xa0
[   12.401085]  ? __pfx_kthread+0x10/0x10
[   12.401105]  ret_from_fork+0x116/0x1d0
[   12.401123]  ? __pfx_kthread+0x10/0x10
[   12.401143]  ret_from_fork_asm+0x1a/0x30
[   12.401174]  </TASK>
[   12.401184] 
[   12.415945] The buggy address belongs to the physical page:
[   12.416213] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a610
[   12.416915] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.417222] flags: 0x200000000000040(head|node=0|zone=2)
[   12.417638] page_type: f8(unknown)
[   12.417796] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.418046] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.418384] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.418903] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.419155] head: 0200000000000002 ffffea0004298401 00000000ffffffff 00000000ffffffff
[   12.419730] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.420025] page dumped because: kasan: bad access detected
[   12.420196] 
[   12.420291] Memory state around the buggy address:
[   12.420656]  ffff88810a611f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.420993]  ffff88810a612000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.421307] >ffff88810a612080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.421515]                                                              ^
[   12.422103]  ffff88810a612100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.422456]  ffff88810a612180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.422805] ==================================================================
[   12.367155] ==================================================================
[   12.368380] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.368852] Write of size 1 at addr ffff88810a6120eb by task kunit_try_catch/177
[   12.369315] 
[   12.369753] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.369804] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.369816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.369838] Call Trace:
[   12.369851]  <TASK>
[   12.369870]  dump_stack_lvl+0x73/0xb0
[   12.369902]  print_report+0xd1/0x650
[   12.369935]  ? __virt_addr_valid+0x1db/0x2d0
[   12.370076]  ? krealloc_more_oob_helper+0x821/0x930
[   12.370102]  ? kasan_addr_to_slab+0x11/0xa0
[   12.370124]  ? krealloc_more_oob_helper+0x821/0x930
[   12.370147]  kasan_report+0x141/0x180
[   12.370169]  ? krealloc_more_oob_helper+0x821/0x930
[   12.370205]  __asan_report_store1_noabort+0x1b/0x30
[   12.370230]  krealloc_more_oob_helper+0x821/0x930
[   12.370253]  ? __schedule+0x10cc/0x2b60
[   12.370275]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.370300]  ? finish_task_switch.isra.0+0x153/0x700
[   12.370325]  ? __switch_to+0x47/0xf50
[   12.370353]  ? __schedule+0x10cc/0x2b60
[   12.370373]  ? __pfx_read_tsc+0x10/0x10
[   12.370397]  krealloc_large_more_oob+0x1c/0x30
[   12.370420]  kunit_try_run_case+0x1a5/0x480
[   12.370445]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.370467]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.370491]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.370515]  ? __kthread_parkme+0x82/0x180
[   12.370535]  ? preempt_count_sub+0x50/0x80
[   12.370557]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.370581]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.370605]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.370629]  kthread+0x337/0x6f0
[   12.370647]  ? trace_preempt_on+0x20/0xc0
[   12.370671]  ? __pfx_kthread+0x10/0x10
[   12.370691]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.370718]  ? calculate_sigpending+0x7b/0xa0
[   12.370742]  ? __pfx_kthread+0x10/0x10
[   12.370762]  ret_from_fork+0x116/0x1d0
[   12.370780]  ? __pfx_kthread+0x10/0x10
[   12.370800]  ret_from_fork_asm+0x1a/0x30
[   12.370831]  </TASK>
[   12.370841] 
[   12.387659] The buggy address belongs to the physical page:
[   12.387860] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a610
[   12.388656] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.389465] flags: 0x200000000000040(head|node=0|zone=2)
[   12.390008] page_type: f8(unknown)
[   12.390379] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.391062] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.391416] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.392335] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.393121] head: 0200000000000002 ffffea0004298401 00000000ffffffff 00000000ffffffff
[   12.393556] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.394195] page dumped because: kasan: bad access detected
[   12.394398] 
[   12.394472] Memory state around the buggy address:
[   12.394629]  ffff88810a611f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.394853]  ffff88810a612000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.395350] >ffff88810a612080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.396123]                                                           ^
[   12.396517]  ffff88810a612100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.396738]  ffff88810a612180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.396971] ==================================================================
[   12.232379] ==================================================================
[   12.232817] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.233526] Write of size 1 at addr ffff888100a17af0 by task kunit_try_catch/173
[   12.233792] 
[   12.233940] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.233986] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.233997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.234061] Call Trace:
[   12.234075]  <TASK>
[   12.234093]  dump_stack_lvl+0x73/0xb0
[   12.234126]  print_report+0xd1/0x650
[   12.234149]  ? __virt_addr_valid+0x1db/0x2d0
[   12.234172]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.234195]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.234218]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.234243]  kasan_report+0x141/0x180
[   12.234264]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.234292]  __asan_report_store1_noabort+0x1b/0x30
[   12.234317]  krealloc_more_oob_helper+0x7eb/0x930
[   12.234341]  ? __schedule+0x10cc/0x2b60
[   12.234363]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.234390]  ? __kasan_check_write+0x18/0x20
[   12.234409]  ? queued_spin_lock_slowpath+0x116/0xb40
[   12.234447]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   12.234472]  ? __pfx_read_tsc+0x10/0x10
[   12.234498]  krealloc_more_oob+0x1c/0x30
[   12.234532]  kunit_try_run_case+0x1a5/0x480
[   12.234558]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.234581]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   12.234603]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.234626]  ? __kthread_parkme+0x82/0x180
[   12.234647]  ? preempt_count_sub+0x50/0x80
[   12.234672]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.234696]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.234726]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.234751]  kthread+0x337/0x6f0
[   12.234769]  ? trace_preempt_on+0x20/0xc0
[   12.234793]  ? __pfx_kthread+0x10/0x10
[   12.234822]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.234843]  ? calculate_sigpending+0x7b/0xa0
[   12.234867]  ? __pfx_kthread+0x10/0x10
[   12.234888]  ret_from_fork+0x116/0x1d0
[   12.234907]  ? __pfx_kthread+0x10/0x10
[   12.234938]  ret_from_fork_asm+0x1a/0x30
[   12.235049]  </TASK>
[   12.235060] 
[   12.244012] Allocated by task 173:
[   12.244342]  kasan_save_stack+0x45/0x70
[   12.244579]  kasan_save_track+0x18/0x40
[   12.244727]  kasan_save_alloc_info+0x3b/0x50
[   12.245026]  __kasan_krealloc+0x190/0x1f0
[   12.245212]  krealloc_noprof+0xf3/0x340
[   12.245447]  krealloc_more_oob_helper+0x1a9/0x930
[   12.245673]  krealloc_more_oob+0x1c/0x30
[   12.245869]  kunit_try_run_case+0x1a5/0x480
[   12.246150]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.246324]  kthread+0x337/0x6f0
[   12.246441]  ret_from_fork+0x116/0x1d0
[   12.246571]  ret_from_fork_asm+0x1a/0x30
[   12.246860] 
[   12.247065] The buggy address belongs to the object at ffff888100a17a00
[   12.247065]  which belongs to the cache kmalloc-256 of size 256
[   12.247579] The buggy address is located 5 bytes to the right of
[   12.247579]  allocated 235-byte region [ffff888100a17a00, ffff888100a17aeb)
[   12.248150] 
[   12.248302] The buggy address belongs to the physical page:
[   12.248604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16
[   12.249103] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.249534] flags: 0x200000000000040(head|node=0|zone=2)
[   12.249785] page_type: f5(slab)
[   12.249938] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.250257] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.250606] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.250874] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.251336] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff
[   12.251843] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.252548] page dumped because: kasan: bad access detected
[   12.252729] 
[   12.252799] Memory state around the buggy address:
[   12.253043]  ffff888100a17980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.253582]  ffff888100a17a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.253938] >ffff888100a17a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.254286]                                                              ^
[   12.254655]  ffff888100a17b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.255090]  ffff888100a17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.255396] ==================================================================
[   12.208560] ==================================================================
[   12.209048] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.209550] Write of size 1 at addr ffff888100a17aeb by task kunit_try_catch/173
[   12.209876] 
[   12.210040] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.210102] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.210113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.210134] Call Trace:
[   12.210146]  <TASK>
[   12.210163]  dump_stack_lvl+0x73/0xb0
[   12.210195]  print_report+0xd1/0x650
[   12.210218]  ? __virt_addr_valid+0x1db/0x2d0
[   12.210241]  ? krealloc_more_oob_helper+0x821/0x930
[   12.210288]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.210311]  ? krealloc_more_oob_helper+0x821/0x930
[   12.210346]  kasan_report+0x141/0x180
[   12.210367]  ? krealloc_more_oob_helper+0x821/0x930
[   12.210396]  __asan_report_store1_noabort+0x1b/0x30
[   12.210420]  krealloc_more_oob_helper+0x821/0x930
[   12.210443]  ? __schedule+0x10cc/0x2b60
[   12.210465]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.210491]  ? __kasan_check_write+0x18/0x20
[   12.210510]  ? queued_spin_lock_slowpath+0x116/0xb40
[   12.210546]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   12.210571]  ? __pfx_read_tsc+0x10/0x10
[   12.210596]  krealloc_more_oob+0x1c/0x30
[   12.210628]  kunit_try_run_case+0x1a5/0x480
[   12.210653]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.210675]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   12.210714]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.210737]  ? __kthread_parkme+0x82/0x180
[   12.210759]  ? preempt_count_sub+0x50/0x80
[   12.210784]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.210807]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.210831]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.210856]  kthread+0x337/0x6f0
[   12.210874]  ? trace_preempt_on+0x20/0xc0
[   12.210898]  ? __pfx_kthread+0x10/0x10
[   12.210918]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.211092]  ? calculate_sigpending+0x7b/0xa0
[   12.211124]  ? __pfx_kthread+0x10/0x10
[   12.211146]  ret_from_fork+0x116/0x1d0
[   12.211166]  ? __pfx_kthread+0x10/0x10
[   12.211186]  ret_from_fork_asm+0x1a/0x30
[   12.211217]  </TASK>
[   12.211228] 
[   12.220349] Allocated by task 173:
[   12.220544]  kasan_save_stack+0x45/0x70
[   12.220791]  kasan_save_track+0x18/0x40
[   12.221111]  kasan_save_alloc_info+0x3b/0x50
[   12.221365]  __kasan_krealloc+0x190/0x1f0
[   12.221574]  krealloc_noprof+0xf3/0x340
[   12.221714]  krealloc_more_oob_helper+0x1a9/0x930
[   12.221993]  krealloc_more_oob+0x1c/0x30
[   12.222242]  kunit_try_run_case+0x1a5/0x480
[   12.222465]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.222683]  kthread+0x337/0x6f0
[   12.222811]  ret_from_fork+0x116/0x1d0
[   12.222978]  ret_from_fork_asm+0x1a/0x30
[   12.223189] 
[   12.223302] The buggy address belongs to the object at ffff888100a17a00
[   12.223302]  which belongs to the cache kmalloc-256 of size 256
[   12.223723] The buggy address is located 0 bytes to the right of
[   12.223723]  allocated 235-byte region [ffff888100a17a00, ffff888100a17aeb)
[   12.224696] 
[   12.224777] The buggy address belongs to the physical page:
[   12.225059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16
[   12.225668] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.225891] flags: 0x200000000000040(head|node=0|zone=2)
[   12.226330] page_type: f5(slab)
[   12.226601] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.226878] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.227250] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.227611] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.227944] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff
[   12.228445] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.228727] page dumped because: kasan: bad access detected
[   12.228976] 
[   12.229069] Memory state around the buggy address:
[   12.229250]  ffff888100a17980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.229834]  ffff888100a17a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.230209] >ffff888100a17a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.230574]                                                           ^
[   12.230849]  ffff888100a17b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.231327]  ffff888100a17b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.231617] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zcAAYYuPsfT6JOjQ0cWxv2fjOU

job_id

TEST:linaro@lkft#2zcAFkblEHml5vWceVaiL0Z7pv2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zcAFkblEHml5vWceVaiL0Z7pv2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/bzImage
sha256sum	27b537d7ff0cc2505073732e0426981d2e11aae2d444edf9f87b5f4cd09a88c1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zcACy0pDahAR5qrdOicKU9PONK/modules.tar.xz
sha256sum	de6330518eae5656446007b0b43210efdfbd212f286fe2bf16230e157f9f0923

durations

tests

boot	0
kunit	201.85

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit