lkft/sashal-linus-next - v6.13-rc7-43435-gecfd4e45aa7e - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 9, 2025, 2:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.799555] ==================================================================
[   16.799603] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.799653] Write of size 1 at addr fff00000c4519af0 by task kunit_try_catch/156
[   16.799835] 
[   16.799953] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.800048] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.800075] Hardware name: linux,dummy-virt (DT)
[   16.800209] Call trace:
[   16.800290]  show_stack+0x20/0x38 (C)
[   16.800383]  dump_stack_lvl+0x8c/0xd0
[   16.800443]  print_report+0x118/0x608
[   16.800529]  kasan_report+0xdc/0x128
[   16.800600]  __asan_report_store1_noabort+0x20/0x30
[   16.800697]  krealloc_more_oob_helper+0x5c0/0x678
[   16.800747]  krealloc_more_oob+0x20/0x38
[   16.800822]  kunit_try_run_case+0x170/0x3f0
[   16.801023]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.801336]  kthread+0x328/0x630
[   16.801421]  ret_from_fork+0x10/0x20
[   16.801477] 
[   16.801546] Allocated by task 156:
[   16.801905]  kasan_save_stack+0x3c/0x68
[   16.801960]  kasan_save_track+0x20/0x40
[   16.802000]  kasan_save_alloc_info+0x40/0x58
[   16.802048]  __kasan_krealloc+0x118/0x178
[   16.802230]  krealloc_noprof+0x128/0x360
[   16.802291]  krealloc_more_oob_helper+0x168/0x678
[   16.802333]  krealloc_more_oob+0x20/0x38
[   16.802569]  kunit_try_run_case+0x170/0x3f0
[   16.802667]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.802835]  kthread+0x328/0x630
[   16.802966]  ret_from_fork+0x10/0x20
[   16.803044] 
[   16.803063] The buggy address belongs to the object at fff00000c4519a00
[   16.803063]  which belongs to the cache kmalloc-256 of size 256
[   16.803157] The buggy address is located 5 bytes to the right of
[   16.803157]  allocated 235-byte region [fff00000c4519a00, fff00000c4519aeb)
[   16.803221] 
[   16.803240] The buggy address belongs to the physical page:
[   16.803286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518
[   16.803342] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.803549] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.803652] page_type: f5(slab)
[   16.803785] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.803890] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.804072] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.804234] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.804427] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff
[   16.804661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.804707] page dumped because: kasan: bad access detected
[   16.804757] 
[   16.804774] Memory state around the buggy address:
[   16.804813]  fff00000c4519980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.804866]  fff00000c4519a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.804908] >fff00000c4519a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.804945]                                                              ^
[   16.804983]  fff00000c4519b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.805296]  fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.805428] ==================================================================
[   16.866796] ==================================================================
[   16.866886] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.866970] Write of size 1 at addr fff00000c77e20eb by task kunit_try_catch/160
[   16.867021] 
[   16.867053] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.867294] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.867332] Hardware name: linux,dummy-virt (DT)
[   16.867365] Call trace:
[   16.867388]  show_stack+0x20/0x38 (C)
[   16.867459]  dump_stack_lvl+0x8c/0xd0
[   16.867514]  print_report+0x118/0x608
[   16.867561]  kasan_report+0xdc/0x128
[   16.867608]  __asan_report_store1_noabort+0x20/0x30
[   16.867676]  krealloc_more_oob_helper+0x60c/0x678
[   16.867765]  krealloc_large_more_oob+0x20/0x38
[   16.867831]  kunit_try_run_case+0x170/0x3f0
[   16.867886]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.867946]  kthread+0x328/0x630
[   16.867989]  ret_from_fork+0x10/0x20
[   16.868044] 
[   16.868063] The buggy address belongs to the physical page:
[   16.868105] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   16.868160] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.868382] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.868444] page_type: f8(unknown)
[   16.868488] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.868551] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.868612] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.868685] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.868741] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   16.868806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.868847] page dumped because: kasan: bad access detected
[   16.868877] 
[   16.868894] Memory state around the buggy address:
[   16.868941]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.868998]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.869044] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.869099]                                                           ^
[   16.869145]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.869190]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.869230] ==================================================================
[   16.869280] ==================================================================
[   16.869323] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.869367] Write of size 1 at addr fff00000c77e20f0 by task kunit_try_catch/160
[   16.869423] 
[   16.869450] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.869528] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.869554] Hardware name: linux,dummy-virt (DT)
[   16.869583] Call trace:
[   16.869603]  show_stack+0x20/0x38 (C)
[   16.869650]  dump_stack_lvl+0x8c/0xd0
[   16.869749]  print_report+0x118/0x608
[   16.870005]  kasan_report+0xdc/0x128
[   16.870063]  __asan_report_store1_noabort+0x20/0x30
[   16.870130]  krealloc_more_oob_helper+0x5c0/0x678
[   16.870179]  krealloc_large_more_oob+0x20/0x38
[   16.870283]  kunit_try_run_case+0x170/0x3f0
[   16.870440]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.870526]  kthread+0x328/0x630
[   16.870637]  ret_from_fork+0x10/0x20
[   16.870775] 
[   16.870826] The buggy address belongs to the physical page:
[   16.870871] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   16.870932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.871013] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.871099] page_type: f8(unknown)
[   16.871142] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.871198] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.871271] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.871324] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.871525] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   16.871595] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.871672] page dumped because: kasan: bad access detected
[   16.871730] 
[   16.871747] Memory state around the buggy address:
[   16.871794]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.871881]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.871987] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.872047]                                                              ^
[   16.872109]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.872164]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.872233] ==================================================================
[   16.791036] ==================================================================
[   16.791112] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.791169] Write of size 1 at addr fff00000c4519aeb by task kunit_try_catch/156
[   16.791219] 
[   16.791253] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.791336] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.791604] Hardware name: linux,dummy-virt (DT)
[   16.791882] Call trace:
[   16.792015]  show_stack+0x20/0x38 (C)
[   16.792587]  dump_stack_lvl+0x8c/0xd0
[   16.792788]  print_report+0x118/0x608
[   16.792943]  kasan_report+0xdc/0x128
[   16.793109]  __asan_report_store1_noabort+0x20/0x30
[   16.793161]  krealloc_more_oob_helper+0x60c/0x678
[   16.793210]  krealloc_more_oob+0x20/0x38
[   16.793493]  kunit_try_run_case+0x170/0x3f0
[   16.793674]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.793853]  kthread+0x328/0x630
[   16.794276]  ret_from_fork+0x10/0x20
[   16.794470] 
[   16.794491] Allocated by task 156:
[   16.794540]  kasan_save_stack+0x3c/0x68
[   16.794583]  kasan_save_track+0x20/0x40
[   16.794621]  kasan_save_alloc_info+0x40/0x58
[   16.794661]  __kasan_krealloc+0x118/0x178
[   16.794699]  krealloc_noprof+0x128/0x360
[   16.794907]  krealloc_more_oob_helper+0x168/0x678
[   16.795017]  krealloc_more_oob+0x20/0x38
[   16.795053]  kunit_try_run_case+0x170/0x3f0
[   16.795103]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.795166]  kthread+0x328/0x630
[   16.795286]  ret_from_fork+0x10/0x20
[   16.795322] 
[   16.795341] The buggy address belongs to the object at fff00000c4519a00
[   16.795341]  which belongs to the cache kmalloc-256 of size 256
[   16.795402] The buggy address is located 0 bytes to the right of
[   16.795402]  allocated 235-byte region [fff00000c4519a00, fff00000c4519aeb)
[   16.795466] 
[   16.795486] The buggy address belongs to the physical page:
[   16.795518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518
[   16.795571] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.795626] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.795720] page_type: f5(slab)
[   16.795832] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.795935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.796074] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.796325] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.796546] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff
[   16.797004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.797145] page dumped because: kasan: bad access detected
[   16.797188] 
[   16.797206] Memory state around the buggy address:
[   16.797238]  fff00000c4519980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.797280]  fff00000c4519a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.797332] >fff00000c4519a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.797466]                                                           ^
[   16.797522]  fff00000c4519b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.797565]  fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.797775] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zdnu4pJqTPxCDM01WetGTpcZWu

job_id

TEST:linaro@lkft#2zdnyB7OL0roABXRudexrWkB6AA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdnyB7OL0roABXRudexrWkB6AA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnvItg8MSQGpQ2PTgQjJbikMI/Image.gz
sha256sum	9fc3d2b9ecc4045dbbcaa0fce7c5393f9a1187e8c9f58809489a2386c2bba6f9

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnvItg8MSQGpQ2PTgQjJbikMI/modules.tar.xz
sha256sum	5f87b4429173aa3fe97d57eecb0d2d5f928699b458408678383ae22063f40b23

durations

tests

boot	0
kunit	181.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.321482] ==================================================================
[   12.321972] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.322242] Write of size 1 at addr ffff8881003416eb by task kunit_try_catch/173
[   12.322468] 
[   12.322564] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.322623] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.322634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.322655] Call Trace:
[   12.322667]  <TASK>
[   12.322683]  dump_stack_lvl+0x73/0xb0
[   12.322715]  print_report+0xd1/0x650
[   12.322737]  ? __virt_addr_valid+0x1db/0x2d0
[   12.322761]  ? krealloc_more_oob_helper+0x821/0x930
[   12.322782]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.322803]  ? krealloc_more_oob_helper+0x821/0x930
[   12.322832]  kasan_report+0x141/0x180
[   12.322852]  ? krealloc_more_oob_helper+0x821/0x930
[   12.322879]  __asan_report_store1_noabort+0x1b/0x30
[   12.322901]  krealloc_more_oob_helper+0x821/0x930
[   12.322923]  ? __schedule+0x10cc/0x2b60
[   12.322943]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.322966]  ? finish_task_switch.isra.0+0x153/0x700
[   12.322989]  ? __switch_to+0x47/0xf50
[   12.323015]  ? __schedule+0x10cc/0x2b60
[   12.323034]  ? __pfx_read_tsc+0x10/0x10
[   12.323058]  krealloc_more_oob+0x1c/0x30
[   12.323078]  kunit_try_run_case+0x1a5/0x480
[   12.323103]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.323123]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.323146]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.323169]  ? __kthread_parkme+0x82/0x180
[   12.323190]  ? preempt_count_sub+0x50/0x80
[   12.323211]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.323233]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.323255]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.323277]  kthread+0x337/0x6f0
[   12.323295]  ? trace_preempt_on+0x20/0xc0
[   12.323318]  ? __pfx_kthread+0x10/0x10
[   12.323337]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.323356]  ? calculate_sigpending+0x7b/0xa0
[   12.323379]  ? __pfx_kthread+0x10/0x10
[   12.323398]  ret_from_fork+0x116/0x1d0
[   12.323415]  ? __pfx_kthread+0x10/0x10
[   12.323434]  ret_from_fork_asm+0x1a/0x30
[   12.323464]  </TASK>
[   12.323474] 
[   12.340571] Allocated by task 173:
[   12.341035]  kasan_save_stack+0x45/0x70
[   12.341421]  kasan_save_track+0x18/0x40
[   12.341555]  kasan_save_alloc_info+0x3b/0x50
[   12.341714]  __kasan_krealloc+0x190/0x1f0
[   12.342090]  krealloc_noprof+0xf3/0x340
[   12.342565]  krealloc_more_oob_helper+0x1a9/0x930
[   12.343266]  krealloc_more_oob+0x1c/0x30
[   12.343672]  kunit_try_run_case+0x1a5/0x480
[   12.344137]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.344360]  kthread+0x337/0x6f0
[   12.344482]  ret_from_fork+0x116/0x1d0
[   12.344626]  ret_from_fork_asm+0x1a/0x30
[   12.344766] 
[   12.345093] The buggy address belongs to the object at ffff888100341600
[   12.345093]  which belongs to the cache kmalloc-256 of size 256
[   12.346259] The buggy address is located 0 bytes to the right of
[   12.346259]  allocated 235-byte region [ffff888100341600, ffff8881003416eb)
[   12.347587] 
[   12.347845] The buggy address belongs to the physical page:
[   12.348359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   12.348634] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.349179] flags: 0x200000000000040(head|node=0|zone=2)
[   12.349693] page_type: f5(slab)
[   12.350090] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.350798] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.351484] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.351734] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.352372] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   12.353208] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.354134] page dumped because: kasan: bad access detected
[   12.354316] 
[   12.354386] Memory state around the buggy address:
[   12.354543]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.354835]  ffff888100341600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.355481] >ffff888100341680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.356230]                                                           ^
[   12.356433]  ffff888100341700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.356662]  ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.357164] ==================================================================
[   12.357975] ==================================================================
[   12.358806] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.359229] Write of size 1 at addr ffff8881003416f0 by task kunit_try_catch/173
[   12.359792] 
[   12.360095] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.360239] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.360252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.360272] Call Trace:
[   12.360288]  <TASK>
[   12.360307]  dump_stack_lvl+0x73/0xb0
[   12.360341]  print_report+0xd1/0x650
[   12.360364]  ? __virt_addr_valid+0x1db/0x2d0
[   12.360388]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.360411]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.360434]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.360457]  kasan_report+0x141/0x180
[   12.360478]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.360506]  __asan_report_store1_noabort+0x1b/0x30
[   12.360531]  krealloc_more_oob_helper+0x7eb/0x930
[   12.360553]  ? __schedule+0x10cc/0x2b60
[   12.360574]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.360612]  ? finish_task_switch.isra.0+0x153/0x700
[   12.360636]  ? __switch_to+0x47/0xf50
[   12.360661]  ? __schedule+0x10cc/0x2b60
[   12.360681]  ? __pfx_read_tsc+0x10/0x10
[   12.360706]  krealloc_more_oob+0x1c/0x30
[   12.360726]  kunit_try_run_case+0x1a5/0x480
[   12.360750]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.360772]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.360795]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.360879]  ? __kthread_parkme+0x82/0x180
[   12.360900]  ? preempt_count_sub+0x50/0x80
[   12.360923]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.360947]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.360970]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.360995]  kthread+0x337/0x6f0
[   12.361013]  ? trace_preempt_on+0x20/0xc0
[   12.361038]  ? __pfx_kthread+0x10/0x10
[   12.361060]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.361083]  ? calculate_sigpending+0x7b/0xa0
[   12.361110]  ? __pfx_kthread+0x10/0x10
[   12.361132]  ret_from_fork+0x116/0x1d0
[   12.361150]  ? __pfx_kthread+0x10/0x10
[   12.361170]  ret_from_fork_asm+0x1a/0x30
[   12.361201]  </TASK>
[   12.361211] 
[   12.372661] Allocated by task 173:
[   12.373157]  kasan_save_stack+0x45/0x70
[   12.373383]  kasan_save_track+0x18/0x40
[   12.373571]  kasan_save_alloc_info+0x3b/0x50
[   12.373771]  __kasan_krealloc+0x190/0x1f0
[   12.374442]  krealloc_noprof+0xf3/0x340
[   12.374622]  krealloc_more_oob_helper+0x1a9/0x930
[   12.375122]  krealloc_more_oob+0x1c/0x30
[   12.375279]  kunit_try_run_case+0x1a5/0x480
[   12.375658]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.376173]  kthread+0x337/0x6f0
[   12.376327]  ret_from_fork+0x116/0x1d0
[   12.376540]  ret_from_fork_asm+0x1a/0x30
[   12.376717] 
[   12.377148] The buggy address belongs to the object at ffff888100341600
[   12.377148]  which belongs to the cache kmalloc-256 of size 256
[   12.377767] The buggy address is located 5 bytes to the right of
[   12.377767]  allocated 235-byte region [ffff888100341600, ffff8881003416eb)
[   12.378720] 
[   12.379093] The buggy address belongs to the physical page:
[   12.379433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   12.379915] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.380344] flags: 0x200000000000040(head|node=0|zone=2)
[   12.380615] page_type: f5(slab)
[   12.380786] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.381397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.381828] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.382327] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.382683] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   12.383278] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.383517] page dumped because: kasan: bad access detected
[   12.384378] 
[   12.384560] Memory state around the buggy address:
[   12.385226]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.386024]  ffff888100341600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.386873] >ffff888100341680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.387095]                                                              ^
[   12.387297]  ffff888100341700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.387503]  ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.387925] ==================================================================
[   12.551002] ==================================================================
[   12.551473] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.551746] Write of size 1 at addr ffff888101eae0eb by task kunit_try_catch/177
[   12.552604] 
[   12.552807] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.552855] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.552866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.552886] Call Trace:
[   12.552899]  <TASK>
[   12.552916]  dump_stack_lvl+0x73/0xb0
[   12.552947]  print_report+0xd1/0x650
[   12.552970]  ? __virt_addr_valid+0x1db/0x2d0
[   12.552993]  ? krealloc_more_oob_helper+0x821/0x930
[   12.553016]  ? kasan_addr_to_slab+0x11/0xa0
[   12.553036]  ? krealloc_more_oob_helper+0x821/0x930
[   12.553060]  kasan_report+0x141/0x180
[   12.553081]  ? krealloc_more_oob_helper+0x821/0x930
[   12.553109]  __asan_report_store1_noabort+0x1b/0x30
[   12.553133]  krealloc_more_oob_helper+0x821/0x930
[   12.553156]  ? __schedule+0x10cc/0x2b60
[   12.553177]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.553202]  ? finish_task_switch.isra.0+0x153/0x700
[   12.553226]  ? __switch_to+0x47/0xf50
[   12.553251]  ? __schedule+0x10cc/0x2b60
[   12.553271]  ? __pfx_read_tsc+0x10/0x10
[   12.553295]  krealloc_large_more_oob+0x1c/0x30
[   12.553318]  kunit_try_run_case+0x1a5/0x480
[   12.553343]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.553365]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.553390]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.553413]  ? __kthread_parkme+0x82/0x180
[   12.553435]  ? preempt_count_sub+0x50/0x80
[   12.553457]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.553480]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.553504]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.553560]  kthread+0x337/0x6f0
[   12.553579]  ? trace_preempt_on+0x20/0xc0
[   12.553612]  ? __pfx_kthread+0x10/0x10
[   12.553631]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.553652]  ? calculate_sigpending+0x7b/0xa0
[   12.553677]  ? __pfx_kthread+0x10/0x10
[   12.553697]  ret_from_fork+0x116/0x1d0
[   12.553715]  ? __pfx_kthread+0x10/0x10
[   12.553734]  ret_from_fork_asm+0x1a/0x30
[   12.553782]  </TASK>
[   12.553797] 
[   12.564770] The buggy address belongs to the physical page:
[   12.565047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101eac
[   12.565707] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.566497] flags: 0x200000000000040(head|node=0|zone=2)
[   12.567070] page_type: f8(unknown)
[   12.567210] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.567442] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.567719] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.568112] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.568441] head: 0200000000000002 ffffea000407ab01 00000000ffffffff 00000000ffffffff
[   12.568728] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.569069] page dumped because: kasan: bad access detected
[   12.569339] 
[   12.569435] Memory state around the buggy address:
[   12.569619]  ffff888101eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.569919]  ffff888101eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.570496] >ffff888101eae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.570893]                                                           ^
[   12.571105]  ffff888101eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.571424]  ffff888101eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.571707] ==================================================================
[   12.572501] ==================================================================
[   12.572995] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.573377] Write of size 1 at addr ffff888101eae0f0 by task kunit_try_catch/177
[   12.573670] 
[   12.573788] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.573832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.573842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.573863] Call Trace:
[   12.573876]  <TASK>
[   12.573894]  dump_stack_lvl+0x73/0xb0
[   12.573925]  print_report+0xd1/0x650
[   12.573948]  ? __virt_addr_valid+0x1db/0x2d0
[   12.573973]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.574039]  ? kasan_addr_to_slab+0x11/0xa0
[   12.574061]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.574084]  kasan_report+0x141/0x180
[   12.574105]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.574133]  __asan_report_store1_noabort+0x1b/0x30
[   12.574158]  krealloc_more_oob_helper+0x7eb/0x930
[   12.574180]  ? __schedule+0x10cc/0x2b60
[   12.574202]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.574227]  ? finish_task_switch.isra.0+0x153/0x700
[   12.574252]  ? __switch_to+0x47/0xf50
[   12.574278]  ? __schedule+0x10cc/0x2b60
[   12.574298]  ? __pfx_read_tsc+0x10/0x10
[   12.574323]  krealloc_large_more_oob+0x1c/0x30
[   12.574346]  kunit_try_run_case+0x1a5/0x480
[   12.574372]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574394]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.574418]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.574441]  ? __kthread_parkme+0x82/0x180
[   12.574462]  ? preempt_count_sub+0x50/0x80
[   12.574484]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574507]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.574531]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.574556]  kthread+0x337/0x6f0
[   12.574574]  ? trace_preempt_on+0x20/0xc0
[   12.574609]  ? __pfx_kthread+0x10/0x10
[   12.574629]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.574650]  ? calculate_sigpending+0x7b/0xa0
[   12.574674]  ? __pfx_kthread+0x10/0x10
[   12.574695]  ret_from_fork+0x116/0x1d0
[   12.574712]  ? __pfx_kthread+0x10/0x10
[   12.574732]  ret_from_fork_asm+0x1a/0x30
[   12.574762]  </TASK>
[   12.574773] 
[   12.582942] The buggy address belongs to the physical page:
[   12.583195] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101eac
[   12.583443] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.583753] flags: 0x200000000000040(head|node=0|zone=2)
[   12.584047] page_type: f8(unknown)
[   12.584221] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.584563] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.585283] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.585577] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.585996] head: 0200000000000002 ffffea000407ab01 00000000ffffffff 00000000ffffffff
[   12.586310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.586558] page dumped because: kasan: bad access detected
[   12.586741] 
[   12.586810] Memory state around the buggy address:
[   12.587028]  ffff888101eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.587644]  ffff888101eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.587861] >ffff888101eae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.588073]                                                              ^
[   12.588681]  ffff888101eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.589155]  ffff888101eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.589471] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zdnu4pJqTPxCDM01WetGTpcZWu

job_id

TEST:linaro@lkft#2zdnz12aXMnIhwtiwfXXLzW2SfX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zdnz12aXMnIhwtiwfXXLzW2SfX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnwL7Z3jTSF9idnXwNbKIrm5l/bzImage
sha256sum	e6f11fcb2c8291b84e69cf59825ab87253d1e31a31ee3254ee572a5b3c1a3c66

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zdnwL7Z3jTSF9idnXwNbKIrm5l/modules.tar.xz
sha256sum	3f6ece2e0f513330e7bf05b8b5fd9adc363b5b8ce0604b4c0b0febc2cae90572

durations

tests

boot	0
kunit	240.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit