lkft/sashal-linus-next - v6.13-rc7-43476-g00b0249a355d - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 8, 2025, 7:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.102420] ==================================================================
[   19.102704] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.102951] Write of size 1 at addr fff00000c1b1b6eb by task kunit_try_catch/156
[   19.103057] 
[   19.103095] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.103226] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.103286] Hardware name: linux,dummy-virt (DT)
[   19.103364] Call trace:
[   19.103385]  show_stack+0x20/0x38 (C)
[   19.103764]  dump_stack_lvl+0x8c/0xd0
[   19.103989]  print_report+0x118/0x608
[   19.104152]  kasan_report+0xdc/0x128
[   19.104249]  __asan_report_store1_noabort+0x20/0x30
[   19.104349]  krealloc_more_oob_helper+0x60c/0x678
[   19.104411]  krealloc_more_oob+0x20/0x38
[   19.104454]  kunit_try_run_case+0x170/0x3f0
[   19.104499]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.104688]  kthread+0x328/0x630
[   19.104939]  ret_from_fork+0x10/0x20
[   19.105106] 
[   19.105140] Allocated by task 156:
[   19.105248]  kasan_save_stack+0x3c/0x68
[   19.105291]  kasan_save_track+0x20/0x40
[   19.105326]  kasan_save_alloc_info+0x40/0x58
[   19.105363]  __kasan_krealloc+0x118/0x178
[   19.105400]  krealloc_noprof+0x128/0x360
[   19.105450]  krealloc_more_oob_helper+0x168/0x678
[   19.105496]  krealloc_more_oob+0x20/0x38
[   19.105537]  kunit_try_run_case+0x170/0x3f0
[   19.105588]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.105629]  kthread+0x328/0x630
[   19.105669]  ret_from_fork+0x10/0x20
[   19.105747] 
[   19.105875] The buggy address belongs to the object at fff00000c1b1b600
[   19.105875]  which belongs to the cache kmalloc-256 of size 256
[   19.106203] The buggy address is located 0 bytes to the right of
[   19.106203]  allocated 235-byte region [fff00000c1b1b600, fff00000c1b1b6eb)
[   19.106382] 
[   19.106471] The buggy address belongs to the physical page:
[   19.106591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1a
[   19.106674] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.106840] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.107089] page_type: f5(slab)
[   19.107308] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.107427] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.107560] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.107704] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.108145] head: 0bfffe0000000001 ffffc1ffc306c681 00000000ffffffff 00000000ffffffff
[   19.108329] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.108663] page dumped because: kasan: bad access detected
[   19.108802] 
[   19.108820] Memory state around the buggy address:
[   19.108899]  fff00000c1b1b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.109272]  fff00000c1b1b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.109328] >fff00000c1b1b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.109488]                                                           ^
[   19.109586]  fff00000c1b1b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.109744]  fff00000c1b1b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.109888] ==================================================================
[   19.180259] ==================================================================
[   19.180317] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.180428] Write of size 1 at addr fff00000c781a0f0 by task kunit_try_catch/160
[   19.180493] 
[   19.180550] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.180738] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.180795] Hardware name: linux,dummy-virt (DT)
[   19.180850] Call trace:
[   19.180935]  show_stack+0x20/0x38 (C)
[   19.180984]  dump_stack_lvl+0x8c/0xd0
[   19.181027]  print_report+0x118/0x608
[   19.181199]  kasan_report+0xdc/0x128
[   19.181259]  __asan_report_store1_noabort+0x20/0x30
[   19.181459]  krealloc_more_oob_helper+0x5c0/0x678
[   19.181520]  krealloc_large_more_oob+0x20/0x38
[   19.181565]  kunit_try_run_case+0x170/0x3f0
[   19.181619]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.181752]  kthread+0x328/0x630
[   19.181828]  ret_from_fork+0x10/0x20
[   19.181882] 
[   19.181902] The buggy address belongs to the physical page:
[   19.182195] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818
[   19.182379] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.182473] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.182624] page_type: f8(unknown)
[   19.182744] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.182797] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.183022] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.183175] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.183234] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff
[   19.183640] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.184047] page dumped because: kasan: bad access detected
[   19.184117] 
[   19.184154] Memory state around the buggy address:
[   19.184256]  fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.184371]  fff00000c781a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.184414] >fff00000c781a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.184476]                                                              ^
[   19.184536]  fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.184848]  fff00000c781a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.184918] ==================================================================
[   19.173349] ==================================================================
[   19.173466] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.173517] Write of size 1 at addr fff00000c781a0eb by task kunit_try_catch/160
[   19.173673] 
[   19.173816] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.173902] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.174138] Hardware name: linux,dummy-virt (DT)
[   19.174299] Call trace:
[   19.174377]  show_stack+0x20/0x38 (C)
[   19.174430]  dump_stack_lvl+0x8c/0xd0
[   19.174474]  print_report+0x118/0x608
[   19.174608]  kasan_report+0xdc/0x128
[   19.174667]  __asan_report_store1_noabort+0x20/0x30
[   19.174755]  krealloc_more_oob_helper+0x60c/0x678
[   19.175061]  krealloc_large_more_oob+0x20/0x38
[   19.175420]  kunit_try_run_case+0x170/0x3f0
[   19.175547]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.175661]  kthread+0x328/0x630
[   19.175826]  ret_from_fork+0x10/0x20
[   19.175871] 
[   19.175891] The buggy address belongs to the physical page:
[   19.176195] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107818
[   19.176362] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.176459] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.176638] page_type: f8(unknown)
[   19.176776] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.176884] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.176942] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.177352] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.177500] head: 0bfffe0000000002 ffffc1ffc31e0601 00000000ffffffff 00000000ffffffff
[   19.177762] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.177909] page dumped because: kasan: bad access detected
[   19.177941] 
[   19.177997] Memory state around the buggy address:
[   19.178069]  fff00000c7819f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.178420]  fff00000c781a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.178585] >fff00000c781a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.178732]                                                           ^
[   19.178847]  fff00000c781a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.178892]  fff00000c781a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.179111] ==================================================================
[   19.112781] ==================================================================
[   19.112865] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.112918] Write of size 1 at addr fff00000c1b1b6f0 by task kunit_try_catch/156
[   19.112974] 
[   19.113146] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.113235] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.113299] Hardware name: linux,dummy-virt (DT)
[   19.113537] Call trace:
[   19.113572]  show_stack+0x20/0x38 (C)
[   19.113744]  dump_stack_lvl+0x8c/0xd0
[   19.113799]  print_report+0x118/0x608
[   19.114011]  kasan_report+0xdc/0x128
[   19.114086]  __asan_report_store1_noabort+0x20/0x30
[   19.114137]  krealloc_more_oob_helper+0x5c0/0x678
[   19.114184]  krealloc_more_oob+0x20/0x38
[   19.114226]  kunit_try_run_case+0x170/0x3f0
[   19.114272]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.114332]  kthread+0x328/0x630
[   19.114372]  ret_from_fork+0x10/0x20
[   19.114427] 
[   19.114445] Allocated by task 156:
[   19.114472]  kasan_save_stack+0x3c/0x68
[   19.114511]  kasan_save_track+0x20/0x40
[   19.114546]  kasan_save_alloc_info+0x40/0x58
[   19.114586]  __kasan_krealloc+0x118/0x178
[   19.114621]  krealloc_noprof+0x128/0x360
[   19.114656]  krealloc_more_oob_helper+0x168/0x678
[   19.114693]  krealloc_more_oob+0x20/0x38
[   19.114738]  kunit_try_run_case+0x170/0x3f0
[   19.114782]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.114824]  kthread+0x328/0x630
[   19.114863]  ret_from_fork+0x10/0x20
[   19.114898] 
[   19.114916] The buggy address belongs to the object at fff00000c1b1b600
[   19.114916]  which belongs to the cache kmalloc-256 of size 256
[   19.114970] The buggy address is located 5 bytes to the right of
[   19.114970]  allocated 235-byte region [fff00000c1b1b600, fff00000c1b1b6eb)
[   19.115032] 
[   19.115050] The buggy address belongs to the physical page:
[   19.115079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1a
[   19.115131] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.115176] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.115225] page_type: f5(slab)
[   19.115261] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.115308] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.115363] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.115421] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.115581] head: 0bfffe0000000001 ffffc1ffc306c681 00000000ffffffff 00000000ffffffff
[   19.115861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.115905] page dumped because: kasan: bad access detected
[   19.116658] 
[   19.117427] Memory state around the buggy address:
[   19.117501]  fff00000c1b1b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.117570]  fff00000c1b1b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.117620] >fff00000c1b1b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.117672]                                                              ^
[   19.117770]  fff00000c1b1b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.117827]  fff00000c1b1b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.118022] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zbZAsW0CRR2ffMkw5j8F6DHgyw

job_id

TEST:linaro@lkft#2zbZELhCwKziSXCacuqaKlig2QS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbZELhCwKziSXCacuqaKlig2QS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZBqBVTAxuRuCQHYdewgbYp7s/Image.gz
sha256sum	13ed34663cef83d4fb86ede6789c93f31050bb758da77d00bf5796a1642a8000

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZBqBVTAxuRuCQHYdewgbYp7s/modules.tar.xz
sha256sum	a968762691f131e35c1b902f768cc0424c6e9593e0a95acbdc41831f7268e4b5

durations

tests

boot	0
kunit	166.57

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.419559] ==================================================================
[   12.419985] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.423312] Write of size 1 at addr ffff8881003464eb by task kunit_try_catch/173
[   12.423569] 
[   12.423670] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.423715] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.423727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.423748] Call Trace:
[   12.423762]  <TASK>
[   12.423782]  dump_stack_lvl+0x73/0xb0
[   12.423814]  print_report+0xd1/0x650
[   12.423837]  ? __virt_addr_valid+0x1db/0x2d0
[   12.423859]  ? krealloc_more_oob_helper+0x821/0x930
[   12.423882]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.423906]  ? krealloc_more_oob_helper+0x821/0x930
[   12.423929]  kasan_report+0x141/0x180
[   12.423949]  ? krealloc_more_oob_helper+0x821/0x930
[   12.423977]  __asan_report_store1_noabort+0x1b/0x30
[   12.423999]  krealloc_more_oob_helper+0x821/0x930
[   12.424020]  ? __schedule+0x10cc/0x2b60
[   12.424054]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.424077]  ? finish_task_switch.isra.0+0x153/0x700
[   12.424099]  ? __switch_to+0x47/0xf50
[   12.424127]  ? __schedule+0x10cc/0x2b60
[   12.424147]  ? __pfx_read_tsc+0x10/0x10
[   12.424170]  krealloc_more_oob+0x1c/0x30
[   12.424190]  kunit_try_run_case+0x1a5/0x480
[   12.424214]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.424234]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.424257]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.424278]  ? __kthread_parkme+0x82/0x180
[   12.424298]  ? preempt_count_sub+0x50/0x80
[   12.424319]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.424341]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.424363]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.424384]  kthread+0x337/0x6f0
[   12.424402]  ? trace_preempt_on+0x20/0xc0
[   12.424424]  ? __pfx_kthread+0x10/0x10
[   12.424443]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.424463]  ? calculate_sigpending+0x7b/0xa0
[   12.424486]  ? __pfx_kthread+0x10/0x10
[   12.424764]  ret_from_fork+0x116/0x1d0
[   12.424793]  ? __pfx_kthread+0x10/0x10
[   12.424814]  ret_from_fork_asm+0x1a/0x30
[   12.424845]  </TASK>
[   12.424857] 
[   12.433062] Allocated by task 173:
[   12.433357]  kasan_save_stack+0x45/0x70
[   12.433522]  kasan_save_track+0x18/0x40
[   12.433719]  kasan_save_alloc_info+0x3b/0x50
[   12.433912]  __kasan_krealloc+0x190/0x1f0
[   12.434165]  krealloc_noprof+0xf3/0x340
[   12.434339]  krealloc_more_oob_helper+0x1a9/0x930
[   12.434520]  krealloc_more_oob+0x1c/0x30
[   12.434661]  kunit_try_run_case+0x1a5/0x480
[   12.434862]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.435181]  kthread+0x337/0x6f0
[   12.435357]  ret_from_fork+0x116/0x1d0
[   12.435552]  ret_from_fork_asm+0x1a/0x30
[   12.435722] 
[   12.435795] The buggy address belongs to the object at ffff888100346400
[   12.435795]  which belongs to the cache kmalloc-256 of size 256
[   12.436383] The buggy address is located 0 bytes to the right of
[   12.436383]  allocated 235-byte region [ffff888100346400, ffff8881003464eb)
[   12.436986] 
[   12.437118] The buggy address belongs to the physical page:
[   12.437379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.437825] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.438158] flags: 0x200000000000040(head|node=0|zone=2)
[   12.438422] page_type: f5(slab)
[   12.438587] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.438889] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.439266] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.439519] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.439837] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.440357] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.440702] page dumped because: kasan: bad access detected
[   12.440875] 
[   12.440964] Memory state around the buggy address:
[   12.441274]  ffff888100346380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.441605]  ffff888100346400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.441923] >ffff888100346480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.442216]                                                           ^
[   12.442463]  ffff888100346500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.442724]  ffff888100346580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.443003] ==================================================================
[   12.443929] ==================================================================
[   12.444391] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.444777] Write of size 1 at addr ffff8881003464f0 by task kunit_try_catch/173
[   12.445164] 
[   12.445257] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.445301] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.445312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.445332] Call Trace:
[   12.445344]  <TASK>
[   12.445359]  dump_stack_lvl+0x73/0xb0
[   12.445386]  print_report+0xd1/0x650
[   12.445408]  ? __virt_addr_valid+0x1db/0x2d0
[   12.445429]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.445451]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.445475]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.445519]  kasan_report+0x141/0x180
[   12.445542]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.445575]  __asan_report_store1_noabort+0x1b/0x30
[   12.445599]  krealloc_more_oob_helper+0x7eb/0x930
[   12.445620]  ? __schedule+0x10cc/0x2b60
[   12.445642]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.445664]  ? finish_task_switch.isra.0+0x153/0x700
[   12.445685]  ? __switch_to+0x47/0xf50
[   12.445711]  ? __schedule+0x10cc/0x2b60
[   12.445731]  ? __pfx_read_tsc+0x10/0x10
[   12.445754]  krealloc_more_oob+0x1c/0x30
[   12.445774]  kunit_try_run_case+0x1a5/0x480
[   12.445797]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.445817]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.445839]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.445861]  ? __kthread_parkme+0x82/0x180
[   12.445879]  ? preempt_count_sub+0x50/0x80
[   12.445901]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.445923]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.445944]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.445965]  kthread+0x337/0x6f0
[   12.445983]  ? trace_preempt_on+0x20/0xc0
[   12.446005]  ? __pfx_kthread+0x10/0x10
[   12.446024]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.446106]  ? calculate_sigpending+0x7b/0xa0
[   12.446133]  ? __pfx_kthread+0x10/0x10
[   12.446153]  ret_from_fork+0x116/0x1d0
[   12.446171]  ? __pfx_kthread+0x10/0x10
[   12.446190]  ret_from_fork_asm+0x1a/0x30
[   12.446220]  </TASK>
[   12.446231] 
[   12.454176] Allocated by task 173:
[   12.454357]  kasan_save_stack+0x45/0x70
[   12.454582]  kasan_save_track+0x18/0x40
[   12.454777]  kasan_save_alloc_info+0x3b/0x50
[   12.454989]  __kasan_krealloc+0x190/0x1f0
[   12.455223]  krealloc_noprof+0xf3/0x340
[   12.455419]  krealloc_more_oob_helper+0x1a9/0x930
[   12.455675]  krealloc_more_oob+0x1c/0x30
[   12.455818]  kunit_try_run_case+0x1a5/0x480
[   12.455962]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.456393]  kthread+0x337/0x6f0
[   12.456572]  ret_from_fork+0x116/0x1d0
[   12.456791]  ret_from_fork_asm+0x1a/0x30
[   12.456990] 
[   12.457174] The buggy address belongs to the object at ffff888100346400
[   12.457174]  which belongs to the cache kmalloc-256 of size 256
[   12.457610] The buggy address is located 5 bytes to the right of
[   12.457610]  allocated 235-byte region [ffff888100346400, ffff8881003464eb)
[   12.458199] 
[   12.458305] The buggy address belongs to the physical page:
[   12.460633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.460934] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.461380] flags: 0x200000000000040(head|node=0|zone=2)
[   12.461632] page_type: f5(slab)
[   12.461795] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.462168] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.462515] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.462819] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.463190] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.463501] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.463834] page dumped because: kasan: bad access detected
[   12.464244] 
[   12.464341] Memory state around the buggy address:
[   12.464555]  ffff888100346380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.464864]  ffff888100346400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.465244] >ffff888100346480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.465529]                                                              ^
[   12.465813]  ffff888100346500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.466823]  ffff888100346580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.467224] ==================================================================
[   12.659954] ==================================================================
[   12.660465] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.661343] Write of size 1 at addr ffff888102b6a0f0 by task kunit_try_catch/177
[   12.661645] 
[   12.661764] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.661809] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.661820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.661842] Call Trace:
[   12.661860]  <TASK>
[   12.661878]  dump_stack_lvl+0x73/0xb0
[   12.661907]  print_report+0xd1/0x650
[   12.661929]  ? __virt_addr_valid+0x1db/0x2d0
[   12.661951]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.661973]  ? kasan_addr_to_slab+0x11/0xa0
[   12.661993]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.662015]  kasan_report+0x141/0x180
[   12.662036]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.662074]  __asan_report_store1_noabort+0x1b/0x30
[   12.662096]  krealloc_more_oob_helper+0x7eb/0x930
[   12.662118]  ? __schedule+0x10cc/0x2b60
[   12.662140]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.662164]  ? finish_task_switch.isra.0+0x153/0x700
[   12.662185]  ? __switch_to+0x47/0xf50
[   12.662211]  ? __schedule+0x10cc/0x2b60
[   12.662232]  ? __pfx_read_tsc+0x10/0x10
[   12.662255]  krealloc_large_more_oob+0x1c/0x30
[   12.662277]  kunit_try_run_case+0x1a5/0x480
[   12.662300]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.662322]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.662346]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.662368]  ? __kthread_parkme+0x82/0x180
[   12.662388]  ? preempt_count_sub+0x50/0x80
[   12.662409]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.662432]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.662453]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.662475]  kthread+0x337/0x6f0
[   12.662493]  ? trace_preempt_on+0x20/0xc0
[   12.662515]  ? __pfx_kthread+0x10/0x10
[   12.662534]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.662555]  ? calculate_sigpending+0x7b/0xa0
[   12.662578]  ? __pfx_kthread+0x10/0x10
[   12.662599]  ret_from_fork+0x116/0x1d0
[   12.662616]  ? __pfx_kthread+0x10/0x10
[   12.662636]  ret_from_fork_asm+0x1a/0x30
[   12.662666]  </TASK>
[   12.662677] 
[   12.674737] The buggy address belongs to the physical page:
[   12.675151] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b68
[   12.675623] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.676148] flags: 0x200000000000040(head|node=0|zone=2)
[   12.676547] page_type: f8(unknown)
[   12.676823] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.677352] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.677922] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.678297] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.678978] head: 0200000000000002 ffffea00040ada01 00000000ffffffff 00000000ffffffff
[   12.679672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.680165] page dumped because: kasan: bad access detected
[   12.680517] 
[   12.680641] Memory state around the buggy address:
[   12.681015]  ffff888102b69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.681456]  ffff888102b6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.681896] >ffff888102b6a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.682478]                                                              ^
[   12.682920]  ffff888102b6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.683447]  ffff888102b6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.683841] ==================================================================
[   12.636302] ==================================================================
[   12.636766] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.637331] Write of size 1 at addr ffff888102b6a0eb by task kunit_try_catch/177
[   12.637926] 
[   12.638066] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.638222] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.638236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.638258] Call Trace:
[   12.638270]  <TASK>
[   12.638288]  dump_stack_lvl+0x73/0xb0
[   12.638319]  print_report+0xd1/0x650
[   12.638340]  ? __virt_addr_valid+0x1db/0x2d0
[   12.638363]  ? krealloc_more_oob_helper+0x821/0x930
[   12.638385]  ? kasan_addr_to_slab+0x11/0xa0
[   12.638405]  ? krealloc_more_oob_helper+0x821/0x930
[   12.638427]  kasan_report+0x141/0x180
[   12.638448]  ? krealloc_more_oob_helper+0x821/0x930
[   12.638475]  __asan_report_store1_noabort+0x1b/0x30
[   12.638498]  krealloc_more_oob_helper+0x821/0x930
[   12.638519]  ? __schedule+0x10cc/0x2b60
[   12.638541]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.638675]  ? finish_task_switch.isra.0+0x153/0x700
[   12.638701]  ? __switch_to+0x47/0xf50
[   12.638728]  ? __schedule+0x10cc/0x2b60
[   12.638748]  ? __pfx_read_tsc+0x10/0x10
[   12.638772]  krealloc_large_more_oob+0x1c/0x30
[   12.638794]  kunit_try_run_case+0x1a5/0x480
[   12.638818]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.638839]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.638862]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.638883]  ? __kthread_parkme+0x82/0x180
[   12.638903]  ? preempt_count_sub+0x50/0x80
[   12.638925]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.638947]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.638969]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.638991]  kthread+0x337/0x6f0
[   12.639009]  ? trace_preempt_on+0x20/0xc0
[   12.639031]  ? __pfx_kthread+0x10/0x10
[   12.639078]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.639099]  ? calculate_sigpending+0x7b/0xa0
[   12.639122]  ? __pfx_kthread+0x10/0x10
[   12.639143]  ret_from_fork+0x116/0x1d0
[   12.639160]  ? __pfx_kthread+0x10/0x10
[   12.639180]  ret_from_fork_asm+0x1a/0x30
[   12.639210]  </TASK>
[   12.639222] 
[   12.650632] The buggy address belongs to the physical page:
[   12.651061] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b68
[   12.651659] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.651981] flags: 0x200000000000040(head|node=0|zone=2)
[   12.652357] page_type: f8(unknown)
[   12.652808] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.653440] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.653970] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.654438] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.654851] head: 0200000000000002 ffffea00040ada01 00000000ffffffff 00000000ffffffff
[   12.655376] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.655687] page dumped because: kasan: bad access detected
[   12.656096] 
[   12.656281] Memory state around the buggy address:
[   12.656489]  ffff888102b69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.657098]  ffff888102b6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.657659] >ffff888102b6a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.658098]                                                           ^
[   12.658458]  ffff888102b6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.658931]  ffff888102b6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.659454] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zbZAsW0CRR2ffMkw5j8F6DHgyw

job_id

TEST:linaro@lkft#2zbZFHK4Sw86b4pmV5PXfz8prpJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbZFHK4Sw86b4pmV5PXfz8prpJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZCcAU3GCfH6PwaRBQnAehPTl/bzImage
sha256sum	0bf0ad7ccf29b0f731e894460d46dafee55e63e8cafe197024b102058e3d162c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbZCcAU3GCfH6PwaRBQnAehPTl/modules.tar.xz
sha256sum	0dc6a04d7bca38bbdcbb0c995f09194f0b64c8de10ad0918054455d46bad2376

durations

tests

boot	0
kunit	214.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit