lkft/sashal-linus-next - v6.13-rc7-43514-gb6b19ce74be8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 10, 2025, 6:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.787815] ==================================================================
[   16.787874] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.787970] Write of size 1 at addr fff00000c78aa0eb by task kunit_try_catch/160
[   16.788019] 
[   16.788076] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.788164] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.788459] Hardware name: linux,dummy-virt (DT)
[   16.788560] Call trace:
[   16.788598]  show_stack+0x20/0x38 (C)
[   16.788709]  dump_stack_lvl+0x8c/0xd0
[   16.788759]  print_report+0x118/0x608
[   16.788806]  kasan_report+0xdc/0x128
[   16.788851]  __asan_report_store1_noabort+0x20/0x30
[   16.789062]  krealloc_more_oob_helper+0x60c/0x678
[   16.789155]  krealloc_large_more_oob+0x20/0x38
[   16.789205]  kunit_try_run_case+0x170/0x3f0
[   16.789260]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.789313]  kthread+0x328/0x630
[   16.789367]  ret_from_fork+0x10/0x20
[   16.789415] 
[   16.789436] The buggy address belongs to the physical page:
[   16.789466] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8
[   16.789647] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.789714] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.789767] page_type: f8(unknown)
[   16.790005] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.790065] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.790114] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.790161] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.790498] head: 0bfffe0000000002 ffffc1ffc31e2a01 00000000ffffffff 00000000ffffffff
[   16.790654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.790751] page dumped because: kasan: bad access detected
[   16.790915] 
[   16.790974] Memory state around the buggy address:
[   16.791007]  fff00000c78a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.791330]  fff00000c78aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.791444] >fff00000c78aa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.791535]                                                           ^
[   16.791680]  fff00000c78aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.791780]  fff00000c78aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.791817] ==================================================================
[   16.792908] ==================================================================
[   16.792953] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.793028] Write of size 1 at addr fff00000c78aa0f0 by task kunit_try_catch/160
[   16.793112] 
[   16.793159] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.793237] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.793262] Hardware name: linux,dummy-virt (DT)
[   16.793500] Call trace:
[   16.793529]  show_stack+0x20/0x38 (C)
[   16.793578]  dump_stack_lvl+0x8c/0xd0
[   16.793625]  print_report+0x118/0x608
[   16.793671]  kasan_report+0xdc/0x128
[   16.793716]  __asan_report_store1_noabort+0x20/0x30
[   16.793767]  krealloc_more_oob_helper+0x5c0/0x678
[   16.793815]  krealloc_large_more_oob+0x20/0x38
[   16.793863]  kunit_try_run_case+0x170/0x3f0
[   16.793918]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.794063]  kthread+0x328/0x630
[   16.794115]  ret_from_fork+0x10/0x20
[   16.794164] 
[   16.794183] The buggy address belongs to the physical page:
[   16.794475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a8
[   16.794573] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.794663] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.794714] page_type: f8(unknown)
[   16.794750] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.794991] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.795091] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.795196] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.795243] head: 0bfffe0000000002 ffffc1ffc31e2a01 00000000ffffffff 00000000ffffffff
[   16.795571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.795735] page dumped because: kasan: bad access detected
[   16.795826] 
[   16.795871] Memory state around the buggy address:
[   16.795902]  fff00000c78a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.795980]  fff00000c78aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.796320] >fff00000c78aa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.796424]                                                              ^
[   16.796512]  fff00000c78aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.796578]  fff00000c78aa180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.796871] ==================================================================
[   16.683465] ==================================================================
[   16.683529] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.683726] Write of size 1 at addr fff00000c1d24ceb by task kunit_try_catch/156
[   16.683783] 
[   16.683824] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.683906] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.683932] Hardware name: linux,dummy-virt (DT)
[   16.683963] Call trace:
[   16.683986]  show_stack+0x20/0x38 (C)
[   16.684037]  dump_stack_lvl+0x8c/0xd0
[   16.684087]  print_report+0x118/0x608
[   16.684133]  kasan_report+0xdc/0x128
[   16.684178]  __asan_report_store1_noabort+0x20/0x30
[   16.684368]  krealloc_more_oob_helper+0x60c/0x678
[   16.684689]  krealloc_more_oob+0x20/0x38
[   16.685067]  kunit_try_run_case+0x170/0x3f0
[   16.685118]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.685948]  kthread+0x328/0x630
[   16.686062]  ret_from_fork+0x10/0x20
[   16.686199] 
[   16.686284] Allocated by task 156:
[   16.686319]  kasan_save_stack+0x3c/0x68
[   16.687175]  kasan_save_track+0x20/0x40
[   16.687224]  kasan_save_alloc_info+0x40/0x58
[   16.687263]  __kasan_krealloc+0x118/0x178
[   16.687303]  krealloc_noprof+0x128/0x360
[   16.687361]  krealloc_more_oob_helper+0x168/0x678
[   16.687405]  krealloc_more_oob+0x20/0x38
[   16.687442]  kunit_try_run_case+0x170/0x3f0
[   16.687480]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.687522]  kthread+0x328/0x630
[   16.687554]  ret_from_fork+0x10/0x20
[   16.687589] 
[   16.687609] The buggy address belongs to the object at fff00000c1d24c00
[   16.687609]  which belongs to the cache kmalloc-256 of size 256
[   16.687665] The buggy address is located 0 bytes to the right of
[   16.687665]  allocated 235-byte region [fff00000c1d24c00, fff00000c1d24ceb)
[   16.687726] 
[   16.688631] The buggy address belongs to the physical page:
[   16.688717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d24
[   16.689471] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.689813] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.689874] page_type: f5(slab)
[   16.690537] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.690759] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.691549] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.692038] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.692248] head: 0bfffe0000000001 ffffc1ffc3074901 00000000ffffffff 00000000ffffffff
[   16.692835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.693525] page dumped because: kasan: bad access detected
[   16.693918] 
[   16.694174] Memory state around the buggy address:
[   16.694327]  fff00000c1d24b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.694387]  fff00000c1d24c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.694428] >fff00000c1d24c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.694464]                                                           ^
[   16.695051]  fff00000c1d24d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.695112]  fff00000c1d24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.695934] ==================================================================
[   16.697376] ==================================================================
[   16.699207] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.699747] Write of size 1 at addr fff00000c1d24cf0 by task kunit_try_catch/156
[   16.699865] 
[   16.699900] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.700836] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.700925] Hardware name: linux,dummy-virt (DT)
[   16.701799] Call trace:
[   16.702047]  show_stack+0x20/0x38 (C)
[   16.702106]  dump_stack_lvl+0x8c/0xd0
[   16.702158]  print_report+0x118/0x608
[   16.702205]  kasan_report+0xdc/0x128
[   16.702251]  __asan_report_store1_noabort+0x20/0x30
[   16.702302]  krealloc_more_oob_helper+0x5c0/0x678
[   16.702362]  krealloc_more_oob+0x20/0x38
[   16.702408]  kunit_try_run_case+0x170/0x3f0
[   16.702457]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.702510]  kthread+0x328/0x630
[   16.702552]  ret_from_fork+0x10/0x20
[   16.702599] 
[   16.702617] Allocated by task 156:
[   16.704411]  kasan_save_stack+0x3c/0x68
[   16.705313]  kasan_save_track+0x20/0x40
[   16.706059]  kasan_save_alloc_info+0x40/0x58
[   16.706609]  __kasan_krealloc+0x118/0x178
[   16.706649]  krealloc_noprof+0x128/0x360
[   16.707362]  krealloc_more_oob_helper+0x168/0x678
[   16.707478]  krealloc_more_oob+0x20/0x38
[   16.707538]  kunit_try_run_case+0x170/0x3f0
[   16.707576]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.707622]  kthread+0x328/0x630
[   16.707655]  ret_from_fork+0x10/0x20
[   16.707690] 
[   16.707709] The buggy address belongs to the object at fff00000c1d24c00
[   16.707709]  which belongs to the cache kmalloc-256 of size 256
[   16.707765] The buggy address is located 5 bytes to the right of
[   16.707765]  allocated 235-byte region [fff00000c1d24c00, fff00000c1d24ceb)
[   16.708932] 
[   16.709701] The buggy address belongs to the physical page:
[   16.710001] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d24
[   16.710257] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.710325] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.710864] page_type: f5(slab)
[   16.710956] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.711017] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.711272] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.711324] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.711382] head: 0bfffe0000000001 ffffc1ffc3074901 00000000ffffffff 00000000ffffffff
[   16.711433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.712293] page dumped because: kasan: bad access detected
[   16.712633] 
[   16.712993] Memory state around the buggy address:
[   16.713716]  fff00000c1d24b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.713814]  fff00000c1d24c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.714286] >fff00000c1d24c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.714367]                                                              ^
[   16.714409]  fff00000c1d24d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.715351]  fff00000c1d24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.715873] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zh6UUpn8TXCNL7MIo1zG1gJYsm

job_id

TEST:linaro@lkft#2zh6YfNos6w8xohFb8qFQv3OHbb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zh6YfNos6w8xohFb8qFQv3OHbb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6Vqcc0A9XVY6JZOMLf3Bp13a/Image.gz
sha256sum	5777f0c14b003f9164a55cf9da149f541eebfde18dd695220d32c2a687f9babe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6Vqcc0A9XVY6JZOMLf3Bp13a/modules.tar.xz
sha256sum	3d1cdbe99292ade1bea537f77888a5f86577293975d366777e0dc375bac545b3

durations

tests

boot	0
kunit	172.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.332334] ==================================================================
[   12.332804] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.333330] Write of size 1 at addr ffff888102ac20eb by task kunit_try_catch/177
[   12.333614] 
[   12.333791] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.334062] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.334076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.334095] Call Trace:
[   12.334119]  <TASK>
[   12.334134]  dump_stack_lvl+0x73/0xb0
[   12.334168]  print_report+0xd1/0x650
[   12.334190]  ? __virt_addr_valid+0x1db/0x2d0
[   12.334215]  ? krealloc_more_oob_helper+0x821/0x930
[   12.334241]  ? kasan_addr_to_slab+0x11/0xa0
[   12.334262]  ? krealloc_more_oob_helper+0x821/0x930
[   12.334288]  kasan_report+0x141/0x180
[   12.334309]  ? krealloc_more_oob_helper+0x821/0x930
[   12.334338]  __asan_report_store1_noabort+0x1b/0x30
[   12.334363]  krealloc_more_oob_helper+0x821/0x930
[   12.334385]  ? __schedule+0x10cc/0x2b60
[   12.334408]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.334434]  ? finish_task_switch.isra.0+0x153/0x700
[   12.334457]  ? __switch_to+0x47/0xf50
[   12.334482]  ? __schedule+0x10cc/0x2b60
[   12.334503]  ? __pfx_read_tsc+0x10/0x10
[   12.334527]  krealloc_large_more_oob+0x1c/0x30
[   12.334550]  kunit_try_run_case+0x1a5/0x480
[   12.334574]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.334596]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.334619]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.334643]  ? __kthread_parkme+0x82/0x180
[   12.334663]  ? preempt_count_sub+0x50/0x80
[   12.334685]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.334709]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.334732]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.334757]  kthread+0x337/0x6f0
[   12.334776]  ? trace_preempt_on+0x20/0xc0
[   12.334799]  ? __pfx_kthread+0x10/0x10
[   12.334868]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.334891]  ? calculate_sigpending+0x7b/0xa0
[   12.334915]  ? __pfx_kthread+0x10/0x10
[   12.334936]  ret_from_fork+0x116/0x1d0
[   12.334954]  ? __pfx_kthread+0x10/0x10
[   12.334974]  ret_from_fork_asm+0x1a/0x30
[   12.335005]  </TASK>
[   12.335015] 
[   12.344856] The buggy address belongs to the physical page:
[   12.345149] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ac0
[   12.345522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.345919] flags: 0x200000000000040(head|node=0|zone=2)
[   12.346215] page_type: f8(unknown)
[   12.346342] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.346609] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.346995] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.347479] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.347976] head: 0200000000000002 ffffea00040ab001 00000000ffffffff 00000000ffffffff
[   12.348293] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.348584] page dumped because: kasan: bad access detected
[   12.349082] 
[   12.349188] Memory state around the buggy address:
[   12.349359]  ffff888102ac1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.349670]  ffff888102ac2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.350051] >ffff888102ac2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.350351]                                                           ^
[   12.350604]  ffff888102ac2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.350923]  ffff888102ac2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.351282] ==================================================================
[   12.175176] ==================================================================
[   12.175568] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.176333] Write of size 1 at addr ffff8881039c00f0 by task kunit_try_catch/173
[   12.176995] 
[   12.177177] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.177219] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.177230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.177249] Call Trace:
[   12.177278]  <TASK>
[   12.177293]  dump_stack_lvl+0x73/0xb0
[   12.177323]  print_report+0xd1/0x650
[   12.177358]  ? __virt_addr_valid+0x1db/0x2d0
[   12.177382]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.177406]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.177429]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.177453]  kasan_report+0x141/0x180
[   12.177483]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.177511]  __asan_report_store1_noabort+0x1b/0x30
[   12.177546]  krealloc_more_oob_helper+0x7eb/0x930
[   12.177569]  ? __schedule+0x10cc/0x2b60
[   12.177591]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.177616]  ? finish_task_switch.isra.0+0x153/0x700
[   12.177640]  ? __switch_to+0x47/0xf50
[   12.177665]  ? __schedule+0x10cc/0x2b60
[   12.177686]  ? __pfx_read_tsc+0x10/0x10
[   12.177710]  krealloc_more_oob+0x1c/0x30
[   12.177731]  kunit_try_run_case+0x1a5/0x480
[   12.177755]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.177778]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.177801]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.177824]  ? __kthread_parkme+0x82/0x180
[   12.177844]  ? preempt_count_sub+0x50/0x80
[   12.177867]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.177891]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.177915]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.177950]  kthread+0x337/0x6f0
[   12.177968]  ? trace_preempt_on+0x20/0xc0
[   12.177992]  ? __pfx_kthread+0x10/0x10
[   12.178024]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.178063]  ? calculate_sigpending+0x7b/0xa0
[   12.178096]  ? __pfx_kthread+0x10/0x10
[   12.178126]  ret_from_fork+0x116/0x1d0
[   12.178144]  ? __pfx_kthread+0x10/0x10
[   12.178164]  ret_from_fork_asm+0x1a/0x30
[   12.178194]  </TASK>
[   12.178203] 
[   12.187351] Allocated by task 173:
[   12.187483]  kasan_save_stack+0x45/0x70
[   12.187632]  kasan_save_track+0x18/0x40
[   12.187871]  kasan_save_alloc_info+0x3b/0x50
[   12.188146]  __kasan_krealloc+0x190/0x1f0
[   12.188351]  krealloc_noprof+0xf3/0x340
[   12.188566]  krealloc_more_oob_helper+0x1a9/0x930
[   12.188775]  krealloc_more_oob+0x1c/0x30
[   12.189056]  kunit_try_run_case+0x1a5/0x480
[   12.189210]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.189389]  kthread+0x337/0x6f0
[   12.189578]  ret_from_fork+0x116/0x1d0
[   12.189763]  ret_from_fork_asm+0x1a/0x30
[   12.189956] 
[   12.190057] The buggy address belongs to the object at ffff8881039c0000
[   12.190057]  which belongs to the cache kmalloc-256 of size 256
[   12.190889] The buggy address is located 5 bytes to the right of
[   12.190889]  allocated 235-byte region [ffff8881039c0000, ffff8881039c00eb)
[   12.191638] 
[   12.191724] The buggy address belongs to the physical page:
[   12.192386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0
[   12.192745] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.193232] flags: 0x200000000000040(head|node=0|zone=2)
[   12.193491] page_type: f5(slab)
[   12.193668] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.193982] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.194220] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.194662] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.195003] head: 0200000000000001 ffffea00040e7001 00000000ffffffff 00000000ffffffff
[   12.195476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.195700] page dumped because: kasan: bad access detected
[   12.196221] 
[   12.196353] Memory state around the buggy address:
[   12.196582]  ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.197022]  ffff8881039c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.197278] >ffff8881039c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.197596]                                                              ^
[   12.198080]  ffff8881039c0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.198378]  ffff8881039c0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.198666] ==================================================================
[   12.351699] ==================================================================
[   12.352105] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.352598] Write of size 1 at addr ffff888102ac20f0 by task kunit_try_catch/177
[   12.352968] 
[   12.353094] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.353135] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.353146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.353165] Call Trace:
[   12.353177]  <TASK>
[   12.353191]  dump_stack_lvl+0x73/0xb0
[   12.353219]  print_report+0xd1/0x650
[   12.353241]  ? __virt_addr_valid+0x1db/0x2d0
[   12.353263]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.353286]  ? kasan_addr_to_slab+0x11/0xa0
[   12.353306]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.353330]  kasan_report+0x141/0x180
[   12.353351]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.353379]  __asan_report_store1_noabort+0x1b/0x30
[   12.353404]  krealloc_more_oob_helper+0x7eb/0x930
[   12.353426]  ? __schedule+0x10cc/0x2b60
[   12.353447]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.353472]  ? finish_task_switch.isra.0+0x153/0x700
[   12.353494]  ? __switch_to+0x47/0xf50
[   12.353519]  ? __schedule+0x10cc/0x2b60
[   12.353540]  ? __pfx_read_tsc+0x10/0x10
[   12.353563]  krealloc_large_more_oob+0x1c/0x30
[   12.353586]  kunit_try_run_case+0x1a5/0x480
[   12.353609]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.353632]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.353655]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.353679]  ? __kthread_parkme+0x82/0x180
[   12.353698]  ? preempt_count_sub+0x50/0x80
[   12.353721]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.353745]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.353768]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.353793]  kthread+0x337/0x6f0
[   12.353811]  ? trace_preempt_on+0x20/0xc0
[   12.353834]  ? __pfx_kthread+0x10/0x10
[   12.353854]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.353876]  ? calculate_sigpending+0x7b/0xa0
[   12.353899]  ? __pfx_kthread+0x10/0x10
[   12.353920]  ret_from_fork+0x116/0x1d0
[   12.353938]  ? __pfx_kthread+0x10/0x10
[   12.353958]  ret_from_fork_asm+0x1a/0x30
[   12.353988]  </TASK>
[   12.353997] 
[   12.361666] The buggy address belongs to the physical page:
[   12.361972] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ac0
[   12.362244] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.362579] flags: 0x200000000000040(head|node=0|zone=2)
[   12.362816] page_type: f8(unknown)
[   12.363170] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.363430] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.363767] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.364082] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.364347] head: 0200000000000002 ffffea00040ab001 00000000ffffffff 00000000ffffffff
[   12.364654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.364885] page dumped because: kasan: bad access detected
[   12.365221] 
[   12.365322] Memory state around the buggy address:
[   12.365542]  ffff888102ac1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.365936]  ffff888102ac2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.366241] >ffff888102ac2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.366509]                                                              ^
[   12.366782]  ffff888102ac2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.367105]  ffff888102ac2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.367372] ==================================================================
[   12.139126] ==================================================================
[   12.140382] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.141099] Write of size 1 at addr ffff8881039c00eb by task kunit_try_catch/173
[   12.141729] 
[   12.141818] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.141859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.141870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.141888] Call Trace:
[   12.141900]  <TASK>
[   12.141913]  dump_stack_lvl+0x73/0xb0
[   12.141997]  print_report+0xd1/0x650
[   12.142065]  ? __virt_addr_valid+0x1db/0x2d0
[   12.142087]  ? krealloc_more_oob_helper+0x821/0x930
[   12.142110]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.142144]  ? krealloc_more_oob_helper+0x821/0x930
[   12.142168]  kasan_report+0x141/0x180
[   12.142189]  ? krealloc_more_oob_helper+0x821/0x930
[   12.142243]  __asan_report_store1_noabort+0x1b/0x30
[   12.142268]  krealloc_more_oob_helper+0x821/0x930
[   12.142291]  ? __schedule+0x10cc/0x2b60
[   12.142324]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.142348]  ? finish_task_switch.isra.0+0x153/0x700
[   12.142371]  ? __switch_to+0x47/0xf50
[   12.142396]  ? __schedule+0x10cc/0x2b60
[   12.142417]  ? __pfx_read_tsc+0x10/0x10
[   12.142441]  krealloc_more_oob+0x1c/0x30
[   12.142462]  kunit_try_run_case+0x1a5/0x480
[   12.142487]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.142510]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.142532]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.142555]  ? __kthread_parkme+0x82/0x180
[   12.142576]  ? preempt_count_sub+0x50/0x80
[   12.142599]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.142623]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.142647]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.142671]  kthread+0x337/0x6f0
[   12.142690]  ? trace_preempt_on+0x20/0xc0
[   12.142712]  ? __pfx_kthread+0x10/0x10
[   12.142732]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.142753]  ? calculate_sigpending+0x7b/0xa0
[   12.142776]  ? __pfx_kthread+0x10/0x10
[   12.142797]  ret_from_fork+0x116/0x1d0
[   12.142965]  ? __pfx_kthread+0x10/0x10
[   12.142991]  ret_from_fork_asm+0x1a/0x30
[   12.143022]  </TASK>
[   12.143044] 
[   12.156807] Allocated by task 173:
[   12.157072]  kasan_save_stack+0x45/0x70
[   12.157496]  kasan_save_track+0x18/0x40
[   12.157855]  kasan_save_alloc_info+0x3b/0x50
[   12.158368]  __kasan_krealloc+0x190/0x1f0
[   12.158657]  krealloc_noprof+0xf3/0x340
[   12.158983]  krealloc_more_oob_helper+0x1a9/0x930
[   12.159463]  krealloc_more_oob+0x1c/0x30
[   12.159613]  kunit_try_run_case+0x1a5/0x480
[   12.159761]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.160314]  kthread+0x337/0x6f0
[   12.160650]  ret_from_fork+0x116/0x1d0
[   12.161022]  ret_from_fork_asm+0x1a/0x30
[   12.161501] 
[   12.161682] The buggy address belongs to the object at ffff8881039c0000
[   12.161682]  which belongs to the cache kmalloc-256 of size 256
[   12.162550] The buggy address is located 0 bytes to the right of
[   12.162550]  allocated 235-byte region [ffff8881039c0000, ffff8881039c00eb)
[   12.163125] 
[   12.163307] The buggy address belongs to the physical page:
[   12.163868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0
[   12.164685] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.165424] flags: 0x200000000000040(head|node=0|zone=2)
[   12.165970] page_type: f5(slab)
[   12.166293] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.166785] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.167386] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.167624] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.167996] head: 0200000000000001 ffffea00040e7001 00000000ffffffff 00000000ffffffff
[   12.168736] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.169533] page dumped because: kasan: bad access detected
[   12.170095] 
[   12.170259] Memory state around the buggy address:
[   12.170703]  ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   12.171352]  ffff8881039c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.171793] >ffff8881039c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.172461]                                                           ^
[   12.172665]  ffff8881039c0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.173101]  ffff8881039c0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.173848] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zh6UUpn8TXCNL7MIo1zG1gJYsm

job_id

TEST:linaro@lkft#2zh6ZNztcGXg2O8uNeKx6V5kr88

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zh6ZNztcGXg2O8uNeKx6V5kr88

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6WsWI7Bm0SUy5pTvvvknXRZJ/bzImage
sha256sum	1e1574ecc8c4221677c1bc00b6aa400c5a95520bd7b8881c6e36fd86dc7a4db6

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zh6WsWI7Bm0SUy5pTvvvknXRZJ/modules.tar.xz
sha256sum	56cebba46b14ff78df64e8cde24854df1e7692bca96ad63f09d123563bd0e53d

durations

tests

boot	0
kunit	218.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit