lkft/sashal-linus-next - v6.13-rc7-44318-g27387b12fffb - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 23, 2025, 2:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.188781] ==================================================================
[   15.188839] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.188905] Write of size 1 at addr fff00000c0b936eb by task kunit_try_catch/156
[   15.188955] 
[   15.189390] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.189710] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.189823] Hardware name: linux,dummy-virt (DT)
[   15.189918] Call trace:
[   15.189939]  show_stack+0x20/0x38 (C)
[   15.190092]  dump_stack_lvl+0x8c/0xd0
[   15.190316]  print_report+0x118/0x5d0
[   15.190536]  kasan_report+0xdc/0x128
[   15.190622]  __asan_report_store1_noabort+0x20/0x30
[   15.190705]  krealloc_more_oob_helper+0x60c/0x678
[   15.190753]  krealloc_more_oob+0x20/0x38
[   15.190798]  kunit_try_run_case+0x170/0x3f0
[   15.190844]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.190960]  kthread+0x328/0x630
[   15.191247]  ret_from_fork+0x10/0x20
[   15.191400] 
[   15.191418] Allocated by task 156:
[   15.191448]  kasan_save_stack+0x3c/0x68
[   15.191490]  kasan_save_track+0x20/0x40
[   15.191538]  kasan_save_alloc_info+0x40/0x58
[   15.191577]  __kasan_krealloc+0x118/0x178
[   15.191615]  krealloc_noprof+0x128/0x360
[   15.191652]  krealloc_more_oob_helper+0x168/0x678
[   15.191691]  krealloc_more_oob+0x20/0x38
[   15.191726]  kunit_try_run_case+0x170/0x3f0
[   15.191974]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.192214]  kthread+0x328/0x630
[   15.192248]  ret_from_fork+0x10/0x20
[   15.192283] 
[   15.192302] The buggy address belongs to the object at fff00000c0b93600
[   15.192302]  which belongs to the cache kmalloc-256 of size 256
[   15.192420] The buggy address is located 0 bytes to the right of
[   15.192420]  allocated 235-byte region [fff00000c0b93600, fff00000c0b936eb)
[   15.192509] 
[   15.192528] The buggy address belongs to the physical page:
[   15.192561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b92
[   15.192628] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.192675] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.192726] page_type: f5(slab)
[   15.193004] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.193075] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.193172] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.193301] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.193472] head: 0bfffe0000000001 ffffc1ffc302e481 00000000ffffffff 00000000ffffffff
[   15.193523] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.193563] page dumped because: kasan: bad access detected
[   15.193595] 
[   15.193652] Memory state around the buggy address:
[   15.194054]  fff00000c0b93580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.194184]  fff00000c0b93600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.194285] >fff00000c0b93680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.194345]                                                           ^
[   15.194426]  fff00000c0b93700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.194473]  fff00000c0b93780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.194594] ==================================================================
[   15.274130] ==================================================================
[   15.274212] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.274575] Write of size 1 at addr fff00000c65060f0 by task kunit_try_catch/160
[   15.274674] 
[   15.274742] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.274938] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.274969] Hardware name: linux,dummy-virt (DT)
[   15.275028] Call trace:
[   15.275056]  show_stack+0x20/0x38 (C)
[   15.275424]  dump_stack_lvl+0x8c/0xd0
[   15.275488]  print_report+0x118/0x5d0
[   15.275709]  kasan_report+0xdc/0x128
[   15.275779]  __asan_report_store1_noabort+0x20/0x30
[   15.276384]  krealloc_more_oob_helper+0x5c0/0x678
[   15.276573]  krealloc_large_more_oob+0x20/0x38
[   15.276629]  kunit_try_run_case+0x170/0x3f0
[   15.276919]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.277086]  kthread+0x328/0x630
[   15.277352]  ret_from_fork+0x10/0x20
[   15.277573] 
[   15.277602] The buggy address belongs to the physical page:
[   15.277634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106504
[   15.277881] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.278047] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.278474] page_type: f8(unknown)
[   15.278534] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.278587] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.278650] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.278699] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.278778] head: 0bfffe0000000002 ffffc1ffc3194101 00000000ffffffff 00000000ffffffff
[   15.278831] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.278892] page dumped because: kasan: bad access detected
[   15.278925] 
[   15.278951] Memory state around the buggy address:
[   15.278983]  fff00000c6505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.279036]  fff00000c6506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.279088] >fff00000c6506080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.279125]                                                              ^
[   15.279166]  fff00000c6506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.279208]  fff00000c6506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.279255] ==================================================================
[   15.265101] ==================================================================
[   15.265162] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.265430] Write of size 1 at addr fff00000c65060eb by task kunit_try_catch/160
[   15.265629] 
[   15.265673] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.265810] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.265870] Hardware name: linux,dummy-virt (DT)
[   15.265905] Call trace:
[   15.266105]  show_stack+0x20/0x38 (C)
[   15.266589]  dump_stack_lvl+0x8c/0xd0
[   15.267058]  print_report+0x118/0x5d0
[   15.267120]  kasan_report+0xdc/0x128
[   15.267167]  __asan_report_store1_noabort+0x20/0x30
[   15.267222]  krealloc_more_oob_helper+0x60c/0x678
[   15.267800]  krealloc_large_more_oob+0x20/0x38
[   15.267906]  kunit_try_run_case+0x170/0x3f0
[   15.268030]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.268318]  kthread+0x328/0x630
[   15.268398]  ret_from_fork+0x10/0x20
[   15.268780] 
[   15.268904] The buggy address belongs to the physical page:
[   15.268959] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106504
[   15.269139] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.269265] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.269352] page_type: f8(unknown)
[   15.269537] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.269605] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.269829] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.269943] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.270132] head: 0bfffe0000000002 ffffc1ffc3194101 00000000ffffffff 00000000ffffffff
[   15.270208] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.270250] page dumped because: kasan: bad access detected
[   15.270281] 
[   15.270299] Memory state around the buggy address:
[   15.270348]  fff00000c6505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.270404]  fff00000c6506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.270454] >fff00000c6506080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.270491]                                                           ^
[   15.270531]  fff00000c6506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.270573]  fff00000c6506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.271042] ==================================================================
[   15.197431] ==================================================================
[   15.197489] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.197541] Write of size 1 at addr fff00000c0b936f0 by task kunit_try_catch/156
[   15.198068] 
[   15.198098] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.198362] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.198389] Hardware name: linux,dummy-virt (DT)
[   15.198419] Call trace:
[   15.198446]  show_stack+0x20/0x38 (C)
[   15.198495]  dump_stack_lvl+0x8c/0xd0
[   15.198571]  print_report+0x118/0x5d0
[   15.198617]  kasan_report+0xdc/0x128
[   15.198662]  __asan_report_store1_noabort+0x20/0x30
[   15.198821]  krealloc_more_oob_helper+0x5c0/0x678
[   15.199001]  krealloc_more_oob+0x20/0x38
[   15.199048]  kunit_try_run_case+0x170/0x3f0
[   15.199095]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.199148]  kthread+0x328/0x630
[   15.199189]  ret_from_fork+0x10/0x20
[   15.199245] 
[   15.199333] Allocated by task 156:
[   15.199391]  kasan_save_stack+0x3c/0x68
[   15.199433]  kasan_save_track+0x20/0x40
[   15.199469]  kasan_save_alloc_info+0x40/0x58
[   15.199507]  __kasan_krealloc+0x118/0x178
[   15.199544]  krealloc_noprof+0x128/0x360
[   15.199608]  krealloc_more_oob_helper+0x168/0x678
[   15.199649]  krealloc_more_oob+0x20/0x38
[   15.199685]  kunit_try_run_case+0x170/0x3f0
[   15.199722]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.199765]  kthread+0x328/0x630
[   15.199796]  ret_from_fork+0x10/0x20
[   15.199831] 
[   15.199859] The buggy address belongs to the object at fff00000c0b93600
[   15.199859]  which belongs to the cache kmalloc-256 of size 256
[   15.199919] The buggy address is located 5 bytes to the right of
[   15.199919]  allocated 235-byte region [fff00000c0b93600, fff00000c0b936eb)
[   15.200041] 
[   15.200060] The buggy address belongs to the physical page:
[   15.200091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b92
[   15.200161] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.200235] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.200346] page_type: f5(slab)
[   15.200385] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.200435] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.200485] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.200533] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.200582] head: 0bfffe0000000001 ffffc1ffc302e481 00000000ffffffff 00000000ffffffff
[   15.200631] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.200671] page dumped because: kasan: bad access detected
[   15.200745] 
[   15.200762] Memory state around the buggy address:
[   15.200799]  fff00000c0b93580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.200921]  fff00000c0b93600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.201028] >fff00000c0b93680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.201114]                                                              ^
[   15.201179]  fff00000c0b93700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.201235]  fff00000c0b93780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.201273] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30FwNKrR0chZl8JxQ9oDLeGgEf1

job_id

TEST:linaro@lkft#30FwR2fRkzTBthaEGsn2oSNBiak

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30FwR2fRkzTBthaEGsn2oSNBiak

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwONNWGijICJ48AAbFba1EVUs/Image.gz
sha256sum	8534d3ff5e7130a7351acf1ba2c07ffa9e7df27300561ffd2317b7b702473270

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwONNWGijICJ48AAbFba1EVUs/modules.tar.xz
sha256sum	f24656ab0c8f4ea78058682076f4e8713969b8fbd25774a6621886c8181a329c

durations

tests

boot	0
kunit	171.73

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.277695] ==================================================================
[   12.278175] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.278582] Write of size 1 at addr ffff888100355aeb by task kunit_try_catch/173
[   12.278922] 
[   12.279027] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.279070] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.279081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.279104] Call Trace:
[   12.279115]  <TASK>
[   12.279129]  dump_stack_lvl+0x73/0xb0
[   12.279157]  print_report+0xd1/0x610
[   12.279178]  ? __virt_addr_valid+0x1db/0x2d0
[   12.279199]  ? krealloc_more_oob_helper+0x821/0x930
[   12.279274]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.279296]  ? krealloc_more_oob_helper+0x821/0x930
[   12.279319]  kasan_report+0x141/0x180
[   12.279340]  ? krealloc_more_oob_helper+0x821/0x930
[   12.279368]  __asan_report_store1_noabort+0x1b/0x30
[   12.279392]  krealloc_more_oob_helper+0x821/0x930
[   12.279413]  ? __schedule+0x10c6/0x2b60
[   12.279436]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.279460]  ? finish_task_switch.isra.0+0x153/0x700
[   12.279481]  ? __switch_to+0x47/0xf50
[   12.279507]  ? __schedule+0x10c6/0x2b60
[   12.279528]  ? __pfx_read_tsc+0x10/0x10
[   12.279551]  krealloc_more_oob+0x1c/0x30
[   12.279571]  kunit_try_run_case+0x1a5/0x480
[   12.279595]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.279617]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.279640]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.279662]  ? __kthread_parkme+0x82/0x180
[   12.279683]  ? preempt_count_sub+0x50/0x80
[   12.279705]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.279728]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.279750]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.279772]  kthread+0x337/0x6f0
[   12.279791]  ? trace_preempt_on+0x20/0xc0
[   12.279827]  ? __pfx_kthread+0x10/0x10
[   12.279847]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.279867]  ? calculate_sigpending+0x7b/0xa0
[   12.279890]  ? __pfx_kthread+0x10/0x10
[   12.279911]  ret_from_fork+0x116/0x1d0
[   12.279930]  ? __pfx_kthread+0x10/0x10
[   12.279950]  ret_from_fork_asm+0x1a/0x30
[   12.279979]  </TASK>
[   12.279990] 
[   12.288470] Allocated by task 173:
[   12.288653]  kasan_save_stack+0x45/0x70
[   12.288846]  kasan_save_track+0x18/0x40
[   12.288984]  kasan_save_alloc_info+0x3b/0x50
[   12.289135]  __kasan_krealloc+0x190/0x1f0
[   12.289276]  krealloc_noprof+0xf3/0x340
[   12.289467]  krealloc_more_oob_helper+0x1a9/0x930
[   12.289693]  krealloc_more_oob+0x1c/0x30
[   12.289906]  kunit_try_run_case+0x1a5/0x480
[   12.290492]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.290737]  kthread+0x337/0x6f0
[   12.290915]  ret_from_fork+0x116/0x1d0
[   12.291114]  ret_from_fork_asm+0x1a/0x30
[   12.291386] 
[   12.291469] The buggy address belongs to the object at ffff888100355a00
[   12.291469]  which belongs to the cache kmalloc-256 of size 256
[   12.291897] The buggy address is located 0 bytes to the right of
[   12.291897]  allocated 235-byte region [ffff888100355a00, ffff888100355aeb)
[   12.292639] 
[   12.292723] The buggy address belongs to the physical page:
[   12.292957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354
[   12.293386] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.293690] flags: 0x200000000000040(head|node=0|zone=2)
[   12.293953] page_type: f5(slab)
[   12.294099] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.294577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.294835] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.295181] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.295587] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff
[   12.295935] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.296375] page dumped because: kasan: bad access detected
[   12.296613] 
[   12.296711] Memory state around the buggy address:
[   12.296937]  ffff888100355980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.297222]  ffff888100355a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.297609] >ffff888100355a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.297909]                                                           ^
[   12.298192]  ffff888100355b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.298700]  ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.299013] ==================================================================
[   12.299488] ==================================================================
[   12.299795] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.300121] Write of size 1 at addr ffff888100355af0 by task kunit_try_catch/173
[   12.300587] 
[   12.300706] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.300749] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.300761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.300781] Call Trace:
[   12.300798]  <TASK>
[   12.300826]  dump_stack_lvl+0x73/0xb0
[   12.300858]  print_report+0xd1/0x610
[   12.300879]  ? __virt_addr_valid+0x1db/0x2d0
[   12.300900]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.300924]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.300945]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.300968]  kasan_report+0x141/0x180
[   12.300990]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.301017]  __asan_report_store1_noabort+0x1b/0x30
[   12.301041]  krealloc_more_oob_helper+0x7eb/0x930
[   12.301063]  ? __schedule+0x10c6/0x2b60
[   12.301084]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.301117]  ? finish_task_switch.isra.0+0x153/0x700
[   12.301139]  ? __switch_to+0x47/0xf50
[   12.301163]  ? __schedule+0x10c6/0x2b60
[   12.301184]  ? __pfx_read_tsc+0x10/0x10
[   12.301444]  krealloc_more_oob+0x1c/0x30
[   12.301469]  kunit_try_run_case+0x1a5/0x480
[   12.301492]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.301514]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.301537]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.301560]  ? __kthread_parkme+0x82/0x180
[   12.301579]  ? preempt_count_sub+0x50/0x80
[   12.301602]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.301625]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.301647]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.301670]  kthread+0x337/0x6f0
[   12.301689]  ? trace_preempt_on+0x20/0xc0
[   12.301711]  ? __pfx_kthread+0x10/0x10
[   12.301731]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.301751]  ? calculate_sigpending+0x7b/0xa0
[   12.301774]  ? __pfx_kthread+0x10/0x10
[   12.301795]  ret_from_fork+0x116/0x1d0
[   12.301827]  ? __pfx_kthread+0x10/0x10
[   12.301848]  ret_from_fork_asm+0x1a/0x30
[   12.301877]  </TASK>
[   12.301887] 
[   12.309595] Allocated by task 173:
[   12.309724]  kasan_save_stack+0x45/0x70
[   12.309901]  kasan_save_track+0x18/0x40
[   12.310091]  kasan_save_alloc_info+0x3b/0x50
[   12.310300]  __kasan_krealloc+0x190/0x1f0
[   12.310497]  krealloc_noprof+0xf3/0x340
[   12.310769]  krealloc_more_oob_helper+0x1a9/0x930
[   12.311014]  krealloc_more_oob+0x1c/0x30
[   12.311420]  kunit_try_run_case+0x1a5/0x480
[   12.311638]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.311879]  kthread+0x337/0x6f0
[   12.312002]  ret_from_fork+0x116/0x1d0
[   12.312135]  ret_from_fork_asm+0x1a/0x30
[   12.312496] 
[   12.312594] The buggy address belongs to the object at ffff888100355a00
[   12.312594]  which belongs to the cache kmalloc-256 of size 256
[   12.313112] The buggy address is located 5 bytes to the right of
[   12.313112]  allocated 235-byte region [ffff888100355a00, ffff888100355aeb)
[   12.313784] 
[   12.313895] The buggy address belongs to the physical page:
[   12.314118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354
[   12.314529] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.314850] flags: 0x200000000000040(head|node=0|zone=2)
[   12.315088] page_type: f5(slab)
[   12.315289] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.315607] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.315851] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.316086] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.316320] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff
[   12.316661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.317014] page dumped because: kasan: bad access detected
[   12.317264] 
[   12.317364] Memory state around the buggy address:
[   12.317585]  ffff888100355980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.318409]  ffff888100355a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.318650] >ffff888100355a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.318973]                                                              ^
[   12.319547]  ffff888100355b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.319825]  ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.320132] ==================================================================
[   12.437480] ==================================================================
[   12.437935] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.438289] Write of size 1 at addr ffff8881029520eb by task kunit_try_catch/177
[   12.438719] 
[   12.438842] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.438888] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.438900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.438921] Call Trace:
[   12.438933]  <TASK>
[   12.438949]  dump_stack_lvl+0x73/0xb0
[   12.438979]  print_report+0xd1/0x610
[   12.439001]  ? __virt_addr_valid+0x1db/0x2d0
[   12.439023]  ? krealloc_more_oob_helper+0x821/0x930
[   12.439046]  ? kasan_addr_to_slab+0x11/0xa0
[   12.439065]  ? krealloc_more_oob_helper+0x821/0x930
[   12.439088]  kasan_report+0x141/0x180
[   12.439121]  ? krealloc_more_oob_helper+0x821/0x930
[   12.439148]  __asan_report_store1_noabort+0x1b/0x30
[   12.439172]  krealloc_more_oob_helper+0x821/0x930
[   12.439193]  ? __schedule+0x10c6/0x2b60
[   12.439227]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.439250]  ? finish_task_switch.isra.0+0x153/0x700
[   12.439272]  ? __switch_to+0x47/0xf50
[   12.439297]  ? __schedule+0x10c6/0x2b60
[   12.439318]  ? __pfx_read_tsc+0x10/0x10
[   12.439341]  krealloc_large_more_oob+0x1c/0x30
[   12.439363]  kunit_try_run_case+0x1a5/0x480
[   12.439388]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.439410]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.439434]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.439456]  ? __kthread_parkme+0x82/0x180
[   12.439476]  ? preempt_count_sub+0x50/0x80
[   12.439498]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.439522]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.439544]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.439567]  kthread+0x337/0x6f0
[   12.439586]  ? trace_preempt_on+0x20/0xc0
[   12.439608]  ? __pfx_kthread+0x10/0x10
[   12.439628]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.439649]  ? calculate_sigpending+0x7b/0xa0
[   12.439672]  ? __pfx_kthread+0x10/0x10
[   12.439692]  ret_from_fork+0x116/0x1d0
[   12.439711]  ? __pfx_kthread+0x10/0x10
[   12.439730]  ret_from_fork_asm+0x1a/0x30
[   12.439760]  </TASK>
[   12.439771] 
[   12.447925] The buggy address belongs to the physical page:
[   12.448119] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.448527] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.448831] flags: 0x200000000000040(head|node=0|zone=2)
[   12.449061] page_type: f8(unknown)
[   12.449254] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.449733] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.450081] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.450374] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.450786] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.451162] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.451545] page dumped because: kasan: bad access detected
[   12.451807] 
[   12.451918] Memory state around the buggy address:
[   12.452094]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.452470]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.452760] >ffff888102952080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.453083]                                                           ^
[   12.453384]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.453674]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.453914] ==================================================================
[   12.454291] ==================================================================
[   12.454549] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.454915] Write of size 1 at addr ffff8881029520f0 by task kunit_try_catch/177
[   12.455457] 
[   12.455579] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.455623] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.455635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.455655] Call Trace:
[   12.455671]  <TASK>
[   12.455686]  dump_stack_lvl+0x73/0xb0
[   12.455713]  print_report+0xd1/0x610
[   12.455734]  ? __virt_addr_valid+0x1db/0x2d0
[   12.455755]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.455778]  ? kasan_addr_to_slab+0x11/0xa0
[   12.455797]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.455834]  kasan_report+0x141/0x180
[   12.455857]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.455884]  __asan_report_store1_noabort+0x1b/0x30
[   12.455909]  krealloc_more_oob_helper+0x7eb/0x930
[   12.455931]  ? __schedule+0x10c6/0x2b60
[   12.455953]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.455977]  ? finish_task_switch.isra.0+0x153/0x700
[   12.455998]  ? __switch_to+0x47/0xf50
[   12.456021]  ? __schedule+0x10c6/0x2b60
[   12.456042]  ? __pfx_read_tsc+0x10/0x10
[   12.456065]  krealloc_large_more_oob+0x1c/0x30
[   12.456087]  kunit_try_run_case+0x1a5/0x480
[   12.456110]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.456132]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.456154]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.456177]  ? __kthread_parkme+0x82/0x180
[   12.456196]  ? preempt_count_sub+0x50/0x80
[   12.456218]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.456241]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.456263]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.456286]  kthread+0x337/0x6f0
[   12.456304]  ? trace_preempt_on+0x20/0xc0
[   12.456326]  ? __pfx_kthread+0x10/0x10
[   12.456346]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.456367]  ? calculate_sigpending+0x7b/0xa0
[   12.456389]  ? __pfx_kthread+0x10/0x10
[   12.456410]  ret_from_fork+0x116/0x1d0
[   12.456428]  ? __pfx_kthread+0x10/0x10
[   12.456448]  ret_from_fork_asm+0x1a/0x30
[   12.456477]  </TASK>
[   12.456488] 
[   12.465454] The buggy address belongs to the physical page:
[   12.465706] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950
[   12.466030] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.466485] flags: 0x200000000000040(head|node=0|zone=2)
[   12.466702] page_type: f8(unknown)
[   12.466877] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.467238] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.467578] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.467945] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.468647] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff
[   12.468961] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.469374] page dumped because: kasan: bad access detected
[   12.469616] 
[   12.469695] Memory state around the buggy address:
[   12.469927]  ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.470216]  ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.470562] >ffff888102952080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.470861]                                                              ^
[   12.471200]  ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.471495]  ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.471708] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30FwNKrR0chZl8JxQ9oDLeGgEf1

job_id

TEST:linaro@lkft#30FwRyqi5eF7k6ycwSB1dmi5d1h

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30FwRyqi5eF7k6ycwSB1dmi5d1h

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwP75WO2lZAs6D18BNTrSrzQc/bzImage
sha256sum	de02a38a1e0e36537754570131db9d2ba43a94a4de4de3ca471404ecde060069

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30FwP75WO2lZAs6D18BNTrSrzQc/modules.tar.xz
sha256sum	76c89c3c5410838d131be6caf03bba5297faf49ed3bb153877ad6287d570cf9b

durations

tests

boot	0
kunit	206.00

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit