lkft/linux-mainline-master - v6.16-rc5-193-g40f92e79b0aa - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 11, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.522881] ==================================================================
[   16.523100] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.523194] Write of size 1 at addr fff00000c65220eb by task kunit_try_catch/161
[   16.523557] 
[   16.523643] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.524066] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.524132] Hardware name: linux,dummy-virt (DT)
[   16.524268] Call trace:
[   16.524405]  show_stack+0x20/0x38 (C)
[   16.524492]  dump_stack_lvl+0x8c/0xd0
[   16.524651]  print_report+0x118/0x608
[   16.524725]  kasan_report+0xdc/0x128
[   16.524838]  __asan_report_store1_noabort+0x20/0x30
[   16.525065]  krealloc_more_oob_helper+0x60c/0x678
[   16.525304]  krealloc_large_more_oob+0x20/0x38
[   16.525385]  kunit_try_run_case+0x170/0x3f0
[   16.525610]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.525897]  kthread+0x328/0x630
[   16.526156]  ret_from_fork+0x10/0x20
[   16.526500] 
[   16.526543] The buggy address belongs to the physical page:
[   16.526814] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106520
[   16.526890] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.526942] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.527340] page_type: f8(unknown)
[   16.527574] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.527636] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.527934] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.528338] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.528431] head: 0bfffe0000000002 ffffc1ffc3194801 00000000ffffffff 00000000ffffffff
[   16.528482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.528687] page dumped because: kasan: bad access detected
[   16.528936] 
[   16.529078] Memory state around the buggy address:
[   16.529113]  fff00000c6521f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.529171]  fff00000c6522000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.529416] >fff00000c6522080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.529613]                                                           ^
[   16.529662]  fff00000c6522100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.529914]  fff00000c6522180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.530124] ==================================================================
[   16.459972] ==================================================================
[   16.460030] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.460117] Write of size 1 at addr fff00000c4408cf0 by task kunit_try_catch/157
[   16.460183] 
[   16.460213] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.460290] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.460533] Hardware name: linux,dummy-virt (DT)
[   16.460642] Call trace:
[   16.460664]  show_stack+0x20/0x38 (C)
[   16.460750]  dump_stack_lvl+0x8c/0xd0
[   16.460866]  print_report+0x118/0x608
[   16.460942]  kasan_report+0xdc/0x128
[   16.460988]  __asan_report_store1_noabort+0x20/0x30
[   16.461097]  krealloc_more_oob_helper+0x5c0/0x678
[   16.461155]  krealloc_more_oob+0x20/0x38
[   16.461200]  kunit_try_run_case+0x170/0x3f0
[   16.461245]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.461483]  kthread+0x328/0x630
[   16.461570]  ret_from_fork+0x10/0x20
[   16.461626] 
[   16.461644] Allocated by task 157:
[   16.461717]  kasan_save_stack+0x3c/0x68
[   16.461764]  kasan_save_track+0x20/0x40
[   16.461917]  kasan_save_alloc_info+0x40/0x58
[   16.461963]  __kasan_krealloc+0x118/0x178
[   16.462042]  krealloc_noprof+0x128/0x360
[   16.462079]  krealloc_more_oob_helper+0x168/0x678
[   16.462155]  krealloc_more_oob+0x20/0x38
[   16.462193]  kunit_try_run_case+0x170/0x3f0
[   16.462229]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.462420]  kthread+0x328/0x630
[   16.462462]  ret_from_fork+0x10/0x20
[   16.462498] 
[   16.462516] The buggy address belongs to the object at fff00000c4408c00
[   16.462516]  which belongs to the cache kmalloc-256 of size 256
[   16.462570] The buggy address is located 5 bytes to the right of
[   16.462570]  allocated 235-byte region [fff00000c4408c00, fff00000c4408ceb)
[   16.462660] 
[   16.462750] The buggy address belongs to the physical page:
[   16.462905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104408
[   16.462957] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.463003] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.463054] page_type: f5(slab)
[   16.463090] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.463140] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.463187] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.463233] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.463280] head: 0bfffe0000000001 ffffc1ffc3110201 00000000ffffffff 00000000ffffffff
[   16.463331] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.463369] page dumped because: kasan: bad access detected
[   16.463398] 
[   16.463415] Memory state around the buggy address:
[   16.463443]  fff00000c4408b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.463483]  fff00000c4408c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.463523] >fff00000c4408c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.463558]                                                              ^
[   16.463595]  fff00000c4408d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.463635]  fff00000c4408d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.463670] ==================================================================
[   16.454705] ==================================================================
[   16.454775] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.455103] Write of size 1 at addr fff00000c4408ceb by task kunit_try_catch/157
[   16.455229] 
[   16.455388] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.455530] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.455587] Hardware name: linux,dummy-virt (DT)
[   16.455616] Call trace:
[   16.455637]  show_stack+0x20/0x38 (C)
[   16.455686]  dump_stack_lvl+0x8c/0xd0
[   16.455731]  print_report+0x118/0x608
[   16.455777]  kasan_report+0xdc/0x128
[   16.456167]  __asan_report_store1_noabort+0x20/0x30
[   16.456351]  krealloc_more_oob_helper+0x60c/0x678
[   16.456494]  krealloc_more_oob+0x20/0x38
[   16.456592]  kunit_try_run_case+0x170/0x3f0
[   16.456681]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.456878]  kthread+0x328/0x630
[   16.456929]  ret_from_fork+0x10/0x20
[   16.456976] 
[   16.457098] Allocated by task 157:
[   16.457132]  kasan_save_stack+0x3c/0x68
[   16.457174]  kasan_save_track+0x20/0x40
[   16.457210]  kasan_save_alloc_info+0x40/0x58
[   16.457258]  __kasan_krealloc+0x118/0x178
[   16.457293]  krealloc_noprof+0x128/0x360
[   16.457338]  krealloc_more_oob_helper+0x168/0x678
[   16.457376]  krealloc_more_oob+0x20/0x38
[   16.457411]  kunit_try_run_case+0x170/0x3f0
[   16.457447]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.457504]  kthread+0x328/0x630
[   16.457537]  ret_from_fork+0x10/0x20
[   16.457581] 
[   16.457601] The buggy address belongs to the object at fff00000c4408c00
[   16.457601]  which belongs to the cache kmalloc-256 of size 256
[   16.457656] The buggy address is located 0 bytes to the right of
[   16.457656]  allocated 235-byte region [fff00000c4408c00, fff00000c4408ceb)
[   16.457740] 
[   16.457768] The buggy address belongs to the physical page:
[   16.457799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104408
[   16.457887] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.457933] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.457991] page_type: f5(slab)
[   16.458036] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.458094] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.458141] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.458198] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.458245] head: 0bfffe0000000001 ffffc1ffc3110201 00000000ffffffff 00000000ffffffff
[   16.458293] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.458331] page dumped because: kasan: bad access detected
[   16.458360] 
[   16.458379] Memory state around the buggy address:
[   16.458417]  fff00000c4408b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.458459]  fff00000c4408c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.458514] >fff00000c4408c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.458558]                                                           ^
[   16.458600]  fff00000c4408d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.458646]  fff00000c4408d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.458685] ==================================================================
[   16.533630] ==================================================================
[   16.533697] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.533995] Write of size 1 at addr fff00000c65220f0 by task kunit_try_catch/161
[   16.534064] 
[   16.534132] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.534215] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.534392] Hardware name: linux,dummy-virt (DT)
[   16.534610] Call trace:
[   16.534670]  show_stack+0x20/0x38 (C)
[   16.534853]  dump_stack_lvl+0x8c/0xd0
[   16.535210]  print_report+0x118/0x608
[   16.535413]  kasan_report+0xdc/0x128
[   16.535611]  __asan_report_store1_noabort+0x20/0x30
[   16.535704]  krealloc_more_oob_helper+0x5c0/0x678
[   16.536134]  krealloc_large_more_oob+0x20/0x38
[   16.536244]  kunit_try_run_case+0x170/0x3f0
[   16.536496]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.536559]  kthread+0x328/0x630
[   16.536927]  ret_from_fork+0x10/0x20
[   16.537264] 
[   16.537543] The buggy address belongs to the physical page:
[   16.537582] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106520
[   16.537978] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.538182] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.538357] page_type: f8(unknown)
[   16.538517] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.538881] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.538991] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.539254] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.539306] head: 0bfffe0000000002 ffffc1ffc3194801 00000000ffffffff 00000000ffffffff
[   16.539369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.539416] page dumped because: kasan: bad access detected
[   16.539480] 
[   16.539499] Memory state around the buggy address:
[   16.539537]  fff00000c6521f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.539580]  fff00000c6522000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.539620] >fff00000c6522080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.539657]                                                              ^
[   16.540104]  fff00000c6522100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.540234]  fff00000c6522180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.540390] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW7UZxPiH1T464u20hwJIzMWq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW7UZxPiH1T464u20hwJIzMWq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/Image.gz
sha256sum	73455ba8c867cc31230938836185eba847c55da4ba6373a74526940ec423a2fc

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/modules.tar.xz
sha256sum	b3a38b7dc2158aa4df654dd76a8d8d3385fffbddc38ddea05f97ea9d33ec2580

durations

tests

boot	0
kunit	180.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.212653] ==================================================================
[   12.213306] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.213639] Write of size 1 at addr ffff888102a3e0f0 by task kunit_try_catch/177
[   12.213941] 
[   12.214022] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.214060] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.214071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.214089] Call Trace:
[   12.214101]  <TASK>
[   12.214113]  dump_stack_lvl+0x73/0xb0
[   12.214140]  print_report+0xd1/0x650
[   12.214162]  ? __virt_addr_valid+0x1db/0x2d0
[   12.214184]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.214208]  ? kasan_addr_to_slab+0x11/0xa0
[   12.214228]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.214252]  kasan_report+0x141/0x180
[   12.214322]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.214354]  __asan_report_store1_noabort+0x1b/0x30
[   12.214379]  krealloc_more_oob_helper+0x7eb/0x930
[   12.214402]  ? __schedule+0x10cc/0x2b60
[   12.214424]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.214449]  ? finish_task_switch.isra.0+0x153/0x700
[   12.214471]  ? __switch_to+0x47/0xf50
[   12.214496]  ? __schedule+0x10cc/0x2b60
[   12.214525]  ? __pfx_read_tsc+0x10/0x10
[   12.214549]  krealloc_large_more_oob+0x1c/0x30
[   12.214572]  kunit_try_run_case+0x1a5/0x480
[   12.214596]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.214619]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.214644]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.214667]  ? __kthread_parkme+0x82/0x180
[   12.214687]  ? preempt_count_sub+0x50/0x80
[   12.214711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.214737]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.214763]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.214789]  kthread+0x337/0x6f0
[   12.214808]  ? trace_preempt_on+0x20/0xc0
[   12.214830]  ? __pfx_kthread+0x10/0x10
[   12.214851]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.214872]  ? calculate_sigpending+0x7b/0xa0
[   12.214908]  ? __pfx_kthread+0x10/0x10
[   12.214939]  ret_from_fork+0x116/0x1d0
[   12.214957]  ? __pfx_kthread+0x10/0x10
[   12.214977]  ret_from_fork_asm+0x1a/0x30
[   12.215009]  </TASK>
[   12.215019] 
[   12.222808] The buggy address belongs to the physical page:
[   12.223002] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.223755] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.224331] flags: 0x200000000000040(head|node=0|zone=2)
[   12.224598] page_type: f8(unknown)
[   12.224775] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.225080] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.225315] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.225667] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.226400] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.226751] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.226993] page dumped because: kasan: bad access detected
[   12.227266] 
[   12.227367] Memory state around the buggy address:
[   12.227584]  ffff888102a3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.227948]  ffff888102a3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.228351] >ffff888102a3e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.228635]                                                              ^
[   12.228914]  ffff888102a3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.229504]  ffff888102a3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.229825] ==================================================================
[   12.019123] ==================================================================
[   12.019366] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.019607] Write of size 1 at addr ffff88810032def0 by task kunit_try_catch/173
[   12.019995] 
[   12.020170] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.020210] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.020221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.020239] Call Trace:
[   12.020255]  <TASK>
[   12.020270]  dump_stack_lvl+0x73/0xb0
[   12.020297]  print_report+0xd1/0x650
[   12.020317]  ? __virt_addr_valid+0x1db/0x2d0
[   12.020338]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.020375]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.020398]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.020422]  kasan_report+0x141/0x180
[   12.020444]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.020472]  __asan_report_store1_noabort+0x1b/0x30
[   12.020497]  krealloc_more_oob_helper+0x7eb/0x930
[   12.020519]  ? __schedule+0x10cc/0x2b60
[   12.020541]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.020566]  ? finish_task_switch.isra.0+0x153/0x700
[   12.020589]  ? __switch_to+0x47/0xf50
[   12.020614]  ? __schedule+0x10cc/0x2b60
[   12.020635]  ? __pfx_read_tsc+0x10/0x10
[   12.020660]  krealloc_more_oob+0x1c/0x30
[   12.020683]  kunit_try_run_case+0x1a5/0x480
[   12.020709]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.020733]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.020766]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.020789]  ? __kthread_parkme+0x82/0x180
[   12.020809]  ? preempt_count_sub+0x50/0x80
[   12.020832]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.020856]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.020880]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.020904]  kthread+0x337/0x6f0
[   12.020933]  ? trace_preempt_on+0x20/0xc0
[   12.020956]  ? __pfx_kthread+0x10/0x10
[   12.020976]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.020997]  ? calculate_sigpending+0x7b/0xa0
[   12.021031]  ? __pfx_kthread+0x10/0x10
[   12.021053]  ret_from_fork+0x116/0x1d0
[   12.021070]  ? __pfx_kthread+0x10/0x10
[   12.021090]  ret_from_fork_asm+0x1a/0x30
[   12.021122]  </TASK>
[   12.021131] 
[   12.035047] Allocated by task 173:
[   12.035483]  kasan_save_stack+0x45/0x70
[   12.035830]  kasan_save_track+0x18/0x40
[   12.036238]  kasan_save_alloc_info+0x3b/0x50
[   12.036726]  __kasan_krealloc+0x190/0x1f0
[   12.037131]  krealloc_noprof+0xf3/0x340
[   12.037310]  krealloc_more_oob_helper+0x1a9/0x930
[   12.037472]  krealloc_more_oob+0x1c/0x30
[   12.037608]  kunit_try_run_case+0x1a5/0x480
[   12.037762]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.038240]  kthread+0x337/0x6f0
[   12.038605]  ret_from_fork+0x116/0x1d0
[   12.038995]  ret_from_fork_asm+0x1a/0x30
[   12.039539] 
[   12.039706] The buggy address belongs to the object at ffff88810032de00
[   12.039706]  which belongs to the cache kmalloc-256 of size 256
[   12.040974] The buggy address is located 5 bytes to the right of
[   12.040974]  allocated 235-byte region [ffff88810032de00, ffff88810032deeb)
[   12.041646] 
[   12.041720] The buggy address belongs to the physical page:
[   12.042201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10032c
[   12.042988] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.043852] flags: 0x200000000000040(head|node=0|zone=2)
[   12.044205] page_type: f5(slab)
[   12.044498] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.044837] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.045112] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.045787] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.046601] head: 0200000000000001 ffffea000400cb01 00000000ffffffff 00000000ffffffff
[   12.047344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.047581] page dumped because: kasan: bad access detected
[   12.047761] 
[   12.047913] Memory state around the buggy address:
[   12.048333]  ffff88810032dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.049053]  ffff88810032de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.049659] >ffff88810032de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.050456]                                                              ^
[   12.050837]  ffff88810032df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.051297]  ffff88810032df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.051957] ==================================================================
[   12.195699] ==================================================================
[   12.196718] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.197065] Write of size 1 at addr ffff888102a3e0eb by task kunit_try_catch/177
[   12.197407] 
[   12.197613] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.197658] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.197669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.197689] Call Trace:
[   12.197702]  <TASK>
[   12.197718]  dump_stack_lvl+0x73/0xb0
[   12.197749]  print_report+0xd1/0x650
[   12.197771]  ? __virt_addr_valid+0x1db/0x2d0
[   12.197795]  ? krealloc_more_oob_helper+0x821/0x930
[   12.197819]  ? kasan_addr_to_slab+0x11/0xa0
[   12.197840]  ? krealloc_more_oob_helper+0x821/0x930
[   12.197864]  kasan_report+0x141/0x180
[   12.197887]  ? krealloc_more_oob_helper+0x821/0x930
[   12.197916]  __asan_report_store1_noabort+0x1b/0x30
[   12.197954]  krealloc_more_oob_helper+0x821/0x930
[   12.197977]  ? __schedule+0x10cc/0x2b60
[   12.197999]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.198024]  ? finish_task_switch.isra.0+0x153/0x700
[   12.198047]  ? __switch_to+0x47/0xf50
[   12.198085]  ? __schedule+0x10cc/0x2b60
[   12.198107]  ? __pfx_read_tsc+0x10/0x10
[   12.198132]  krealloc_large_more_oob+0x1c/0x30
[   12.198155]  kunit_try_run_case+0x1a5/0x480
[   12.198180]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.198202]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.198226]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.198250]  ? __kthread_parkme+0x82/0x180
[   12.198270]  ? preempt_count_sub+0x50/0x80
[   12.198295]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.198319]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.198343]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.198368]  kthread+0x337/0x6f0
[   12.198386]  ? trace_preempt_on+0x20/0xc0
[   12.198409]  ? __pfx_kthread+0x10/0x10
[   12.198430]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.198451]  ? calculate_sigpending+0x7b/0xa0
[   12.198475]  ? __pfx_kthread+0x10/0x10
[   12.198496]  ret_from_fork+0x116/0x1d0
[   12.198523]  ? __pfx_kthread+0x10/0x10
[   12.198543]  ret_from_fork_asm+0x1a/0x30
[   12.198576]  </TASK>
[   12.198586] 
[   12.206514] The buggy address belongs to the physical page:
[   12.206742] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.207104] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.207462] flags: 0x200000000000040(head|node=0|zone=2)
[   12.207663] page_type: f8(unknown)
[   12.207888] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.208162] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.208423] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.208780] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.209138] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.209409] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.209745] page dumped because: kasan: bad access detected
[   12.210118] 
[   12.210198] Memory state around the buggy address:
[   12.210377]  ffff888102a3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.210690]  ffff888102a3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.211065] >ffff888102a3e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.211343]                                                           ^
[   12.211613]  ffff888102a3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.211910]  ffff888102a3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.212222] ==================================================================
[   11.986247] ==================================================================
[   11.987343] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.987613] Write of size 1 at addr ffff88810032deeb by task kunit_try_catch/173
[   11.987836] 
[   11.987936] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   11.987979] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.987990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.988010] Call Trace:
[   11.988022]  <TASK>
[   11.988038]  dump_stack_lvl+0x73/0xb0
[   11.988069]  print_report+0xd1/0x650
[   11.988091]  ? __virt_addr_valid+0x1db/0x2d0
[   11.988115]  ? krealloc_more_oob_helper+0x821/0x930
[   11.988138]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.988160]  ? krealloc_more_oob_helper+0x821/0x930
[   11.988184]  kasan_report+0x141/0x180
[   11.988205]  ? krealloc_more_oob_helper+0x821/0x930
[   11.988234]  __asan_report_store1_noabort+0x1b/0x30
[   11.988258]  krealloc_more_oob_helper+0x821/0x930
[   11.988281]  ? __schedule+0x10cc/0x2b60
[   11.988303]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.988327]  ? finish_task_switch.isra.0+0x153/0x700
[   11.988350]  ? __switch_to+0x47/0xf50
[   11.988377]  ? __schedule+0x10cc/0x2b60
[   11.988397]  ? __pfx_read_tsc+0x10/0x10
[   11.988421]  krealloc_more_oob+0x1c/0x30
[   11.988442]  kunit_try_run_case+0x1a5/0x480
[   11.988467]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.988489]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.988512]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.988535]  ? __kthread_parkme+0x82/0x180
[   11.988555]  ? preempt_count_sub+0x50/0x80
[   11.988578]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.988603]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.988626]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.988651]  kthread+0x337/0x6f0
[   11.988669]  ? trace_preempt_on+0x20/0xc0
[   11.988691]  ? __pfx_kthread+0x10/0x10
[   11.988711]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.988732]  ? calculate_sigpending+0x7b/0xa0
[   11.988757]  ? __pfx_kthread+0x10/0x10
[   11.988778]  ret_from_fork+0x116/0x1d0
[   11.988796]  ? __pfx_kthread+0x10/0x10
[   11.988816]  ret_from_fork_asm+0x1a/0x30
[   11.988848]  </TASK>
[   11.988858] 
[   12.003548] Allocated by task 173:
[   12.003742]  kasan_save_stack+0x45/0x70
[   12.004076]  kasan_save_track+0x18/0x40
[   12.004481]  kasan_save_alloc_info+0x3b/0x50
[   12.004684]  __kasan_krealloc+0x190/0x1f0
[   12.004964]  krealloc_noprof+0xf3/0x340
[   12.005268]  krealloc_more_oob_helper+0x1a9/0x930
[   12.005562]  krealloc_more_oob+0x1c/0x30
[   12.005742]  kunit_try_run_case+0x1a5/0x480
[   12.006147]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.006370]  kthread+0x337/0x6f0
[   12.006616]  ret_from_fork+0x116/0x1d0
[   12.006792]  ret_from_fork_asm+0x1a/0x30
[   12.007196] 
[   12.007282] The buggy address belongs to the object at ffff88810032de00
[   12.007282]  which belongs to the cache kmalloc-256 of size 256
[   12.007747] The buggy address is located 0 bytes to the right of
[   12.007747]  allocated 235-byte region [ffff88810032de00, ffff88810032deeb)
[   12.008509] 
[   12.008609] The buggy address belongs to the physical page:
[   12.009052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10032c
[   12.009555] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.009975] flags: 0x200000000000040(head|node=0|zone=2)
[   12.010321] page_type: f5(slab)
[   12.010506] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.010954] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.011458] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.012019] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.012819] head: 0200000000000001 ffffea000400cb01 00000000ffffffff 00000000ffffffff
[   12.013429] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.013664] page dumped because: kasan: bad access detected
[   12.014158] 
[   12.014361] Memory state around the buggy address:
[   12.015007]  ffff88810032dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.015867]  ffff88810032de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.016575] >ffff88810032de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.016830]                                                           ^
[   12.017055]  ffff88810032df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.017706]  ffff88810032df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.018331] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW8T0rf8x1xNcZqJ5ltfUVkWA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW8T0rf8x1xNcZqJ5ltfUVkWA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/bzImage
sha256sum	7f21af14d55a2a6c00657897b5a61581bc03fb7498328917a2f2ae35737ec23d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/modules.tar.xz
sha256sum	390422b5b27780b5bdc518a6075ef4179367a706b7d88bc8e5416986229d72fd

durations

tests

boot	0
kunit	209.86

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit