lkft/linux-mainline-master - v6.16-rc5-53-g8c2e52ebbe88 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 9, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.597709] ==================================================================
[   16.597761] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.597958] Write of size 1 at addr fff00000c77220f0 by task kunit_try_catch/160
[   16.598034] 
[   16.598067] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.598208] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.598234] Hardware name: linux,dummy-virt (DT)
[   16.598290] Call trace:
[   16.598320]  show_stack+0x20/0x38 (C)
[   16.598578]  dump_stack_lvl+0x8c/0xd0
[   16.598647]  print_report+0x118/0x608
[   16.599054]  kasan_report+0xdc/0x128
[   16.599180]  __asan_report_store1_noabort+0x20/0x30
[   16.599231]  krealloc_more_oob_helper+0x5c0/0x678
[   16.599285]  krealloc_large_more_oob+0x20/0x38
[   16.599331]  kunit_try_run_case+0x170/0x3f0
[   16.599634]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.599812]  kthread+0x328/0x630
[   16.599900]  ret_from_fork+0x10/0x20
[   16.600053] 
[   16.600167] The buggy address belongs to the physical page:
[   16.600232] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107720
[   16.600365] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.600413] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.600485] page_type: f8(unknown)
[   16.600530] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.601048] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.601185] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.601319] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.601525] head: 0bfffe0000000002 ffffc1ffc31dc801 00000000ffffffff 00000000ffffffff
[   16.601596] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.602063] page dumped because: kasan: bad access detected
[   16.602187] 
[   16.602326] Memory state around the buggy address:
[   16.602454]  fff00000c7721f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.602500]  fff00000c7722000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.602593] >fff00000c7722080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.602934]                                                              ^
[   16.602980]  fff00000c7722100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.603025]  fff00000c7722180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.603299] ==================================================================
[   16.516591] ==================================================================
[   16.517353] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.517556] Write of size 1 at addr fff00000c461ccf0 by task kunit_try_catch/156
[   16.517774] 
[   16.517815] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.518035] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.518073] Hardware name: linux,dummy-virt (DT)
[   16.518224] Call trace:
[   16.518346]  show_stack+0x20/0x38 (C)
[   16.518459]  dump_stack_lvl+0x8c/0xd0
[   16.518549]  print_report+0x118/0x608
[   16.518726]  kasan_report+0xdc/0x128
[   16.518990]  __asan_report_store1_noabort+0x20/0x30
[   16.519059]  krealloc_more_oob_helper+0x5c0/0x678
[   16.519235]  krealloc_more_oob+0x20/0x38
[   16.519296]  kunit_try_run_case+0x170/0x3f0
[   16.519503]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.519572]  kthread+0x328/0x630
[   16.519663]  ret_from_fork+0x10/0x20
[   16.519769] 
[   16.519787] Allocated by task 156:
[   16.520032]  kasan_save_stack+0x3c/0x68
[   16.520236]  kasan_save_track+0x20/0x40
[   16.520351]  kasan_save_alloc_info+0x40/0x58
[   16.520508]  __kasan_krealloc+0x118/0x178
[   16.520732]  krealloc_noprof+0x128/0x360
[   16.520976]  krealloc_more_oob_helper+0x168/0x678
[   16.521191]  krealloc_more_oob+0x20/0x38
[   16.521364]  kunit_try_run_case+0x170/0x3f0
[   16.521455]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.521675]  kthread+0x328/0x630
[   16.522081]  ret_from_fork+0x10/0x20
[   16.522428] 
[   16.522595] The buggy address belongs to the object at fff00000c461cc00
[   16.522595]  which belongs to the cache kmalloc-256 of size 256
[   16.522713] The buggy address is located 5 bytes to the right of
[   16.522713]  allocated 235-byte region [fff00000c461cc00, fff00000c461cceb)
[   16.523133] 
[   16.523263] The buggy address belongs to the physical page:
[   16.523375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10461c
[   16.523431] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.523561] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.523950] page_type: f5(slab)
[   16.524001] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.524051] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.524346] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.524588] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.524691] head: 0bfffe0000000001 ffffc1ffc3118701 00000000ffffffff 00000000ffffffff
[   16.524850] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.525036] page dumped because: kasan: bad access detected
[   16.525281] 
[   16.525382] Memory state around the buggy address:
[   16.525517]  fff00000c461cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.525563]  fff00000c461cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.525897] >fff00000c461cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.526151]                                                              ^
[   16.526315]  fff00000c461cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.526595]  fff00000c461cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.526691] ==================================================================
[   16.592880] ==================================================================
[   16.593198] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.593375] Write of size 1 at addr fff00000c77220eb by task kunit_try_catch/160
[   16.593427] 
[   16.593464] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.593705] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.593910] Hardware name: linux,dummy-virt (DT)
[   16.593988] Call trace:
[   16.594035]  show_stack+0x20/0x38 (C)
[   16.594098]  dump_stack_lvl+0x8c/0xd0
[   16.594425]  print_report+0x118/0x608
[   16.594503]  kasan_report+0xdc/0x128
[   16.594586]  __asan_report_store1_noabort+0x20/0x30
[   16.594639]  krealloc_more_oob_helper+0x60c/0x678
[   16.594698]  krealloc_large_more_oob+0x20/0x38
[   16.594753]  kunit_try_run_case+0x170/0x3f0
[   16.594802]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.594854]  kthread+0x328/0x630
[   16.594895]  ret_from_fork+0x10/0x20
[   16.594943] 
[   16.594964] The buggy address belongs to the physical page:
[   16.595005] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107720
[   16.595066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.595124] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.595178] page_type: f8(unknown)
[   16.595217] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.595266] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.595314] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.595362] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.595410] head: 0bfffe0000000002 ffffc1ffc31dc801 00000000ffffffff 00000000ffffffff
[   16.595456] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.595502] page dumped because: kasan: bad access detected
[   16.595541] 
[   16.595558] Memory state around the buggy address:
[   16.595597]  fff00000c7721f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.595640]  fff00000c7722000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.596289] >fff00000c7722080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.596441]                                                           ^
[   16.596489]  fff00000c7722100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.596532]  fff00000c7722180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.596732] ==================================================================
[   16.507095] ==================================================================
[   16.507309] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.507411] Write of size 1 at addr fff00000c461cceb by task kunit_try_catch/156
[   16.507526] 
[   16.507613] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.507818] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.507845] Hardware name: linux,dummy-virt (DT)
[   16.507899] Call trace:
[   16.507923]  show_stack+0x20/0x38 (C)
[   16.507978]  dump_stack_lvl+0x8c/0xd0
[   16.508444]  print_report+0x118/0x608
[   16.508578]  kasan_report+0xdc/0x128
[   16.508741]  __asan_report_store1_noabort+0x20/0x30
[   16.508902]  krealloc_more_oob_helper+0x60c/0x678
[   16.509473]  krealloc_more_oob+0x20/0x38
[   16.509666]  kunit_try_run_case+0x170/0x3f0
[   16.510502]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.510573]  kthread+0x328/0x630
[   16.511041]  ret_from_fork+0x10/0x20
[   16.511196] 
[   16.511663] Allocated by task 156:
[   16.511727]  kasan_save_stack+0x3c/0x68
[   16.511775]  kasan_save_track+0x20/0x40
[   16.511811]  kasan_save_alloc_info+0x40/0x58
[   16.511849]  __kasan_krealloc+0x118/0x178
[   16.512197]  krealloc_noprof+0x128/0x360
[   16.512366]  krealloc_more_oob_helper+0x168/0x678
[   16.512446]  krealloc_more_oob+0x20/0x38
[   16.512656]  kunit_try_run_case+0x170/0x3f0
[   16.512822]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.512869]  kthread+0x328/0x630
[   16.513083]  ret_from_fork+0x10/0x20
[   16.513516] 
[   16.513612] The buggy address belongs to the object at fff00000c461cc00
[   16.513612]  which belongs to the cache kmalloc-256 of size 256
[   16.513808] The buggy address is located 0 bytes to the right of
[   16.513808]  allocated 235-byte region [fff00000c461cc00, fff00000c461cceb)
[   16.513953] 
[   16.514025] The buggy address belongs to the physical page:
[   16.514211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10461c
[   16.514407] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.514480] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.514882] page_type: f5(slab)
[   16.514934] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.514983] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.515075] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.515152] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.515209] head: 0bfffe0000000001 ffffc1ffc3118701 00000000ffffffff 00000000ffffffff
[   16.515256] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.515305] page dumped because: kasan: bad access detected
[   16.515341] 
[   16.515359] Memory state around the buggy address:
[   16.515392]  fff00000c461cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.515433]  fff00000c461cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.515483] >fff00000c461cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.515521]                                                           ^
[   16.515558]  fff00000c461cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.515599]  fff00000c461cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.515644] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zerdbOsDmJGhDOOfcn5MGLINr4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zerdbOsDmJGhDOOfcn5MGLINr4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/Image.gz
sha256sum	89f9acb15fbf6e84801bacbda6894745389368cc1918c11b82840929e5945e84

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/modules.tar.xz
sha256sum	5b8f2c09ed37ecf5f0d0ccdea1b4979c0eea6c192632c1613f6c12550875e5c5

durations

tests

boot	0
kunit	180.51

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.341056] ==================================================================
[   12.342451] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.343411] Write of size 1 at addr ffff8881028ca0eb by task kunit_try_catch/177
[   12.344372] 
[   12.344560] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.344604] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.344615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.344635] Call Trace:
[   12.344647]  <TASK>
[   12.344663]  dump_stack_lvl+0x73/0xb0
[   12.344694]  print_report+0xd1/0x650
[   12.344834]  ? __virt_addr_valid+0x1db/0x2d0
[   12.344858]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344882]  ? kasan_addr_to_slab+0x11/0xa0
[   12.344909]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344933]  kasan_report+0x141/0x180
[   12.344956]  ? krealloc_more_oob_helper+0x821/0x930
[   12.344985]  __asan_report_store1_noabort+0x1b/0x30
[   12.345010]  krealloc_more_oob_helper+0x821/0x930
[   12.345039]  ? __schedule+0x10cc/0x2b60
[   12.345061]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.345086]  ? finish_task_switch.isra.0+0x153/0x700
[   12.345109]  ? __switch_to+0x47/0xf50
[   12.345133]  ? __schedule+0x10cc/0x2b60
[   12.345153]  ? __pfx_read_tsc+0x10/0x10
[   12.345178]  krealloc_large_more_oob+0x1c/0x30
[   12.345201]  kunit_try_run_case+0x1a5/0x480
[   12.345225]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.345247]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.345270]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.345293]  ? __kthread_parkme+0x82/0x180
[   12.345314]  ? preempt_count_sub+0x50/0x80
[   12.345338]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.345362]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.345386]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.345411]  kthread+0x337/0x6f0
[   12.345430]  ? trace_preempt_on+0x20/0xc0
[   12.345454]  ? __pfx_kthread+0x10/0x10
[   12.345474]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.345496]  ? calculate_sigpending+0x7b/0xa0
[   12.345519]  ? __pfx_kthread+0x10/0x10
[   12.345540]  ret_from_fork+0x116/0x1d0
[   12.345558]  ? __pfx_kthread+0x10/0x10
[   12.345577]  ret_from_fork_asm+0x1a/0x30
[   12.345607]  </TASK>
[   12.345618] 
[   12.357855] The buggy address belongs to the physical page:
[   12.358118] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c8
[   12.358762] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.359083] flags: 0x200000000000040(head|node=0|zone=2)
[   12.359656] page_type: f8(unknown)
[   12.359828] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.360407] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.360742] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.361063] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.361601] head: 0200000000000002 ffffea00040a3201 00000000ffffffff 00000000ffffffff
[   12.362092] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.362503] page dumped because: kasan: bad access detected
[   12.362832] 
[   12.362918] Memory state around the buggy address:
[   12.363479]  ffff8881028c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.363801]  ffff8881028ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.364173] >ffff8881028ca080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.364632]                                                           ^
[   12.365029]  ffff8881028ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.365490]  ffff8881028ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.365887] ==================================================================
[   12.366384] ==================================================================
[   12.366672] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.367012] Write of size 1 at addr ffff8881028ca0f0 by task kunit_try_catch/177
[   12.367479] 
[   12.367574] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.367614] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.367626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.367645] Call Trace:
[   12.367656]  <TASK>
[   12.367668]  dump_stack_lvl+0x73/0xb0
[   12.367696]  print_report+0xd1/0x650
[   12.367733]  ? __virt_addr_valid+0x1db/0x2d0
[   12.367755]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367779]  ? kasan_addr_to_slab+0x11/0xa0
[   12.367799]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367824]  kasan_report+0x141/0x180
[   12.367846]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.367875]  __asan_report_store1_noabort+0x1b/0x30
[   12.367900]  krealloc_more_oob_helper+0x7eb/0x930
[   12.367923]  ? __schedule+0x10cc/0x2b60
[   12.367944]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.367969]  ? finish_task_switch.isra.0+0x153/0x700
[   12.367992]  ? __switch_to+0x47/0xf50
[   12.368016]  ? __schedule+0x10cc/0x2b60
[   12.368052]  ? __pfx_read_tsc+0x10/0x10
[   12.368076]  krealloc_large_more_oob+0x1c/0x30
[   12.368099]  kunit_try_run_case+0x1a5/0x480
[   12.368123]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.368146]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.368169]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.368192]  ? __kthread_parkme+0x82/0x180
[   12.368212]  ? preempt_count_sub+0x50/0x80
[   12.368235]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.368259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.368283]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.368308]  kthread+0x337/0x6f0
[   12.368336]  ? trace_preempt_on+0x20/0xc0
[   12.368360]  ? __pfx_kthread+0x10/0x10
[   12.368380]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.368402]  ? calculate_sigpending+0x7b/0xa0
[   12.368425]  ? __pfx_kthread+0x10/0x10
[   12.368446]  ret_from_fork+0x116/0x1d0
[   12.368464]  ? __pfx_kthread+0x10/0x10
[   12.368484]  ret_from_fork_asm+0x1a/0x30
[   12.368515]  </TASK>
[   12.368524] 
[   12.376471] The buggy address belongs to the physical page:
[   12.376653] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c8
[   12.376981] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.377309] flags: 0x200000000000040(head|node=0|zone=2)
[   12.377565] page_type: f8(unknown)
[   12.377713] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.377944] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.378680] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.379017] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.379443] head: 0200000000000002 ffffea00040a3201 00000000ffffffff 00000000ffffffff
[   12.379720] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.380231] page dumped because: kasan: bad access detected
[   12.380458] 
[   12.380554] Memory state around the buggy address:
[   12.380751]  ffff8881028c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.381129]  ffff8881028ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.381407] >ffff8881028ca080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.381679]                                                              ^
[   12.381955]  ffff8881028ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.382405]  ffff8881028ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.382628] ==================================================================
[   12.170057] ==================================================================
[   12.170439] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.170685] Write of size 1 at addr ffff8881003508eb by task kunit_try_catch/173
[   12.171316] 
[   12.171415] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.171456] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.171468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.171486] Call Trace:
[   12.172150]  <TASK>
[   12.172175]  dump_stack_lvl+0x73/0xb0
[   12.172207]  print_report+0xd1/0x650
[   12.172229]  ? __virt_addr_valid+0x1db/0x2d0
[   12.172251]  ? krealloc_more_oob_helper+0x821/0x930
[   12.172276]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.172299]  ? krealloc_more_oob_helper+0x821/0x930
[   12.172332]  kasan_report+0x141/0x180
[   12.172353]  ? krealloc_more_oob_helper+0x821/0x930
[   12.172381]  __asan_report_store1_noabort+0x1b/0x30
[   12.172406]  krealloc_more_oob_helper+0x821/0x930
[   12.172429]  ? __schedule+0x10cc/0x2b60
[   12.172450]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.172475]  ? finish_task_switch.isra.0+0x153/0x700
[   12.172497]  ? __switch_to+0x47/0xf50
[   12.172523]  ? __schedule+0x10cc/0x2b60
[   12.172544]  ? __pfx_read_tsc+0x10/0x10
[   12.172567]  krealloc_more_oob+0x1c/0x30
[   12.172589]  kunit_try_run_case+0x1a5/0x480
[   12.172612]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.172634]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.172658]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.172683]  ? __kthread_parkme+0x82/0x180
[   12.172716]  ? preempt_count_sub+0x50/0x80
[   12.172738]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.172762]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.172798]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.172842]  kthread+0x337/0x6f0
[   12.172862]  ? trace_preempt_on+0x20/0xc0
[   12.172885]  ? __pfx_kthread+0x10/0x10
[   12.172906]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.172927]  ? calculate_sigpending+0x7b/0xa0
[   12.172950]  ? __pfx_kthread+0x10/0x10
[   12.172971]  ret_from_fork+0x116/0x1d0
[   12.172989]  ? __pfx_kthread+0x10/0x10
[   12.173044]  ret_from_fork_asm+0x1a/0x30
[   12.173089]  </TASK>
[   12.173099] 
[   12.183713] Allocated by task 173:
[   12.184161]  kasan_save_stack+0x45/0x70
[   12.184461]  kasan_save_track+0x18/0x40
[   12.184624]  kasan_save_alloc_info+0x3b/0x50
[   12.184991]  __kasan_krealloc+0x190/0x1f0
[   12.185488]  krealloc_noprof+0xf3/0x340
[   12.185760]  krealloc_more_oob_helper+0x1a9/0x930
[   12.186144]  krealloc_more_oob+0x1c/0x30
[   12.186473]  kunit_try_run_case+0x1a5/0x480
[   12.186801]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.187212]  kthread+0x337/0x6f0
[   12.187494]  ret_from_fork+0x116/0x1d0
[   12.187641]  ret_from_fork_asm+0x1a/0x30
[   12.187854] 
[   12.187951] The buggy address belongs to the object at ffff888100350800
[   12.187951]  which belongs to the cache kmalloc-256 of size 256
[   12.188454] The buggy address is located 0 bytes to the right of
[   12.188454]  allocated 235-byte region [ffff888100350800, ffff8881003508eb)
[   12.188951] 
[   12.189047] The buggy address belongs to the physical page:
[   12.189278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   12.189634] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.190647] flags: 0x200000000000040(head|node=0|zone=2)
[   12.191136] page_type: f5(slab)
[   12.191302] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.191777] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.192247] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.192718] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.193229] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   12.193681] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.194273] page dumped because: kasan: bad access detected
[   12.194605] 
[   12.194691] Memory state around the buggy address:
[   12.195188]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.195622]  ffff888100350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.195941] >ffff888100350880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.196437]                                                           ^
[   12.196832]  ffff888100350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.197305]  ffff888100350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.197734] ==================================================================
[   12.198892] ==================================================================
[   12.199528] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.199894] Write of size 1 at addr ffff8881003508f0 by task kunit_try_catch/173
[   12.200573] 
[   12.200781] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.200824] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.200835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.200854] Call Trace:
[   12.200864]  <TASK>
[   12.200878]  dump_stack_lvl+0x73/0xb0
[   12.200907]  print_report+0xd1/0x650
[   12.200928]  ? __virt_addr_valid+0x1db/0x2d0
[   12.200951]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.200976]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.201000]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.201217]  kasan_report+0x141/0x180
[   12.201241]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.201270]  __asan_report_store1_noabort+0x1b/0x30
[   12.201295]  krealloc_more_oob_helper+0x7eb/0x930
[   12.201318]  ? __schedule+0x10cc/0x2b60
[   12.201340]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.201364]  ? finish_task_switch.isra.0+0x153/0x700
[   12.201388]  ? __switch_to+0x47/0xf50
[   12.201412]  ? __schedule+0x10cc/0x2b60
[   12.201432]  ? __pfx_read_tsc+0x10/0x10
[   12.201455]  krealloc_more_oob+0x1c/0x30
[   12.201476]  kunit_try_run_case+0x1a5/0x480
[   12.201501]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.201523]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.201546]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.201569]  ? __kthread_parkme+0x82/0x180
[   12.201589]  ? preempt_count_sub+0x50/0x80
[   12.201611]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.201635]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.201659]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.201683]  kthread+0x337/0x6f0
[   12.201718]  ? trace_preempt_on+0x20/0xc0
[   12.201741]  ? __pfx_kthread+0x10/0x10
[   12.201762]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.201783]  ? calculate_sigpending+0x7b/0xa0
[   12.201807]  ? __pfx_kthread+0x10/0x10
[   12.201828]  ret_from_fork+0x116/0x1d0
[   12.201846]  ? __pfx_kthread+0x10/0x10
[   12.201865]  ret_from_fork_asm+0x1a/0x30
[   12.201896]  </TASK>
[   12.201906] 
[   12.213648] Allocated by task 173:
[   12.213898]  kasan_save_stack+0x45/0x70
[   12.214348]  kasan_save_track+0x18/0x40
[   12.214515]  kasan_save_alloc_info+0x3b/0x50
[   12.214864]  __kasan_krealloc+0x190/0x1f0
[   12.215288]  krealloc_noprof+0xf3/0x340
[   12.215468]  krealloc_more_oob_helper+0x1a9/0x930
[   12.215847]  krealloc_more_oob+0x1c/0x30
[   12.216223]  kunit_try_run_case+0x1a5/0x480
[   12.216422]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.216632]  kthread+0x337/0x6f0
[   12.216956]  ret_from_fork+0x116/0x1d0
[   12.217195]  ret_from_fork_asm+0x1a/0x30
[   12.217395] 
[   12.217495] The buggy address belongs to the object at ffff888100350800
[   12.217495]  which belongs to the cache kmalloc-256 of size 256
[   12.217992] The buggy address is located 5 bytes to the right of
[   12.217992]  allocated 235-byte region [ffff888100350800, ffff8881003508eb)
[   12.218674] 
[   12.218787] The buggy address belongs to the physical page:
[   12.219088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   12.219425] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.219733] flags: 0x200000000000040(head|node=0|zone=2)
[   12.219958] page_type: f5(slab)
[   12.220209] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.220512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.220838] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.221211] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.221499] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   12.221856] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.222318] page dumped because: kasan: bad access detected
[   12.222582] 
[   12.222679] Memory state around the buggy address:
[   12.222859]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.223259]  ffff888100350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.223525] >ffff888100350880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.223854]                                                              ^
[   12.224209]  ffff888100350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.224470]  ffff888100350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.224796] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zereWNnRLZAeOdMUNpobIiLjyq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zereWNnRLZAeOdMUNpobIiLjyq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/bzImage
sha256sum	268854fffad98cae17f08a82775371eb2820b0ac8cc4163845be9ad2651ac2eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/modules.tar.xz
sha256sum	3fdcd4639617aa7b9c8fff27fe84557c223c48cd8b5930857481938554180465

durations

tests

boot	0
kunit	211.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit