lkft/linux-mainline-master - v6.16-rc6-2-g155a3c003e55 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 15, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.290782] ==================================================================
[   15.290852] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.291086] Write of size 1 at addr fff00000c175eef0 by task kunit_try_catch/157
[   15.291138] 
[   15.291168] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.291260] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.291758] Hardware name: linux,dummy-virt (DT)
[   15.291792] Call trace:
[   15.291915]  show_stack+0x20/0x38 (C)
[   15.292262]  dump_stack_lvl+0x8c/0xd0
[   15.292317]  print_report+0x118/0x5d0
[   15.292362]  kasan_report+0xdc/0x128
[   15.292416]  __asan_report_store1_noabort+0x20/0x30
[   15.292473]  krealloc_more_oob_helper+0x5c0/0x678
[   15.292995]  krealloc_more_oob+0x20/0x38
[   15.293047]  kunit_try_run_case+0x170/0x3f0
[   15.293142]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.293235]  kthread+0x328/0x630
[   15.293444]  ret_from_fork+0x10/0x20
[   15.293604] 
[   15.293642] Allocated by task 157:
[   15.293671]  kasan_save_stack+0x3c/0x68
[   15.293711]  kasan_save_track+0x20/0x40
[   15.293753]  kasan_save_alloc_info+0x40/0x58
[   15.293903]  __kasan_krealloc+0x118/0x178
[   15.293946]  krealloc_noprof+0x128/0x360
[   15.294075]  krealloc_more_oob_helper+0x168/0x678
[   15.294137]  krealloc_more_oob+0x20/0x38
[   15.294188]  kunit_try_run_case+0x170/0x3f0
[   15.294232]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.294273]  kthread+0x328/0x630
[   15.294304]  ret_from_fork+0x10/0x20
[   15.294488] 
[   15.294508] The buggy address belongs to the object at fff00000c175ee00
[   15.294508]  which belongs to the cache kmalloc-256 of size 256
[   15.294642] The buggy address is located 5 bytes to the right of
[   15.294642]  allocated 235-byte region [fff00000c175ee00, fff00000c175eeeb)
[   15.294705] 
[   15.294724] The buggy address belongs to the physical page:
[   15.294755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175e
[   15.294808] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.294853] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.294903] page_type: f5(slab)
[   15.294940] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.294989] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.295678] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.295733] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.295781] head: 0bfffe0000000001 ffffc1ffc305d781 00000000ffffffff 00000000ffffffff
[   15.296146] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.296205] page dumped because: kasan: bad access detected
[   15.296236] 
[   15.296254] Memory state around the buggy address:
[   15.296292]  fff00000c175ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.296336]  fff00000c175ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.296636] >fff00000c175ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.296684]                                                              ^
[   15.296792]  fff00000c175ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.296927]  fff00000c175ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.297002] ==================================================================
[   15.350688] ==================================================================
[   15.350750] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.350806] Write of size 1 at addr fff00000c783e0eb by task kunit_try_catch/161
[   15.350855] 
[   15.350889] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.351328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.351524] Hardware name: linux,dummy-virt (DT)
[   15.351694] Call trace:
[   15.351716]  show_stack+0x20/0x38 (C)
[   15.351769]  dump_stack_lvl+0x8c/0xd0
[   15.351824]  print_report+0x118/0x5d0
[   15.352055]  kasan_report+0xdc/0x128
[   15.352192]  __asan_report_store1_noabort+0x20/0x30
[   15.352244]  krealloc_more_oob_helper+0x60c/0x678
[   15.352291]  krealloc_large_more_oob+0x20/0x38
[   15.352336]  kunit_try_run_case+0x170/0x3f0
[   15.352602]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.352663]  kthread+0x328/0x630
[   15.352706]  ret_from_fork+0x10/0x20
[   15.352754] 
[   15.352774] The buggy address belongs to the physical page:
[   15.353094] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10783c
[   15.353374] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.353428] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.353482] page_type: f8(unknown)
[   15.353521] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.353581] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.353753] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.353812] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.353948] head: 0bfffe0000000002 ffffc1ffc31e0f01 00000000ffffffff 00000000ffffffff
[   15.353999] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.354066] page dumped because: kasan: bad access detected
[   15.354108] 
[   15.354125] Memory state around the buggy address:
[   15.354175]  fff00000c783df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.354262]  fff00000c783e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.354423] >fff00000c783e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.354568]                                                           ^
[   15.354607]  fff00000c783e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.354648]  fff00000c783e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.354965] ==================================================================
[   15.280893] ==================================================================
[   15.280954] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   15.281508] Write of size 1 at addr fff00000c175eeeb by task kunit_try_catch/157
[   15.281674] 
[   15.281724] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.281804] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.281830] Hardware name: linux,dummy-virt (DT)
[   15.281977] Call trace:
[   15.282006]  show_stack+0x20/0x38 (C)
[   15.282058]  dump_stack_lvl+0x8c/0xd0
[   15.282104]  print_report+0x118/0x5d0
[   15.282149]  kasan_report+0xdc/0x128
[   15.282391]  __asan_report_store1_noabort+0x20/0x30
[   15.282460]  krealloc_more_oob_helper+0x60c/0x678
[   15.282508]  krealloc_more_oob+0x20/0x38
[   15.282628]  kunit_try_run_case+0x170/0x3f0
[   15.282722]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.282825]  kthread+0x328/0x630
[   15.282865]  ret_from_fork+0x10/0x20
[   15.282940] 
[   15.283357] Allocated by task 157:
[   15.283498]  kasan_save_stack+0x3c/0x68
[   15.283548]  kasan_save_track+0x20/0x40
[   15.283585]  kasan_save_alloc_info+0x40/0x58
[   15.283629]  __kasan_krealloc+0x118/0x178
[   15.283666]  krealloc_noprof+0x128/0x360
[   15.283749]  krealloc_more_oob_helper+0x168/0x678
[   15.283937]  krealloc_more_oob+0x20/0x38
[   15.284086]  kunit_try_run_case+0x170/0x3f0
[   15.284123]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.284165]  kthread+0x328/0x630
[   15.284277]  ret_from_fork+0x10/0x20
[   15.284313] 
[   15.284333] The buggy address belongs to the object at fff00000c175ee00
[   15.284333]  which belongs to the cache kmalloc-256 of size 256
[   15.284390] The buggy address is located 0 bytes to the right of
[   15.284390]  allocated 235-byte region [fff00000c175ee00, fff00000c175eeeb)
[   15.284457] 
[   15.284527] The buggy address belongs to the physical page:
[   15.284681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175e
[   15.284882] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.284928] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.285029] page_type: f5(slab)
[   15.285067] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.285118] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.285167] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.285743] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.286322] head: 0bfffe0000000001 ffffc1ffc305d781 00000000ffffffff 00000000ffffffff
[   15.286376] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.286416] page dumped because: kasan: bad access detected
[   15.286643] 
[   15.286698] Memory state around the buggy address:
[   15.287091]  fff00000c175ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.287209]  fff00000c175ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.287252] >fff00000c175ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   15.287409]                                                           ^
[   15.287449]  fff00000c175ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.287490]  fff00000c175ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.287527] ==================================================================
[   15.357390] ==================================================================
[   15.357440] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   15.357488] Write of size 1 at addr fff00000c783e0f0 by task kunit_try_catch/161
[   15.357828] 
[   15.357972] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.358144] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.358170] Hardware name: linux,dummy-virt (DT)
[   15.358461] Call trace:
[   15.358700]  show_stack+0x20/0x38 (C)
[   15.358755]  dump_stack_lvl+0x8c/0xd0
[   15.358946]  print_report+0x118/0x5d0
[   15.359096]  kasan_report+0xdc/0x128
[   15.359162]  __asan_report_store1_noabort+0x20/0x30
[   15.359222]  krealloc_more_oob_helper+0x5c0/0x678
[   15.359298]  krealloc_large_more_oob+0x20/0x38
[   15.359344]  kunit_try_run_case+0x170/0x3f0
[   15.359775]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.360240]  kthread+0x328/0x630
[   15.360341]  ret_from_fork+0x10/0x20
[   15.360397] 
[   15.360460] The buggy address belongs to the physical page:
[   15.360490] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10783c
[   15.360551] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.360782] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.360837] page_type: f8(unknown)
[   15.361310] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.361623] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.361686] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.361832] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.361929] head: 0bfffe0000000002 ffffc1ffc31e0f01 00000000ffffffff 00000000ffffffff
[   15.361996] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.362058] page dumped because: kasan: bad access detected
[   15.362128] 
[   15.362215] Memory state around the buggy address:
[   15.362290]  fff00000c783df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.362349]  fff00000c783e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.362392] >fff00000c783e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   15.362428]                                                              ^
[   15.362511]  fff00000c783e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.362660]  fff00000c783e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.362697] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP10Uvq3v7pNP5Dz5FpJPvIM7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP10Uvq3v7pNP5Dz5FpJPvIM7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/Image.gz
sha256sum	5a0d130704720f4526a2744fe4c07d1dc11e96f7c77a2725cbb1e7b19399a7ae

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/modules.tar.xz
sha256sum	5545751b55566af933425aa17face5fb1f95b6bef7d17212e64661e6fa4f872f

durations

tests

boot	0
kunit	176.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.305740] ==================================================================
[   12.306225] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.306576] Write of size 1 at addr ffff8881029be0eb by task kunit_try_catch/177
[   12.306920] 
[   12.307035] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.307080] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.307091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.307111] Call Trace:
[   12.307125]  <TASK>
[   12.307141]  dump_stack_lvl+0x73/0xb0
[   12.307172]  print_report+0xd1/0x610
[   12.307195]  ? __virt_addr_valid+0x1db/0x2d0
[   12.307219]  ? krealloc_more_oob_helper+0x821/0x930
[   12.307244]  ? kasan_addr_to_slab+0x11/0xa0
[   12.307265]  ? krealloc_more_oob_helper+0x821/0x930
[   12.307289]  kasan_report+0x141/0x180
[   12.307311]  ? krealloc_more_oob_helper+0x821/0x930
[   12.307341]  __asan_report_store1_noabort+0x1b/0x30
[   12.307366]  krealloc_more_oob_helper+0x821/0x930
[   12.307389]  ? __schedule+0x10cc/0x2b60
[   12.307412]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.307438]  ? finish_task_switch.isra.0+0x153/0x700
[   12.307482]  ? __switch_to+0x47/0xf50
[   12.307508]  ? __schedule+0x10cc/0x2b60
[   12.307529]  ? __pfx_read_tsc+0x10/0x10
[   12.307555]  krealloc_large_more_oob+0x1c/0x30
[   12.307578]  kunit_try_run_case+0x1a5/0x480
[   12.307604]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.307627]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.307652]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.307678]  ? __kthread_parkme+0x82/0x180
[   12.307699]  ? preempt_count_sub+0x50/0x80
[   12.307722]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.307747]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.307962]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.307989]  kthread+0x337/0x6f0
[   12.308009]  ? trace_preempt_on+0x20/0xc0
[   12.308034]  ? __pfx_kthread+0x10/0x10
[   12.308056]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.308078]  ? calculate_sigpending+0x7b/0xa0
[   12.308103]  ? __pfx_kthread+0x10/0x10
[   12.308125]  ret_from_fork+0x116/0x1d0
[   12.308145]  ? __pfx_kthread+0x10/0x10
[   12.308166]  ret_from_fork_asm+0x1a/0x30
[   12.308198]  </TASK>
[   12.308209] 
[   12.315666] The buggy address belongs to the physical page:
[   12.315877] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   12.316122] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.316441] flags: 0x200000000000040(head|node=0|zone=2)
[   12.316691] page_type: f8(unknown)
[   12.316879] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.317177] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.317407] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.318056] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.318372] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   12.318711] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.319027] page dumped because: kasan: bad access detected
[   12.319217] 
[   12.319312] Memory state around the buggy address:
[   12.319589]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.319872]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.320174] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.320478]                                                           ^
[   12.320711]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.321019]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.321305] ==================================================================
[   12.140778] ==================================================================
[   12.141214] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.141661] Write of size 1 at addr ffff888100a25eeb by task kunit_try_catch/173
[   12.141946] 
[   12.142037] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.142080] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.142091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.142111] Call Trace:
[   12.142122]  <TASK>
[   12.142136]  dump_stack_lvl+0x73/0xb0
[   12.142167]  print_report+0xd1/0x610
[   12.142189]  ? __virt_addr_valid+0x1db/0x2d0
[   12.142213]  ? krealloc_more_oob_helper+0x821/0x930
[   12.142237]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.142260]  ? krealloc_more_oob_helper+0x821/0x930
[   12.142285]  kasan_report+0x141/0x180
[   12.142307]  ? krealloc_more_oob_helper+0x821/0x930
[   12.142417]  __asan_report_store1_noabort+0x1b/0x30
[   12.142462]  krealloc_more_oob_helper+0x821/0x930
[   12.142485]  ? __schedule+0x10cc/0x2b60
[   12.142509]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.142534]  ? finish_task_switch.isra.0+0x153/0x700
[   12.142558]  ? __switch_to+0x47/0xf50
[   12.142585]  ? __schedule+0x10cc/0x2b60
[   12.142606]  ? __pfx_read_tsc+0x10/0x10
[   12.142631]  krealloc_more_oob+0x1c/0x30
[   12.142653]  kunit_try_run_case+0x1a5/0x480
[   12.142678]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.142701]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.142725]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.142749]  ? __kthread_parkme+0x82/0x180
[   12.142779]  ? preempt_count_sub+0x50/0x80
[   12.142802]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.142826]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.142851]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.142876]  kthread+0x337/0x6f0
[   12.142895]  ? trace_preempt_on+0x20/0xc0
[   12.142919]  ? __pfx_kthread+0x10/0x10
[   12.142939]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.142962]  ? calculate_sigpending+0x7b/0xa0
[   12.142988]  ? __pfx_kthread+0x10/0x10
[   12.143010]  ret_from_fork+0x116/0x1d0
[   12.143029]  ? __pfx_kthread+0x10/0x10
[   12.143049]  ret_from_fork_asm+0x1a/0x30
[   12.143081]  </TASK>
[   12.143091] 
[   12.150831] Allocated by task 173:
[   12.150963]  kasan_save_stack+0x45/0x70
[   12.151126]  kasan_save_track+0x18/0x40
[   12.151425]  kasan_save_alloc_info+0x3b/0x50
[   12.151666]  __kasan_krealloc+0x190/0x1f0
[   12.151875]  krealloc_noprof+0xf3/0x340
[   12.152069]  krealloc_more_oob_helper+0x1a9/0x930
[   12.152275]  krealloc_more_oob+0x1c/0x30
[   12.152416]  kunit_try_run_case+0x1a5/0x480
[   12.152624]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.152883]  kthread+0x337/0x6f0
[   12.153019]  ret_from_fork+0x116/0x1d0
[   12.153208]  ret_from_fork_asm+0x1a/0x30
[   12.153370] 
[   12.153471] The buggy address belongs to the object at ffff888100a25e00
[   12.153471]  which belongs to the cache kmalloc-256 of size 256
[   12.153949] The buggy address is located 0 bytes to the right of
[   12.153949]  allocated 235-byte region [ffff888100a25e00, ffff888100a25eeb)
[   12.154494] 
[   12.154594] The buggy address belongs to the physical page:
[   12.154854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   12.155208] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.155549] flags: 0x200000000000040(head|node=0|zone=2)
[   12.155729] page_type: f5(slab)
[   12.155908] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.156253] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.156694] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.157052] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.157508] head: 0200000000000001 ffffea0004028901 00000000ffffffff 00000000ffffffff
[   12.157828] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.158135] page dumped because: kasan: bad access detected
[   12.158373] 
[   12.158461] Memory state around the buggy address:
[   12.158666]  ffff888100a25d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.158944]  ffff888100a25e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.159179] >ffff888100a25e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.159492]                                                           ^
[   12.159876]  ffff888100a25f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.160131]  ffff888100a25f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.160526] ==================================================================
[   12.161112] ==================================================================
[   12.161461] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.161858] Write of size 1 at addr ffff888100a25ef0 by task kunit_try_catch/173
[   12.162187] 
[   12.162293] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.162402] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.162415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.162433] Call Trace:
[   12.162445]  <TASK>
[   12.162475]  dump_stack_lvl+0x73/0xb0
[   12.162503]  print_report+0xd1/0x610
[   12.162525]  ? __virt_addr_valid+0x1db/0x2d0
[   12.162547]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.162571]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.162594]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.162619]  kasan_report+0x141/0x180
[   12.162641]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.162670]  __asan_report_store1_noabort+0x1b/0x30
[   12.162696]  krealloc_more_oob_helper+0x7eb/0x930
[   12.162719]  ? __schedule+0x10cc/0x2b60
[   12.162740]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.162775]  ? finish_task_switch.isra.0+0x153/0x700
[   12.162797]  ? __switch_to+0x47/0xf50
[   12.162821]  ? __schedule+0x10cc/0x2b60
[   12.162843]  ? __pfx_read_tsc+0x10/0x10
[   12.162866]  krealloc_more_oob+0x1c/0x30
[   12.162888]  kunit_try_run_case+0x1a5/0x480
[   12.162912]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.162935]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.162959]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.162983]  ? __kthread_parkme+0x82/0x180
[   12.163003]  ? preempt_count_sub+0x50/0x80
[   12.163026]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.163051]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.163075]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.163100]  kthread+0x337/0x6f0
[   12.163119]  ? trace_preempt_on+0x20/0xc0
[   12.163142]  ? __pfx_kthread+0x10/0x10
[   12.163163]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.163184]  ? calculate_sigpending+0x7b/0xa0
[   12.163208]  ? __pfx_kthread+0x10/0x10
[   12.163229]  ret_from_fork+0x116/0x1d0
[   12.163248]  ? __pfx_kthread+0x10/0x10
[   12.163268]  ret_from_fork_asm+0x1a/0x30
[   12.163298]  </TASK>
[   12.163308] 
[   12.171973] Allocated by task 173:
[   12.172113]  kasan_save_stack+0x45/0x70
[   12.172293]  kasan_save_track+0x18/0x40
[   12.172587]  kasan_save_alloc_info+0x3b/0x50
[   12.172816]  __kasan_krealloc+0x190/0x1f0
[   12.173017]  krealloc_noprof+0xf3/0x340
[   12.173161]  krealloc_more_oob_helper+0x1a9/0x930
[   12.173435]  krealloc_more_oob+0x1c/0x30
[   12.173646]  kunit_try_run_case+0x1a5/0x480
[   12.173914]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.174230]  kthread+0x337/0x6f0
[   12.174582]  ret_from_fork+0x116/0x1d0
[   12.174766]  ret_from_fork_asm+0x1a/0x30
[   12.174959] 
[   12.175043] The buggy address belongs to the object at ffff888100a25e00
[   12.175043]  which belongs to the cache kmalloc-256 of size 256
[   12.175497] The buggy address is located 5 bytes to the right of
[   12.175497]  allocated 235-byte region [ffff888100a25e00, ffff888100a25eeb)
[   12.176073] 
[   12.176168] The buggy address belongs to the physical page:
[   12.176388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   12.176630] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.176925] flags: 0x200000000000040(head|node=0|zone=2)
[   12.177180] page_type: f5(slab)
[   12.177352] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.177702] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.178218] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.178598] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.178960] head: 0200000000000001 ffffea0004028901 00000000ffffffff 00000000ffffffff
[   12.179304] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.179640] page dumped because: kasan: bad access detected
[   12.179853] 
[   12.179948] Memory state around the buggy address:
[   12.180181]  ffff888100a25d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.180590]  ffff888100a25e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.180889] >ffff888100a25e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.181144]                                                              ^
[   12.181484]  ffff888100a25f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.181841]  ffff888100a25f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.182101] ==================================================================
[   12.321767] ==================================================================
[   12.322085] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.322725] Write of size 1 at addr ffff8881029be0f0 by task kunit_try_catch/177
[   12.323082] 
[   12.323187] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.323227] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.323238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.323257] Call Trace:
[   12.323268]  <TASK>
[   12.323281]  dump_stack_lvl+0x73/0xb0
[   12.323309]  print_report+0xd1/0x610
[   12.323331]  ? __virt_addr_valid+0x1db/0x2d0
[   12.323354]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.323378]  ? kasan_addr_to_slab+0x11/0xa0
[   12.323399]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.323425]  kasan_report+0x141/0x180
[   12.323629]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.323664]  __asan_report_store1_noabort+0x1b/0x30
[   12.323691]  krealloc_more_oob_helper+0x7eb/0x930
[   12.323714]  ? __schedule+0x10cc/0x2b60
[   12.323737]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.323778]  ? finish_task_switch.isra.0+0x153/0x700
[   12.323801]  ? __switch_to+0x47/0xf50
[   12.323826]  ? __schedule+0x10cc/0x2b60
[   12.323849]  ? __pfx_read_tsc+0x10/0x10
[   12.323873]  krealloc_large_more_oob+0x1c/0x30
[   12.323897]  kunit_try_run_case+0x1a5/0x480
[   12.323922]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.323945]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.323970]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.323994]  ? __kthread_parkme+0x82/0x180
[   12.324015]  ? preempt_count_sub+0x50/0x80
[   12.324038]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.324063]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.324089]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.324115]  kthread+0x337/0x6f0
[   12.324135]  ? trace_preempt_on+0x20/0xc0
[   12.324160]  ? __pfx_kthread+0x10/0x10
[   12.324183]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.324206]  ? calculate_sigpending+0x7b/0xa0
[   12.324230]  ? __pfx_kthread+0x10/0x10
[   12.324252]  ret_from_fork+0x116/0x1d0
[   12.324271]  ? __pfx_kthread+0x10/0x10
[   12.324292]  ret_from_fork_asm+0x1a/0x30
[   12.324323]  </TASK>
[   12.324333] 
[   12.335835] The buggy address belongs to the physical page:
[   12.336082] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   12.336394] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.337052] flags: 0x200000000000040(head|node=0|zone=2)
[   12.337457] page_type: f8(unknown)
[   12.337767] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.338255] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.338862] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.339198] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.339676] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   12.340184] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.340672] page dumped because: kasan: bad access detected
[   12.340978] 
[   12.341054] Memory state around the buggy address:
[   12.341226]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.341534]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.341847] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.342124]                                                              ^
[   12.342385]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.342708]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.343328] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP26Tk5EJZ1G6GaUB8xY8QPvA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP26Tk5EJZ1G6GaUB8xY8QPvA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/bzImage
sha256sum	7f84fda91605b0af54dfe2d5c5260bb6187dbc13cda660557c6c08afdfffa70b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/modules.tar.xz
sha256sum	de8e55555874efdb420c4953f6a34916082341d76415460497e1eaea92137ba8

durations

tests

boot	0
kunit	205.20

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit