lkft/linux-mainline-master - v6.15-rc7-142-g4856ebd99715 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

May 23, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   27.236638] ==================================================================
[   27.236831] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   27.237015] Write of size 1 at addr fff00000c77da0f0 by task kunit_try_catch/162
[   27.237166] 
[   27.237284] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.237542] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.237614] Hardware name: linux,dummy-virt (DT)
[   27.237695] Call trace:
[   27.237758]  show_stack+0x20/0x38 (C)
[   27.237889]  dump_stack_lvl+0x8c/0xd0
[   27.238044]  print_report+0x118/0x608
[   27.238165]  kasan_report+0xdc/0x128
[   27.238284]  __asan_report_store1_noabort+0x20/0x30
[   27.238420]  krealloc_more_oob_helper+0x5c0/0x678
[   27.238581]  krealloc_large_more_oob+0x20/0x38
[   27.238738]  kunit_try_run_case+0x170/0x3f0
[   27.238929]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.239134]  kthread+0x328/0x630
[   27.239273]  ret_from_fork+0x10/0x20
[   27.239687] 
[   27.239781] The buggy address belongs to the physical page:
[   27.239878] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8
[   27.240269] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.240442] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.240620] page_type: f8(unknown)
[   27.240718] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.240838] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.240964] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.241078] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.241213] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff
[   27.241353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   27.241496] page dumped because: kasan: bad access detected
[   27.241598] 
[   27.241675] Memory state around the buggy address:
[   27.241798]  fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.241928]  fff00000c77da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.242056] >fff00000c77da080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   27.242170]                                                              ^
[   27.242314]  fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.242439]  fff00000c77da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.242556] ==================================================================
[   27.040336] ==================================================================
[   27.040587] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   27.040758] Write of size 1 at addr fff00000c1a546eb by task kunit_try_catch/158
[   27.040915] 
[   27.041051] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.041327] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.041391] Hardware name: linux,dummy-virt (DT)
[   27.041484] Call trace:
[   27.041545]  show_stack+0x20/0x38 (C)
[   27.041716]  dump_stack_lvl+0x8c/0xd0
[   27.041897]  print_report+0x118/0x608
[   27.042061]  kasan_report+0xdc/0x128
[   27.042227]  __asan_report_store1_noabort+0x20/0x30
[   27.042424]  krealloc_more_oob_helper+0x60c/0x678
[   27.042594]  krealloc_more_oob+0x20/0x38
[   27.042793]  kunit_try_run_case+0x170/0x3f0
[   27.042938]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.043121]  kthread+0x328/0x630
[   27.043306]  ret_from_fork+0x10/0x20
[   27.043511] 
[   27.043621] Allocated by task 158:
[   27.043709]  kasan_save_stack+0x3c/0x68
[   27.043835]  kasan_save_track+0x20/0x40
[   27.044050]  kasan_save_alloc_info+0x40/0x58
[   27.044230]  __kasan_krealloc+0x118/0x178
[   27.044365]  krealloc_noprof+0x128/0x360
[   27.044524]  krealloc_more_oob_helper+0x168/0x678
[   27.044689]  krealloc_more_oob+0x20/0x38
[   27.044829]  kunit_try_run_case+0x170/0x3f0
[   27.044969]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.045127]  kthread+0x328/0x630
[   27.045412]  ret_from_fork+0x10/0x20
[   27.045565] 
[   27.045619] The buggy address belongs to the object at fff00000c1a54600
[   27.045619]  which belongs to the cache kmalloc-256 of size 256
[   27.045761] The buggy address is located 0 bytes to the right of
[   27.045761]  allocated 235-byte region [fff00000c1a54600, fff00000c1a546eb)
[   27.045942] 
[   27.046001] The buggy address belongs to the physical page:
[   27.046110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54
[   27.046357] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.046554] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.046727] page_type: f5(slab)
[   27.046875] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.047034] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.047170] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.047937] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.048059] head: 0bfffe0000000001 ffffc1ffc3069501 00000000ffffffff 00000000ffffffff
[   27.048131] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   27.048211] page dumped because: kasan: bad access detected
[   27.048312] 
[   27.048375] Memory state around the buggy address:
[   27.048484]  fff00000c1a54580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.048594]  fff00000c1a54600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.048690] >fff00000c1a54680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   27.048788]                                                           ^
[   27.048897]  fff00000c1a54700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.049034]  fff00000c1a54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.049162] ==================================================================
[   27.050473] ==================================================================
[   27.050587] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   27.050794] Write of size 1 at addr fff00000c1a546f0 by task kunit_try_catch/158
[   27.050971] 
[   27.051088] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.051320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.051411] Hardware name: linux,dummy-virt (DT)
[   27.051526] Call trace:
[   27.051589]  show_stack+0x20/0x38 (C)
[   27.051728]  dump_stack_lvl+0x8c/0xd0
[   27.051862]  print_report+0x118/0x608
[   27.052055]  kasan_report+0xdc/0x128
[   27.052206]  __asan_report_store1_noabort+0x20/0x30
[   27.052355]  krealloc_more_oob_helper+0x5c0/0x678
[   27.052522]  krealloc_more_oob+0x20/0x38
[   27.052650]  kunit_try_run_case+0x170/0x3f0
[   27.052781]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.052916]  kthread+0x328/0x630
[   27.053029]  ret_from_fork+0x10/0x20
[   27.053155] 
[   27.053205] Allocated by task 158:
[   27.053575]  kasan_save_stack+0x3c/0x68
[   27.053721]  kasan_save_track+0x20/0x40
[   27.053827]  kasan_save_alloc_info+0x40/0x58
[   27.053984]  __kasan_krealloc+0x118/0x178
[   27.054112]  krealloc_noprof+0x128/0x360
[   27.054490]  krealloc_more_oob_helper+0x168/0x678
[   27.054616]  krealloc_more_oob+0x20/0x38
[   27.054732]  kunit_try_run_case+0x170/0x3f0
[   27.054934]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.055128]  kthread+0x328/0x630
[   27.055294]  ret_from_fork+0x10/0x20
[   27.055406] 
[   27.055886] The buggy address belongs to the object at fff00000c1a54600
[   27.055886]  which belongs to the cache kmalloc-256 of size 256
[   27.056160] The buggy address is located 5 bytes to the right of
[   27.056160]  allocated 235-byte region [fff00000c1a54600, fff00000c1a546eb)
[   27.056476] 
[   27.056540] The buggy address belongs to the physical page:
[   27.056827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54
[   27.056976] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.057236] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.057425] page_type: f5(slab)
[   27.057617] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.057779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.057930] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.058494] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.058665] head: 0bfffe0000000001 ffffc1ffc3069501 00000000ffffffff 00000000ffffffff
[   27.058813] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   27.058936] page dumped because: kasan: bad access detected
[   27.059091] 
[   27.059144] Memory state around the buggy address:
[   27.059300]  fff00000c1a54580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.059692]  fff00000c1a54600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.059840] >fff00000c1a54680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   27.060079]                                                              ^
[   27.060860]  fff00000c1a54700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.061003]  fff00000c1a54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.061121] ==================================================================
[   27.202984] ==================================================================
[   27.203180] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   27.203594] Write of size 1 at addr fff00000c77da0eb by task kunit_try_catch/162
[   27.204092] 
[   27.204528] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.205016] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.205099] Hardware name: linux,dummy-virt (DT)
[   27.205651] Call trace:
[   27.206070]  show_stack+0x20/0x38 (C)
[   27.206230]  dump_stack_lvl+0x8c/0xd0
[   27.206356]  print_report+0x118/0x608
[   27.207534]  kasan_report+0xdc/0x128
[   27.207943]  __asan_report_store1_noabort+0x20/0x30
[   27.208102]  krealloc_more_oob_helper+0x60c/0x678
[   27.208257]  krealloc_large_more_oob+0x20/0x38
[   27.210030]  kunit_try_run_case+0x170/0x3f0
[   27.210477]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.210831]  kthread+0x328/0x630
[   27.211003]  ret_from_fork+0x10/0x20
[   27.211147] 
[   27.211208] The buggy address belongs to the physical page:
[   27.211303] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8
[   27.212609] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.213164] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.213732] page_type: f8(unknown)
[   27.214276] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.215203] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.215614] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.215767] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.215914] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff
[   27.216046] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   27.216142] page dumped because: kasan: bad access detected
[   27.216958] 
[   27.217058] Memory state around the buggy address:
[   27.217378]  fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.217737]  fff00000c77da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.218131] >fff00000c77da080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   27.218726]                                                           ^
[   27.219198]  fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.219360]  fff00000c77da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.220077] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6oKOcbQKiXvB9zY8T3TP346C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6oKOcbQKiXvB9zY8T3TP346C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/Image.gz
sha256sum	dc9d86ed0aa28c5a8c7aea5e5bbc5feee23ca57992b3a59f2660a2851e548fda

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/modules.tar.xz
sha256sum	bbf3712a920adb12a832cfcb69e456c8653dc36a192261fbeb4c1ef5e924a8d4

durations

tests

boot	0
kunit	423.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.260603] ==================================================================
[   12.261060] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.261380] Write of size 1 at addr ffff888100a2a8f0 by task kunit_try_catch/175
[   12.261606] 
[   12.261720] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.261767] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.261779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.261800] Call Trace:
[   12.261813]  <TASK>
[   12.261829]  dump_stack_lvl+0x73/0xb0
[   12.261856]  print_report+0xd1/0x650
[   12.261878]  ? __virt_addr_valid+0x1db/0x2d0
[   12.261900]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.261923]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.261945]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.261969]  kasan_report+0x141/0x180
[   12.261991]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.262019]  __asan_report_store1_noabort+0x1b/0x30
[   12.262039]  krealloc_more_oob_helper+0x7eb/0x930
[   12.262061]  ? __schedule+0x10cc/0x2b30
[   12.262084]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.262107]  ? finish_task_switch.isra.0+0x153/0x700
[   12.262130]  ? __switch_to+0x5d9/0xf60
[   12.262150]  ? dequeue_task_fair+0x156/0x4e0
[   12.262174]  ? __schedule+0x10cc/0x2b30
[   12.262195]  ? __pfx_read_tsc+0x10/0x10
[   12.262218]  krealloc_more_oob+0x1c/0x30
[   12.262235]  kunit_try_run_case+0x1a5/0x480
[   12.262259]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.262280]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.262315]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.262338]  ? __kthread_parkme+0x82/0x180
[   12.262359]  ? preempt_count_sub+0x50/0x80
[   12.262385]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.262408]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.262430]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.262451]  kthread+0x337/0x6f0
[   12.262468]  ? trace_preempt_on+0x20/0xc0
[   12.262491]  ? __pfx_kthread+0x10/0x10
[   12.262509]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.262531]  ? calculate_sigpending+0x7b/0xa0
[   12.262553]  ? __pfx_kthread+0x10/0x10
[   12.262571]  ret_from_fork+0x41/0x80
[   12.262593]  ? __pfx_kthread+0x10/0x10
[   12.262611]  ret_from_fork_asm+0x1a/0x30
[   12.262642]  </TASK>
[   12.262653] 
[   12.270910] Allocated by task 175:
[   12.271052]  kasan_save_stack+0x45/0x70
[   12.271200]  kasan_save_track+0x18/0x40
[   12.271635]  kasan_save_alloc_info+0x3b/0x50
[   12.271857]  __kasan_krealloc+0x190/0x1f0
[   12.272056]  krealloc_noprof+0xf3/0x340
[   12.272257]  krealloc_more_oob_helper+0x1a9/0x930
[   12.272506]  krealloc_more_oob+0x1c/0x30
[   12.272707]  kunit_try_run_case+0x1a5/0x480
[   12.273093]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.273367]  kthread+0x337/0x6f0
[   12.273486]  ret_from_fork+0x41/0x80
[   12.273926]  ret_from_fork_asm+0x1a/0x30
[   12.274174] 
[   12.274335] The buggy address belongs to the object at ffff888100a2a800
[   12.274335]  which belongs to the cache kmalloc-256 of size 256
[   12.274874] The buggy address is located 5 bytes to the right of
[   12.274874]  allocated 235-byte region [ffff888100a2a800, ffff888100a2a8eb)
[   12.275355] 
[   12.275429] The buggy address belongs to the physical page:
[   12.275602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   12.275940] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.276298] flags: 0x200000000000040(head|node=0|zone=2)
[   12.276605] page_type: f5(slab)
[   12.276823] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.277256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.277677] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.278312] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.278649] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   12.278885] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.279279] page dumped because: kasan: bad access detected
[   12.279700] 
[   12.279796] Memory state around the buggy address:
[   12.280156]  ffff888100a2a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.280389]  ffff888100a2a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.280606] >ffff888100a2a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.280859]                                                              ^
[   12.281172]  ffff888100a2a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.281493]  ffff888100a2a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.281814] ==================================================================
[   12.415023] ==================================================================
[   12.415386] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.415747] Write of size 1 at addr ffff888102ad60f0 by task kunit_try_catch/179
[   12.416678] 
[   12.416779] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.416822] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.416834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.416854] Call Trace:
[   12.416868]  <TASK>
[   12.416882]  dump_stack_lvl+0x73/0xb0
[   12.416909]  print_report+0xd1/0x650
[   12.416931]  ? __virt_addr_valid+0x1db/0x2d0
[   12.416951]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.416974]  ? kasan_addr_to_slab+0x11/0xa0
[   12.416994]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.417017]  kasan_report+0x141/0x180
[   12.417039]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.417067]  __asan_report_store1_noabort+0x1b/0x30
[   12.417087]  krealloc_more_oob_helper+0x7eb/0x930
[   12.417109]  ? __schedule+0x10cc/0x2b30
[   12.417130]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.417154]  ? finish_task_switch.isra.0+0x153/0x700
[   12.417176]  ? __switch_to+0x5d9/0xf60
[   12.417196]  ? dequeue_task_fair+0x166/0x4e0
[   12.417220]  ? __schedule+0x10cc/0x2b30
[   12.417240]  ? __pfx_read_tsc+0x10/0x10
[   12.417263]  krealloc_large_more_oob+0x1c/0x30
[   12.417281]  kunit_try_run_case+0x1a5/0x480
[   12.417320]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.417341]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.417363]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.417384]  ? __kthread_parkme+0x82/0x180
[   12.417406]  ? preempt_count_sub+0x50/0x80
[   12.417429]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.417452]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.417473]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.417495]  kthread+0x337/0x6f0
[   12.417512]  ? trace_preempt_on+0x20/0xc0
[   12.417535]  ? __pfx_kthread+0x10/0x10
[   12.417553]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.417573]  ? calculate_sigpending+0x7b/0xa0
[   12.417595]  ? __pfx_kthread+0x10/0x10
[   12.417614]  ret_from_fork+0x41/0x80
[   12.417634]  ? __pfx_kthread+0x10/0x10
[   12.417652]  ret_from_fork_asm+0x1a/0x30
[   12.417682]  </TASK>
[   12.417748] 
[   12.425491] The buggy address belongs to the physical page:
[   12.425850] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4
[   12.426156] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.426468] flags: 0x200000000000040(head|node=0|zone=2)
[   12.426688] page_type: f8(unknown)
[   12.426815] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.427118] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.427463] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.427830] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.428063] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff
[   12.428822] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.429135] page dumped because: kasan: bad access detected
[   12.429377] 
[   12.429462] Memory state around the buggy address:
[   12.429733]  ffff888102ad5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.429992]  ffff888102ad6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.430208] >ffff888102ad6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.430439]                                                              ^
[   12.430757]  ffff888102ad6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.431084]  ffff888102ad6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.431341] ==================================================================
[   12.399416] ==================================================================
[   12.399868] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.400224] Write of size 1 at addr ffff888102ad60eb by task kunit_try_catch/179
[   12.400556] 
[   12.400641] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.400685] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.400697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.400717] Call Trace:
[   12.400728]  <TASK>
[   12.400744]  dump_stack_lvl+0x73/0xb0
[   12.400769]  print_report+0xd1/0x650
[   12.400790]  ? __virt_addr_valid+0x1db/0x2d0
[   12.400811]  ? krealloc_more_oob_helper+0x821/0x930
[   12.400834]  ? kasan_addr_to_slab+0x11/0xa0
[   12.400854]  ? krealloc_more_oob_helper+0x821/0x930
[   12.400877]  kasan_report+0x141/0x180
[   12.400899]  ? krealloc_more_oob_helper+0x821/0x930
[   12.400928]  __asan_report_store1_noabort+0x1b/0x30
[   12.400948]  krealloc_more_oob_helper+0x821/0x930
[   12.400970]  ? __schedule+0x10cc/0x2b30
[   12.400991]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.401015]  ? finish_task_switch.isra.0+0x153/0x700
[   12.401036]  ? __switch_to+0x5d9/0xf60
[   12.401056]  ? dequeue_task_fair+0x166/0x4e0
[   12.401079]  ? __schedule+0x10cc/0x2b30
[   12.401099]  ? __pfx_read_tsc+0x10/0x10
[   12.401122]  krealloc_large_more_oob+0x1c/0x30
[   12.401140]  kunit_try_run_case+0x1a5/0x480
[   12.401164]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.401185]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.401206]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.401228]  ? __kthread_parkme+0x82/0x180
[   12.401249]  ? preempt_count_sub+0x50/0x80
[   12.401272]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.401306]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.401328]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.401349]  kthread+0x337/0x6f0
[   12.401366]  ? trace_preempt_on+0x20/0xc0
[   12.401389]  ? __pfx_kthread+0x10/0x10
[   12.401407]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.401427]  ? calculate_sigpending+0x7b/0xa0
[   12.401447]  ? __pfx_kthread+0x10/0x10
[   12.401465]  ret_from_fork+0x41/0x80
[   12.401485]  ? __pfx_kthread+0x10/0x10
[   12.401503]  ret_from_fork_asm+0x1a/0x30
[   12.401533]  </TASK>
[   12.401544] 
[   12.408945] The buggy address belongs to the physical page:
[   12.409213] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4
[   12.409554] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.409783] flags: 0x200000000000040(head|node=0|zone=2)
[   12.409963] page_type: f8(unknown)
[   12.410137] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.410491] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.410844] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.411076] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.411399] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff
[   12.411753] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.412093] page dumped because: kasan: bad access detected
[   12.412354] 
[   12.412449] Memory state around the buggy address:
[   12.412609]  ffff888102ad5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.412840]  ffff888102ad6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.413319] >ffff888102ad6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.413684]                                                           ^
[   12.413890]  ffff888102ad6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.414105]  ffff888102ad6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.414325] ==================================================================
[   12.237698] ==================================================================
[   12.238159] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.238648] Write of size 1 at addr ffff888100a2a8eb by task kunit_try_catch/175
[   12.238988] 
[   12.239095] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.239145] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.239157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.239178] Call Trace:
[   12.239190]  <TASK>
[   12.239207]  dump_stack_lvl+0x73/0xb0
[   12.239236]  print_report+0xd1/0x650
[   12.239259]  ? __virt_addr_valid+0x1db/0x2d0
[   12.239281]  ? krealloc_more_oob_helper+0x821/0x930
[   12.239316]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.239338]  ? krealloc_more_oob_helper+0x821/0x930
[   12.239362]  kasan_report+0x141/0x180
[   12.239384]  ? krealloc_more_oob_helper+0x821/0x930
[   12.239413]  __asan_report_store1_noabort+0x1b/0x30
[   12.239433]  krealloc_more_oob_helper+0x821/0x930
[   12.239456]  ? __schedule+0x10cc/0x2b30
[   12.239478]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.239502]  ? finish_task_switch.isra.0+0x153/0x700
[   12.239526]  ? __switch_to+0x5d9/0xf60
[   12.239547]  ? dequeue_task_fair+0x156/0x4e0
[   12.239571]  ? __schedule+0x10cc/0x2b30
[   12.239592]  ? __pfx_read_tsc+0x10/0x10
[   12.239615]  krealloc_more_oob+0x1c/0x30
[   12.239633]  kunit_try_run_case+0x1a5/0x480
[   12.239658]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.239679]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.239702]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.239724]  ? __kthread_parkme+0x82/0x180
[   12.239745]  ? preempt_count_sub+0x50/0x80
[   12.239769]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.239792]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.239813]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.239835]  kthread+0x337/0x6f0
[   12.239851]  ? trace_preempt_on+0x20/0xc0
[   12.239875]  ? __pfx_kthread+0x10/0x10
[   12.239906]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.239926]  ? calculate_sigpending+0x7b/0xa0
[   12.239948]  ? __pfx_kthread+0x10/0x10
[   12.239966]  ret_from_fork+0x41/0x80
[   12.239986]  ? __pfx_kthread+0x10/0x10
[   12.240003]  ret_from_fork_asm+0x1a/0x30
[   12.240034]  </TASK>
[   12.240046] 
[   12.248688] Allocated by task 175:
[   12.248915]  kasan_save_stack+0x45/0x70
[   12.249070]  kasan_save_track+0x18/0x40
[   12.249376]  kasan_save_alloc_info+0x3b/0x50
[   12.249655]  __kasan_krealloc+0x190/0x1f0
[   12.249912]  krealloc_noprof+0xf3/0x340
[   12.250049]  krealloc_more_oob_helper+0x1a9/0x930
[   12.250208]  krealloc_more_oob+0x1c/0x30
[   12.250644]  kunit_try_run_case+0x1a5/0x480
[   12.250868]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.251121]  kthread+0x337/0x6f0
[   12.251246]  ret_from_fork+0x41/0x80
[   12.251392]  ret_from_fork_asm+0x1a/0x30
[   12.251533] 
[   12.251605] The buggy address belongs to the object at ffff888100a2a800
[   12.251605]  which belongs to the cache kmalloc-256 of size 256
[   12.252437] The buggy address is located 0 bytes to the right of
[   12.252437]  allocated 235-byte region [ffff888100a2a800, ffff888100a2a8eb)
[   12.252836] 
[   12.252910] The buggy address belongs to the physical page:
[   12.253089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   12.253566] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.253928] flags: 0x200000000000040(head|node=0|zone=2)
[   12.254189] page_type: f5(slab)
[   12.254376] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.254738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.255418] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.255723] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.256105] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   12.256471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.256779] page dumped because: kasan: bad access detected
[   12.257075] 
[   12.257149] Memory state around the buggy address:
[   12.257319]  ffff888100a2a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.257870]  ffff888100a2a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.258305] >ffff888100a2a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.258575]                                                           ^
[   12.258783]  ffff888100a2a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.259314]  ffff888100a2a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.259834] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6pFlrRJjT7hepkB9aiMlUziD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6pFlrRJjT7hepkB9aiMlUziD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/bzImage
sha256sum	87310a5ce2e449ea32174d5c60c63ddcd1873527b924fc92af17800f3b6a0c85

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/modules.tar.xz
sha256sum	392011dc561b93e70d20c4f59de7bf990a438ea01b5984e8279d811e404b080b

durations

tests

boot	0
kunit	211.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit