lkft/linux-next-master - next-20250512 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

May 12, 2025, 11:48 a.m.

Environment
qemu-arm64
qemu-x86_64

[   16.518442] ==================================================================
[   16.518569] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.518675] Write of size 1 at addr fff00000c78e20eb by task kunit_try_catch/160
[   16.518783] 
[   16.518844] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.519009] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.519071] Hardware name: linux,dummy-virt (DT)
[   16.519134] Call trace:
[   16.519176]  show_stack+0x20/0x38 (C)
[   16.519265]  dump_stack_lvl+0x8c/0xd0
[   16.519348]  print_report+0x118/0x608
[   16.519428]  kasan_report+0xdc/0x128
[   16.519513]  __asan_report_store1_noabort+0x20/0x30
[   16.519619]  krealloc_more_oob_helper+0x60c/0x678
[   16.519719]  krealloc_large_more_oob+0x20/0x38
[   16.519820]  kunit_try_run_case+0x170/0x3f0
[   16.520081]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.520201]  kthread+0x328/0x630
[   16.520532]  ret_from_fork+0x10/0x20
[   16.520698] 
[   16.520746] The buggy address belongs to the physical page:
[   16.520811] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   16.520926] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.521017] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.521452] page_type: f8(unknown)
[   16.521558] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.521657] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.521755] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.522036] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.522196] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   16.522307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.522390] page dumped because: kasan: bad access detected
[   16.522451] 
[   16.522486] Memory state around the buggy address:
[   16.522549]  fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.522640]  fff00000c78e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.522719] >fff00000c78e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.522792]                                                           ^
[   16.522896]  fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.523197]  fff00000c78e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.523311] ==================================================================
[   16.442994] ==================================================================
[   16.443113] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.443284] Write of size 1 at addr fff00000c450a2f0 by task kunit_try_catch/156
[   16.443739] 
[   16.443814] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.444085] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.444148] Hardware name: linux,dummy-virt (DT)
[   16.444274] Call trace:
[   16.444322]  show_stack+0x20/0x38 (C)
[   16.444609]  dump_stack_lvl+0x8c/0xd0
[   16.444920]  print_report+0x118/0x608
[   16.445019]  kasan_report+0xdc/0x128
[   16.445126]  __asan_report_store1_noabort+0x20/0x30
[   16.445229]  krealloc_more_oob_helper+0x5c0/0x678
[   16.445321]  krealloc_more_oob+0x20/0x38
[   16.445416]  kunit_try_run_case+0x170/0x3f0
[   16.445515]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.445623]  kthread+0x328/0x630
[   16.446299]  ret_from_fork+0x10/0x20
[   16.446617] 
[   16.447000] Allocated by task 156:
[   16.447088]  kasan_save_stack+0x3c/0x68
[   16.447300]  kasan_save_track+0x20/0x40
[   16.447440]  kasan_save_alloc_info+0x40/0x58
[   16.447521]  __kasan_krealloc+0x118/0x178
[   16.447612]  krealloc_noprof+0x128/0x360
[   16.447683]  krealloc_more_oob_helper+0x168/0x678
[   16.447987]  krealloc_more_oob+0x20/0x38
[   16.448306]  kunit_try_run_case+0x170/0x3f0
[   16.448400]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.448501]  kthread+0x328/0x630
[   16.448741]  ret_from_fork+0x10/0x20
[   16.448833] 
[   16.448883] The buggy address belongs to the object at fff00000c450a200
[   16.448883]  which belongs to the cache kmalloc-256 of size 256
[   16.449153] The buggy address is located 5 bytes to the right of
[   16.449153]  allocated 235-byte region [fff00000c450a200, fff00000c450a2eb)
[   16.449351] 
[   16.449397] The buggy address belongs to the physical page:
[   16.449510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10450a
[   16.449621] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.449792] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.449969] page_type: f5(slab)
[   16.450065] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.450154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.450667] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.450933] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.451161] head: 0bfffe0000000001 ffffc1ffc3114281 00000000ffffffff 00000000ffffffff
[   16.451350] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.451628] page dumped because: kasan: bad access detected
[   16.451903] 
[   16.451963] Memory state around the buggy address:
[   16.452111]  fff00000c450a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.452209]  fff00000c450a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.452468] >fff00000c450a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.452619]                                                              ^
[   16.453013]  fff00000c450a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.453132]  fff00000c450a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.453215] ==================================================================
[   16.524667] ==================================================================
[   16.524801] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.525136] Write of size 1 at addr fff00000c78e20f0 by task kunit_try_catch/160
[   16.525237] 
[   16.525298] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.525475] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.525531] Hardware name: linux,dummy-virt (DT)
[   16.525594] Call trace:
[   16.525638]  show_stack+0x20/0x38 (C)
[   16.525741]  dump_stack_lvl+0x8c/0xd0
[   16.525845]  print_report+0x118/0x608
[   16.525945]  kasan_report+0xdc/0x128
[   16.526091]  __asan_report_store1_noabort+0x20/0x30
[   16.526232]  krealloc_more_oob_helper+0x5c0/0x678
[   16.526350]  krealloc_large_more_oob+0x20/0x38
[   16.526489]  kunit_try_run_case+0x170/0x3f0
[   16.526644]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.526796]  kthread+0x328/0x630
[   16.526912]  ret_from_fork+0x10/0x20
[   16.527031] 
[   16.527296] The buggy address belongs to the physical page:
[   16.527380] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   16.527501] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.527605] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.527803] page_type: f8(unknown)
[   16.527919] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.528052] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.528612] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.528750] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.528866] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   16.529061] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.529152] page dumped because: kasan: bad access detected
[   16.529231] 
[   16.529286] Memory state around the buggy address:
[   16.529371]  fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.529460]  fff00000c78e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.529553] >fff00000c78e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.529635]                                                              ^
[   16.529719]  fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.529811]  fff00000c78e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.529928] ==================================================================
[   16.424868] ==================================================================
[   16.424988] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.426239] Write of size 1 at addr fff00000c450a2eb by task kunit_try_catch/156
[   16.426337] 
[   16.426407] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.426937] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.427059] Hardware name: linux,dummy-virt (DT)
[   16.427121] Call trace:
[   16.427564]  show_stack+0x20/0x38 (C)
[   16.427754]  dump_stack_lvl+0x8c/0xd0
[   16.428433]  print_report+0x118/0x608
[   16.428856]  kasan_report+0xdc/0x128
[   16.429036]  __asan_report_store1_noabort+0x20/0x30
[   16.429152]  krealloc_more_oob_helper+0x60c/0x678
[   16.429857]  krealloc_more_oob+0x20/0x38
[   16.430378]  kunit_try_run_case+0x170/0x3f0
[   16.430556]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.430866]  kthread+0x328/0x630
[   16.431172]  ret_from_fork+0x10/0x20
[   16.431285] 
[   16.431326] Allocated by task 156:
[   16.431386]  kasan_save_stack+0x3c/0x68
[   16.431461]  kasan_save_track+0x20/0x40
[   16.431536]  kasan_save_alloc_info+0x40/0x58
[   16.431615]  __kasan_krealloc+0x118/0x178
[   16.431688]  krealloc_noprof+0x128/0x360
[   16.432622]  krealloc_more_oob_helper+0x168/0x678
[   16.433183]  krealloc_more_oob+0x20/0x38
[   16.433346]  kunit_try_run_case+0x170/0x3f0
[   16.433428]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.433828]  kthread+0x328/0x630
[   16.434251]  ret_from_fork+0x10/0x20
[   16.434379] 
[   16.434591] The buggy address belongs to the object at fff00000c450a200
[   16.434591]  which belongs to the cache kmalloc-256 of size 256
[   16.434942] The buggy address is located 0 bytes to the right of
[   16.434942]  allocated 235-byte region [fff00000c450a200, fff00000c450a2eb)
[   16.435351] 
[   16.435561] The buggy address belongs to the physical page:
[   16.435844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10450a
[   16.436214] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.436472] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.436861] page_type: f5(slab)
[   16.437052] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.437249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.437599] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.437989] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.438273] head: 0bfffe0000000001 ffffc1ffc3114281 00000000ffffffff 00000000ffffffff
[   16.438377] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.438768] page dumped because: kasan: bad access detected
[   16.438968] 
[   16.439159] Memory state around the buggy address:
[   16.439305]  fff00000c450a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.439398]  fff00000c450a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.439898] >fff00000c450a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.440291]                                                           ^
[   16.440507]  fff00000c450a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.440599]  fff00000c450a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.440910] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzht4TVw0WlfY69jnhMqjXElSg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzht4TVw0WlfY69jnhMqjXElSg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/Image.gz
sha256sum	70b1e536f53e9eb91aae94372b64952481bbf47e27b20cb5870c7e3e80457074

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/modules.tar.xz
sha256sum	95c3dca0f224e5b598c2e0728f570672c34de953e709490ceb7378a1ba9035be

durations

tests

boot	0
kunit	235.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

[   16.045398] ==================================================================
[   16.045999] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   16.047228] Write of size 1 at addr ffff888100a35cf0 by task kunit_try_catch/173
[   16.048313] 
[   16.048612] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.048721] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.048737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.048764] Call Trace:
[   16.048780]  <TASK>
[   16.048810]  dump_stack_lvl+0x73/0xb0
[   16.048893]  print_report+0xd1/0x650
[   16.048938]  ? __virt_addr_valid+0x1db/0x2d0
[   16.048982]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.049028]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.049073]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.049124]  kasan_report+0x141/0x180
[   16.049172]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.049325]  __asan_report_store1_noabort+0x1b/0x30
[   16.049361]  krealloc_more_oob_helper+0x7eb/0x930
[   16.049387]  ? __schedule+0x10cc/0x2b60
[   16.049410]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.049436]  ? finish_task_switch.isra.0+0x153/0x700
[   16.049460]  ? __switch_to+0x47/0xf50
[   16.049487]  ? __schedule+0x10cc/0x2b60
[   16.049508]  ? __pfx_read_tsc+0x10/0x10
[   16.049533]  krealloc_more_oob+0x1c/0x30
[   16.049558]  kunit_try_run_case+0x1a5/0x480
[   16.049584]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.049608]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.049632]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.049669]  ? __kthread_parkme+0x82/0x180
[   16.049716]  ? preempt_count_sub+0x50/0x80
[   16.049741]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.049767]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.049791]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.049815]  kthread+0x337/0x6f0
[   16.049836]  ? trace_preempt_on+0x20/0xc0
[   16.049863]  ? __pfx_kthread+0x10/0x10
[   16.049885]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.049906]  ? calculate_sigpending+0x7b/0xa0
[   16.049932]  ? __pfx_kthread+0x10/0x10
[   16.049954]  ret_from_fork+0x116/0x1d0
[   16.049974]  ? __pfx_kthread+0x10/0x10
[   16.049995]  ret_from_fork_asm+0x1a/0x30
[   16.050027]  </TASK>
[   16.050045] 
[   16.065202] Allocated by task 173:
[   16.065580]  kasan_save_stack+0x45/0x70
[   16.066075]  kasan_save_track+0x18/0x40
[   16.066665]  kasan_save_alloc_info+0x3b/0x50
[   16.067518]  __kasan_krealloc+0x190/0x1f0
[   16.067898]  krealloc_noprof+0xf3/0x340
[   16.068109]  krealloc_more_oob_helper+0x1a9/0x930
[   16.068598]  krealloc_more_oob+0x1c/0x30
[   16.069116]  kunit_try_run_case+0x1a5/0x480
[   16.069324]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.069531]  kthread+0x337/0x6f0
[   16.069715]  ret_from_fork+0x116/0x1d0
[   16.070613]  ret_from_fork_asm+0x1a/0x30
[   16.070944] 
[   16.071145] The buggy address belongs to the object at ffff888100a35c00
[   16.071145]  which belongs to the cache kmalloc-256 of size 256
[   16.072365] The buggy address is located 5 bytes to the right of
[   16.072365]  allocated 235-byte region [ffff888100a35c00, ffff888100a35ceb)
[   16.072885] 
[   16.073098] The buggy address belongs to the physical page:
[   16.073829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a34
[   16.074567] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.074934] flags: 0x200000000000040(head|node=0|zone=2)
[   16.075795] page_type: f5(slab)
[   16.075991] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.076913] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.077653] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.078207] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.079203] head: 0200000000000001 ffffea0004028d01 00000000ffffffff 00000000ffffffff
[   16.079496] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.079824] page dumped because: kasan: bad access detected
[   16.080070] 
[   16.080298] Memory state around the buggy address:
[   16.080828]  ffff888100a35b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.081560]  ffff888100a35c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.082347] >ffff888100a35c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.082898]                                                              ^
[   16.083198]  ffff888100a35d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.083537]  ffff888100a35d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.084044] ==================================================================
[   16.283674] ==================================================================
[   16.284227] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   16.285410] Write of size 1 at addr ffff8881029960eb by task kunit_try_catch/177
[   16.286040] 
[   16.286273] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.286376] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.286403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.286447] Call Trace:
[   16.286493]  <TASK>
[   16.286541]  dump_stack_lvl+0x73/0xb0
[   16.286627]  print_report+0xd1/0x650
[   16.286687]  ? __virt_addr_valid+0x1db/0x2d0
[   16.286733]  ? krealloc_more_oob_helper+0x821/0x930
[   16.286770]  ? kasan_addr_to_slab+0x11/0xa0
[   16.286793]  ? krealloc_more_oob_helper+0x821/0x930
[   16.286818]  kasan_report+0x141/0x180
[   16.286842]  ? krealloc_more_oob_helper+0x821/0x930
[   16.286871]  __asan_report_store1_noabort+0x1b/0x30
[   16.286893]  krealloc_more_oob_helper+0x821/0x930
[   16.286919]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.286944]  ? irqentry_exit+0x2a/0x60
[   16.286967]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.287006]  ? __pfx_krealloc_large_more_oob+0x10/0x10
[   16.287040]  krealloc_large_more_oob+0x1c/0x30
[   16.287065]  kunit_try_run_case+0x1a5/0x480
[   16.287094]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.287119]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.287144]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.287168]  ? __kthread_parkme+0x82/0x180
[   16.287191]  ? preempt_count_sub+0x50/0x80
[   16.287218]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.287242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.287289]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.287316]  kthread+0x337/0x6f0
[   16.287337]  ? trace_preempt_on+0x20/0xc0
[   16.287364]  ? __pfx_kthread+0x10/0x10
[   16.287386]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.287408]  ? calculate_sigpending+0x7b/0xa0
[   16.287435]  ? __pfx_kthread+0x10/0x10
[   16.287458]  ret_from_fork+0x116/0x1d0
[   16.287479]  ? __pfx_kthread+0x10/0x10
[   16.287500]  ret_from_fork_asm+0x1a/0x30
[   16.287533]  </TASK>
[   16.287548] 
[   16.299287] The buggy address belongs to the physical page:
[   16.299865] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994
[   16.300426] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.300868] flags: 0x200000000000040(head|node=0|zone=2)
[   16.301295] page_type: f8(unknown)
[   16.301643] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.301971] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.302581] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.303228] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.303726] head: 0200000000000002 ffffea00040a6501 00000000ffffffff 00000000ffffffff
[   16.304096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.304776] page dumped because: kasan: bad access detected
[   16.305218] 
[   16.305424] Memory state around the buggy address:
[   16.305808]  ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.306210]  ffff888102996000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.306870] >ffff888102996080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.307321]                                                           ^
[   16.307615]  ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.308147]  ffff888102996180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.308543] ==================================================================
[   16.007018] ==================================================================
[   16.007981] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   16.008758] Write of size 1 at addr ffff888100a35ceb by task kunit_try_catch/173
[   16.009099] 
[   16.009273] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.009380] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.009403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.009444] Call Trace:
[   16.009475]  <TASK>
[   16.009514]  dump_stack_lvl+0x73/0xb0
[   16.009586]  print_report+0xd1/0x650
[   16.009630]  ? __virt_addr_valid+0x1db/0x2d0
[   16.009675]  ? krealloc_more_oob_helper+0x821/0x930
[   16.009720]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.009759]  ? krealloc_more_oob_helper+0x821/0x930
[   16.009800]  kasan_report+0x141/0x180
[   16.009842]  ? krealloc_more_oob_helper+0x821/0x930
[   16.009894]  __asan_report_store1_noabort+0x1b/0x30
[   16.009933]  krealloc_more_oob_helper+0x821/0x930
[   16.009973]  ? __schedule+0x10cc/0x2b60
[   16.010017]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.010060]  ? finish_task_switch.isra.0+0x153/0x700
[   16.010101]  ? __switch_to+0x47/0xf50
[   16.010149]  ? __schedule+0x10cc/0x2b60
[   16.010188]  ? __pfx_read_tsc+0x10/0x10
[   16.010233]  krealloc_more_oob+0x1c/0x30
[   16.010366]  kunit_try_run_case+0x1a5/0x480
[   16.010413]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.010439]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.010465]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.010488]  ? __kthread_parkme+0x82/0x180
[   16.010510]  ? preempt_count_sub+0x50/0x80
[   16.010534]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.010559]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.010583]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.010607]  kthread+0x337/0x6f0
[   16.010628]  ? trace_preempt_on+0x20/0xc0
[   16.010654]  ? __pfx_kthread+0x10/0x10
[   16.010680]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.010728]  ? calculate_sigpending+0x7b/0xa0
[   16.010756]  ? __pfx_kthread+0x10/0x10
[   16.010779]  ret_from_fork+0x116/0x1d0
[   16.010799]  ? __pfx_kthread+0x10/0x10
[   16.010820]  ret_from_fork_asm+0x1a/0x30
[   16.010852]  </TASK>
[   16.010867] 
[   16.025167] Allocated by task 173:
[   16.025638]  kasan_save_stack+0x45/0x70
[   16.026046]  kasan_save_track+0x18/0x40
[   16.026398]  kasan_save_alloc_info+0x3b/0x50
[   16.026710]  __kasan_krealloc+0x190/0x1f0
[   16.027330]  krealloc_noprof+0xf3/0x340
[   16.027552]  krealloc_more_oob_helper+0x1a9/0x930
[   16.027801]  krealloc_more_oob+0x1c/0x30
[   16.028647]  kunit_try_run_case+0x1a5/0x480
[   16.029130]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.029502]  kthread+0x337/0x6f0
[   16.029792]  ret_from_fork+0x116/0x1d0
[   16.030398]  ret_from_fork_asm+0x1a/0x30
[   16.030738] 
[   16.030979] The buggy address belongs to the object at ffff888100a35c00
[   16.030979]  which belongs to the cache kmalloc-256 of size 256
[   16.032249] The buggy address is located 0 bytes to the right of
[   16.032249]  allocated 235-byte region [ffff888100a35c00, ffff888100a35ceb)
[   16.033480] 
[   16.033898] The buggy address belongs to the physical page:
[   16.034741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a34
[   16.035183] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.035458] flags: 0x200000000000040(head|node=0|zone=2)
[   16.035829] page_type: f5(slab)
[   16.036016] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.036589] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.036981] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.037521] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.038016] head: 0200000000000001 ffffea0004028d01 00000000ffffffff 00000000ffffffff
[   16.038615] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.039185] page dumped because: kasan: bad access detected
[   16.039562] 
[   16.039758] Memory state around the buggy address:
[   16.040206]  ffff888100a35b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.040631]  ffff888100a35c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.041744] >ffff888100a35c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.042579]                                                           ^
[   16.043123]  ffff888100a35d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.043877]  ffff888100a35d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.044147] ==================================================================
[   16.309800] ==================================================================
[   16.310319] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   16.311067] Write of size 1 at addr ffff8881029960f0 by task kunit_try_catch/177
[   16.311448] 
[   16.311865] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.312121] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.312152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.312197] Call Trace:
[   16.312236]  <TASK>
[   16.312284]  dump_stack_lvl+0x73/0xb0
[   16.312346]  print_report+0xd1/0x650
[   16.312386]  ? __virt_addr_valid+0x1db/0x2d0
[   16.312423]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.312457]  ? kasan_addr_to_slab+0x11/0xa0
[   16.312485]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.312519]  kasan_report+0x141/0x180
[   16.312552]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.312593]  __asan_report_store1_noabort+0x1b/0x30
[   16.312625]  krealloc_more_oob_helper+0x7eb/0x930
[   16.312674]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.312712]  ? irqentry_exit+0x2a/0x60
[   16.312744]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.312783]  ? __pfx_krealloc_large_more_oob+0x10/0x10
[   16.312822]  krealloc_large_more_oob+0x1c/0x30
[   16.312857]  kunit_try_run_case+0x1a5/0x480
[   16.312892]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.312915]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.312940]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.312963]  ? __kthread_parkme+0x82/0x180
[   16.312985]  ? preempt_count_sub+0x50/0x80
[   16.313011]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.313037]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.313061]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.313085]  kthread+0x337/0x6f0
[   16.313105]  ? trace_preempt_on+0x20/0xc0
[   16.313131]  ? __pfx_kthread+0x10/0x10
[   16.313153]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.313174]  ? calculate_sigpending+0x7b/0xa0
[   16.313200]  ? __pfx_kthread+0x10/0x10
[   16.313222]  ret_from_fork+0x116/0x1d0
[   16.313242]  ? __pfx_kthread+0x10/0x10
[   16.313287]  ret_from_fork_asm+0x1a/0x30
[   16.313323]  </TASK>
[   16.313336] 
[   16.326474] The buggy address belongs to the physical page:
[   16.326854] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994
[   16.327366] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.327809] flags: 0x200000000000040(head|node=0|zone=2)
[   16.328211] page_type: f8(unknown)
[   16.328585] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.329104] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.329430] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.329922] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.330307] head: 0200000000000002 ffffea00040a6501 00000000ffffffff 00000000ffffffff
[   16.330829] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.331186] page dumped because: kasan: bad access detected
[   16.331604] 
[   16.331811] Memory state around the buggy address:
[   16.332141]  ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.332517]  ffff888102996000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.332908] >ffff888102996080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.333308]                                                              ^
[   16.333763]  ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.334202]  ffff888102996180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.334690] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzhu6iaWdJjc5OBxEyTCXoH7hg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzhu6iaWdJjc5OBxEyTCXoH7hg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/bzImage
sha256sum	a903e4e22fae7c9fda402890fe1753d53b5e12289f993655dd063c1cd604c332

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/modules.tar.xz
sha256sum	5e08ec47b0a73d33001c0f25787e3eb58851b97c569c3621f07d2da65a7a22ff

durations

tests

boot	0
kunit	361.27

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit