lkft/linux-next-master - next-20250515 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

May 15, 2025, 10:38 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.863372] ==================================================================
[   17.863493] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.863545] Write of size 1 at addr fff00000c473daf0 by task kunit_try_catch/156
[   17.863648] 
[   17.863720] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.863803] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.864135] Hardware name: linux,dummy-virt (DT)
[   17.864222] Call trace:
[   17.864253]  show_stack+0x20/0x38 (C)
[   17.864306]  dump_stack_lvl+0x8c/0xd0
[   17.864428]  print_report+0x118/0x608
[   17.864518]  kasan_report+0xdc/0x128
[   17.864625]  __asan_report_store1_noabort+0x20/0x30
[   17.864679]  krealloc_more_oob_helper+0x5c0/0x678
[   17.864763]  krealloc_more_oob+0x20/0x38
[   17.865071]  kunit_try_run_case+0x170/0x3f0
[   17.865151]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.865306]  kthread+0x328/0x630
[   17.865358]  ret_from_fork+0x10/0x20
[   17.865415] 
[   17.865492] Allocated by task 156:
[   17.865540]  kasan_save_stack+0x3c/0x68
[   17.865629]  kasan_save_track+0x20/0x40
[   17.865665]  kasan_save_alloc_info+0x40/0x58
[   17.865702]  __kasan_krealloc+0x118/0x178
[   17.865916]  krealloc_noprof+0x128/0x360
[   17.865964]  krealloc_more_oob_helper+0x168/0x678
[   17.866209]  krealloc_more_oob+0x20/0x38
[   17.866376]  kunit_try_run_case+0x170/0x3f0
[   17.866518]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.866606]  kthread+0x328/0x630
[   17.866803]  ret_from_fork+0x10/0x20
[   17.866949] 
[   17.866971] The buggy address belongs to the object at fff00000c473da00
[   17.866971]  which belongs to the cache kmalloc-256 of size 256
[   17.867355] The buggy address is located 5 bytes to the right of
[   17.867355]  allocated 235-byte region [fff00000c473da00, fff00000c473daeb)
[   17.867493] 
[   17.867570] The buggy address belongs to the physical page:
[   17.867686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10473c
[   17.867782] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.867873] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.868199] page_type: f5(slab)
[   17.868269] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.868423] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.868646] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.868748] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.869208] head: 0bfffe0000000001 ffffc1ffc311cf01 00000000ffffffff 00000000ffffffff
[   17.869483] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.869623] page dumped because: kasan: bad access detected
[   17.869655] 
[   17.869818] Memory state around the buggy address:
[   17.869972]  fff00000c473d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.870052]  fff00000c473da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.870110] >fff00000c473da80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.870147]                                                              ^
[   17.870243]  fff00000c473db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.870609]  fff00000c473db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.870694] ==================================================================
[   17.852844] ==================================================================
[   17.852899] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.852951] Write of size 1 at addr fff00000c473daeb by task kunit_try_catch/156
[   17.852999] 
[   17.853031] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.853113] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.853139] Hardware name: linux,dummy-virt (DT)
[   17.853733] Call trace:
[   17.854281]  show_stack+0x20/0x38 (C)
[   17.854373]  dump_stack_lvl+0x8c/0xd0
[   17.854442]  print_report+0x118/0x608
[   17.854515]  kasan_report+0xdc/0x128
[   17.854595]  __asan_report_store1_noabort+0x20/0x30
[   17.854666]  krealloc_more_oob_helper+0x60c/0x678
[   17.854747]  krealloc_more_oob+0x20/0x38
[   17.855071]  kunit_try_run_case+0x170/0x3f0
[   17.855149]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.855295]  kthread+0x328/0x630
[   17.855379]  ret_from_fork+0x10/0x20
[   17.855751] 
[   17.855799] Allocated by task 156:
[   17.855861]  kasan_save_stack+0x3c/0x68
[   17.855924]  kasan_save_track+0x20/0x40
[   17.856059]  kasan_save_alloc_info+0x40/0x58
[   17.856206]  __kasan_krealloc+0x118/0x178
[   17.856340]  krealloc_noprof+0x128/0x360
[   17.856434]  krealloc_more_oob_helper+0x168/0x678
[   17.856743]  krealloc_more_oob+0x20/0x38
[   17.856813]  kunit_try_run_case+0x170/0x3f0
[   17.856885]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.856974]  kthread+0x328/0x630
[   17.857093]  ret_from_fork+0x10/0x20
[   17.857146] 
[   17.857176] The buggy address belongs to the object at fff00000c473da00
[   17.857176]  which belongs to the cache kmalloc-256 of size 256
[   17.857483] The buggy address is located 0 bytes to the right of
[   17.857483]  allocated 235-byte region [fff00000c473da00, fff00000c473daeb)
[   17.857917] 
[   17.858015] The buggy address belongs to the physical page:
[   17.858180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10473c
[   17.858238] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.858311] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.858672] page_type: f5(slab)
[   17.858767] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.858876] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.859057] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.859243] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.859320] head: 0bfffe0000000001 ffffc1ffc311cf01 00000000ffffffff 00000000ffffffff
[   17.859382] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.859700] page dumped because: kasan: bad access detected
[   17.859785] 
[   17.859923] Memory state around the buggy address:
[   17.860108]  fff00000c473d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.860241]  fff00000c473da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.860323] >fff00000c473da80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.860366]                                                           ^
[   17.860760]  fff00000c473db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.860856]  fff00000c473db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.860957] ==================================================================
[   17.929018] ==================================================================
[   17.929073] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.929141] Write of size 1 at addr fff00000c77560f0 by task kunit_try_catch/160
[   17.929630] 
[   17.929675] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.930108] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.930237] Hardware name: linux,dummy-virt (DT)
[   17.930286] Call trace:
[   17.930308]  show_stack+0x20/0x38 (C)
[   17.930608]  dump_stack_lvl+0x8c/0xd0
[   17.930717]  print_report+0x118/0x608
[   17.930886]  kasan_report+0xdc/0x128
[   17.931079]  __asan_report_store1_noabort+0x20/0x30
[   17.931693]  krealloc_more_oob_helper+0x5c0/0x678
[   17.931760]  krealloc_large_more_oob+0x20/0x38
[   17.932220]  kunit_try_run_case+0x170/0x3f0
[   17.932570]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.932651]  kthread+0x328/0x630
[   17.932922]  ret_from_fork+0x10/0x20
[   17.933111] 
[   17.933223] The buggy address belongs to the physical page:
[   17.933273] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   17.933536] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.933827] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.934204] page_type: f8(unknown)
[   17.934342] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.934548] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.934600] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.934648] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.934695] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   17.934750] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.934790] page dumped because: kasan: bad access detected
[   17.934820] 
[   17.934838] Memory state around the buggy address:
[   17.935029]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.935388]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.935450] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.935574]                                                              ^
[   17.935704]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.935788]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.935892] ==================================================================
[   17.921767] ==================================================================
[   17.922058] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.922115] Write of size 1 at addr fff00000c77560eb by task kunit_try_catch/160
[   17.922424] 
[   17.922591] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.922754] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.922845] Hardware name: linux,dummy-virt (DT)
[   17.922987] Call trace:
[   17.923078]  show_stack+0x20/0x38 (C)
[   17.923396]  dump_stack_lvl+0x8c/0xd0
[   17.923448]  print_report+0x118/0x608
[   17.923778]  kasan_report+0xdc/0x128
[   17.923859]  __asan_report_store1_noabort+0x20/0x30
[   17.923993]  krealloc_more_oob_helper+0x60c/0x678
[   17.924173]  krealloc_large_more_oob+0x20/0x38
[   17.924294]  kunit_try_run_case+0x170/0x3f0
[   17.924410]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.924500]  kthread+0x328/0x630
[   17.924855]  ret_from_fork+0x10/0x20
[   17.924939] 
[   17.924990] The buggy address belongs to the physical page:
[   17.925148] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   17.925240] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.925509] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.925879] page_type: f8(unknown)
[   17.925956] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.926038] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.926227] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.926305] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.926560] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   17.926638] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.926828] page dumped because: kasan: bad access detected
[   17.927071] 
[   17.927212] Memory state around the buggy address:
[   17.927298]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.927343]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.927755] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.927841]                                                           ^
[   17.927915]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.927963]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.927999] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x82cn95lnaJcv25aBcIbqxmNlW

job_id

TEST:linaro@lkft#2x82i0VEAX8AHEnAIjjHU38fOa5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x82i0VEAX8AHEnAIjjHU38fOa5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82eG237Xz0oehRyoZ2sE2FTZZ/Image.gz
sha256sum	8d10f44ec72bc28243b4fef40985d64e1d2a2da67aaf1203ca0c5f056291b385

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82eG237Xz0oehRyoZ2sE2FTZZ/modules.tar.xz
sha256sum	260beefc77a5cb8d14f0b0fb6da10f4b829dae2598932fe8a7db834d3bf2199f

durations

tests

boot	0
kunit	179.62

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.778991] ==================================================================
[   13.779429] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.780164] Write of size 1 at addr ffff8881025060eb by task kunit_try_catch/178
[   13.780502] 
[   13.780635] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.781486] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.781518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.781552] Call Trace:
[   13.781577]  <TASK>
[   13.781618]  dump_stack_lvl+0x73/0xb0
[   13.781664]  print_report+0xd1/0x650
[   13.781689]  ? __virt_addr_valid+0x1db/0x2d0
[   13.781714]  ? krealloc_more_oob_helper+0x821/0x930
[   13.781736]  ? kasan_addr_to_slab+0x11/0xa0
[   13.781755]  ? krealloc_more_oob_helper+0x821/0x930
[   13.781777]  kasan_report+0x141/0x180
[   13.781798]  ? krealloc_more_oob_helper+0x821/0x930
[   13.781824]  __asan_report_store1_noabort+0x1b/0x30
[   13.781843]  krealloc_more_oob_helper+0x821/0x930
[   13.781864]  ? __schedule+0x10cc/0x2b60
[   13.781885]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.781907]  ? finish_task_switch.isra.0+0x153/0x700
[   13.781928]  ? __switch_to+0x47/0xf50
[   13.781953]  ? __schedule+0x10cc/0x2b60
[   13.781973]  ? __pfx_read_tsc+0x10/0x10
[   13.781996]  krealloc_large_more_oob+0x1c/0x30
[   13.782018]  kunit_try_run_case+0x1a5/0x480
[   13.782040]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.782060]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.782082]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.782102]  ? __kthread_parkme+0x82/0x180
[   13.782123]  ? preempt_count_sub+0x50/0x80
[   13.782145]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.782167]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.782187]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.782208]  kthread+0x337/0x6f0
[   13.782246]  ? trace_preempt_on+0x20/0xc0
[   13.782272]  ? __pfx_kthread+0x10/0x10
[   13.782292]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.782313]  ? calculate_sigpending+0x7b/0xa0
[   13.782349]  ? __pfx_kthread+0x10/0x10
[   13.782374]  ret_from_fork+0x116/0x1d0
[   13.782392]  ? __pfx_kthread+0x10/0x10
[   13.782412]  ret_from_fork_asm+0x1a/0x30
[   13.782443]  </TASK>
[   13.782457] 
[   13.793783] The buggy address belongs to the physical page:
[   13.794010] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102504
[   13.794657] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.795203] flags: 0x200000000000040(head|node=0|zone=2)
[   13.795799] page_type: f8(unknown)
[   13.796031] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.796601] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.796878] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.797126] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.797785] head: 0200000000000002 ffffea0004094101 00000000ffffffff 00000000ffffffff
[   13.798307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.799002] page dumped because: kasan: bad access detected
[   13.799411] 
[   13.799798] Memory state around the buggy address:
[   13.800155]  ffff888102505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.800781]  ffff888102506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.801066] >ffff888102506080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.801705]                                                           ^
[   13.802050]  ffff888102506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.802300]  ffff888102506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.802940] ==================================================================
[   13.804255] ==================================================================
[   13.804917] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.805233] Write of size 1 at addr ffff8881025060f0 by task kunit_try_catch/178
[   13.805897] 
[   13.806057] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.806168] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.806191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.806236] Call Trace:
[   13.806261]  <TASK>
[   13.806292]  dump_stack_lvl+0x73/0xb0
[   13.806375]  print_report+0xd1/0x650
[   13.806425]  ? __virt_addr_valid+0x1db/0x2d0
[   13.806546]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.806634]  ? kasan_addr_to_slab+0x11/0xa0
[   13.806664]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.806703]  kasan_report+0x141/0x180
[   13.806742]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.806794]  __asan_report_store1_noabort+0x1b/0x30
[   13.806834]  krealloc_more_oob_helper+0x7eb/0x930
[   13.806876]  ? __schedule+0x10cc/0x2b60
[   13.806921]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.806962]  ? finish_task_switch.isra.0+0x153/0x700
[   13.807028]  ? __switch_to+0x47/0xf50
[   13.807077]  ? __schedule+0x10cc/0x2b60
[   13.807117]  ? __pfx_read_tsc+0x10/0x10
[   13.807166]  krealloc_large_more_oob+0x1c/0x30
[   13.807214]  kunit_try_run_case+0x1a5/0x480
[   13.807274]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.807298]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.807322]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.807344]  ? __kthread_parkme+0x82/0x180
[   13.807366]  ? preempt_count_sub+0x50/0x80
[   13.807388]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.807410]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.807432]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.807454]  kthread+0x337/0x6f0
[   13.807484]  ? trace_preempt_on+0x20/0xc0
[   13.807545]  ? __pfx_kthread+0x10/0x10
[   13.807575]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.807623]  ? calculate_sigpending+0x7b/0xa0
[   13.807655]  ? __pfx_kthread+0x10/0x10
[   13.807683]  ret_from_fork+0x116/0x1d0
[   13.807709]  ? __pfx_kthread+0x10/0x10
[   13.807736]  ret_from_fork_asm+0x1a/0x30
[   13.807779]  </TASK>
[   13.807797] 
[   13.816571] The buggy address belongs to the physical page:
[   13.816790] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102504
[   13.817070] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.817595] flags: 0x200000000000040(head|node=0|zone=2)
[   13.818000] page_type: f8(unknown)
[   13.818315] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.818949] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.819250] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.819510] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.819761] head: 0200000000000002 ffffea0004094101 00000000ffffffff 00000000ffffffff
[   13.820316] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.820810] page dumped because: kasan: bad access detected
[   13.821191] 
[   13.821361] Memory state around the buggy address:
[   13.821816]  ffff888102505f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.822361]  ffff888102506000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.822606] >ffff888102506080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.822839]                                                              ^
[   13.823075]  ffff888102506100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.823459]  ffff888102506180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.823906] ==================================================================
[   13.553128] ==================================================================
[   13.553605] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.554006] Write of size 1 at addr ffff88810033eeeb by task kunit_try_catch/174
[   13.554954] 
[   13.555287] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.555413] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.555436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.555461] Call Trace:
[   13.555478]  <TASK>
[   13.555498]  dump_stack_lvl+0x73/0xb0
[   13.555535]  print_report+0xd1/0x650
[   13.555559]  ? __virt_addr_valid+0x1db/0x2d0
[   13.555583]  ? krealloc_more_oob_helper+0x821/0x930
[   13.555606]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.555628]  ? krealloc_more_oob_helper+0x821/0x930
[   13.555651]  kasan_report+0x141/0x180
[   13.555673]  ? krealloc_more_oob_helper+0x821/0x930
[   13.555701]  __asan_report_store1_noabort+0x1b/0x30
[   13.555721]  krealloc_more_oob_helper+0x821/0x930
[   13.555743]  ? __schedule+0x10cc/0x2b60
[   13.555765]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.555789]  ? finish_task_switch.isra.0+0x153/0x700
[   13.555811]  ? __switch_to+0x47/0xf50
[   13.555838]  ? __schedule+0x10cc/0x2b60
[   13.555858]  ? __pfx_read_tsc+0x10/0x10
[   13.555882]  krealloc_more_oob+0x1c/0x30
[   13.555904]  kunit_try_run_case+0x1a5/0x480
[   13.555928]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.555949]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.555971]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.555993]  ? __kthread_parkme+0x82/0x180
[   13.556013]  ? preempt_count_sub+0x50/0x80
[   13.556035]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.556057]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.556079]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.556102]  kthread+0x337/0x6f0
[   13.556121]  ? trace_preempt_on+0x20/0xc0
[   13.556144]  ? __pfx_kthread+0x10/0x10
[   13.556164]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.556184]  ? calculate_sigpending+0x7b/0xa0
[   13.556208]  ? __pfx_kthread+0x10/0x10
[   13.556249]  ret_from_fork+0x116/0x1d0
[   13.556269]  ? __pfx_kthread+0x10/0x10
[   13.556289]  ret_from_fork_asm+0x1a/0x30
[   13.556321]  </TASK>
[   13.556333] 
[   13.564629] Allocated by task 174:
[   13.564803]  kasan_save_stack+0x45/0x70
[   13.565102]  kasan_save_track+0x18/0x40
[   13.565385]  kasan_save_alloc_info+0x3b/0x50
[   13.565696]  __kasan_krealloc+0x190/0x1f0
[   13.565925]  krealloc_noprof+0xf3/0x340
[   13.566097]  krealloc_more_oob_helper+0x1a9/0x930
[   13.566302]  krealloc_more_oob+0x1c/0x30
[   13.566490]  kunit_try_run_case+0x1a5/0x480
[   13.566781]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.567171]  kthread+0x337/0x6f0
[   13.567454]  ret_from_fork+0x116/0x1d0
[   13.567743]  ret_from_fork_asm+0x1a/0x30
[   13.568050] 
[   13.568204] The buggy address belongs to the object at ffff88810033ee00
[   13.568204]  which belongs to the cache kmalloc-256 of size 256
[   13.568684] The buggy address is located 0 bytes to the right of
[   13.568684]  allocated 235-byte region [ffff88810033ee00, ffff88810033eeeb)
[   13.569106] 
[   13.569265] The buggy address belongs to the physical page:
[   13.569639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   13.570134] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.570649] flags: 0x200000000000040(head|node=0|zone=2)
[   13.570946] page_type: f5(slab)
[   13.571115] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.571382] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.571637] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.571896] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.572142] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   13.572650] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.573124] page dumped because: kasan: bad access detected
[   13.573521] 
[   13.573671] Memory state around the buggy address:
[   13.574015]  ffff88810033ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.574522]  ffff88810033ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.574985] >ffff88810033ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.575337]                                                           ^
[   13.575685]  ffff88810033ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.576011]  ffff88810033ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.576259] ==================================================================
[   13.578868] ==================================================================
[   13.579428] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.580094] Write of size 1 at addr ffff88810033eef0 by task kunit_try_catch/174
[   13.580608] 
[   13.580807] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.580897] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.580918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.580954] Call Trace:
[   13.580980]  <TASK>
[   13.581012]  dump_stack_lvl+0x73/0xb0
[   13.581065]  print_report+0xd1/0x650
[   13.581108]  ? __virt_addr_valid+0x1db/0x2d0
[   13.581150]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.581195]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.581248]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.581296]  kasan_report+0x141/0x180
[   13.581341]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.581395]  __asan_report_store1_noabort+0x1b/0x30
[   13.581437]  krealloc_more_oob_helper+0x7eb/0x930
[   13.581480]  ? __schedule+0x10cc/0x2b60
[   13.581526]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.581573]  ? finish_task_switch.isra.0+0x153/0x700
[   13.581615]  ? __switch_to+0x47/0xf50
[   13.581663]  ? __schedule+0x10cc/0x2b60
[   13.581699]  ? __pfx_read_tsc+0x10/0x10
[   13.581741]  krealloc_more_oob+0x1c/0x30
[   13.581779]  kunit_try_run_case+0x1a5/0x480
[   13.581824]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.581864]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.581908]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.581952]  ? __kthread_parkme+0x82/0x180
[   13.581992]  ? preempt_count_sub+0x50/0x80
[   13.582039]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.582079]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.582121]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.582166]  kthread+0x337/0x6f0
[   13.582204]  ? trace_preempt_on+0x20/0xc0
[   13.582264]  ? __pfx_kthread+0x10/0x10
[   13.582307]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.582358]  ? calculate_sigpending+0x7b/0xa0
[   13.582409]  ? __pfx_kthread+0x10/0x10
[   13.582455]  ret_from_fork+0x116/0x1d0
[   13.582701]  ? __pfx_kthread+0x10/0x10
[   13.582753]  ret_from_fork_asm+0x1a/0x30
[   13.582813]  </TASK>
[   13.582834] 
[   13.592187] Allocated by task 174:
[   13.592395]  kasan_save_stack+0x45/0x70
[   13.592597]  kasan_save_track+0x18/0x40
[   13.592788]  kasan_save_alloc_info+0x3b/0x50
[   13.592980]  __kasan_krealloc+0x190/0x1f0
[   13.593113]  krealloc_noprof+0xf3/0x340
[   13.594462]  krealloc_more_oob_helper+0x1a9/0x930
[   13.595193]  krealloc_more_oob+0x1c/0x30
[   13.595768]  kunit_try_run_case+0x1a5/0x480
[   13.596091]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.596299]  kthread+0x337/0x6f0
[   13.596553]  ret_from_fork+0x116/0x1d0
[   13.596842]  ret_from_fork_asm+0x1a/0x30
[   13.597054] 
[   13.597210] The buggy address belongs to the object at ffff88810033ee00
[   13.597210]  which belongs to the cache kmalloc-256 of size 256
[   13.597656] The buggy address is located 5 bytes to the right of
[   13.597656]  allocated 235-byte region [ffff88810033ee00, ffff88810033eeeb)
[   13.598384] 
[   13.598499] The buggy address belongs to the physical page:
[   13.598873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e
[   13.599288] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.599655] flags: 0x200000000000040(head|node=0|zone=2)
[   13.599956] page_type: f5(slab)
[   13.600177] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.600585] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.600853] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.601101] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.601525] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff
[   13.602039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.602524] page dumped because: kasan: bad access detected
[   13.602740] 
[   13.602893] Memory state around the buggy address:
[   13.603162]  ffff88810033ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.603512]  ffff88810033ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.603924] >ffff88810033ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.604289]                                                              ^
[   13.604607]  ffff88810033ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.604940]  ffff88810033ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.605270] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x82cn95lnaJcv25aBcIbqxmNlW

job_id

TEST:linaro@lkft#2x82ipUVL9WHfkZvKCNBEYbkXTJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x82ipUVL9WHfkZvKCNBEYbkXTJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82fkCMGUVy57MkjmocaW2NNv8/bzImage
sha256sum	74edfec95eb8d8148308a14fc1b668c3e17d558cc339e0295e288f4cacaf4e2e

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82fkCMGUVy57MkjmocaW2NNv8/modules.tar.xz
sha256sum	07b80db55c46bb7e71e92134a37f3185bcd0da1c71552ff3a0f50f901a05a4fb

durations

tests

boot	0
kunit	322.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE