lkft/linux-next-master - next-20250526 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

May 26, 2025, 9:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.120105] ==================================================================
[   17.120239] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.120440] Write of size 1 at addr fff00000c6322ef0 by task kunit_try_catch/156
[   17.120666] 
[   17.120750] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.121207] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.121528] Hardware name: linux,dummy-virt (DT)
[   17.121616] Call trace:
[   17.121776]  show_stack+0x20/0x38 (C)
[   17.121911]  dump_stack_lvl+0x8c/0xd0
[   17.122020]  print_report+0x118/0x608
[   17.122527]  kasan_report+0xdc/0x128
[   17.122656]  __asan_report_store1_noabort+0x20/0x30
[   17.122840]  krealloc_more_oob_helper+0x5c0/0x678
[   17.122970]  krealloc_more_oob+0x20/0x38
[   17.123122]  kunit_try_run_case+0x170/0x3f0
[   17.123231]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.123347]  kthread+0x328/0x630
[   17.123688]  ret_from_fork+0x10/0x20
[   17.124058] 
[   17.124101] Allocated by task 156:
[   17.124406]  kasan_save_stack+0x3c/0x68
[   17.124554]  kasan_save_track+0x20/0x40
[   17.124666]  kasan_save_alloc_info+0x40/0x58
[   17.125240]  __kasan_krealloc+0x118/0x178
[   17.125352]  krealloc_noprof+0x128/0x360
[   17.125672]  krealloc_more_oob_helper+0x168/0x678
[   17.125813]  krealloc_more_oob+0x20/0x38
[   17.125911]  kunit_try_run_case+0x170/0x3f0
[   17.125996]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.126315]  kthread+0x328/0x630
[   17.126398]  ret_from_fork+0x10/0x20
[   17.126477] 
[   17.126980] The buggy address belongs to the object at fff00000c6322e00
[   17.126980]  which belongs to the cache kmalloc-256 of size 256
[   17.127150] The buggy address is located 5 bytes to the right of
[   17.127150]  allocated 235-byte region [fff00000c6322e00, fff00000c6322eeb)
[   17.127294] 
[   17.127645] The buggy address belongs to the physical page:
[   17.127915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.128066] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.128273] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.128511] page_type: f5(slab)
[   17.128667] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.128995] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.129219] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.129340] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.129979] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.130198] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.130280] page dumped because: kasan: bad access detected
[   17.130491] 
[   17.130646] Memory state around the buggy address:
[   17.130938]  fff00000c6322d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.131058]  fff00000c6322e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.131165] >fff00000c6322e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.131251]                                                              ^
[   17.131339]  fff00000c6322f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.131418]  fff00000c6322f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.131711] ==================================================================
[   17.100834] ==================================================================
[   17.101009] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.101146] Write of size 1 at addr fff00000c6322eeb by task kunit_try_catch/156
[   17.101258] 
[   17.102756] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.103786] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.104109] Hardware name: linux,dummy-virt (DT)
[   17.104247] Call trace:
[   17.104296]  show_stack+0x20/0x38 (C)
[   17.104860]  dump_stack_lvl+0x8c/0xd0
[   17.105467]  print_report+0x118/0x608
[   17.106353]  kasan_report+0xdc/0x128
[   17.106896]  __asan_report_store1_noabort+0x20/0x30
[   17.107202]  krealloc_more_oob_helper+0x60c/0x678
[   17.108111]  krealloc_more_oob+0x20/0x38
[   17.108434]  kunit_try_run_case+0x170/0x3f0
[   17.108702]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.108963]  kthread+0x328/0x630
[   17.109531]  ret_from_fork+0x10/0x20
[   17.109798] 
[   17.109838] Allocated by task 156:
[   17.109933]  kasan_save_stack+0x3c/0x68
[   17.110103]  kasan_save_track+0x20/0x40
[   17.110182]  kasan_save_alloc_info+0x40/0x58
[   17.110272]  __kasan_krealloc+0x118/0x178
[   17.110366]  krealloc_noprof+0x128/0x360
[   17.111332]  krealloc_more_oob_helper+0x168/0x678
[   17.111971]  krealloc_more_oob+0x20/0x38
[   17.112226]  kunit_try_run_case+0x170/0x3f0
[   17.112331]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.112421]  kthread+0x328/0x630
[   17.112505]  ret_from_fork+0x10/0x20
[   17.112584] 
[   17.112633] The buggy address belongs to the object at fff00000c6322e00
[   17.112633]  which belongs to the cache kmalloc-256 of size 256
[   17.112931] The buggy address is located 0 bytes to the right of
[   17.112931]  allocated 235-byte region [fff00000c6322e00, fff00000c6322eeb)
[   17.113251] 
[   17.113349] The buggy address belongs to the physical page:
[   17.113502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.113736] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.113880] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.114327] page_type: f5(slab)
[   17.114604] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.114743] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.114933] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.115112] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.115206] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.115749] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.115879] page dumped because: kasan: bad access detected
[   17.115958] 
[   17.115997] Memory state around the buggy address:
[   17.116074]  fff00000c6322d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.116179]  fff00000c6322e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.116281] >fff00000c6322e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.116643]                                                           ^
[   17.117045]  fff00000c6322f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.117149]  fff00000c6322f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.117229] ==================================================================
[   17.236241] ==================================================================
[   17.236365] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.236497] Write of size 1 at addr fff00000c65b60f0 by task kunit_try_catch/160
[   17.236630] 
[   17.236712] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.236932] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.237002] Hardware name: linux,dummy-virt (DT)
[   17.237074] Call trace:
[   17.237158]  show_stack+0x20/0x38 (C)
[   17.237276]  dump_stack_lvl+0x8c/0xd0
[   17.237398]  print_report+0x118/0x608
[   17.237504]  kasan_report+0xdc/0x128
[   17.237605]  __asan_report_store1_noabort+0x20/0x30
[   17.237718]  krealloc_more_oob_helper+0x5c0/0x678
[   17.237827]  krealloc_large_more_oob+0x20/0x38
[   17.237934]  kunit_try_run_case+0x170/0x3f0
[   17.238046]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.238166]  kthread+0x328/0x630
[   17.238264]  ret_from_fork+0x10/0x20
[   17.238382] 
[   17.238960] The buggy address belongs to the physical page:
[   17.239102] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4
[   17.239311] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.239427] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.239776] page_type: f8(unknown)
[   17.239980] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.240222] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.240492] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.240810] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.240972] head: 0bfffe0000000002 ffffc1ffc3196d01 00000000ffffffff 00000000ffffffff
[   17.241262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.241465] page dumped because: kasan: bad access detected
[   17.241534] 
[   17.241572] Memory state around the buggy address:
[   17.241643]  fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.241848]  fff00000c65b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.242062] >fff00000c65b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.242261]                                                              ^
[   17.242576]  fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.242672]  fff00000c65b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.242841] ==================================================================
[   17.228497] ==================================================================
[   17.229042] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.229199] Write of size 1 at addr fff00000c65b60eb by task kunit_try_catch/160
[   17.229316] 
[   17.229413] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.229612] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.229678] Hardware name: linux,dummy-virt (DT)
[   17.229752] Call trace:
[   17.229805]  show_stack+0x20/0x38 (C)
[   17.229923]  dump_stack_lvl+0x8c/0xd0
[   17.230036]  print_report+0x118/0x608
[   17.230144]  kasan_report+0xdc/0x128
[   17.230255]  __asan_report_store1_noabort+0x20/0x30
[   17.230389]  krealloc_more_oob_helper+0x60c/0x678
[   17.230507]  krealloc_large_more_oob+0x20/0x38
[   17.230619]  kunit_try_run_case+0x170/0x3f0
[   17.230732]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.231651]  kthread+0x328/0x630
[   17.231869]  ret_from_fork+0x10/0x20
[   17.232063] 
[   17.232116] The buggy address belongs to the physical page:
[   17.232256] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4
[   17.232434] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.232761] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.232970] page_type: f8(unknown)
[   17.233069] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.233183] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.233501] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.233647] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.233770] head: 0bfffe0000000002 ffffc1ffc3196d01 00000000ffffffff 00000000ffffffff
[   17.233971] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.234077] page dumped because: kasan: bad access detected
[   17.234149] 
[   17.234188] Memory state around the buggy address:
[   17.234259]  fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.234359]  fff00000c65b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.234457] >fff00000c65b6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.234543]                                                           ^
[   17.234808]  fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.235199]  fff00000c65b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.235307] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwKRqCiBXqZTfBUVGk3R7kFyV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwKRqCiBXqZTfBUVGk3R7kFyV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/Image.gz
sha256sum	5eb220ec8a0577057e846893fd6765de2862993ea9b0ac08817113a8276aa5f2

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/modules.tar.xz
sha256sum	4b1624b924fe7746dfbcb89db1c4c5f348e5b645d9f62b80c2bae0383b878251

durations

tests

boot	0
kunit	238.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.797987] ==================================================================
[   10.798686] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.799126] Write of size 1 at addr ffff888102a060f0 by task kunit_try_catch/178
[   10.799426] 
[   10.799527] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.799570] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.799581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.799601] Call Trace:
[   10.799613]  <TASK>
[   10.799626]  dump_stack_lvl+0x73/0xb0
[   10.799651]  print_report+0xd1/0x650
[   10.799673]  ? __virt_addr_valid+0x1db/0x2d0
[   10.799695]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.799718]  ? kasan_addr_to_slab+0x11/0xa0
[   10.799738]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.799762]  kasan_report+0x141/0x180
[   10.799783]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.799811]  __asan_report_store1_noabort+0x1b/0x30
[   10.799832]  krealloc_more_oob_helper+0x7eb/0x930
[   10.799854]  ? __schedule+0x10cc/0x2b60
[   10.799877]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.799901]  ? finish_task_switch.isra.0+0x153/0x700
[   10.799922]  ? __switch_to+0x47/0xf50
[   10.799946]  ? __schedule+0x10cc/0x2b60
[   10.799968]  ? __pfx_read_tsc+0x10/0x10
[   10.799990]  krealloc_large_more_oob+0x1c/0x30
[   10.800176]  kunit_try_run_case+0x1a5/0x480
[   10.800198]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.800217]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.800242]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.800266]  ? __kthread_parkme+0x82/0x180
[   10.800287]  ? preempt_count_sub+0x50/0x80
[   10.800309]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.800329]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.800352]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.800391]  kthread+0x337/0x6f0
[   10.800410]  ? trace_preempt_on+0x20/0xc0
[   10.800432]  ? __pfx_kthread+0x10/0x10
[   10.800452]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.800475]  ? calculate_sigpending+0x7b/0xa0
[   10.800498]  ? __pfx_kthread+0x10/0x10
[   10.800518]  ret_from_fork+0x116/0x1d0
[   10.800536]  ? __pfx_kthread+0x10/0x10
[   10.800556]  ret_from_fork_asm+0x1a/0x30
[   10.800586]  </TASK>
[   10.800596] 
[   10.808714] The buggy address belongs to the physical page:
[   10.808941] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a04
[   10.809223] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.809498] flags: 0x200000000000040(head|node=0|zone=2)
[   10.809749] page_type: f8(unknown)
[   10.809985] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.810479] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.810813] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.811230] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.811613] head: 0200000000000002 ffffea00040a8101 00000000ffffffff 00000000ffffffff
[   10.811911] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.812464] page dumped because: kasan: bad access detected
[   10.812694] 
[   10.812792] Memory state around the buggy address:
[   10.813019]  ffff888102a05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.813260]  ffff888102a06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.813488] >ffff888102a06080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.813714]                                                              ^
[   10.814117]  ffff888102a06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.814442]  ffff888102a06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.814686] ==================================================================
[   10.593721] ==================================================================
[   10.594359] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.594620] Write of size 1 at addr ffff888100a370eb by task kunit_try_catch/174
[   10.594854] 
[   10.594940] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.594983] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.594995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.595015] Call Trace:
[   10.595025]  <TASK>
[   10.595040]  dump_stack_lvl+0x73/0xb0
[   10.595066]  print_report+0xd1/0x650
[   10.595090]  ? __virt_addr_valid+0x1db/0x2d0
[   10.595113]  ? krealloc_more_oob_helper+0x821/0x930
[   10.595136]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.595158]  ? krealloc_more_oob_helper+0x821/0x930
[   10.595182]  kasan_report+0x141/0x180
[   10.595204]  ? krealloc_more_oob_helper+0x821/0x930
[   10.595233]  __asan_report_store1_noabort+0x1b/0x30
[   10.595253]  krealloc_more_oob_helper+0x821/0x930
[   10.595275]  ? __schedule+0x10cc/0x2b60
[   10.595299]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.595323]  ? finish_task_switch.isra.0+0x153/0x700
[   10.595344]  ? __switch_to+0x47/0xf50
[   10.595371]  ? __schedule+0x10cc/0x2b60
[   10.595743]  ? __pfx_read_tsc+0x10/0x10
[   10.595770]  krealloc_more_oob+0x1c/0x30
[   10.595796]  kunit_try_run_case+0x1a5/0x480
[   10.596043]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.596066]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.596090]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.596118]  ? __kthread_parkme+0x82/0x180
[   10.596138]  ? preempt_count_sub+0x50/0x80
[   10.596160]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.596181]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.596204]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.596228]  kthread+0x337/0x6f0
[   10.596247]  ? trace_preempt_on+0x20/0xc0
[   10.596270]  ? __pfx_kthread+0x10/0x10
[   10.596290]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.596312]  ? calculate_sigpending+0x7b/0xa0
[   10.596335]  ? __pfx_kthread+0x10/0x10
[   10.596356]  ret_from_fork+0x116/0x1d0
[   10.596373]  ? __pfx_kthread+0x10/0x10
[   10.596404]  ret_from_fork_asm+0x1a/0x30
[   10.596436]  </TASK>
[   10.596446] 
[   10.614651] Allocated by task 174:
[   10.615229]  kasan_save_stack+0x45/0x70
[   10.615774]  kasan_save_track+0x18/0x40
[   10.616414]  kasan_save_alloc_info+0x3b/0x50
[   10.617041]  __kasan_krealloc+0x190/0x1f0
[   10.617615]  krealloc_noprof+0xf3/0x340
[   10.618204]  krealloc_more_oob_helper+0x1a9/0x930
[   10.618726]  krealloc_more_oob+0x1c/0x30
[   10.619175]  kunit_try_run_case+0x1a5/0x480
[   10.619330]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.619520]  kthread+0x337/0x6f0
[   10.619642]  ret_from_fork+0x116/0x1d0
[   10.619777]  ret_from_fork_asm+0x1a/0x30
[   10.620161] 
[   10.620362] The buggy address belongs to the object at ffff888100a37000
[   10.620362]  which belongs to the cache kmalloc-256 of size 256
[   10.621564] The buggy address is located 0 bytes to the right of
[   10.621564]  allocated 235-byte region [ffff888100a37000, ffff888100a370eb)
[   10.622863] 
[   10.622943] The buggy address belongs to the physical page:
[   10.623454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.623961] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.624630] flags: 0x200000000000040(head|node=0|zone=2)
[   10.625076] page_type: f5(slab)
[   10.625477] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.626092] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.626530] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.626873] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.627275] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.627631] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.628002] page dumped because: kasan: bad access detected
[   10.628297] 
[   10.628428] Memory state around the buggy address:
[   10.628615]  ffff888100a36f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.628937]  ffff888100a37000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.629443] >ffff888100a37080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.629725]                                                           ^
[   10.630004]  ffff888100a37100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.630361]  ffff888100a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.630713] ==================================================================
[   10.631631] ==================================================================
[   10.632035] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.632507] Write of size 1 at addr ffff888100a370f0 by task kunit_try_catch/174
[   10.632850] 
[   10.632952] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.632997] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.633009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.633031] Call Trace:
[   10.633042]  <TASK>
[   10.633057]  dump_stack_lvl+0x73/0xb0
[   10.633082]  print_report+0xd1/0x650
[   10.633106]  ? __virt_addr_valid+0x1db/0x2d0
[   10.633127]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.633483]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.633507]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.633531]  kasan_report+0x141/0x180
[   10.633565]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.633595]  __asan_report_store1_noabort+0x1b/0x30
[   10.633616]  krealloc_more_oob_helper+0x7eb/0x930
[   10.633647]  ? __schedule+0x10cc/0x2b60
[   10.633671]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.633706]  ? finish_task_switch.isra.0+0x153/0x700
[   10.633727]  ? __switch_to+0x47/0xf50
[   10.633752]  ? __schedule+0x10cc/0x2b60
[   10.633787]  ? __pfx_read_tsc+0x10/0x10
[   10.633810]  krealloc_more_oob+0x1c/0x30
[   10.633832]  kunit_try_run_case+0x1a5/0x480
[   10.633852]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.633871]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.633895]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.633919]  ? __kthread_parkme+0x82/0x180
[   10.633938]  ? preempt_count_sub+0x50/0x80
[   10.633961]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.633981]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.634152]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.634184]  kthread+0x337/0x6f0
[   10.634204]  ? trace_preempt_on+0x20/0xc0
[   10.634227]  ? __pfx_kthread+0x10/0x10
[   10.634248]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.634272]  ? calculate_sigpending+0x7b/0xa0
[   10.634295]  ? __pfx_kthread+0x10/0x10
[   10.634316]  ret_from_fork+0x116/0x1d0
[   10.634334]  ? __pfx_kthread+0x10/0x10
[   10.634354]  ret_from_fork_asm+0x1a/0x30
[   10.634400]  </TASK>
[   10.634413] 
[   10.642535] Allocated by task 174:
[   10.642701]  kasan_save_stack+0x45/0x70
[   10.642943]  kasan_save_track+0x18/0x40
[   10.643198]  kasan_save_alloc_info+0x3b/0x50
[   10.643496]  __kasan_krealloc+0x190/0x1f0
[   10.643706]  krealloc_noprof+0xf3/0x340
[   10.644168]  krealloc_more_oob_helper+0x1a9/0x930
[   10.644437]  krealloc_more_oob+0x1c/0x30
[   10.644621]  kunit_try_run_case+0x1a5/0x480
[   10.644887]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.645224]  kthread+0x337/0x6f0
[   10.645351]  ret_from_fork+0x116/0x1d0
[   10.645496]  ret_from_fork_asm+0x1a/0x30
[   10.645635] 
[   10.645724] The buggy address belongs to the object at ffff888100a37000
[   10.645724]  which belongs to the cache kmalloc-256 of size 256
[   10.646284] The buggy address is located 5 bytes to the right of
[   10.646284]  allocated 235-byte region [ffff888100a37000, ffff888100a370eb)
[   10.646990] 
[   10.647103] The buggy address belongs to the physical page:
[   10.647301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.647713] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.648029] flags: 0x200000000000040(head|node=0|zone=2)
[   10.648477] page_type: f5(slab)
[   10.648662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.649054] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.649473] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.649860] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.650251] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.650567] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.650821] page dumped because: kasan: bad access detected
[   10.651070] 
[   10.651179] Memory state around the buggy address:
[   10.651584]  ffff888100a36f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.651948]  ffff888100a37000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.652283] >ffff888100a37080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.652669]                                                              ^
[   10.653103]  ffff888100a37100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.653532]  ffff888100a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.653903] ==================================================================
[   10.780509] ==================================================================
[   10.781367] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.781739] Write of size 1 at addr ffff888102a060eb by task kunit_try_catch/178
[   10.782144] 
[   10.782253] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.782299] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.782311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.782332] Call Trace:
[   10.782345]  <TASK>
[   10.782362]  dump_stack_lvl+0x73/0xb0
[   10.782401]  print_report+0xd1/0x650
[   10.782423]  ? __virt_addr_valid+0x1db/0x2d0
[   10.782445]  ? krealloc_more_oob_helper+0x821/0x930
[   10.782468]  ? kasan_addr_to_slab+0x11/0xa0
[   10.782488]  ? krealloc_more_oob_helper+0x821/0x930
[   10.782512]  kasan_report+0x141/0x180
[   10.782533]  ? krealloc_more_oob_helper+0x821/0x930
[   10.782561]  __asan_report_store1_noabort+0x1b/0x30
[   10.782581]  krealloc_more_oob_helper+0x821/0x930
[   10.782603]  ? __schedule+0x10cc/0x2b60
[   10.782626]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.782650]  ? finish_task_switch.isra.0+0x153/0x700
[   10.782672]  ? __switch_to+0x47/0xf50
[   10.782697]  ? __schedule+0x10cc/0x2b60
[   10.782729]  ? __pfx_read_tsc+0x10/0x10
[   10.782753]  krealloc_large_more_oob+0x1c/0x30
[   10.782776]  kunit_try_run_case+0x1a5/0x480
[   10.782797]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.782816]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.782840]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.782863]  ? __kthread_parkme+0x82/0x180
[   10.782882]  ? preempt_count_sub+0x50/0x80
[   10.782904]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.782925]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.782948]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.782971]  kthread+0x337/0x6f0
[   10.782989]  ? trace_preempt_on+0x20/0xc0
[   10.783067]  ? __pfx_kthread+0x10/0x10
[   10.783089]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.783111]  ? calculate_sigpending+0x7b/0xa0
[   10.783133]  ? __pfx_kthread+0x10/0x10
[   10.783154]  ret_from_fork+0x116/0x1d0
[   10.783172]  ? __pfx_kthread+0x10/0x10
[   10.783192]  ret_from_fork_asm+0x1a/0x30
[   10.783221]  </TASK>
[   10.783232] 
[   10.790919] The buggy address belongs to the physical page:
[   10.791225] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a04
[   10.791490] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.791967] flags: 0x200000000000040(head|node=0|zone=2)
[   10.792226] page_type: f8(unknown)
[   10.792412] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.792878] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.793225] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.793483] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.793820] head: 0200000000000002 ffffea00040a8101 00000000ffffffff 00000000ffffffff
[   10.794349] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.794614] page dumped because: kasan: bad access detected
[   10.794831] 
[   10.794926] Memory state around the buggy address:
[   10.795168]  ffff888102a05f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.795547]  ffff888102a06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.795889] >ffff888102a06080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.796403]                                                           ^
[   10.796636]  ffff888102a06100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.796936]  ffff888102a06180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.797437] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwLWYXo1r3LJpulqtiW2zsnrb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwLWYXo1r3LJpulqtiW2zsnrb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/bzImage
sha256sum	b09b9976970e4221a2c7611dba5f82a6b21199333e8eaa872d8eeba71513307b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/modules.tar.xz
sha256sum	2494407470591358d825e0a38516dda0affd27e1b84431d2c86d654acedface9

durations

tests

boot	0
kunit	198.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned