lkft/linux-next-master - next-20250529 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

May 29, 2025, 7:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   21.311346] ==================================================================
[   21.311664] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   21.312160] Write of size 1 at addr fff00000c65ea0f0 by task kunit_try_catch/160
[   21.312344] 
[   21.312498] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.312712] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.312778] Hardware name: linux,dummy-virt (DT)
[   21.312856] Call trace:
[   21.312912]  show_stack+0x20/0x38 (C)
[   21.313034]  dump_stack_lvl+0x8c/0xd0
[   21.313157]  print_report+0x118/0x608
[   21.313275]  kasan_report+0xdc/0x128
[   21.313389]  __asan_report_store1_noabort+0x20/0x30
[   21.313972]  krealloc_more_oob_helper+0x5c0/0x678
[   21.315001]  krealloc_large_more_oob+0x20/0x38
[   21.315340]  kunit_try_run_case+0x170/0x3f0
[   21.315500]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.315809]  kthread+0x328/0x630
[   21.316221]  ret_from_fork+0x10/0x20
[   21.316575] 
[   21.316725] The buggy address belongs to the physical page:
[   21.316821] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8
[   21.317231] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.319411] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.319499] page_type: f8(unknown)
[   21.319551] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.319607] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.319661] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.319713] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.319765] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff
[   21.319817] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.319860] page dumped because: kasan: bad access detected
[   21.319894] 
[   21.319915] Memory state around the buggy address:
[   21.319953]  fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.320000]  fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.320046] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.320087]                                                              ^
[   21.320133]  fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.320177]  fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.320220] ==================================================================
[   21.297021] ==================================================================
[   21.297208] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   21.297741] Write of size 1 at addr fff00000c65ea0eb by task kunit_try_catch/160
[   21.298121] 
[   21.298325] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.298994] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.299067] Hardware name: linux,dummy-virt (DT)
[   21.299304] Call trace:
[   21.299485]  show_stack+0x20/0x38 (C)
[   21.299761]  dump_stack_lvl+0x8c/0xd0
[   21.299889]  print_report+0x118/0x608
[   21.300011]  kasan_report+0xdc/0x128
[   21.300123]  __asan_report_store1_noabort+0x20/0x30
[   21.300248]  krealloc_more_oob_helper+0x60c/0x678
[   21.300373]  krealloc_large_more_oob+0x20/0x38
[   21.300507]  kunit_try_run_case+0x170/0x3f0
[   21.300629]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.300761]  kthread+0x328/0x630
[   21.300868]  ret_from_fork+0x10/0x20
[   21.301379] 
[   21.301535] The buggy address belongs to the physical page:
[   21.301628] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065e8
[   21.302009] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.302280] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.302865] page_type: f8(unknown)
[   21.303099] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.303259] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.303561] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.303838] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.304216] head: 0bfffe0000000002 ffffc1ffc3197a01 00000000ffffffff 00000000ffffffff
[   21.304726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.304924] page dumped because: kasan: bad access detected
[   21.305292] 
[   21.305355] Memory state around the buggy address:
[   21.305528]  fff00000c65e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.305777]  fff00000c65ea000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.306017] >fff00000c65ea080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.306140]                                                           ^
[   21.306236]  fff00000c65ea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.306343]  fff00000c65ea180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.306462] ==================================================================
[   21.196693] ==================================================================
[   21.196866] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   21.197021] Write of size 1 at addr fff00000c47294eb by task kunit_try_catch/156
[   21.197149] 
[   21.197243] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.197457] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.197514] Hardware name: linux,dummy-virt (DT)
[   21.197583] Call trace:
[   21.197638]  show_stack+0x20/0x38 (C)
[   21.197797]  dump_stack_lvl+0x8c/0xd0
[   21.197921]  print_report+0x118/0x608
[   21.198030]  kasan_report+0xdc/0x128
[   21.198130]  __asan_report_store1_noabort+0x20/0x30
[   21.198248]  krealloc_more_oob_helper+0x60c/0x678
[   21.198382]  krealloc_more_oob+0x20/0x38
[   21.198513]  kunit_try_run_case+0x170/0x3f0
[   21.198644]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.198776]  kthread+0x328/0x630
[   21.198899]  ret_from_fork+0x10/0x20
[   21.199034] 
[   21.199086] Allocated by task 156:
[   21.199164]  kasan_save_stack+0x3c/0x68
[   21.199303]  kasan_save_track+0x20/0x40
[   21.199413]  kasan_save_alloc_info+0x40/0x58
[   21.199510]  __kasan_krealloc+0x118/0x178
[   21.199599]  krealloc_noprof+0x128/0x360
[   21.199680]  krealloc_more_oob_helper+0x168/0x678
[   21.199755]  krealloc_more_oob+0x20/0x38
[   21.199873]  kunit_try_run_case+0x170/0x3f0
[   21.200203]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.200386]  kthread+0x328/0x630
[   21.200485]  ret_from_fork+0x10/0x20
[   21.200575] 
[   21.200628] The buggy address belongs to the object at fff00000c4729400
[   21.200628]  which belongs to the cache kmalloc-256 of size 256
[   21.200966] The buggy address is located 0 bytes to the right of
[   21.200966]  allocated 235-byte region [fff00000c4729400, fff00000c47294eb)
[   21.201117] 
[   21.201173] The buggy address belongs to the physical page:
[   21.201253] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728
[   21.201385] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.201930] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.202706] page_type: f5(slab)
[   21.203049] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.203705] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.203894] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.204128] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.204310] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff
[   21.204797] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.204979] page dumped because: kasan: bad access detected
[   21.205061] 
[   21.205502] Memory state around the buggy address:
[   21.205669]  fff00000c4729380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.205893]  fff00000c4729400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.206352] >fff00000c4729480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.206472]                                                           ^
[   21.206563]  fff00000c4729500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.206646]  fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.206729] ==================================================================
[   21.209049] ==================================================================
[   21.209166] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   21.209601] Write of size 1 at addr fff00000c47294f0 by task kunit_try_catch/156
[   21.209858] 
[   21.210247] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT 
[   21.210628] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.210701] Hardware name: linux,dummy-virt (DT)
[   21.210850] Call trace:
[   21.210905]  show_stack+0x20/0x38 (C)
[   21.211289]  dump_stack_lvl+0x8c/0xd0
[   21.211483]  print_report+0x118/0x608
[   21.211685]  kasan_report+0xdc/0x128
[   21.211889]  __asan_report_store1_noabort+0x20/0x30
[   21.212138]  krealloc_more_oob_helper+0x5c0/0x678
[   21.212420]  krealloc_more_oob+0x20/0x38
[   21.212992]  kunit_try_run_case+0x170/0x3f0
[   21.213149]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.213279]  kthread+0x328/0x630
[   21.213385]  ret_from_fork+0x10/0x20
[   21.213523] 
[   21.213569] Allocated by task 156:
[   21.213638]  kasan_save_stack+0x3c/0x68
[   21.214414]  kasan_save_track+0x20/0x40
[   21.214512]  kasan_save_alloc_info+0x40/0x58
[   21.214556]  __kasan_krealloc+0x118/0x178
[   21.214599]  krealloc_noprof+0x128/0x360
[   21.214641]  krealloc_more_oob_helper+0x168/0x678
[   21.214685]  krealloc_more_oob+0x20/0x38
[   21.214724]  kunit_try_run_case+0x170/0x3f0
[   21.214766]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.214813]  kthread+0x328/0x630
[   21.214865]  ret_from_fork+0x10/0x20
[   21.214906] 
[   21.214935] The buggy address belongs to the object at fff00000c4729400
[   21.214935]  which belongs to the cache kmalloc-256 of size 256
[   21.215001] The buggy address is located 5 bytes to the right of
[   21.215001]  allocated 235-byte region [fff00000c4729400, fff00000c47294eb)
[   21.215069] 
[   21.215094] The buggy address belongs to the physical page:
[   21.215132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104728
[   21.215192] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.215243] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.215305] page_type: f5(slab)
[   21.215353] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.215446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.215576] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.215688] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.215783] head: 0bfffe0000000001 ffffc1ffc311ca01 00000000ffffffff 00000000ffffffff
[   21.215889] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.215986] page dumped because: kasan: bad access detected
[   21.216065] 
[   21.216112] Memory state around the buggy address:
[   21.216191]  fff00000c4729380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.216298]  fff00000c4729400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.216418] >fff00000c4729480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.216520]                                                              ^
[   21.216627]  fff00000c4729500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.216753]  fff00000c4729580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.216893] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xlB4GuTqktDwlee71Jnb1NJfRI

job_id

TEST:linaro@lkft#2xlB9kSwL581IJhu7BHNzCfQT8M

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xlB9kSwL581IJhu7BHNzCfQT8M

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB5itkvUcoORKx6U0GB9mAQ6f/Image.gz
sha256sum	27519c64f4a22ec72b96feedf830a0a926ae1ffcb90bd853992b3cfb83707592

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB5itkvUcoORKx6U0GB9mAQ6f/modules.tar.xz
sha256sum	b608f80e2ffe2d76ee59982bb5280be82af49763b122cef01f6e5492f96dd429

durations

tests

boot	0
kunit	310.48

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.492924] ==================================================================
[   10.493355] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.493605] Write of size 1 at addr ffff888100a1daeb by task kunit_try_catch/173
[   10.493862] 
[   10.493950] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.493993] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.494005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.494024] Call Trace:
[   10.494036]  <TASK>
[   10.494050]  dump_stack_lvl+0x73/0xb0
[   10.494076]  print_report+0xd1/0x650
[   10.494097]  ? __virt_addr_valid+0x1db/0x2d0
[   10.494119]  ? krealloc_more_oob_helper+0x821/0x930
[   10.494142]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.494164]  ? krealloc_more_oob_helper+0x821/0x930
[   10.494188]  kasan_report+0x141/0x180
[   10.494210]  ? krealloc_more_oob_helper+0x821/0x930
[   10.494238]  __asan_report_store1_noabort+0x1b/0x30
[   10.494258]  krealloc_more_oob_helper+0x821/0x930
[   10.494280]  ? __schedule+0x10cc/0x2b60
[   10.494303]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.494327]  ? finish_task_switch.isra.0+0x153/0x700
[   10.494348]  ? __switch_to+0x47/0xf50
[   10.494373]  ? __schedule+0x10cc/0x2b60
[   10.494395]  ? __pfx_read_tsc+0x10/0x10
[   10.494418]  krealloc_more_oob+0x1c/0x30
[   10.494440]  kunit_try_run_case+0x1a5/0x480
[   10.494460]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.494479]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.494503]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.494526]  ? __kthread_parkme+0x82/0x180
[   10.494553]  ? preempt_count_sub+0x50/0x80
[   10.494575]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.494595]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.494934]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.494965]  kthread+0x337/0x6f0
[   10.494986]  ? trace_preempt_on+0x20/0xc0
[   10.495010]  ? __pfx_kthread+0x10/0x10
[   10.495030]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.495217]  ? calculate_sigpending+0x7b/0xa0
[   10.495258]  ? __pfx_kthread+0x10/0x10
[   10.495282]  ret_from_fork+0x116/0x1d0
[   10.495301]  ? __pfx_kthread+0x10/0x10
[   10.495322]  ret_from_fork_asm+0x1a/0x30
[   10.495355]  </TASK>
[   10.495365] 
[   10.512367] Allocated by task 173:
[   10.512512]  kasan_save_stack+0x45/0x70
[   10.512690]  kasan_save_track+0x18/0x40
[   10.512951]  kasan_save_alloc_info+0x3b/0x50
[   10.513160]  __kasan_krealloc+0x190/0x1f0
[   10.513383]  krealloc_noprof+0xf3/0x340
[   10.513575]  krealloc_more_oob_helper+0x1a9/0x930
[   10.513836]  krealloc_more_oob+0x1c/0x30
[   10.513990]  kunit_try_run_case+0x1a5/0x480
[   10.514139]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.514401]  kthread+0x337/0x6f0
[   10.514582]  ret_from_fork+0x116/0x1d0
[   10.515572]  ret_from_fork_asm+0x1a/0x30
[   10.515787] 
[   10.516108] The buggy address belongs to the object at ffff888100a1da00
[   10.516108]  which belongs to the cache kmalloc-256 of size 256
[   10.516681] The buggy address is located 0 bytes to the right of
[   10.516681]  allocated 235-byte region [ffff888100a1da00, ffff888100a1daeb)
[   10.517777] 
[   10.517953] The buggy address belongs to the physical page:
[   10.518188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   10.518668] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.519185] flags: 0x200000000000040(head|node=0|zone=2)
[   10.519514] page_type: f5(slab)
[   10.519663] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.520271] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.520627] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.521092] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.521488] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   10.521986] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.522322] page dumped because: kasan: bad access detected
[   10.522569] 
[   10.522670] Memory state around the buggy address:
[   10.523212]  ffff888100a1d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.523503]  ffff888100a1da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.523938] >ffff888100a1da80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.524381]                                                           ^
[   10.524692]  ffff888100a1db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.525221]  ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.525575] ==================================================================
[   10.661142] ==================================================================
[   10.661620] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.661924] Write of size 1 at addr ffff8881039560eb by task kunit_try_catch/177
[   10.662508] 
[   10.662635] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.662680] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.662693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.662713] Call Trace:
[   10.662725]  <TASK>
[   10.662738]  dump_stack_lvl+0x73/0xb0
[   10.662779]  print_report+0xd1/0x650
[   10.662802]  ? __virt_addr_valid+0x1db/0x2d0
[   10.662825]  ? krealloc_more_oob_helper+0x821/0x930
[   10.662849]  ? kasan_addr_to_slab+0x11/0xa0
[   10.662869]  ? krealloc_more_oob_helper+0x821/0x930
[   10.662894]  kasan_report+0x141/0x180
[   10.662916]  ? krealloc_more_oob_helper+0x821/0x930
[   10.662945]  __asan_report_store1_noabort+0x1b/0x30
[   10.662968]  krealloc_more_oob_helper+0x821/0x930
[   10.662992]  ? __schedule+0x10cc/0x2b60
[   10.663017]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.663042]  ? finish_task_switch.isra.0+0x153/0x700
[   10.663064]  ? __switch_to+0x47/0xf50
[   10.663090]  ? __schedule+0x10cc/0x2b60
[   10.663113]  ? __pfx_read_tsc+0x10/0x10
[   10.663138]  krealloc_large_more_oob+0x1c/0x30
[   10.663161]  kunit_try_run_case+0x1a5/0x480
[   10.663182]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.663202]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.663227]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.663251]  ? __kthread_parkme+0x82/0x180
[   10.663272]  ? preempt_count_sub+0x50/0x80
[   10.663294]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.663315]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.663339]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.663363]  kthread+0x337/0x6f0
[   10.663382]  ? trace_preempt_on+0x20/0xc0
[   10.663405]  ? __pfx_kthread+0x10/0x10
[   10.663452]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.663475]  ? calculate_sigpending+0x7b/0xa0
[   10.663499]  ? __pfx_kthread+0x10/0x10
[   10.663521]  ret_from_fork+0x116/0x1d0
[   10.663540]  ? __pfx_kthread+0x10/0x10
[   10.663560]  ret_from_fork_asm+0x1a/0x30
[   10.663590]  </TASK>
[   10.663600] 
[   10.671968] The buggy address belongs to the physical page:
[   10.672248] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103954
[   10.672575] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.672842] flags: 0x200000000000040(head|node=0|zone=2)
[   10.673175] page_type: f8(unknown)
[   10.673363] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.673779] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.674067] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.674305] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.674626] head: 0200000000000002 ffffea00040e5501 00000000ffffffff 00000000ffffffff
[   10.674973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.675474] page dumped because: kasan: bad access detected
[   10.675673] 
[   10.675799] Memory state around the buggy address:
[   10.676302]  ffff888103955f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.676637]  ffff888103956000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.676995] >ffff888103956080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.677295]                                                           ^
[   10.677556]  ffff888103956100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.677991]  ffff888103956180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.678238] ==================================================================
[   10.526773] ==================================================================
[   10.527192] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.527683] Write of size 1 at addr ffff888100a1daf0 by task kunit_try_catch/173
[   10.528346] 
[   10.528459] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.528504] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.528516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.528537] Call Trace:
[   10.528549]  <TASK>
[   10.528563]  dump_stack_lvl+0x73/0xb0
[   10.528589]  print_report+0xd1/0x650
[   10.528624]  ? __virt_addr_valid+0x1db/0x2d0
[   10.528647]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.528670]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.528692]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.528717]  kasan_report+0x141/0x180
[   10.528739]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.528767]  __asan_report_store1_noabort+0x1b/0x30
[   10.528789]  krealloc_more_oob_helper+0x7eb/0x930
[   10.528812]  ? __schedule+0x10cc/0x2b60
[   10.528835]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.528859]  ? finish_task_switch.isra.0+0x153/0x700
[   10.528880]  ? __switch_to+0x47/0xf50
[   10.528905]  ? __schedule+0x10cc/0x2b60
[   10.528928]  ? __pfx_read_tsc+0x10/0x10
[   10.528950]  krealloc_more_oob+0x1c/0x30
[   10.528972]  kunit_try_run_case+0x1a5/0x480
[   10.528993]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.529013]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.529036]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.529060]  ? __kthread_parkme+0x82/0x180
[   10.529080]  ? preempt_count_sub+0x50/0x80
[   10.529102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.529123]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.529147]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.529171]  kthread+0x337/0x6f0
[   10.529190]  ? trace_preempt_on+0x20/0xc0
[   10.529212]  ? __pfx_kthread+0x10/0x10
[   10.529232]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.529254]  ? calculate_sigpending+0x7b/0xa0
[   10.529277]  ? __pfx_kthread+0x10/0x10
[   10.529298]  ret_from_fork+0x116/0x1d0
[   10.529316]  ? __pfx_kthread+0x10/0x10
[   10.529336]  ret_from_fork_asm+0x1a/0x30
[   10.529366]  </TASK>
[   10.529376] 
[   10.538051] Allocated by task 173:
[   10.538242]  kasan_save_stack+0x45/0x70
[   10.538420]  kasan_save_track+0x18/0x40
[   10.538641]  kasan_save_alloc_info+0x3b/0x50
[   10.538919]  __kasan_krealloc+0x190/0x1f0
[   10.539091]  krealloc_noprof+0xf3/0x340
[   10.539230]  krealloc_more_oob_helper+0x1a9/0x930
[   10.539395]  krealloc_more_oob+0x1c/0x30
[   10.539574]  kunit_try_run_case+0x1a5/0x480
[   10.539790]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.540050]  kthread+0x337/0x6f0
[   10.540229]  ret_from_fork+0x116/0x1d0
[   10.540585]  ret_from_fork_asm+0x1a/0x30
[   10.540764] 
[   10.540862] The buggy address belongs to the object at ffff888100a1da00
[   10.540862]  which belongs to the cache kmalloc-256 of size 256
[   10.541339] The buggy address is located 5 bytes to the right of
[   10.541339]  allocated 235-byte region [ffff888100a1da00, ffff888100a1daeb)
[   10.542131] 
[   10.542246] The buggy address belongs to the physical page:
[   10.542442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c
[   10.542967] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.543268] flags: 0x200000000000040(head|node=0|zone=2)
[   10.543492] page_type: f5(slab)
[   10.543626] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.543868] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.544205] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.544600] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.544866] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff
[   10.545103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.545601] page dumped because: kasan: bad access detected
[   10.546131] 
[   10.546243] Memory state around the buggy address:
[   10.546478]  ffff888100a1d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.546970]  ffff888100a1da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.547232] >ffff888100a1da80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.547530]                                                              ^
[   10.547896]  ffff888100a1db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.548131]  ffff888100a1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.548404] ==================================================================
[   10.678650] ==================================================================
[   10.679046] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.679368] Write of size 1 at addr ffff8881039560f0 by task kunit_try_catch/177
[   10.679710] 
[   10.679812] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250529 #1 PREEMPT(voluntary) 
[   10.679855] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.679867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.679886] Call Trace:
[   10.679900]  <TASK>
[   10.679914]  dump_stack_lvl+0x73/0xb0
[   10.679938]  print_report+0xd1/0x650
[   10.679960]  ? __virt_addr_valid+0x1db/0x2d0
[   10.679982]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.680005]  ? kasan_addr_to_slab+0x11/0xa0
[   10.680026]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.680050]  kasan_report+0x141/0x180
[   10.680073]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.680101]  __asan_report_store1_noabort+0x1b/0x30
[   10.680122]  krealloc_more_oob_helper+0x7eb/0x930
[   10.680145]  ? __schedule+0x10cc/0x2b60
[   10.680168]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.680193]  ? finish_task_switch.isra.0+0x153/0x700
[   10.680215]  ? __switch_to+0x47/0xf50
[   10.680240]  ? __schedule+0x10cc/0x2b60
[   10.680263]  ? __pfx_read_tsc+0x10/0x10
[   10.680286]  krealloc_large_more_oob+0x1c/0x30
[   10.680309]  kunit_try_run_case+0x1a5/0x480
[   10.680330]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.680349]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.680372]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.680396]  ? __kthread_parkme+0x82/0x180
[   10.680416]  ? preempt_count_sub+0x50/0x80
[   10.680439]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.680460]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.680483]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.680507]  kthread+0x337/0x6f0
[   10.680527]  ? trace_preempt_on+0x20/0xc0
[   10.680549]  ? __pfx_kthread+0x10/0x10
[   10.680569]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.680591]  ? calculate_sigpending+0x7b/0xa0
[   10.680791]  ? __pfx_kthread+0x10/0x10
[   10.680822]  ret_from_fork+0x116/0x1d0
[   10.680844]  ? __pfx_kthread+0x10/0x10
[   10.680866]  ret_from_fork_asm+0x1a/0x30
[   10.680898]  </TASK>
[   10.680909] 
[   10.689477] The buggy address belongs to the physical page:
[   10.689729] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103954
[   10.690214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.690522] flags: 0x200000000000040(head|node=0|zone=2)
[   10.690775] page_type: f8(unknown)
[   10.690953] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.691189] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.691502] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.691855] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.692349] head: 0200000000000002 ffffea00040e5501 00000000ffffffff 00000000ffffffff
[   10.692683] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.692972] page dumped because: kasan: bad access detected
[   10.693268] 
[   10.693363] Memory state around the buggy address:
[   10.693523]  ffff888103955f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.693831]  ffff888103956000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.694320] >ffff888103956080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.694649]                                                              ^
[   10.694972]  ffff888103956100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.695239]  ffff888103956180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.695559] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xlB4GuTqktDwlee71Jnb1NJfRI

job_id

TEST:linaro@lkft#2xlBAyWnEAFxkkNPj7qJWrTtgaT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xlBAyWnEAFxkkNPj7qJWrTtgaT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB7JyggRDdiWlLTNR3RGHKw4x/bzImage
sha256sum	813ee3b065558370ed659c97e0f76fa13c53689c6a88e9ed6ce06540be4fba08

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xlB7JyggRDdiWlLTNR3RGHKw4x/modules.tar.xz
sha256sum	d821f741da2dacad362fb409ee36ce859b32a19bbacfcc6c2f316531b9b4ec5f

durations

tests

boot	0
kunit	207.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned