lkft/linux-next-master - next-20250605 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 5, 2025, 7:08 a.m.

Environment
qemu-arm64
qemu-x86_64

[   24.947072] ==================================================================
[   24.947177] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   24.947473] Write of size 1 at addr fff00000c77d60f0 by task kunit_try_catch/160
[   24.947646] 
[   24.947719] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.947915] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.947990] Hardware name: linux,dummy-virt (DT)
[   24.948123] Call trace:
[   24.948232]  show_stack+0x20/0x38 (C)
[   24.948402]  dump_stack_lvl+0x8c/0xd0
[   24.948541]  print_report+0x118/0x608
[   24.948692]  kasan_report+0xdc/0x128
[   24.948902]  __asan_report_store1_noabort+0x20/0x30
[   24.949117]  krealloc_more_oob_helper+0x5c0/0x678
[   24.949350]  krealloc_large_more_oob+0x20/0x38
[   24.949550]  kunit_try_run_case+0x170/0x3f0
[   24.949675]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.949808]  kthread+0x328/0x630
[   24.949910]  ret_from_fork+0x10/0x20
[   24.950028] 
[   24.950080] The buggy address belongs to the physical page:
[   24.950156] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d4
[   24.950281] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.950433] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.950622] page_type: f8(unknown)
[   24.950762] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.950937] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.951284] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.951542] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.951664] head: 0bfffe0000000002 ffffc1ffc31df501 00000000ffffffff 00000000ffffffff
[   24.951957] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.952062] page dumped because: kasan: bad access detected
[   24.952138] 
[   24.952185] Memory state around the buggy address:
[   24.952259]  fff00000c77d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.952381]  fff00000c77d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.952494] >fff00000c77d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.952753]                                                              ^
[   24.952852]  fff00000c77d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.952955]  fff00000c77d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.953080] ==================================================================
[   24.812431] ==================================================================
[   24.812528] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   24.812635] Write of size 1 at addr fff00000c19db4f0 by task kunit_try_catch/156
[   24.812757] 
[   24.812826] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.813018] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.813080] Hardware name: linux,dummy-virt (DT)
[   24.813151] Call trace:
[   24.813198]  show_stack+0x20/0x38 (C)
[   24.813320]  dump_stack_lvl+0x8c/0xd0
[   24.813454]  print_report+0x118/0x608
[   24.813565]  kasan_report+0xdc/0x128
[   24.813691]  __asan_report_store1_noabort+0x20/0x30
[   24.813813]  krealloc_more_oob_helper+0x5c0/0x678
[   24.813937]  krealloc_more_oob+0x20/0x38
[   24.814048]  kunit_try_run_case+0x170/0x3f0
[   24.814159]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.814284]  kthread+0x328/0x630
[   24.814410]  ret_from_fork+0x10/0x20
[   24.814544] 
[   24.814783] Allocated by task 156:
[   24.815135]  kasan_save_stack+0x3c/0x68
[   24.815255]  kasan_save_track+0x20/0x40
[   24.815448]  kasan_save_alloc_info+0x40/0x58
[   24.815853]  __kasan_krealloc+0x118/0x178
[   24.815973]  krealloc_noprof+0x128/0x360
[   24.816082]  krealloc_more_oob_helper+0x168/0x678
[   24.816198]  krealloc_more_oob+0x20/0x38
[   24.816402]  kunit_try_run_case+0x170/0x3f0
[   24.816677]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.816935]  kthread+0x328/0x630
[   24.817070]  ret_from_fork+0x10/0x20
[   24.817349] 
[   24.817454] The buggy address belongs to the object at fff00000c19db400
[   24.817454]  which belongs to the cache kmalloc-256 of size 256
[   24.817637] The buggy address is located 5 bytes to the right of
[   24.817637]  allocated 235-byte region [fff00000c19db400, fff00000c19db4eb)
[   24.817800] 
[   24.817860] The buggy address belongs to the physical page:
[   24.818073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da
[   24.818201] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.818320] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.818525] page_type: f5(slab)
[   24.818634] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.818773] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.818984] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.819999] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.820231] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff
[   24.820695] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.820798] page dumped because: kasan: bad access detected
[   24.822020] 
[   24.822358] Memory state around the buggy address:
[   24.822455]  fff00000c19db380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.822561]  fff00000c19db400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.823874] >fff00000c19db480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.823994]                                                              ^
[   24.824092]  fff00000c19db500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.824150]  fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.824199] ==================================================================
[   24.797947] ==================================================================
[   24.798154] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   24.798420] Write of size 1 at addr fff00000c19db4eb by task kunit_try_catch/156
[   24.798683] 
[   24.798800] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.799122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.799198] Hardware name: linux,dummy-virt (DT)
[   24.799388] Call trace:
[   24.799532]  show_stack+0x20/0x38 (C)
[   24.799661]  dump_stack_lvl+0x8c/0xd0
[   24.799784]  print_report+0x118/0x608
[   24.800053]  kasan_report+0xdc/0x128
[   24.800202]  __asan_report_store1_noabort+0x20/0x30
[   24.800678]  krealloc_more_oob_helper+0x60c/0x678
[   24.800828]  krealloc_more_oob+0x20/0x38
[   24.800981]  kunit_try_run_case+0x170/0x3f0
[   24.801211]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.801378]  kthread+0x328/0x630
[   24.801530]  ret_from_fork+0x10/0x20
[   24.801751] 
[   24.801845] Allocated by task 156:
[   24.801914]  kasan_save_stack+0x3c/0x68
[   24.802044]  kasan_save_track+0x20/0x40
[   24.802319]  kasan_save_alloc_info+0x40/0x58
[   24.802961]  __kasan_krealloc+0x118/0x178
[   24.803097]  krealloc_noprof+0x128/0x360
[   24.803204]  krealloc_more_oob_helper+0x168/0x678
[   24.803397]  krealloc_more_oob+0x20/0x38
[   24.803503]  kunit_try_run_case+0x170/0x3f0
[   24.803599]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.803721]  kthread+0x328/0x630
[   24.804026]  ret_from_fork+0x10/0x20
[   24.804359] 
[   24.804535] The buggy address belongs to the object at fff00000c19db400
[   24.804535]  which belongs to the cache kmalloc-256 of size 256
[   24.804795] The buggy address is located 0 bytes to the right of
[   24.804795]  allocated 235-byte region [fff00000c19db400, fff00000c19db4eb)
[   24.805045] 
[   24.805115] The buggy address belongs to the physical page:
[   24.805197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019da
[   24.805641] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.805928] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.806320] page_type: f5(slab)
[   24.806429] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.807627] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.808087] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.808272] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.808443] head: 0bfffe0000000001 ffffc1ffc3067681 00000000ffffffff 00000000ffffffff
[   24.808566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.808722] page dumped because: kasan: bad access detected
[   24.808888] 
[   24.808933] Memory state around the buggy address:
[   24.809068]  fff00000c19db380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.809398]  fff00000c19db400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.809583] >fff00000c19db480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.809708]                                                           ^
[   24.809978]  fff00000c19db500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.810084]  fff00000c19db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.810176] ==================================================================
[   24.935095] ==================================================================
[   24.935221] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   24.935372] Write of size 1 at addr fff00000c77d60eb by task kunit_try_catch/160
[   24.935872] 
[   24.936109] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.936365] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.936439] Hardware name: linux,dummy-virt (DT)
[   24.936910] Call trace:
[   24.937165]  show_stack+0x20/0x38 (C)
[   24.937315]  dump_stack_lvl+0x8c/0xd0
[   24.937676]  print_report+0x118/0x608
[   24.937964]  kasan_report+0xdc/0x128
[   24.938131]  __asan_report_store1_noabort+0x20/0x30
[   24.938488]  krealloc_more_oob_helper+0x60c/0x678
[   24.938803]  krealloc_large_more_oob+0x20/0x38
[   24.938971]  kunit_try_run_case+0x170/0x3f0
[   24.939093]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.939232]  kthread+0x328/0x630
[   24.939476]  ret_from_fork+0x10/0x20
[   24.940430] 
[   24.940502] The buggy address belongs to the physical page:
[   24.940581] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d4
[   24.940715] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.940829] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.940958] page_type: f8(unknown)
[   24.941075] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.941527] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.941761] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.942174] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.942324] head: 0bfffe0000000002 ffffc1ffc31df501 00000000ffffffff 00000000ffffffff
[   24.942472] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.942694] page dumped because: kasan: bad access detected
[   24.942778] 
[   24.943250] Memory state around the buggy address:
[   24.943541]  fff00000c77d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.943747]  fff00000c77d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.943926] >fff00000c77d6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.944291]                                                           ^
[   24.944461]  fff00000c77d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.944819]  fff00000c77d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.945479] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2y4wfFFz5evLcuglEi0lZhHSzNe

job_id

TEST:linaro@lkft#2y4wjowvqrWW4OmAKc8rw3ym5sm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2y4wjowvqrWW4OmAKc8rw3ym5sm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4wgQN6czqm2PQVcU8FNdjsVN5/Image.gz
sha256sum	1b2f5b47cb4b601221e74af41b134f90082aa5ee3e601e5e72d092f948866699

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4wgQN6czqm2PQVcU8FNdjsVN5/modules.tar.xz
sha256sum	3d8bdbd3d2915b5fde20d97ab030d3ad2e77aa77d3254354a85ea96acf7b3f33

durations

tests

boot	0
kunit	292.94

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.974220] ==================================================================
[   10.974653] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.975201] Write of size 1 at addr ffff8881003526eb by task kunit_try_catch/173
[   10.975484] 
[   10.975593] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   10.975634] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.975645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.975664] Call Trace:
[   10.975673]  <TASK>
[   10.975686]  dump_stack_lvl+0x73/0xb0
[   10.975710]  print_report+0xd1/0x650
[   10.975731]  ? __virt_addr_valid+0x1db/0x2d0
[   10.975752]  ? krealloc_more_oob_helper+0x821/0x930
[   10.975775]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.975797]  ? krealloc_more_oob_helper+0x821/0x930
[   10.975821]  kasan_report+0x141/0x180
[   10.975868]  ? krealloc_more_oob_helper+0x821/0x930
[   10.975908]  __asan_report_store1_noabort+0x1b/0x30
[   10.975929]  krealloc_more_oob_helper+0x821/0x930
[   10.975951]  ? __schedule+0x10cc/0x2b60
[   10.975973]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.975999]  ? __kasan_check_write+0x18/0x20
[   10.976018]  ? queued_spin_lock_slowpath+0x116/0xb40
[   10.976043]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   10.976068]  ? __pfx_read_tsc+0x10/0x10
[   10.976091]  krealloc_more_oob+0x1c/0x30
[   10.976112]  kunit_try_run_case+0x1a5/0x480
[   10.976132]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.976152]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   10.976175]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.976198]  ? __kthread_parkme+0x82/0x180
[   10.976218]  ? preempt_count_sub+0x50/0x80
[   10.976240]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.976260]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.976283]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.976307]  kthread+0x337/0x6f0
[   10.976325]  ? trace_preempt_on+0x20/0xc0
[   10.976347]  ? __pfx_kthread+0x10/0x10
[   10.976366]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.976388]  ? calculate_sigpending+0x7b/0xa0
[   10.976411]  ? __pfx_kthread+0x10/0x10
[   10.976431]  ret_from_fork+0x116/0x1d0
[   10.976456]  ? __pfx_kthread+0x10/0x10
[   10.976475]  ret_from_fork_asm+0x1a/0x30
[   10.976505]  </TASK>
[   10.976514] 
[   10.984454] Allocated by task 173:
[   10.984615]  kasan_save_stack+0x45/0x70
[   10.984831]  kasan_save_track+0x18/0x40
[   10.985033]  kasan_save_alloc_info+0x3b/0x50
[   10.985334]  __kasan_krealloc+0x190/0x1f0
[   10.985748]  krealloc_noprof+0xf3/0x340
[   10.985998]  krealloc_more_oob_helper+0x1a9/0x930
[   10.986177]  krealloc_more_oob+0x1c/0x30
[   10.986331]  kunit_try_run_case+0x1a5/0x480
[   10.986535]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.986814]  kthread+0x337/0x6f0
[   10.986946]  ret_from_fork+0x116/0x1d0
[   10.987078]  ret_from_fork_asm+0x1a/0x30
[   10.987215] 
[   10.987285] The buggy address belongs to the object at ffff888100352600
[   10.987285]  which belongs to the cache kmalloc-256 of size 256
[   10.987836] The buggy address is located 0 bytes to the right of
[   10.987836]  allocated 235-byte region [ffff888100352600, ffff8881003526eb)
[   10.988552] 
[   10.988627] The buggy address belongs to the physical page:
[   10.988875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   10.989155] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.989381] flags: 0x200000000000040(head|node=0|zone=2)
[   10.989966] page_type: f5(slab)
[   10.990141] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.990502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.991097] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.991384] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.991775] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   10.992019] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.992261] page dumped because: kasan: bad access detected
[   10.992513] 
[   10.992609] Memory state around the buggy address:
[   10.992844]  ffff888100352580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.993175]  ffff888100352600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.993450] >ffff888100352680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.993663]                                                           ^
[   10.993912]  ffff888100352700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.994235]  ffff888100352780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.994556] ==================================================================
[   11.198101] ==================================================================
[   11.198338] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.198577] Write of size 1 at addr ffff88810241a0f0 by task kunit_try_catch/177
[   11.199182] 
[   11.199382] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.199423] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.199433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.199453] Call Trace:
[   11.199463]  <TASK>
[   11.199476]  dump_stack_lvl+0x73/0xb0
[   11.199500]  print_report+0xd1/0x650
[   11.199521]  ? __virt_addr_valid+0x1db/0x2d0
[   11.199542]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.199565]  ? kasan_addr_to_slab+0x11/0xa0
[   11.199585]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.199609]  kasan_report+0x141/0x180
[   11.199644]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.199672]  __asan_report_store1_noabort+0x1b/0x30
[   11.199692]  krealloc_more_oob_helper+0x7eb/0x930
[   11.199713]  ? __schedule+0x10cc/0x2b60
[   11.199736]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.199759]  ? finish_task_switch.isra.0+0x153/0x700
[   11.199780]  ? __switch_to+0x47/0xf50
[   11.199804]  ? __schedule+0x10cc/0x2b60
[   11.199825]  ? __pfx_read_tsc+0x10/0x10
[   11.199848]  krealloc_large_more_oob+0x1c/0x30
[   11.199870]  kunit_try_run_case+0x1a5/0x480
[   11.199890]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.199918]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.199942]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.199965]  ? __kthread_parkme+0x82/0x180
[   11.199984]  ? preempt_count_sub+0x50/0x80
[   11.200006]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.200026]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.200049]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.200072]  kthread+0x337/0x6f0
[   11.200090]  ? trace_preempt_on+0x20/0xc0
[   11.200111]  ? __pfx_kthread+0x10/0x10
[   11.200131]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.200153]  ? calculate_sigpending+0x7b/0xa0
[   11.200176]  ? __pfx_kthread+0x10/0x10
[   11.200196]  ret_from_fork+0x116/0x1d0
[   11.200214]  ? __pfx_kthread+0x10/0x10
[   11.200233]  ret_from_fork_asm+0x1a/0x30
[   11.200272]  </TASK>
[   11.200281] 
[   11.213885] The buggy address belongs to the physical page:
[   11.214386] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102418
[   11.214653] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.214972] flags: 0x200000000000040(head|node=0|zone=2)
[   11.215341] page_type: f8(unknown)
[   11.215520] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.215809] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.216186] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.216488] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.216928] head: 0200000000000002 ffffea0004090601 00000000ffffffff 00000000ffffffff
[   11.217322] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.217617] page dumped because: kasan: bad access detected
[   11.217807] 
[   11.217876] Memory state around the buggy address:
[   11.218107]  ffff888102419f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.218706]  ffff88810241a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.218979] >ffff88810241a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.219304]                                                              ^
[   11.219573]  ffff88810241a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.219939]  ffff88810241a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.220322] ==================================================================
[   10.995030] ==================================================================
[   10.995392] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.995709] Write of size 1 at addr ffff8881003526f0 by task kunit_try_catch/173
[   10.996006] 
[   10.996086] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   10.996127] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.996137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.996156] Call Trace:
[   10.996170]  <TASK>
[   10.996183]  dump_stack_lvl+0x73/0xb0
[   10.996206]  print_report+0xd1/0x650
[   10.996226]  ? __virt_addr_valid+0x1db/0x2d0
[   10.996248]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.996271]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.996293]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.996317]  kasan_report+0x141/0x180
[   10.996521]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.996557]  __asan_report_store1_noabort+0x1b/0x30
[   10.996577]  krealloc_more_oob_helper+0x7eb/0x930
[   10.996600]  ? __schedule+0x10cc/0x2b60
[   10.996623]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.996648]  ? __kasan_check_write+0x18/0x20
[   10.996667]  ? queued_spin_lock_slowpath+0x116/0xb40
[   10.996693]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   10.996718]  ? __pfx_read_tsc+0x10/0x10
[   10.996742]  krealloc_more_oob+0x1c/0x30
[   10.996763]  kunit_try_run_case+0x1a5/0x480
[   10.996793]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.996812]  ? _raw_spin_lock_irqsave+0xf9/0x100
[   10.996835]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.996858]  ? __kthread_parkme+0x82/0x180
[   10.996878]  ? preempt_count_sub+0x50/0x80
[   10.996915]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.996935]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.996959]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.996983]  kthread+0x337/0x6f0
[   10.997001]  ? trace_preempt_on+0x20/0xc0
[   10.997022]  ? __pfx_kthread+0x10/0x10
[   10.997046]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.997069]  ? calculate_sigpending+0x7b/0xa0
[   10.997091]  ? __pfx_kthread+0x10/0x10
[   10.997112]  ret_from_fork+0x116/0x1d0
[   10.997130]  ? __pfx_kthread+0x10/0x10
[   10.997150]  ret_from_fork_asm+0x1a/0x30
[   10.997180]  </TASK>
[   10.997189] 
[   11.005924] Allocated by task 173:
[   11.006159]  kasan_save_stack+0x45/0x70
[   11.006339]  kasan_save_track+0x18/0x40
[   11.006507]  kasan_save_alloc_info+0x3b/0x50
[   11.006722]  __kasan_krealloc+0x190/0x1f0
[   11.006933]  krealloc_noprof+0xf3/0x340
[   11.007150]  krealloc_more_oob_helper+0x1a9/0x930
[   11.007340]  krealloc_more_oob+0x1c/0x30
[   11.007478]  kunit_try_run_case+0x1a5/0x480
[   11.007620]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.007874]  kthread+0x337/0x6f0
[   11.008112]  ret_from_fork+0x116/0x1d0
[   11.008302]  ret_from_fork_asm+0x1a/0x30
[   11.008505] 
[   11.008592] The buggy address belongs to the object at ffff888100352600
[   11.008592]  which belongs to the cache kmalloc-256 of size 256
[   11.009289] The buggy address is located 5 bytes to the right of
[   11.009289]  allocated 235-byte region [ffff888100352600, ffff8881003526eb)
[   11.009659] 
[   11.009755] The buggy address belongs to the physical page:
[   11.010177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   11.010543] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.010857] flags: 0x200000000000040(head|node=0|zone=2)
[   11.011148] page_type: f5(slab)
[   11.011297] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.011526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.012006] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.012309] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.012538] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   11.012903] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.013363] page dumped because: kasan: bad access detected
[   11.013546] 
[   11.013616] Memory state around the buggy address:
[   11.013766]  ffff888100352580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.014188]  ffff888100352600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.014518] >ffff888100352680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.015108]                                                              ^
[   11.015427]  ffff888100352700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.015664]  ffff888100352780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.015875] ==================================================================
[   11.171465] ==================================================================
[   11.171929] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.172175] Write of size 1 at addr ffff88810241a0eb by task kunit_try_catch/177
[   11.172837] 
[   11.173074] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   11.173133] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.173145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.173165] Call Trace:
[   11.173177]  <TASK>
[   11.173192]  dump_stack_lvl+0x73/0xb0
[   11.173218]  print_report+0xd1/0x650
[   11.173242]  ? __virt_addr_valid+0x1db/0x2d0
[   11.173267]  ? krealloc_more_oob_helper+0x821/0x930
[   11.173291]  ? kasan_addr_to_slab+0x11/0xa0
[   11.173312]  ? krealloc_more_oob_helper+0x821/0x930
[   11.173337]  kasan_report+0x141/0x180
[   11.173359]  ? krealloc_more_oob_helper+0x821/0x930
[   11.173387]  __asan_report_store1_noabort+0x1b/0x30
[   11.173408]  krealloc_more_oob_helper+0x821/0x930
[   11.173431]  ? __schedule+0x10cc/0x2b60
[   11.173453]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.173477]  ? finish_task_switch.isra.0+0x153/0x700
[   11.173498]  ? __switch_to+0x47/0xf50
[   11.173524]  ? __schedule+0x10cc/0x2b60
[   11.173547]  ? __pfx_read_tsc+0x10/0x10
[   11.173571]  krealloc_large_more_oob+0x1c/0x30
[   11.173593]  kunit_try_run_case+0x1a5/0x480
[   11.173613]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.173631]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.173655]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.173679]  ? __kthread_parkme+0x82/0x180
[   11.173698]  ? preempt_count_sub+0x50/0x80
[   11.173719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.173739]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.173762]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.173786]  kthread+0x337/0x6f0
[   11.173804]  ? trace_preempt_on+0x20/0xc0
[   11.173826]  ? __pfx_kthread+0x10/0x10
[   11.173845]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.173867]  ? calculate_sigpending+0x7b/0xa0
[   11.173889]  ? __pfx_kthread+0x10/0x10
[   11.173921]  ret_from_fork+0x116/0x1d0
[   11.173938]  ? __pfx_kthread+0x10/0x10
[   11.173969]  ret_from_fork_asm+0x1a/0x30
[   11.173998]  </TASK>
[   11.174009] 
[   11.188562] The buggy address belongs to the physical page:
[   11.188832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102418
[   11.189625] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.190531] flags: 0x200000000000040(head|node=0|zone=2)
[   11.190799] page_type: f8(unknown)
[   11.190942] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.191173] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.191405] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.191635] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.191950] head: 0200000000000002 ffffea0004090601 00000000ffffffff 00000000ffffffff
[   11.192678] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.193268] page dumped because: kasan: bad access detected
[   11.193443] 
[   11.193512] Memory state around the buggy address:
[   11.193686]  ffff888102419f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.194332]  ffff88810241a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.195189] >ffff88810241a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.195909]                                                           ^
[   11.196538]  ffff88810241a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.197009]  ffff88810241a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.197679] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2y4wfFFz5evLcuglEi0lZhHSzNe

job_id

TEST:linaro@lkft#2y4wkwtti07OHEfdevzhqA6LZmP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2y4wkwtti07OHEfdevzhqA6LZmP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4whKyYdhH0fShDWipTWaZ18Fr/bzImage
sha256sum	732b0784565e56626280894de8e0c01cb6df50c3a4b830053e8a19dc7b69a758

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2y4whKyYdhH0fShDWipTWaZ18Fr/modules.tar.xz
sha256sum	63a93b8e373ae517e7a0c06715102b269a88ee449bb807871272906141bb634f

durations

tests

boot	0
kunit	204.26

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned