lkft/linux-stable-rc-linux-6.15.y - v6.15.1-35-g04e133874a24 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.282979] ==================================================================
[   22.283097] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   22.283217] Write of size 1 at addr fff00000c777e0f0 by task kunit_try_catch/164
[   22.283650] 
[   22.283743] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.283950] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.284011] Hardware name: linux,dummy-virt (DT)
[   22.284084] Call trace:
[   22.284139]  show_stack+0x20/0x38 (C)
[   22.284505]  dump_stack_lvl+0x8c/0xd0
[   22.284634]  print_report+0x118/0x608
[   22.284773]  kasan_report+0xdc/0x128
[   22.284890]  __asan_report_store1_noabort+0x20/0x30
[   22.285015]  krealloc_more_oob_helper+0x5c0/0x678
[   22.285360]  krealloc_large_more_oob+0x20/0x38
[   22.285540]  kunit_try_run_case+0x170/0x3f0
[   22.285679]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.285814]  kthread+0x328/0x630
[   22.286214]  ret_from_fork+0x10/0x20
[   22.286382] 
[   22.286493] The buggy address belongs to the physical page:
[   22.286587] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10777c
[   22.286728] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.286841] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.286971] page_type: f8(unknown)
[   22.287107] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.287461] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.287649] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.287787] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.287916] head: 0bfffe0000000002 ffffc1ffc31ddf01 00000000ffffffff 00000000ffffffff
[   22.288044] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.288190] page dumped because: kasan: bad access detected
[   22.288280] 
[   22.288345] Memory state around the buggy address:
[   22.288829]  fff00000c777df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.288951]  fff00000c777e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.289064] >fff00000c777e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   22.289523]                                                              ^
[   22.289717]  fff00000c777e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.289833]  fff00000c777e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.289926] ==================================================================
[   22.138325] ==================================================================
[   22.138573] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   22.139072] Write of size 1 at addr fff00000c57b0aeb by task kunit_try_catch/160
[   22.139241] 
[   22.139361] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.139598] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.139663] Hardware name: linux,dummy-virt (DT)
[   22.139971] Call trace:
[   22.140033]  show_stack+0x20/0x38 (C)
[   22.140180]  dump_stack_lvl+0x8c/0xd0
[   22.140270]  print_report+0x118/0x608
[   22.140363]  kasan_report+0xdc/0x128
[   22.140482]  __asan_report_store1_noabort+0x20/0x30
[   22.140677]  krealloc_more_oob_helper+0x60c/0x678
[   22.140867]  krealloc_more_oob+0x20/0x38
[   22.141026]  kunit_try_run_case+0x170/0x3f0
[   22.141172]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.141373]  kthread+0x328/0x630
[   22.141528]  ret_from_fork+0x10/0x20
[   22.141685] 
[   22.141733] Allocated by task 160:
[   22.141838]  kasan_save_stack+0x3c/0x68
[   22.141947]  kasan_save_track+0x20/0x40
[   22.142042]  kasan_save_alloc_info+0x40/0x58
[   22.142176]  __kasan_krealloc+0x118/0x178
[   22.142286]  krealloc_noprof+0x128/0x360
[   22.142458]  krealloc_more_oob_helper+0x168/0x678
[   22.142559]  krealloc_more_oob+0x20/0x38
[   22.142652]  kunit_try_run_case+0x170/0x3f0
[   22.142756]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.143124]  kthread+0x328/0x630
[   22.143457]  ret_from_fork+0x10/0x20
[   22.143706] 
[   22.144082] The buggy address belongs to the object at fff00000c57b0a00
[   22.144082]  which belongs to the cache kmalloc-256 of size 256
[   22.144433] The buggy address is located 0 bytes to the right of
[   22.144433]  allocated 235-byte region [fff00000c57b0a00, fff00000c57b0aeb)
[   22.144614] 
[   22.144669] The buggy address belongs to the physical page:
[   22.144774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057b0
[   22.144892] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.145004] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.145127] page_type: f5(slab)
[   22.145206] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.145309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.145780] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.145943] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.146072] head: 0bfffe0000000001 ffffc1ffc315ec01 00000000ffffffff 00000000ffffffff
[   22.146203] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.146331] page dumped because: kasan: bad access detected
[   22.146493] 
[   22.146549] Memory state around the buggy address:
[   22.146680]  fff00000c57b0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.146787]  fff00000c57b0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.147123] >fff00000c57b0a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.147335]                                                           ^
[   22.147479]  fff00000c57b0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.147595]  fff00000c57b0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.147694] ==================================================================
[   22.273078] ==================================================================
[   22.273796] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   22.274348] Write of size 1 at addr fff00000c777e0eb by task kunit_try_catch/164
[   22.274535] 
[   22.274628] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.274805] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.275072] Hardware name: linux,dummy-virt (DT)
[   22.275368] Call trace:
[   22.275452]  show_stack+0x20/0x38 (C)
[   22.275616]  dump_stack_lvl+0x8c/0xd0
[   22.275800]  print_report+0x118/0x608
[   22.275921]  kasan_report+0xdc/0x128
[   22.276036]  __asan_report_store1_noabort+0x20/0x30
[   22.276156]  krealloc_more_oob_helper+0x60c/0x678
[   22.276290]  krealloc_large_more_oob+0x20/0x38
[   22.276421]  kunit_try_run_case+0x170/0x3f0
[   22.276874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.277025]  kthread+0x328/0x630
[   22.277499]  ret_from_fork+0x10/0x20
[   22.277675] 
[   22.277727] The buggy address belongs to the physical page:
[   22.277804] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10777c
[   22.277936] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.278436] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.278657] page_type: f8(unknown)
[   22.278813] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.278960] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.279116] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.279290] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.279430] head: 0bfffe0000000002 ffffc1ffc31ddf01 00000000ffffffff 00000000ffffffff
[   22.279550] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.280051] page dumped because: kasan: bad access detected
[   22.280279] 
[   22.280350] Memory state around the buggy address:
[   22.280479]  fff00000c777df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.280628]  fff00000c777e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.280819] >fff00000c777e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   22.280947]                                                           ^
[   22.281139]  fff00000c777e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.281253]  fff00000c777e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.281377] ==================================================================
[   22.150219] ==================================================================
[   22.150374] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   22.150602] Write of size 1 at addr fff00000c57b0af0 by task kunit_try_catch/160
[   22.150732] 
[   22.151165] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.151534] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.151596] Hardware name: linux,dummy-virt (DT)
[   22.151660] Call trace:
[   22.151705]  show_stack+0x20/0x38 (C)
[   22.151854]  dump_stack_lvl+0x8c/0xd0
[   22.151964]  print_report+0x118/0x608
[   22.152114]  kasan_report+0xdc/0x128
[   22.152411]  __asan_report_store1_noabort+0x20/0x30
[   22.152531]  krealloc_more_oob_helper+0x5c0/0x678
[   22.152643]  krealloc_more_oob+0x20/0x38
[   22.152752]  kunit_try_run_case+0x170/0x3f0
[   22.152910]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.153060]  kthread+0x328/0x630
[   22.153223]  ret_from_fork+0x10/0x20
[   22.153416] 
[   22.153490] Allocated by task 160:
[   22.153605]  kasan_save_stack+0x3c/0x68
[   22.153718]  kasan_save_track+0x20/0x40
[   22.153833]  kasan_save_alloc_info+0x40/0x58
[   22.153939]  __kasan_krealloc+0x118/0x178
[   22.154077]  krealloc_noprof+0x128/0x360
[   22.154208]  krealloc_more_oob_helper+0x168/0x678
[   22.154331]  krealloc_more_oob+0x20/0x38
[   22.154450]  kunit_try_run_case+0x170/0x3f0
[   22.154535]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.154642]  kthread+0x328/0x630
[   22.154733]  ret_from_fork+0x10/0x20
[   22.154824] 
[   22.154873] The buggy address belongs to the object at fff00000c57b0a00
[   22.154873]  which belongs to the cache kmalloc-256 of size 256
[   22.155022] The buggy address is located 5 bytes to the right of
[   22.155022]  allocated 235-byte region [fff00000c57b0a00, fff00000c57b0aeb)
[   22.155195] 
[   22.155247] The buggy address belongs to the physical page:
[   22.155328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057b0
[   22.155478] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.155605] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.155749] page_type: f5(slab)
[   22.155849] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.156043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.156187] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.156762] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.156903] head: 0bfffe0000000001 ffffc1ffc315ec01 00000000ffffffff 00000000ffffffff
[   22.157028] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.157121] page dumped because: kasan: bad access detected
[   22.157199] 
[   22.157284] Memory state around the buggy address:
[   22.157370]  fff00000c57b0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.157480]  fff00000c57b0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.157564] >fff00000c57b0a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.157829]                                                              ^
[   22.157916]  fff00000c57b0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.158006]  fff00000c57b0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.158094] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0l1lM4PPUPWLjAP2OyhEuEu2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0l1lM4PPUPWLjAP2OyhEuEu2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/Image.gz
sha256sum	1b531226140e142190e4cd0e4f3862050b0e2c45e059974a53d69b2b25304bf8

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/modules.tar.xz
sha256sum	96aed9ab36b698bb4c9bf06650847db2adf83170cdf96c9ed9e744a15d7b27ec

durations

tests

boot	0
kunit	362.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.098392] ==================================================================
[   13.099080] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.099304] Write of size 1 at addr ffff888100aaf2eb by task kunit_try_catch/176
[   13.099443] 
[   13.099524] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.099597] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.099611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.099634] Call Trace:
[   13.099649]  <TASK>
[   13.099680]  dump_stack_lvl+0x73/0xb0
[   13.099712]  print_report+0xd1/0x650
[   13.099736]  ? __virt_addr_valid+0x1db/0x2d0
[   13.099758]  ? krealloc_more_oob_helper+0x821/0x930
[   13.099777]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.099799]  ? krealloc_more_oob_helper+0x821/0x930
[   13.099818]  kasan_report+0x141/0x180
[   13.099840]  ? krealloc_more_oob_helper+0x821/0x930
[   13.099863]  __asan_report_store1_noabort+0x1b/0x30
[   13.099883]  krealloc_more_oob_helper+0x821/0x930
[   13.099901]  ? __schedule+0x10cc/0x2b30
[   13.099923]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.099943]  ? finish_task_switch.isra.0+0x153/0x700
[   13.099967]  ? __switch_to+0x5d9/0xf60
[   13.099988]  ? dequeue_task_fair+0x166/0x4e0
[   13.100011]  ? __schedule+0x10cc/0x2b30
[   13.100031]  ? __pfx_read_tsc+0x10/0x10
[   13.100053]  krealloc_more_oob+0x1c/0x30
[   13.100071]  kunit_try_run_case+0x1a5/0x480
[   13.100094]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.100114]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.100136]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.100157]  ? __kthread_parkme+0x82/0x180
[   13.100178]  ? preempt_count_sub+0x50/0x80
[   13.100201]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.100222]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.100244]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.100265]  kthread+0x337/0x6f0
[   13.100282]  ? trace_preempt_on+0x20/0xc0
[   13.100305]  ? __pfx_kthread+0x10/0x10
[   13.100322]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.100342]  ? calculate_sigpending+0x7b/0xa0
[   13.100363]  ? __pfx_kthread+0x10/0x10
[   13.100381]  ret_from_fork+0x41/0x80
[   13.100401]  ? __pfx_kthread+0x10/0x10
[   13.100418]  ret_from_fork_asm+0x1a/0x30
[   13.100446]  </TASK>
[   13.100458] 
[   13.111458] Allocated by task 176:
[   13.111804]  kasan_save_stack+0x45/0x70
[   13.112165]  kasan_save_track+0x18/0x40
[   13.112453]  kasan_save_alloc_info+0x3b/0x50
[   13.112784]  __kasan_krealloc+0x190/0x1f0
[   13.113027]  krealloc_noprof+0xf3/0x340
[   13.113280]  krealloc_more_oob_helper+0x1a9/0x930
[   13.113592]  krealloc_more_oob+0x1c/0x30
[   13.113905]  kunit_try_run_case+0x1a5/0x480
[   13.114146]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.114425]  kthread+0x337/0x6f0
[   13.114729]  ret_from_fork+0x41/0x80
[   13.114967]  ret_from_fork_asm+0x1a/0x30
[   13.115180] 
[   13.115337] The buggy address belongs to the object at ffff888100aaf200
[   13.115337]  which belongs to the cache kmalloc-256 of size 256
[   13.116007] The buggy address is located 0 bytes to the right of
[   13.116007]  allocated 235-byte region [ffff888100aaf200, ffff888100aaf2eb)
[   13.116681] 
[   13.116857] The buggy address belongs to the physical page:
[   13.117181] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   13.117601] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.118036] flags: 0x200000000000040(head|node=0|zone=2)
[   13.118453] page_type: f5(slab)
[   13.118729] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.119256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.119622] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.120120] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.120509] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   13.121033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.121396] page dumped because: kasan: bad access detected
[   13.121760] 
[   13.121868] Memory state around the buggy address:
[   13.122066]  ffff888100aaf180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.122315]  ffff888100aaf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.122573] >ffff888100aaf280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.123075]                                                           ^
[   13.123580]  ffff888100aaf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.124088]  ffff888100aaf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.124583] ==================================================================
[   13.349283] ==================================================================
[   13.350155] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   13.350552] Write of size 1 at addr ffff8881029be0eb by task kunit_try_catch/180
[   13.351609] 
[   13.352054] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.352119] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.352132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.352162] Call Trace:
[   13.352187]  <TASK>
[   13.352218]  dump_stack_lvl+0x73/0xb0
[   13.352278]  print_report+0xd1/0x650
[   13.352344]  ? __virt_addr_valid+0x1db/0x2d0
[   13.352376]  ? krealloc_more_oob_helper+0x821/0x930
[   13.352395]  ? kasan_addr_to_slab+0x11/0xa0
[   13.352423]  ? krealloc_more_oob_helper+0x821/0x930
[   13.352456]  kasan_report+0x141/0x180
[   13.352480]  ? krealloc_more_oob_helper+0x821/0x930
[   13.352503]  __asan_report_store1_noabort+0x1b/0x30
[   13.352523]  krealloc_more_oob_helper+0x821/0x930
[   13.352541]  ? __schedule+0x10cc/0x2b30
[   13.352584]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.352616]  ? finish_task_switch.isra.0+0x153/0x700
[   13.352658]  ? __switch_to+0x5d9/0xf60
[   13.352693]  ? dequeue_task_fair+0x166/0x4e0
[   13.352740]  ? __schedule+0x10cc/0x2b30
[   13.352775]  ? __pfx_read_tsc+0x10/0x10
[   13.352801]  krealloc_large_more_oob+0x1c/0x30
[   13.352821]  kunit_try_run_case+0x1a5/0x480
[   13.352846]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.352867]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.352891]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.352912]  ? __kthread_parkme+0x82/0x180
[   13.352934]  ? preempt_count_sub+0x50/0x80
[   13.352958]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.352980]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.353001]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.353022]  kthread+0x337/0x6f0
[   13.353039]  ? trace_preempt_on+0x20/0xc0
[   13.353063]  ? __pfx_kthread+0x10/0x10
[   13.353080]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.353100]  ? calculate_sigpending+0x7b/0xa0
[   13.353122]  ? __pfx_kthread+0x10/0x10
[   13.353140]  ret_from_fork+0x41/0x80
[   13.353159]  ? __pfx_kthread+0x10/0x10
[   13.353177]  ret_from_fork_asm+0x1a/0x30
[   13.353206]  </TASK>
[   13.353219] 
[   13.367932] The buggy address belongs to the physical page:
[   13.368683] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   13.369337] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.370081] flags: 0x200000000000040(head|node=0|zone=2)
[   13.370549] page_type: f8(unknown)
[   13.370748] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.371265] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.372098] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.372679] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.373402] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   13.373953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.374401] page dumped because: kasan: bad access detected
[   13.374784] 
[   13.374889] Memory state around the buggy address:
[   13.375206]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.375636]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.375966] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.376393]                                                           ^
[   13.377671]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.378117]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.378340] ==================================================================
[   13.378951] ==================================================================
[   13.379219] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.379497] Write of size 1 at addr ffff8881029be0f0 by task kunit_try_catch/180
[   13.381193] 
[   13.381384] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.382401] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.382425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.382448] Call Trace:
[   13.382466]  <TASK>
[   13.382486]  dump_stack_lvl+0x73/0xb0
[   13.382525]  print_report+0xd1/0x650
[   13.382548]  ? __virt_addr_valid+0x1db/0x2d0
[   13.382596]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.382625]  ? kasan_addr_to_slab+0x11/0xa0
[   13.382657]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.382686]  kasan_report+0x141/0x180
[   13.382717]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.382752]  __asan_report_store1_noabort+0x1b/0x30
[   13.382784]  krealloc_more_oob_helper+0x7eb/0x930
[   13.382810]  ? __schedule+0x10cc/0x2b30
[   13.382832]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.382851]  ? finish_task_switch.isra.0+0x153/0x700
[   13.382875]  ? __switch_to+0x5d9/0xf60
[   13.382895]  ? dequeue_task_fair+0x166/0x4e0
[   13.382917]  ? __schedule+0x10cc/0x2b30
[   13.382937]  ? __pfx_read_tsc+0x10/0x10
[   13.382959]  krealloc_large_more_oob+0x1c/0x30
[   13.382977]  kunit_try_run_case+0x1a5/0x480
[   13.383001]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.383021]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.383042]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.383063]  ? __kthread_parkme+0x82/0x180
[   13.383084]  ? preempt_count_sub+0x50/0x80
[   13.383106]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.383128]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.383161]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.383185]  kthread+0x337/0x6f0
[   13.383204]  ? trace_preempt_on+0x20/0xc0
[   13.383229]  ? __pfx_kthread+0x10/0x10
[   13.383249]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.383270]  ? calculate_sigpending+0x7b/0xa0
[   13.383294]  ? __pfx_kthread+0x10/0x10
[   13.383312]  ret_from_fork+0x41/0x80
[   13.383332]  ? __pfx_kthread+0x10/0x10
[   13.383349]  ret_from_fork_asm+0x1a/0x30
[   13.383379]  </TASK>
[   13.383392] 
[   13.397308] The buggy address belongs to the physical page:
[   13.398238] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   13.399047] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.399483] flags: 0x200000000000040(head|node=0|zone=2)
[   13.400074] page_type: f8(unknown)
[   13.400234] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.400447] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.401500] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.402051] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.402796] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   13.403083] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.403598] page dumped because: kasan: bad access detected
[   13.404225] 
[   13.404399] Memory state around the buggy address:
[   13.405223]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.405571]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.406468] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   13.406957]                                                              ^
[   13.407196]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.408056]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.408743] ==================================================================
[   13.127459] ==================================================================
[   13.128032] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   13.128458] Write of size 1 at addr ffff888100aaf2f0 by task kunit_try_catch/176
[   13.129083] 
[   13.129271] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.129360] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.129382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.129419] Call Trace:
[   13.129448]  <TASK>
[   13.129486]  dump_stack_lvl+0x73/0xb0
[   13.129543]  print_report+0xd1/0x650
[   13.129595]  ? __virt_addr_valid+0x1db/0x2d0
[   13.130597]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.130639]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.130707]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.130744]  kasan_report+0x141/0x180
[   13.130789]  ? krealloc_more_oob_helper+0x7eb/0x930
[   13.130837]  __asan_report_store1_noabort+0x1b/0x30
[   13.130879]  krealloc_more_oob_helper+0x7eb/0x930
[   13.130913]  ? __schedule+0x10cc/0x2b30
[   13.130952]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   13.130986]  ? finish_task_switch.isra.0+0x153/0x700
[   13.131031]  ? __switch_to+0x5d9/0xf60
[   13.131067]  ? dequeue_task_fair+0x166/0x4e0
[   13.131108]  ? __schedule+0x10cc/0x2b30
[   13.131161]  ? __pfx_read_tsc+0x10/0x10
[   13.131207]  krealloc_more_oob+0x1c/0x30
[   13.131247]  kunit_try_run_case+0x1a5/0x480
[   13.131300]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.131340]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.131378]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.131418]  ? __kthread_parkme+0x82/0x180
[   13.131457]  ? preempt_count_sub+0x50/0x80
[   13.131502]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.131543]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.131597]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.131636]  kthread+0x337/0x6f0
[   13.131696]  ? trace_preempt_on+0x20/0xc0
[   13.131742]  ? __pfx_kthread+0x10/0x10
[   13.131778]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.131819]  ? calculate_sigpending+0x7b/0xa0
[   13.131862]  ? __pfx_kthread+0x10/0x10
[   13.131891]  ret_from_fork+0x41/0x80
[   13.131915]  ? __pfx_kthread+0x10/0x10
[   13.131932]  ret_from_fork_asm+0x1a/0x30
[   13.131961]  </TASK>
[   13.131975] 
[   13.142177] Allocated by task 176:
[   13.142480]  kasan_save_stack+0x45/0x70
[   13.142852]  kasan_save_track+0x18/0x40
[   13.143148]  kasan_save_alloc_info+0x3b/0x50
[   13.143345]  __kasan_krealloc+0x190/0x1f0
[   13.143549]  krealloc_noprof+0xf3/0x340
[   13.143895]  krealloc_more_oob_helper+0x1a9/0x930
[   13.144268]  krealloc_more_oob+0x1c/0x30
[   13.144532]  kunit_try_run_case+0x1a5/0x480
[   13.144905]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.145169]  kthread+0x337/0x6f0
[   13.145398]  ret_from_fork+0x41/0x80
[   13.145723]  ret_from_fork_asm+0x1a/0x30
[   13.145947] 
[   13.146095] The buggy address belongs to the object at ffff888100aaf200
[   13.146095]  which belongs to the cache kmalloc-256 of size 256
[   13.146624] The buggy address is located 5 bytes to the right of
[   13.146624]  allocated 235-byte region [ffff888100aaf200, ffff888100aaf2eb)
[   13.147228] 
[   13.147414] The buggy address belongs to the physical page:
[   13.147680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   13.147989] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.148332] flags: 0x200000000000040(head|node=0|zone=2)
[   13.148785] page_type: f5(slab)
[   13.149064] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.149589] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.150140] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.150478] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.150884] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   13.151255] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.151788] page dumped because: kasan: bad access detected
[   13.152133] 
[   13.152289] Memory state around the buggy address:
[   13.152477]  ffff888100aaf180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.152918]  ffff888100aaf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.153280] >ffff888100aaf280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   13.153676]                                                              ^
[   13.153927]  ffff888100aaf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.154159]  ffff888100aaf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.154394] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0mjaDXA0CwqutKjQjRIFyOIe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0mjaDXA0CwqutKjQjRIFyOIe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/bzImage
sha256sum	47ba1de281267f956a3a48f9181f4c477feef4bcb70a0c3d7e92edaf4b0c05cf

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/modules.tar.xz
sha256sum	8e7e333ca033c5e02b3a17a5149fd9967683e83e27203dc8ee3885518ea01f50

durations

tests

boot	0
kunit	394.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit