lkft/linux-stable-rc-linux-6.15.y - v6.15.1-816-gd878a60be557 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 17, 2025, 3:40 p.m.

Environment
qemu-arm64
qemu-x86_64

[   21.340021] ==================================================================
[   21.340470] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   21.340627] Write of size 1 at addr fff00000c4771aeb by task kunit_try_catch/158
[   21.340756] 
[   21.341336] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   21.341642] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.341710] Hardware name: linux,dummy-virt (DT)
[   21.341796] Call trace:
[   21.341844]  show_stack+0x20/0x38 (C)
[   21.341985]  dump_stack_lvl+0x8c/0xd0
[   21.342094]  print_report+0x118/0x608
[   21.342437]  kasan_report+0xdc/0x128
[   21.342586]  __asan_report_store1_noabort+0x20/0x30
[   21.342742]  krealloc_more_oob_helper+0x60c/0x678
[   21.342892]  krealloc_more_oob+0x20/0x38
[   21.343001]  kunit_try_run_case+0x170/0x3f0
[   21.343413]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.343611]  kthread+0x328/0x630
[   21.343799]  ret_from_fork+0x10/0x20
[   21.343921] 
[   21.343967] Allocated by task 158:
[   21.344039]  kasan_save_stack+0x3c/0x68
[   21.344160]  kasan_save_track+0x20/0x40
[   21.344294]  kasan_save_alloc_info+0x40/0x58
[   21.344423]  __kasan_krealloc+0x118/0x178
[   21.344557]  krealloc_noprof+0x128/0x360
[   21.344646]  krealloc_more_oob_helper+0x168/0x678
[   21.344746]  krealloc_more_oob+0x20/0x38
[   21.345093]  kunit_try_run_case+0x170/0x3f0
[   21.345345]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.345479]  kthread+0x328/0x630
[   21.345560]  ret_from_fork+0x10/0x20
[   21.345637] 
[   21.345680] The buggy address belongs to the object at fff00000c4771a00
[   21.345680]  which belongs to the cache kmalloc-256 of size 256
[   21.346102] The buggy address is located 0 bytes to the right of
[   21.346102]  allocated 235-byte region [fff00000c4771a00, fff00000c4771aeb)
[   21.346353] 
[   21.346405] The buggy address belongs to the physical page:
[   21.346483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104770
[   21.346619] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.346746] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.346888] page_type: f5(slab)
[   21.347013] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.347248] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.347368] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.347481] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.347686] head: 0bfffe0000000001 ffffc1ffc311dc01 00000000ffffffff 00000000ffffffff
[   21.348039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.348201] page dumped because: kasan: bad access detected
[   21.348317] 
[   21.348377] Memory state around the buggy address:
[   21.348459]  fff00000c4771980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.348568]  fff00000c4771a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.348692] >fff00000c4771a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.348791]                                                           ^
[   21.348924]  fff00000c4771b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.349053]  fff00000c4771b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.349188] ==================================================================
[   21.351824] ==================================================================
[   21.351958] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   21.352096] Write of size 1 at addr fff00000c4771af0 by task kunit_try_catch/158
[   21.352230] 
[   21.352320] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   21.352523] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.352587] Hardware name: linux,dummy-virt (DT)
[   21.352667] Call trace:
[   21.352724]  show_stack+0x20/0x38 (C)
[   21.353351]  dump_stack_lvl+0x8c/0xd0
[   21.353543]  print_report+0x118/0x608
[   21.353682]  kasan_report+0xdc/0x128
[   21.353826]  __asan_report_store1_noabort+0x20/0x30
[   21.354100]  krealloc_more_oob_helper+0x5c0/0x678
[   21.354247]  krealloc_more_oob+0x20/0x38
[   21.354364]  kunit_try_run_case+0x170/0x3f0
[   21.354456]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.354573]  kthread+0x328/0x630
[   21.354709]  ret_from_fork+0x10/0x20
[   21.354905] 
[   21.354972] Allocated by task 158:
[   21.355058]  kasan_save_stack+0x3c/0x68
[   21.355230]  kasan_save_track+0x20/0x40
[   21.355322]  kasan_save_alloc_info+0x40/0x58
[   21.355448]  __kasan_krealloc+0x118/0x178
[   21.355580]  krealloc_noprof+0x128/0x360
[   21.355682]  krealloc_more_oob_helper+0x168/0x678
[   21.356120]  krealloc_more_oob+0x20/0x38
[   21.356516]  kunit_try_run_case+0x170/0x3f0
[   21.356617]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.356738]  kthread+0x328/0x630
[   21.357402]  ret_from_fork+0x10/0x20
[   21.357543] 
[   21.357588] The buggy address belongs to the object at fff00000c4771a00
[   21.357588]  which belongs to the cache kmalloc-256 of size 256
[   21.357712] The buggy address is located 5 bytes to the right of
[   21.357712]  allocated 235-byte region [fff00000c4771a00, fff00000c4771aeb)
[   21.358070] 
[   21.358124] The buggy address belongs to the physical page:
[   21.358209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104770
[   21.358374] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.358492] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.358629] page_type: f5(slab)
[   21.358739] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.358885] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.359042] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.359156] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.359564] head: 0bfffe0000000001 ffffc1ffc311dc01 00000000ffffffff 00000000ffffffff
[   21.359682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.360246] page dumped because: kasan: bad access detected
[   21.360378] 
[   21.360452] Memory state around the buggy address:
[   21.360584]  fff00000c4771980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.360703]  fff00000c4771a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.360822] >fff00000c4771a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   21.360910]                                                              ^
[   21.361012]  fff00000c4771b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.361120]  fff00000c4771b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.361219] ==================================================================
[   21.445606] ==================================================================
[   21.445972] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   21.446137] Write of size 1 at addr fff00000c78920f0 by task kunit_try_catch/162
[   21.446251] 
[   21.446369] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   21.446542] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.446592] Hardware name: linux,dummy-virt (DT)
[   21.446661] Call trace:
[   21.446719]  show_stack+0x20/0x38 (C)
[   21.447180]  dump_stack_lvl+0x8c/0xd0
[   21.447322]  print_report+0x118/0x608
[   21.447442]  kasan_report+0xdc/0x128
[   21.447543]  __asan_report_store1_noabort+0x20/0x30
[   21.447874]  krealloc_more_oob_helper+0x5c0/0x678
[   21.448073]  krealloc_large_more_oob+0x20/0x38
[   21.448291]  kunit_try_run_case+0x170/0x3f0
[   21.448420]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.448555]  kthread+0x328/0x630
[   21.448666]  ret_from_fork+0x10/0x20
[   21.448799] 
[   21.448848] The buggy address belongs to the physical page:
[   21.448924] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107890
[   21.449058] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.449175] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.449463] page_type: f8(unknown)
[   21.449800] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.449947] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.450190] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.450507] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.450854] head: 0bfffe0000000002 ffffc1ffc31e2401 00000000ffffffff 00000000ffffffff
[   21.451103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.451217] page dumped because: kasan: bad access detected
[   21.451373] 
[   21.451453] Memory state around the buggy address:
[   21.451692]  fff00000c7891f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.451922]  fff00000c7892000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.452046] >fff00000c7892080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.452297]                                                              ^
[   21.452461]  fff00000c7892100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.452672]  fff00000c7892180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.452913] ==================================================================
[   21.435407] ==================================================================
[   21.435749] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   21.436037] Write of size 1 at addr fff00000c78920eb by task kunit_try_catch/162
[   21.436195] 
[   21.436293] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT 
[   21.436485] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.436750] Hardware name: linux,dummy-virt (DT)
[   21.436990] Call trace:
[   21.437054]  show_stack+0x20/0x38 (C)
[   21.437191]  dump_stack_lvl+0x8c/0xd0
[   21.437353]  print_report+0x118/0x608
[   21.437468]  kasan_report+0xdc/0x128
[   21.437583]  __asan_report_store1_noabort+0x20/0x30
[   21.437704]  krealloc_more_oob_helper+0x60c/0x678
[   21.437834]  krealloc_large_more_oob+0x20/0x38
[   21.437946]  kunit_try_run_case+0x170/0x3f0
[   21.438159]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.438504]  kthread+0x328/0x630
[   21.438713]  ret_from_fork+0x10/0x20
[   21.438877] 
[   21.438926] The buggy address belongs to the physical page:
[   21.439201] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107890
[   21.439541] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.439765] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.439897] page_type: f8(unknown)
[   21.440209] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.440442] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.440775] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   21.440908] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.441514] head: 0bfffe0000000002 ffffc1ffc31e2401 00000000ffffffff 00000000ffffffff
[   21.441671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.441880] page dumped because: kasan: bad access detected
[   21.441957] 
[   21.442145] Memory state around the buggy address:
[   21.442367]  fff00000c7891f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.442704]  fff00000c7892000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.442888] >fff00000c7892080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.442987]                                                           ^
[   21.443089]  fff00000c7892100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.443195]  fff00000c7892180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.443298] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ydqNQrhsJ2o3nRcu0jJt1pJPAN

job_id

TEST:linaro@lkft#2ydqRXA7BZt3FYFyyVtfHApec53

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ydqRXA7BZt3FYFyyVtfHApec53

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqOQvh8FZMWVTqNBBZW6j0IZ9/Image.gz
sha256sum	7242332481f9356c5933d0de1be88bb7412a90d205771a7f71dcbe5c7be41d51

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqOQvh8FZMWVTqNBBZW6j0IZ9/modules.tar.xz
sha256sum	7d68a204448ffa43aa8312ab431e97fd284c4240b83f9cb05c5040addb3de16f

durations

tests

boot	0
kunit	371.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   18.622439] ==================================================================
[   18.623783] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   18.624464] Write of size 1 at addr ffff88810390a0eb by task kunit_try_catch/180
[   18.624999] 
[   18.625199] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   18.625271] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.626548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.626809] Call Trace:
[   18.626831]  <TASK>
[   18.626860]  dump_stack_lvl+0x73/0xb0
[   18.626906]  print_report+0xd1/0x650
[   18.626960]  ? __virt_addr_valid+0x1db/0x2d0
[   18.627131]  ? krealloc_more_oob_helper+0x821/0x930
[   18.627173]  ? kasan_addr_to_slab+0x11/0xa0
[   18.627208]  ? krealloc_more_oob_helper+0x821/0x930
[   18.627240]  kasan_report+0x141/0x180
[   18.627275]  ? krealloc_more_oob_helper+0x821/0x930
[   18.627340]  __asan_report_store1_noabort+0x1b/0x30
[   18.627376]  krealloc_more_oob_helper+0x821/0x930
[   18.627407]  ? __schedule+0x10cc/0x2b60
[   18.627444]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   18.627475]  ? finish_task_switch.isra.0+0x153/0x700
[   18.627511]  ? __switch_to+0x5d9/0xf60
[   18.627543]  ? dequeue_task_fair+0x166/0x4e0
[   18.627580]  ? __schedule+0x10cc/0x2b60
[   18.627614]  ? __pfx_read_tsc+0x10/0x10
[   18.627649]  krealloc_large_more_oob+0x1c/0x30
[   18.627678]  kunit_try_run_case+0x1a5/0x480
[   18.627719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.627753]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.627789]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.627824]  ? __kthread_parkme+0x82/0x180
[   18.627857]  ? preempt_count_sub+0x50/0x80
[   18.627901]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.627938]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.628027]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.628109]  kthread+0x337/0x6f0
[   18.628147]  ? trace_preempt_on+0x20/0xc0
[   18.628187]  ? __pfx_kthread+0x10/0x10
[   18.628214]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.628246]  ? calculate_sigpending+0x7b/0xa0
[   18.628280]  ? __pfx_kthread+0x10/0x10
[   18.628332]  ret_from_fork+0x41/0x80
[   18.628366]  ? __pfx_kthread+0x10/0x10
[   18.628393]  ret_from_fork_asm+0x1a/0x30
[   18.628443]  </TASK>
[   18.628459] 
[   18.650545] The buggy address belongs to the physical page:
[   18.651259] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   18.652140] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.652987] flags: 0x200000000000040(head|node=0|zone=2)
[   18.653709] page_type: f8(unknown)
[   18.654181] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.655984] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.656803] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.657428] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.658118] head: 0200000000000002 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   18.659114] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.659580] page dumped because: kasan: bad access detected
[   18.660225] 
[   18.660509] Memory state around the buggy address:
[   18.660979]  ffff888103909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.661669]  ffff88810390a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.662382] >ffff88810390a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.663099]                                                           ^
[   18.663775]  ffff88810390a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.664424]  ffff88810390a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.665091] ==================================================================
[   18.268877] ==================================================================
[   18.269815] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   18.271257] Write of size 1 at addr ffff888100344ef0 by task kunit_try_catch/176
[   18.272028] 
[   18.272612] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   18.272747] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.272787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.272864] Call Trace:
[   18.272942]  <TASK>
[   18.273384]  dump_stack_lvl+0x73/0xb0
[   18.273466]  print_report+0xd1/0x650
[   18.273504]  ? __virt_addr_valid+0x1db/0x2d0
[   18.273536]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.273564]  ? kasan_complete_mode_report_info+0x2a/0x200
[   18.273596]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.273624]  kasan_report+0x141/0x180
[   18.273657]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.273692]  __asan_report_store1_noabort+0x1b/0x30
[   18.273725]  krealloc_more_oob_helper+0x7eb/0x930
[   18.273756]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   18.273783]  ? irqentry_exit+0x2a/0x60
[   18.273808]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   18.273849]  ? __pfx_krealloc_more_oob+0x10/0x10
[   18.273879]  krealloc_more_oob+0x1c/0x30
[   18.273906]  kunit_try_run_case+0x1a5/0x480
[   18.273941]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.274078]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.274124]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.274161]  ? __kthread_parkme+0x82/0x180
[   18.274195]  ? preempt_count_sub+0x50/0x80
[   18.274232]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.274267]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.274327]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.274366]  kthread+0x337/0x6f0
[   18.274391]  ? trace_preempt_on+0x20/0xc0
[   18.274429]  ? __pfx_kthread+0x10/0x10
[   18.274458]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.274491]  ? calculate_sigpending+0x7b/0xa0
[   18.274523]  ? __pfx_kthread+0x10/0x10
[   18.274550]  ret_from_fork+0x41/0x80
[   18.274585]  ? __pfx_kthread+0x10/0x10
[   18.274612]  ret_from_fork_asm+0x1a/0x30
[   18.274657]  </TASK>
[   18.274673] 
[   18.294984] Allocated by task 176:
[   18.295629]  kasan_save_stack+0x45/0x70
[   18.296054]  kasan_save_track+0x18/0x40
[   18.296454]  kasan_save_alloc_info+0x3b/0x50
[   18.296872]  __kasan_krealloc+0x190/0x1f0
[   18.298169]  krealloc_noprof+0xf3/0x340
[   18.298468]  krealloc_more_oob_helper+0x1a9/0x930
[   18.299446]  krealloc_more_oob+0x1c/0x30
[   18.300117]  kunit_try_run_case+0x1a5/0x480
[   18.300678]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.301440]  kthread+0x337/0x6f0
[   18.301962]  ret_from_fork+0x41/0x80
[   18.303355]  ret_from_fork_asm+0x1a/0x30
[   18.303753] 
[   18.304246] The buggy address belongs to the object at ffff888100344e00
[   18.304246]  which belongs to the cache kmalloc-256 of size 256
[   18.305143] The buggy address is located 5 bytes to the right of
[   18.305143]  allocated 235-byte region [ffff888100344e00, ffff888100344eeb)
[   18.306890] 
[   18.307153] The buggy address belongs to the physical page:
[   18.308062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   18.309099] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.309827] flags: 0x200000000000040(head|node=0|zone=2)
[   18.310158] page_type: f5(slab)
[   18.310496] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   18.311156] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.312624] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   18.313665] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.314374] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   18.315528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.316034] page dumped because: kasan: bad access detected
[   18.316753] 
[   18.316984] Memory state around the buggy address:
[   18.317935]  ffff888100344d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.318417]  ffff888100344e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.319907] >ffff888100344e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.320793]                                                              ^
[   18.321939]  ffff888100344f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.322658]  ffff888100344f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.323550] ==================================================================
[   18.666206] ==================================================================
[   18.667155] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   18.667818] Write of size 1 at addr ffff88810390a0f0 by task kunit_try_catch/180
[   18.668405] 
[   18.668785] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   18.668984] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.669064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.669162] Call Trace:
[   18.669215]  <TASK>
[   18.669268]  dump_stack_lvl+0x73/0xb0
[   18.669405]  print_report+0xd1/0x650
[   18.669481]  ? __virt_addr_valid+0x1db/0x2d0
[   18.669550]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.669616]  ? kasan_addr_to_slab+0x11/0xa0
[   18.669686]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.669785]  kasan_report+0x141/0x180
[   18.669869]  ? krealloc_more_oob_helper+0x7eb/0x930
[   18.670083]  __asan_report_store1_noabort+0x1b/0x30
[   18.670204]  krealloc_more_oob_helper+0x7eb/0x930
[   18.670326]  ? __schedule+0x10cc/0x2b60
[   18.670443]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   18.670574]  ? finish_task_switch.isra.0+0x153/0x700
[   18.670663]  ? __switch_to+0x5d9/0xf60
[   18.670771]  ? dequeue_task_fair+0x166/0x4e0
[   18.670858]  ? __schedule+0x10cc/0x2b60
[   18.670931]  ? __pfx_read_tsc+0x10/0x10
[   18.671093]  krealloc_large_more_oob+0x1c/0x30
[   18.671165]  kunit_try_run_case+0x1a5/0x480
[   18.671248]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.671339]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.671419]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.671493]  ? __kthread_parkme+0x82/0x180
[   18.671562]  ? preempt_count_sub+0x50/0x80
[   18.671632]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.671709]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.671785]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.671907]  kthread+0x337/0x6f0
[   18.672001]  ? trace_preempt_on+0x20/0xc0
[   18.672104]  ? __pfx_kthread+0x10/0x10
[   18.672169]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.672283]  ? calculate_sigpending+0x7b/0xa0
[   18.672378]  ? __pfx_kthread+0x10/0x10
[   18.672486]  ret_from_fork+0x41/0x80
[   18.672558]  ? __pfx_kthread+0x10/0x10
[   18.672617]  ret_from_fork_asm+0x1a/0x30
[   18.672737]  </TASK>
[   18.672775] 
[   18.689350] The buggy address belongs to the physical page:
[   18.689718] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   18.690530] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.691280] flags: 0x200000000000040(head|node=0|zone=2)
[   18.691730] page_type: f8(unknown)
[   18.692079] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.692985] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.693649] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   18.694356] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.695080] head: 0200000000000002 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   18.695672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.696371] page dumped because: kasan: bad access detected
[   18.696867] 
[   18.697129] Memory state around the buggy address:
[   18.697817]  ffff888103909f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.698572]  ffff88810390a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.699244] >ffff88810390a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.700818]                                                              ^
[   18.701683]  ffff88810390a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.702679]  ffff88810390a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.703905] ==================================================================
[   18.207808] ==================================================================
[   18.209627] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   18.210915] Write of size 1 at addr ffff888100344eeb by task kunit_try_catch/176
[   18.211960] 
[   18.212245] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.3-rc1 #1 PREEMPT(voluntary) 
[   18.212409] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.212450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   18.212502] Call Trace:
[   18.212537]  <TASK>
[   18.212580]  dump_stack_lvl+0x73/0xb0
[   18.212640]  print_report+0xd1/0x650
[   18.212712]  ? __virt_addr_valid+0x1db/0x2d0
[   18.212754]  ? krealloc_more_oob_helper+0x821/0x930
[   18.212785]  ? kasan_complete_mode_report_info+0x2a/0x200
[   18.212820]  ? krealloc_more_oob_helper+0x821/0x930
[   18.212850]  kasan_report+0x141/0x180
[   18.212886]  ? krealloc_more_oob_helper+0x821/0x930
[   18.212924]  __asan_report_store1_noabort+0x1b/0x30
[   18.212955]  krealloc_more_oob_helper+0x821/0x930
[   18.212989]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   18.213018]  ? irqentry_exit+0x2a/0x60
[   18.213340]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   18.213404]  ? __pfx_krealloc_more_oob+0x10/0x10
[   18.213439]  krealloc_more_oob+0x1c/0x30
[   18.213465]  kunit_try_run_case+0x1a5/0x480
[   18.213504]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.213537]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   18.213576]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   18.213609]  ? __kthread_parkme+0x82/0x180
[   18.213641]  ? preempt_count_sub+0x50/0x80
[   18.213678]  ? __pfx_kunit_try_run_case+0x10/0x10
[   18.213711]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.213744]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   18.213777]  kthread+0x337/0x6f0
[   18.213801]  ? trace_preempt_on+0x20/0xc0
[   18.213836]  ? __pfx_kthread+0x10/0x10
[   18.213860]  ? _raw_spin_unlock_irq+0x47/0x80
[   18.213890]  ? calculate_sigpending+0x7b/0xa0
[   18.213920]  ? __pfx_kthread+0x10/0x10
[   18.213945]  ret_from_fork+0x41/0x80
[   18.214081]  ? __pfx_kthread+0x10/0x10
[   18.214144]  ret_from_fork_asm+0x1a/0x30
[   18.214220]  </TASK>
[   18.214247] 
[   18.233632] Allocated by task 176:
[   18.233832]  kasan_save_stack+0x45/0x70
[   18.234039]  kasan_save_track+0x18/0x40
[   18.234373]  kasan_save_alloc_info+0x3b/0x50
[   18.234714]  __kasan_krealloc+0x190/0x1f0
[   18.235061]  krealloc_noprof+0xf3/0x340
[   18.236572]  krealloc_more_oob_helper+0x1a9/0x930
[   18.236996]  krealloc_more_oob+0x1c/0x30
[   18.237959]  kunit_try_run_case+0x1a5/0x480
[   18.238767]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   18.239542]  kthread+0x337/0x6f0
[   18.239832]  ret_from_fork+0x41/0x80
[   18.240623]  ret_from_fork_asm+0x1a/0x30
[   18.240993] 
[   18.241235] The buggy address belongs to the object at ffff888100344e00
[   18.241235]  which belongs to the cache kmalloc-256 of size 256
[   18.242757] The buggy address is located 0 bytes to the right of
[   18.242757]  allocated 235-byte region [ffff888100344e00, ffff888100344eeb)
[   18.244945] 
[   18.245461] The buggy address belongs to the physical page:
[   18.245893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   18.247086] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.247710] flags: 0x200000000000040(head|node=0|zone=2)
[   18.248336] page_type: f5(slab)
[   18.248926] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   18.249597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.250461] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   18.251620] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.252160] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   18.253059] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.254321] page dumped because: kasan: bad access detected
[   18.255640] 
[   18.256254] Memory state around the buggy address:
[   18.257031]  ffff888100344d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.258003]  ffff888100344e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.258419] >ffff888100344e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.258772]                                                           ^
[   18.261678]  ffff888100344f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.264187]  ffff888100344f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.264576] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ydqNQrhsJ2o3nRcu0jJt1pJPAN

job_id

TEST:linaro@lkft#2ydqSbVLJtfnoiVqBGRBZxOjffu

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ydqSbVLJtfnoiVqBGRBZxOjffu

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqPMPGuVJPcn1D8Y3KCmDNOXg/bzImage
sha256sum	05c6a85227d1e1a6c6c693a793fa53ba9f00416208a2562d45c58d329bf85dcb

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ydqPMPGuVJPcn1D8Y3KCmDNOXg/modules.tar.xz
sha256sum	52374c846bbd7392e4144d2522f592e5e135b33632071d46c9f4403fe0600d03

durations

tests

boot	0
kunit	437.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit