lkft/linux-stable-rc-linux-6.15.y - v6.15.3-589-g0e4c88a0cd37 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 24, 2025, 12:47 p.m.

Environment
qemu-arm64
qemu-x86_64

[   23.455190] ==================================================================
[   23.455339] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   23.455511] Write of size 1 at addr fff00000c19218eb by task kunit_try_catch/158
[   23.455755] 
[   23.455991] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.456366] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.456463] Hardware name: linux,dummy-virt (DT)
[   23.456614] Call trace:
[   23.456695]  show_stack+0x20/0x38 (C)
[   23.456821]  dump_stack_lvl+0x8c/0xd0
[   23.456952]  print_report+0x118/0x608
[   23.457940]  kasan_report+0xdc/0x128
[   23.458062]  __asan_report_store1_noabort+0x20/0x30
[   23.458244]  krealloc_more_oob_helper+0x60c/0x678
[   23.458362]  krealloc_more_oob+0x20/0x38
[   23.458509]  kunit_try_run_case+0x170/0x3f0
[   23.458637]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.458767]  kthread+0x328/0x630
[   23.458933]  ret_from_fork+0x10/0x20
[   23.459408] 
[   23.460244] Allocated by task 158:
[   23.460673]  kasan_save_stack+0x3c/0x68
[   23.460807]  kasan_save_track+0x20/0x40
[   23.460899]  kasan_save_alloc_info+0x40/0x58
[   23.462139]  __kasan_krealloc+0x118/0x178
[   23.462240]  krealloc_noprof+0x128/0x360
[   23.463468]  krealloc_more_oob_helper+0x168/0x678
[   23.463578]  krealloc_more_oob+0x20/0x38
[   23.464500]  kunit_try_run_case+0x170/0x3f0
[   23.465399]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.465523]  kthread+0x328/0x630
[   23.465609]  ret_from_fork+0x10/0x20
[   23.466725] 
[   23.466803] The buggy address belongs to the object at fff00000c1921800
[   23.466803]  which belongs to the cache kmalloc-256 of size 256
[   23.467353] The buggy address is located 0 bytes to the right of
[   23.467353]  allocated 235-byte region [fff00000c1921800, fff00000c19218eb)
[   23.467792] 
[   23.467898] The buggy address belongs to the physical page:
[   23.467977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101920
[   23.468129] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.468256] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.468490] page_type: f5(slab)
[   23.468872] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.469487] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.469635] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.469859] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.470167] head: 0bfffe0000000001 ffffc1ffc3064801 00000000ffffffff 00000000ffffffff
[   23.470825] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.471085] page dumped because: kasan: bad access detected
[   23.471800] 
[   23.471852] Memory state around the buggy address:
[   23.471926]  fff00000c1921780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.472781]  fff00000c1921800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.472915] >fff00000c1921880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.473520]                                                           ^
[   23.473638]  fff00000c1921900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.473745]  fff00000c1921980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.474611] ==================================================================
[   23.625752] ==================================================================
[   23.625840] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   23.625943] Write of size 1 at addr fff00000c77e20f0 by task kunit_try_catch/162
[   23.626056] 
[   23.626117] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.626309] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.626407] Hardware name: linux,dummy-virt (DT)
[   23.626499] Call trace:
[   23.626621]  show_stack+0x20/0x38 (C)
[   23.626760]  dump_stack_lvl+0x8c/0xd0
[   23.626889]  print_report+0x118/0x608
[   23.627107]  kasan_report+0xdc/0x128
[   23.627243]  __asan_report_store1_noabort+0x20/0x30
[   23.627474]  krealloc_more_oob_helper+0x5c0/0x678
[   23.627685]  krealloc_large_more_oob+0x20/0x38
[   23.627876]  kunit_try_run_case+0x170/0x3f0
[   23.628000]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.628215]  kthread+0x328/0x630
[   23.628351]  ret_from_fork+0x10/0x20
[   23.628530] 
[   23.628620] The buggy address belongs to the physical page:
[   23.628694] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   23.628814] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.628947] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.629211] page_type: f8(unknown)
[   23.629407] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.629679] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.629900] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.630402] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.630545] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   23.630669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.630841] page dumped because: kasan: bad access detected
[   23.630921] 
[   23.631167] Memory state around the buggy address:
[   23.631418]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.631666]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.631893] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.632268]                                                              ^
[   23.632376]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.632519]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.632618] ==================================================================
[   23.617820] ==================================================================
[   23.618013] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   23.618229] Write of size 1 at addr fff00000c77e20eb by task kunit_try_catch/162
[   23.618343] 
[   23.618430] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.618620] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.618683] Hardware name: linux,dummy-virt (DT)
[   23.618754] Call trace:
[   23.618803]  show_stack+0x20/0x38 (C)
[   23.618924]  dump_stack_lvl+0x8c/0xd0
[   23.619046]  print_report+0x118/0x608
[   23.619156]  kasan_report+0xdc/0x128
[   23.619262]  __asan_report_store1_noabort+0x20/0x30
[   23.619395]  krealloc_more_oob_helper+0x60c/0x678
[   23.619514]  krealloc_large_more_oob+0x20/0x38
[   23.619626]  kunit_try_run_case+0x170/0x3f0
[   23.619750]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.619878]  kthread+0x328/0x630
[   23.619993]  ret_from_fork+0x10/0x20
[   23.621830] 
[   23.621862] The buggy address belongs to the physical page:
[   23.621902] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   23.622025] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.622179] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.622306] page_type: f8(unknown)
[   23.622498] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.622629] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.622759] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.622883] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.623013] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   23.623343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.623605] page dumped because: kasan: bad access detected
[   23.623723] 
[   23.623799] Memory state around the buggy address:
[   23.623869]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.624051]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.624300] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   23.624471]                                                           ^
[   23.624575]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.624755]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.624864] ==================================================================
[   23.477065] ==================================================================
[   23.477171] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   23.477515] Write of size 1 at addr fff00000c19218f0 by task kunit_try_catch/158
[   23.477645] 
[   23.477725] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.478019] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.478286] Hardware name: linux,dummy-virt (DT)
[   23.478404] Call trace:
[   23.478474]  show_stack+0x20/0x38 (C)
[   23.478739]  dump_stack_lvl+0x8c/0xd0
[   23.478864]  print_report+0x118/0x608
[   23.478987]  kasan_report+0xdc/0x128
[   23.479294]  __asan_report_store1_noabort+0x20/0x30
[   23.479672]  krealloc_more_oob_helper+0x5c0/0x678
[   23.480015]  krealloc_more_oob+0x20/0x38
[   23.480130]  kunit_try_run_case+0x170/0x3f0
[   23.480270]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.480849]  kthread+0x328/0x630
[   23.481068]  ret_from_fork+0x10/0x20
[   23.481198] 
[   23.481260] Allocated by task 158:
[   23.481520]  kasan_save_stack+0x3c/0x68
[   23.481706]  kasan_save_track+0x20/0x40
[   23.481820]  kasan_save_alloc_info+0x40/0x58
[   23.482205]  __kasan_krealloc+0x118/0x178
[   23.482301]  krealloc_noprof+0x128/0x360
[   23.482829]  krealloc_more_oob_helper+0x168/0x678
[   23.483159]  krealloc_more_oob+0x20/0x38
[   23.483707]  kunit_try_run_case+0x170/0x3f0
[   23.483877]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.484001]  kthread+0x328/0x630
[   23.484139]  ret_from_fork+0x10/0x20
[   23.484240] 
[   23.484294] The buggy address belongs to the object at fff00000c1921800
[   23.484294]  which belongs to the cache kmalloc-256 of size 256
[   23.484573] The buggy address is located 5 bytes to the right of
[   23.484573]  allocated 235-byte region [fff00000c1921800, fff00000c19218eb)
[   23.485436] 
[   23.485718] The buggy address belongs to the physical page:
[   23.486020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101920
[   23.486279] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.486498] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.486669] page_type: f5(slab)
[   23.486769] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.486892] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.487018] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.487137] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.487257] head: 0bfffe0000000001 ffffc1ffc3064801 00000000ffffffff 00000000ffffffff
[   23.487375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.487493] page dumped because: kasan: bad access detected
[   23.487565] 
[   23.487605] Memory state around the buggy address:
[   23.487703]  fff00000c1921780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.487809]  fff00000c1921800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.487914] >fff00000c1921880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   23.488005]                                                              ^
[   23.488298]  fff00000c1921900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.488632]  fff00000c1921980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.488973] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHLQauKmmDRvn1GR1ZUkvl3N9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHLQauKmmDRvn1GR1ZUkvl3N9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/Image.gz
sha256sum	5f569b7032e517b4206d440631e131cb31d81d7f365d610fec12fc249e3ecc88

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/modules.tar.xz
sha256sum	9a32a6e401d68f3ff82d0c47495efa6c9203238907e9ea48aee314ec659ae3fc

durations

tests

boot	0
kunit	329.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.193498] ==================================================================
[   11.194339] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.195392] Write of size 1 at addr ffff888100aaaeeb by task kunit_try_catch/176
[   11.196419] 
[   11.196708] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.196811] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.196835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.196869] Call Trace:
[   11.196928]  <TASK>
[   11.197043]  dump_stack_lvl+0x73/0xb0
[   11.197110]  print_report+0xd1/0x650
[   11.197138]  ? __virt_addr_valid+0x1db/0x2d0
[   11.197162]  ? krealloc_more_oob_helper+0x821/0x930
[   11.197181]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.197202]  ? krealloc_more_oob_helper+0x821/0x930
[   11.197221]  kasan_report+0x141/0x180
[   11.197241]  ? krealloc_more_oob_helper+0x821/0x930
[   11.197264]  __asan_report_store1_noabort+0x1b/0x30
[   11.197287]  krealloc_more_oob_helper+0x821/0x930
[   11.197321]  ? __schedule+0x10cc/0x2b60
[   11.197354]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.197382]  ? finish_task_switch.isra.0+0x153/0x700
[   11.197414]  ? __switch_to+0x5d9/0xf60
[   11.197442]  ? dequeue_task_fair+0x166/0x4e0
[   11.197474]  ? __schedule+0x10cc/0x2b60
[   11.197503]  ? __pfx_read_tsc+0x10/0x10
[   11.197534]  krealloc_more_oob+0x1c/0x30
[   11.197559]  kunit_try_run_case+0x1a5/0x480
[   11.197593]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.197621]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.197669]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.197701]  ? __kthread_parkme+0x82/0x180
[   11.197731]  ? preempt_count_sub+0x50/0x80
[   11.197762]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.197793]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.197836]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.197857]  kthread+0x337/0x6f0
[   11.197874]  ? trace_preempt_on+0x20/0xc0
[   11.197898]  ? __pfx_kthread+0x10/0x10
[   11.197915]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.197936]  ? calculate_sigpending+0x7b/0xa0
[   11.197972]  ? __pfx_kthread+0x10/0x10
[   11.197990]  ret_from_fork+0x41/0x80
[   11.198010]  ? __pfx_kthread+0x10/0x10
[   11.198028]  ret_from_fork_asm+0x1a/0x30
[   11.198061]  </TASK>
[   11.198074] 
[   11.212074] Allocated by task 176:
[   11.212325]  kasan_save_stack+0x45/0x70
[   11.212742]  kasan_save_track+0x18/0x40
[   11.213053]  kasan_save_alloc_info+0x3b/0x50
[   11.213276]  __kasan_krealloc+0x190/0x1f0
[   11.213538]  krealloc_noprof+0xf3/0x340
[   11.214465]  krealloc_more_oob_helper+0x1a9/0x930
[   11.214999]  krealloc_more_oob+0x1c/0x30
[   11.215439]  kunit_try_run_case+0x1a5/0x480
[   11.215643]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.215899]  kthread+0x337/0x6f0
[   11.216046]  ret_from_fork+0x41/0x80
[   11.216229]  ret_from_fork_asm+0x1a/0x30
[   11.216963] 
[   11.217094] The buggy address belongs to the object at ffff888100aaae00
[   11.217094]  which belongs to the cache kmalloc-256 of size 256
[   11.218089] The buggy address is located 0 bytes to the right of
[   11.218089]  allocated 235-byte region [ffff888100aaae00, ffff888100aaaeeb)
[   11.219579] 
[   11.219806] The buggy address belongs to the physical page:
[   11.220191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa
[   11.220558] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.220897] flags: 0x200000000000040(head|node=0|zone=2)
[   11.221701] page_type: f5(slab)
[   11.221907] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.222686] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.223162] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.223493] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.223864] head: 0200000000000001 ffffea000402aa81 00000000ffffffff 00000000ffffffff
[   11.224338] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.224823] page dumped because: kasan: bad access detected
[   11.225195] 
[   11.225328] Memory state around the buggy address:
[   11.225546]  ffff888100aaad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.226743]  ffff888100aaae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.227283] >ffff888100aaae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.228395]                                                           ^
[   11.229013]  ffff888100aaaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.229356]  ffff888100aaaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.229891] ==================================================================
[   11.429564] ==================================================================
[   11.430201] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   11.431213] Write of size 1 at addr ffff8881028620eb by task kunit_try_catch/180
[   11.431937] 
[   11.432513] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.432676] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.432701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.432743] Call Trace:
[   11.432768]  <TASK>
[   11.432801]  dump_stack_lvl+0x73/0xb0
[   11.432857]  print_report+0xd1/0x650
[   11.432887]  ? __virt_addr_valid+0x1db/0x2d0
[   11.432918]  ? krealloc_more_oob_helper+0x821/0x930
[   11.432936]  ? kasan_addr_to_slab+0x11/0xa0
[   11.432955]  ? krealloc_more_oob_helper+0x821/0x930
[   11.432973]  kasan_report+0x141/0x180
[   11.432993]  ? krealloc_more_oob_helper+0x821/0x930
[   11.433016]  __asan_report_store1_noabort+0x1b/0x30
[   11.433035]  krealloc_more_oob_helper+0x821/0x930
[   11.433053]  ? __schedule+0x10cc/0x2b60
[   11.433074]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.433093]  ? finish_task_switch.isra.0+0x153/0x700
[   11.433116]  ? __switch_to+0x5d9/0xf60
[   11.433136]  ? dequeue_task_fair+0x166/0x4e0
[   11.433158]  ? __schedule+0x10cc/0x2b60
[   11.433178]  ? __pfx_read_tsc+0x10/0x10
[   11.433199]  krealloc_large_more_oob+0x1c/0x30
[   11.433217]  kunit_try_run_case+0x1a5/0x480
[   11.433241]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.433261]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.433327]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.433373]  ? __kthread_parkme+0x82/0x180
[   11.433407]  ? preempt_count_sub+0x50/0x80
[   11.433439]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.433470]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.433503]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.433532]  kthread+0x337/0x6f0
[   11.433568]  ? trace_preempt_on+0x20/0xc0
[   11.433603]  ? __pfx_kthread+0x10/0x10
[   11.433647]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.433680]  ? calculate_sigpending+0x7b/0xa0
[   11.433731]  ? __pfx_kthread+0x10/0x10
[   11.433763]  ret_from_fork+0x41/0x80
[   11.433784]  ? __pfx_kthread+0x10/0x10
[   11.433801]  ret_from_fork_asm+0x1a/0x30
[   11.433831]  </TASK>
[   11.433844] 
[   11.446695] The buggy address belongs to the physical page:
[   11.447171] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860
[   11.447946] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.448275] flags: 0x200000000000040(head|node=0|zone=2)
[   11.448732] page_type: f8(unknown)
[   11.449199] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.450112] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.450582] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.451137] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.451647] head: 0200000000000002 ffffea00040a1801 00000000ffffffff 00000000ffffffff
[   11.452499] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.452877] page dumped because: kasan: bad access detected
[   11.453684] 
[   11.453785] Memory state around the buggy address:
[   11.454088]  ffff888102861f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.454768]  ffff888102862000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.455251] >ffff888102862080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.455578]                                                           ^
[   11.456106]  ffff888102862100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.456665]  ffff888102862180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.457133] ==================================================================
[   11.230732] ==================================================================
[   11.231037] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.231615] Write of size 1 at addr ffff888100aaaef0 by task kunit_try_catch/176
[   11.232963] 
[   11.233275] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.233478] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.233501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.233538] Call Trace:
[   11.233570]  <TASK>
[   11.233596]  dump_stack_lvl+0x73/0xb0
[   11.233656]  print_report+0xd1/0x650
[   11.233681]  ? __virt_addr_valid+0x1db/0x2d0
[   11.233702]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.233720]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.233742]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.233770]  kasan_report+0x141/0x180
[   11.233790]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.233812]  __asan_report_store1_noabort+0x1b/0x30
[   11.233831]  krealloc_more_oob_helper+0x7eb/0x930
[   11.233848]  ? __schedule+0x10cc/0x2b60
[   11.233879]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.233903]  ? finish_task_switch.isra.0+0x153/0x700
[   11.233926]  ? __switch_to+0x5d9/0xf60
[   11.233956]  ? dequeue_task_fair+0x166/0x4e0
[   11.233982]  ? __schedule+0x10cc/0x2b60
[   11.234003]  ? __pfx_read_tsc+0x10/0x10
[   11.234025]  krealloc_more_oob+0x1c/0x30
[   11.234044]  kunit_try_run_case+0x1a5/0x480
[   11.234069]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.234088]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.234110]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.234131]  ? __kthread_parkme+0x82/0x180
[   11.234150]  ? preempt_count_sub+0x50/0x80
[   11.234172]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.234192]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.234213]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.234233]  kthread+0x337/0x6f0
[   11.234249]  ? trace_preempt_on+0x20/0xc0
[   11.234271]  ? __pfx_kthread+0x10/0x10
[   11.234319]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.234360]  ? calculate_sigpending+0x7b/0xa0
[   11.234391]  ? __pfx_kthread+0x10/0x10
[   11.234417]  ret_from_fork+0x41/0x80
[   11.234445]  ? __pfx_kthread+0x10/0x10
[   11.234469]  ret_from_fork_asm+0x1a/0x30
[   11.234511]  </TASK>
[   11.234529] 
[   11.246055] Allocated by task 176:
[   11.246456]  kasan_save_stack+0x45/0x70
[   11.246914]  kasan_save_track+0x18/0x40
[   11.247231]  kasan_save_alloc_info+0x3b/0x50
[   11.247579]  __kasan_krealloc+0x190/0x1f0
[   11.247867]  krealloc_noprof+0xf3/0x340
[   11.248126]  krealloc_more_oob_helper+0x1a9/0x930
[   11.248440]  krealloc_more_oob+0x1c/0x30
[   11.248819]  kunit_try_run_case+0x1a5/0x480
[   11.249166]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.249796]  kthread+0x337/0x6f0
[   11.250097]  ret_from_fork+0x41/0x80
[   11.250317]  ret_from_fork_asm+0x1a/0x30
[   11.250665] 
[   11.250841] The buggy address belongs to the object at ffff888100aaae00
[   11.250841]  which belongs to the cache kmalloc-256 of size 256
[   11.251363] The buggy address is located 5 bytes to the right of
[   11.251363]  allocated 235-byte region [ffff888100aaae00, ffff888100aaaeeb)
[   11.252422] 
[   11.252902] The buggy address belongs to the physical page:
[   11.253529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa
[   11.254481] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.254989] flags: 0x200000000000040(head|node=0|zone=2)
[   11.255384] page_type: f5(slab)
[   11.255708] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.256378] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.257750] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.258135] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.258670] head: 0200000000000001 ffffea000402aa81 00000000ffffffff 00000000ffffffff
[   11.259066] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.259352] page dumped because: kasan: bad access detected
[   11.260173] 
[   11.260278] Memory state around the buggy address:
[   11.260823]  ffff888100aaad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.261779]  ffff888100aaae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.262110] >ffff888100aaae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   11.262729]                                                              ^
[   11.262987]  ffff888100aaaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.263149]  ffff888100aaaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.263273] ==================================================================
[   11.458049] ==================================================================
[   11.458328] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.459430] Write of size 1 at addr ffff8881028620f0 by task kunit_try_catch/180
[   11.460029] 
[   11.460189] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.460265] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.460280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.460315] Call Trace:
[   11.460354]  <TASK>
[   11.460386]  dump_stack_lvl+0x73/0xb0
[   11.460420]  print_report+0xd1/0x650
[   11.460444]  ? __virt_addr_valid+0x1db/0x2d0
[   11.460465]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.460483]  ? kasan_addr_to_slab+0x11/0xa0
[   11.460502]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.460520]  kasan_report+0x141/0x180
[   11.460543]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.460583]  __asan_report_store1_noabort+0x1b/0x30
[   11.461014]  krealloc_more_oob_helper+0x7eb/0x930
[   11.461172]  ? __schedule+0x10cc/0x2b60
[   11.461226]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.461268]  ? finish_task_switch.isra.0+0x153/0x700
[   11.461306]  ? __switch_to+0x5d9/0xf60
[   11.461342]  ? dequeue_task_fair+0x166/0x4e0
[   11.461379]  ? __schedule+0x10cc/0x2b60
[   11.461411]  ? __pfx_read_tsc+0x10/0x10
[   11.461445]  krealloc_large_more_oob+0x1c/0x30
[   11.461474]  kunit_try_run_case+0x1a5/0x480
[   11.461507]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.461534]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.461566]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.461598]  ? __kthread_parkme+0x82/0x180
[   11.461648]  ? preempt_count_sub+0x50/0x80
[   11.461683]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.461713]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.461747]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.461778]  kthread+0x337/0x6f0
[   11.461804]  ? trace_preempt_on+0x20/0xc0
[   11.461833]  ? __pfx_kthread+0x10/0x10
[   11.461857]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.461889]  ? calculate_sigpending+0x7b/0xa0
[   11.461920]  ? __pfx_kthread+0x10/0x10
[   11.461990]  ret_from_fork+0x41/0x80
[   11.462045]  ? __pfx_kthread+0x10/0x10
[   11.462087]  ret_from_fork_asm+0x1a/0x30
[   11.462166]  </TASK>
[   11.462204] 
[   11.474964] The buggy address belongs to the physical page:
[   11.475328] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860
[   11.476603] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.476848] flags: 0x200000000000040(head|node=0|zone=2)
[   11.477218] page_type: f8(unknown)
[   11.477419] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.477790] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.478191] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.478505] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.479180] head: 0200000000000002 ffffea00040a1801 00000000ffffffff 00000000ffffffff
[   11.479474] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.479984] page dumped because: kasan: bad access detected
[   11.480272] 
[   11.480404] Memory state around the buggy address:
[   11.481491]  ffff888102861f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.481778]  ffff888102862000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.482180] >ffff888102862080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.482711]                                                              ^
[   11.483050]  ffff888102862100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.483611]  ffff888102862180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.484045] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHMkevU93EIqRtXZQ3tGY4itd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHMkevU93EIqRtXZQ3tGY4itd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/bzImage
sha256sum	453ec96a6544da365eca74576dbe75de49d576db4e04b528c27ab9d3cb251d29

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/modules.tar.xz
sha256sum	52055fb894ed1f3fdb3335393e3f2e81da91906b8281f913fc0885beb5e85fa3

durations

tests

boot	0
kunit	331.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit