lkft/linux-stable-rc-linux-6.15.y - v6.15.3-593-gde19bfa00d6f - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 23, 2025, 1:39 p.m.

Environment
qemu-arm64
qemu-x86_64

[   24.394501] ==================================================================
[   24.394694] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   24.394855] Write of size 1 at addr fff00000c772e0f0 by task kunit_try_catch/162
[   24.395065] 
[   24.395152] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   24.395422] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.395501] Hardware name: linux,dummy-virt (DT)
[   24.395584] Call trace:
[   24.395645]  show_stack+0x20/0x38 (C)
[   24.395768]  dump_stack_lvl+0x8c/0xd0
[   24.395933]  print_report+0x118/0x608
[   24.396223]  kasan_report+0xdc/0x128
[   24.396700]  __asan_report_store1_noabort+0x20/0x30
[   24.397647]  krealloc_more_oob_helper+0x5c0/0x678
[   24.397996]  krealloc_large_more_oob+0x20/0x38
[   24.398470]  kunit_try_run_case+0x170/0x3f0
[   24.398960]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.399843]  kthread+0x328/0x630
[   24.399984]  ret_from_fork+0x10/0x20
[   24.400143] 
[   24.400196] The buggy address belongs to the physical page:
[   24.400297] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10772c
[   24.400448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.400758] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.401038] page_type: f8(unknown)
[   24.401197] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.401406] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.401699] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.401842] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.401974] head: 0bfffe0000000002 ffffc1ffc31dcb01 00000000ffffffff 00000000ffffffff
[   24.402090] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.402180] page dumped because: kasan: bad access detected
[   24.402249] 
[   24.402322] Memory state around the buggy address:
[   24.402463]  fff00000c772df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.402676]  fff00000c772e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.402841] >fff00000c772e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.402937]                                                              ^
[   24.403050]  fff00000c772e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.403198]  fff00000c772e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.403287] ==================================================================
[   24.385328] ==================================================================
[   24.385509] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   24.385645] Write of size 1 at addr fff00000c772e0eb by task kunit_try_catch/162
[   24.385766] 
[   24.385897] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   24.386189] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.386264] Hardware name: linux,dummy-virt (DT)
[   24.386383] Call trace:
[   24.386463]  show_stack+0x20/0x38 (C)
[   24.386619]  dump_stack_lvl+0x8c/0xd0
[   24.386756]  print_report+0x118/0x608
[   24.386886]  kasan_report+0xdc/0x128
[   24.387014]  __asan_report_store1_noabort+0x20/0x30
[   24.387303]  krealloc_more_oob_helper+0x60c/0x678
[   24.387478]  krealloc_large_more_oob+0x20/0x38
[   24.387821]  kunit_try_run_case+0x170/0x3f0
[   24.387944]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.388072]  kthread+0x328/0x630
[   24.388223]  ret_from_fork+0x10/0x20
[   24.388481] 
[   24.388533] The buggy address belongs to the physical page:
[   24.388677] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10772c
[   24.389027] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.389141] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.389277] page_type: f8(unknown)
[   24.389372] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.389526] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.389946] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   24.390088] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   24.390453] head: 0bfffe0000000002 ffffc1ffc31dcb01 00000000ffffffff 00000000ffffffff
[   24.390701] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.390872] page dumped because: kasan: bad access detected
[   24.391028] 
[   24.391410] Memory state around the buggy address:
[   24.391515]  fff00000c772df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.391977]  fff00000c772e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.392278] >fff00000c772e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   24.392902]                                                           ^
[   24.393041]  fff00000c772e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.393159]  fff00000c772e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.393444] ==================================================================
[   24.272526] ==================================================================
[   24.272788] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   24.273070] Write of size 1 at addr fff00000c44aaaf0 by task kunit_try_catch/158
[   24.273405] 
[   24.273486] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   24.273723] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.273973] Hardware name: linux,dummy-virt (DT)
[   24.274275] Call trace:
[   24.274336]  show_stack+0x20/0x38 (C)
[   24.274526]  dump_stack_lvl+0x8c/0xd0
[   24.275020]  print_report+0x118/0x608
[   24.275161]  kasan_report+0xdc/0x128
[   24.275321]  __asan_report_store1_noabort+0x20/0x30
[   24.275467]  krealloc_more_oob_helper+0x5c0/0x678
[   24.275590]  krealloc_more_oob+0x20/0x38
[   24.275884]  kunit_try_run_case+0x170/0x3f0
[   24.276003]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.276513]  kthread+0x328/0x630
[   24.276655]  ret_from_fork+0x10/0x20
[   24.276790] 
[   24.276946] Allocated by task 158:
[   24.277052]  kasan_save_stack+0x3c/0x68
[   24.277497]  kasan_save_track+0x20/0x40
[   24.277740]  kasan_save_alloc_info+0x40/0x58
[   24.278187]  __kasan_krealloc+0x118/0x178
[   24.278561]  krealloc_noprof+0x128/0x360
[   24.278774]  krealloc_more_oob_helper+0x168/0x678
[   24.278960]  krealloc_more_oob+0x20/0x38
[   24.279081]  kunit_try_run_case+0x170/0x3f0
[   24.279182]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.279328]  kthread+0x328/0x630
[   24.279442]  ret_from_fork+0x10/0x20
[   24.279547] 
[   24.279777] The buggy address belongs to the object at fff00000c44aaa00
[   24.279777]  which belongs to the cache kmalloc-256 of size 256
[   24.279925] The buggy address is located 5 bytes to the right of
[   24.279925]  allocated 235-byte region [fff00000c44aaa00, fff00000c44aaaeb)
[   24.280083] 
[   24.280140] The buggy address belongs to the physical page:
[   24.280221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044aa
[   24.280358] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.280505] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.280852] page_type: f5(slab)
[   24.281026] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.281294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.281501] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.281840] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.281994] head: 0bfffe0000000001 ffffc1ffc3112a81 00000000ffffffff 00000000ffffffff
[   24.282276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.282405] page dumped because: kasan: bad access detected
[   24.282490] 
[   24.282541] Memory state around the buggy address:
[   24.282668]  fff00000c44aa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.282782]  fff00000c44aaa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.282895] >fff00000c44aaa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.282995]                                                              ^
[   24.283268]  fff00000c44aab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.283409]  fff00000c44aab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.283544] ==================================================================
[   24.256636] ==================================================================
[   24.256879] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   24.257112] Write of size 1 at addr fff00000c44aaaeb by task kunit_try_catch/158
[   24.257553] 
[   24.257800] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT 
[   24.258012] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.258077] Hardware name: linux,dummy-virt (DT)
[   24.258152] Call trace:
[   24.258212]  show_stack+0x20/0x38 (C)
[   24.258454]  dump_stack_lvl+0x8c/0xd0
[   24.258688]  print_report+0x118/0x608
[   24.258814]  kasan_report+0xdc/0x128
[   24.259330]  __asan_report_store1_noabort+0x20/0x30
[   24.259725]  krealloc_more_oob_helper+0x60c/0x678
[   24.259903]  krealloc_more_oob+0x20/0x38
[   24.260131]  kunit_try_run_case+0x170/0x3f0
[   24.260354]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.260514]  kthread+0x328/0x630
[   24.260636]  ret_from_fork+0x10/0x20
[   24.260775] 
[   24.260829] Allocated by task 158:
[   24.260907]  kasan_save_stack+0x3c/0x68
[   24.261526]  kasan_save_track+0x20/0x40
[   24.261939]  kasan_save_alloc_info+0x40/0x58
[   24.262629]  __kasan_krealloc+0x118/0x178
[   24.263045]  krealloc_noprof+0x128/0x360
[   24.263300]  krealloc_more_oob_helper+0x168/0x678
[   24.263411]  krealloc_more_oob+0x20/0x38
[   24.263499]  kunit_try_run_case+0x170/0x3f0
[   24.263618]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.263727]  kthread+0x328/0x630
[   24.263828]  ret_from_fork+0x10/0x20
[   24.263922] 
[   24.264040] The buggy address belongs to the object at fff00000c44aaa00
[   24.264040]  which belongs to the cache kmalloc-256 of size 256
[   24.264214] The buggy address is located 0 bytes to the right of
[   24.264214]  allocated 235-byte region [fff00000c44aaa00, fff00000c44aaaeb)
[   24.264629] 
[   24.264742] The buggy address belongs to the physical page:
[   24.264820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044aa
[   24.264944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.265069] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   24.265419] page_type: f5(slab)
[   24.265807] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.265998] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.266125] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   24.266263] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.266423] head: 0bfffe0000000001 ffffc1ffc3112a81 00000000ffffffff 00000000ffffffff
[   24.266541] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.266882] page dumped because: kasan: bad access detected
[   24.267028] 
[   24.267074] Memory state around the buggy address:
[   24.267151]  fff00000c44aa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.267270]  fff00000c44aaa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.267452] >fff00000c44aaa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   24.267598]                                                           ^
[   24.268030]  fff00000c44aab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.268158]  fff00000c44aab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.268252] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYT6Pinx8XSymaWNp6cpzl3Cl

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYT6Pinx8XSymaWNp6cpzl3Cl

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/Image.gz
sha256sum	57e05c75085917e237c36a1c6300a885b5a4018f7a22df0831ee3761434117fe

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYPcCNuYU3512XWsLz2H3rgWp/modules.tar.xz
sha256sum	08df30bc44d3238a22959b8095bcf790b77fb8886fd1b3a26e269eaac34e9502

durations

tests

boot	0
kunit	345.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   16.701907] ==================================================================
[   16.702799] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   16.703641] Write of size 1 at addr ffff888102bee0eb by task kunit_try_catch/181
[   16.704780] 
[   16.705629] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   16.705772] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.705809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.705866] Call Trace:
[   16.705908]  <TASK>
[   16.705956]  dump_stack_lvl+0x73/0xb0
[   16.706036]  print_report+0xd1/0x650
[   16.706114]  ? __virt_addr_valid+0x1db/0x2d0
[   16.706151]  ? krealloc_more_oob_helper+0x821/0x930
[   16.706182]  ? kasan_addr_to_slab+0x11/0xa0
[   16.706218]  ? krealloc_more_oob_helper+0x821/0x930
[   16.706275]  kasan_report+0x141/0x180
[   16.706311]  ? krealloc_more_oob_helper+0x821/0x930
[   16.706347]  __asan_report_store1_noabort+0x1b/0x30
[   16.706379]  krealloc_more_oob_helper+0x821/0x930
[   16.706406]  ? __schedule+0x10cc/0x2b60
[   16.706441]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.706471]  ? finish_task_switch.isra.0+0x153/0x700
[   16.706506]  ? __switch_to+0x5d9/0xf60
[   16.706535]  ? dequeue_task_fair+0x166/0x4e0
[   16.706569]  ? __schedule+0x10cc/0x2b60
[   16.706621]  ? __pfx_read_tsc+0x10/0x10
[   16.706704]  krealloc_large_more_oob+0x1c/0x30
[   16.706755]  kunit_try_run_case+0x1a5/0x480
[   16.706794]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.706828]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.706862]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.706896]  ? __kthread_parkme+0x82/0x180
[   16.706928]  ? preempt_count_sub+0x50/0x80
[   16.706963]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.706998]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.707030]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.707064]  kthread+0x337/0x6f0
[   16.707087]  ? trace_preempt_on+0x20/0xc0
[   16.707121]  ? __pfx_kthread+0x10/0x10
[   16.707146]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.707177]  ? calculate_sigpending+0x7b/0xa0
[   16.707209]  ? __pfx_kthread+0x10/0x10
[   16.707263]  ret_from_fork+0x41/0x80
[   16.707297]  ? __pfx_kthread+0x10/0x10
[   16.707322]  ret_from_fork_asm+0x1a/0x30
[   16.707365]  </TASK>
[   16.707381] 
[   16.726561] The buggy address belongs to the physical page:
[   16.727301] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bec
[   16.728172] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.728971] flags: 0x200000000000040(head|node=0|zone=2)
[   16.729404] page_type: f8(unknown)
[   16.730134] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.731005] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.731947] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.732665] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.733585] head: 0200000000000002 ffffea00040afb01 00000000ffffffff 00000000ffffffff
[   16.734211] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.735191] page dumped because: kasan: bad access detected
[   16.735863] 
[   16.736076] Memory state around the buggy address:
[   16.737011]  ffff888102bedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.737810]  ffff888102bee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.738379] >ffff888102bee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.739173]                                                           ^
[   16.739924]  ffff888102bee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.740557]  ffff888102bee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.741122] ==================================================================
[   16.353168] ==================================================================
[   16.354344] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   16.355196] Write of size 1 at addr ffff888100a0feeb by task kunit_try_catch/177
[   16.356037] 
[   16.356380] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   16.356536] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.356993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.357055] Call Trace:
[   16.357092]  <TASK>
[   16.357134]  dump_stack_lvl+0x73/0xb0
[   16.357245]  print_report+0xd1/0x650
[   16.357327]  ? __virt_addr_valid+0x1db/0x2d0
[   16.357397]  ? krealloc_more_oob_helper+0x821/0x930
[   16.357429]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.357462]  ? krealloc_more_oob_helper+0x821/0x930
[   16.357491]  kasan_report+0x141/0x180
[   16.357525]  ? krealloc_more_oob_helper+0x821/0x930
[   16.357561]  __asan_report_store1_noabort+0x1b/0x30
[   16.357590]  krealloc_more_oob_helper+0x821/0x930
[   16.357696]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.357775]  ? irqentry_exit+0x2a/0x60
[   16.357808]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.357852]  ? __pfx_krealloc_more_oob+0x10/0x10
[   16.357883]  krealloc_more_oob+0x1c/0x30
[   16.357909]  kunit_try_run_case+0x1a5/0x480
[   16.357945]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.357978]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.358012]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.358044]  ? __kthread_parkme+0x82/0x180
[   16.358074]  ? preempt_count_sub+0x50/0x80
[   16.358109]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.358142]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.358175]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.358208]  kthread+0x337/0x6f0
[   16.358261]  ? trace_preempt_on+0x20/0xc0
[   16.358298]  ? __pfx_kthread+0x10/0x10
[   16.358322]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.358353]  ? calculate_sigpending+0x7b/0xa0
[   16.358382]  ? __pfx_kthread+0x10/0x10
[   16.358405]  ret_from_fork+0x41/0x80
[   16.358435]  ? __pfx_kthread+0x10/0x10
[   16.358459]  ret_from_fork_asm+0x1a/0x30
[   16.358501]  </TASK>
[   16.358515] 
[   16.378437] Allocated by task 177:
[   16.378798]  kasan_save_stack+0x45/0x70
[   16.379345]  kasan_save_track+0x18/0x40
[   16.379757]  kasan_save_alloc_info+0x3b/0x50
[   16.380557]  __kasan_krealloc+0x190/0x1f0
[   16.380902]  krealloc_noprof+0xf3/0x340
[   16.381789]  krealloc_more_oob_helper+0x1a9/0x930
[   16.382226]  krealloc_more_oob+0x1c/0x30
[   16.382569]  kunit_try_run_case+0x1a5/0x480
[   16.383046]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.383533]  kthread+0x337/0x6f0
[   16.383946]  ret_from_fork+0x41/0x80
[   16.384519]  ret_from_fork_asm+0x1a/0x30
[   16.385353] 
[   16.385572] The buggy address belongs to the object at ffff888100a0fe00
[   16.385572]  which belongs to the cache kmalloc-256 of size 256
[   16.387007] The buggy address is located 0 bytes to the right of
[   16.387007]  allocated 235-byte region [ffff888100a0fe00, ffff888100a0feeb)
[   16.388245] 
[   16.388512] The buggy address belongs to the physical page:
[   16.389337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a0e
[   16.390548] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.391223] flags: 0x200000000000040(head|node=0|zone=2)
[   16.391728] page_type: f5(slab)
[   16.392060] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.393306] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.394029] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.395185] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.395907] head: 0200000000000001 ffffea0004028381 00000000ffffffff 00000000ffffffff
[   16.396779] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.397391] page dumped because: kasan: bad access detected
[   16.398266] 
[   16.398431] Memory state around the buggy address:
[   16.399247]  ffff888100a0fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.400450]  ffff888100a0fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.401161] >ffff888100a0fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.401839]                                                           ^
[   16.402885]  ffff888100a0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.403505]  ffff888100a0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.404335] ==================================================================
[   16.742085] ==================================================================
[   16.743074] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   16.743850] Write of size 1 at addr ffff888102bee0f0 by task kunit_try_catch/181
[   16.744471] 
[   16.744916] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   16.745034] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.745069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.745125] Call Trace:
[   16.745175]  <TASK>
[   16.745285]  dump_stack_lvl+0x73/0xb0
[   16.745364]  print_report+0xd1/0x650
[   16.745437]  ? __virt_addr_valid+0x1db/0x2d0
[   16.745509]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.745577]  ? kasan_addr_to_slab+0x11/0xa0
[   16.745803]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.745872]  kasan_report+0x141/0x180
[   16.745977]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.746064]  __asan_report_store1_noabort+0x1b/0x30
[   16.746133]  krealloc_more_oob_helper+0x7eb/0x930
[   16.746194]  ? __schedule+0x10cc/0x2b60
[   16.746265]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.746315]  ? finish_task_switch.isra.0+0x153/0x700
[   16.746354]  ? __switch_to+0x5d9/0xf60
[   16.746382]  ? dequeue_task_fair+0x166/0x4e0
[   16.746415]  ? __schedule+0x10cc/0x2b60
[   16.746446]  ? __pfx_read_tsc+0x10/0x10
[   16.746478]  krealloc_large_more_oob+0x1c/0x30
[   16.746506]  kunit_try_run_case+0x1a5/0x480
[   16.746542]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.746574]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.746671]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.746758]  ? __kthread_parkme+0x82/0x180
[   16.746836]  ? preempt_count_sub+0x50/0x80
[   16.746976]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.747049]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.747087]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.747121]  kthread+0x337/0x6f0
[   16.747144]  ? trace_preempt_on+0x20/0xc0
[   16.747180]  ? __pfx_kthread+0x10/0x10
[   16.747204]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.747273]  ? calculate_sigpending+0x7b/0xa0
[   16.747307]  ? __pfx_kthread+0x10/0x10
[   16.747333]  ret_from_fork+0x41/0x80
[   16.747364]  ? __pfx_kthread+0x10/0x10
[   16.747389]  ret_from_fork_asm+0x1a/0x30
[   16.747431]  </TASK>
[   16.747444] 
[   16.766921] The buggy address belongs to the physical page:
[   16.767934] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bec
[   16.768767] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.769505] flags: 0x200000000000040(head|node=0|zone=2)
[   16.770145] page_type: f8(unknown)
[   16.770546] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.771353] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.772001] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.772920] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.773803] head: 0200000000000002 ffffea00040afb01 00000000ffffffff 00000000ffffffff
[   16.774450] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.775324] page dumped because: kasan: bad access detected
[   16.775904] 
[   16.776083] Memory state around the buggy address:
[   16.776551]  ffff888102bedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.777342]  ffff888102bee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.778045] >ffff888102bee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   16.778558]                                                              ^
[   16.779103]  ffff888102bee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.779726]  ffff888102bee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.780797] ==================================================================
[   16.406626] ==================================================================
[   16.407187] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   16.408059] Write of size 1 at addr ffff888100a0fef0 by task kunit_try_catch/177
[   16.409438] 
[   16.409992] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc1 #1 PREEMPT(voluntary) 
[   16.410076] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.410106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.410139] Call Trace:
[   16.410157]  <TASK>
[   16.410176]  dump_stack_lvl+0x73/0xb0
[   16.410212]  print_report+0xd1/0x650
[   16.410244]  ? __virt_addr_valid+0x1db/0x2d0
[   16.410274]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.410302]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.410333]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.410360]  kasan_report+0x141/0x180
[   16.410390]  ? krealloc_more_oob_helper+0x7eb/0x930
[   16.410424]  __asan_report_store1_noabort+0x1b/0x30
[   16.410452]  krealloc_more_oob_helper+0x7eb/0x930
[   16.410482]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.410509]  ? irqentry_exit+0x2a/0x60
[   16.410533]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.410576]  ? __pfx_krealloc_more_oob+0x10/0x10
[   16.410666]  krealloc_more_oob+0x1c/0x30
[   16.410737]  kunit_try_run_case+0x1a5/0x480
[   16.410823]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.410937]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.411020]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.411112]  ? __kthread_parkme+0x82/0x180
[   16.411184]  ? preempt_count_sub+0x50/0x80
[   16.411271]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.411313]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.411348]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.411384]  kthread+0x337/0x6f0
[   16.411407]  ? trace_preempt_on+0x20/0xc0
[   16.411442]  ? __pfx_kthread+0x10/0x10
[   16.411466]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.411497]  ? calculate_sigpending+0x7b/0xa0
[   16.411529]  ? __pfx_kthread+0x10/0x10
[   16.411556]  ret_from_fork+0x41/0x80
[   16.411587]  ? __pfx_kthread+0x10/0x10
[   16.411678]  ret_from_fork_asm+0x1a/0x30
[   16.411782]  </TASK>
[   16.411799] 
[   16.431978] Allocated by task 177:
[   16.432448]  kasan_save_stack+0x45/0x70
[   16.433088]  kasan_save_track+0x18/0x40
[   16.434014]  kasan_save_alloc_info+0x3b/0x50
[   16.434679]  __kasan_krealloc+0x190/0x1f0
[   16.435083]  krealloc_noprof+0xf3/0x340
[   16.435508]  krealloc_more_oob_helper+0x1a9/0x930
[   16.435964]  krealloc_more_oob+0x1c/0x30
[   16.436594]  kunit_try_run_case+0x1a5/0x480
[   16.437185]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.438105]  kthread+0x337/0x6f0
[   16.438559]  ret_from_fork+0x41/0x80
[   16.439157]  ret_from_fork_asm+0x1a/0x30
[   16.439799] 
[   16.440073] The buggy address belongs to the object at ffff888100a0fe00
[   16.440073]  which belongs to the cache kmalloc-256 of size 256
[   16.441204] The buggy address is located 5 bytes to the right of
[   16.441204]  allocated 235-byte region [ffff888100a0fe00, ffff888100a0feeb)
[   16.442828] 
[   16.443108] The buggy address belongs to the physical page:
[   16.443587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a0e
[   16.444489] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.445288] flags: 0x200000000000040(head|node=0|zone=2)
[   16.446136] page_type: f5(slab)
[   16.446548] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.447372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.448231] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.448973] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.449714] head: 0200000000000001 ffffea0004028381 00000000ffffffff 00000000ffffffff
[   16.451030] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.451498] page dumped because: kasan: bad access detected
[   16.452273] 
[   16.452644] Memory state around the buggy address:
[   16.453161]  ffff888100a0fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.454254]  ffff888100a0fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.454956] >ffff888100a0fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.455558]                                                              ^
[   16.456342]  ffff888100a0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.457132]  ffff888100a0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.458139] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yuYOT8mFhi7537nwLqDo4m2CnP

job_id

TEST:linaro@lkft#2yuYUHT0D3sQNOGwBtcXKr5K4Y5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yuYUHT0D3sQNOGwBtcXKr5K4Y5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/bzImage
sha256sum	464d852aa65e55fe849c2032fadc39c92d3f1038148deeeb5153bf785edfb3cb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yuYQaX6toQ86UpOxnubrfhy9Fg/modules.tar.xz
sha256sum	48ba027071f05b733fc6db58a63b00001d03de4c8de4a7d017582fc3ae9eedfe

durations

tests

boot	0
kunit	357.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit