lkft/linux-stable-rc-linux-6.15.y - v6.15.5-179-gb283c37b8f14 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 8, 2025, 4:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.707757] ==================================================================
[   17.708219] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.708390] Write of size 1 at addr fff00000c4480aeb by task kunit_try_catch/158
[   17.708441] 
[   17.708577] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.708718] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.708747] Hardware name: linux,dummy-virt (DT)
[   17.708777] Call trace:
[   17.708817]  show_stack+0x20/0x38 (C)
[   17.708953]  dump_stack_lvl+0x8c/0xd0
[   17.709001]  print_report+0x118/0x608
[   17.709045]  kasan_report+0xdc/0x128
[   17.709088]  __asan_report_store1_noabort+0x20/0x30
[   17.709889]  krealloc_more_oob_helper+0x60c/0x678
[   17.710016]  krealloc_more_oob+0x20/0x38
[   17.710119]  kunit_try_run_case+0x170/0x3f0
[   17.710167]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.710260]  kthread+0x328/0x630
[   17.710488]  ret_from_fork+0x10/0x20
[   17.710628] 
[   17.710647] Allocated by task 158:
[   17.710718]  kasan_save_stack+0x3c/0x68
[   17.710852]  kasan_save_track+0x20/0x40
[   17.710888]  kasan_save_alloc_info+0x40/0x58
[   17.710925]  __kasan_krealloc+0x118/0x178
[   17.710975]  krealloc_noprof+0x128/0x360
[   17.711013]  krealloc_more_oob_helper+0x168/0x678
[   17.711058]  krealloc_more_oob+0x20/0x38
[   17.711113]  kunit_try_run_case+0x170/0x3f0
[   17.711251]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.711345]  kthread+0x328/0x630
[   17.711382]  ret_from_fork+0x10/0x20
[   17.711417] 
[   17.711458] The buggy address belongs to the object at fff00000c4480a00
[   17.711458]  which belongs to the cache kmalloc-256 of size 256
[   17.711516] The buggy address is located 0 bytes to the right of
[   17.711516]  allocated 235-byte region [fff00000c4480a00, fff00000c4480aeb)
[   17.711577] 
[   17.711850] The buggy address belongs to the physical page:
[   17.711968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480
[   17.712162] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.712417] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.712508] page_type: f5(slab)
[   17.712844] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.712965] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.713013] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.713262] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.713371] head: 0bfffe0000000001 ffffc1ffc3112001 00000000ffffffff 00000000ffffffff
[   17.713655] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.713703] page dumped because: kasan: bad access detected
[   17.713734] 
[   17.713752] Memory state around the buggy address:
[   17.713825]  fff00000c4480980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.713867]  fff00000c4480a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.713907] >fff00000c4480a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.714202]                                                           ^
[   17.714244]  fff00000c4480b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.714285]  fff00000c4480b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.714321] ==================================================================
[   17.766884] ==================================================================
[   17.766930] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.766975] Write of size 1 at addr fff00000c784a0f0 by task kunit_try_catch/162
[   17.767023] 
[   17.767051] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.767128] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.767154] Hardware name: linux,dummy-virt (DT)
[   17.767190] Call trace:
[   17.767285]  show_stack+0x20/0x38 (C)
[   17.767637]  dump_stack_lvl+0x8c/0xd0
[   17.767827]  print_report+0x118/0x608
[   17.768002]  kasan_report+0xdc/0x128
[   17.768182]  __asan_report_store1_noabort+0x20/0x30
[   17.768514]  krealloc_more_oob_helper+0x5c0/0x678
[   17.768565]  krealloc_large_more_oob+0x20/0x38
[   17.768611]  kunit_try_run_case+0x170/0x3f0
[   17.768788]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.768863]  kthread+0x328/0x630
[   17.768909]  ret_from_fork+0x10/0x20
[   17.768956] 
[   17.769016] The buggy address belongs to the physical page:
[   17.769048] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.769198] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.769246] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.769371] page_type: f8(unknown)
[   17.769797] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.769850] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.769899] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.769972] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.770018] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.770165] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.770392] page dumped because: kasan: bad access detected
[   17.770424] 
[   17.770442] Memory state around the buggy address:
[   17.770473]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.770515]  fff00000c784a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.770763] >fff00000c784a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.770918]                                                              ^
[   17.770961]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.771003]  fff00000c784a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.771040] ==================================================================
[   17.715567] ==================================================================
[   17.716160] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.716267] Write of size 1 at addr fff00000c4480af0 by task kunit_try_catch/158
[   17.716482] 
[   17.716513] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.716591] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.716616] Hardware name: linux,dummy-virt (DT)
[   17.716646] Call trace:
[   17.716667]  show_stack+0x20/0x38 (C)
[   17.716715]  dump_stack_lvl+0x8c/0xd0
[   17.716762]  print_report+0x118/0x608
[   17.716807]  kasan_report+0xdc/0x128
[   17.716863]  __asan_report_store1_noabort+0x20/0x30
[   17.716912]  krealloc_more_oob_helper+0x5c0/0x678
[   17.717213]  krealloc_more_oob+0x20/0x38
[   17.717358]  kunit_try_run_case+0x170/0x3f0
[   17.717408]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.717461]  kthread+0x328/0x630
[   17.717505]  ret_from_fork+0x10/0x20
[   17.717552] 
[   17.717580] Allocated by task 158:
[   17.717749]  kasan_save_stack+0x3c/0x68
[   17.717905]  kasan_save_track+0x20/0x40
[   17.717942]  kasan_save_alloc_info+0x40/0x58
[   17.717979]  __kasan_krealloc+0x118/0x178
[   17.718014]  krealloc_noprof+0x128/0x360
[   17.718049]  krealloc_more_oob_helper+0x168/0x678
[   17.718598]  krealloc_more_oob+0x20/0x38
[   17.718652]  kunit_try_run_case+0x170/0x3f0
[   17.718691]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.718742]  kthread+0x328/0x630
[   17.718778]  ret_from_fork+0x10/0x20
[   17.718812] 
[   17.719068] The buggy address belongs to the object at fff00000c4480a00
[   17.719068]  which belongs to the cache kmalloc-256 of size 256
[   17.719189] The buggy address is located 5 bytes to the right of
[   17.719189]  allocated 235-byte region [fff00000c4480a00, fff00000c4480aeb)
[   17.719252] 
[   17.719562] The buggy address belongs to the physical page:
[   17.719597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480
[   17.719747] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.719804] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.719856] page_type: f5(slab)
[   17.719976] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.720095] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.720201] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.720712] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.720979] head: 0bfffe0000000001 ffffc1ffc3112001 00000000ffffffff 00000000ffffffff
[   17.721088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.721128] page dumped because: kasan: bad access detected
[   17.721158] 
[   17.721176] Memory state around the buggy address:
[   17.721206]  fff00000c4480980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.721250]  fff00000c4480a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.721525] >fff00000c4480a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.721635]                                                              ^
[   17.721710]  fff00000c4480b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.721762]  fff00000c4480b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.721831] ==================================================================
[   17.762068] ==================================================================
[   17.762121] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.762248] Write of size 1 at addr fff00000c784a0eb by task kunit_try_catch/162
[   17.762444] 
[   17.762482] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.762582] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.762625] Hardware name: linux,dummy-virt (DT)
[   17.762673] Call trace:
[   17.762701]  show_stack+0x20/0x38 (C)
[   17.762753]  dump_stack_lvl+0x8c/0xd0
[   17.762819]  print_report+0x118/0x608
[   17.762871]  kasan_report+0xdc/0x128
[   17.762914]  __asan_report_store1_noabort+0x20/0x30
[   17.762979]  krealloc_more_oob_helper+0x60c/0x678
[   17.763026]  krealloc_large_more_oob+0x20/0x38
[   17.763187]  kunit_try_run_case+0x170/0x3f0
[   17.763284]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.763460]  kthread+0x328/0x630
[   17.763521]  ret_from_fork+0x10/0x20
[   17.763568] 
[   17.763588] The buggy address belongs to the physical page:
[   17.763619] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.763670] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.763715] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.763764] page_type: f8(unknown)
[   17.763801] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.763849] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.763897] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.763943] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.763990] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.764036] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.764085] page dumped because: kasan: bad access detected
[   17.764116] 
[   17.764133] Memory state around the buggy address:
[   17.764180]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.764253]  fff00000c784a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.764294] >fff00000c784a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.764330]                                                           ^
[   17.764452]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.764586]  fff00000c784a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.764688] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHCHYqfIu4VBVZVnMqPbdHKQ6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHCHYqfIu4VBVZVnMqPbdHKQ6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/Image.gz
sha256sum	377fc1f956356f0192a0ae5a36f5141cc4f5c82f23686cbb581490c555233292

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/modules.tar.xz
sha256sum	63862ff5342865dbcabf053997348687cbf8c69b4178e317b99ac30d13bd68f5

durations

tests

boot	0
kunit	196.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.768682] ==================================================================
[   10.769203] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.769451] Write of size 1 at addr ffff888100355ceb by task kunit_try_catch/176
[   10.770289] 
[   10.770472] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.770551] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.770564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.770584] Call Trace:
[   10.770597]  <TASK>
[   10.770611]  dump_stack_lvl+0x73/0xb0
[   10.770638]  print_report+0xd1/0x650
[   10.770662]  ? __virt_addr_valid+0x1db/0x2d0
[   10.770685]  ? krealloc_more_oob_helper+0x821/0x930
[   10.770706]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.770729]  ? krealloc_more_oob_helper+0x821/0x930
[   10.770749]  kasan_report+0x141/0x180
[   10.770772]  ? krealloc_more_oob_helper+0x821/0x930
[   10.770797]  __asan_report_store1_noabort+0x1b/0x30
[   10.770819]  krealloc_more_oob_helper+0x821/0x930
[   10.770845]  ? __schedule+0x10cc/0x2b60
[   10.770869]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.770899]  ? finish_task_switch.isra.0+0x153/0x700
[   10.770922]  ? __switch_to+0x5d9/0xf60
[   10.770945]  ? dequeue_task_fair+0x166/0x4e0
[   10.770970]  ? __schedule+0x10cc/0x2b60
[   10.770992]  ? __pfx_read_tsc+0x10/0x10
[   10.771016]  krealloc_more_oob+0x1c/0x30
[   10.771035]  kunit_try_run_case+0x1a5/0x480
[   10.771057]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.771076]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.771100]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.771124]  ? __kthread_parkme+0x82/0x180
[   10.771146]  ? preempt_count_sub+0x50/0x80
[   10.771170]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.771190]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.771213]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.771236]  kthread+0x337/0x6f0
[   10.771253]  ? trace_preempt_on+0x20/0xc0
[   10.771276]  ? __pfx_kthread+0x10/0x10
[   10.771295]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.771317]  ? calculate_sigpending+0x7b/0xa0
[   10.771338]  ? __pfx_kthread+0x10/0x10
[   10.771357]  ret_from_fork+0x41/0x80
[   10.771378]  ? __pfx_kthread+0x10/0x10
[   10.771396]  ret_from_fork_asm+0x1a/0x30
[   10.771426]  </TASK>
[   10.771437] 
[   10.788317] Allocated by task 176:
[   10.788640]  kasan_save_stack+0x45/0x70
[   10.788918]  kasan_save_track+0x18/0x40
[   10.789414]  kasan_save_alloc_info+0x3b/0x50
[   10.789806]  __kasan_krealloc+0x190/0x1f0
[   10.790331]  krealloc_noprof+0xf3/0x340
[   10.790749]  krealloc_more_oob_helper+0x1a9/0x930
[   10.791261]  krealloc_more_oob+0x1c/0x30
[   10.791460]  kunit_try_run_case+0x1a5/0x480
[   10.791644]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.792194]  kthread+0x337/0x6f0
[   10.792515]  ret_from_fork+0x41/0x80
[   10.792860]  ret_from_fork_asm+0x1a/0x30
[   10.793275] 
[   10.793440] The buggy address belongs to the object at ffff888100355c00
[   10.793440]  which belongs to the cache kmalloc-256 of size 256
[   10.794441] The buggy address is located 0 bytes to the right of
[   10.794441]  allocated 235-byte region [ffff888100355c00, ffff888100355ceb)
[   10.795104] 
[   10.795183] The buggy address belongs to the physical page:
[   10.795580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354
[   10.796142] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.796987] flags: 0x200000000000040(head|node=0|zone=2)
[   10.797552] page_type: f5(slab)
[   10.797693] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.797974] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.798209] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.798444] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.799040] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff
[   10.799771] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.800489] page dumped because: kasan: bad access detected
[   10.801037] 
[   10.801216] Memory state around the buggy address:
[   10.801713]  ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.802492]  ffff888100355c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.803354] >ffff888100355c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.804044]                                                           ^
[   10.804622]  ffff888100355d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.805162]  ffff888100355d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.805387] ==================================================================
[   11.025787] ==================================================================
[   11.026094] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   11.026335] Write of size 1 at addr ffff888102d6a0f0 by task kunit_try_catch/180
[   11.026577] 
[   11.026675] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   11.027050] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.027063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.027083] Call Trace:
[   11.027098]  <TASK>
[   11.027112]  dump_stack_lvl+0x73/0xb0
[   11.027140]  print_report+0xd1/0x650
[   11.027163]  ? __virt_addr_valid+0x1db/0x2d0
[   11.027185]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.027206]  ? kasan_addr_to_slab+0x11/0xa0
[   11.027227]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.027248]  kasan_report+0x141/0x180
[   11.027271]  ? krealloc_more_oob_helper+0x7eb/0x930
[   11.027297]  __asan_report_store1_noabort+0x1b/0x30
[   11.027318]  krealloc_more_oob_helper+0x7eb/0x930
[   11.027338]  ? __schedule+0x10cc/0x2b60
[   11.027361]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.027382]  ? finish_task_switch.isra.0+0x153/0x700
[   11.027406]  ? __switch_to+0x5d9/0xf60
[   11.027426]  ? dequeue_task_fair+0x166/0x4e0
[   11.027450]  ? __schedule+0x10cc/0x2b60
[   11.027473]  ? __pfx_read_tsc+0x10/0x10
[   11.027497]  krealloc_large_more_oob+0x1c/0x30
[   11.027518]  kunit_try_run_case+0x1a5/0x480
[   11.027539]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.027558]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.027592]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.027616]  ? __kthread_parkme+0x82/0x180
[   11.027638]  ? preempt_count_sub+0x50/0x80
[   11.027662]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.027683]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.027706]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.027730]  kthread+0x337/0x6f0
[   11.027747]  ? trace_preempt_on+0x20/0xc0
[   11.027771]  ? __pfx_kthread+0x10/0x10
[   11.027789]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.027812]  ? calculate_sigpending+0x7b/0xa0
[   11.027833]  ? __pfx_kthread+0x10/0x10
[   11.027930]  ret_from_fork+0x41/0x80
[   11.027952]  ? __pfx_kthread+0x10/0x10
[   11.027971]  ret_from_fork_asm+0x1a/0x30
[   11.028002]  </TASK>
[   11.028013] 
[   11.039928] The buggy address belongs to the physical page:
[   11.040180] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d68
[   11.041311] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.041562] flags: 0x200000000000040(head|node=0|zone=2)
[   11.041740] page_type: f8(unknown)
[   11.041868] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.043492] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.044754] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.046073] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.046779] head: 0200000000000002 ffffea00040b5a01 00000000ffffffff 00000000ffffffff
[   11.047718] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.048515] page dumped because: kasan: bad access detected
[   11.049157] 
[   11.049269] Memory state around the buggy address:
[   11.049488]  ffff888102d69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.049787]  ffff888102d6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.050145] >ffff888102d6a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.050436]                                                              ^
[   11.050741]  ffff888102d6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.051142]  ffff888102d6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.051451] ==================================================================
[   10.806023] ==================================================================
[   10.806639] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.807326] Write of size 1 at addr ffff888100355cf0 by task kunit_try_catch/176
[   10.807979] 
[   10.808152] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.808195] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.808207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.808228] Call Trace:
[   10.808240]  <TASK>
[   10.808256]  dump_stack_lvl+0x73/0xb0
[   10.808281]  print_report+0xd1/0x650
[   10.808305]  ? __virt_addr_valid+0x1db/0x2d0
[   10.808340]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.808371]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.808394]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.808415]  kasan_report+0x141/0x180
[   10.808438]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.808464]  __asan_report_store1_noabort+0x1b/0x30
[   10.808485]  krealloc_more_oob_helper+0x7eb/0x930
[   10.808504]  ? __schedule+0x10cc/0x2b60
[   10.808535]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.808556]  ? finish_task_switch.isra.0+0x153/0x700
[   10.808579]  ? __switch_to+0x5d9/0xf60
[   10.808601]  ? dequeue_task_fair+0x166/0x4e0
[   10.808625]  ? __schedule+0x10cc/0x2b60
[   10.808647]  ? __pfx_read_tsc+0x10/0x10
[   10.808671]  krealloc_more_oob+0x1c/0x30
[   10.808690]  kunit_try_run_case+0x1a5/0x480
[   10.808711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.808730]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.808754]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.808778]  ? __kthread_parkme+0x82/0x180
[   10.808800]  ? preempt_count_sub+0x50/0x80
[   10.808824]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.808854]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.808888]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.808912]  kthread+0x337/0x6f0
[   10.808929]  ? trace_preempt_on+0x20/0xc0
[   10.808952]  ? __pfx_kthread+0x10/0x10
[   10.808970]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.809003]  ? calculate_sigpending+0x7b/0xa0
[   10.809025]  ? __pfx_kthread+0x10/0x10
[   10.809043]  ret_from_fork+0x41/0x80
[   10.809065]  ? __pfx_kthread+0x10/0x10
[   10.809083]  ret_from_fork_asm+0x1a/0x30
[   10.809113]  </TASK>
[   10.809124] 
[   10.822403] Allocated by task 176:
[   10.822556]  kasan_save_stack+0x45/0x70
[   10.822708]  kasan_save_track+0x18/0x40
[   10.822858]  kasan_save_alloc_info+0x3b/0x50
[   10.823036]  __kasan_krealloc+0x190/0x1f0
[   10.823182]  krealloc_noprof+0xf3/0x340
[   10.823321]  krealloc_more_oob_helper+0x1a9/0x930
[   10.823478]  krealloc_more_oob+0x1c/0x30
[   10.823634]  kunit_try_run_case+0x1a5/0x480
[   10.823781]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.823968]  kthread+0x337/0x6f0
[   10.824090]  ret_from_fork+0x41/0x80
[   10.824401]  ret_from_fork_asm+0x1a/0x30
[   10.824720] 
[   10.824803] The buggy address belongs to the object at ffff888100355c00
[   10.824803]  which belongs to the cache kmalloc-256 of size 256
[   10.825244] The buggy address is located 5 bytes to the right of
[   10.825244]  allocated 235-byte region [ffff888100355c00, ffff888100355ceb)
[   10.826143] 
[   10.826309] The buggy address belongs to the physical page:
[   10.826813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354
[   10.827601] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.828367] flags: 0x200000000000040(head|node=0|zone=2)
[   10.828850] page_type: f5(slab)
[   10.829236] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.830026] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.830263] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.830531] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.830997] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff
[   10.831702] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.832455] page dumped because: kasan: bad access detected
[   10.832790] 
[   10.832882] Memory state around the buggy address:
[   10.833349]  ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.834051]  ffff888100355c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.834450] >ffff888100355c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.834676]                                                              ^
[   10.834910]  ffff888100355d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.835265]  ffff888100355d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.835952] ==================================================================
[   10.998620] ==================================================================
[   10.999107] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.999418] Write of size 1 at addr ffff888102d6a0eb by task kunit_try_catch/180
[   10.999896] 
[   11.000054] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   11.000104] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.000116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.000139] Call Trace:
[   11.000151]  <TASK>
[   11.000167]  dump_stack_lvl+0x73/0xb0
[   11.000196]  print_report+0xd1/0x650
[   11.000220]  ? __virt_addr_valid+0x1db/0x2d0
[   11.000242]  ? krealloc_more_oob_helper+0x821/0x930
[   11.000262]  ? kasan_addr_to_slab+0x11/0xa0
[   11.000284]  ? krealloc_more_oob_helper+0x821/0x930
[   11.000305]  kasan_report+0x141/0x180
[   11.000327]  ? krealloc_more_oob_helper+0x821/0x930
[   11.000353]  __asan_report_store1_noabort+0x1b/0x30
[   11.000374]  krealloc_more_oob_helper+0x821/0x930
[   11.000394]  ? __schedule+0x10cc/0x2b60
[   11.000418]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   11.000439]  ? finish_task_switch.isra.0+0x153/0x700
[   11.000464]  ? __switch_to+0x5d9/0xf60
[   11.000484]  ? dequeue_task_fair+0x166/0x4e0
[   11.000508]  ? __schedule+0x10cc/0x2b60
[   11.000532]  ? __pfx_read_tsc+0x10/0x10
[   11.000555]  krealloc_large_more_oob+0x1c/0x30
[   11.000575]  kunit_try_run_case+0x1a5/0x480
[   11.000597]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.000616]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.000641]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.000665]  ? __kthread_parkme+0x82/0x180
[   11.000687]  ? preempt_count_sub+0x50/0x80
[   11.000711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.000732]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.000756]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.000779]  kthread+0x337/0x6f0
[   11.000797]  ? trace_preempt_on+0x20/0xc0
[   11.000821]  ? __pfx_kthread+0x10/0x10
[   11.000853]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.000888]  ? calculate_sigpending+0x7b/0xa0
[   11.000910]  ? __pfx_kthread+0x10/0x10
[   11.000929]  ret_from_fork+0x41/0x80
[   11.000949]  ? __pfx_kthread+0x10/0x10
[   11.000967]  ret_from_fork_asm+0x1a/0x30
[   11.000999]  </TASK>
[   11.001010] 
[   11.014428] The buggy address belongs to the physical page:
[   11.015141] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d68
[   11.015870] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.016570] flags: 0x200000000000040(head|node=0|zone=2)
[   11.016957] page_type: f8(unknown)
[   11.017309] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.017559] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.018443] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.019306] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.019721] head: 0200000000000002 ffffea00040b5a01 00000000ffffffff 00000000ffffffff
[   11.020464] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.021136] page dumped because: kasan: bad access detected
[   11.021491] 
[   11.021582] Memory state around the buggy address:
[   11.022060]  ffff888102d69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.022393]  ffff888102d6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.022791] >ffff888102d6a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   11.023499]                                                           ^
[   11.024186]  ffff888102d6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.024502]  ffff888102d6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.025200] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHDX45bldMSBJpzmaNX6Oa8ya

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHDX45bldMSBJpzmaNX6Oa8ya

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/bzImage
sha256sum	f832e357085de19206056a035510bd43f1bc47badc4ae10b58ebab3542c23787

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/modules.tar.xz
sha256sum	ab3c5377b690ddf19fc7a14491556416ddf08419ceb427959995f1c420d461c9

durations

tests

boot	0
kunit	224.81

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit