lkft/linux-stable-rc-linux-6.15.y - v6.15.6-193-ge6001d5f7944 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 15, 2025, 2:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.671070] ==================================================================
[   17.671131] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.671636] Write of size 1 at addr fff00000c1c500eb by task kunit_try_catch/158
[   17.671856] 
[   17.671949] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   17.672199] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.672256] Hardware name: linux,dummy-virt (DT)
[   17.672386] Call trace:
[   17.672409]  show_stack+0x20/0x38 (C)
[   17.672465]  dump_stack_lvl+0x8c/0xd0
[   17.672512]  print_report+0x118/0x5d0
[   17.672605]  kasan_report+0xdc/0x128
[   17.672656]  __asan_report_store1_noabort+0x20/0x30
[   17.672705]  krealloc_more_oob_helper+0x60c/0x678
[   17.672753]  krealloc_more_oob+0x20/0x38
[   17.672804]  kunit_try_run_case+0x170/0x3f0
[   17.672868]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.672934]  kthread+0x328/0x630
[   17.672979]  ret_from_fork+0x10/0x20
[   17.673038] 
[   17.673056] Allocated by task 158:
[   17.673095]  kasan_save_stack+0x3c/0x68
[   17.673142]  kasan_save_track+0x20/0x40
[   17.673188]  kasan_save_alloc_info+0x40/0x58
[   17.673283]  __kasan_krealloc+0x118/0x178
[   17.673851]  krealloc_noprof+0x128/0x360
[   17.673970]  krealloc_more_oob_helper+0x168/0x678
[   17.674039]  krealloc_more_oob+0x20/0x38
[   17.674093]  kunit_try_run_case+0x170/0x3f0
[   17.674418]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.674745]  kthread+0x328/0x630
[   17.674854]  ret_from_fork+0x10/0x20
[   17.675333] 
[   17.675394] The buggy address belongs to the object at fff00000c1c50000
[   17.675394]  which belongs to the cache kmalloc-256 of size 256
[   17.675553] The buggy address is located 0 bytes to the right of
[   17.675553]  allocated 235-byte region [fff00000c1c50000, fff00000c1c500eb)
[   17.675664] 
[   17.675857] The buggy address belongs to the physical page:
[   17.676078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c50
[   17.676158] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.676322] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.676428] page_type: f5(slab)
[   17.676685] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.676757] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.676808] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.676939] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.677114] head: 0bfffe0000000001 ffffc1ffc3071401 00000000ffffffff 00000000ffffffff
[   17.677225] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.677427] page dumped because: kasan: bad access detected
[   17.677584] 
[   17.677736] Memory state around the buggy address:
[   17.677856]  fff00000c1c4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.677922]  fff00000c1c50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.678037] >fff00000c1c50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.678134]                                                           ^
[   17.678176]  fff00000c1c50100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.678429]  fff00000c1c50180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.678572] ==================================================================
[   17.682064] ==================================================================
[   17.682406] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.682624] Write of size 1 at addr fff00000c1c500f0 by task kunit_try_catch/158
[   17.682776] 
[   17.682813] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   17.682893] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.682919] Hardware name: linux,dummy-virt (DT)
[   17.682956] Call trace:
[   17.682976]  show_stack+0x20/0x38 (C)
[   17.683397]  dump_stack_lvl+0x8c/0xd0
[   17.683477]  print_report+0x118/0x5d0
[   17.683522]  kasan_report+0xdc/0x128
[   17.683566]  __asan_report_store1_noabort+0x20/0x30
[   17.683677]  krealloc_more_oob_helper+0x5c0/0x678
[   17.683753]  krealloc_more_oob+0x20/0x38
[   17.683797]  kunit_try_run_case+0x170/0x3f0
[   17.683903]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.683959]  kthread+0x328/0x630
[   17.684006]  ret_from_fork+0x10/0x20
[   17.684388] 
[   17.684478] Allocated by task 158:
[   17.684536]  kasan_save_stack+0x3c/0x68
[   17.684578]  kasan_save_track+0x20/0x40
[   17.684613]  kasan_save_alloc_info+0x40/0x58
[   17.684658]  __kasan_krealloc+0x118/0x178
[   17.684928]  krealloc_noprof+0x128/0x360
[   17.685165]  krealloc_more_oob_helper+0x168/0x678
[   17.685229]  krealloc_more_oob+0x20/0x38
[   17.685310]  kunit_try_run_case+0x170/0x3f0
[   17.685455]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.685748]  kthread+0x328/0x630
[   17.685941]  ret_from_fork+0x10/0x20
[   17.686040] 
[   17.686098] The buggy address belongs to the object at fff00000c1c50000
[   17.686098]  which belongs to the cache kmalloc-256 of size 256
[   17.686302] The buggy address is located 5 bytes to the right of
[   17.686302]  allocated 235-byte region [fff00000c1c50000, fff00000c1c500eb)
[   17.686401] 
[   17.686421] The buggy address belongs to the physical page:
[   17.686729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c50
[   17.686926] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.686978] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.687038] page_type: f5(slab)
[   17.687128] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.687201] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.687262] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.687318] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.687383] head: 0bfffe0000000001 ffffc1ffc3071401 00000000ffffffff 00000000ffffffff
[   17.687460] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.687510] page dumped because: kasan: bad access detected
[   17.687547] 
[   17.687565] Memory state around the buggy address:
[   17.687596]  fff00000c1c4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.687646]  fff00000c1c50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.687688] >fff00000c1c50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.687725]                                                              ^
[   17.687765]  fff00000c1c50100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.687807]  fff00000c1c50180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.687845] ==================================================================
[   17.758923] ==================================================================
[   17.759087] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.759143] Write of size 1 at addr fff00000c78860f0 by task kunit_try_catch/162
[   17.759501] 
[   17.759556] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   17.759708] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.759775] Hardware name: linux,dummy-virt (DT)
[   17.759823] Call trace:
[   17.759922]  show_stack+0x20/0x38 (C)
[   17.759976]  dump_stack_lvl+0x8c/0xd0
[   17.760022]  print_report+0x118/0x5d0
[   17.760066]  kasan_report+0xdc/0x128
[   17.760123]  __asan_report_store1_noabort+0x20/0x30
[   17.760327]  krealloc_more_oob_helper+0x5c0/0x678
[   17.760503]  krealloc_large_more_oob+0x20/0x38
[   17.760651]  kunit_try_run_case+0x170/0x3f0
[   17.760737]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.760799]  kthread+0x328/0x630
[   17.760843]  ret_from_fork+0x10/0x20
[   17.760889] 
[   17.761727] The buggy address belongs to the physical page:
[   17.761825] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107884
[   17.761905] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.761986] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.762225] page_type: f8(unknown)
[   17.762675] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.763066] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.763132] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.763270] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.763357] head: 0bfffe0000000002 ffffc1ffc31e2101 00000000ffffffff 00000000ffffffff
[   17.763527] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.763568] page dumped because: kasan: bad access detected
[   17.763750] 
[   17.763789] Memory state around the buggy address:
[   17.763822]  fff00000c7885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.764314]  fff00000c7886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.764428] >fff00000c7886080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.764524]                                                              ^
[   17.764675]  fff00000c7886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.764737]  fff00000c7886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.764831] ==================================================================
[   17.751416] ==================================================================
[   17.751860] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.751999] Write of size 1 at addr fff00000c78860eb by task kunit_try_catch/162
[   17.752095] 
[   17.752130] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT 
[   17.752370] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.752592] Hardware name: linux,dummy-virt (DT)
[   17.752655] Call trace:
[   17.752747]  show_stack+0x20/0x38 (C)
[   17.752842]  dump_stack_lvl+0x8c/0xd0
[   17.752917]  print_report+0x118/0x5d0
[   17.753016]  kasan_report+0xdc/0x128
[   17.753081]  __asan_report_store1_noabort+0x20/0x30
[   17.753157]  krealloc_more_oob_helper+0x60c/0x678
[   17.753223]  krealloc_large_more_oob+0x20/0x38
[   17.753270]  kunit_try_run_case+0x170/0x3f0
[   17.753513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.753733]  kthread+0x328/0x630
[   17.753848]  ret_from_fork+0x10/0x20
[   17.753898] 
[   17.753919] The buggy address belongs to the physical page:
[   17.754079] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107884
[   17.754338] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.754563] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.754754] page_type: f8(unknown)
[   17.755102] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.755314] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.755587] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.755751] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.755840] head: 0bfffe0000000002 ffffc1ffc31e2101 00000000ffffffff 00000000ffffffff
[   17.755896] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.756065] page dumped because: kasan: bad access detected
[   17.756105] 
[   17.756123] Memory state around the buggy address:
[   17.756326]  fff00000c7885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.756378]  fff00000c7886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.756443] >fff00000c7886080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.756494]                                                           ^
[   17.756551]  fff00000c7886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.756593]  fff00000c7886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.756631] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukwdBCddr8O80gGskAZRJ92TK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukwdBCddr8O80gGskAZRJ92TK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/Image.gz
sha256sum	b0e860f17b10076c4d346cc4e669f0a4314b9c47de014734fef43b203ae0e34e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuktS95biAMQtU3jJQgFHtrRzl/modules.tar.xz
sha256sum	ba72242d720b0973d3bbe494c38fcb449b610f739295df61530720aaf0f78e60

durations

tests

boot	0
kunit	190.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.627242] ==================================================================
[   10.627551] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.628044] Write of size 1 at addr ffff8881003538f0 by task kunit_try_catch/175
[   10.628350] 
[   10.628465] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   10.628505] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.628528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.628545] Call Trace:
[   10.628559]  <TASK>
[   10.628572]  dump_stack_lvl+0x73/0xb0
[   10.628595]  print_report+0xd1/0x610
[   10.628616]  ? __virt_addr_valid+0x1db/0x2d0
[   10.628637]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.628681]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.628702]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.628721]  kasan_report+0x141/0x180
[   10.628743]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.628767]  __asan_report_store1_noabort+0x1b/0x30
[   10.628786]  krealloc_more_oob_helper+0x7eb/0x930
[   10.628807]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.628825]  ? irqentry_exit+0x2a/0x60
[   10.628843]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   10.628867]  ? __pfx_krealloc_more_oob+0x10/0x10
[   10.628971]  krealloc_more_oob+0x1c/0x30
[   10.629009]  kunit_try_run_case+0x1a5/0x480
[   10.629030]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.629048]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.629070]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.629093]  ? __kthread_parkme+0x82/0x180
[   10.629117]  ? preempt_count_sub+0x50/0x80
[   10.629144]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.629162]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.629184]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.629206]  kthread+0x337/0x6f0
[   10.629221]  ? trace_preempt_on+0x20/0xc0
[   10.629252]  ? __pfx_kthread+0x10/0x10
[   10.629269]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.629290]  ? calculate_sigpending+0x7b/0xa0
[   10.629323]  ? __pfx_kthread+0x10/0x10
[   10.629341]  ret_from_fork+0x41/0x80
[   10.629368]  ? __pfx_kthread+0x10/0x10
[   10.629386]  ret_from_fork_asm+0x1a/0x30
[   10.629429]  </TASK>
[   10.629439] 
[   10.639447] Allocated by task 175:
[   10.639589]  kasan_save_stack+0x45/0x70
[   10.639912]  kasan_save_track+0x18/0x40
[   10.640126]  kasan_save_alloc_info+0x3b/0x50
[   10.640445]  __kasan_krealloc+0x190/0x1f0
[   10.640620]  krealloc_noprof+0xf3/0x340
[   10.640749]  krealloc_more_oob_helper+0x1a9/0x930
[   10.640910]  krealloc_more_oob+0x1c/0x30
[   10.641134]  kunit_try_run_case+0x1a5/0x480
[   10.641331]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.641572]  kthread+0x337/0x6f0
[   10.641701]  ret_from_fork+0x41/0x80
[   10.642026]  ret_from_fork_asm+0x1a/0x30
[   10.642247] 
[   10.642342] The buggy address belongs to the object at ffff888100353800
[   10.642342]  which belongs to the cache kmalloc-256 of size 256
[   10.642970] The buggy address is located 5 bytes to the right of
[   10.642970]  allocated 235-byte region [ffff888100353800, ffff8881003538eb)
[   10.643486] 
[   10.643583] The buggy address belongs to the physical page:
[   10.643914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   10.644263] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.644497] flags: 0x200000000000040(head|node=0|zone=2)
[   10.644676] page_type: f5(slab)
[   10.644981] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.645566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.645787] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.646124] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.646582] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   10.647166] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.647510] page dumped because: kasan: bad access detected
[   10.647727] 
[   10.647829] Memory state around the buggy address:
[   10.648002]  ffff888100353780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.648531]  ffff888100353800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.648869] >ffff888100353880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.649278]                                                              ^
[   10.649556]  ffff888100353900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.649994]  ffff888100353980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.650206] ==================================================================
[   10.802004] ==================================================================
[   10.802286] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.802606] Write of size 1 at addr ffff888102aae0f0 by task kunit_try_catch/179
[   10.802936] 
[   10.803057] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   10.803097] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.803107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.803124] Call Trace:
[   10.803136]  <TASK>
[   10.803149]  dump_stack_lvl+0x73/0xb0
[   10.803171]  print_report+0xd1/0x610
[   10.803192]  ? __virt_addr_valid+0x1db/0x2d0
[   10.803212]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.803230]  ? kasan_addr_to_slab+0x11/0xa0
[   10.803250]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.803269]  kasan_report+0x141/0x180
[   10.803291]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.803315]  __asan_report_store1_noabort+0x1b/0x30
[   10.803335]  krealloc_more_oob_helper+0x7eb/0x930
[   10.803353]  ? __schedule+0x10cc/0x2b60
[   10.803374]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.803394]  ? finish_task_switch.isra.0+0x153/0x700
[   10.803415]  ? __switch_to+0x5d9/0xf60
[   10.803433]  ? dequeue_task_fair+0x156/0x4e0
[   10.803455]  ? __schedule+0x10cc/0x2b60
[   10.803476]  ? __pfx_read_tsc+0x10/0x10
[   10.803498]  krealloc_large_more_oob+0x1c/0x30
[   10.803516]  kunit_try_run_case+0x1a5/0x480
[   10.803535]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.803552]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.803575]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.803597]  ? __kthread_parkme+0x82/0x180
[   10.803617]  ? preempt_count_sub+0x50/0x80
[   10.803640]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.803659]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.803681]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.803702]  kthread+0x337/0x6f0
[   10.803718]  ? trace_preempt_on+0x20/0xc0
[   10.803740]  ? __pfx_kthread+0x10/0x10
[   10.803757]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.803777]  ? calculate_sigpending+0x7b/0xa0
[   10.803797]  ? __pfx_kthread+0x10/0x10
[   10.803815]  ret_from_fork+0x41/0x80
[   10.803834]  ? __pfx_kthread+0x10/0x10
[   10.803850]  ret_from_fork_asm+0x1a/0x30
[   10.803908]  </TASK>
[   10.803918] 
[   10.811577] The buggy address belongs to the physical page:
[   10.811785] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aac
[   10.812160] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.812496] flags: 0x200000000000040(head|node=0|zone=2)
[   10.812752] page_type: f8(unknown)
[   10.813082] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.813383] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.813653] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.814049] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.814333] head: 0200000000000002 ffffea00040aab01 00000000ffffffff 00000000ffffffff
[   10.814564] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.814788] page dumped because: kasan: bad access detected
[   10.815043] 
[   10.815134] Memory state around the buggy address:
[   10.815470]  ffff888102aadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.815778]  ffff888102aae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.816179] >ffff888102aae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.816403]                                                              ^
[   10.816604]  ffff888102aae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.816900]  ffff888102aae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.817225] ==================================================================
[   10.779852] ==================================================================
[   10.780294] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.780591] Write of size 1 at addr ffff888102aae0eb by task kunit_try_catch/179
[   10.780954] 
[   10.781068] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   10.781111] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.781122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.781146] Call Trace:
[   10.781159]  <TASK>
[   10.781173]  dump_stack_lvl+0x73/0xb0
[   10.781200]  print_report+0xd1/0x610
[   10.781221]  ? __virt_addr_valid+0x1db/0x2d0
[   10.781242]  ? krealloc_more_oob_helper+0x821/0x930
[   10.781261]  ? kasan_addr_to_slab+0x11/0xa0
[   10.781281]  ? krealloc_more_oob_helper+0x821/0x930
[   10.781301]  kasan_report+0x141/0x180
[   10.781322]  ? krealloc_more_oob_helper+0x821/0x930
[   10.781346]  __asan_report_store1_noabort+0x1b/0x30
[   10.781368]  krealloc_more_oob_helper+0x821/0x930
[   10.781386]  ? __schedule+0x10cc/0x2b60
[   10.781409]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.781429]  ? finish_task_switch.isra.0+0x153/0x700
[   10.781452]  ? __switch_to+0x5d9/0xf60
[   10.781472]  ? dequeue_task_fair+0x156/0x4e0
[   10.781495]  ? __schedule+0x10cc/0x2b60
[   10.781517]  ? __pfx_read_tsc+0x10/0x10
[   10.781539]  krealloc_large_more_oob+0x1c/0x30
[   10.781557]  kunit_try_run_case+0x1a5/0x480
[   10.781577]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.781595]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.781618]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.781641]  ? __kthread_parkme+0x82/0x180
[   10.781662]  ? preempt_count_sub+0x50/0x80
[   10.781685]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.781704]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.781726]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.781747]  kthread+0x337/0x6f0
[   10.781763]  ? trace_preempt_on+0x20/0xc0
[   10.781785]  ? __pfx_kthread+0x10/0x10
[   10.781802]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.781823]  ? calculate_sigpending+0x7b/0xa0
[   10.781843]  ? __pfx_kthread+0x10/0x10
[   10.781860]  ret_from_fork+0x41/0x80
[   10.781889]  ? __pfx_kthread+0x10/0x10
[   10.781906]  ret_from_fork_asm+0x1a/0x30
[   10.781936]  </TASK>
[   10.781946] 
[   10.794204] The buggy address belongs to the physical page:
[   10.794672] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aac
[   10.795478] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.796231] flags: 0x200000000000040(head|node=0|zone=2)
[   10.796707] page_type: f8(unknown)
[   10.796856] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.797462] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.797692] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.797972] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.798398] head: 0200000000000002 ffffea00040aab01 00000000ffffffff 00000000ffffffff
[   10.798671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.799052] page dumped because: kasan: bad access detected
[   10.799261] 
[   10.799354] Memory state around the buggy address:
[   10.799561]  ffff888102aadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.799809]  ffff888102aae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.800146] >ffff888102aae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.800388]                                                           ^
[   10.800675]  ffff888102aae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.800902]  ffff888102aae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.801262] ==================================================================
[   10.598176] ==================================================================
[   10.598617] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.598952] Write of size 1 at addr ffff8881003538eb by task kunit_try_catch/175
[   10.599697] 
[   10.600087] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.7-rc1 #1 PREEMPT(voluntary) 
[   10.600133] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.600144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.600163] Call Trace:
[   10.600173]  <TASK>
[   10.600186]  dump_stack_lvl+0x73/0xb0
[   10.600209]  print_report+0xd1/0x610
[   10.600231]  ? __virt_addr_valid+0x1db/0x2d0
[   10.600252]  ? krealloc_more_oob_helper+0x821/0x930
[   10.600270]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.600292]  ? krealloc_more_oob_helper+0x821/0x930
[   10.600311]  kasan_report+0x141/0x180
[   10.600332]  ? krealloc_more_oob_helper+0x821/0x930
[   10.600356]  __asan_report_store1_noabort+0x1b/0x30
[   10.600376]  krealloc_more_oob_helper+0x821/0x930
[   10.600397]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.600415]  ? irqentry_exit+0x2a/0x60
[   10.600433]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   10.600458]  ? __pfx_krealloc_more_oob+0x10/0x10
[   10.600479]  krealloc_more_oob+0x1c/0x30
[   10.600496]  kunit_try_run_case+0x1a5/0x480
[   10.600516]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.600533]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.600556]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.600578]  ? __kthread_parkme+0x82/0x180
[   10.600602]  ? preempt_count_sub+0x50/0x80
[   10.600625]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.600644]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.600666]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.600688]  kthread+0x337/0x6f0
[   10.600704]  ? trace_preempt_on+0x20/0xc0
[   10.600726]  ? __pfx_kthread+0x10/0x10
[   10.600743]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.600764]  ? calculate_sigpending+0x7b/0xa0
[   10.600786]  ? __pfx_kthread+0x10/0x10
[   10.600804]  ret_from_fork+0x41/0x80
[   10.600831]  ? __pfx_kthread+0x10/0x10
[   10.600848]  ret_from_fork_asm+0x1a/0x30
[   10.600895]  </TASK>
[   10.600905] 
[   10.615377] Allocated by task 175:
[   10.615877]  kasan_save_stack+0x45/0x70
[   10.616148]  kasan_save_track+0x18/0x40
[   10.616286]  kasan_save_alloc_info+0x3b/0x50
[   10.616430]  __kasan_krealloc+0x190/0x1f0
[   10.616568]  krealloc_noprof+0xf3/0x340
[   10.616704]  krealloc_more_oob_helper+0x1a9/0x930
[   10.616873]  krealloc_more_oob+0x1c/0x30
[   10.617057]  kunit_try_run_case+0x1a5/0x480
[   10.617266]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.617519]  kthread+0x337/0x6f0
[   10.617666]  ret_from_fork+0x41/0x80
[   10.618004]  ret_from_fork_asm+0x1a/0x30
[   10.618209] 
[   10.618305] The buggy address belongs to the object at ffff888100353800
[   10.618305]  which belongs to the cache kmalloc-256 of size 256
[   10.618912] The buggy address is located 0 bytes to the right of
[   10.618912]  allocated 235-byte region [ffff888100353800, ffff8881003538eb)
[   10.619296] 
[   10.619392] The buggy address belongs to the physical page:
[   10.619652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   10.620083] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.620514] flags: 0x200000000000040(head|node=0|zone=2)
[   10.620697] page_type: f5(slab)
[   10.621088] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.621504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.622032] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.622336] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.622631] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   10.623209] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.623571] page dumped because: kasan: bad access detected
[   10.623926] 
[   10.624047] Memory state around the buggy address:
[   10.624267]  ffff888100353780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.624545]  ffff888100353800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.624899] >ffff888100353880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.625361]                                                           ^
[   10.625677]  ffff888100353900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.626029]  ffff888100353980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.626566] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuksIaOJhpjSmtbAsWt4KX8xLf

job_id

TEST:linaro@lkft#2zukxmzNrsaISlcQpWi8gxQVWk6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zukxmzNrsaISlcQpWi8gxQVWk6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/bzImage
sha256sum	6359b76b264b4bf459aa8408711bf0e517a07721ad97f1471de243ff17baef19

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zukuSKMlE7br8rY3BGGi0kunXf/modules.tar.xz
sha256sum	f6ea602678cc1fbeece7230b895aa5bbae863bca90c89576af624930df349f2a

durations

tests

boot	0
kunit	210.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit