lkft/linux-stable-rc-linux-6.15.y - v6.15.7-188-g81bcc8b99854 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 22, 2025, 2:40 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.072619] ==================================================================
[   17.073343] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   17.073500] Write of size 1 at addr fff00000c788e0eb by task kunit_try_catch/162
[   17.073553] 
[   17.073600] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.073680] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.073706] Hardware name: linux,dummy-virt (DT)
[   17.074053] Call trace:
[   17.074096]  show_stack+0x20/0x38 (C)
[   17.074148]  dump_stack_lvl+0x8c/0xd0
[   17.074195]  print_report+0x118/0x5d0
[   17.074755]  kasan_report+0xdc/0x128
[   17.074878]  __asan_report_store1_noabort+0x20/0x30
[   17.074975]  krealloc_more_oob_helper+0x60c/0x678
[   17.075127]  krealloc_large_more_oob+0x20/0x38
[   17.075223]  kunit_try_run_case+0x170/0x3f0
[   17.075371]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.075678]  kthread+0x328/0x630
[   17.075791]  ret_from_fork+0x10/0x20
[   17.075905] 
[   17.075946] The buggy address belongs to the physical page:
[   17.075979] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788c
[   17.076031] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.076077] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.076128] page_type: f8(unknown)
[   17.076167] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.076231] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.076322] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.076636] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.076693] head: 0bfffe0000000002 ffffc1ffc31e2301 00000000ffffffff 00000000ffffffff
[   17.077109] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.077203] page dumped because: kasan: bad access detected
[   17.077596] 
[   17.077641] Memory state around the buggy address:
[   17.077692]  fff00000c788df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.077805]  fff00000c788e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.077890] >fff00000c788e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.077968]                                                           ^
[   17.078252]  fff00000c788e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.078525]  fff00000c788e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.078596] ==================================================================
[   17.079707] ==================================================================
[   17.079865] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   17.079930] Write of size 1 at addr fff00000c788e0f0 by task kunit_try_catch/162
[   17.079978] 
[   17.080006] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.080381] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.080407] Hardware name: linux,dummy-virt (DT)
[   17.080436] Call trace:
[   17.080457]  show_stack+0x20/0x38 (C)
[   17.081342]  dump_stack_lvl+0x8c/0xd0
[   17.081437]  print_report+0x118/0x5d0
[   17.081508]  kasan_report+0xdc/0x128
[   17.081566]  __asan_report_store1_noabort+0x20/0x30
[   17.081928]  krealloc_more_oob_helper+0x5c0/0x678
[   17.082535]  krealloc_large_more_oob+0x20/0x38
[   17.082631]  kunit_try_run_case+0x170/0x3f0
[   17.082683]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.082744]  kthread+0x328/0x630
[   17.082896]  ret_from_fork+0x10/0x20
[   17.083058] 
[   17.083133] The buggy address belongs to the physical page:
[   17.083306] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788c
[   17.083439] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.083604] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.083655] page_type: f8(unknown)
[   17.083698] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.083746] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.083793] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.083849] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.083896] head: 0bfffe0000000002 ffffc1ffc31e2301 00000000ffffffff 00000000ffffffff
[   17.083943] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.083982] page dumped because: kasan: bad access detected
[   17.084022] 
[   17.084049] Memory state around the buggy address:
[   17.084078]  fff00000c788df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.084119]  fff00000c788e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.084169] >fff00000c788e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.084211]                                                              ^
[   17.084251]  fff00000c788e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.084549]  fff00000c788e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.084990] ==================================================================
[   16.985608] ==================================================================
[   16.985670] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   16.985724] Write of size 1 at addr fff00000c09232eb by task kunit_try_catch/158
[   16.986191] 
[   16.986243] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   16.986703] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.986834] Hardware name: linux,dummy-virt (DT)
[   16.987004] Call trace:
[   16.987213]  show_stack+0x20/0x38 (C)
[   16.987390]  dump_stack_lvl+0x8c/0xd0
[   16.987477]  print_report+0x118/0x5d0
[   16.987570]  kasan_report+0xdc/0x128
[   16.987757]  __asan_report_store1_noabort+0x20/0x30
[   16.987948]  krealloc_more_oob_helper+0x60c/0x678
[   16.988197]  krealloc_more_oob+0x20/0x38
[   16.988250]  kunit_try_run_case+0x170/0x3f0
[   16.988633]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.988724]  kthread+0x328/0x630
[   16.989106]  ret_from_fork+0x10/0x20
[   16.989394] 
[   16.989472] Allocated by task 158:
[   16.989895]  kasan_save_stack+0x3c/0x68
[   16.990119]  kasan_save_track+0x20/0x40
[   16.990295]  kasan_save_alloc_info+0x40/0x58
[   16.990546]  __kasan_krealloc+0x118/0x178
[   16.990814]  krealloc_noprof+0x128/0x360
[   16.990951]  krealloc_more_oob_helper+0x168/0x678
[   16.990992]  krealloc_more_oob+0x20/0x38
[   16.991038]  kunit_try_run_case+0x170/0x3f0
[   16.991077]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.991587]  kthread+0x328/0x630
[   16.991643]  ret_from_fork+0x10/0x20
[   16.991820] 
[   16.991910] The buggy address belongs to the object at fff00000c0923200
[   16.991910]  which belongs to the cache kmalloc-256 of size 256
[   16.992084] The buggy address is located 0 bytes to the right of
[   16.992084]  allocated 235-byte region [fff00000c0923200, fff00000c09232eb)
[   16.992535] 
[   16.992632] The buggy address belongs to the physical page:
[   16.992722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922
[   16.992794] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.993111] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.993360] page_type: f5(slab)
[   16.993443] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.993548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.993635] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.993892] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.993952] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff
[   16.994093] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.994187] page dumped because: kasan: bad access detected
[   16.994235] 
[   16.994253] Memory state around the buggy address:
[   16.994304]  fff00000c0923180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.994350]  fff00000c0923200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.994400] >fff00000c0923280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.994446]                                                           ^
[   16.994485]  fff00000c0923300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.994534]  fff00000c0923380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.994571] ==================================================================
[   16.995182] ==================================================================
[   16.995241] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   16.995304] Write of size 1 at addr fff00000c09232f0 by task kunit_try_catch/158
[   16.995351] 
[   16.996104] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   16.996199] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.996225] Hardware name: linux,dummy-virt (DT)
[   16.996255] Call trace:
[   16.996505]  show_stack+0x20/0x38 (C)
[   16.996580]  dump_stack_lvl+0x8c/0xd0
[   16.996691]  print_report+0x118/0x5d0
[   16.996849]  kasan_report+0xdc/0x128
[   16.997208]  __asan_report_store1_noabort+0x20/0x30
[   16.997343]  krealloc_more_oob_helper+0x5c0/0x678
[   16.997418]  krealloc_more_oob+0x20/0x38
[   16.997476]  kunit_try_run_case+0x170/0x3f0
[   16.997604]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.997658]  kthread+0x328/0x630
[   16.997731]  ret_from_fork+0x10/0x20
[   16.997786] 
[   16.997804] Allocated by task 158:
[   16.997830]  kasan_save_stack+0x3c/0x68
[   16.997868]  kasan_save_track+0x20/0x40
[   16.997901]  kasan_save_alloc_info+0x40/0x58
[   16.997938]  __kasan_krealloc+0x118/0x178
[   16.997972]  krealloc_noprof+0x128/0x360
[   16.998007]  krealloc_more_oob_helper+0x168/0x678
[   16.998043]  krealloc_more_oob+0x20/0x38
[   16.998547]  kunit_try_run_case+0x170/0x3f0
[   16.998612]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.998653]  kthread+0x328/0x630
[   16.999191]  ret_from_fork+0x10/0x20
[   16.999273] 
[   16.999322] The buggy address belongs to the object at fff00000c0923200
[   16.999322]  which belongs to the cache kmalloc-256 of size 256
[   16.999546] The buggy address is located 5 bytes to the right of
[   16.999546]  allocated 235-byte region [fff00000c0923200, fff00000c09232eb)
[   16.999775] 
[   17.000015] The buggy address belongs to the physical page:
[   17.000099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922
[   17.000233] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.000358] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.000445] page_type: f5(slab)
[   17.000560] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.000610] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.000893] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.000988] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.001065] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff
[   17.001443] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.001672] page dumped because: kasan: bad access detected
[   17.001774] 
[   17.001880] Memory state around the buggy address:
[   17.001966]  fff00000c0923180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.002189]  fff00000c0923200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.002376] >fff00000c0923280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   17.002557]                                                              ^
[   17.002690]  fff00000c0923300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.002768]  fff00000c0923380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.002876] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaWVUHqFABEKnxRbofWz5vTxK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaWVUHqFABEKnxRbofWz5vTxK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/Image.gz
sha256sum	6f108bf41d35f1fce19b9f3dd48bea0e689f69bd759e1a3761fef3bdacebcbc1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/modules.tar.xz
sha256sum	076bc5627f64b7f8fa64e90c5d7ade67331e333d4f3c6ec9ca7d6c88fba26e07

durations

tests

boot	0
kunit	199.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   10.654623] ==================================================================
[   10.655433] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.655882] Write of size 1 at addr ffff888100a9caeb by task kunit_try_catch/176
[   10.656180] 
[   10.656297] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.656342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.656570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.656599] Call Trace:
[   10.656611]  <TASK>
[   10.656626]  dump_stack_lvl+0x73/0xb0
[   10.656653]  print_report+0xd1/0x610
[   10.657239]  ? __virt_addr_valid+0x1db/0x2d0
[   10.657269]  ? krealloc_more_oob_helper+0x821/0x930
[   10.657290]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.657312]  ? krealloc_more_oob_helper+0x821/0x930
[   10.657332]  kasan_report+0x141/0x180
[   10.657355]  ? krealloc_more_oob_helper+0x821/0x930
[   10.657380]  __asan_report_store1_noabort+0x1b/0x30
[   10.657400]  krealloc_more_oob_helper+0x821/0x930
[   10.657418]  ? __schedule+0x10c6/0x2b60
[   10.657441]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.657461]  ? finish_task_switch.isra.0+0x153/0x700
[   10.657483]  ? __switch_to+0x5d9/0xf60
[   10.657505]  ? dequeue_task_fair+0x166/0x4e0
[   10.657528]  ? __schedule+0x10c6/0x2b60
[   10.657550]  ? __pfx_read_tsc+0x10/0x10
[   10.657573]  krealloc_more_oob+0x1c/0x30
[   10.657591]  kunit_try_run_case+0x1a5/0x480
[   10.657611]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.657630]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.657649]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.657673]  ? __kthread_parkme+0x82/0x180
[   10.657693]  ? preempt_count_sub+0x50/0x80
[   10.657716]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.657736]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.657758]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.657780]  kthread+0x337/0x6f0
[   10.657796]  ? trace_preempt_on+0x20/0xc0
[   10.657819]  ? __pfx_kthread+0x10/0x10
[   10.657836]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.657857]  ? calculate_sigpending+0x7b/0xa0
[   10.657878]  ? __pfx_kthread+0x10/0x10
[   10.657895]  ret_from_fork+0x41/0x80
[   10.657916]  ? __pfx_kthread+0x10/0x10
[   10.657933]  ret_from_fork_asm+0x1a/0x30
[   10.657963]  </TASK>
[   10.657973] 
[   10.671211] Allocated by task 176:
[   10.671605]  kasan_save_stack+0x45/0x70
[   10.671886]  kasan_save_track+0x18/0x40
[   10.672071]  kasan_save_alloc_info+0x3b/0x50
[   10.672275]  __kasan_krealloc+0x190/0x1f0
[   10.672868]  krealloc_noprof+0xf3/0x340
[   10.673386]  krealloc_more_oob_helper+0x1a9/0x930
[   10.673748]  krealloc_more_oob+0x1c/0x30
[   10.674086]  kunit_try_run_case+0x1a5/0x480
[   10.674303]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.674832]  kthread+0x337/0x6f0
[   10.675063]  ret_from_fork+0x41/0x80
[   10.675254]  ret_from_fork_asm+0x1a/0x30
[   10.675503] 
[   10.675595] The buggy address belongs to the object at ffff888100a9ca00
[   10.675595]  which belongs to the cache kmalloc-256 of size 256
[   10.676627] The buggy address is located 0 bytes to the right of
[   10.676627]  allocated 235-byte region [ffff888100a9ca00, ffff888100a9caeb)
[   10.677331] 
[   10.677497] The buggy address belongs to the physical page:
[   10.678204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9c
[   10.678949] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.679283] flags: 0x200000000000040(head|node=0|zone=2)
[   10.679685] page_type: f5(slab)
[   10.679845] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.680154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.681094] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.681779] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.682308] head: 0200000000000001 ffffea000402a701 00000000ffffffff 00000000ffffffff
[   10.683149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.683577] page dumped because: kasan: bad access detected
[   10.684076] 
[   10.684175] Memory state around the buggy address:
[   10.684600]  ffff888100a9c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.685057]  ffff888100a9ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.685354] >ffff888100a9ca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.685647]                                                           ^
[   10.686014]  ffff888100a9cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.686310]  ffff888100a9cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.687183] ==================================================================
[   10.876805] ==================================================================
[   10.877159] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.877576] Write of size 1 at addr ffff888103c860f0 by task kunit_try_catch/180
[   10.878179] 
[   10.878314] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.878372] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.878468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.878488] Call Trace:
[   10.878500]  <TASK>
[   10.878516]  dump_stack_lvl+0x73/0xb0
[   10.878555]  print_report+0xd1/0x610
[   10.878578]  ? __virt_addr_valid+0x1db/0x2d0
[   10.878599]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.878646]  ? kasan_addr_to_slab+0x11/0xa0
[   10.878666]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.878685]  kasan_report+0x141/0x180
[   10.878718]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.878802]  __asan_report_store1_noabort+0x1b/0x30
[   10.878859]  krealloc_more_oob_helper+0x7eb/0x930
[   10.878878]  ? __schedule+0x10c6/0x2b60
[   10.878930]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.878951]  ? finish_task_switch.isra.0+0x153/0x700
[   10.878975]  ? __switch_to+0x5d9/0xf60
[   10.878995]  ? dequeue_task_fair+0x166/0x4e0
[   10.879019]  ? __schedule+0x10c6/0x2b60
[   10.879041]  ? __pfx_read_tsc+0x10/0x10
[   10.879064]  krealloc_large_more_oob+0x1c/0x30
[   10.879082]  kunit_try_run_case+0x1a5/0x480
[   10.879103]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.879121]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.879141]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.879189]  ? __kthread_parkme+0x82/0x180
[   10.879211]  ? preempt_count_sub+0x50/0x80
[   10.879251]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.879270]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.879293]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.879316]  kthread+0x337/0x6f0
[   10.879332]  ? trace_preempt_on+0x20/0xc0
[   10.879389]  ? __pfx_kthread+0x10/0x10
[   10.879407]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.879428]  ? calculate_sigpending+0x7b/0xa0
[   10.879460]  ? __pfx_kthread+0x10/0x10
[   10.879477]  ret_from_fork+0x41/0x80
[   10.879498]  ? __pfx_kthread+0x10/0x10
[   10.879515]  ret_from_fork_asm+0x1a/0x30
[   10.879545]  </TASK>
[   10.879554] 
[   10.890023] The buggy address belongs to the physical page:
[   10.890565] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c84
[   10.891041] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.891359] flags: 0x200000000000040(head|node=0|zone=2)
[   10.891651] page_type: f8(unknown)
[   10.892028] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.892360] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.892745] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.893108] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.893519] head: 0200000000000002 ffffea00040f2101 00000000ffffffff 00000000ffffffff
[   10.893925] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.894470] page dumped because: kasan: bad access detected
[   10.894822] 
[   10.894916] Memory state around the buggy address:
[   10.895218]  ffff888103c85f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.895574]  ffff888103c86000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.895897] >ffff888103c86080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.896208]                                                              ^
[   10.896453]  ffff888103c86100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.897080]  ffff888103c86180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.897328] ==================================================================
[   10.689534] ==================================================================
[   10.689963] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   10.690302] Write of size 1 at addr ffff888100a9caf0 by task kunit_try_catch/176
[   10.690574] 
[   10.690733] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.690778] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.690789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.690809] Call Trace:
[   10.690826]  <TASK>
[   10.690841]  dump_stack_lvl+0x73/0xb0
[   10.690866]  print_report+0xd1/0x610
[   10.690887]  ? __virt_addr_valid+0x1db/0x2d0
[   10.690908]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.690926]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.690948]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.690968]  kasan_report+0x141/0x180
[   10.690989]  ? krealloc_more_oob_helper+0x7eb/0x930
[   10.691014]  __asan_report_store1_noabort+0x1b/0x30
[   10.691034]  krealloc_more_oob_helper+0x7eb/0x930
[   10.691052]  ? __schedule+0x10c6/0x2b60
[   10.691075]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.691095]  ? finish_task_switch.isra.0+0x153/0x700
[   10.691117]  ? __switch_to+0x5d9/0xf60
[   10.691136]  ? dequeue_task_fair+0x166/0x4e0
[   10.691160]  ? __schedule+0x10c6/0x2b60
[   10.691181]  ? __pfx_read_tsc+0x10/0x10
[   10.691204]  krealloc_more_oob+0x1c/0x30
[   10.691221]  kunit_try_run_case+0x1a5/0x480
[   10.691254]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.691283]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.691303]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.691326]  ? __kthread_parkme+0x82/0x180
[   10.691347]  ? preempt_count_sub+0x50/0x80
[   10.691379]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.691399]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.691421]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.691443]  kthread+0x337/0x6f0
[   10.691459]  ? trace_preempt_on+0x20/0xc0
[   10.691481]  ? __pfx_kthread+0x10/0x10
[   10.691498]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.691520]  ? calculate_sigpending+0x7b/0xa0
[   10.691540]  ? __pfx_kthread+0x10/0x10
[   10.691558]  ret_from_fork+0x41/0x80
[   10.691577]  ? __pfx_kthread+0x10/0x10
[   10.691595]  ret_from_fork_asm+0x1a/0x30
[   10.691626]  </TASK>
[   10.691635] 
[   10.702461] Allocated by task 176:
[   10.702894]  kasan_save_stack+0x45/0x70
[   10.703190]  kasan_save_track+0x18/0x40
[   10.703490]  kasan_save_alloc_info+0x3b/0x50
[   10.703959]  __kasan_krealloc+0x190/0x1f0
[   10.704320]  krealloc_noprof+0xf3/0x340
[   10.704541]  krealloc_more_oob_helper+0x1a9/0x930
[   10.705031]  krealloc_more_oob+0x1c/0x30
[   10.705181]  kunit_try_run_case+0x1a5/0x480
[   10.705489]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.705970]  kthread+0x337/0x6f0
[   10.706152]  ret_from_fork+0x41/0x80
[   10.706428]  ret_from_fork_asm+0x1a/0x30
[   10.706579] 
[   10.706672] The buggy address belongs to the object at ffff888100a9ca00
[   10.706672]  which belongs to the cache kmalloc-256 of size 256
[   10.707760] The buggy address is located 5 bytes to the right of
[   10.707760]  allocated 235-byte region [ffff888100a9ca00, ffff888100a9caeb)
[   10.708313] 
[   10.708530] The buggy address belongs to the physical page:
[   10.708713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9c
[   10.709141] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.709646] flags: 0x200000000000040(head|node=0|zone=2)
[   10.709859] page_type: f5(slab)
[   10.710036] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.710338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.710650] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.710973] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.711345] head: 0200000000000001 ffffea000402a701 00000000ffffffff 00000000ffffffff
[   10.711648] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.712092] page dumped because: kasan: bad access detected
[   10.712300] 
[   10.712380] Memory state around the buggy address:
[   10.712604]  ffff888100a9c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.713036]  ffff888100a9ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.713337] >ffff888100a9ca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   10.713570]                                                              ^
[   10.714001]  ffff888100a9cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.714289]  ffff888100a9cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.714687] ==================================================================
[   10.851843] ==================================================================
[   10.853069] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   10.853916] Write of size 1 at addr ffff888103c860eb by task kunit_try_catch/180
[   10.854622] 
[   10.854719] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.854765] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.854776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.854798] Call Trace:
[   10.854811]  <TASK>
[   10.854828]  dump_stack_lvl+0x73/0xb0
[   10.854859]  print_report+0xd1/0x610
[   10.854910]  ? __virt_addr_valid+0x1db/0x2d0
[   10.854934]  ? krealloc_more_oob_helper+0x821/0x930
[   10.854953]  ? kasan_addr_to_slab+0x11/0xa0
[   10.855019]  ? krealloc_more_oob_helper+0x821/0x930
[   10.855067]  kasan_report+0x141/0x180
[   10.855102]  ? krealloc_more_oob_helper+0x821/0x930
[   10.855126]  __asan_report_store1_noabort+0x1b/0x30
[   10.855146]  krealloc_more_oob_helper+0x821/0x930
[   10.855165]  ? __schedule+0x10c6/0x2b60
[   10.855190]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   10.855211]  ? finish_task_switch.isra.0+0x153/0x700
[   10.855244]  ? __switch_to+0x5d9/0xf60
[   10.855265]  ? dequeue_task_fair+0x166/0x4e0
[   10.855289]  ? __schedule+0x10c6/0x2b60
[   10.855310]  ? __pfx_read_tsc+0x10/0x10
[   10.855334]  krealloc_large_more_oob+0x1c/0x30
[   10.855358]  kunit_try_run_case+0x1a5/0x480
[   10.855380]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.855398]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.855419]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.855442]  ? __kthread_parkme+0x82/0x180
[   10.855464]  ? preempt_count_sub+0x50/0x80
[   10.855487]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.855507]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.855529]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.855551]  kthread+0x337/0x6f0
[   10.855569]  ? trace_preempt_on+0x20/0xc0
[   10.855592]  ? __pfx_kthread+0x10/0x10
[   10.855610]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.855631]  ? calculate_sigpending+0x7b/0xa0
[   10.855654]  ? __pfx_kthread+0x10/0x10
[   10.855672]  ret_from_fork+0x41/0x80
[   10.855692]  ? __pfx_kthread+0x10/0x10
[   10.855709]  ret_from_fork_asm+0x1a/0x30
[   10.855740]  </TASK>
[   10.855751] 
[   10.868643] The buggy address belongs to the physical page:
[   10.868876] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c84
[   10.869304] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.869969] flags: 0x200000000000040(head|node=0|zone=2)
[   10.870155] page_type: f8(unknown)
[   10.870353] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.870858] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.871248] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.871521] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.872081] head: 0200000000000002 ffffea00040f2101 00000000ffffffff 00000000ffffffff
[   10.872482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.872895] page dumped because: kasan: bad access detected
[   10.873205] 
[   10.873343] Memory state around the buggy address:
[   10.873883]  ffff888103c85f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.874272]  ffff888103c86000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.874649] >ffff888103c86080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   10.874940]                                                           ^
[   10.875244]  ffff888103c86100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.875662]  ffff888103c86180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.875949] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaY1yQOqV4JySRXFsKWTVrukm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaY1yQOqV4JySRXFsKWTVrukm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/bzImage
sha256sum	215211c9ffbc30f7da06e446c23393cbd85dd0dce6cfc2e76dfe983268e0fd6f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/modules.tar.xz
sha256sum	a7c1adb8beea2d29cd88ecba2f3d585aa904241bd0d61a861fcebc67fa6cd397

durations

tests

boot	0
kunit	220.14

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit