lkft/linux-next-master - next-20250319 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

March 19, 2025, 10:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   33.863989] ==================================================================
[   33.865666] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   33.865845] Write of size 1 at addr fff00000c774e0eb by task kunit_try_catch/162
[   33.865995] 
[   33.866104] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.868702] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.869150] Hardware name: linux,dummy-virt (DT)
[   33.869454] Call trace:
[   33.869725]  show_stack+0x20/0x38 (C)
[   33.870105]  dump_stack_lvl+0x8c/0xd0
[   33.870629]  print_report+0x118/0x5f0
[   33.870947]  kasan_report+0xc8/0x118
[   33.872037]  __asan_report_store1_noabort+0x20/0x30
[   33.873146]  krealloc_more_oob_helper+0x614/0x680
[   33.873486]  krealloc_large_more_oob+0x20/0x38
[   33.874831]  kunit_try_run_case+0x14c/0x3d0
[   33.875042]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.875655]  kthread+0x318/0x618
[   33.875844]  ret_from_fork+0x10/0x20
[   33.875995] 
[   33.876074] The buggy address belongs to the physical page:
[   33.876172] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10774c
[   33.876338] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.877783] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.878089] page_type: f8(unknown)
[   33.878208] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.878839] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.879016] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.879192] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.879349] head: 0bfffe0000000002 ffffc1ffc31dd301 00000000ffffffff 00000000ffffffff
[   33.879500] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.879643] page dumped because: kasan: bad access detected
[   33.879753] 
[   33.879865] Memory state around the buggy address:
[   33.880014]  fff00000c774df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.880178]  fff00000c774e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.880318] >fff00000c774e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   33.880579]                                                           ^
[   33.881002]  fff00000c774e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.881907]  fff00000c774e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.882048] ==================================================================
[   33.698289] ==================================================================
[   33.698468] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   33.698619] Write of size 1 at addr fff00000c4a4a4eb by task kunit_try_catch/158
[   33.698795] 
[   33.698887] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.699235] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.699375] Hardware name: linux,dummy-virt (DT)
[   33.699480] Call trace:
[   33.699550]  show_stack+0x20/0x38 (C)
[   33.699707]  dump_stack_lvl+0x8c/0xd0
[   33.699851]  print_report+0x118/0x5f0
[   33.699987]  kasan_report+0xc8/0x118
[   33.700165]  __asan_report_store1_noabort+0x20/0x30
[   33.700438]  krealloc_more_oob_helper+0x614/0x680
[   33.700621]  krealloc_more_oob+0x20/0x38
[   33.700825]  kunit_try_run_case+0x14c/0x3d0
[   33.701360]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.701985]  kthread+0x318/0x618
[   33.702174]  ret_from_fork+0x10/0x20
[   33.702470] 
[   33.702533] Allocated by task 158:
[   33.702662]  kasan_save_stack+0x3c/0x68
[   33.702964]  kasan_save_track+0x20/0x40
[   33.703378]  kasan_save_alloc_info+0x40/0x58
[   33.703752]  __kasan_krealloc+0x118/0x178
[   33.704202]  krealloc_noprof+0x128/0x360
[   33.705028]  krealloc_more_oob_helper+0x168/0x680
[   33.705733]  krealloc_more_oob+0x20/0x38
[   33.706529]  kunit_try_run_case+0x14c/0x3d0
[   33.707044]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.707225]  kthread+0x318/0x618
[   33.707521]  ret_from_fork+0x10/0x20
[   33.708026] 
[   33.708158] The buggy address belongs to the object at fff00000c4a4a400
[   33.708158]  which belongs to the cache kmalloc-256 of size 256
[   33.708582] The buggy address is located 0 bytes to the right of
[   33.708582]  allocated 235-byte region [fff00000c4a4a400, fff00000c4a4a4eb)
[   33.708807] 
[   33.709001] The buggy address belongs to the physical page:
[   33.709256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4a
[   33.709803] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.709969] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.710153] page_type: f5(slab)
[   33.710424] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.710590] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.710880] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.711344] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.712001] head: 0bfffe0000000001 ffffc1ffc3129281 00000000ffffffff 00000000ffffffff
[   33.712447] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.712596] page dumped because: kasan: bad access detected
[   33.712722] 
[   33.712810] Memory state around the buggy address:
[   33.712933]  fff00000c4a4a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.713096]  fff00000c4a4a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.713239] >fff00000c4a4a480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   33.713366]                                                           ^
[   33.713491]  fff00000c4a4a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.713629]  fff00000c4a4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.713865] ==================================================================
[   33.883979] ==================================================================
[   33.885940] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   33.886335] Write of size 1 at addr fff00000c774e0f0 by task kunit_try_catch/162
[   33.886567] 
[   33.886671] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.887468] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.887558] Hardware name: linux,dummy-virt (DT)
[   33.887659] Call trace:
[   33.887727]  show_stack+0x20/0x38 (C)
[   33.887877]  dump_stack_lvl+0x8c/0xd0
[   33.888021]  print_report+0x118/0x5f0
[   33.888185]  kasan_report+0xc8/0x118
[   33.888323]  __asan_report_store1_noabort+0x20/0x30
[   33.888479]  krealloc_more_oob_helper+0x5c8/0x680
[   33.890087]  krealloc_large_more_oob+0x20/0x38
[   33.890314]  kunit_try_run_case+0x14c/0x3d0
[   33.890568]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.890775]  kthread+0x318/0x618
[   33.890933]  ret_from_fork+0x10/0x20
[   33.891103] 
[   33.891164] The buggy address belongs to the physical page:
[   33.891275] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10774c
[   33.891462] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.891608] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.891765] page_type: f8(unknown)
[   33.891893] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.892194] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.892438] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.892653] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.892870] head: 0bfffe0000000002 ffffc1ffc31dd301 00000000ffffffff 00000000ffffffff
[   33.893072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.893196] page dumped because: kasan: bad access detected
[   33.893353] 
[   33.893414] Memory state around the buggy address:
[   33.893502]  fff00000c774df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.893639]  fff00000c774e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.893836] >fff00000c774e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   33.893987]                                                              ^
[   33.894152]  fff00000c774e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.894345]  fff00000c774e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.894537] ==================================================================
[   33.718320] ==================================================================
[   33.718592] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   33.719093] Write of size 1 at addr fff00000c4a4a4f0 by task kunit_try_catch/158
[   33.719684] 
[   33.719809] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.720221] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.720340] Hardware name: linux,dummy-virt (DT)
[   33.720991] Call trace:
[   33.721334]  show_stack+0x20/0x38 (C)
[   33.721484]  dump_stack_lvl+0x8c/0xd0
[   33.721622]  print_report+0x118/0x5f0
[   33.721760]  kasan_report+0xc8/0x118
[   33.721898]  __asan_report_store1_noabort+0x20/0x30
[   33.722079]  krealloc_more_oob_helper+0x5c8/0x680
[   33.722523]  krealloc_more_oob+0x20/0x38
[   33.723769]  kunit_try_run_case+0x14c/0x3d0
[   33.724003]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.724728]  kthread+0x318/0x618
[   33.724905]  ret_from_fork+0x10/0x20
[   33.725627] 
[   33.725760] Allocated by task 158:
[   33.725962]  kasan_save_stack+0x3c/0x68
[   33.726254]  kasan_save_track+0x20/0x40
[   33.726379]  kasan_save_alloc_info+0x40/0x58
[   33.726615]  __kasan_krealloc+0x118/0x178
[   33.726730]  krealloc_noprof+0x128/0x360
[   33.726847]  krealloc_more_oob_helper+0x168/0x680
[   33.726995]  krealloc_more_oob+0x20/0x38
[   33.727143]  kunit_try_run_case+0x14c/0x3d0
[   33.727266]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.727406]  kthread+0x318/0x618
[   33.727587]  ret_from_fork+0x10/0x20
[   33.727697] 
[   33.727756] The buggy address belongs to the object at fff00000c4a4a400
[   33.727756]  which belongs to the cache kmalloc-256 of size 256
[   33.727941] The buggy address is located 5 bytes to the right of
[   33.727941]  allocated 235-byte region [fff00000c4a4a400, fff00000c4a4a4eb)
[   33.728440] 
[   33.728511] The buggy address belongs to the physical page:
[   33.728599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4a
[   33.728758] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.728902] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.729099] page_type: f5(slab)
[   33.729398] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.729559] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.729771] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.730024] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.730269] head: 0bfffe0000000001 ffffc1ffc3129281 00000000ffffffff 00000000ffffffff
[   33.730429] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.730560] page dumped because: kasan: bad access detected
[   33.730656] 
[   33.730715] Memory state around the buggy address:
[   33.730815]  fff00000c4a4a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.730966]  fff00000c4a4a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.731122] >fff00000c4a4a480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   33.731233]                                                              ^
[   33.731361]  fff00000c4a4a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.731501]  fff00000c4a4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.731620] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2IY2MFMbCeXxVlYVKThLK0vG

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2IY2MFMbCeXxVlYVKThLK0vG

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/Image.gz
sha256sum	7e21ea2b066793bfb239769397e1ca6d991d8341932b5c259d0b5291ae716875

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	71bcc7bc8dbd4ac7d02d52aed8886662999d6e6c790f9b9e5220beaf580ccfc1

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/modules.tar.xz
sha256sum	def6cc6c2dd7d82317a0ac9ef5e9628af2e72f9fd52e222ac4d2bca68256cb99

durations

tests

boot	0
kunit	148.31

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

[   20.914632] ==================================================================
[   20.915261] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   20.916029] Write of size 1 at addr ffff8881003380f0 by task kunit_try_catch/177
[   20.916838] 
[   20.917452] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   20.917580] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.917612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.917657] Call Trace:
[   20.917685]  <TASK>
[   20.918030]  dump_stack_lvl+0x73/0xb0
[   20.918188]  print_report+0xd1/0x660
[   20.918431]  ? __virt_addr_valid+0x1db/0x2d0
[   20.918581]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.918657]  kasan_report+0x104/0x140
[   20.918717]  ? krealloc_more_oob_helper+0x7eb/0x930
[   20.918788]  ? krealloc_more_oob_helper+0x7eb/0x930
[   20.918919]  __asan_report_store1_noabort+0x1b/0x30
[   20.919504]  krealloc_more_oob_helper+0x7eb/0x930
[   20.919550]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.919584]  ? irqentry_exit+0x2a/0x60
[   20.919642]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   20.919685]  ? __pfx_krealloc_more_oob+0x10/0x10
[   20.919735]  krealloc_more_oob+0x1c/0x30
[   20.919768]  kunit_try_run_case+0x1b2/0x490
[   20.919804]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.919836]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   20.919868]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.919900]  ? __kthread_parkme+0x82/0x160
[   20.919932]  ? preempt_count_sub+0x50/0x80
[   20.919978]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.920011]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.920043]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.920075]  kthread+0x323/0x710
[   20.920104]  ? trace_preempt_on+0x20/0xc0
[   20.920436]  ? __pfx_kthread+0x10/0x10
[   20.920507]  ? _raw_spin_unlock_irq+0x47/0x80
[   20.920566]  ? calculate_sigpending+0x7b/0xa0
[   20.920627]  ? __pfx_kthread+0x10/0x10
[   20.920726]  ret_from_fork+0x41/0x80
[   20.920790]  ? __pfx_kthread+0x10/0x10
[   20.920825]  ret_from_fork_asm+0x1a/0x30
[   20.920873]  </TASK>
[   20.920889] 
[   20.939509] Allocated by task 177:
[   20.940033]  kasan_save_stack+0x3d/0x60
[   20.940967]  kasan_save_track+0x18/0x40
[   20.941463]  kasan_save_alloc_info+0x3b/0x50
[   20.942206]  __kasan_krealloc+0x190/0x1f0
[   20.942713]  krealloc_noprof+0xf4/0x370
[   20.943278]  krealloc_more_oob_helper+0x1a9/0x930
[   20.943575]  krealloc_more_oob+0x1c/0x30
[   20.944236]  kunit_try_run_case+0x1b2/0x490
[   20.944664]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.945348]  kthread+0x323/0x710
[   20.945900]  ret_from_fork+0x41/0x80
[   20.946302]  ret_from_fork_asm+0x1a/0x30
[   20.947147] 
[   20.947356] The buggy address belongs to the object at ffff888100338000
[   20.947356]  which belongs to the cache kmalloc-256 of size 256
[   20.948243] The buggy address is located 5 bytes to the right of
[   20.948243]  allocated 235-byte region [ffff888100338000, ffff8881003380eb)
[   20.949035] 
[   20.949286] The buggy address belongs to the physical page:
[   20.949786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   20.950648] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.951959] flags: 0x200000000000040(head|node=0|zone=2)
[   20.952393] page_type: f5(slab)
[   20.952947] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.953479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.954390] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.955385] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.956100] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   20.956988] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.957638] page dumped because: kasan: bad access detected
[   20.958354] 
[   20.958556] Memory state around the buggy address:
[   20.959377]  ffff888100337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.960162]  ffff888100338000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.960931] >ffff888100338080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   20.961365]                                                              ^
[   20.962204]  ffff888100338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.963067]  ffff888100338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.963943] ==================================================================
[   20.858607] ==================================================================
[   20.859793] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   20.860509] Write of size 1 at addr ffff8881003380eb by task kunit_try_catch/177
[   20.861647] 
[   20.862169] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   20.862361] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.862427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.862495] Call Trace:
[   20.862526]  <TASK>
[   20.862561]  dump_stack_lvl+0x73/0xb0
[   20.862635]  print_report+0xd1/0x660
[   20.863086]  ? __virt_addr_valid+0x1db/0x2d0
[   20.863266]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.863343]  kasan_report+0x104/0x140
[   20.863380]  ? krealloc_more_oob_helper+0x821/0x930
[   20.863418]  ? krealloc_more_oob_helper+0x821/0x930
[   20.863462]  __asan_report_store1_noabort+0x1b/0x30
[   20.863493]  krealloc_more_oob_helper+0x821/0x930
[   20.863531]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   20.863564]  ? irqentry_exit+0x2a/0x60
[   20.863604]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   20.863665]  ? __pfx_krealloc_more_oob+0x10/0x10
[   20.863793]  krealloc_more_oob+0x1c/0x30
[   20.863851]  kunit_try_run_case+0x1b2/0x490
[   20.863891]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.863924]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   20.863967]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.863999]  ? __kthread_parkme+0x82/0x160
[   20.864030]  ? preempt_count_sub+0x50/0x80
[   20.864065]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.864098]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.864156]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.864189]  kthread+0x323/0x710
[   20.864219]  ? trace_preempt_on+0x20/0xc0
[   20.864253]  ? __pfx_kthread+0x10/0x10
[   20.864284]  ? _raw_spin_unlock_irq+0x47/0x80
[   20.864313]  ? calculate_sigpending+0x7b/0xa0
[   20.864343]  ? __pfx_kthread+0x10/0x10
[   20.864375]  ret_from_fork+0x41/0x80
[   20.864406]  ? __pfx_kthread+0x10/0x10
[   20.864437]  ret_from_fork_asm+0x1a/0x30
[   20.864483]  </TASK>
[   20.864498] 
[   20.884701] Allocated by task 177:
[   20.885730]  kasan_save_stack+0x3d/0x60
[   20.886607]  kasan_save_track+0x18/0x40
[   20.887271]  kasan_save_alloc_info+0x3b/0x50
[   20.887724]  __kasan_krealloc+0x190/0x1f0
[   20.888307]  krealloc_noprof+0xf4/0x370
[   20.889047]  krealloc_more_oob_helper+0x1a9/0x930
[   20.889648]  krealloc_more_oob+0x1c/0x30
[   20.890457]  kunit_try_run_case+0x1b2/0x490
[   20.891199]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.891705]  kthread+0x323/0x710
[   20.892373]  ret_from_fork+0x41/0x80
[   20.893275]  ret_from_fork_asm+0x1a/0x30
[   20.893618] 
[   20.894201] The buggy address belongs to the object at ffff888100338000
[   20.894201]  which belongs to the cache kmalloc-256 of size 256
[   20.896203] The buggy address is located 0 bytes to the right of
[   20.896203]  allocated 235-byte region [ffff888100338000, ffff8881003380eb)
[   20.896969] 
[   20.897217] The buggy address belongs to the physical page:
[   20.897718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   20.898586] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.899419] flags: 0x200000000000040(head|node=0|zone=2)
[   20.900219] page_type: f5(slab)
[   20.900585] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.901307] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.902236] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   20.903307] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.904215] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   20.904742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.905801] page dumped because: kasan: bad access detected
[   20.906342] 
[   20.906645] Memory state around the buggy address:
[   20.907505]  ffff888100337f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.908645]  ffff888100338000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.909190] >ffff888100338080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   20.909626]                                                           ^
[   20.910230]  ffff888100338100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.911224]  ffff888100338180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.912206] ==================================================================
[   21.294479] ==================================================================
[   21.295820] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   21.296220] Write of size 1 at addr ffff8881032460f0 by task kunit_try_catch/181
[   21.296703] 
[   21.296921] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.297043] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.297078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.297184] Call Trace:
[   21.298079]  <TASK>
[   21.298140]  dump_stack_lvl+0x73/0xb0
[   21.298193]  print_report+0xd1/0x660
[   21.298227]  ? __virt_addr_valid+0x1db/0x2d0
[   21.298292]  ? kasan_addr_to_slab+0x11/0xa0
[   21.298326]  kasan_report+0x104/0x140
[   21.298355]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.298392]  ? krealloc_more_oob_helper+0x7eb/0x930
[   21.298434]  __asan_report_store1_noabort+0x1b/0x30
[   21.298464]  krealloc_more_oob_helper+0x7eb/0x930
[   21.298496]  ? __schedule+0xd46/0x29c0
[   21.298526]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.298561]  ? finish_task_switch.isra.0+0x153/0x730
[   21.298592]  ? __switch_to+0x5d9/0xf70
[   21.298629]  ? __schedule+0xd46/0x29c0
[   21.298656]  ? irqentry_exit+0x2a/0x60
[   21.298728]  ? __pfx_read_tsc+0x10/0x10
[   21.298799]  krealloc_large_more_oob+0x1c/0x30
[   21.298878]  kunit_try_run_case+0x1b2/0x490
[   21.298942]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.298977]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.299010]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.299053]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.299087]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.299142]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.299177]  kthread+0x323/0x710
[   21.299206]  ? trace_preempt_on+0x20/0xc0
[   21.299240]  ? __pfx_kthread+0x10/0x10
[   21.299271]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.299300]  ? calculate_sigpending+0x7b/0xa0
[   21.299330]  ? __pfx_kthread+0x10/0x10
[   21.299361]  ret_from_fork+0x41/0x80
[   21.299391]  ? __pfx_kthread+0x10/0x10
[   21.299422]  ret_from_fork_asm+0x1a/0x30
[   21.299468]  </TASK>
[   21.299483] 
[   21.322288] The buggy address belongs to the physical page:
[   21.322643] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103244
[   21.323528] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.325026] flags: 0x200000000000040(head|node=0|zone=2)
[   21.325540] page_type: f8(unknown)
[   21.326449] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.327083] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.327684] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.329164] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.329483] head: 0200000000000002 ffffea00040c9101 00000000ffffffff 00000000ffffffff
[   21.329837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.330749] page dumped because: kasan: bad access detected
[   21.331474] 
[   21.331777] Memory state around the buggy address:
[   21.332637]  ffff888103245f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.333891]  ffff888103246000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.334516] >ffff888103246080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.336173]                                                              ^
[   21.336663]  ffff888103246100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.337845]  ffff888103246180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.338597] ==================================================================
[   21.245360] ==================================================================
[   21.248203] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   21.248966] Write of size 1 at addr ffff8881032460eb by task kunit_try_catch/181
[   21.250475] 
[   21.250676] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.252548] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.252583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.252643] Call Trace:
[   21.252873]  <TASK>
[   21.252945]  dump_stack_lvl+0x73/0xb0
[   21.253032]  print_report+0xd1/0x660
[   21.253094]  ? __virt_addr_valid+0x1db/0x2d0
[   21.253243]  ? kasan_addr_to_slab+0x11/0xa0
[   21.253306]  kasan_report+0x104/0x140
[   21.253360]  ? krealloc_more_oob_helper+0x821/0x930
[   21.253428]  ? krealloc_more_oob_helper+0x821/0x930
[   21.253502]  __asan_report_store1_noabort+0x1b/0x30
[   21.253571]  krealloc_more_oob_helper+0x821/0x930
[   21.253629]  ? __schedule+0xd46/0x29c0
[   21.253708]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   21.253794]  ? finish_task_switch.isra.0+0x153/0x730
[   21.253864]  ? __switch_to+0x5d9/0xf70
[   21.253941]  ? __schedule+0xd46/0x29c0
[   21.253996]  ? irqentry_exit+0x2a/0x60
[   21.254053]  ? __pfx_read_tsc+0x10/0x10
[   21.254391]  krealloc_large_more_oob+0x1c/0x30
[   21.254497]  kunit_try_run_case+0x1b2/0x490
[   21.254569]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.254631]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.254908]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.255017]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.255081]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.255177]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.255238]  kthread+0x323/0x710
[   21.255300]  ? trace_preempt_on+0x20/0xc0
[   21.255369]  ? __pfx_kthread+0x10/0x10
[   21.255431]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.255491]  ? calculate_sigpending+0x7b/0xa0
[   21.255551]  ? __pfx_kthread+0x10/0x10
[   21.255640]  ret_from_fork+0x41/0x80
[   21.255899]  ? __pfx_kthread+0x10/0x10
[   21.255984]  ret_from_fork_asm+0x1a/0x30
[   21.256078]  </TASK>
[   21.256129] 
[   21.276822] The buggy address belongs to the physical page:
[   21.277456] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103244
[   21.278672] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.279534] flags: 0x200000000000040(head|node=0|zone=2)
[   21.280351] page_type: f8(unknown)
[   21.280796] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.281831] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.282379] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.283299] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.284386] head: 0200000000000002 ffffea00040c9101 00000000ffffffff 00000000ffffffff
[   21.285552] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.286405] page dumped because: kasan: bad access detected
[   21.287051] 
[   21.287328] Memory state around the buggy address:
[   21.288388]  ffff888103245f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.289158]  ffff888103246000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.289871] >ffff888103246080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   21.290549]                                                           ^
[   21.291440]  ffff888103246100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.292230]  ffff888103246180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.292946] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2JXgeaQCkFWN6K2jCSXXvmhK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2JXgeaQCkFWN6K2jCSXXvmhK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/bzImage
sha256sum	2bc7cc1a2590cb344ef11815bf2840b058232038476951f62f559ac8b93bacea

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c0721a415598e62660bcf524e126ecf297cac7ec4f7068a53fb00c57f9cd4051

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/modules.tar.xz
sha256sum	d7478c4852fdaca9c987642c2f409eace66511759906fa95e3a9d660c25bf7f6

durations

tests

boot	0
kunit	63.53

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit