lkft/linux-stable-rc-linux-6.14.y - v6.14.10-25-g1927b72132da - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.011589] ==================================================================
[   22.012917] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   22.013847] Write of size 1 at addr fff00000c44c00f0 by task kunit_try_catch/145
[   22.014527] 
[   22.014950] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.015159] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.015233] Hardware name: linux,dummy-virt (DT)
[   22.015316] Call trace:
[   22.015385]  show_stack+0x20/0x38 (C)
[   22.015523]  dump_stack_lvl+0x8c/0xd0
[   22.015666]  print_report+0x118/0x608
[   22.015803]  kasan_report+0xdc/0x128
[   22.015961]  __asan_report_store1_noabort+0x20/0x30
[   22.016079]  krealloc_more_oob_helper+0x5c8/0x680
[   22.016224]  krealloc_more_oob+0x20/0x38
[   22.016360]  kunit_try_run_case+0x170/0x3f0
[   22.016500]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.016650]  kthread+0x318/0x620
[   22.016789]  ret_from_fork+0x10/0x20
[   22.016947] 
[   22.023197] Allocated by task 145:
[   22.023733]  kasan_save_stack+0x3c/0x68
[   22.024273]  kasan_save_track+0x20/0x40
[   22.024778]  kasan_save_alloc_info+0x40/0x58
[   22.025213]  __kasan_krealloc+0x118/0x178
[   22.025745]  krealloc_noprof+0x128/0x360
[   22.026214]  krealloc_more_oob_helper+0x168/0x680
[   22.026933]  krealloc_more_oob+0x20/0x38
[   22.027515]  kunit_try_run_case+0x170/0x3f0
[   22.028123]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.028715]  kthread+0x318/0x620
[   22.029242]  ret_from_fork+0x10/0x20
[   22.029786] 
[   22.030101] The buggy address belongs to the object at fff00000c44c0000
[   22.030101]  which belongs to the cache kmalloc-256 of size 256
[   22.031794] The buggy address is located 5 bytes to the right of
[   22.031794]  allocated 235-byte region [fff00000c44c0000, fff00000c44c00eb)
[   22.033212] 
[   22.033600] The buggy address belongs to the physical page:
[   22.034318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044c0
[   22.035220] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.035966] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.036673] page_type: f5(slab)
[   22.037171] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.038020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.038735] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.039571] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.040406] head: 0bfffe0000000001 ffffc1ffc3113001 ffffffffffffffff 0000000000000000
[   22.041226] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.042028] page dumped because: kasan: bad access detected
[   22.042577] 
[   22.042917] Memory state around the buggy address:
[   22.044040]  fff00000c44bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.044699]  fff00000c44c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.045454] >fff00000c44c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.046364]                                                              ^
[   22.047037]  fff00000c44c0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.047788]  fff00000c44c0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.048465] ==================================================================
[   21.970825] ==================================================================
[   21.971895] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   21.972601] Write of size 1 at addr fff00000c44c00eb by task kunit_try_catch/145
[   21.974210] 
[   21.974549] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   21.974764] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.974841] Hardware name: linux,dummy-virt (DT)
[   21.974943] Call trace:
[   21.975015]  show_stack+0x20/0x38 (C)
[   21.975155]  dump_stack_lvl+0x8c/0xd0
[   21.975257]  print_report+0x118/0x608
[   21.975318]  kasan_report+0xdc/0x128
[   21.975375]  __asan_report_store1_noabort+0x20/0x30
[   21.975432]  krealloc_more_oob_helper+0x614/0x680
[   21.975491]  krealloc_more_oob+0x20/0x38
[   21.975547]  kunit_try_run_case+0x170/0x3f0
[   21.975607]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.975670]  kthread+0x318/0x620
[   21.975725]  ret_from_fork+0x10/0x20
[   21.975784] 
[   21.984238] Allocated by task 145:
[   21.984680]  kasan_save_stack+0x3c/0x68
[   21.985322]  kasan_save_track+0x20/0x40
[   21.985913]  kasan_save_alloc_info+0x40/0x58
[   21.986555]  __kasan_krealloc+0x118/0x178
[   21.987112]  krealloc_noprof+0x128/0x360
[   21.987723]  krealloc_more_oob_helper+0x168/0x680
[   21.988324]  krealloc_more_oob+0x20/0x38
[   21.988941]  kunit_try_run_case+0x170/0x3f0
[   21.989513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.990209]  kthread+0x318/0x620
[   21.990700]  ret_from_fork+0x10/0x20
[   21.991251] 
[   21.991605] The buggy address belongs to the object at fff00000c44c0000
[   21.991605]  which belongs to the cache kmalloc-256 of size 256
[   21.992833] The buggy address is located 0 bytes to the right of
[   21.992833]  allocated 235-byte region [fff00000c44c0000, fff00000c44c00eb)
[   21.994410] 
[   21.994827] The buggy address belongs to the physical page:
[   21.995421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044c0
[   21.996184] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.997041] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.997814] page_type: f5(slab)
[   21.998335] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   21.999196] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.000107] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.000824] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.001630] head: 0bfffe0000000001 ffffc1ffc3113001 ffffffffffffffff 0000000000000000
[   22.002408] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.003176] page dumped because: kasan: bad access detected
[   22.003751] 
[   22.004093] Memory state around the buggy address:
[   22.004625]  fff00000c44bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.005266]  fff00000c44c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.005966] >fff00000c44c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   22.006755]                                                           ^
[   22.007469]  fff00000c44c0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.008165]  fff00000c44c0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.008803] ==================================================================
[   22.315170] ==================================================================
[   22.315851] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   22.317002] Write of size 1 at addr fff00000c64a60f0 by task kunit_try_catch/149
[   22.318175] 
[   22.318520] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.318738] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.318814] Hardware name: linux,dummy-virt (DT)
[   22.318912] Call trace:
[   22.318980]  show_stack+0x20/0x38 (C)
[   22.319121]  dump_stack_lvl+0x8c/0xd0
[   22.319252]  print_report+0x118/0x608
[   22.319326]  kasan_report+0xdc/0x128
[   22.319384]  __asan_report_store1_noabort+0x20/0x30
[   22.319441]  krealloc_more_oob_helper+0x5c8/0x680
[   22.319499]  krealloc_large_more_oob+0x20/0x38
[   22.319556]  kunit_try_run_case+0x170/0x3f0
[   22.319616]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.319677]  kthread+0x318/0x620
[   22.319731]  ret_from_fork+0x10/0x20
[   22.319790] 
[   22.327554] The buggy address belongs to the physical page:
[   22.328174] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064a4
[   22.328954] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.330276] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.330869] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.332053] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.332954] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.334054] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.334780] head: 0bfffe0000000002 ffffc1ffc3192901 ffffffffffffffff 0000000000000000
[   22.335402] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.336025] page dumped because: kasan: bad access detected
[   22.336502] 
[   22.336738] Memory state around the buggy address:
[   22.338528]  fff00000c64a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.339336]  fff00000c64a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.339936] >fff00000c64a6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   22.340661]                                                              ^
[   22.341799]  fff00000c64a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.342623]  fff00000c64a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.343295] ==================================================================
[   22.284352] ==================================================================
[   22.286062] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   22.286804] Write of size 1 at addr fff00000c64a60eb by task kunit_try_catch/149
[   22.287533] 
[   22.287922] CPU: 1 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.288138] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.288214] Hardware name: linux,dummy-virt (DT)
[   22.288303] Call trace:
[   22.288371]  show_stack+0x20/0x38 (C)
[   22.288513]  dump_stack_lvl+0x8c/0xd0
[   22.288652]  print_report+0x118/0x608
[   22.288783]  kasan_report+0xdc/0x128
[   22.288918]  __asan_report_store1_noabort+0x20/0x30
[   22.289368]  krealloc_more_oob_helper+0x614/0x680
[   22.289497]  krealloc_large_more_oob+0x20/0x38
[   22.289616]  kunit_try_run_case+0x170/0x3f0
[   22.289731]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.289849]  kthread+0x318/0x620
[   22.289985]  ret_from_fork+0x10/0x20
[   22.290101] 
[   22.296491] The buggy address belongs to the physical page:
[   22.296996] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064a4
[   22.297935] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.299788] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.300752] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.301799] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.302847] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.303971] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.304937] head: 0bfffe0000000002 ffffc1ffc3192901 ffffffffffffffff 0000000000000000
[   22.305743] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.306480] page dumped because: kasan: bad access detected
[   22.307621] 
[   22.307937] Memory state around the buggy address:
[   22.308543]  fff00000c64a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.309561]  fff00000c64a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.310377] >fff00000c64a6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   22.311106]                                                           ^
[   22.311801]  fff00000c64a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.312511]  fff00000c64a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.313963] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0eM52aWnpBzat5wiiqw9rWLe

job_id

TEST:linaro@lkft#2yB0jDj3dzoKAVHewXjQjbfx00X

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0jDj3dzoKAVHewXjQjbfx00X

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0fiECQTyCzg0gk2BL2iLGGgS/Image.gz
sha256sum	59317a9b1325f69b70eacbe0d68aae469f41cd3de2d350f0a01cc93b16483b66

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0fiECQTyCzg0gk2BL2iLGGgS/modules.tar.xz
sha256sum	e93dd590b175415cb1602cfbff2f87d3a29514f7a8e4b42f3d9cf2e1857c5d45

durations

tests

boot	0
kunit	325.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.180653] ==================================================================
[   17.181222] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   17.182108] Write of size 1 at addr ffff8881022ee0eb by task kunit_try_catch/168
[   17.182878] 
[   17.183138] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.183244] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.183275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.183323] Call Trace:
[   17.183363]  <TASK>
[   17.183406]  dump_stack_lvl+0x73/0xb0
[   17.183486]  print_report+0xd1/0x650
[   17.183538]  ? __virt_addr_valid+0x1db/0x2d0
[   17.183591]  ? krealloc_more_oob_helper+0x823/0x930
[   17.183646]  ? kasan_addr_to_slab+0x11/0xa0
[   17.183708]  ? krealloc_more_oob_helper+0x823/0x930
[   17.183766]  kasan_report+0x140/0x180
[   17.183821]  ? krealloc_more_oob_helper+0x823/0x930
[   17.183909]  __asan_report_store1_noabort+0x1b/0x30
[   17.184032]  krealloc_more_oob_helper+0x823/0x930
[   17.184090]  ? __schedule+0xce8/0x2840
[   17.184153]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   17.184214]  ? finish_task_switch.isra.0+0x153/0x700
[   17.184276]  ? __switch_to+0x5d9/0xf60
[   17.184339]  ? __schedule+0xce8/0x2840
[   17.184396]  ? __pfx_read_tsc+0x10/0x10
[   17.184437]  krealloc_large_more_oob+0x1c/0x30
[   17.184467]  kunit_try_run_case+0x1a6/0x480
[   17.184499]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.184526]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.184555]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.184586]  ? __kthread_parkme+0x82/0x160
[   17.184613]  ? preempt_count_sub+0x50/0x80
[   17.184644]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.184671]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.184702]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.184734]  kthread+0x324/0x6e0
[   17.184759]  ? trace_preempt_on+0x20/0xc0
[   17.184789]  ? __pfx_kthread+0x10/0x10
[   17.184816]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.184844]  ? calculate_sigpending+0x7b/0xa0
[   17.184891]  ? __pfx_kthread+0x10/0x10
[   17.184921]  ret_from_fork+0x41/0x80
[   17.184945]  ? __pfx_kthread+0x10/0x10
[   17.184973]  ret_from_fork_asm+0x1a/0x30
[   17.185015]  </TASK>
[   17.185029] 
[   17.198408] The buggy address belongs to the physical page:
[   17.198916] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022ec
[   17.199765] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.200243] flags: 0x200000000000040(head|node=0|zone=2)
[   17.200784] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.201516] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.202229] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.202782] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.203411] head: 0200000000000002 ffffea000408bb01 ffffffffffffffff 0000000000000000
[   17.204078] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   17.204742] page dumped because: kasan: bad access detected
[   17.205252] 
[   17.205503] Memory state around the buggy address:
[   17.205860]  ffff8881022edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.206552]  ffff8881022ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.206905] >ffff8881022ee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.207226]                                                           ^
[   17.207956]  ffff8881022ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.208701]  ffff8881022ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.209388] ==================================================================
[   16.847070] ==================================================================
[   16.847707] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   16.849098] Write of size 1 at addr ffff888100394eeb by task kunit_try_catch/164
[   16.849826] 
[   16.850828] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   16.850955] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.850988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.851041] Call Trace:
[   16.851074]  <TASK>
[   16.851118]  dump_stack_lvl+0x73/0xb0
[   16.851195]  print_report+0xd1/0x650
[   16.851239]  ? __virt_addr_valid+0x1db/0x2d0
[   16.851287]  ? krealloc_more_oob_helper+0x823/0x930
[   16.851353]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.851406]  ? krealloc_more_oob_helper+0x823/0x930
[   16.851455]  kasan_report+0x140/0x180
[   16.851503]  ? krealloc_more_oob_helper+0x823/0x930
[   16.851558]  __asan_report_store1_noabort+0x1b/0x30
[   16.851607]  krealloc_more_oob_helper+0x823/0x930
[   16.851643]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.851671]  ? irqentry_exit+0x2a/0x60
[   16.851708]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.851747]  ? __pfx_krealloc_more_oob+0x10/0x10
[   16.851779]  krealloc_more_oob+0x1c/0x30
[   16.851805]  kunit_try_run_case+0x1a6/0x480
[   16.851836]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.851884]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   16.851916]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.851945]  ? __kthread_parkme+0x82/0x160
[   16.851974]  ? preempt_count_sub+0x50/0x80
[   16.852006]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.852034]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.852067]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.852099]  kthread+0x324/0x6e0
[   16.852125]  ? trace_preempt_on+0x20/0xc0
[   16.852156]  ? __pfx_kthread+0x10/0x10
[   16.852183]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.852210]  ? calculate_sigpending+0x7b/0xa0
[   16.852238]  ? __pfx_kthread+0x10/0x10
[   16.852266]  ret_from_fork+0x41/0x80
[   16.852291]  ? __pfx_kthread+0x10/0x10
[   16.852328]  ret_from_fork_asm+0x1a/0x30
[   16.852373]  </TASK>
[   16.852388] 
[   16.867576] Allocated by task 164:
[   16.867811]  kasan_save_stack+0x45/0x70
[   16.868243]  kasan_save_track+0x18/0x40
[   16.869644]  kasan_save_alloc_info+0x3b/0x50
[   16.870325]  __kasan_krealloc+0x190/0x1f0
[   16.871010]  krealloc_noprof+0xf3/0x340
[   16.871367]  krealloc_more_oob_helper+0x1aa/0x930
[   16.872290]  krealloc_more_oob+0x1c/0x30
[   16.873264]  kunit_try_run_case+0x1a6/0x480
[   16.873953]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.874654]  kthread+0x324/0x6e0
[   16.875248]  ret_from_fork+0x41/0x80
[   16.875942]  ret_from_fork_asm+0x1a/0x30
[   16.876416] 
[   16.876808] The buggy address belongs to the object at ffff888100394e00
[   16.876808]  which belongs to the cache kmalloc-256 of size 256
[   16.878322] The buggy address is located 0 bytes to the right of
[   16.878322]  allocated 235-byte region [ffff888100394e00, ffff888100394eeb)
[   16.879349] 
[   16.879753] The buggy address belongs to the physical page:
[   16.880188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   16.880854] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.881921] flags: 0x200000000000040(head|node=0|zone=2)
[   16.882171] page_type: f5(slab)
[   16.882812] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.883622] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.884237] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.884978] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.885578] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   16.886185] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   16.886782] page dumped because: kasan: bad access detected
[   16.887049] 
[   16.887225] Memory state around the buggy address:
[   16.887830]  ffff888100394d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.888291]  ffff888100394e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.888930] >ffff888100394e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.889650]                                                           ^
[   16.890192]  ffff888100394f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.890688]  ffff888100394f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.891194] ==================================================================
[   17.210949] ==================================================================
[   17.212149] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   17.212830] Write of size 1 at addr ffff8881022ee0f0 by task kunit_try_catch/168
[   17.213387] 
[   17.213635] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.213739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.213767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.213824] Call Trace:
[   17.213893]  <TASK>
[   17.213937]  dump_stack_lvl+0x73/0xb0
[   17.214015]  print_report+0xd1/0x650
[   17.214056]  ? __virt_addr_valid+0x1db/0x2d0
[   17.214100]  ? krealloc_more_oob_helper+0x7ed/0x930
[   17.214142]  ? kasan_addr_to_slab+0x11/0xa0
[   17.214176]  ? krealloc_more_oob_helper+0x7ed/0x930
[   17.214216]  kasan_report+0x140/0x180
[   17.214256]  ? krealloc_more_oob_helper+0x7ed/0x930
[   17.214344]  __asan_report_store1_noabort+0x1b/0x30
[   17.214395]  krealloc_more_oob_helper+0x7ed/0x930
[   17.214464]  ? __schedule+0xce8/0x2840
[   17.214524]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   17.214579]  ? finish_task_switch.isra.0+0x153/0x700
[   17.214642]  ? __switch_to+0x5d9/0xf60
[   17.214724]  ? __schedule+0xce8/0x2840
[   17.214776]  ? __pfx_read_tsc+0x10/0x10
[   17.214832]  krealloc_large_more_oob+0x1c/0x30
[   17.214906]  kunit_try_run_case+0x1a6/0x480
[   17.214961]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.215014]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.215067]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.215132]  ? __kthread_parkme+0x82/0x160
[   17.215207]  ? preempt_count_sub+0x50/0x80
[   17.215274]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.215370]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.215432]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.215483]  kthread+0x324/0x6e0
[   17.215524]  ? trace_preempt_on+0x20/0xc0
[   17.215567]  ? __pfx_kthread+0x10/0x10
[   17.215608]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.215651]  ? calculate_sigpending+0x7b/0xa0
[   17.215688]  ? __pfx_kthread+0x10/0x10
[   17.215730]  ret_from_fork+0x41/0x80
[   17.215756]  ? __pfx_kthread+0x10/0x10
[   17.215783]  ret_from_fork_asm+0x1a/0x30
[   17.215826]  </TASK>
[   17.215841] 
[   17.228247] The buggy address belongs to the physical page:
[   17.228660] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022ec
[   17.229346] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.229881] flags: 0x200000000000040(head|node=0|zone=2)
[   17.230234] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.230924] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.231631] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.232340] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.232881] head: 0200000000000002 ffffea000408bb01 ffffffffffffffff 0000000000000000
[   17.233483] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   17.234137] page dumped because: kasan: bad access detected
[   17.234520] 
[   17.234675] Memory state around the buggy address:
[   17.234950]  ffff8881022edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.235274]  ffff8881022ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.235990] >ffff8881022ee080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   17.236638]                                                              ^
[   17.237177]  ffff8881022ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.237860]  ffff8881022ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.238546] ==================================================================
[   16.892827] ==================================================================
[   16.894592] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   16.895120] Write of size 1 at addr ffff888100394ef0 by task kunit_try_catch/164
[   16.896002] 
[   16.896203] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   16.896290] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.896313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.896348] Call Trace:
[   16.896383]  <TASK>
[   16.896415]  dump_stack_lvl+0x73/0xb0
[   16.896486]  print_report+0xd1/0x650
[   16.896526]  ? __virt_addr_valid+0x1db/0x2d0
[   16.896566]  ? krealloc_more_oob_helper+0x7ed/0x930
[   16.896608]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.896656]  ? krealloc_more_oob_helper+0x7ed/0x930
[   16.897348]  kasan_report+0x140/0x180
[   16.897424]  ? krealloc_more_oob_helper+0x7ed/0x930
[   16.897496]  __asan_report_store1_noabort+0x1b/0x30
[   16.897549]  krealloc_more_oob_helper+0x7ed/0x930
[   16.897601]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   16.897644]  ? irqentry_exit+0x2a/0x60
[   16.897671]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.897710]  ? __pfx_krealloc_more_oob+0x10/0x10
[   16.897741]  krealloc_more_oob+0x1c/0x30
[   16.897768]  kunit_try_run_case+0x1a6/0x480
[   16.897799]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.897824]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   16.897853]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.897913]  ? __kthread_parkme+0x82/0x160
[   16.897957]  ? preempt_count_sub+0x50/0x80
[   16.897990]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.898019]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.898052]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.898083]  kthread+0x324/0x6e0
[   16.898109]  ? trace_preempt_on+0x20/0xc0
[   16.898139]  ? __pfx_kthread+0x10/0x10
[   16.898166]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.898194]  ? calculate_sigpending+0x7b/0xa0
[   16.898221]  ? __pfx_kthread+0x10/0x10
[   16.898248]  ret_from_fork+0x41/0x80
[   16.898273]  ? __pfx_kthread+0x10/0x10
[   16.898301]  ret_from_fork_asm+0x1a/0x30
[   16.898353]  </TASK>
[   16.898367] 
[   16.911394] Allocated by task 164:
[   16.911643]  kasan_save_stack+0x45/0x70
[   16.911942]  kasan_save_track+0x18/0x40
[   16.912180]  kasan_save_alloc_info+0x3b/0x50
[   16.912433]  __kasan_krealloc+0x190/0x1f0
[   16.912667]  krealloc_noprof+0xf3/0x340
[   16.915010]  krealloc_more_oob_helper+0x1aa/0x930
[   16.916023]  krealloc_more_oob+0x1c/0x30
[   16.917021]  kunit_try_run_case+0x1a6/0x480
[   16.917777]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.918751]  kthread+0x324/0x6e0
[   16.919709]  ret_from_fork+0x41/0x80
[   16.920310]  ret_from_fork_asm+0x1a/0x30
[   16.920887] 
[   16.921495] The buggy address belongs to the object at ffff888100394e00
[   16.921495]  which belongs to the cache kmalloc-256 of size 256
[   16.922964] The buggy address is located 5 bytes to the right of
[   16.922964]  allocated 235-byte region [ffff888100394e00, ffff888100394eeb)
[   16.924269] 
[   16.924576] The buggy address belongs to the physical page:
[   16.925245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   16.925945] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.926736] flags: 0x200000000000040(head|node=0|zone=2)
[   16.927440] page_type: f5(slab)
[   16.927827] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.928268] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.928689] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.929239] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.930299] head: 0200000000000001 ffffea000400e501 ffffffffffffffff 0000000000000000
[   16.930973] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   16.931804] page dumped because: kasan: bad access detected
[   16.932565] 
[   16.932759] Memory state around the buggy address:
[   16.933167]  ffff888100394d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.934385]  ffff888100394e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.935034] >ffff888100394e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   16.935896]                                                              ^
[   16.937188]  ffff888100394f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.938153]  ffff888100394f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.938490] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yB0eM52aWnpBzat5wiiqw9rWLe

job_id

TEST:linaro@lkft#2yB0kLZLf9fC18ffY5TA2txdq9a

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0kLZLf9fC18ffY5TA2txdq9a

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0gruc97fWHEF3260Yx3hXOhB/bzImage
sha256sum	0d903c60dd628bd4f4e3da00557921c64963dd415b7907c16d92f88189d39506

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0gruc97fWHEF3260Yx3hXOhB/modules.tar.xz
sha256sum	3bed53f01736761e2ad5872824055eebe10e21e695effb2d850ca26e1e1be787

durations

tests

boot	0
kunit	402.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit