lkft/linux-stable-rc-linux-6.14.y - v6.14.9-74-gd9764ae24926 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

June 2, 2025, 2:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.124179] ==================================================================
[   18.124787] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   18.125555] Write of size 1 at addr fff00000c09740eb by task kunit_try_catch/146
[   18.126049] 
[   18.126370] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.126574] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.126629] Hardware name: linux,dummy-virt (DT)
[   18.126692] Call trace:
[   18.126736]  show_stack+0x20/0x38 (C)
[   18.126842]  dump_stack_lvl+0x8c/0xd0
[   18.126942]  print_report+0x118/0x608
[   18.127039]  kasan_report+0xdc/0x128
[   18.127138]  __asan_report_store1_noabort+0x20/0x30
[   18.127264]  krealloc_more_oob_helper+0x614/0x680
[   18.127370]  krealloc_more_oob+0x20/0x38
[   18.127461]  kunit_try_run_case+0x170/0x3f0
[   18.127549]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.127648]  kthread+0x318/0x620
[   18.127735]  ret_from_fork+0x10/0x20
[   18.127845] 
[   18.131967] Allocated by task 146:
[   18.132486]  kasan_save_stack+0x3c/0x68
[   18.132803]  kasan_save_track+0x20/0x40
[   18.133241]  kasan_save_alloc_info+0x40/0x58
[   18.133558]  __kasan_krealloc+0x118/0x178
[   18.133966]  krealloc_noprof+0x128/0x360
[   18.134263]  krealloc_more_oob_helper+0x168/0x680
[   18.134566]  krealloc_more_oob+0x20/0x38
[   18.134847]  kunit_try_run_case+0x170/0x3f0
[   18.135114]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.135894]  kthread+0x318/0x620
[   18.136304]  ret_from_fork+0x10/0x20
[   18.136623] 
[   18.136890] The buggy address belongs to the object at fff00000c0974000
[   18.136890]  which belongs to the cache kmalloc-256 of size 256
[   18.137796] The buggy address is located 0 bytes to the right of
[   18.137796]  allocated 235-byte region [fff00000c0974000, fff00000c09740eb)
[   18.138935] 
[   18.139232] The buggy address belongs to the physical page:
[   18.139743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   18.142062] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.142867] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.143634] page_type: f5(slab)
[   18.143969] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.144521] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.145249] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.145846] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.146775] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   18.147141] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.147527] page dumped because: kasan: bad access detected
[   18.147804] 
[   18.147946] Memory state around the buggy address:
[   18.148490]  fff00000c0973f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.149195]  fff00000c0974000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.149906] >fff00000c0974080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.150817]                                                           ^
[   18.151539]  fff00000c0974100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.152193]  fff00000c0974180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.152736] ==================================================================
[   18.401217] ==================================================================
[   18.401872] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   18.403274] Write of size 1 at addr fff00000c606e0f0 by task kunit_try_catch/150
[   18.403810] 
[   18.404126] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.404333] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.404424] Hardware name: linux,dummy-virt (DT)
[   18.404501] Call trace:
[   18.404555]  show_stack+0x20/0x38 (C)
[   18.404705]  dump_stack_lvl+0x8c/0xd0
[   18.404818]  print_report+0x118/0x608
[   18.404889]  kasan_report+0xdc/0x128
[   18.404941]  __asan_report_store1_noabort+0x20/0x30
[   18.404994]  krealloc_more_oob_helper+0x5c8/0x680
[   18.405051]  krealloc_large_more_oob+0x20/0x38
[   18.405104]  kunit_try_run_case+0x170/0x3f0
[   18.405181]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.405242]  kthread+0x318/0x620
[   18.405292]  ret_from_fork+0x10/0x20
[   18.405351] 
[   18.410884] The buggy address belongs to the physical page:
[   18.411487] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10606c
[   18.411969] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.412240] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.412498] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.412722] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.412947] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.413206] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.414352] head: 0bfffe0000000002 ffffc1ffc3181b01 ffffffffffffffff 0000000000000000
[   18.415051] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.415636] page dumped because: kasan: bad access detected
[   18.416362] 
[   18.416746] Memory state around the buggy address:
[   18.417184]  fff00000c606df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.417897]  fff00000c606e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.418758] >fff00000c606e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.418991]                                                              ^
[   18.419252]  fff00000c606e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.419466]  fff00000c606e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.419667] ==================================================================
[   18.369789] ==================================================================
[   18.370565] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x614/0x680
[   18.371365] Write of size 1 at addr fff00000c606e0eb by task kunit_try_catch/150
[   18.371802] 
[   18.372122] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.373349] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.373411] Hardware name: linux,dummy-virt (DT)
[   18.373481] Call trace:
[   18.373543]  show_stack+0x20/0x38 (C)
[   18.373671]  dump_stack_lvl+0x8c/0xd0
[   18.373780]  print_report+0x118/0x608
[   18.373880]  kasan_report+0xdc/0x128
[   18.373981]  __asan_report_store1_noabort+0x20/0x30
[   18.374881]  krealloc_more_oob_helper+0x614/0x680
[   18.375032]  krealloc_large_more_oob+0x20/0x38
[   18.375128]  kunit_try_run_case+0x170/0x3f0
[   18.375287]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.375410]  kthread+0x318/0x620
[   18.375519]  ret_from_fork+0x10/0x20
[   18.375635] 
[   18.384409] The buggy address belongs to the physical page:
[   18.385668] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10606c
[   18.387882] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.388922] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.389738] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.390427] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.391214] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.391969] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.392745] head: 0bfffe0000000002 ffffc1ffc3181b01 ffffffffffffffff 0000000000000000
[   18.393360] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.393926] page dumped because: kasan: bad access detected
[   18.394743] 
[   18.395190] Memory state around the buggy address:
[   18.395665]  fff00000c606df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.396313]  fff00000c606e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.397029] >fff00000c606e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   18.397705]                                                           ^
[   18.398182]  fff00000c606e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.398730]  fff00000c606e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.399508] ==================================================================
[   18.154801] ==================================================================
[   18.155503] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c8/0x680
[   18.155914] Write of size 1 at addr fff00000c09740f0 by task kunit_try_catch/146
[   18.156305] 
[   18.156459] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.156556] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.156587] Hardware name: linux,dummy-virt (DT)
[   18.156624] Call trace:
[   18.156650]  show_stack+0x20/0x38 (C)
[   18.156711]  dump_stack_lvl+0x8c/0xd0
[   18.156766]  print_report+0x118/0x608
[   18.156818]  kasan_report+0xdc/0x128
[   18.156868]  __asan_report_store1_noabort+0x20/0x30
[   18.156919]  krealloc_more_oob_helper+0x5c8/0x680
[   18.156971]  krealloc_more_oob+0x20/0x38
[   18.157021]  kunit_try_run_case+0x170/0x3f0
[   18.157072]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.157127]  kthread+0x318/0x620
[   18.157233]  ret_from_fork+0x10/0x20
[   18.157344] 
[   18.162014] Allocated by task 146:
[   18.162656]  kasan_save_stack+0x3c/0x68
[   18.163070]  kasan_save_track+0x20/0x40
[   18.163550]  kasan_save_alloc_info+0x40/0x58
[   18.163991]  __kasan_krealloc+0x118/0x178
[   18.164379]  krealloc_noprof+0x128/0x360
[   18.164778]  krealloc_more_oob_helper+0x168/0x680
[   18.165326]  krealloc_more_oob+0x20/0x38
[   18.165793]  kunit_try_run_case+0x170/0x3f0
[   18.166451]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.167024]  kthread+0x318/0x620
[   18.167411]  ret_from_fork+0x10/0x20
[   18.167819] 
[   18.168069] The buggy address belongs to the object at fff00000c0974000
[   18.168069]  which belongs to the cache kmalloc-256 of size 256
[   18.168721] The buggy address is located 5 bytes to the right of
[   18.168721]  allocated 235-byte region [fff00000c0974000, fff00000c09740eb)
[   18.169754] 
[   18.170044] The buggy address belongs to the physical page:
[   18.170459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100974
[   18.171114] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.171727] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.172516] page_type: f5(slab)
[   18.172708] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.172934] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.173177] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.173406] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.173643] head: 0bfffe0000000001 ffffc1ffc3025d01 ffffffffffffffff 0000000000000000
[   18.173866] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.174123] page dumped because: kasan: bad access detected
[   18.174435] 
[   18.174642] Memory state around the buggy address:
[   18.174979]  fff00000c0973f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.175319]  fff00000c0974000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.177017] >fff00000c0974080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   18.177756]                                                              ^
[   18.178481]  fff00000c0974100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.179282]  fff00000c0974180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.179849] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xxIrjnY3qrEVj7fL32ZBFnpdUJ

job_id

TEST:linaro@lkft#2xxIwXuNlIzxQj0IpkkVRHMEZcO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxIwXuNlIzxQj0IpkkVRHMEZcO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIt2FGzQnKvGggP0xsi4xIwvI/Image.gz
sha256sum	32a8b72922f193882a307c25103255c66d67e9f963c008702ba8ba647a4a98c3

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIt2FGzQnKvGggP0xsi4xIwvI/modules.tar.xz
sha256sum	58cc75b6d61cea97f72b8fd292af11ead6934a75d8117cee65e72b5a129f94d4

durations

tests

boot	0
kunit	343.69

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.502327] ==================================================================
[   12.502916] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   12.503312] Write of size 1 at addr ffff8881028860f0 by task kunit_try_catch/168
[   12.503725] 
[   12.503829] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.503865] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.503876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.503895] Call Trace:
[   12.503910]  <TASK>
[   12.503925]  dump_stack_lvl+0x73/0xb0
[   12.503948]  print_report+0xd1/0x650
[   12.503968]  ? __virt_addr_valid+0x1db/0x2d0
[   12.503990]  ? krealloc_more_oob_helper+0x7ed/0x930
[   12.504050]  ? kasan_addr_to_slab+0x11/0xa0
[   12.504069]  ? krealloc_more_oob_helper+0x7ed/0x930
[   12.504092]  kasan_report+0x140/0x180
[   12.504114]  ? krealloc_more_oob_helper+0x7ed/0x930
[   12.504141]  __asan_report_store1_noabort+0x1b/0x30
[   12.504164]  krealloc_more_oob_helper+0x7ed/0x930
[   12.504184]  ? __schedule+0xce8/0x2840
[   12.504224]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.504247]  ? finish_task_switch.isra.0+0x153/0x700
[   12.504269]  ? __switch_to+0x5d9/0xf60
[   12.504294]  ? __schedule+0xce8/0x2840
[   12.504315]  ? __pfx_read_tsc+0x10/0x10
[   12.504339]  krealloc_large_more_oob+0x1c/0x30
[   12.504360]  kunit_try_run_case+0x1a6/0x480
[   12.504400]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.504420]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.504443]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.504466]  ? __kthread_parkme+0x82/0x160
[   12.504488]  ? preempt_count_sub+0x50/0x80
[   12.504511]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.504533]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.504621]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.504647]  kthread+0x324/0x6e0
[   12.504667]  ? trace_preempt_on+0x20/0xc0
[   12.504690]  ? __pfx_kthread+0x10/0x10
[   12.504711]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.504733]  ? calculate_sigpending+0x7b/0xa0
[   12.504755]  ? __pfx_kthread+0x10/0x10
[   12.504796]  ret_from_fork+0x41/0x80
[   12.504813]  ? __pfx_kthread+0x10/0x10
[   12.504835]  ret_from_fork_asm+0x1a/0x30
[   12.504866]  </TASK>
[   12.504876] 
[   12.512716] The buggy address belongs to the physical page:
[   12.512972] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102884
[   12.513326] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.513552] flags: 0x200000000000040(head|node=0|zone=2)
[   12.513820] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.514151] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.514378] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.514849] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.515231] head: 0200000000000002 ffffea00040a2101 ffffffffffffffff 0000000000000000
[   12.515585] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.515899] page dumped because: kasan: bad access detected
[   12.516127] 
[   12.516197] Memory state around the buggy address:
[   12.516439]  ffff888102885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.516821]  ffff888102886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.517096] >ffff888102886080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.517374]                                                              ^
[   12.517730]  ffff888102886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.517988]  ffff888102886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.518327] ==================================================================
[   12.486073] ==================================================================
[   12.486694] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   12.487000] Write of size 1 at addr ffff8881028860eb by task kunit_try_catch/168
[   12.487758] 
[   12.487996] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.488050] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.488062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.488082] Call Trace:
[   12.488118]  <TASK>
[   12.488134]  dump_stack_lvl+0x73/0xb0
[   12.488162]  print_report+0xd1/0x650
[   12.488183]  ? __virt_addr_valid+0x1db/0x2d0
[   12.488206]  ? krealloc_more_oob_helper+0x823/0x930
[   12.488228]  ? kasan_addr_to_slab+0x11/0xa0
[   12.488248]  ? krealloc_more_oob_helper+0x823/0x930
[   12.488270]  kasan_report+0x140/0x180
[   12.488291]  ? krealloc_more_oob_helper+0x823/0x930
[   12.488320]  __asan_report_store1_noabort+0x1b/0x30
[   12.488344]  krealloc_more_oob_helper+0x823/0x930
[   12.488365]  ? __schedule+0xce8/0x2840
[   12.488388]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.488410]  ? finish_task_switch.isra.0+0x153/0x700
[   12.488434]  ? __switch_to+0x5d9/0xf60
[   12.488459]  ? __schedule+0xce8/0x2840
[   12.488480]  ? __pfx_read_tsc+0x10/0x10
[   12.488504]  krealloc_large_more_oob+0x1c/0x30
[   12.488526]  kunit_try_run_case+0x1a6/0x480
[   12.488548]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.488569]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.488592]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.488614]  ? __kthread_parkme+0x82/0x160
[   12.488636]  ? preempt_count_sub+0x50/0x80
[   12.488659]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.488681]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.488707]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.488732]  kthread+0x324/0x6e0
[   12.488752]  ? trace_preempt_on+0x20/0xc0
[   12.488774]  ? __pfx_kthread+0x10/0x10
[   12.488796]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.488817]  ? calculate_sigpending+0x7b/0xa0
[   12.488838]  ? __pfx_kthread+0x10/0x10
[   12.488859]  ret_from_fork+0x41/0x80
[   12.488877]  ? __pfx_kthread+0x10/0x10
[   12.488898]  ret_from_fork_asm+0x1a/0x30
[   12.488929]  </TASK>
[   12.488940] 
[   12.496546] The buggy address belongs to the physical page:
[   12.496848] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102884
[   12.497240] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.497522] flags: 0x200000000000040(head|node=0|zone=2)
[   12.497789] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.498099] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.498386] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.498674] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.498978] head: 0200000000000002 ffffea00040a2101 ffffffffffffffff 0000000000000000
[   12.499209] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.499423] page dumped because: kasan: bad access detected
[   12.499668] 
[   12.499762] Memory state around the buggy address:
[   12.499986]  ffff888102885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.500338]  ffff888102886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.500611] >ffff888102886080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.500813]                                                           ^
[   12.501003]  ffff888102886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.501214]  ffff888102886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.501444] ==================================================================
[   12.309125] ==================================================================
[   12.309572] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x823/0x930
[   12.310034] Write of size 1 at addr ffff8881003a18eb by task kunit_try_catch/164
[   12.310343] 
[   12.310452] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.310489] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.310500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.310520] Call Trace:
[   12.310531]  <TASK>
[   12.310545]  dump_stack_lvl+0x73/0xb0
[   12.310573]  print_report+0xd1/0x650
[   12.310598]  ? __virt_addr_valid+0x1db/0x2d0
[   12.310621]  ? krealloc_more_oob_helper+0x823/0x930
[   12.310646]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.310673]  ? krealloc_more_oob_helper+0x823/0x930
[   12.310699]  kasan_report+0x140/0x180
[   12.310723]  ? krealloc_more_oob_helper+0x823/0x930
[   12.310752]  __asan_report_store1_noabort+0x1b/0x30
[   12.310778]  krealloc_more_oob_helper+0x823/0x930
[   12.310802]  ? trace_hardirqs_on+0x37/0xe0
[   12.310828]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.310852]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.310885]  ? __pfx_krealloc_more_oob+0x10/0x10
[   12.310914]  krealloc_more_oob+0x1c/0x30
[   12.310936]  kunit_try_run_case+0x1a6/0x480
[   12.310962]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.310986]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.311012]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.311048]  ? __kthread_parkme+0x82/0x160
[   12.311073]  ? preempt_count_sub+0x50/0x80
[   12.311101]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.311125]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.311153]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.311181]  kthread+0x324/0x6e0
[   12.311206]  ? trace_preempt_on+0x20/0xc0
[   12.311230]  ? __pfx_kthread+0x10/0x10
[   12.311255]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.311279]  ? calculate_sigpending+0x7b/0xa0
[   12.311302]  ? __pfx_kthread+0x10/0x10
[   12.311327]  ret_from_fork+0x41/0x80
[   12.311348]  ? __pfx_kthread+0x10/0x10
[   12.311373]  ret_from_fork_asm+0x1a/0x30
[   12.311407]  </TASK>
[   12.311417] 
[   12.318974] Allocated by task 164:
[   12.319142]  kasan_save_stack+0x45/0x70
[   12.319315]  kasan_save_track+0x18/0x40
[   12.319450]  kasan_save_alloc_info+0x3b/0x50
[   12.319606]  __kasan_krealloc+0x190/0x1f0
[   12.319815]  krealloc_noprof+0xf3/0x340
[   12.320024]  krealloc_more_oob_helper+0x1aa/0x930
[   12.320269]  krealloc_more_oob+0x1c/0x30
[   12.320450]  kunit_try_run_case+0x1a6/0x480
[   12.320596]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.320819]  kthread+0x324/0x6e0
[   12.321201]  ret_from_fork+0x41/0x80
[   12.321406]  ret_from_fork_asm+0x1a/0x30
[   12.321658] 
[   12.321758] The buggy address belongs to the object at ffff8881003a1800
[   12.321758]  which belongs to the cache kmalloc-256 of size 256
[   12.322212] The buggy address is located 0 bytes to the right of
[   12.322212]  allocated 235-byte region [ffff8881003a1800, ffff8881003a18eb)
[   12.322754] 
[   12.322847] The buggy address belongs to the physical page:
[   12.323063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   12.323406] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.323709] flags: 0x200000000000040(head|node=0|zone=2)
[   12.323966] page_type: f5(slab)
[   12.324135] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.324434] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.324666] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.324902] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.325179] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   12.325903] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.326231] page dumped because: kasan: bad access detected
[   12.326402] 
[   12.326471] Memory state around the buggy address:
[   12.326823]  ffff8881003a1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.327167]  ffff8881003a1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.327498] >ffff8881003a1880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.327911]                                                           ^
[   12.328126]  ffff8881003a1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.328384]  ffff8881003a1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.328881] ==================================================================
[   12.329381] ==================================================================
[   12.329850] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7ed/0x930
[   12.330128] Write of size 1 at addr ffff8881003a18f0 by task kunit_try_catch/164
[   12.330454] 
[   12.330615] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.330655] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.330666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.330686] Call Trace:
[   12.330702]  <TASK>
[   12.330717]  dump_stack_lvl+0x73/0xb0
[   12.330744]  print_report+0xd1/0x650
[   12.330768]  ? __virt_addr_valid+0x1db/0x2d0
[   12.330792]  ? krealloc_more_oob_helper+0x7ed/0x930
[   12.330816]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.330844]  ? krealloc_more_oob_helper+0x7ed/0x930
[   12.330870]  kasan_report+0x140/0x180
[   12.330894]  ? krealloc_more_oob_helper+0x7ed/0x930
[   12.330924]  __asan_report_store1_noabort+0x1b/0x30
[   12.330950]  krealloc_more_oob_helper+0x7ed/0x930
[   12.330974]  ? trace_hardirqs_on+0x37/0xe0
[   12.331001]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.331040]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.331072]  ? __pfx_krealloc_more_oob+0x10/0x10
[   12.331101]  krealloc_more_oob+0x1c/0x30
[   12.331124]  kunit_try_run_case+0x1a6/0x480
[   12.331149]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.331172]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.331198]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.331225]  ? __kthread_parkme+0x82/0x160
[   12.331249]  ? preempt_count_sub+0x50/0x80
[   12.331275]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.331300]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.331328]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.331356]  kthread+0x324/0x6e0
[   12.331379]  ? trace_preempt_on+0x20/0xc0
[   12.331404]  ? __pfx_kthread+0x10/0x10
[   12.331428]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.331453]  ? calculate_sigpending+0x7b/0xa0
[   12.331477]  ? __pfx_kthread+0x10/0x10
[   12.331501]  ret_from_fork+0x41/0x80
[   12.331522]  ? __pfx_kthread+0x10/0x10
[   12.331546]  ret_from_fork_asm+0x1a/0x30
[   12.331580]  </TASK>
[   12.331590] 
[   12.338935] Allocated by task 164:
[   12.339121]  kasan_save_stack+0x45/0x70
[   12.339267]  kasan_save_track+0x18/0x40
[   12.339403]  kasan_save_alloc_info+0x3b/0x50
[   12.339551]  __kasan_krealloc+0x190/0x1f0
[   12.339750]  krealloc_noprof+0xf3/0x340
[   12.340175]  krealloc_more_oob_helper+0x1aa/0x930
[   12.340408]  krealloc_more_oob+0x1c/0x30
[   12.340575]  kunit_try_run_case+0x1a6/0x480
[   12.340719]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.340895]  kthread+0x324/0x6e0
[   12.341122]  ret_from_fork+0x41/0x80
[   12.341307]  ret_from_fork_asm+0x1a/0x30
[   12.341519] 
[   12.341612] The buggy address belongs to the object at ffff8881003a1800
[   12.341612]  which belongs to the cache kmalloc-256 of size 256
[   12.342488] The buggy address is located 5 bytes to the right of
[   12.342488]  allocated 235-byte region [ffff8881003a1800, ffff8881003a18eb)
[   12.343081] 
[   12.343182] The buggy address belongs to the physical page:
[   12.343440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1003a0
[   12.343804] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.344101] flags: 0x200000000000040(head|node=0|zone=2)
[   12.344327] page_type: f5(slab)
[   12.344493] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.344829] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.345074] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.345303] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.345569] head: 0200000000000001 ffffea000400e801 ffffffffffffffff 0000000000000000
[   12.345996] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.346333] page dumped because: kasan: bad access detected
[   12.346578] 
[   12.346652] Memory state around the buggy address:
[   12.346801]  ffff8881003a1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.347012]  ffff8881003a1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.347232] >ffff8881003a1880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.347664]                                                              ^
[   12.347977]  ffff8881003a1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.348304]  ffff8881003a1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.348621] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xxIrjnY3qrEVj7fL32ZBFnpdUJ

job_id

TEST:linaro@lkft#2xxIxn9sGUCjhYDADrJyFeeOXJo

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxIxn9sGUCjhYDADrJyFeeOXJo

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxItzMuImjAiaUtl4SAGohS14v/bzImage
sha256sum	a377c082a32d4d46ee2b75abc46da75add70fe012212fc2b65618c407015869d

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxItzMuImjAiaUtl4SAGohS14v/modules.tar.xz
sha256sum	7b365c5d60d997915f8a000edaa45aecbf60745fa7ace2e9d3d5e4c844fd9dc8

durations

tests

boot	0
kunit	193.97

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit