lkft/linux-next-master - next-20250319 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

March 19, 2025, 10:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   33.801744] ==================================================================
[   33.802080] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   33.802227] Write of size 1 at addr fff00000c4a4a6da by task kunit_try_catch/160
[   33.802684] 
[   33.802955] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.803475] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.803557] Hardware name: linux,dummy-virt (DT)
[   33.803687] Call trace:
[   33.803753]  show_stack+0x20/0x38 (C)
[   33.804007]  dump_stack_lvl+0x8c/0xd0
[   33.804178]  print_report+0x118/0x5f0
[   33.804439]  kasan_report+0xc8/0x118
[   33.804651]  __asan_report_store1_noabort+0x20/0x30
[   33.804898]  krealloc_less_oob_helper+0xa80/0xc50
[   33.805085]  krealloc_less_oob+0x20/0x38
[   33.805255]  kunit_try_run_case+0x14c/0x3d0
[   33.805476]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.805686]  kthread+0x318/0x618
[   33.805865]  ret_from_fork+0x10/0x20
[   33.806016] 
[   33.806124] Allocated by task 160:
[   33.806218]  kasan_save_stack+0x3c/0x68
[   33.806339]  kasan_save_track+0x20/0x40
[   33.806453]  kasan_save_alloc_info+0x40/0x58
[   33.806573]  __kasan_krealloc+0x118/0x178
[   33.806687]  krealloc_noprof+0x128/0x360
[   33.806795]  krealloc_less_oob_helper+0x168/0xc50
[   33.806932]  krealloc_less_oob+0x20/0x38
[   33.807075]  kunit_try_run_case+0x14c/0x3d0
[   33.807202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.807338]  kthread+0x318/0x618
[   33.807449]  ret_from_fork+0x10/0x20
[   33.807564] 
[   33.807624] The buggy address belongs to the object at fff00000c4a4a600
[   33.807624]  which belongs to the cache kmalloc-256 of size 256
[   33.807808] The buggy address is located 17 bytes to the right of
[   33.807808]  allocated 201-byte region [fff00000c4a4a600, fff00000c4a4a6c9)
[   33.808014] 
[   33.808098] The buggy address belongs to the physical page:
[   33.808191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4a
[   33.808574] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.808724] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.808885] page_type: f5(slab)
[   33.808997] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.809241] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.809459] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.809678] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.809889] head: 0bfffe0000000001 ffffc1ffc3129281 00000000ffffffff 00000000ffffffff
[   33.810048] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.810190] page dumped because: kasan: bad access detected
[   33.810323] 
[   33.810381] Memory state around the buggy address:
[   33.810582]  fff00000c4a4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.810722]  fff00000c4a4a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.810859] >fff00000c4a4a680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.811120]                                                     ^
[   33.811257]  fff00000c4a4a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.811398]  fff00000c4a4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.811526] ==================================================================
[   33.813265] ==================================================================
[   33.813391] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   33.813639] Write of size 1 at addr fff00000c4a4a6ea by task kunit_try_catch/160
[   33.813787] 
[   33.813876] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.814209] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.814469] Hardware name: linux,dummy-virt (DT)
[   33.814737] Call trace:
[   33.814849]  show_stack+0x20/0x38 (C)
[   33.815034]  dump_stack_lvl+0x8c/0xd0
[   33.815195]  print_report+0x118/0x5f0
[   33.815467]  kasan_report+0xc8/0x118
[   33.815608]  __asan_report_store1_noabort+0x20/0x30
[   33.815793]  krealloc_less_oob_helper+0xae4/0xc50
[   33.815987]  krealloc_less_oob+0x20/0x38
[   33.816185]  kunit_try_run_case+0x14c/0x3d0
[   33.816417]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.816795]  kthread+0x318/0x618
[   33.817550]  ret_from_fork+0x10/0x20
[   33.817742] 
[   33.817877] Allocated by task 160:
[   33.817975]  kasan_save_stack+0x3c/0x68
[   33.818118]  kasan_save_track+0x20/0x40
[   33.820109]  kasan_save_alloc_info+0x40/0x58
[   33.820219]  __kasan_krealloc+0x118/0x178
[   33.820282]  krealloc_noprof+0x128/0x360
[   33.820387]  krealloc_less_oob_helper+0x168/0xc50
[   33.820516]  krealloc_less_oob+0x20/0x38
[   33.820639]  kunit_try_run_case+0x14c/0x3d0
[   33.820763]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.820951]  kthread+0x318/0x618
[   33.821196]  ret_from_fork+0x10/0x20
[   33.821455] 
[   33.821535] The buggy address belongs to the object at fff00000c4a4a600
[   33.821535]  which belongs to the cache kmalloc-256 of size 256
[   33.822030] The buggy address is located 33 bytes to the right of
[   33.822030]  allocated 201-byte region [fff00000c4a4a600, fff00000c4a4a6c9)
[   33.823575] 
[   33.823640] The buggy address belongs to the physical page:
[   33.824287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4a
[   33.824520] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.824661] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.824812] page_type: f5(slab)
[   33.824921] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.827035] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.827899] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.828638] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.828840] head: 0bfffe0000000001 ffffc1ffc3129281 00000000ffffffff 00000000ffffffff
[   33.828988] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.829963] page dumped because: kasan: bad access detected
[   33.830144] 
[   33.830202] Memory state around the buggy address:
[   33.831688]  fff00000c4a4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.831916]  fff00000c4a4a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.832441] >fff00000c4a4a680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.833360]                                                           ^
[   33.833503]  fff00000c4a4a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.833642]  fff00000c4a4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.833905] ==================================================================
[   33.978871] ==================================================================
[   33.979013] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   33.979173] Write of size 1 at addr fff00000c774e0eb by task kunit_try_catch/164
[   33.979329] 
[   33.979416] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.980524] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.980659] Hardware name: linux,dummy-virt (DT)
[   33.980874] Call trace:
[   33.981535]  show_stack+0x20/0x38 (C)
[   33.981706]  dump_stack_lvl+0x8c/0xd0
[   33.981858]  print_report+0x118/0x5f0
[   33.982000]  kasan_report+0xc8/0x118
[   33.982160]  __asan_report_store1_noabort+0x20/0x30
[   33.984250]  krealloc_less_oob_helper+0xa58/0xc50
[   33.985300]  krealloc_large_less_oob+0x20/0x38
[   33.985675]  kunit_try_run_case+0x14c/0x3d0
[   33.986612]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.987027]  kthread+0x318/0x618
[   33.987207]  ret_from_fork+0x10/0x20
[   33.987356] 
[   33.987416] The buggy address belongs to the physical page:
[   33.988704] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10774c
[   33.990194] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.990547] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.991079] page_type: f8(unknown)
[   33.991421] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.991971] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.992694] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.992971] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.993657] head: 0bfffe0000000002 ffffc1ffc31dd301 00000000ffffffff 00000000ffffffff
[   33.994457] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.994599] page dumped because: kasan: bad access detected
[   33.994694] 
[   33.994749] Memory state around the buggy address:
[   33.994849]  fff00000c774df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.995003]  fff00000c774e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.996877] >fff00000c774e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.997266]                                                           ^
[   33.997652]  fff00000c774e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.997856]  fff00000c774e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.997971] ==================================================================
[   33.931629] ==================================================================
[   33.931776] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   33.931914] Write of size 1 at addr fff00000c774e0d0 by task kunit_try_catch/164
[   33.932108] 
[   33.932196] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.932951] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.933045] Hardware name: linux,dummy-virt (DT)
[   33.933168] Call trace:
[   33.933235]  show_stack+0x20/0x38 (C)
[   33.933412]  dump_stack_lvl+0x8c/0xd0
[   33.933645]  print_report+0x118/0x5f0
[   33.933796]  kasan_report+0xc8/0x118
[   33.933966]  __asan_report_store1_noabort+0x20/0x30
[   33.934143]  krealloc_less_oob_helper+0xb9c/0xc50
[   33.934461]  krealloc_large_less_oob+0x20/0x38
[   33.934939]  kunit_try_run_case+0x14c/0x3d0
[   33.935229]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.935467]  kthread+0x318/0x618
[   33.935671]  ret_from_fork+0x10/0x20
[   33.935887] 
[   33.935960] The buggy address belongs to the physical page:
[   33.936141] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10774c
[   33.936423] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.936588] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.936743] page_type: f8(unknown)
[   33.936852] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.937461] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.937637] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.937883] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.938164] head: 0bfffe0000000002 ffffc1ffc31dd301 00000000ffffffff 00000000ffffffff
[   33.938409] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.938556] page dumped because: kasan: bad access detected
[   33.938651] 
[   33.938707] Memory state around the buggy address:
[   33.938805]  fff00000c774df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.938954]  fff00000c774e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.939112] >fff00000c774e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.939243]                                                  ^
[   33.939357]  fff00000c774e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.939499]  fff00000c774e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.939637] ==================================================================
[   33.957712] ==================================================================
[   33.957835] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   33.957972] Write of size 1 at addr fff00000c774e0ea by task kunit_try_catch/164
[   33.960352] 
[   33.960487] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.960736] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.960821] Hardware name: linux,dummy-virt (DT)
[   33.960916] Call trace:
[   33.960980]  show_stack+0x20/0x38 (C)
[   33.961463]  dump_stack_lvl+0x8c/0xd0
[   33.961648]  print_report+0x118/0x5f0
[   33.962785]  kasan_report+0xc8/0x118
[   33.962960]  __asan_report_store1_noabort+0x20/0x30
[   33.963543]  krealloc_less_oob_helper+0xae4/0xc50
[   33.964500]  krealloc_large_less_oob+0x20/0x38
[   33.964657]  kunit_try_run_case+0x14c/0x3d0
[   33.964808]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.964978]  kthread+0x318/0x618
[   33.966302]  ret_from_fork+0x10/0x20
[   33.966545] 
[   33.966646] The buggy address belongs to the physical page:
[   33.966832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10774c
[   33.967025] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.967190] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.967351] page_type: f8(unknown)
[   33.967466] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.967985] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.968981] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.969217] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.969636] head: 0bfffe0000000002 ffffc1ffc31dd301 00000000ffffffff 00000000ffffffff
[   33.970136] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.970797] page dumped because: kasan: bad access detected
[   33.970909] 
[   33.971433] Memory state around the buggy address:
[   33.971640]  fff00000c774df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.971880]  fff00000c774e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.972569] >fff00000c774e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.972714]                                                           ^
[   33.973370]  fff00000c774e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.973633]  fff00000c774e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.973791] ==================================================================
[   33.763945] ==================================================================
[   33.764045] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   33.764503] Write of size 1 at addr fff00000c4a4a6c9 by task kunit_try_catch/160
[   33.764678] 
[   33.764776] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.765044] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.765149] Hardware name: linux,dummy-virt (DT)
[   33.765240] Call trace:
[   33.765300]  show_stack+0x20/0x38 (C)
[   33.765493]  dump_stack_lvl+0x8c/0xd0
[   33.765640]  print_report+0x118/0x5f0
[   33.765783]  kasan_report+0xc8/0x118
[   33.765916]  __asan_report_store1_noabort+0x20/0x30
[   33.766371]  krealloc_less_oob_helper+0xa48/0xc50
[   33.766605]  krealloc_less_oob+0x20/0x38
[   33.766811]  kunit_try_run_case+0x14c/0x3d0
[   33.767028]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.767265]  kthread+0x318/0x618
[   33.767447]  ret_from_fork+0x10/0x20
[   33.767684] 
[   33.767787] Allocated by task 160:
[   33.767880]  kasan_save_stack+0x3c/0x68
[   33.767998]  kasan_save_track+0x20/0x40
[   33.768128]  kasan_save_alloc_info+0x40/0x58
[   33.768249]  __kasan_krealloc+0x118/0x178
[   33.768422]  krealloc_noprof+0x128/0x360
[   33.768534]  krealloc_less_oob_helper+0x168/0xc50
[   33.768662]  krealloc_less_oob+0x20/0x38
[   33.769080]  kunit_try_run_case+0x14c/0x3d0
[   33.769250]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.769416]  kthread+0x318/0x618
[   33.769579]  ret_from_fork+0x10/0x20
[   33.769712] 
[   33.769775] The buggy address belongs to the object at fff00000c4a4a600
[   33.769775]  which belongs to the cache kmalloc-256 of size 256
[   33.769962] The buggy address is located 0 bytes to the right of
[   33.769962]  allocated 201-byte region [fff00000c4a4a600, fff00000c4a4a6c9)
[   33.770178] 
[   33.770238] The buggy address belongs to the physical page:
[   33.770369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4a
[   33.770722] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.770912] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.771150] page_type: f5(slab)
[   33.771312] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.771467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.771627] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.771789] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.771950] head: 0bfffe0000000001 ffffc1ffc3129281 00000000ffffffff 00000000ffffffff
[   33.772144] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.772272] page dumped because: kasan: bad access detected
[   33.772411] 
[   33.772474] Memory state around the buggy address:
[   33.772885]  fff00000c4a4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.773082]  fff00000c4a4a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.773219] >fff00000c4a4a680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.773335]                                               ^
[   33.773450]  fff00000c4a4a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.773581]  fff00000c4a4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.773986] ==================================================================
[   33.778390] ==================================================================
[   33.778520] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   33.778659] Write of size 1 at addr fff00000c4a4a6d0 by task kunit_try_catch/160
[   33.778816] 
[   33.778902] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.779905] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.779998] Hardware name: linux,dummy-virt (DT)
[   33.780803] Call trace:
[   33.781214]  show_stack+0x20/0x38 (C)
[   33.781614]  dump_stack_lvl+0x8c/0xd0
[   33.782242]  print_report+0x118/0x5f0
[   33.782419]  kasan_report+0xc8/0x118
[   33.782564]  __asan_report_store1_noabort+0x20/0x30
[   33.782725]  krealloc_less_oob_helper+0xb9c/0xc50
[   33.782901]  krealloc_less_oob+0x20/0x38
[   33.784404]  kunit_try_run_case+0x14c/0x3d0
[   33.784593]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.784769]  kthread+0x318/0x618
[   33.784911]  ret_from_fork+0x10/0x20
[   33.785075] 
[   33.785131] Allocated by task 160:
[   33.785213]  kasan_save_stack+0x3c/0x68
[   33.785324]  kasan_save_track+0x20/0x40
[   33.785427]  kasan_save_alloc_info+0x40/0x58
[   33.785536]  __kasan_krealloc+0x118/0x178
[   33.785638]  krealloc_noprof+0x128/0x360
[   33.785734]  krealloc_less_oob_helper+0x168/0xc50
[   33.785857]  krealloc_less_oob+0x20/0x38
[   33.785975]  kunit_try_run_case+0x14c/0x3d0
[   33.789398]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.789579]  kthread+0x318/0x618
[   33.789692]  ret_from_fork+0x10/0x20
[   33.789803] 
[   33.789862] The buggy address belongs to the object at fff00000c4a4a600
[   33.789862]  which belongs to the cache kmalloc-256 of size 256
[   33.790031] The buggy address is located 7 bytes to the right of
[   33.790031]  allocated 201-byte region [fff00000c4a4a600, fff00000c4a4a6c9)
[   33.790224] 
[   33.790276] The buggy address belongs to the physical page:
[   33.790357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4a
[   33.790495] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.790629] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.790776] page_type: f5(slab)
[   33.790887] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.794003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.794724] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.794906] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.795100] head: 0bfffe0000000001 ffffc1ffc3129281 00000000ffffffff 00000000ffffffff
[   33.795253] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.795380] page dumped because: kasan: bad access detected
[   33.795480] 
[   33.795536] Memory state around the buggy address:
[   33.795631]  fff00000c4a4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.795762]  fff00000c4a4a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.795893] >fff00000c4a4a680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.796018]                                                  ^
[   33.796144]  fff00000c4a4a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.796284]  fff00000c4a4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.796414] ==================================================================
[   33.921551] ==================================================================
[   33.921695] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   33.921874] Write of size 1 at addr fff00000c774e0c9 by task kunit_try_catch/164
[   33.922027] 
[   33.922143] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.922917] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.923087] Hardware name: linux,dummy-virt (DT)
[   33.923248] Call trace:
[   33.923355]  show_stack+0x20/0x38 (C)
[   33.923603]  dump_stack_lvl+0x8c/0xd0
[   33.923748]  print_report+0x118/0x5f0
[   33.923888]  kasan_report+0xc8/0x118
[   33.924028]  __asan_report_store1_noabort+0x20/0x30
[   33.924201]  krealloc_less_oob_helper+0xa48/0xc50
[   33.924463]  krealloc_large_less_oob+0x20/0x38
[   33.925130]  kunit_try_run_case+0x14c/0x3d0
[   33.925410]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.925584]  kthread+0x318/0x618
[   33.925762]  ret_from_fork+0x10/0x20
[   33.926031] 
[   33.926121] The buggy address belongs to the physical page:
[   33.926457] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10774c
[   33.926685] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.926863] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.927034] page_type: f8(unknown)
[   33.927234] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.927431] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.927634] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.927881] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.928085] head: 0bfffe0000000002 ffffc1ffc31dd301 00000000ffffffff 00000000ffffffff
[   33.928236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.928457] page dumped because: kasan: bad access detected
[   33.928883] 
[   33.929018] Memory state around the buggy address:
[   33.929180]  fff00000c774df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.929312]  fff00000c774e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.929477] >fff00000c774e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.929655]                                               ^
[   33.929784]  fff00000c774e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.929924]  fff00000c774e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.930048] ==================================================================
[   33.837027] ==================================================================
[   33.837209] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   33.837354] Write of size 1 at addr fff00000c4a4a6eb by task kunit_try_catch/160
[   33.837497] 
[   33.837579] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.837811] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.837892] Hardware name: linux,dummy-virt (DT)
[   33.837978] Call trace:
[   33.838041]  show_stack+0x20/0x38 (C)
[   33.838244]  dump_stack_lvl+0x8c/0xd0
[   33.838481]  print_report+0x118/0x5f0
[   33.838634]  kasan_report+0xc8/0x118
[   33.838774]  __asan_report_store1_noabort+0x20/0x30
[   33.838942]  krealloc_less_oob_helper+0xa58/0xc50
[   33.839115]  krealloc_less_oob+0x20/0x38
[   33.839265]  kunit_try_run_case+0x14c/0x3d0
[   33.839415]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.839582]  kthread+0x318/0x618
[   33.839728]  ret_from_fork+0x10/0x20
[   33.839876] 
[   33.839934] Allocated by task 160:
[   33.840020]  kasan_save_stack+0x3c/0x68
[   33.840166]  kasan_save_track+0x20/0x40
[   33.840316]  kasan_save_alloc_info+0x40/0x58
[   33.840446]  __kasan_krealloc+0x118/0x178
[   33.840578]  krealloc_noprof+0x128/0x360
[   33.840697]  krealloc_less_oob_helper+0x168/0xc50
[   33.840863]  krealloc_less_oob+0x20/0x38
[   33.841032]  kunit_try_run_case+0x14c/0x3d0
[   33.841201]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.841347]  kthread+0x318/0x618
[   33.841469]  ret_from_fork+0x10/0x20
[   33.841585] 
[   33.841677] The buggy address belongs to the object at fff00000c4a4a600
[   33.841677]  which belongs to the cache kmalloc-256 of size 256
[   33.841855] The buggy address is located 34 bytes to the right of
[   33.841855]  allocated 201-byte region [fff00000c4a4a600, fff00000c4a4a6c9)
[   33.842048] 
[   33.842130] The buggy address belongs to the physical page:
[   33.842216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4a
[   33.842373] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.842523] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.842681] page_type: f5(slab)
[   33.842786] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.843007] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.843241] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   33.843393] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   33.843546] head: 0bfffe0000000001 ffffc1ffc3129281 00000000ffffffff 00000000ffffffff
[   33.843698] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   33.843876] page dumped because: kasan: bad access detected
[   33.843979] 
[   33.844037] Memory state around the buggy address:
[   33.844201]  fff00000c4a4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.844483]  fff00000c4a4a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.844591] >fff00000c4a4a680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.844708]                                                           ^
[   33.845010]  fff00000c4a4a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.845405]  fff00000c4a4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.845732] ==================================================================
[   33.943313] ==================================================================
[   33.943497] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   33.943956] Write of size 1 at addr fff00000c774e0da by task kunit_try_catch/164
[   33.944146] 
[   33.944235] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT 
[   33.945197] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.945798] Hardware name: linux,dummy-virt (DT)
[   33.945916] Call trace:
[   33.945981]  show_stack+0x20/0x38 (C)
[   33.946227]  dump_stack_lvl+0x8c/0xd0
[   33.946521]  print_report+0x118/0x5f0
[   33.946805]  kasan_report+0xc8/0x118
[   33.947028]  __asan_report_store1_noabort+0x20/0x30
[   33.947216]  krealloc_less_oob_helper+0xa80/0xc50
[   33.947975]  krealloc_large_less_oob+0x20/0x38
[   33.948335]  kunit_try_run_case+0x14c/0x3d0
[   33.948666]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.948909]  kthread+0x318/0x618
[   33.949377]  ret_from_fork+0x10/0x20
[   33.949546] 
[   33.949605] The buggy address belongs to the physical page:
[   33.949697] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10774c
[   33.949852] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.950448] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.950758] page_type: f8(unknown)
[   33.951014] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.951315] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.951995] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   33.952481] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   33.953110] head: 0bfffe0000000002 ffffc1ffc31dd301 00000000ffffffff 00000000ffffffff
[   33.953306] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.953441] page dumped because: kasan: bad access detected
[   33.954237] 
[   33.954300] Memory state around the buggy address:
[   33.954395]  fff00000c774df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.954538]  fff00000c774e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.954678] >fff00000c774e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   33.954843]                                                     ^
[   33.955144]  fff00000c774e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.955453]  fff00000c774e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   33.955610] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2IY2MFMbCeXxVlYVKThLK0vG

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2IY2MFMbCeXxVlYVKThLK0vG

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/Image.gz
sha256sum	7e21ea2b066793bfb239769397e1ca6d991d8341932b5c259d0b5291ae716875

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	71bcc7bc8dbd4ac7d02d52aed8886662999d6e6c790f9b9e5220beaf580ccfc1

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2F32dFREZpt738DwHKERJ1NE/modules.tar.xz
sha256sum	def6cc6c2dd7d82317a0ac9ef5e9628af2e72f9fd52e222ac4d2bca68256cb99

durations

tests

boot	0
kunit	148.31

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

[   21.080884] ==================================================================
[   21.081773] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   21.082209] Write of size 1 at addr ffff888100abc4da by task kunit_try_catch/179
[   21.083364] 
[   21.083743] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.084057] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.084104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.084181] Call Trace:
[   21.084216]  <TASK>
[   21.084301]  dump_stack_lvl+0x73/0xb0
[   21.084416]  print_report+0xd1/0x660
[   21.084485]  ? __virt_addr_valid+0x1db/0x2d0
[   21.084604]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.084678]  kasan_report+0x104/0x140
[   21.084758]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.084836]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.084920]  __asan_report_store1_noabort+0x1b/0x30
[   21.084980]  krealloc_less_oob_helper+0xec6/0x11d0
[   21.085602]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.085656]  ? finish_task_switch.isra.0+0x153/0x730
[   21.085740]  ? __switch_to+0x5d9/0xf70
[   21.085849]  ? __schedule+0xd46/0x29c0
[   21.085890]  ? __pfx_read_tsc+0x10/0x10
[   21.085928]  krealloc_less_oob+0x1c/0x30
[   21.085962]  kunit_try_run_case+0x1b2/0x490
[   21.085997]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.086028]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.086059]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.086091]  ? __kthread_parkme+0x82/0x160
[   21.086146]  ? preempt_count_sub+0x50/0x80
[   21.086182]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.086216]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.086249]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.086282]  kthread+0x323/0x710
[   21.086311]  ? trace_preempt_on+0x20/0xc0
[   21.086346]  ? __pfx_kthread+0x10/0x10
[   21.086378]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.086406]  ? calculate_sigpending+0x7b/0xa0
[   21.086437]  ? __pfx_kthread+0x10/0x10
[   21.086469]  ret_from_fork+0x41/0x80
[   21.086500]  ? __pfx_kthread+0x10/0x10
[   21.086531]  ret_from_fork_asm+0x1a/0x30
[   21.086578]  </TASK>
[   21.086593] 
[   21.104982] Allocated by task 179:
[   21.105961]  kasan_save_stack+0x3d/0x60
[   21.106421]  kasan_save_track+0x18/0x40
[   21.107056]  kasan_save_alloc_info+0x3b/0x50
[   21.107376]  __kasan_krealloc+0x190/0x1f0
[   21.108205]  krealloc_noprof+0xf4/0x370
[   21.108624]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.109660]  krealloc_less_oob+0x1c/0x30
[   21.110092]  kunit_try_run_case+0x1b2/0x490
[   21.110459]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.111017]  kthread+0x323/0x710
[   21.111395]  ret_from_fork+0x41/0x80
[   21.111839]  ret_from_fork_asm+0x1a/0x30
[   21.112445] 
[   21.112667] The buggy address belongs to the object at ffff888100abc400
[   21.112667]  which belongs to the cache kmalloc-256 of size 256
[   21.113639] The buggy address is located 17 bytes to the right of
[   21.113639]  allocated 201-byte region [ffff888100abc400, ffff888100abc4c9)
[   21.114839] 
[   21.115179] The buggy address belongs to the physical page:
[   21.116183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100abc
[   21.116904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.117852] flags: 0x200000000000040(head|node=0|zone=2)
[   21.118356] page_type: f5(slab)
[   21.118853] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.119586] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.120440] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.121881] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.122976] head: 0200000000000001 ffffea000402af01 00000000ffffffff 00000000ffffffff
[   21.123524] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.124423] page dumped because: kasan: bad access detected
[   21.125085] 
[   21.125326] Memory state around the buggy address:
[   21.126174]  ffff888100abc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.126909]  ffff888100abc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.127566] >ffff888100abc480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.128433]                                                     ^
[   21.129148]  ffff888100abc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.129932]  ffff888100abc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.130577] ==================================================================
[   21.424606] ==================================================================
[   21.425929] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   21.426537] Write of size 1 at addr ffff8881026920da by task kunit_try_catch/183
[   21.427221] 
[   21.427506] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.427945] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.427991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.428046] Call Trace:
[   21.428077]  <TASK>
[   21.428135]  dump_stack_lvl+0x73/0xb0
[   21.428214]  print_report+0xd1/0x660
[   21.428279]  ? __virt_addr_valid+0x1db/0x2d0
[   21.428400]  ? kasan_addr_to_slab+0x11/0xa0
[   21.428467]  kasan_report+0x104/0x140
[   21.428524]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.428597]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.429098]  __asan_report_store1_noabort+0x1b/0x30
[   21.429218]  krealloc_less_oob_helper+0xec6/0x11d0
[   21.429301]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.429371]  ? finish_task_switch.isra.0+0x153/0x730
[   21.429416]  ? __switch_to+0x5d9/0xf70
[   21.429455]  ? __schedule+0xd46/0x29c0
[   21.429486]  ? __pfx_read_tsc+0x10/0x10
[   21.429522]  krealloc_large_less_oob+0x1c/0x30
[   21.429556]  kunit_try_run_case+0x1b2/0x490
[   21.429590]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.429621]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.429653]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.429752]  ? __kthread_parkme+0x82/0x160
[   21.429843]  ? preempt_count_sub+0x50/0x80
[   21.429922]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.429988]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.430037]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.430071]  kthread+0x323/0x710
[   21.430131]  ? trace_preempt_on+0x20/0xc0
[   21.430176]  ? __pfx_kthread+0x10/0x10
[   21.430211]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.430241]  ? calculate_sigpending+0x7b/0xa0
[   21.430282]  ? __pfx_kthread+0x10/0x10
[   21.430314]  ret_from_fork+0x41/0x80
[   21.430356]  ? __pfx_kthread+0x10/0x10
[   21.430387]  ret_from_fork_asm+0x1a/0x30
[   21.430444]  </TASK>
[   21.430460] 
[   21.449840] The buggy address belongs to the physical page:
[   21.451719] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102690
[   21.452514] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.452927] flags: 0x200000000000040(head|node=0|zone=2)
[   21.454030] page_type: f8(unknown)
[   21.454501] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.456145] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.456663] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.457740] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.458622] head: 0200000000000002 ffffea000409a401 00000000ffffffff 00000000ffffffff
[   21.459482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.460047] page dumped because: kasan: bad access detected
[   21.460571] 
[   21.460769] Memory state around the buggy address:
[   21.462140]  ffff888102691f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.462539]  ffff888102692000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.463554] >ffff888102692080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.464429]                                                     ^
[   21.465445]  ffff888102692100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.466861]  ffff888102692180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.467321] ==================================================================
[   21.384825] ==================================================================
[   21.385343] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   21.385755] Write of size 1 at addr ffff8881026920d0 by task kunit_try_catch/183
[   21.386569] 
[   21.386876] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.387000] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.387033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.387087] Call Trace:
[   21.387140]  <TASK>
[   21.387176]  dump_stack_lvl+0x73/0xb0
[   21.387251]  print_report+0xd1/0x660
[   21.387315]  ? __virt_addr_valid+0x1db/0x2d0
[   21.387581]  ? kasan_addr_to_slab+0x11/0xa0
[   21.387851]  kasan_report+0x104/0x140
[   21.387922]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.388001]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.388081]  __asan_report_store1_noabort+0x1b/0x30
[   21.388171]  krealloc_less_oob_helper+0xe23/0x11d0
[   21.388220]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.388256]  ? finish_task_switch.isra.0+0x153/0x730
[   21.388295]  ? __switch_to+0x5d9/0xf70
[   21.388333]  ? __schedule+0xd46/0x29c0
[   21.388364]  ? __pfx_read_tsc+0x10/0x10
[   21.388400]  krealloc_large_less_oob+0x1c/0x30
[   21.388433]  kunit_try_run_case+0x1b2/0x490
[   21.388468]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.388499]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.388529]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.388560]  ? __kthread_parkme+0x82/0x160
[   21.388590]  ? preempt_count_sub+0x50/0x80
[   21.388625]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.388658]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.388902]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.388996]  kthread+0x323/0x710
[   21.389059]  ? trace_preempt_on+0x20/0xc0
[   21.389151]  ? __pfx_kthread+0x10/0x10
[   21.389212]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.389269]  ? calculate_sigpending+0x7b/0xa0
[   21.389326]  ? __pfx_kthread+0x10/0x10
[   21.389386]  ret_from_fork+0x41/0x80
[   21.389450]  ? __pfx_kthread+0x10/0x10
[   21.389511]  ret_from_fork_asm+0x1a/0x30
[   21.389592]  </TASK>
[   21.389620] 
[   21.408556] The buggy address belongs to the physical page:
[   21.409613] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102690
[   21.410416] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.411314] flags: 0x200000000000040(head|node=0|zone=2)
[   21.412154] page_type: f8(unknown)
[   21.412542] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.413554] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.414022] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.414731] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.415438] head: 0200000000000002 ffffea000409a401 00000000ffffffff 00000000ffffffff
[   21.416450] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.417443] page dumped because: kasan: bad access detected
[   21.418133] 
[   21.418353] Memory state around the buggy address:
[   21.419095]  ffff888102691f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.419904]  ffff888102692000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.420659] >ffff888102692080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.421803]                                                  ^
[   21.422102]  ffff888102692100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.422972]  ffff888102692180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.423586] ==================================================================
[   20.969623] ==================================================================
[   20.970392] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   20.971141] Write of size 1 at addr ffff888100abc4c9 by task kunit_try_catch/179
[   20.971740] 
[   20.972083] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   20.972237] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.972271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   20.972327] Call Trace:
[   20.972357]  <TASK>
[   20.972390]  dump_stack_lvl+0x73/0xb0
[   20.972468]  print_report+0xd1/0x660
[   20.972534]  ? __virt_addr_valid+0x1db/0x2d0
[   20.972649]  ? kasan_complete_mode_report_info+0x2a/0x200
[   20.972847]  kasan_report+0x104/0x140
[   20.972922]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   20.972994]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   20.973072]  __asan_report_store1_noabort+0x1b/0x30
[   20.973164]  krealloc_less_oob_helper+0xd70/0x11d0
[   20.973242]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   20.973305]  ? finish_task_switch.isra.0+0x153/0x730
[   20.973369]  ? __switch_to+0x5d9/0xf70
[   20.973445]  ? __schedule+0xd46/0x29c0
[   20.973506]  ? __pfx_read_tsc+0x10/0x10
[   20.973574]  krealloc_less_oob+0x1c/0x30
[   20.973638]  kunit_try_run_case+0x1b2/0x490
[   20.973734]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.973799]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   20.973861]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   20.973921]  ? __kthread_parkme+0x82/0x160
[   20.973982]  ? preempt_count_sub+0x50/0x80
[   20.974050]  ? __pfx_kunit_try_run_case+0x10/0x10
[   20.974136]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   20.974237]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   20.974279]  kthread+0x323/0x710
[   20.974310]  ? trace_preempt_on+0x20/0xc0
[   20.974345]  ? __pfx_kthread+0x10/0x10
[   20.974376]  ? _raw_spin_unlock_irq+0x47/0x80
[   20.974407]  ? calculate_sigpending+0x7b/0xa0
[   20.974437]  ? __pfx_kthread+0x10/0x10
[   20.974469]  ret_from_fork+0x41/0x80
[   20.974502]  ? __pfx_kthread+0x10/0x10
[   20.974533]  ret_from_fork_asm+0x1a/0x30
[   20.974579]  </TASK>
[   20.974594] 
[   21.001916] Allocated by task 179:
[   21.002316]  kasan_save_stack+0x3d/0x60
[   21.002747]  kasan_save_track+0x18/0x40
[   21.004144]  kasan_save_alloc_info+0x3b/0x50
[   21.004499]  __kasan_krealloc+0x190/0x1f0
[   21.004800]  krealloc_noprof+0xf4/0x370
[   21.005238]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.005912]  krealloc_less_oob+0x1c/0x30
[   21.006405]  kunit_try_run_case+0x1b2/0x490
[   21.007018]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.007662]  kthread+0x323/0x710
[   21.008534]  ret_from_fork+0x41/0x80
[   21.009082]  ret_from_fork_asm+0x1a/0x30
[   21.009511] 
[   21.009880] The buggy address belongs to the object at ffff888100abc400
[   21.009880]  which belongs to the cache kmalloc-256 of size 256
[   21.010928] The buggy address is located 0 bytes to the right of
[   21.010928]  allocated 201-byte region [ffff888100abc400, ffff888100abc4c9)
[   21.011896] 
[   21.012155] The buggy address belongs to the physical page:
[   21.012660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100abc
[   21.013561] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.014235] flags: 0x200000000000040(head|node=0|zone=2)
[   21.014752] page_type: f5(slab)
[   21.015016] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.016357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.017212] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.017866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.018487] head: 0200000000000001 ffffea000402af01 00000000ffffffff 00000000ffffffff
[   21.019608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.020370] page dumped because: kasan: bad access detected
[   21.021077] 
[   21.021288] Memory state around the buggy address:
[   21.021884]  ffff888100abc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.022395]  ffff888100abc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.023137] >ffff888100abc480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.024176]                                               ^
[   21.024882]  ffff888100abc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.025440]  ffff888100abc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.026014] ==================================================================
[   21.132458] ==================================================================
[   21.132989] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   21.133666] Write of size 1 at addr ffff888100abc4ea by task kunit_try_catch/179
[   21.134284] 
[   21.134532] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.134657] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.134860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.134927] Call Trace:
[   21.134960]  <TASK>
[   21.134993]  dump_stack_lvl+0x73/0xb0
[   21.135070]  print_report+0xd1/0x660
[   21.135154]  ? __virt_addr_valid+0x1db/0x2d0
[   21.135278]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.135348]  kasan_report+0x104/0x140
[   21.135405]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.135474]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.135552]  __asan_report_store1_noabort+0x1b/0x30
[   21.135641]  krealloc_less_oob_helper+0xe90/0x11d0
[   21.135908]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.136004]  ? finish_task_switch.isra.0+0x153/0x730
[   21.136070]  ? __switch_to+0x5d9/0xf70
[   21.136165]  ? __schedule+0xd46/0x29c0
[   21.136226]  ? __pfx_read_tsc+0x10/0x10
[   21.136292]  krealloc_less_oob+0x1c/0x30
[   21.136360]  kunit_try_run_case+0x1b2/0x490
[   21.136425]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.136484]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.136541]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.136599]  ? __kthread_parkme+0x82/0x160
[   21.136654]  ? preempt_count_sub+0x50/0x80
[   21.136915]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.136987]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.137054]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.137138]  kthread+0x323/0x710
[   21.137198]  ? trace_preempt_on+0x20/0xc0
[   21.137262]  ? __pfx_kthread+0x10/0x10
[   21.137318]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.137359]  ? calculate_sigpending+0x7b/0xa0
[   21.137391]  ? __pfx_kthread+0x10/0x10
[   21.137423]  ret_from_fork+0x41/0x80
[   21.137458]  ? __pfx_kthread+0x10/0x10
[   21.137489]  ret_from_fork_asm+0x1a/0x30
[   21.137538]  </TASK>
[   21.137554] 
[   21.153327] Allocated by task 179:
[   21.153639]  kasan_save_stack+0x3d/0x60
[   21.156080]  kasan_save_track+0x18/0x40
[   21.156508]  kasan_save_alloc_info+0x3b/0x50
[   21.158234]  __kasan_krealloc+0x190/0x1f0
[   21.158607]  krealloc_noprof+0xf4/0x370
[   21.160016]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.160769]  krealloc_less_oob+0x1c/0x30
[   21.161154]  kunit_try_run_case+0x1b2/0x490
[   21.161539]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.163042]  kthread+0x323/0x710
[   21.163358]  ret_from_fork+0x41/0x80
[   21.163656]  ret_from_fork_asm+0x1a/0x30
[   21.164290] 
[   21.164510] The buggy address belongs to the object at ffff888100abc400
[   21.164510]  which belongs to the cache kmalloc-256 of size 256
[   21.165388] The buggy address is located 33 bytes to the right of
[   21.165388]  allocated 201-byte region [ffff888100abc400, ffff888100abc4c9)
[   21.167483] 
[   21.168010] The buggy address belongs to the physical page:
[   21.168442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100abc
[   21.169635] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.170506] flags: 0x200000000000040(head|node=0|zone=2)
[   21.171072] page_type: f5(slab)
[   21.172027] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.172588] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.174163] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.175333] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.175913] head: 0200000000000001 ffffea000402af01 00000000ffffffff 00000000ffffffff
[   21.177215] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.177723] page dumped because: kasan: bad access detected
[   21.178604] 
[   21.178835] Memory state around the buggy address:
[   21.179713]  ffff888100abc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.180524]  ffff888100abc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.181297] >ffff888100abc480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.182323]                                                           ^
[   21.183468]  ffff888100abc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.184594]  ffff888100abc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.185158] ==================================================================
[   21.514590] ==================================================================
[   21.515226] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   21.515670] Write of size 1 at addr ffff8881026920eb by task kunit_try_catch/183
[   21.516256] 
[   21.516633] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.516923] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.516959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.517010] Call Trace:
[   21.517039]  <TASK>
[   21.517071]  dump_stack_lvl+0x73/0xb0
[   21.517212]  print_report+0xd1/0x660
[   21.517285]  ? __virt_addr_valid+0x1db/0x2d0
[   21.517406]  ? kasan_addr_to_slab+0x11/0xa0
[   21.517473]  kasan_report+0x104/0x140
[   21.517532]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.517603]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.519215]  __asan_report_store1_noabort+0x1b/0x30
[   21.519311]  krealloc_less_oob_helper+0xd47/0x11d0
[   21.519399]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.519486]  ? finish_task_switch.isra.0+0x153/0x730
[   21.519551]  ? __switch_to+0x5d9/0xf70
[   21.519648]  ? __schedule+0xd46/0x29c0
[   21.519725]  ? __pfx_read_tsc+0x10/0x10
[   21.519801]  krealloc_large_less_oob+0x1c/0x30
[   21.519871]  kunit_try_run_case+0x1b2/0x490
[   21.519952]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.520014]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.520073]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.520165]  ? __kthread_parkme+0x82/0x160
[   21.520231]  ? preempt_count_sub+0x50/0x80
[   21.520296]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.520356]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.520417]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.520477]  kthread+0x323/0x710
[   21.520530]  ? trace_preempt_on+0x20/0xc0
[   21.520588]  ? __pfx_kthread+0x10/0x10
[   21.520643]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.520694]  ? calculate_sigpending+0x7b/0xa0
[   21.520753]  ? __pfx_kthread+0x10/0x10
[   21.520818]  ret_from_fork+0x41/0x80
[   21.520873]  ? __pfx_kthread+0x10/0x10
[   21.520929]  ret_from_fork_asm+0x1a/0x30
[   21.521018]  </TASK>
[   21.521047] 
[   21.541004] The buggy address belongs to the physical page:
[   21.541553] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102690
[   21.543215] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.544239] flags: 0x200000000000040(head|node=0|zone=2)
[   21.545516] page_type: f8(unknown)
[   21.546277] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.547219] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.548130] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.548848] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.549915] head: 0200000000000002 ffffea000409a401 00000000ffffffff 00000000ffffffff
[   21.550554] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.551565] page dumped because: kasan: bad access detected
[   21.552174] 
[   21.552570] Memory state around the buggy address:
[   21.553436]  ffff888102691f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.554799]  ffff888102692000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.555538] >ffff888102692080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.556134]                                                           ^
[   21.556706]  ffff888102692100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.557366]  ffff888102692180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.558042] ==================================================================
[   21.468923] ==================================================================
[   21.469710] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   21.471572] Write of size 1 at addr ffff8881026920ea by task kunit_try_catch/183
[   21.472513] 
[   21.472991] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.473154] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.473192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.473246] Call Trace:
[   21.473278]  <TASK>
[   21.473314]  dump_stack_lvl+0x73/0xb0
[   21.473388]  print_report+0xd1/0x660
[   21.473427]  ? __virt_addr_valid+0x1db/0x2d0
[   21.473491]  ? kasan_addr_to_slab+0x11/0xa0
[   21.473525]  kasan_report+0x104/0x140
[   21.473554]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.473591]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.473633]  __asan_report_store1_noabort+0x1b/0x30
[   21.473664]  krealloc_less_oob_helper+0xe90/0x11d0
[   21.473777]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.473861]  ? finish_task_switch.isra.0+0x153/0x730
[   21.473904]  ? __switch_to+0x5d9/0xf70
[   21.473942]  ? __schedule+0xd46/0x29c0
[   21.473973]  ? __pfx_read_tsc+0x10/0x10
[   21.474008]  krealloc_large_less_oob+0x1c/0x30
[   21.474042]  kunit_try_run_case+0x1b2/0x490
[   21.474077]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.474128]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.474162]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.474194]  ? __kthread_parkme+0x82/0x160
[   21.474225]  ? preempt_count_sub+0x50/0x80
[   21.474259]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.474293]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.474326]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.474359]  kthread+0x323/0x710
[   21.474388]  ? trace_preempt_on+0x20/0xc0
[   21.474422]  ? __pfx_kthread+0x10/0x10
[   21.474453]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.474482]  ? calculate_sigpending+0x7b/0xa0
[   21.474512]  ? __pfx_kthread+0x10/0x10
[   21.474543]  ret_from_fork+0x41/0x80
[   21.474574]  ? __pfx_kthread+0x10/0x10
[   21.474606]  ret_from_fork_asm+0x1a/0x30
[   21.474652]  </TASK>
[   21.474667] 
[   21.493612] The buggy address belongs to the physical page:
[   21.494497] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102690
[   21.495483] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.496520] flags: 0x200000000000040(head|node=0|zone=2)
[   21.497545] page_type: f8(unknown)
[   21.498281] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.498989] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.499984] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.500619] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.501963] head: 0200000000000002 ffffea000409a401 00000000ffffffff 00000000ffffffff
[   21.502641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.504182] page dumped because: kasan: bad access detected
[   21.504964] 
[   21.505861] Memory state around the buggy address:
[   21.506232]  ffff888102691f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.507428]  ffff888102692000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.508191] >ffff888102692080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.508816]                                                           ^
[   21.509877]  ffff888102692100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.510523]  ffff888102692180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.511071] ==================================================================
[   21.345420] ==================================================================
[   21.346682] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   21.347289] Write of size 1 at addr ffff8881026920c9 by task kunit_try_catch/183
[   21.348066] 
[   21.348334] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.348456] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.348493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.348553] Call Trace:
[   21.348586]  <TASK>
[   21.348626]  dump_stack_lvl+0x73/0xb0
[   21.349173]  print_report+0xd1/0x660
[   21.349261]  ? __virt_addr_valid+0x1db/0x2d0
[   21.349385]  ? kasan_addr_to_slab+0x11/0xa0
[   21.349454]  kasan_report+0x104/0x140
[   21.349515]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.349586]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.349665]  __asan_report_store1_noabort+0x1b/0x30
[   21.349981]  krealloc_less_oob_helper+0xd70/0x11d0
[   21.350029]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.350066]  ? finish_task_switch.isra.0+0x153/0x730
[   21.350102]  ? __switch_to+0x5d9/0xf70
[   21.350187]  ? __schedule+0xd46/0x29c0
[   21.350221]  ? __pfx_read_tsc+0x10/0x10
[   21.350258]  krealloc_large_less_oob+0x1c/0x30
[   21.350292]  kunit_try_run_case+0x1b2/0x490
[   21.350330]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.350361]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.350392]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.350423]  ? __kthread_parkme+0x82/0x160
[   21.350454]  ? preempt_count_sub+0x50/0x80
[   21.350489]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.350522]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.350555]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.350588]  kthread+0x323/0x710
[   21.350617]  ? trace_preempt_on+0x20/0xc0
[   21.350651]  ? __pfx_kthread+0x10/0x10
[   21.350762]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.350854]  ? calculate_sigpending+0x7b/0xa0
[   21.350895]  ? __pfx_kthread+0x10/0x10
[   21.350928]  ret_from_fork+0x41/0x80
[   21.350962]  ? __pfx_kthread+0x10/0x10
[   21.350993]  ret_from_fork_asm+0x1a/0x30
[   21.351042]  </TASK>
[   21.351060] 
[   21.368088] The buggy address belongs to the physical page:
[   21.368454] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102690
[   21.369066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.369928] flags: 0x200000000000040(head|node=0|zone=2)
[   21.370473] page_type: f8(unknown)
[   21.371353] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.372194] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.372923] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.373565] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   21.374342] head: 0200000000000002 ffffea000409a401 00000000ffffffff 00000000ffffffff
[   21.375012] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.377994] page dumped because: kasan: bad access detected
[   21.378460] 
[   21.378687] Memory state around the buggy address:
[   21.379576]  ffff888102691f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.379992]  ffff888102692000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.381067] >ffff888102692080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.381534]                                               ^
[   21.382141]  ffff888102692100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.382609]  ffff888102692180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.384030] ==================================================================
[   21.186170] ==================================================================
[   21.186651] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   21.187069] Write of size 1 at addr ffff888100abc4eb by task kunit_try_catch/179
[   21.189222] 
[   21.189491] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.189613] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.189646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.189695] Call Trace:
[   21.189777]  <TASK>
[   21.189815]  dump_stack_lvl+0x73/0xb0
[   21.189889]  print_report+0xd1/0x660
[   21.189950]  ? __virt_addr_valid+0x1db/0x2d0
[   21.190071]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.190172]  kasan_report+0x104/0x140
[   21.190214]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.190254]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.190298]  __asan_report_store1_noabort+0x1b/0x30
[   21.190330]  krealloc_less_oob_helper+0xd47/0x11d0
[   21.190369]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.190404]  ? finish_task_switch.isra.0+0x153/0x730
[   21.190437]  ? __switch_to+0x5d9/0xf70
[   21.190475]  ? __schedule+0xd46/0x29c0
[   21.190505]  ? __pfx_read_tsc+0x10/0x10
[   21.190541]  krealloc_less_oob+0x1c/0x30
[   21.190573]  kunit_try_run_case+0x1b2/0x490
[   21.190608]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.190639]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.190670]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.190701]  ? __kthread_parkme+0x82/0x160
[   21.190758]  ? preempt_count_sub+0x50/0x80
[   21.190796]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.190831]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.190865]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.190898]  kthread+0x323/0x710
[   21.190928]  ? trace_preempt_on+0x20/0xc0
[   21.190964]  ? __pfx_kthread+0x10/0x10
[   21.190996]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.191025]  ? calculate_sigpending+0x7b/0xa0
[   21.191056]  ? __pfx_kthread+0x10/0x10
[   21.191088]  ret_from_fork+0x41/0x80
[   21.191149]  ? __pfx_kthread+0x10/0x10
[   21.191204]  ret_from_fork_asm+0x1a/0x30
[   21.191253]  </TASK>
[   21.191269] 
[   21.207772] Allocated by task 179:
[   21.208174]  kasan_save_stack+0x3d/0x60
[   21.208604]  kasan_save_track+0x18/0x40
[   21.209296]  kasan_save_alloc_info+0x3b/0x50
[   21.210254]  __kasan_krealloc+0x190/0x1f0
[   21.211001]  krealloc_noprof+0xf4/0x370
[   21.211664]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.212247]  krealloc_less_oob+0x1c/0x30
[   21.212677]  kunit_try_run_case+0x1b2/0x490
[   21.213398]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.213871]  kthread+0x323/0x710
[   21.215155]  ret_from_fork+0x41/0x80
[   21.216174]  ret_from_fork_asm+0x1a/0x30
[   21.216731] 
[   21.216974] The buggy address belongs to the object at ffff888100abc400
[   21.216974]  which belongs to the cache kmalloc-256 of size 256
[   21.217574] The buggy address is located 34 bytes to the right of
[   21.217574]  allocated 201-byte region [ffff888100abc400, ffff888100abc4c9)
[   21.218962] 
[   21.219301] The buggy address belongs to the physical page:
[   21.220018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100abc
[   21.221084] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.222141] flags: 0x200000000000040(head|node=0|zone=2)
[   21.223308] page_type: f5(slab)
[   21.223605] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.224331] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.225201] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.225599] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.225987] head: 0200000000000001 ffffea000402af01 00000000ffffffff 00000000ffffffff
[   21.226527] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.227799] page dumped because: kasan: bad access detected
[   21.228739] 
[   21.229839] Memory state around the buggy address:
[   21.230330]  ffff888100abc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.231169]  ffff888100abc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.232164] >ffff888100abc480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.232869]                                                           ^
[   21.233569]  ffff888100abc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.234776]  ffff888100abc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.235425] ==================================================================
[   21.028235] ==================================================================
[   21.028853] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   21.030654] Write of size 1 at addr ffff888100abc4d0 by task kunit_try_catch/179
[   21.031503] 
[   21.031897] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) 
[   21.032037] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.032072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.032145] Call Trace:
[   21.032179]  <TASK>
[   21.032216]  dump_stack_lvl+0x73/0xb0
[   21.032291]  print_report+0xd1/0x660
[   21.032354]  ? __virt_addr_valid+0x1db/0x2d0
[   21.032471]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.032540]  kasan_report+0x104/0x140
[   21.032593]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.032662]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.032935]  __asan_report_store1_noabort+0x1b/0x30
[   21.033007]  krealloc_less_oob_helper+0xe23/0x11d0
[   21.033082]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.033178]  ? finish_task_switch.isra.0+0x153/0x730
[   21.033218]  ? __switch_to+0x5d9/0xf70
[   21.033258]  ? __schedule+0xd46/0x29c0
[   21.033289]  ? __pfx_read_tsc+0x10/0x10
[   21.033324]  krealloc_less_oob+0x1c/0x30
[   21.033357]  kunit_try_run_case+0x1b2/0x490
[   21.033393]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.033424]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.033454]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.033485]  ? __kthread_parkme+0x82/0x160
[   21.033515]  ? preempt_count_sub+0x50/0x80
[   21.033550]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.033583]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.033615]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.033647]  kthread+0x323/0x710
[   21.033693]  ? trace_preempt_on+0x20/0xc0
[   21.034055]  ? __pfx_kthread+0x10/0x10
[   21.034090]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.034145]  ? calculate_sigpending+0x7b/0xa0
[   21.034178]  ? __pfx_kthread+0x10/0x10
[   21.034210]  ret_from_fork+0x41/0x80
[   21.034243]  ? __pfx_kthread+0x10/0x10
[   21.034275]  ret_from_fork_asm+0x1a/0x30
[   21.034322]  </TASK>
[   21.034337] 
[   21.052884] Allocated by task 179:
[   21.053481]  kasan_save_stack+0x3d/0x60
[   21.054367]  kasan_save_track+0x18/0x40
[   21.055033]  kasan_save_alloc_info+0x3b/0x50
[   21.055625]  __kasan_krealloc+0x190/0x1f0
[   21.056350]  krealloc_noprof+0xf4/0x370
[   21.056887]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.057290]  krealloc_less_oob+0x1c/0x30
[   21.057942]  kunit_try_run_case+0x1b2/0x490
[   21.058425]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.059474]  kthread+0x323/0x710
[   21.060206]  ret_from_fork+0x41/0x80
[   21.060542]  ret_from_fork_asm+0x1a/0x30
[   21.061278] 
[   21.061506] The buggy address belongs to the object at ffff888100abc400
[   21.061506]  which belongs to the cache kmalloc-256 of size 256
[   21.062655] The buggy address is located 7 bytes to the right of
[   21.062655]  allocated 201-byte region [ffff888100abc400, ffff888100abc4c9)
[   21.063461] 
[   21.064258] The buggy address belongs to the physical page:
[   21.065028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100abc
[   21.065987] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.066660] flags: 0x200000000000040(head|node=0|zone=2)
[   21.067450] page_type: f5(slab)
[   21.068062] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.069367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.070147] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.070687] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.071427] head: 0200000000000001 ffffea000402af01 00000000ffffffff 00000000ffffffff
[   21.072068] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.072766] page dumped because: kasan: bad access detected
[   21.073443] 
[   21.073600] Memory state around the buggy address:
[   21.074229]  ffff888100abc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.075168]  ffff888100abc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.075636] >ffff888100abc480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.076811]                                                  ^
[   21.077453]  ffff888100abc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.078288]  ffff888100abc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.078787] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2uX2DZIoykoCuhH4arMoBy977bK

job_id

TEST:linaro@lkft#2uX2JXgeaQCkFWN6K2jCSXXvmhK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2uX2JXgeaQCkFWN6K2jCSXXvmhK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/bzImage
sha256sum	2bc7cc1a2590cb344ef11815bf2840b058232038476951f62f559ac8b93bacea

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	c0721a415598e62660bcf524e126ecf297cac7ec4f7068a53fb00c57f9cd4051

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2uX2GLAurqOjIK7d0WUOat3cllr/modules.tar.xz
sha256sum	d7478c4852fdaca9c987642c2f409eace66511759906fa95e3a9d660c25bf7f6

durations

tests

boot	0
kunit	63.53

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.1+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit