lkft/linux-stable-rc-linux-6.14.y - v6.14.10-25-g1927b72132da - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.383086] ==================================================================
[   22.383786] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   22.384767] Write of size 1 at addr fff00000c64a60d0 by task kunit_try_catch/151
[   22.385914] 
[   22.386284] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.386502] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.386579] Hardware name: linux,dummy-virt (DT)
[   22.386664] Call trace:
[   22.386732]  show_stack+0x20/0x38 (C)
[   22.386868]  dump_stack_lvl+0x8c/0xd0
[   22.386972]  print_report+0x118/0x608
[   22.387031]  kasan_report+0xdc/0x128
[   22.387088]  __asan_report_store1_noabort+0x20/0x30
[   22.387147]  krealloc_less_oob_helper+0xb9c/0xc50
[   22.387206]  krealloc_large_less_oob+0x20/0x38
[   22.387264]  kunit_try_run_case+0x170/0x3f0
[   22.387326]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.387389]  kthread+0x318/0x620
[   22.387446]  ret_from_fork+0x10/0x20
[   22.387505] 
[   22.394844] The buggy address belongs to the physical page:
[   22.395508] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064a4
[   22.396286] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.397934] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.398693] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.399480] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.400257] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.401315] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.402070] head: 0bfffe0000000002 ffffc1ffc3192901 ffffffffffffffff 0000000000000000
[   22.402858] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.404154] page dumped because: kasan: bad access detected
[   22.404736] 
[   22.405978] Memory state around the buggy address:
[   22.406523]  fff00000c64a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.407311]  fff00000c64a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.408139] >fff00000c64a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.408827]                                                  ^
[   22.409487]  fff00000c64a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.410776]  fff00000c64a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.411468] ==================================================================
[   22.187112] ==================================================================
[   22.187910] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   22.188726] Write of size 1 at addr fff00000c4755cea by task kunit_try_catch/147
[   22.189416] 
[   22.190962] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.191175] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.191242] Hardware name: linux,dummy-virt (DT)
[   22.191282] Call trace:
[   22.191311]  show_stack+0x20/0x38 (C)
[   22.191377]  dump_stack_lvl+0x8c/0xd0
[   22.191435]  print_report+0x118/0x608
[   22.191493]  kasan_report+0xdc/0x128
[   22.191548]  __asan_report_store1_noabort+0x20/0x30
[   22.191605]  krealloc_less_oob_helper+0xae4/0xc50
[   22.191663]  krealloc_less_oob+0x20/0x38
[   22.191718]  kunit_try_run_case+0x170/0x3f0
[   22.191774]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.191836]  kthread+0x318/0x620
[   22.191917]  ret_from_fork+0x10/0x20
[   22.191983] 
[   22.200182] Allocated by task 147:
[   22.200674]  kasan_save_stack+0x3c/0x68
[   22.202109]  kasan_save_track+0x20/0x40
[   22.202610]  kasan_save_alloc_info+0x40/0x58
[   22.203155]  __kasan_krealloc+0x118/0x178
[   22.203669]  krealloc_noprof+0x128/0x360
[   22.204204]  krealloc_less_oob_helper+0x168/0xc50
[   22.204749]  krealloc_less_oob+0x20/0x38
[   22.205791]  kunit_try_run_case+0x170/0x3f0
[   22.206351]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.207034]  kthread+0x318/0x620
[   22.207504]  ret_from_fork+0x10/0x20
[   22.208056] 
[   22.208383] The buggy address belongs to the object at fff00000c4755c00
[   22.208383]  which belongs to the cache kmalloc-256 of size 256
[   22.209772] The buggy address is located 33 bytes to the right of
[   22.209772]  allocated 201-byte region [fff00000c4755c00, fff00000c4755cc9)
[   22.211740] 
[   22.211908] The buggy address belongs to the physical page:
[   22.212166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104754
[   22.212511] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.212834] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.214077] page_type: f5(slab)
[   22.214603] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.215462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.216372] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.217106] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.217989] head: 0bfffe0000000001 ffffc1ffc311d501 ffffffffffffffff 0000000000000000
[   22.218603] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.220594] page dumped because: kasan: bad access detected
[   22.223007] 
[   22.223465] Memory state around the buggy address:
[   22.225081]  fff00000c4755b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.225872]  fff00000c4755c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.228269] >fff00000c4755c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.228765]                                                           ^
[   22.230227]  fff00000c4755d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.230753]  fff00000c4755d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.232680] ==================================================================
[   22.056523] ==================================================================
[   22.057728] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   22.058481] Write of size 1 at addr fff00000c4755cc9 by task kunit_try_catch/147
[   22.059227] 
[   22.059546] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.059761] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.059838] Hardware name: linux,dummy-virt (DT)
[   22.059946] Call trace:
[   22.060016]  show_stack+0x20/0x38 (C)
[   22.060153]  dump_stack_lvl+0x8c/0xd0
[   22.060271]  print_report+0x118/0x608
[   22.060382]  kasan_report+0xdc/0x128
[   22.060512]  __asan_report_store1_noabort+0x20/0x30
[   22.060652]  krealloc_less_oob_helper+0xa48/0xc50
[   22.060770]  krealloc_less_oob+0x20/0x38
[   22.060919]  kunit_try_run_case+0x170/0x3f0
[   22.061109]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.061253]  kthread+0x318/0x620
[   22.061388]  ret_from_fork+0x10/0x20
[   22.061524] 
[   22.068109] Allocated by task 147:
[   22.068592]  kasan_save_stack+0x3c/0x68
[   22.069551]  kasan_save_track+0x20/0x40
[   22.070132]  kasan_save_alloc_info+0x40/0x58
[   22.070757]  __kasan_krealloc+0x118/0x178
[   22.071234]  krealloc_noprof+0x128/0x360
[   22.071813]  krealloc_less_oob_helper+0x168/0xc50
[   22.072435]  krealloc_less_oob+0x20/0x38
[   22.072972]  kunit_try_run_case+0x170/0x3f0
[   22.074403]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.075005]  kthread+0x318/0x620
[   22.075468]  ret_from_fork+0x10/0x20
[   22.075977] 
[   22.076277] The buggy address belongs to the object at fff00000c4755c00
[   22.076277]  which belongs to the cache kmalloc-256 of size 256
[   22.077787] The buggy address is located 0 bytes to the right of
[   22.077787]  allocated 201-byte region [fff00000c4755c00, fff00000c4755cc9)
[   22.078998] 
[   22.079329] The buggy address belongs to the physical page:
[   22.079910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104754
[   22.080800] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.081952] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.082675] page_type: f5(slab)
[   22.083183] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.083957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.084721] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.085950] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.086692] head: 0bfffe0000000001 ffffc1ffc311d501 ffffffffffffffff 0000000000000000
[   22.087423] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.088078] page dumped because: kasan: bad access detected
[   22.088680] 
[   22.088982] Memory state around the buggy address:
[   22.089604]  fff00000c4755b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.090286]  fff00000c4755c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.091099] >fff00000c4755c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.091970]                                               ^
[   22.092545]  fff00000c4755d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.093255]  fff00000c4755d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.094099] ==================================================================
[   22.095828] ==================================================================
[   22.096679] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   22.097526] Write of size 1 at addr fff00000c4755cd0 by task kunit_try_catch/147
[   22.098533] 
[   22.098849] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.099070] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.099146] Hardware name: linux,dummy-virt (DT)
[   22.099230] Call trace:
[   22.099293]  show_stack+0x20/0x38 (C)
[   22.099421]  dump_stack_lvl+0x8c/0xd0
[   22.099540]  print_report+0x118/0x608
[   22.099707]  kasan_report+0xdc/0x128
[   22.099847]  __asan_report_store1_noabort+0x20/0x30
[   22.100017]  krealloc_less_oob_helper+0xb9c/0xc50
[   22.100160]  krealloc_less_oob+0x20/0x38
[   22.100290]  kunit_try_run_case+0x170/0x3f0
[   22.100406]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.100524]  kthread+0x318/0x620
[   22.100629]  ret_from_fork+0x10/0x20
[   22.100747] 
[   22.111560] Allocated by task 147:
[   22.114263]  kasan_save_stack+0x3c/0x68
[   22.114637]  kasan_save_track+0x20/0x40
[   22.114985]  kasan_save_alloc_info+0x40/0x58
[   22.115863]  __kasan_krealloc+0x118/0x178
[   22.116778]  krealloc_noprof+0x128/0x360
[   22.118252]  krealloc_less_oob_helper+0x168/0xc50
[   22.118720]  krealloc_less_oob+0x20/0x38
[   22.119531]  kunit_try_run_case+0x170/0x3f0
[   22.120205]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.120985]  kthread+0x318/0x620
[   22.121742]  ret_from_fork+0x10/0x20
[   22.122298] 
[   22.122631] The buggy address belongs to the object at fff00000c4755c00
[   22.122631]  which belongs to the cache kmalloc-256 of size 256
[   22.123770] The buggy address is located 7 bytes to the right of
[   22.123770]  allocated 201-byte region [fff00000c4755c00, fff00000c4755cc9)
[   22.124851] 
[   22.125262] The buggy address belongs to the physical page:
[   22.126421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104754
[   22.127291] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.127990] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.129306] page_type: f5(slab)
[   22.129764] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.130569] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.131461] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.132436] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.133766] head: 0bfffe0000000001 ffffc1ffc311d501 ffffffffffffffff 0000000000000000
[   22.134488] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.135270] page dumped because: kasan: bad access detected
[   22.135859] 
[   22.136167] Memory state around the buggy address:
[   22.136711]  fff00000c4755b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.138185]  fff00000c4755c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.139116] >fff00000c4755c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.139811]                                                  ^
[   22.140397]  fff00000c4755d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.141415]  fff00000c4755d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.142633] ==================================================================
[   22.234422] ==================================================================
[   22.235165] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   22.236047] Write of size 1 at addr fff00000c4755ceb by task kunit_try_catch/147
[   22.236798] 
[   22.238102] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.238326] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.238402] Hardware name: linux,dummy-virt (DT)
[   22.238484] Call trace:
[   22.238549]  show_stack+0x20/0x38 (C)
[   22.238687]  dump_stack_lvl+0x8c/0xd0
[   22.238859]  print_report+0x118/0x608
[   22.239027]  kasan_report+0xdc/0x128
[   22.239122]  __asan_report_store1_noabort+0x20/0x30
[   22.239184]  krealloc_less_oob_helper+0xa58/0xc50
[   22.239243]  krealloc_less_oob+0x20/0x38
[   22.239298]  kunit_try_run_case+0x170/0x3f0
[   22.239355]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.239416]  kthread+0x318/0x620
[   22.239469]  ret_from_fork+0x10/0x20
[   22.239526] 
[   22.247283] Allocated by task 147:
[   22.247825]  kasan_save_stack+0x3c/0x68
[   22.248810]  kasan_save_track+0x20/0x40
[   22.249330]  kasan_save_alloc_info+0x40/0x58
[   22.250222]  __kasan_krealloc+0x118/0x178
[   22.250653]  krealloc_noprof+0x128/0x360
[   22.251253]  krealloc_less_oob_helper+0x168/0xc50
[   22.251785]  krealloc_less_oob+0x20/0x38
[   22.252329]  kunit_try_run_case+0x170/0x3f0
[   22.252808]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.254123]  kthread+0x318/0x620
[   22.254678]  ret_from_fork+0x10/0x20
[   22.255131] 
[   22.255452] The buggy address belongs to the object at fff00000c4755c00
[   22.255452]  which belongs to the cache kmalloc-256 of size 256
[   22.256550] The buggy address is located 34 bytes to the right of
[   22.256550]  allocated 201-byte region [fff00000c4755c00, fff00000c4755cc9)
[   22.258430] 
[   22.258743] The buggy address belongs to the physical page:
[   22.259332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104754
[   22.260332] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.261049] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.261796] page_type: f5(slab)
[   22.262979] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.263693] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.264480] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.265333] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.266395] head: 0bfffe0000000001 ffffc1ffc311d501 ffffffffffffffff 0000000000000000
[   22.267188] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.268171] page dumped because: kasan: bad access detected
[   22.268895] 
[   22.269459] Memory state around the buggy address:
[   22.270015]  fff00000c4755b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.270935]  fff00000c4755c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.271667] >fff00000c4755c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.272658]                                                           ^
[   22.273827]  fff00000c4755d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.274790]  fff00000c4755d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.275619] ==================================================================
[   22.443928] ==================================================================
[   22.444500] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   22.445413] Write of size 1 at addr fff00000c64a60ea by task kunit_try_catch/151
[   22.446080] 
[   22.446536] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.446755] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.446976] Hardware name: linux,dummy-virt (DT)
[   22.447061] Call trace:
[   22.447125]  show_stack+0x20/0x38 (C)
[   22.447262]  dump_stack_lvl+0x8c/0xd0
[   22.447398]  print_report+0x118/0x608
[   22.447485]  kasan_report+0xdc/0x128
[   22.447545]  __asan_report_store1_noabort+0x20/0x30
[   22.447606]  krealloc_less_oob_helper+0xae4/0xc50
[   22.447667]  krealloc_large_less_oob+0x20/0x38
[   22.447726]  kunit_try_run_case+0x170/0x3f0
[   22.447786]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.447849]  kthread+0x318/0x620
[   22.447935]  ret_from_fork+0x10/0x20
[   22.447999] 
[   22.456019] The buggy address belongs to the physical page:
[   22.456650] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064a4
[   22.457650] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.458787] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.459615] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.460434] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.461231] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.463101] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.463911] head: 0bfffe0000000002 ffffc1ffc3192901 ffffffffffffffff 0000000000000000
[   22.464645] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.466214] page dumped because: kasan: bad access detected
[   22.466822] 
[   22.467181] Memory state around the buggy address:
[   22.467762]  fff00000c64a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.468503]  fff00000c64a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.469551] >fff00000c64a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.470248]                                                           ^
[   22.471613]  fff00000c64a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.472411]  fff00000c64a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.473232] ==================================================================
[   22.144740] ==================================================================
[   22.145777] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   22.146578] Write of size 1 at addr fff00000c4755cda by task kunit_try_catch/147
[   22.147203] 
[   22.147530] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.147761] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.147828] Hardware name: linux,dummy-virt (DT)
[   22.148531] Call trace:
[   22.148567]  show_stack+0x20/0x38 (C)
[   22.148634]  dump_stack_lvl+0x8c/0xd0
[   22.148693]  print_report+0x118/0x608
[   22.148750]  kasan_report+0xdc/0x128
[   22.148807]  __asan_report_store1_noabort+0x20/0x30
[   22.148865]  krealloc_less_oob_helper+0xa80/0xc50
[   22.148959]  krealloc_less_oob+0x20/0x38
[   22.149085]  kunit_try_run_case+0x170/0x3f0
[   22.149215]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.149344]  kthread+0x318/0x620
[   22.149459]  ret_from_fork+0x10/0x20
[   22.149580] 
[   22.155728] Allocated by task 147:
[   22.156096]  kasan_save_stack+0x3c/0x68
[   22.156539]  kasan_save_track+0x20/0x40
[   22.158174]  kasan_save_alloc_info+0x40/0x58
[   22.158774]  __kasan_krealloc+0x118/0x178
[   22.159450]  krealloc_noprof+0x128/0x360
[   22.160098]  krealloc_less_oob_helper+0x168/0xc50
[   22.160723]  krealloc_less_oob+0x20/0x38
[   22.161464]  kunit_try_run_case+0x170/0x3f0
[   22.162367]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.162990]  kthread+0x318/0x620
[   22.163436]  ret_from_fork+0x10/0x20
[   22.163958] 
[   22.164262] The buggy address belongs to the object at fff00000c4755c00
[   22.164262]  which belongs to the cache kmalloc-256 of size 256
[   22.165377] The buggy address is located 17 bytes to the right of
[   22.165377]  allocated 201-byte region [fff00000c4755c00, fff00000c4755cc9)
[   22.166527] 
[   22.166855] The buggy address belongs to the physical page:
[   22.168812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104754
[   22.169816] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.170556] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.171506] page_type: f5(slab)
[   22.171850] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.172677] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.173942] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.174790] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.176150] head: 0bfffe0000000001 ffffc1ffc311d501 ffffffffffffffff 0000000000000000
[   22.176940] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   22.177698] page dumped because: kasan: bad access detected
[   22.178454] 
[   22.178776] Memory state around the buggy address:
[   22.179650]  fff00000c4755b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.180594]  fff00000c4755c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.181452] >fff00000c4755c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.182106]                                                     ^
[   22.183235]  fff00000c4755d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.184381]  fff00000c4755d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.185442] ==================================================================
[   22.412726] ==================================================================
[   22.413339] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   22.413999] Write of size 1 at addr fff00000c64a60da by task kunit_try_catch/151
[   22.415228] 
[   22.415562] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.415775] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.415851] Hardware name: linux,dummy-virt (DT)
[   22.415954] Call trace:
[   22.416020]  show_stack+0x20/0x38 (C)
[   22.416161]  dump_stack_lvl+0x8c/0xd0
[   22.416306]  print_report+0x118/0x608
[   22.416444]  kasan_report+0xdc/0x128
[   22.416578]  __asan_report_store1_noabort+0x20/0x30
[   22.416722]  krealloc_less_oob_helper+0xa80/0xc50
[   22.416866]  krealloc_large_less_oob+0x20/0x38
[   22.417634]  kunit_try_run_case+0x170/0x3f0
[   22.417763]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.417922]  kthread+0x318/0x620
[   22.418033]  ret_from_fork+0x10/0x20
[   22.418146] 
[   22.424877] The buggy address belongs to the physical page:
[   22.425916] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064a4
[   22.426681] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.427676] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.428476] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.430136] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.430911] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.431763] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.432602] head: 0bfffe0000000002 ffffc1ffc3192901 ffffffffffffffff 0000000000000000
[   22.433558] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.434384] page dumped because: kasan: bad access detected
[   22.435079] 
[   22.435406] Memory state around the buggy address:
[   22.436039]  fff00000c64a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.436753]  fff00000c64a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.438316] >fff00000c64a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.439225]                                                     ^
[   22.439953]  fff00000c64a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.440734]  fff00000c64a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.441541] ==================================================================
[   22.474765] ==================================================================
[   22.476127] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   22.476942] Write of size 1 at addr fff00000c64a60eb by task kunit_try_catch/151
[   22.478660] 
[   22.479083] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.479190] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.479224] Hardware name: linux,dummy-virt (DT)
[   22.479262] Call trace:
[   22.479291]  show_stack+0x20/0x38 (C)
[   22.479358]  dump_stack_lvl+0x8c/0xd0
[   22.479418]  print_report+0x118/0x608
[   22.479476]  kasan_report+0xdc/0x128
[   22.479533]  __asan_report_store1_noabort+0x20/0x30
[   22.479592]  krealloc_less_oob_helper+0xa58/0xc50
[   22.479652]  krealloc_large_less_oob+0x20/0x38
[   22.479711]  kunit_try_run_case+0x170/0x3f0
[   22.479768]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.479830]  kthread+0x318/0x620
[   22.479912]  ret_from_fork+0x10/0x20
[   22.480090] 
[   22.492816] The buggy address belongs to the physical page:
[   22.493862] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064a4
[   22.495717] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.497756] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.498404] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.499501] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.500359] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.501448] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.502575] head: 0bfffe0000000002 ffffc1ffc3192901 ffffffffffffffff 0000000000000000
[   22.503387] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.504225] page dumped because: kasan: bad access detected
[   22.504801] 
[   22.505171] Memory state around the buggy address:
[   22.506239]  fff00000c64a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.507587]  fff00000c64a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.508322] >fff00000c64a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.509796]                                                           ^
[   22.510422]  fff00000c64a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.511121]  fff00000c64a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.511869] ==================================================================
[   22.350480] ==================================================================
[   22.351435] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   22.352218] Write of size 1 at addr fff00000c64a60c9 by task kunit_try_catch/151
[   22.353281] 
[   22.354044] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.354295] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.354374] Hardware name: linux,dummy-virt (DT)
[   22.354451] Call trace:
[   22.354486]  show_stack+0x20/0x38 (C)
[   22.354553]  dump_stack_lvl+0x8c/0xd0
[   22.354612]  print_report+0x118/0x608
[   22.354670]  kasan_report+0xdc/0x128
[   22.354727]  __asan_report_store1_noabort+0x20/0x30
[   22.354785]  krealloc_less_oob_helper+0xa48/0xc50
[   22.354844]  krealloc_large_less_oob+0x20/0x38
[   22.354934]  kunit_try_run_case+0x170/0x3f0
[   22.355000]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.355064]  kthread+0x318/0x620
[   22.355119]  ret_from_fork+0x10/0x20
[   22.355177] 
[   22.363409] The buggy address belongs to the physical page:
[   22.364142] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064a4
[   22.365023] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.366005] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.367546] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.367918] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.368953] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.370246] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   22.371208] head: 0bfffe0000000002 ffffc1ffc3192901 ffffffffffffffff 0000000000000000
[   22.372062] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   22.372856] page dumped because: kasan: bad access detected
[   22.373664] 
[   22.373962] Memory state around the buggy address:
[   22.374559]  fff00000c64a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.375602]  fff00000c64a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.376812] >fff00000c64a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.377705]                                               ^
[   22.378519]  fff00000c64a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.379397]  fff00000c64a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.380180] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0eM52aWnpBzat5wiiqw9rWLe

job_id

TEST:linaro@lkft#2yB0jDj3dzoKAVHewXjQjbfx00X

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0jDj3dzoKAVHewXjQjbfx00X

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0fiECQTyCzg0gk2BL2iLGGgS/Image.gz
sha256sum	59317a9b1325f69b70eacbe0d68aae469f41cd3de2d350f0a01cc93b16483b66

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0fiECQTyCzg0gk2BL2iLGGgS/modules.tar.xz
sha256sum	e93dd590b175415cb1602cfbff2f87d3a29514f7a8e4b42f3d9cf2e1857c5d45

durations

tests

boot	0
kunit	325.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.086807] ==================================================================
[   17.087429] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   17.087981] Write of size 1 at addr ffff888100adf4ea by task kunit_try_catch/166
[   17.088900] 
[   17.089896] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.090011] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.090042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.090133] Call Trace:
[   17.090203]  <TASK>
[   17.090257]  dump_stack_lvl+0x73/0xb0
[   17.090345]  print_report+0xd1/0x650
[   17.090396]  ? __virt_addr_valid+0x1db/0x2d0
[   17.090435]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   17.090508]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.090558]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   17.090599]  kasan_report+0x140/0x180
[   17.090640]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   17.090691]  __asan_report_store1_noabort+0x1b/0x30
[   17.090734]  krealloc_less_oob_helper+0xe92/0x11d0
[   17.090778]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.090820]  ? finish_task_switch.isra.0+0x153/0x700
[   17.090884]  ? __switch_to+0x5d9/0xf60
[   17.090934]  ? __schedule+0xce8/0x2840
[   17.090978]  ? __pfx_read_tsc+0x10/0x10
[   17.091014]  krealloc_less_oob+0x1c/0x30
[   17.091043]  kunit_try_run_case+0x1a6/0x480
[   17.091074]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.091100]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.091129]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.091158]  ? __kthread_parkme+0x82/0x160
[   17.091185]  ? preempt_count_sub+0x50/0x80
[   17.091214]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.091242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.091273]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.091319]  kthread+0x324/0x6e0
[   17.091356]  ? trace_preempt_on+0x20/0xc0
[   17.091386]  ? __pfx_kthread+0x10/0x10
[   17.091414]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.091457]  ? calculate_sigpending+0x7b/0xa0
[   17.091504]  ? __pfx_kthread+0x10/0x10
[   17.091549]  ret_from_fork+0x41/0x80
[   17.091576]  ? __pfx_kthread+0x10/0x10
[   17.091604]  ret_from_fork_asm+0x1a/0x30
[   17.091644]  </TASK>
[   17.091658] 
[   17.110150] Allocated by task 166:
[   17.111137]  kasan_save_stack+0x45/0x70
[   17.111730]  kasan_save_track+0x18/0x40
[   17.112283]  kasan_save_alloc_info+0x3b/0x50
[   17.112732]  __kasan_krealloc+0x190/0x1f0
[   17.113215]  krealloc_noprof+0xf3/0x340
[   17.113692]  krealloc_less_oob_helper+0x1ab/0x11d0
[   17.114294]  krealloc_less_oob+0x1c/0x30
[   17.114762]  kunit_try_run_case+0x1a6/0x480
[   17.114989]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.115752]  kthread+0x324/0x6e0
[   17.116204]  ret_from_fork+0x41/0x80
[   17.116819]  ret_from_fork_asm+0x1a/0x30
[   17.117191] 
[   17.117392] The buggy address belongs to the object at ffff888100adf400
[   17.117392]  which belongs to the cache kmalloc-256 of size 256
[   17.118590] The buggy address is located 33 bytes to the right of
[   17.118590]  allocated 201-byte region [ffff888100adf400, ffff888100adf4c9)
[   17.119782] 
[   17.119957] The buggy address belongs to the physical page:
[   17.120354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ade
[   17.121264] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.121691] flags: 0x200000000000040(head|node=0|zone=2)
[   17.123149] page_type: f5(slab)
[   17.123424] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.123881] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.124682] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.125286] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.125914] head: 0200000000000001 ffffea000402b781 ffffffffffffffff 0000000000000000
[   17.126595] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   17.127086] page dumped because: kasan: bad access detected
[   17.127373] 
[   17.127565] Memory state around the buggy address:
[   17.128050]  ffff888100adf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.128741]  ffff888100adf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.129293] >ffff888100adf480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.129603]                                                           ^
[   17.130276]  ffff888100adf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.130709]  ffff888100adf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.131353] ==================================================================
[   17.132663] ==================================================================
[   17.133481] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   17.133998] Write of size 1 at addr ffff888100adf4eb by task kunit_try_catch/166
[   17.134513] 
[   17.134748] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.134901] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.134951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.135002] Call Trace:
[   17.135068]  <TASK>
[   17.135114]  dump_stack_lvl+0x73/0xb0
[   17.135206]  print_report+0xd1/0x650
[   17.135251]  ? __virt_addr_valid+0x1db/0x2d0
[   17.135295]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   17.135373]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.135419]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   17.135493]  kasan_report+0x140/0x180
[   17.135536]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   17.135591]  __asan_report_store1_noabort+0x1b/0x30
[   17.135639]  krealloc_less_oob_helper+0xd49/0x11d0
[   17.135685]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.135734]  ? finish_task_switch.isra.0+0x153/0x700
[   17.135777]  ? __switch_to+0x5d9/0xf60
[   17.135823]  ? __schedule+0xce8/0x2840
[   17.135883]  ? __pfx_read_tsc+0x10/0x10
[   17.135936]  krealloc_less_oob+0x1c/0x30
[   17.135980]  kunit_try_run_case+0x1a6/0x480
[   17.136033]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.136079]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.136123]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.136173]  ? __kthread_parkme+0x82/0x160
[   17.136223]  ? preempt_count_sub+0x50/0x80
[   17.136281]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.136362]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.136413]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.136500]  kthread+0x324/0x6e0
[   17.136549]  ? trace_preempt_on+0x20/0xc0
[   17.136609]  ? __pfx_kthread+0x10/0x10
[   17.136665]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.136725]  ? calculate_sigpending+0x7b/0xa0
[   17.136781]  ? __pfx_kthread+0x10/0x10
[   17.136839]  ret_from_fork+0x41/0x80
[   17.136906]  ? __pfx_kthread+0x10/0x10
[   17.136956]  ret_from_fork_asm+0x1a/0x30
[   17.137031]  </TASK>
[   17.137092] 
[   17.150167] Allocated by task 166:
[   17.150775]  kasan_save_stack+0x45/0x70
[   17.151965]  kasan_save_track+0x18/0x40
[   17.152375]  kasan_save_alloc_info+0x3b/0x50
[   17.152795]  __kasan_krealloc+0x190/0x1f0
[   17.153201]  krealloc_noprof+0xf3/0x340
[   17.153525]  krealloc_less_oob_helper+0x1ab/0x11d0
[   17.155116]  krealloc_less_oob+0x1c/0x30
[   17.156643]  kunit_try_run_case+0x1a6/0x480
[   17.156960]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.157485]  kthread+0x324/0x6e0
[   17.157964]  ret_from_fork+0x41/0x80
[   17.158377]  ret_from_fork_asm+0x1a/0x30
[   17.158674] 
[   17.158915] The buggy address belongs to the object at ffff888100adf400
[   17.158915]  which belongs to the cache kmalloc-256 of size 256
[   17.160412] The buggy address is located 34 bytes to the right of
[   17.160412]  allocated 201-byte region [ffff888100adf400, ffff888100adf4c9)
[   17.161254] 
[   17.161368] The buggy address belongs to the physical page:
[   17.161712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ade
[   17.162782] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.163122] flags: 0x200000000000040(head|node=0|zone=2)
[   17.163552] page_type: f5(slab)
[   17.164231] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.164942] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.165978] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.166712] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.167161] head: 0200000000000001 ffffea000402b781 ffffffffffffffff 0000000000000000
[   17.168095] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   17.169143] page dumped because: kasan: bad access detected
[   17.169771] 
[   17.169955] Memory state around the buggy address:
[   17.170448]  ffff888100adf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.171505]  ffff888100adf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.171857] >ffff888100adf480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.172446]                                                           ^
[   17.173319]  ffff888100adf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.173896]  ffff888100adf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.174645] ==================================================================
[   16.992285] ==================================================================
[   16.992599] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   16.994083] Write of size 1 at addr ffff888100adf4d0 by task kunit_try_catch/166
[   16.995632] 
[   16.995942] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   16.996033] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.996055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.996092] Call Trace:
[   16.996122]  <TASK>
[   16.996153]  dump_stack_lvl+0x73/0xb0
[   16.996218]  print_report+0xd1/0x650
[   16.996258]  ? __virt_addr_valid+0x1db/0x2d0
[   16.996297]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   16.996354]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.996398]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   16.996440]  kasan_report+0x140/0x180
[   16.996481]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   16.996529]  __asan_report_store1_noabort+0x1b/0x30
[   16.996570]  krealloc_less_oob_helper+0xe25/0x11d0
[   16.996616]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.996666]  ? finish_task_switch.isra.0+0x153/0x700
[   16.996718]  ? __switch_to+0x5d9/0xf60
[   16.996808]  ? __schedule+0xce8/0x2840
[   16.996883]  ? __pfx_read_tsc+0x10/0x10
[   16.996975]  krealloc_less_oob+0x1c/0x30
[   16.997103]  kunit_try_run_case+0x1a6/0x480
[   16.997202]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.997271]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   16.997376]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.997451]  ? __kthread_parkme+0x82/0x160
[   16.997512]  ? preempt_count_sub+0x50/0x80
[   16.997575]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.997615]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.997667]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.997701]  kthread+0x324/0x6e0
[   16.997733]  ? trace_preempt_on+0x20/0xc0
[   16.997768]  ? __pfx_kthread+0x10/0x10
[   16.997796]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.997832]  ? calculate_sigpending+0x7b/0xa0
[   16.997860]  ? __pfx_kthread+0x10/0x10
[   16.997910]  ret_from_fork+0x41/0x80
[   16.997935]  ? __pfx_kthread+0x10/0x10
[   16.997971]  ret_from_fork_asm+0x1a/0x30
[   16.998012]  </TASK>
[   16.998027] 
[   17.015549] Allocated by task 166:
[   17.015787]  kasan_save_stack+0x45/0x70
[   17.016449]  kasan_save_track+0x18/0x40
[   17.016996]  kasan_save_alloc_info+0x3b/0x50
[   17.017373]  __kasan_krealloc+0x190/0x1f0
[   17.017744]  krealloc_noprof+0xf3/0x340
[   17.018470]  krealloc_less_oob_helper+0x1ab/0x11d0
[   17.019261]  krealloc_less_oob+0x1c/0x30
[   17.019957]  kunit_try_run_case+0x1a6/0x480
[   17.020285]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.021007]  kthread+0x324/0x6e0
[   17.021379]  ret_from_fork+0x41/0x80
[   17.022122]  ret_from_fork_asm+0x1a/0x30
[   17.022678] 
[   17.022828] The buggy address belongs to the object at ffff888100adf400
[   17.022828]  which belongs to the cache kmalloc-256 of size 256
[   17.024218] The buggy address is located 7 bytes to the right of
[   17.024218]  allocated 201-byte region [ffff888100adf400, ffff888100adf4c9)
[   17.025608] 
[   17.025758] The buggy address belongs to the physical page:
[   17.026127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ade
[   17.026947] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.027689] flags: 0x200000000000040(head|node=0|zone=2)
[   17.028219] page_type: f5(slab)
[   17.028491] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.029764] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.030248] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.031137] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.031368] head: 0200000000000001 ffffea000402b781 ffffffffffffffff 0000000000000000
[   17.032603] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   17.032957] page dumped because: kasan: bad access detected
[   17.033758] 
[   17.033978] Memory state around the buggy address:
[   17.034977]  ffff888100adf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.035598]  ffff888100adf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.036177] >ffff888100adf480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.036805]                                                  ^
[   17.037169]  ffff888100adf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.038015]  ffff888100adf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.038888] ==================================================================
[   17.040346] ==================================================================
[   17.041044] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   17.042505] Write of size 1 at addr ffff888100adf4da by task kunit_try_catch/166
[   17.044045] 
[   17.044644] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.044786] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.044819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.044891] Call Trace:
[   17.044932]  <TASK>
[   17.044968]  dump_stack_lvl+0x73/0xb0
[   17.045051]  print_report+0xd1/0x650
[   17.045092]  ? __virt_addr_valid+0x1db/0x2d0
[   17.045134]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   17.045175]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.045221]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   17.045261]  kasan_report+0x140/0x180
[   17.045291]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   17.045340]  __asan_report_store1_noabort+0x1b/0x30
[   17.045373]  krealloc_less_oob_helper+0xec8/0x11d0
[   17.045421]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.045470]  ? finish_task_switch.isra.0+0x153/0x700
[   17.045517]  ? __switch_to+0x5d9/0xf60
[   17.045566]  ? __schedule+0xce8/0x2840
[   17.045607]  ? __pfx_read_tsc+0x10/0x10
[   17.045649]  krealloc_less_oob+0x1c/0x30
[   17.045690]  kunit_try_run_case+0x1a6/0x480
[   17.045735]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.045775]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.045816]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.045859]  ? __kthread_parkme+0x82/0x160
[   17.045924]  ? preempt_count_sub+0x50/0x80
[   17.045970]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.046005]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.046040]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.046072]  kthread+0x324/0x6e0
[   17.046100]  ? trace_preempt_on+0x20/0xc0
[   17.046130]  ? __pfx_kthread+0x10/0x10
[   17.046157]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.046185]  ? calculate_sigpending+0x7b/0xa0
[   17.046211]  ? __pfx_kthread+0x10/0x10
[   17.046239]  ret_from_fork+0x41/0x80
[   17.046262]  ? __pfx_kthread+0x10/0x10
[   17.046289]  ret_from_fork_asm+0x1a/0x30
[   17.046343]  </TASK>
[   17.046358] 
[   17.062344] Allocated by task 166:
[   17.063003]  kasan_save_stack+0x45/0x70
[   17.063599]  kasan_save_track+0x18/0x40
[   17.063903]  kasan_save_alloc_info+0x3b/0x50
[   17.064814]  __kasan_krealloc+0x190/0x1f0
[   17.065656]  krealloc_noprof+0xf3/0x340
[   17.066354]  krealloc_less_oob_helper+0x1ab/0x11d0
[   17.066933]  krealloc_less_oob+0x1c/0x30
[   17.067369]  kunit_try_run_case+0x1a6/0x480
[   17.067648]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.068186]  kthread+0x324/0x6e0
[   17.068551]  ret_from_fork+0x41/0x80
[   17.069417]  ret_from_fork_asm+0x1a/0x30
[   17.069860] 
[   17.069993] The buggy address belongs to the object at ffff888100adf400
[   17.069993]  which belongs to the cache kmalloc-256 of size 256
[   17.070934] The buggy address is located 17 bytes to the right of
[   17.070934]  allocated 201-byte region [ffff888100adf400, ffff888100adf4c9)
[   17.072101] 
[   17.072373] The buggy address belongs to the physical page:
[   17.073154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ade
[   17.074076] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.074465] flags: 0x200000000000040(head|node=0|zone=2)
[   17.075107] page_type: f5(slab)
[   17.075638] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.076195] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.076851] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.077746] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.078312] head: 0200000000000001 ffffea000402b781 ffffffffffffffff 0000000000000000
[   17.079045] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   17.079833] page dumped because: kasan: bad access detected
[   17.080218] 
[   17.080767] Memory state around the buggy address:
[   17.081235]  ffff888100adf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.081744]  ffff888100adf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.082589] >ffff888100adf480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.083088]                                                     ^
[   17.083571]  ffff888100adf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.084160]  ffff888100adf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.085120] ==================================================================
[   17.285027] ==================================================================
[   17.285660] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   17.286260] Write of size 1 at addr ffff8881022ee0d0 by task kunit_try_catch/170
[   17.287398] 
[   17.287778] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.287889] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.287914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.287954] Call Trace:
[   17.287981]  <TASK>
[   17.288017]  dump_stack_lvl+0x73/0xb0
[   17.288081]  print_report+0xd1/0x650
[   17.288131]  ? __virt_addr_valid+0x1db/0x2d0
[   17.288184]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   17.288237]  ? kasan_addr_to_slab+0x11/0xa0
[   17.288275]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   17.288340]  kasan_report+0x140/0x180
[   17.288396]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   17.288460]  __asan_report_store1_noabort+0x1b/0x30
[   17.288517]  krealloc_less_oob_helper+0xe25/0x11d0
[   17.288575]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.288630]  ? finish_task_switch.isra.0+0x153/0x700
[   17.288689]  ? __switch_to+0x5d9/0xf60
[   17.288755]  ? __schedule+0xce8/0x2840
[   17.288808]  ? __pfx_read_tsc+0x10/0x10
[   17.288879]  krealloc_large_less_oob+0x1c/0x30
[   17.288931]  kunit_try_run_case+0x1a6/0x480
[   17.288982]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.289041]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.289116]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.289175]  ? __kthread_parkme+0x82/0x160
[   17.289233]  ? preempt_count_sub+0x50/0x80
[   17.289295]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.289346]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.289411]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.289469]  kthread+0x324/0x6e0
[   17.289516]  ? trace_preempt_on+0x20/0xc0
[   17.289564]  ? __pfx_kthread+0x10/0x10
[   17.289610]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.289660]  ? calculate_sigpending+0x7b/0xa0
[   17.289692]  ? __pfx_kthread+0x10/0x10
[   17.289721]  ret_from_fork+0x41/0x80
[   17.289746]  ? __pfx_kthread+0x10/0x10
[   17.289774]  ret_from_fork_asm+0x1a/0x30
[   17.289814]  </TASK>
[   17.289828] 
[   17.306252] The buggy address belongs to the physical page:
[   17.307437] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022ec
[   17.308335] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.309618] flags: 0x200000000000040(head|node=0|zone=2)
[   17.310131] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.310908] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.311777] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.312423] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.313067] head: 0200000000000002 ffffea000408bb01 ffffffffffffffff 0000000000000000
[   17.314387] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   17.315314] page dumped because: kasan: bad access detected
[   17.315848] 
[   17.316075] Memory state around the buggy address:
[   17.316851]  ffff8881022edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.317590]  ffff8881022ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.318028] >ffff8881022ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.318675]                                                  ^
[   17.319177]  ffff8881022ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.320090]  ffff8881022ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.320663] ==================================================================
[   17.321607] ==================================================================
[   17.322666] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   17.324090] Write of size 1 at addr ffff8881022ee0da by task kunit_try_catch/170
[   17.325262] 
[   17.325682] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.325780] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.325801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.325838] Call Trace:
[   17.325896]  <TASK>
[   17.325932]  dump_stack_lvl+0x73/0xb0
[   17.326005]  print_report+0xd1/0x650
[   17.326049]  ? __virt_addr_valid+0x1db/0x2d0
[   17.326092]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   17.326133]  ? kasan_addr_to_slab+0x11/0xa0
[   17.326170]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   17.326213]  kasan_report+0x140/0x180
[   17.326259]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   17.326363]  __asan_report_store1_noabort+0x1b/0x30
[   17.326510]  krealloc_less_oob_helper+0xec8/0x11d0
[   17.326584]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.326634]  ? finish_task_switch.isra.0+0x153/0x700
[   17.326684]  ? __switch_to+0x5d9/0xf60
[   17.326743]  ? __schedule+0xce8/0x2840
[   17.326799]  ? __pfx_read_tsc+0x10/0x10
[   17.326854]  krealloc_large_less_oob+0x1c/0x30
[   17.326908]  kunit_try_run_case+0x1a6/0x480
[   17.326939]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.326966]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.326995]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.327024]  ? __kthread_parkme+0x82/0x160
[   17.327055]  ? preempt_count_sub+0x50/0x80
[   17.327096]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.327125]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.327157]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.327189]  kthread+0x324/0x6e0
[   17.327215]  ? trace_preempt_on+0x20/0xc0
[   17.327246]  ? __pfx_kthread+0x10/0x10
[   17.327273]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.327313]  ? calculate_sigpending+0x7b/0xa0
[   17.327353]  ? __pfx_kthread+0x10/0x10
[   17.327381]  ret_from_fork+0x41/0x80
[   17.327405]  ? __pfx_kthread+0x10/0x10
[   17.327439]  ret_from_fork_asm+0x1a/0x30
[   17.327506]  </TASK>
[   17.327529] 
[   17.343154] The buggy address belongs to the physical page:
[   17.344007] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022ec
[   17.344499] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.344974] flags: 0x200000000000040(head|node=0|zone=2)
[   17.345344] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.345828] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.347121] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.347465] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.348137] head: 0200000000000002 ffffea000408bb01 ffffffffffffffff 0000000000000000
[   17.349240] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   17.350274] page dumped because: kasan: bad access detected
[   17.350926] 
[   17.351043] Memory state around the buggy address:
[   17.351239]  ffff8881022edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.352345]  ffff8881022ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.353200] >ffff8881022ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.353909]                                                     ^
[   17.354438]  ffff8881022ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.354924]  ffff8881022ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.355389] ==================================================================
[   17.356887] ==================================================================
[   17.357648] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   17.358363] Write of size 1 at addr ffff8881022ee0ea by task kunit_try_catch/170
[   17.359199] 
[   17.359663] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.359765] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.359788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.359825] Call Trace:
[   17.359879]  <TASK>
[   17.359915]  dump_stack_lvl+0x73/0xb0
[   17.360001]  print_report+0xd1/0x650
[   17.360052]  ? __virt_addr_valid+0x1db/0x2d0
[   17.360108]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   17.360168]  ? kasan_addr_to_slab+0x11/0xa0
[   17.360220]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   17.360271]  kasan_report+0x140/0x180
[   17.360367]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   17.360459]  __asan_report_store1_noabort+0x1b/0x30
[   17.360523]  krealloc_less_oob_helper+0xe92/0x11d0
[   17.360586]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.360639]  ? finish_task_switch.isra.0+0x153/0x700
[   17.360689]  ? __switch_to+0x5d9/0xf60
[   17.360738]  ? __schedule+0xce8/0x2840
[   17.360783]  ? __pfx_read_tsc+0x10/0x10
[   17.360828]  krealloc_large_less_oob+0x1c/0x30
[   17.360888]  kunit_try_run_case+0x1a6/0x480
[   17.360933]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.360972]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.361006]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.361035]  ? __kthread_parkme+0x82/0x160
[   17.361065]  ? preempt_count_sub+0x50/0x80
[   17.361096]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.361123]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.361155]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.361187]  kthread+0x324/0x6e0
[   17.361213]  ? trace_preempt_on+0x20/0xc0
[   17.361243]  ? __pfx_kthread+0x10/0x10
[   17.361270]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.361297]  ? calculate_sigpending+0x7b/0xa0
[   17.361350]  ? __pfx_kthread+0x10/0x10
[   17.361379]  ret_from_fork+0x41/0x80
[   17.361404]  ? __pfx_kthread+0x10/0x10
[   17.361438]  ret_from_fork_asm+0x1a/0x30
[   17.361503]  </TASK>
[   17.361527] 
[   17.376050] The buggy address belongs to the physical page:
[   17.376628] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022ec
[   17.377256] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.379019] flags: 0x200000000000040(head|node=0|zone=2)
[   17.379304] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.379572] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.379910] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.381086] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.381789] head: 0200000000000002 ffffea000408bb01 ffffffffffffffff 0000000000000000
[   17.382261] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   17.382835] page dumped because: kasan: bad access detected
[   17.383805] 
[   17.383945] Memory state around the buggy address:
[   17.385218]  ffff8881022edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.385817]  ffff8881022ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.386125] >ffff8881022ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.386758]                                                           ^
[   17.387510]  ffff8881022ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.388477]  ffff8881022ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.389146] ==================================================================
[   17.248689] ==================================================================
[   17.249513] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   17.250844] Write of size 1 at addr ffff8881022ee0c9 by task kunit_try_catch/170
[   17.251513] 
[   17.251844] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.252154] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.252180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.252218] Call Trace:
[   17.252254]  <TASK>
[   17.252294]  dump_stack_lvl+0x73/0xb0
[   17.252392]  print_report+0xd1/0x650
[   17.252434]  ? __virt_addr_valid+0x1db/0x2d0
[   17.252476]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   17.252516]  ? kasan_addr_to_slab+0x11/0xa0
[   17.252553]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   17.252594]  kasan_report+0x140/0x180
[   17.252636]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   17.252683]  __asan_report_store1_noabort+0x1b/0x30
[   17.252724]  krealloc_less_oob_helper+0xd72/0x11d0
[   17.252767]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.252809]  ? finish_task_switch.isra.0+0x153/0x700
[   17.252857]  ? __switch_to+0x5d9/0xf60
[   17.252937]  ? __schedule+0xce8/0x2840
[   17.253000]  ? __pfx_read_tsc+0x10/0x10
[   17.253067]  krealloc_large_less_oob+0x1c/0x30
[   17.253129]  kunit_try_run_case+0x1a6/0x480
[   17.253191]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.253244]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.253293]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.253345]  ? __kthread_parkme+0x82/0x160
[   17.253401]  ? preempt_count_sub+0x50/0x80
[   17.253452]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.253496]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.253545]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.253592]  kthread+0x324/0x6e0
[   17.253632]  ? trace_preempt_on+0x20/0xc0
[   17.253675]  ? __pfx_kthread+0x10/0x10
[   17.253712]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.253751]  ? calculate_sigpending+0x7b/0xa0
[   17.253792]  ? __pfx_kthread+0x10/0x10
[   17.253836]  ret_from_fork+0x41/0x80
[   17.253899]  ? __pfx_kthread+0x10/0x10
[   17.253947]  ret_from_fork_asm+0x1a/0x30
[   17.254017]  </TASK>
[   17.254044] 
[   17.269372] The buggy address belongs to the physical page:
[   17.270172] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022ec
[   17.271778] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.272856] flags: 0x200000000000040(head|node=0|zone=2)
[   17.273942] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.274630] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.275448] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.276142] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.276915] head: 0200000000000002 ffffea000408bb01 ffffffffffffffff 0000000000000000
[   17.277521] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   17.278159] page dumped because: kasan: bad access detected
[   17.278894] 
[   17.279306] Memory state around the buggy address:
[   17.279663]  ffff8881022edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.280490]  ffff8881022ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.280860] >ffff8881022ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.281645]                                               ^
[   17.282047]  ffff8881022ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.282844]  ffff8881022ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.283776] ==================================================================
[   17.390987] ==================================================================
[   17.391761] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   17.392332] Write of size 1 at addr ffff8881022ee0eb by task kunit_try_catch/170
[   17.393286] 
[   17.393784] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.393914] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.393946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.393986] Call Trace:
[   17.394026]  <TASK>
[   17.394061]  dump_stack_lvl+0x73/0xb0
[   17.394146]  print_report+0xd1/0x650
[   17.394199]  ? __virt_addr_valid+0x1db/0x2d0
[   17.394249]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   17.394296]  ? kasan_addr_to_slab+0x11/0xa0
[   17.394338]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   17.394391]  kasan_report+0x140/0x180
[   17.394445]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   17.394515]  __asan_report_store1_noabort+0x1b/0x30
[   17.394574]  krealloc_less_oob_helper+0xd49/0x11d0
[   17.394626]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.394670]  ? finish_task_switch.isra.0+0x153/0x700
[   17.394713]  ? __switch_to+0x5d9/0xf60
[   17.394758]  ? __schedule+0xce8/0x2840
[   17.394799]  ? __pfx_read_tsc+0x10/0x10
[   17.394845]  krealloc_large_less_oob+0x1c/0x30
[   17.394904]  kunit_try_run_case+0x1a6/0x480
[   17.394944]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.394982]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.395022]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.395062]  ? __kthread_parkme+0x82/0x160
[   17.395102]  ? preempt_count_sub+0x50/0x80
[   17.395145]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.395186]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.395236]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.395271]  kthread+0x324/0x6e0
[   17.395299]  ? trace_preempt_on+0x20/0xc0
[   17.395344]  ? __pfx_kthread+0x10/0x10
[   17.395372]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.395401]  ? calculate_sigpending+0x7b/0xa0
[   17.395435]  ? __pfx_kthread+0x10/0x10
[   17.395482]  ret_from_fork+0x41/0x80
[   17.395521]  ? __pfx_kthread+0x10/0x10
[   17.395564]  ret_from_fork_asm+0x1a/0x30
[   17.395626]  </TASK>
[   17.395641] 
[   17.409515] The buggy address belongs to the physical page:
[   17.410094] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022ec
[   17.411587] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.412262] flags: 0x200000000000040(head|node=0|zone=2)
[   17.412788] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.414963] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.415358] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.416190] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   17.417179] head: 0200000000000002 ffffea000408bb01 ffffffffffffffff 0000000000000000
[   17.417811] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   17.418471] page dumped because: kasan: bad access detected
[   17.418946] 
[   17.419160] Memory state around the buggy address:
[   17.420074]  ffff8881022edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.420370]  ffff8881022ee000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.421037] >ffff8881022ee080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.422062]                                                           ^
[   17.422678]  ffff8881022ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.423392]  ffff8881022ee180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.423803] ==================================================================
[   16.944939] ==================================================================
[   16.945780] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   16.946209] Write of size 1 at addr ffff888100adf4c9 by task kunit_try_catch/166
[   16.946527] 
[   16.946651] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   16.946712] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.946727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.946752] Call Trace:
[   16.946772]  <TASK>
[   16.946797]  dump_stack_lvl+0x73/0xb0
[   16.946839]  print_report+0xd1/0x650
[   16.947367]  ? __virt_addr_valid+0x1db/0x2d0
[   16.947447]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   16.947508]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.947560]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   16.947601]  kasan_report+0x140/0x180
[   16.947642]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   16.947701]  __asan_report_store1_noabort+0x1b/0x30
[   16.947745]  krealloc_less_oob_helper+0xd72/0x11d0
[   16.947792]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.947833]  ? finish_task_switch.isra.0+0x153/0x700
[   16.947897]  ? __switch_to+0x5d9/0xf60
[   16.947947]  ? __schedule+0xce8/0x2840
[   16.947995]  ? __pfx_read_tsc+0x10/0x10
[   16.948040]  krealloc_less_oob+0x1c/0x30
[   16.948083]  kunit_try_run_case+0x1a6/0x480
[   16.948130]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.948173]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   16.948227]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.948285]  ? __kthread_parkme+0x82/0x160
[   16.948334]  ? preempt_count_sub+0x50/0x80
[   16.948389]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.948442]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.948496]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.948546]  kthread+0x324/0x6e0
[   16.948589]  ? trace_preempt_on+0x20/0xc0
[   16.948645]  ? __pfx_kthread+0x10/0x10
[   16.948694]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.948741]  ? calculate_sigpending+0x7b/0xa0
[   16.948788]  ? __pfx_kthread+0x10/0x10
[   16.948846]  ret_from_fork+0x41/0x80
[   16.948914]  ? __pfx_kthread+0x10/0x10
[   16.948955]  ret_from_fork_asm+0x1a/0x30
[   16.949021]  </TASK>
[   16.949046] 
[   16.967778] Allocated by task 166:
[   16.968251]  kasan_save_stack+0x45/0x70
[   16.969370]  kasan_save_track+0x18/0x40
[   16.969996]  kasan_save_alloc_info+0x3b/0x50
[   16.970626]  __kasan_krealloc+0x190/0x1f0
[   16.971012]  krealloc_noprof+0xf3/0x340
[   16.971742]  krealloc_less_oob_helper+0x1ab/0x11d0
[   16.972164]  krealloc_less_oob+0x1c/0x30
[   16.972943]  kunit_try_run_case+0x1a6/0x480
[   16.973307]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.974030]  kthread+0x324/0x6e0
[   16.974698]  ret_from_fork+0x41/0x80
[   16.974947]  ret_from_fork_asm+0x1a/0x30
[   16.975380] 
[   16.975913] The buggy address belongs to the object at ffff888100adf400
[   16.975913]  which belongs to the cache kmalloc-256 of size 256
[   16.976735] The buggy address is located 0 bytes to the right of
[   16.976735]  allocated 201-byte region [ffff888100adf400, ffff888100adf4c9)
[   16.977485] 
[   16.977681] The buggy address belongs to the physical page:
[   16.978288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ade
[   16.979176] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.980030] flags: 0x200000000000040(head|node=0|zone=2)
[   16.980652] page_type: f5(slab)
[   16.981110] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.981785] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.982284] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.983101] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.983930] head: 0200000000000001 ffffea000402b781 ffffffffffffffff 0000000000000000
[   16.984810] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   16.985491] page dumped because: kasan: bad access detected
[   16.985759] 
[   16.985999] Memory state around the buggy address:
[   16.986453]  ffff888100adf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.987630]  ffff888100adf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.988599] >ffff888100adf480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.989043]                                               ^
[   16.989960]  ffff888100adf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.990234]  ffff888100adf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.991088] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yB0eM52aWnpBzat5wiiqw9rWLe

job_id

TEST:linaro@lkft#2yB0kLZLf9fC18ffY5TA2txdq9a

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0kLZLf9fC18ffY5TA2txdq9a

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0gruc97fWHEF3260Yx3hXOhB/bzImage
sha256sum	0d903c60dd628bd4f4e3da00557921c64963dd415b7907c16d92f88189d39506

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0gruc97fWHEF3260Yx3hXOhB/modules.tar.xz
sha256sum	3bed53f01736761e2ad5872824055eebe10e21e695effb2d850ca26e1e1be787

durations

tests

boot	0
kunit	402.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit