lkft/linux-stable-rc-linux-6.14.y - v6.14.6-198-g4f7f8fb4f8e3 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

May 12, 2025, 6:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.402799] ==================================================================
[   18.404419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.404996] Write of size 1 at addr fff00000c609a0d0 by task kunit_try_catch/151
[   18.405559] 
[   18.405832] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.406013] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.406085] Hardware name: linux,dummy-virt (DT)
[   18.406161] Call trace:
[   18.406218]  show_stack+0x20/0x38 (C)
[   18.406344]  dump_stack_lvl+0x8c/0xd0
[   18.406457]  print_report+0x118/0x608
[   18.406841]  kasan_report+0xdc/0x128
[   18.406920]  __asan_report_store1_noabort+0x20/0x30
[   18.406974]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.407028]  krealloc_large_less_oob+0x20/0x38
[   18.407080]  kunit_try_run_case+0x170/0x3f0
[   18.407132]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.407186]  kthread+0x318/0x620
[   18.407235]  ret_from_fork+0x10/0x20
[   18.407288] 
[   18.411720] The buggy address belongs to the physical page:
[   18.412273] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098
[   18.412861] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.413448] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.414132] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.414624] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.415349] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.415913] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.416502] head: 0bfffe0000000002 ffffc1ffc3182601 ffffffffffffffff 0000000000000000
[   18.417303] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.417810] page dumped because: kasan: bad access detected
[   18.418285] 
[   18.418786] Memory state around the buggy address:
[   18.419300]  fff00000c6099f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.419813]  fff00000c609a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.420371] >fff00000c609a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.420991]                                                  ^
[   18.421449]  fff00000c609a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.422010]  fff00000c609a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.423520] ==================================================================
[   18.200538] ==================================================================
[   18.201472] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.202185] Write of size 1 at addr fff00000c49e10d0 by task kunit_try_catch/147
[   18.203225] 
[   18.203730] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.203925] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.203980] Hardware name: linux,dummy-virt (DT)
[   18.204045] Call trace:
[   18.204089]  show_stack+0x20/0x38 (C)
[   18.204434]  dump_stack_lvl+0x8c/0xd0
[   18.204800]  print_report+0x118/0x608
[   18.204891]  kasan_report+0xdc/0x128
[   18.204941]  __asan_report_store1_noabort+0x20/0x30
[   18.204991]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.205042]  krealloc_less_oob+0x20/0x38
[   18.205088]  kunit_try_run_case+0x170/0x3f0
[   18.205138]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.205189]  kthread+0x318/0x620
[   18.205236]  ret_from_fork+0x10/0x20
[   18.205286] 
[   18.209870] Allocated by task 147:
[   18.210330]  kasan_save_stack+0x3c/0x68
[   18.210944]  kasan_save_track+0x20/0x40
[   18.211299]  kasan_save_alloc_info+0x40/0x58
[   18.211655]  __kasan_krealloc+0x118/0x178
[   18.212145]  krealloc_noprof+0x128/0x360
[   18.212657]  krealloc_less_oob_helper+0x168/0xc50
[   18.213217]  krealloc_less_oob+0x20/0x38
[   18.213708]  kunit_try_run_case+0x170/0x3f0
[   18.214182]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.214853]  kthread+0x318/0x620
[   18.215183]  ret_from_fork+0x10/0x20
[   18.215683] 
[   18.215988] The buggy address belongs to the object at fff00000c49e1000
[   18.215988]  which belongs to the cache kmalloc-256 of size 256
[   18.216888] The buggy address is located 7 bytes to the right of
[   18.216888]  allocated 201-byte region [fff00000c49e1000, fff00000c49e10c9)
[   18.217861] 
[   18.218155] The buggy address belongs to the physical page:
[   18.218635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049e0
[   18.219341] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.219914] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.220386] page_type: f5(slab)
[   18.220861] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.221588] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.222242] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.222961] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.223663] head: 0bfffe0000000001 ffffc1ffc3127801 ffffffffffffffff 0000000000000000
[   18.224344] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.224905] page dumped because: kasan: bad access detected
[   18.225303] 
[   18.225564] Memory state around the buggy address:
[   18.225994]  fff00000c49e0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.226722]  fff00000c49e1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.227454] >fff00000c49e1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.228034]                                                  ^
[   18.228449]  fff00000c49e1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.229147]  fff00000c49e1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.229631] ==================================================================
[   18.171003] ==================================================================
[   18.172017] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.172628] Write of size 1 at addr fff00000c49e10c9 by task kunit_try_catch/147
[   18.173366] 
[   18.173692] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.173932] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.174001] Hardware name: linux,dummy-virt (DT)
[   18.174085] Call trace:
[   18.174157]  show_stack+0x20/0x38 (C)
[   18.174301]  dump_stack_lvl+0x8c/0xd0
[   18.174417]  print_report+0x118/0x608
[   18.174530]  kasan_report+0xdc/0x128
[   18.174787]  __asan_report_store1_noabort+0x20/0x30
[   18.174939]  krealloc_less_oob_helper+0xa48/0xc50
[   18.175048]  krealloc_less_oob+0x20/0x38
[   18.175122]  kunit_try_run_case+0x170/0x3f0
[   18.175178]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.175234]  kthread+0x318/0x620
[   18.175284]  ret_from_fork+0x10/0x20
[   18.175339] 
[   18.180775] Allocated by task 147:
[   18.181230]  kasan_save_stack+0x3c/0x68
[   18.181592]  kasan_save_track+0x20/0x40
[   18.182110]  kasan_save_alloc_info+0x40/0x58
[   18.182808]  __kasan_krealloc+0x118/0x178
[   18.183410]  krealloc_noprof+0x128/0x360
[   18.183879]  krealloc_less_oob_helper+0x168/0xc50
[   18.184313]  krealloc_less_oob+0x20/0x38
[   18.184774]  kunit_try_run_case+0x170/0x3f0
[   18.185208]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.185719]  kthread+0x318/0x620
[   18.186119]  ret_from_fork+0x10/0x20
[   18.186460] 
[   18.186887] The buggy address belongs to the object at fff00000c49e1000
[   18.186887]  which belongs to the cache kmalloc-256 of size 256
[   18.187713] The buggy address is located 0 bytes to the right of
[   18.187713]  allocated 201-byte region [fff00000c49e1000, fff00000c49e10c9)
[   18.188650] 
[   18.188958] The buggy address belongs to the physical page:
[   18.189479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049e0
[   18.189786] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.190011] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.190263] page_type: f5(slab)
[   18.190414] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.192276] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.192637] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.192897] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.193124] head: 0bfffe0000000001 ffffc1ffc3127801 ffffffffffffffff 0000000000000000
[   18.193347] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.193560] page dumped because: kasan: bad access detected
[   18.193731] 
[   18.194914] Memory state around the buggy address:
[   18.195776]  fff00000c49e0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.196309]  fff00000c49e1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.196795] >fff00000c49e1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.197271]                                               ^
[   18.197647]  fff00000c49e1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.198528]  fff00000c49e1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.199171] ==================================================================
[   18.424275] ==================================================================
[   18.424873] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.425635] Write of size 1 at addr fff00000c609a0da by task kunit_try_catch/151
[   18.426297] 
[   18.426617] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.426827] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.426890] Hardware name: linux,dummy-virt (DT)
[   18.426962] Call trace:
[   18.427015]  show_stack+0x20/0x38 (C)
[   18.427135]  dump_stack_lvl+0x8c/0xd0
[   18.427250]  print_report+0x118/0x608
[   18.427354]  kasan_report+0xdc/0x128
[   18.427464]  __asan_report_store1_noabort+0x20/0x30
[   18.427577]  krealloc_less_oob_helper+0xa80/0xc50
[   18.427685]  krealloc_large_less_oob+0x20/0x38
[   18.427814]  kunit_try_run_case+0x170/0x3f0
[   18.427923]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.428041]  kthread+0x318/0x620
[   18.428126]  ret_from_fork+0x10/0x20
[   18.428186] 
[   18.433311] The buggy address belongs to the physical page:
[   18.433883] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098
[   18.434568] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.435060] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.436050] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.436647] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.437183] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.437841] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.438304] head: 0bfffe0000000002 ffffc1ffc3182601 ffffffffffffffff 0000000000000000
[   18.439241] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.439841] page dumped because: kasan: bad access detected
[   18.440227] 
[   18.440475] Memory state around the buggy address:
[   18.440914]  fff00000c6099f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.441598]  fff00000c609a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.442147] >fff00000c609a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.442864]                                                     ^
[   18.443393]  fff00000c609a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.444067]  fff00000c609a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.444585] ==================================================================
[   18.381255] ==================================================================
[   18.381925] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.382938] Write of size 1 at addr fff00000c609a0c9 by task kunit_try_catch/151
[   18.383829] 
[   18.384136] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.384324] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.384377] Hardware name: linux,dummy-virt (DT)
[   18.384448] Call trace:
[   18.384487]  show_stack+0x20/0x38 (C)
[   18.384554]  dump_stack_lvl+0x8c/0xd0
[   18.384609]  print_report+0x118/0x608
[   18.384661]  kasan_report+0xdc/0x128
[   18.384710]  __asan_report_store1_noabort+0x20/0x30
[   18.384797]  krealloc_less_oob_helper+0xa48/0xc50
[   18.384858]  krealloc_large_less_oob+0x20/0x38
[   18.384912]  kunit_try_run_case+0x170/0x3f0
[   18.384962]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.385013]  kthread+0x318/0x620
[   18.385059]  ret_from_fork+0x10/0x20
[   18.385109] 
[   18.390162] The buggy address belongs to the physical page:
[   18.391009] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098
[   18.391656] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.392228] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.392800] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.393440] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.394150] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.395058] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.395601] head: 0bfffe0000000002 ffffc1ffc3182601 ffffffffffffffff 0000000000000000
[   18.396280] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.396847] page dumped because: kasan: bad access detected
[   18.397220] 
[   18.397456] Memory state around the buggy address:
[   18.397862]  fff00000c6099f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.398439]  fff00000c609a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.399065] >fff00000c609a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.399602]                                               ^
[   18.400033]  fff00000c609a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.400586]  fff00000c609a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.401397] ==================================================================
[   18.446395] ==================================================================
[   18.447204] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.447817] Write of size 1 at addr fff00000c609a0ea by task kunit_try_catch/151
[   18.448381] 
[   18.448687] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.448885] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.448951] Hardware name: linux,dummy-virt (DT)
[   18.449023] Call trace:
[   18.449076]  show_stack+0x20/0x38 (C)
[   18.449200]  dump_stack_lvl+0x8c/0xd0
[   18.449312]  print_report+0x118/0x608
[   18.449425]  kasan_report+0xdc/0x128
[   18.449531]  __asan_report_store1_noabort+0x20/0x30
[   18.449638]  krealloc_less_oob_helper+0xae4/0xc50
[   18.449766]  krealloc_large_less_oob+0x20/0x38
[   18.449872]  kunit_try_run_case+0x170/0x3f0
[   18.449932]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.449989]  kthread+0x318/0x620
[   18.450039]  ret_from_fork+0x10/0x20
[   18.450116] 
[   18.454778] The buggy address belongs to the physical page:
[   18.455584] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098
[   18.456278] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.456895] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.457509] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.458146] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.459115] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.459681] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.460382] head: 0bfffe0000000002 ffffc1ffc3182601 ffffffffffffffff 0000000000000000
[   18.460993] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.461510] page dumped because: kasan: bad access detected
[   18.462009] 
[   18.462286] Memory state around the buggy address:
[   18.463711]  fff00000c6099f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.464300]  fff00000c609a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.465003] >fff00000c609a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.465451]                                                           ^
[   18.466103]  fff00000c609a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.467017]  fff00000c609a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.467524] ==================================================================
[   18.468588] ==================================================================
[   18.469157] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.469755] Write of size 1 at addr fff00000c609a0eb by task kunit_try_catch/151
[   18.470337] 
[   18.470588] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.470799] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.470868] Hardware name: linux,dummy-virt (DT)
[   18.471369] Call trace:
[   18.471450]  show_stack+0x20/0x38 (C)
[   18.471538]  dump_stack_lvl+0x8c/0xd0
[   18.471593]  print_report+0x118/0x608
[   18.471645]  kasan_report+0xdc/0x128
[   18.471695]  __asan_report_store1_noabort+0x20/0x30
[   18.471777]  krealloc_less_oob_helper+0xa58/0xc50
[   18.471834]  krealloc_large_less_oob+0x20/0x38
[   18.471885]  kunit_try_run_case+0x170/0x3f0
[   18.471938]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.471993]  kthread+0x318/0x620
[   18.472041]  ret_from_fork+0x10/0x20
[   18.472095] 
[   18.476819] The buggy address belongs to the physical page:
[   18.477373] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098
[   18.478116] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.478908] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.479553] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.480067] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.480830] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.481432] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.482008] head: 0bfffe0000000002 ffffc1ffc3182601 ffffffffffffffff 0000000000000000
[   18.482822] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.483441] page dumped because: kasan: bad access detected
[   18.483917] 
[   18.484194] Memory state around the buggy address:
[   18.484681]  fff00000c6099f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.485236]  fff00000c609a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.485664] >fff00000c609a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.486272]                                                           ^
[   18.487073]  fff00000c609a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.487583]  fff00000c609a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.488182] ==================================================================
[   18.261700] ==================================================================
[   18.262330] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.263160] Write of size 1 at addr fff00000c49e10ea by task kunit_try_catch/147
[   18.263818] 
[   18.264086] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.264286] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.264355] Hardware name: linux,dummy-virt (DT)
[   18.264440] Call trace:
[   18.264503]  show_stack+0x20/0x38 (C)
[   18.264631]  dump_stack_lvl+0x8c/0xd0
[   18.264753]  print_report+0x118/0x608
[   18.264871]  kasan_report+0xdc/0x128
[   18.264986]  __asan_report_store1_noabort+0x20/0x30
[   18.265103]  krealloc_less_oob_helper+0xae4/0xc50
[   18.265212]  krealloc_less_oob+0x20/0x38
[   18.265323]  kunit_try_run_case+0x170/0x3f0
[   18.265430]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.265547]  kthread+0x318/0x620
[   18.265665]  ret_from_fork+0x10/0x20
[   18.265760] 
[   18.270149] Allocated by task 147:
[   18.270599]  kasan_save_stack+0x3c/0x68
[   18.271082]  kasan_save_track+0x20/0x40
[   18.271634]  kasan_save_alloc_info+0x40/0x58
[   18.272158]  __kasan_krealloc+0x118/0x178
[   18.272637]  krealloc_noprof+0x128/0x360
[   18.272994]  krealloc_less_oob_helper+0x168/0xc50
[   18.273401]  krealloc_less_oob+0x20/0x38
[   18.273873]  kunit_try_run_case+0x170/0x3f0
[   18.274328]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.274997]  kthread+0x318/0x620
[   18.275346]  ret_from_fork+0x10/0x20
[   18.275673] 
[   18.275957] The buggy address belongs to the object at fff00000c49e1000
[   18.275957]  which belongs to the cache kmalloc-256 of size 256
[   18.277018] The buggy address is located 33 bytes to the right of
[   18.277018]  allocated 201-byte region [fff00000c49e1000, fff00000c49e10c9)
[   18.277917] 
[   18.278169] The buggy address belongs to the physical page:
[   18.279959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049e0
[   18.280992] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.281877] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.282331] page_type: f5(slab)
[   18.282874] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.283180] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.283409] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.283631] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.283877] head: 0bfffe0000000001 ffffc1ffc3127801 ffffffffffffffff 0000000000000000
[   18.284101] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.284312] page dumped because: kasan: bad access detected
[   18.284484] 
[   18.284579] Memory state around the buggy address:
[   18.284765]  fff00000c49e0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.285460]  fff00000c49e1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.286213] >fff00000c49e1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.286959]                                                           ^
[   18.287549]  fff00000c49e1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.288720]  fff00000c49e1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.289344] ==================================================================
[   18.231083] ==================================================================
[   18.231836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.232609] Write of size 1 at addr fff00000c49e10da by task kunit_try_catch/147
[   18.233349] 
[   18.233687] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.233924] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.233991] Hardware name: linux,dummy-virt (DT)
[   18.234074] Call trace:
[   18.234140]  show_stack+0x20/0x38 (C)
[   18.234280]  dump_stack_lvl+0x8c/0xd0
[   18.234394]  print_report+0x118/0x608
[   18.234574]  kasan_report+0xdc/0x128
[   18.234703]  __asan_report_store1_noabort+0x20/0x30
[   18.234830]  krealloc_less_oob_helper+0xa80/0xc50
[   18.234967]  krealloc_less_oob+0x20/0x38
[   18.235062]  kunit_try_run_case+0x170/0x3f0
[   18.235196]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.235292]  kthread+0x318/0x620
[   18.235368]  ret_from_fork+0x10/0x20
[   18.235465] 
[   18.240700] Allocated by task 147:
[   18.241330]  kasan_save_stack+0x3c/0x68
[   18.241773]  kasan_save_track+0x20/0x40
[   18.242235]  kasan_save_alloc_info+0x40/0x58
[   18.242935]  __kasan_krealloc+0x118/0x178
[   18.243317]  krealloc_noprof+0x128/0x360
[   18.243829]  krealloc_less_oob_helper+0x168/0xc50
[   18.244263]  krealloc_less_oob+0x20/0x38
[   18.244745]  kunit_try_run_case+0x170/0x3f0
[   18.245185]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.245685]  kthread+0x318/0x620
[   18.246101]  ret_from_fork+0x10/0x20
[   18.246499] 
[   18.247076] The buggy address belongs to the object at fff00000c49e1000
[   18.247076]  which belongs to the cache kmalloc-256 of size 256
[   18.247940] The buggy address is located 17 bytes to the right of
[   18.247940]  allocated 201-byte region [fff00000c49e1000, fff00000c49e10c9)
[   18.248898] 
[   18.249146] The buggy address belongs to the physical page:
[   18.249667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049e0
[   18.250278] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.250927] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.251602] page_type: f5(slab)
[   18.252016] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.252719] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.253282] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.253943] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.254590] head: 0bfffe0000000001 ffffc1ffc3127801 ffffffffffffffff 0000000000000000
[   18.255155] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.255591] page dumped because: kasan: bad access detected
[   18.256109] 
[   18.256361] Memory state around the buggy address:
[   18.256814]  fff00000c49e0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.257504]  fff00000c49e1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.258048] >fff00000c49e1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.258405]                                                     ^
[   18.259002]  fff00000c49e1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.259680]  fff00000c49e1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.260393] ==================================================================
[   18.290873] ==================================================================
[   18.291929] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.293137] Write of size 1 at addr fff00000c49e10eb by task kunit_try_catch/147
[   18.293711] 
[   18.294080] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.294317] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.294390] Hardware name: linux,dummy-virt (DT)
[   18.294461] Call trace:
[   18.294653]  show_stack+0x20/0x38 (C)
[   18.294819]  dump_stack_lvl+0x8c/0xd0
[   18.295070]  print_report+0x118/0x608
[   18.295191]  kasan_report+0xdc/0x128
[   18.295247]  __asan_report_store1_noabort+0x20/0x30
[   18.295298]  krealloc_less_oob_helper+0xa58/0xc50
[   18.295348]  krealloc_less_oob+0x20/0x38
[   18.295394]  kunit_try_run_case+0x170/0x3f0
[   18.295446]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.295498]  kthread+0x318/0x620
[   18.295544]  ret_from_fork+0x10/0x20
[   18.295595] 
[   18.300486] Allocated by task 147:
[   18.300980]  kasan_save_stack+0x3c/0x68
[   18.301507]  kasan_save_track+0x20/0x40
[   18.302001]  kasan_save_alloc_info+0x40/0x58
[   18.302704]  __kasan_krealloc+0x118/0x178
[   18.303257]  krealloc_noprof+0x128/0x360
[   18.303618]  krealloc_less_oob_helper+0x168/0xc50
[   18.304134]  krealloc_less_oob+0x20/0x38
[   18.304575]  kunit_try_run_case+0x170/0x3f0
[   18.305091]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.305586]  kthread+0x318/0x620
[   18.305931]  ret_from_fork+0x10/0x20
[   18.306335] 
[   18.306589] The buggy address belongs to the object at fff00000c49e1000
[   18.306589]  which belongs to the cache kmalloc-256 of size 256
[   18.307636] The buggy address is located 34 bytes to the right of
[   18.307636]  allocated 201-byte region [fff00000c49e1000, fff00000c49e10c9)
[   18.308578] 
[   18.308859] The buggy address belongs to the physical page:
[   18.309287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049e0
[   18.309904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.311468] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.311928] page_type: f5(slab)
[   18.312284] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.312783] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.313493] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.314122] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.314697] head: 0bfffe0000000001 ffffc1ffc3127801 ffffffffffffffff 0000000000000000
[   18.315324] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.316189] page dumped because: kasan: bad access detected
[   18.316544] 
[   18.316815] Memory state around the buggy address:
[   18.317295]  fff00000c49e0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.317915]  fff00000c49e1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.318571] >fff00000c49e1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.319370]                                                           ^
[   18.319839]  fff00000c49e1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.320447]  fff00000c49e1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.320984] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x0SPsCc3D4dL5Fs7f4y5KqWbP1

job_id

TEST:linaro@lkft#2x0SUgH3HDRQ5YCD733NxBrXD2V

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x0SUgH3HDRQ5YCD733NxBrXD2V

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SR2iDZ4z9eOUfCBwAGNsgopF/Image.gz
sha256sum	65887a5a3be27653aaa895419fe06aeeec5babf25fa078326e6a5ab1b291d180

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SR2iDZ4z9eOUfCBwAGNsgopF/modules.tar.xz
sha256sum	ddcb30742c0af2b82731246640de982c796b3682f98ffb33c56209bec5fd1b3d

durations

tests

boot	0
kunit	306.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

[   12.074692] ==================================================================
[   12.075272] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   12.075693] Write of size 1 at addr ffff888100a45ada by task kunit_try_catch/166
[   12.076111] 
[   12.076242] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.076298] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.076310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.076331] Call Trace:
[   12.076352]  <TASK>
[   12.076373]  dump_stack_lvl+0x73/0xb0
[   12.076412]  print_report+0xd1/0x650
[   12.076436]  ? __virt_addr_valid+0x1db/0x2d0
[   12.076460]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.076495]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.076520]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.076552]  kasan_report+0x140/0x180
[   12.076574]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.076600]  __asan_report_store1_noabort+0x1b/0x30
[   12.076623]  krealloc_less_oob_helper+0xec8/0x11d0
[   12.076647]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.076669]  ? finish_task_switch.isra.0+0x153/0x700
[   12.076694]  ? __switch_to+0x5d9/0xf60
[   12.076729]  ? __schedule+0xce8/0x2840
[   12.076753]  ? __pfx_read_tsc+0x10/0x10
[   12.076778]  krealloc_less_oob+0x1c/0x30
[   12.076808]  kunit_try_run_case+0x1a6/0x480
[   12.076832]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.076861]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.076883]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.076907]  ? __kthread_parkme+0x82/0x160
[   12.076928]  ? preempt_count_sub+0x50/0x80
[   12.076959]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.076980]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.077057]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.077084]  kthread+0x324/0x6e0
[   12.077119]  ? trace_preempt_on+0x20/0xc0
[   12.077143]  ? __pfx_kthread+0x10/0x10
[   12.077165]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.077188]  ? calculate_sigpending+0x7b/0xa0
[   12.077209]  ? __pfx_kthread+0x10/0x10
[   12.077231]  ret_from_fork+0x41/0x80
[   12.077249]  ? __pfx_kthread+0x10/0x10
[   12.077271]  ret_from_fork_asm+0x1a/0x30
[   12.077303]  </TASK>
[   12.077313] 
[   12.085713] Allocated by task 166:
[   12.085922]  kasan_save_stack+0x45/0x70
[   12.086311]  kasan_save_track+0x18/0x40
[   12.086517]  kasan_save_alloc_info+0x3b/0x50
[   12.086737]  __kasan_krealloc+0x190/0x1f0
[   12.086946]  krealloc_noprof+0xf3/0x340
[   12.087210]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.087435]  krealloc_less_oob+0x1c/0x30
[   12.087575]  kunit_try_run_case+0x1a6/0x480
[   12.087730]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.088112]  kthread+0x324/0x6e0
[   12.088289]  ret_from_fork+0x41/0x80
[   12.088472]  ret_from_fork_asm+0x1a/0x30
[   12.088669] 
[   12.088765] The buggy address belongs to the object at ffff888100a45a00
[   12.088765]  which belongs to the cache kmalloc-256 of size 256
[   12.089536] The buggy address is located 17 bytes to the right of
[   12.089536]  allocated 201-byte region [ffff888100a45a00, ffff888100a45ac9)
[   12.090258] 
[   12.090376] The buggy address belongs to the physical page:
[   12.090645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a44
[   12.090953] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.091392] flags: 0x200000000000040(head|node=0|zone=2)
[   12.091627] page_type: f5(slab)
[   12.091804] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.092208] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.092553] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.092806] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.093404] head: 0200000000000001 ffffea0004029101 ffffffffffffffff 0000000000000000
[   12.093783] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.094208] page dumped because: kasan: bad access detected
[   12.094451] 
[   12.094555] Memory state around the buggy address:
[   12.094779]  ffff888100a45980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.095187]  ffff888100a45a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.095457] >ffff888100a45a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.095774]                                                     ^
[   12.096137]  ffff888100a45b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.096442]  ffff888100a45b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.096745] ==================================================================
[   12.222972] ==================================================================
[   12.223648] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   12.224159] Write of size 1 at addr ffff88810293a0d0 by task kunit_try_catch/170
[   12.224602] 
[   12.224717] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.224761] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.224773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.224794] Call Trace:
[   12.224808]  <TASK>
[   12.224827]  dump_stack_lvl+0x73/0xb0
[   12.224867]  print_report+0xd1/0x650
[   12.224890]  ? __virt_addr_valid+0x1db/0x2d0
[   12.224912]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.224934]  ? kasan_addr_to_slab+0x11/0xa0
[   12.224953]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.224975]  kasan_report+0x140/0x180
[   12.224996]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.225178]  __asan_report_store1_noabort+0x1b/0x30
[   12.225202]  krealloc_less_oob_helper+0xe25/0x11d0
[   12.225226]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.225249]  ? finish_task_switch.isra.0+0x153/0x700
[   12.225271]  ? __switch_to+0x5d9/0xf60
[   12.225298]  ? __schedule+0xce8/0x2840
[   12.225322]  ? __pfx_read_tsc+0x10/0x10
[   12.225347]  krealloc_large_less_oob+0x1c/0x30
[   12.225368]  kunit_try_run_case+0x1a6/0x480
[   12.225391]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.225411]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.225431]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.225455]  ? __kthread_parkme+0x82/0x160
[   12.225477]  ? preempt_count_sub+0x50/0x80
[   12.225499]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.225521]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.225545]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.225570]  kthread+0x324/0x6e0
[   12.225591]  ? trace_preempt_on+0x20/0xc0
[   12.225614]  ? __pfx_kthread+0x10/0x10
[   12.225635]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.225658]  ? calculate_sigpending+0x7b/0xa0
[   12.225680]  ? __pfx_kthread+0x10/0x10
[   12.225702]  ret_from_fork+0x41/0x80
[   12.225719]  ? __pfx_kthread+0x10/0x10
[   12.225746]  ret_from_fork_asm+0x1a/0x30
[   12.225777]  </TASK>
[   12.225787] 
[   12.236583] The buggy address belongs to the physical page:
[   12.236938] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102938
[   12.237499] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.237849] flags: 0x200000000000040(head|node=0|zone=2)
[   12.238269] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.238705] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.239027] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.239599] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.239877] head: 0200000000000002 ffffea00040a4e01 ffffffffffffffff 0000000000000000
[   12.240368] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.240920] page dumped because: kasan: bad access detected
[   12.241384] 
[   12.241494] Memory state around the buggy address:
[   12.241812]  ffff888102939f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.242202]  ffff88810293a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.242770] >ffff88810293a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.243194]                                                  ^
[   12.243443]  ffff88810293a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.243773]  ffff88810293a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.244063] ==================================================================
[   12.120644] ==================================================================
[   12.120985] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   12.121613] Write of size 1 at addr ffff888100a45aeb by task kunit_try_catch/166
[   12.121908] 
[   12.122178] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.122226] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.122238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.122259] Call Trace:
[   12.122280]  <TASK>
[   12.122299]  dump_stack_lvl+0x73/0xb0
[   12.122326]  print_report+0xd1/0x650
[   12.122362]  ? __virt_addr_valid+0x1db/0x2d0
[   12.122384]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.122406]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.122443]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.122465]  kasan_report+0x140/0x180
[   12.122486]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.122513]  __asan_report_store1_noabort+0x1b/0x30
[   12.122535]  krealloc_less_oob_helper+0xd49/0x11d0
[   12.122560]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.122582]  ? finish_task_switch.isra.0+0x153/0x700
[   12.122606]  ? __switch_to+0x5d9/0xf60
[   12.122632]  ? __schedule+0xce8/0x2840
[   12.122665]  ? __pfx_read_tsc+0x10/0x10
[   12.122689]  krealloc_less_oob+0x1c/0x30
[   12.122709]  kunit_try_run_case+0x1a6/0x480
[   12.122742]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.122762]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.122783]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.122814]  ? __kthread_parkme+0x82/0x160
[   12.122851]  ? preempt_count_sub+0x50/0x80
[   12.122876]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.122897]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.122932]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.122957]  kthread+0x324/0x6e0
[   12.122978]  ? trace_preempt_on+0x20/0xc0
[   12.123076]  ? __pfx_kthread+0x10/0x10
[   12.123099]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.123122]  ? calculate_sigpending+0x7b/0xa0
[   12.123144]  ? __pfx_kthread+0x10/0x10
[   12.123166]  ret_from_fork+0x41/0x80
[   12.123184]  ? __pfx_kthread+0x10/0x10
[   12.123205]  ret_from_fork_asm+0x1a/0x30
[   12.123237]  </TASK>
[   12.123247] 
[   12.131538] Allocated by task 166:
[   12.131765]  kasan_save_stack+0x45/0x70
[   12.132091]  kasan_save_track+0x18/0x40
[   12.132314]  kasan_save_alloc_info+0x3b/0x50
[   12.132549]  __kasan_krealloc+0x190/0x1f0
[   12.132734]  krealloc_noprof+0xf3/0x340
[   12.132942]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.133372]  krealloc_less_oob+0x1c/0x30
[   12.133568]  kunit_try_run_case+0x1a6/0x480
[   12.133782]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.134009]  kthread+0x324/0x6e0
[   12.134183]  ret_from_fork+0x41/0x80
[   12.134349]  ret_from_fork_asm+0x1a/0x30
[   12.134523] 
[   12.134622] The buggy address belongs to the object at ffff888100a45a00
[   12.134622]  which belongs to the cache kmalloc-256 of size 256
[   12.135411] The buggy address is located 34 bytes to the right of
[   12.135411]  allocated 201-byte region [ffff888100a45a00, ffff888100a45ac9)
[   12.135959] 
[   12.136159] The buggy address belongs to the physical page:
[   12.136426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a44
[   12.136685] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.137363] flags: 0x200000000000040(head|node=0|zone=2)
[   12.137628] page_type: f5(slab)
[   12.137822] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.138253] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.138624] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.138903] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.139468] head: 0200000000000001 ffffea0004029101 ffffffffffffffff 0000000000000000
[   12.139752] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.140206] page dumped because: kasan: bad access detected
[   12.140441] 
[   12.140540] Memory state around the buggy address:
[   12.140784]  ffff888100a45980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.141360]  ffff888100a45a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.141678] >ffff888100a45a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.142088]                                                           ^
[   12.142399]  ffff888100a45b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.142674]  ffff888100a45b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.143139] ==================================================================
[   12.244810] ==================================================================
[   12.245337] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   12.245596] Write of size 1 at addr ffff88810293a0da by task kunit_try_catch/170
[   12.245923] 
[   12.246348] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.246395] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.246408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.246429] Call Trace:
[   12.246449]  <TASK>
[   12.246469]  dump_stack_lvl+0x73/0xb0
[   12.246498]  print_report+0xd1/0x650
[   12.246521]  ? __virt_addr_valid+0x1db/0x2d0
[   12.246543]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.246565]  ? kasan_addr_to_slab+0x11/0xa0
[   12.246584]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.246606]  kasan_report+0x140/0x180
[   12.246626]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.246652]  __asan_report_store1_noabort+0x1b/0x30
[   12.246677]  krealloc_less_oob_helper+0xec8/0x11d0
[   12.246700]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.246723]  ? finish_task_switch.isra.0+0x153/0x700
[   12.246746]  ? __switch_to+0x5d9/0xf60
[   12.246772]  ? __schedule+0xce8/0x2840
[   12.246796]  ? __pfx_read_tsc+0x10/0x10
[   12.246820]  krealloc_large_less_oob+0x1c/0x30
[   12.246852]  kunit_try_run_case+0x1a6/0x480
[   12.246876]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.246896]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.246917]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.246940]  ? __kthread_parkme+0x82/0x160
[   12.246962]  ? preempt_count_sub+0x50/0x80
[   12.246984]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.247017]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.247049]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.247074]  kthread+0x324/0x6e0
[   12.247095]  ? trace_preempt_on+0x20/0xc0
[   12.247120]  ? __pfx_kthread+0x10/0x10
[   12.247152]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.247174]  ? calculate_sigpending+0x7b/0xa0
[   12.247196]  ? __pfx_kthread+0x10/0x10
[   12.247217]  ret_from_fork+0x41/0x80
[   12.247235]  ? __pfx_kthread+0x10/0x10
[   12.247256]  ret_from_fork_asm+0x1a/0x30
[   12.247288]  </TASK>
[   12.247298] 
[   12.255064] The buggy address belongs to the physical page:
[   12.255386] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102938
[   12.255696] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.255981] flags: 0x200000000000040(head|node=0|zone=2)
[   12.256276] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.256638] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.256878] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.257365] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.257691] head: 0200000000000002 ffffea00040a4e01 ffffffffffffffff 0000000000000000
[   12.257973] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.258477] page dumped because: kasan: bad access detected
[   12.259018] 
[   12.259171] Memory state around the buggy address:
[   12.259340]  ffff888102939f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.259666]  ffff88810293a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.259955] >ffff88810293a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.260213]                                                     ^
[   12.260461]  ffff88810293a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.260884]  ffff88810293a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.261187] ==================================================================
[   12.195829] ==================================================================
[   12.196300] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   12.196558] Write of size 1 at addr ffff88810293a0c9 by task kunit_try_catch/170
[   12.196781] 
[   12.196878] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.196924] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.196935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.196955] Call Trace:
[   12.196969]  <TASK>
[   12.196988]  dump_stack_lvl+0x73/0xb0
[   12.197015]  print_report+0xd1/0x650
[   12.197037]  ? __virt_addr_valid+0x1db/0x2d0
[   12.197059]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.197081]  ? kasan_addr_to_slab+0x11/0xa0
[   12.197099]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.197122]  kasan_report+0x140/0x180
[   12.197142]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.197169]  __asan_report_store1_noabort+0x1b/0x30
[   12.197192]  krealloc_less_oob_helper+0xd72/0x11d0
[   12.197215]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.197238]  ? finish_task_switch.isra.0+0x153/0x700
[   12.197261]  ? __switch_to+0x5d9/0xf60
[   12.197286]  ? __schedule+0xce8/0x2840
[   12.197310]  ? __pfx_read_tsc+0x10/0x10
[   12.197334]  krealloc_large_less_oob+0x1c/0x30
[   12.197355]  kunit_try_run_case+0x1a6/0x480
[   12.197379]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.197399]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.197420]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.197443]  ? __kthread_parkme+0x82/0x160
[   12.197465]  ? preempt_count_sub+0x50/0x80
[   12.197487]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.197509]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.197533]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.197558]  kthread+0x324/0x6e0
[   12.197579]  ? trace_preempt_on+0x20/0xc0
[   12.197602]  ? __pfx_kthread+0x10/0x10
[   12.197623]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.197645]  ? calculate_sigpending+0x7b/0xa0
[   12.197666]  ? __pfx_kthread+0x10/0x10
[   12.197687]  ret_from_fork+0x41/0x80
[   12.197705]  ? __pfx_kthread+0x10/0x10
[   12.197727]  ret_from_fork_asm+0x1a/0x30
[   12.197763]  </TASK>
[   12.197774] 
[   12.214387] The buggy address belongs to the physical page:
[   12.214737] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102938
[   12.215228] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.215774] flags: 0x200000000000040(head|node=0|zone=2)
[   12.216132] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.216604] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.216926] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.217370] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.217764] head: 0200000000000002 ffffea00040a4e01 ffffffffffffffff 0000000000000000
[   12.218178] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.218656] page dumped because: kasan: bad access detected
[   12.218909] 
[   12.218992] Memory state around the buggy address:
[   12.219673]  ffff888102939f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.219965]  ffff88810293a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.220598] >ffff88810293a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.220933]                                               ^
[   12.221375]  ffff88810293a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.221675]  ffff88810293a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.222199] ==================================================================
[   12.046969] ==================================================================
[   12.047907] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   12.048488] Write of size 1 at addr ffff888100a45ad0 by task kunit_try_catch/166
[   12.049284] 
[   12.049478] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.049538] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.049550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.049572] Call Trace:
[   12.049595]  <TASK>
[   12.049618]  dump_stack_lvl+0x73/0xb0
[   12.049647]  print_report+0xd1/0x650
[   12.049679]  ? __virt_addr_valid+0x1db/0x2d0
[   12.049702]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.049724]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.049765]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.049788]  kasan_report+0x140/0x180
[   12.049808]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.049835]  __asan_report_store1_noabort+0x1b/0x30
[   12.049867]  krealloc_less_oob_helper+0xe25/0x11d0
[   12.049892]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.049914]  ? finish_task_switch.isra.0+0x153/0x700
[   12.049939]  ? __switch_to+0x5d9/0xf60
[   12.049965]  ? __schedule+0xce8/0x2840
[   12.050010]  ? __pfx_read_tsc+0x10/0x10
[   12.050040]  krealloc_less_oob+0x1c/0x30
[   12.050061]  kunit_try_run_case+0x1a6/0x480
[   12.050084]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.050105]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.050126]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.050149]  ? __kthread_parkme+0x82/0x160
[   12.050171]  ? preempt_count_sub+0x50/0x80
[   12.050195]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.050217]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.050241]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.050266]  kthread+0x324/0x6e0
[   12.050287]  ? trace_preempt_on+0x20/0xc0
[   12.050310]  ? __pfx_kthread+0x10/0x10
[   12.050332]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.050355]  ? calculate_sigpending+0x7b/0xa0
[   12.050378]  ? __pfx_kthread+0x10/0x10
[   12.050399]  ret_from_fork+0x41/0x80
[   12.050418]  ? __pfx_kthread+0x10/0x10
[   12.050439]  ret_from_fork_asm+0x1a/0x30
[   12.050471]  </TASK>
[   12.050481] 
[   12.062565] Allocated by task 166:
[   12.062815]  kasan_save_stack+0x45/0x70
[   12.063301]  kasan_save_track+0x18/0x40
[   12.063513]  kasan_save_alloc_info+0x3b/0x50
[   12.063678]  __kasan_krealloc+0x190/0x1f0
[   12.063847]  krealloc_noprof+0xf3/0x340
[   12.064196]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.064434]  krealloc_less_oob+0x1c/0x30
[   12.064576]  kunit_try_run_case+0x1a6/0x480
[   12.064817]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.065171]  kthread+0x324/0x6e0
[   12.065333]  ret_from_fork+0x41/0x80
[   12.065533]  ret_from_fork_asm+0x1a/0x30
[   12.065707] 
[   12.065785] The buggy address belongs to the object at ffff888100a45a00
[   12.065785]  which belongs to the cache kmalloc-256 of size 256
[   12.066455] The buggy address is located 7 bytes to the right of
[   12.066455]  allocated 201-byte region [ffff888100a45a00, ffff888100a45ac9)
[   12.066959] 
[   12.067365] The buggy address belongs to the physical page:
[   12.067631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a44
[   12.067945] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.068328] flags: 0x200000000000040(head|node=0|zone=2)
[   12.068671] page_type: f5(slab)
[   12.068856] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.069247] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.069564] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.069931] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.070366] head: 0200000000000001 ffffea0004029101 ffffffffffffffff 0000000000000000
[   12.070698] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.071283] page dumped because: kasan: bad access detected
[   12.071488] 
[   12.071606] Memory state around the buggy address:
[   12.071847]  ffff888100a45980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.072306]  ffff888100a45a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.072587] >ffff888100a45a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.072907]                                                  ^
[   12.073283]  ffff888100a45b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.073613]  ffff888100a45b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.073956] ==================================================================
[   12.283738] ==================================================================
[   12.283992] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   12.284934] Write of size 1 at addr ffff88810293a0eb by task kunit_try_catch/170
[   12.285208] 
[   12.285537] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.285601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.285614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.285646] Call Trace:
[   12.285669]  <TASK>
[   12.285690]  dump_stack_lvl+0x73/0xb0
[   12.285722]  print_report+0xd1/0x650
[   12.285785]  ? __virt_addr_valid+0x1db/0x2d0
[   12.285821]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.285865]  ? kasan_addr_to_slab+0x11/0xa0
[   12.285885]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.285908]  kasan_report+0x140/0x180
[   12.285929]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.285955]  __asan_report_store1_noabort+0x1b/0x30
[   12.285978]  krealloc_less_oob_helper+0xd49/0x11d0
[   12.286133]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.286166]  ? finish_task_switch.isra.0+0x153/0x700
[   12.286191]  ? __switch_to+0x5d9/0xf60
[   12.286216]  ? __schedule+0xce8/0x2840
[   12.286241]  ? __pfx_read_tsc+0x10/0x10
[   12.286266]  krealloc_large_less_oob+0x1c/0x30
[   12.286288]  kunit_try_run_case+0x1a6/0x480
[   12.286312]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.286333]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.286353]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.286377]  ? __kthread_parkme+0x82/0x160
[   12.286400]  ? preempt_count_sub+0x50/0x80
[   12.286424]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.286446]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.286471]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.286496]  kthread+0x324/0x6e0
[   12.286516]  ? trace_preempt_on+0x20/0xc0
[   12.286539]  ? __pfx_kthread+0x10/0x10
[   12.286561]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.286583]  ? calculate_sigpending+0x7b/0xa0
[   12.286604]  ? __pfx_kthread+0x10/0x10
[   12.286627]  ret_from_fork+0x41/0x80
[   12.286645]  ? __pfx_kthread+0x10/0x10
[   12.286666]  ret_from_fork_asm+0x1a/0x30
[   12.286697]  </TASK>
[   12.286708] 
[   12.297814] The buggy address belongs to the physical page:
[   12.298545] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102938
[   12.298916] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.299348] flags: 0x200000000000040(head|node=0|zone=2)
[   12.299850] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.300422] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.300922] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.301425] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.301738] head: 0200000000000002 ffffea00040a4e01 ffffffffffffffff 0000000000000000
[   12.302052] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.302597] page dumped because: kasan: bad access detected
[   12.302967] 
[   12.303081] Memory state around the buggy address:
[   12.303562]  ffff888102939f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.303959]  ffff88810293a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.304535] >ffff88810293a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.305074]                                                           ^
[   12.305671]  ffff88810293a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.306166]  ffff88810293a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.306495] ==================================================================
[   12.097685] ==================================================================
[   12.097964] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   12.098515] Write of size 1 at addr ffff888100a45aea by task kunit_try_catch/166
[   12.098834] 
[   12.098940] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.099108] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.099123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.099156] Call Trace:
[   12.099178]  <TASK>
[   12.099201]  dump_stack_lvl+0x73/0xb0
[   12.099230]  print_report+0xd1/0x650
[   12.099253]  ? __virt_addr_valid+0x1db/0x2d0
[   12.099275]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.099309]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.099335]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.099371]  kasan_report+0x140/0x180
[   12.099396]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.099426]  __asan_report_store1_noabort+0x1b/0x30
[   12.099462]  krealloc_less_oob_helper+0xe92/0x11d0
[   12.099487]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.099510]  ? finish_task_switch.isra.0+0x153/0x700
[   12.099535]  ? __switch_to+0x5d9/0xf60
[   12.099562]  ? __schedule+0xce8/0x2840
[   12.099587]  ? __pfx_read_tsc+0x10/0x10
[   12.099611]  krealloc_less_oob+0x1c/0x30
[   12.099632]  kunit_try_run_case+0x1a6/0x480
[   12.099656]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.099677]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.099697]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.099730]  ? __kthread_parkme+0x82/0x160
[   12.099752]  ? preempt_count_sub+0x50/0x80
[   12.099776]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.099807]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.099832]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.099866]  kthread+0x324/0x6e0
[   12.099887]  ? trace_preempt_on+0x20/0xc0
[   12.099910]  ? __pfx_kthread+0x10/0x10
[   12.099932]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.099955]  ? calculate_sigpending+0x7b/0xa0
[   12.099977]  ? __pfx_kthread+0x10/0x10
[   12.100101]  ret_from_fork+0x41/0x80
[   12.100123]  ? __pfx_kthread+0x10/0x10
[   12.100145]  ret_from_fork_asm+0x1a/0x30
[   12.100177]  </TASK>
[   12.100188] 
[   12.108559] Allocated by task 166:
[   12.108749]  kasan_save_stack+0x45/0x70
[   12.108967]  kasan_save_track+0x18/0x40
[   12.109553]  kasan_save_alloc_info+0x3b/0x50
[   12.109784]  __kasan_krealloc+0x190/0x1f0
[   12.109970]  krealloc_noprof+0xf3/0x340
[   12.110289]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.110543]  krealloc_less_oob+0x1c/0x30
[   12.110733]  kunit_try_run_case+0x1a6/0x480
[   12.110891]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.111286]  kthread+0x324/0x6e0
[   12.111467]  ret_from_fork+0x41/0x80
[   12.111652]  ret_from_fork_asm+0x1a/0x30
[   12.111856] 
[   12.111929] The buggy address belongs to the object at ffff888100a45a00
[   12.111929]  which belongs to the cache kmalloc-256 of size 256
[   12.112549] The buggy address is located 33 bytes to the right of
[   12.112549]  allocated 201-byte region [ffff888100a45a00, ffff888100a45ac9)
[   12.113343] 
[   12.113453] The buggy address belongs to the physical page:
[   12.113685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a44
[   12.114193] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.114467] flags: 0x200000000000040(head|node=0|zone=2)
[   12.114751] page_type: f5(slab)
[   12.114933] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.115216] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.115636] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.116068] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.116376] head: 0200000000000001 ffffea0004029101 ffffffffffffffff 0000000000000000
[   12.116683] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.117322] page dumped because: kasan: bad access detected
[   12.117599] 
[   12.117686] Memory state around the buggy address:
[   12.117921]  ffff888100a45980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.118321]  ffff888100a45a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.118733] >ffff888100a45a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.119157]                                                           ^
[   12.119437]  ffff888100a45b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.119739]  ffff888100a45b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.120080] ==================================================================
[   12.261658] ==================================================================
[   12.261907] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   12.262155] Write of size 1 at addr ffff88810293a0ea by task kunit_try_catch/170
[   12.262769] 
[   12.262901] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.262946] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.262957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.262978] Call Trace:
[   12.262998]  <TASK>
[   12.263016]  dump_stack_lvl+0x73/0xb0
[   12.263043]  print_report+0xd1/0x650
[   12.263064]  ? __virt_addr_valid+0x1db/0x2d0
[   12.263085]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.263107]  ? kasan_addr_to_slab+0x11/0xa0
[   12.263126]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.263148]  kasan_report+0x140/0x180
[   12.263168]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.263195]  __asan_report_store1_noabort+0x1b/0x30
[   12.263218]  krealloc_less_oob_helper+0xe92/0x11d0
[   12.263242]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.263264]  ? finish_task_switch.isra.0+0x153/0x700
[   12.263287]  ? __switch_to+0x5d9/0xf60
[   12.263313]  ? __schedule+0xce8/0x2840
[   12.263338]  ? __pfx_read_tsc+0x10/0x10
[   12.263364]  krealloc_large_less_oob+0x1c/0x30
[   12.263385]  kunit_try_run_case+0x1a6/0x480
[   12.263407]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.263427]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.263448]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.263471]  ? __kthread_parkme+0x82/0x160
[   12.263493]  ? preempt_count_sub+0x50/0x80
[   12.263515]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.263537]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.263561]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.263586]  kthread+0x324/0x6e0
[   12.263607]  ? trace_preempt_on+0x20/0xc0
[   12.263630]  ? __pfx_kthread+0x10/0x10
[   12.263651]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.263674]  ? calculate_sigpending+0x7b/0xa0
[   12.263695]  ? __pfx_kthread+0x10/0x10
[   12.263717]  ret_from_fork+0x41/0x80
[   12.263734]  ? __pfx_kthread+0x10/0x10
[   12.263756]  ret_from_fork_asm+0x1a/0x30
[   12.263787]  </TASK>
[   12.263797] 
[   12.274749] The buggy address belongs to the physical page:
[   12.275534] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102938
[   12.275890] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.276415] flags: 0x200000000000040(head|node=0|zone=2)
[   12.276665] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.277339] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.277735] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.278312] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.278720] head: 0200000000000002 ffffea00040a4e01 ffffffffffffffff 0000000000000000
[   12.279238] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.279679] page dumped because: kasan: bad access detected
[   12.280036] 
[   12.280141] Memory state around the buggy address:
[   12.280330]  ffff888102939f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.280608]  ffff88810293a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.281041] >ffff88810293a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.281830]                                                           ^
[   12.282315]  ffff88810293a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.282700]  ffff88810293a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.283002] ==================================================================
[   12.016578] ==================================================================
[   12.017055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   12.017317] Write of size 1 at addr ffff888100a45ac9 by task kunit_try_catch/166
[   12.017543] 
[   12.017634] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.017678] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.017690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.017712] Call Trace:
[   12.017726]  <TASK>
[   12.017751]  dump_stack_lvl+0x73/0xb0
[   12.017782]  print_report+0xd1/0x650
[   12.017802]  ? __virt_addr_valid+0x1db/0x2d0
[   12.017825]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.017893]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.017918]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.017940]  kasan_report+0x140/0x180
[   12.017961]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.017988]  __asan_report_store1_noabort+0x1b/0x30
[   12.018145]  krealloc_less_oob_helper+0xd72/0x11d0
[   12.018176]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.018199]  ? finish_task_switch.isra.0+0x153/0x700
[   12.018226]  ? __switch_to+0x5d9/0xf60
[   12.018252]  ? __schedule+0xce8/0x2840
[   12.018278]  ? __pfx_read_tsc+0x10/0x10
[   12.018302]  krealloc_less_oob+0x1c/0x30
[   12.018322]  kunit_try_run_case+0x1a6/0x480
[   12.018347]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.018368]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.018390]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.018416]  ? __kthread_parkme+0x82/0x160
[   12.018440]  ? preempt_count_sub+0x50/0x80
[   12.018464]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.018485]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.018510]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.018535]  kthread+0x324/0x6e0
[   12.018556]  ? trace_preempt_on+0x20/0xc0
[   12.018582]  ? __pfx_kthread+0x10/0x10
[   12.018603]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.018625]  ? calculate_sigpending+0x7b/0xa0
[   12.018646]  ? __pfx_kthread+0x10/0x10
[   12.018668]  ret_from_fork+0x41/0x80
[   12.018687]  ? __pfx_kthread+0x10/0x10
[   12.018708]  ret_from_fork_asm+0x1a/0x30
[   12.018741]  </TASK>
[   12.018752] 
[   12.032152] Allocated by task 166:
[   12.032321]  kasan_save_stack+0x45/0x70
[   12.032823]  kasan_save_track+0x18/0x40
[   12.033252]  kasan_save_alloc_info+0x3b/0x50
[   12.033664]  __kasan_krealloc+0x190/0x1f0
[   12.033880]  krealloc_noprof+0xf3/0x340
[   12.034395]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.034756]  krealloc_less_oob+0x1c/0x30
[   12.034967]  kunit_try_run_case+0x1a6/0x480
[   12.035656]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.035865]  kthread+0x324/0x6e0
[   12.036091]  ret_from_fork+0x41/0x80
[   12.036277]  ret_from_fork_asm+0x1a/0x30
[   12.036477] 
[   12.036574] The buggy address belongs to the object at ffff888100a45a00
[   12.036574]  which belongs to the cache kmalloc-256 of size 256
[   12.037028] The buggy address is located 0 bytes to the right of
[   12.037028]  allocated 201-byte region [ffff888100a45a00, ffff888100a45ac9)
[   12.037642] 
[   12.037719] The buggy address belongs to the physical page:
[   12.037987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a44
[   12.038416] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.038713] flags: 0x200000000000040(head|node=0|zone=2)
[   12.038965] page_type: f5(slab)
[   12.039469] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.039797] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.040235] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.040615] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.040925] head: 0200000000000001 ffffea0004029101 ffffffffffffffff 0000000000000000
[   12.041393] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.041794] page dumped because: kasan: bad access detected
[   12.042103] 
[   12.042251] Memory state around the buggy address:
[   12.042440]  ffff888100a45980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.042769]  ffff888100a45a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.043405] >ffff888100a45a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.043939]                                               ^
[   12.044552]  ffff888100a45b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.045310]  ffff888100a45b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.045980] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x0SPsCc3D4dL5Fs7f4y5KqWbP1

job_id

TEST:linaro@lkft#2x0SVwltlsrm2T0d5Ba3sftzBJV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x0SVwltlsrm2T0d5Ba3sftzBJV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SS2Hw3iq0iQlsLeAo2dcc2s8/bzImage
sha256sum	7bc2976d5bc54a2548ad80d58c51f55eeb790da9ccb30ecb5948e73bb43c003b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x0SS2Hw3iq0iQlsLeAo2dcc2s8/modules.tar.xz
sha256sum	64a9a8df2a58f3013b4dda0c48e7d525f20040a72fb28fa3604f8eafd96b0610

durations

tests

boot	0
kunit	240.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit