lkft/linux-stable-rc-linux-6.14.y - v6.14.9-74-gd9764ae24926 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 2, 2025, 2:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.505849] ==================================================================
[   18.507010] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.508041] Write of size 1 at addr fff00000c65f20ea by task kunit_try_catch/152
[   18.508826] 
[   18.509116] CPU: 1 UID: 0 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.509487] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.509534] Hardware name: linux,dummy-virt (DT)
[   18.509574] Call trace:
[   18.509601]  show_stack+0x20/0x38 (C)
[   18.509669]  dump_stack_lvl+0x8c/0xd0
[   18.509724]  print_report+0x118/0x608
[   18.509778]  kasan_report+0xdc/0x128
[   18.509830]  __asan_report_store1_noabort+0x20/0x30
[   18.509884]  krealloc_less_oob_helper+0xae4/0xc50
[   18.509937]  krealloc_large_less_oob+0x20/0x38
[   18.509990]  kunit_try_run_case+0x170/0x3f0
[   18.510043]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.510249]  kthread+0x318/0x620
[   18.510350]  ret_from_fork+0x10/0x20
[   18.510440] 
[   18.512983] The buggy address belongs to the physical page:
[   18.513228] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f0
[   18.514064] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.514851] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.516943] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.517769] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.518719] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.519450] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.519878] head: 0bfffe0000000002 ffffc1ffc3197c01 ffffffffffffffff 0000000000000000
[   18.520672] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.521358] page dumped because: kasan: bad access detected
[   18.521804] 
[   18.521978] Memory state around the buggy address:
[   18.523316]  fff00000c65f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.524039]  fff00000c65f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.524640] >fff00000c65f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.524977]                                                           ^
[   18.525414]  fff00000c65f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.525932]  fff00000c65f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.527829] ==================================================================
[   18.479887] ==================================================================
[   18.481597] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.483040] Write of size 1 at addr fff00000c65f20da by task kunit_try_catch/152
[   18.483620] 
[   18.483918] CPU: 1 UID: 0 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.484143] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.484224] Hardware name: linux,dummy-virt (DT)
[   18.484299] Call trace:
[   18.484349]  show_stack+0x20/0x38 (C)
[   18.484419]  dump_stack_lvl+0x8c/0xd0
[   18.484473]  print_report+0x118/0x608
[   18.484525]  kasan_report+0xdc/0x128
[   18.484575]  __asan_report_store1_noabort+0x20/0x30
[   18.484627]  krealloc_less_oob_helper+0xa80/0xc50
[   18.484681]  krealloc_large_less_oob+0x20/0x38
[   18.484733]  kunit_try_run_case+0x170/0x3f0
[   18.484784]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.484840]  kthread+0x318/0x620
[   18.484890]  ret_from_fork+0x10/0x20
[   18.484944] 
[   18.488646] The buggy address belongs to the physical page:
[   18.488930] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f0
[   18.491391] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.491904] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.492599] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.493351] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.494013] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.495343] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.496392] head: 0bfffe0000000002 ffffc1ffc3197c01 ffffffffffffffff 0000000000000000
[   18.497393] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.498520] page dumped because: kasan: bad access detected
[   18.499178] 
[   18.499602] Memory state around the buggy address:
[   18.500014]  fff00000c65f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.500621]  fff00000c65f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.501534] >fff00000c65f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.502057]                                                     ^
[   18.502765]  fff00000c65f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.503297]  fff00000c65f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.503795] ==================================================================
[   18.429202] ==================================================================
[   18.430477] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.430997] Write of size 1 at addr fff00000c65f20c9 by task kunit_try_catch/152
[   18.431369] 
[   18.431531] CPU: 1 UID: 0 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.431631] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.431661] Hardware name: linux,dummy-virt (DT)
[   18.431698] Call trace:
[   18.431725]  show_stack+0x20/0x38 (C)
[   18.431785]  dump_stack_lvl+0x8c/0xd0
[   18.431840]  print_report+0x118/0x608
[   18.431892]  kasan_report+0xdc/0x128
[   18.431941]  __asan_report_store1_noabort+0x20/0x30
[   18.431993]  krealloc_less_oob_helper+0xa48/0xc50
[   18.432046]  krealloc_large_less_oob+0x20/0x38
[   18.432097]  kunit_try_run_case+0x170/0x3f0
[   18.432149]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.433115]  kthread+0x318/0x620
[   18.433449]  ret_from_fork+0x10/0x20
[   18.433532] 
[   18.439796] The buggy address belongs to the physical page:
[   18.440088] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f0
[   18.440500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.440832] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.441232] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.441987] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.443102] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.443663] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.444364] head: 0bfffe0000000002 ffffc1ffc3197c01 ffffffffffffffff 0000000000000000
[   18.445106] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.445868] page dumped because: kasan: bad access detected
[   18.447002] 
[   18.447213] Memory state around the buggy address:
[   18.447493]  fff00000c65f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.448392]  fff00000c65f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.448927] >fff00000c65f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.449791]                                               ^
[   18.450419]  fff00000c65f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.451313]  fff00000c65f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.452013] ==================================================================
[   18.327603] ==================================================================
[   18.327859] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.328116] Write of size 1 at addr fff00000c1789ceb by task kunit_try_catch/148
[   18.328892] 
[   18.330099] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.330346] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.330414] Hardware name: linux,dummy-virt (DT)
[   18.330495] Call trace:
[   18.330550]  show_stack+0x20/0x38 (C)
[   18.330683]  dump_stack_lvl+0x8c/0xd0
[   18.330766]  print_report+0x118/0x608
[   18.330826]  kasan_report+0xdc/0x128
[   18.330905]  __asan_report_store1_noabort+0x20/0x30
[   18.330957]  krealloc_less_oob_helper+0xa58/0xc50
[   18.331011]  krealloc_less_oob+0x20/0x38
[   18.331060]  kunit_try_run_case+0x170/0x3f0
[   18.331115]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.331196]  kthread+0x318/0x620
[   18.331252]  ret_from_fork+0x10/0x20
[   18.331311] 
[   18.335148] Allocated by task 148:
[   18.337475]  kasan_save_stack+0x3c/0x68
[   18.337887]  kasan_save_track+0x20/0x40
[   18.338537]  kasan_save_alloc_info+0x40/0x58
[   18.338972]  __kasan_krealloc+0x118/0x178
[   18.339380]  krealloc_noprof+0x128/0x360
[   18.339756]  krealloc_less_oob_helper+0x168/0xc50
[   18.340143]  krealloc_less_oob+0x20/0x38
[   18.341664]  kunit_try_run_case+0x170/0x3f0
[   18.342085]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.342534]  kthread+0x318/0x620
[   18.342837]  ret_from_fork+0x10/0x20
[   18.343256] 
[   18.343561] The buggy address belongs to the object at fff00000c1789c00
[   18.343561]  which belongs to the cache kmalloc-256 of size 256
[   18.344675] The buggy address is located 34 bytes to the right of
[   18.344675]  allocated 201-byte region [fff00000c1789c00, fff00000c1789cc9)
[   18.345724] 
[   18.346165] The buggy address belongs to the physical page:
[   18.346620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101788
[   18.347372] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.347896] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.349361] page_type: f5(slab)
[   18.349571] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.349807] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.350035] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.351239] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.352006] head: 0bfffe0000000001 ffffc1ffc305e201 ffffffffffffffff 0000000000000000
[   18.352702] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.353524] page dumped because: kasan: bad access detected
[   18.354211] 
[   18.354617] Memory state around the buggy address:
[   18.354992]  fff00000c1789b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.355725]  fff00000c1789c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.356768] >fff00000c1789c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.357111]                                                           ^
[   18.357633]  fff00000c1789d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.358901]  fff00000c1789d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.359537] ==================================================================
[   18.189880] ==================================================================
[   18.190854] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.191348] Write of size 1 at addr fff00000c1789cc9 by task kunit_try_catch/148
[   18.191595] 
[   18.191715] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.191814] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.191843] Hardware name: linux,dummy-virt (DT)
[   18.191881] Call trace:
[   18.191907]  show_stack+0x20/0x38 (C)
[   18.191968]  dump_stack_lvl+0x8c/0xd0
[   18.192024]  print_report+0x118/0x608
[   18.192077]  kasan_report+0xdc/0x128
[   18.192127]  __asan_report_store1_noabort+0x20/0x30
[   18.192239]  krealloc_less_oob_helper+0xa48/0xc50
[   18.192334]  krealloc_less_oob+0x20/0x38
[   18.192429]  kunit_try_run_case+0x170/0x3f0
[   18.192537]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.192672]  kthread+0x318/0x620
[   18.192785]  ret_from_fork+0x10/0x20
[   18.192894] 
[   18.200167] Allocated by task 148:
[   18.200558]  kasan_save_stack+0x3c/0x68
[   18.201072]  kasan_save_track+0x20/0x40
[   18.201538]  kasan_save_alloc_info+0x40/0x58
[   18.202013]  __kasan_krealloc+0x118/0x178
[   18.202790]  krealloc_noprof+0x128/0x360
[   18.202986]  krealloc_less_oob_helper+0x168/0xc50
[   18.203149]  krealloc_less_oob+0x20/0x38
[   18.203316]  kunit_try_run_case+0x170/0x3f0
[   18.203466]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.203636]  kthread+0x318/0x620
[   18.203769]  ret_from_fork+0x10/0x20
[   18.203906] 
[   18.204002] The buggy address belongs to the object at fff00000c1789c00
[   18.204002]  which belongs to the cache kmalloc-256 of size 256
[   18.204790] The buggy address is located 0 bytes to the right of
[   18.204790]  allocated 201-byte region [fff00000c1789c00, fff00000c1789cc9)
[   18.206005] 
[   18.206308] The buggy address belongs to the physical page:
[   18.207299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101788
[   18.208956] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.209751] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.210499] page_type: f5(slab)
[   18.211131] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.211867] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.212673] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.213459] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.215128] head: 0bfffe0000000001 ffffc1ffc305e201 ffffffffffffffff 0000000000000000
[   18.215727] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.216460] page dumped because: kasan: bad access detected
[   18.216798] 
[   18.216986] Memory state around the buggy address:
[   18.217296]  fff00000c1789b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.217684]  fff00000c1789c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.218069] >fff00000c1789c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.218516]                                               ^
[   18.218990]  fff00000c1789d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.220088]  fff00000c1789d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.220521] ==================================================================
[   18.296557] ==================================================================
[   18.297142] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.297741] Write of size 1 at addr fff00000c1789cea by task kunit_try_catch/148
[   18.298427] 
[   18.298992] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.299110] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.299142] Hardware name: linux,dummy-virt (DT)
[   18.299205] Call trace:
[   18.299232]  show_stack+0x20/0x38 (C)
[   18.299302]  dump_stack_lvl+0x8c/0xd0
[   18.299357]  print_report+0x118/0x608
[   18.299411]  kasan_report+0xdc/0x128
[   18.299462]  __asan_report_store1_noabort+0x20/0x30
[   18.299516]  krealloc_less_oob_helper+0xae4/0xc50
[   18.299570]  krealloc_less_oob+0x20/0x38
[   18.299621]  kunit_try_run_case+0x170/0x3f0
[   18.299673]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.299730]  kthread+0x318/0x620
[   18.299780]  ret_from_fork+0x10/0x20
[   18.299835] 
[   18.304540] Allocated by task 148:
[   18.304760]  kasan_save_stack+0x3c/0x68
[   18.305017]  kasan_save_track+0x20/0x40
[   18.305306]  kasan_save_alloc_info+0x40/0x58
[   18.305682]  __kasan_krealloc+0x118/0x178
[   18.308052]  krealloc_noprof+0x128/0x360
[   18.308450]  krealloc_less_oob_helper+0x168/0xc50
[   18.308885]  krealloc_less_oob+0x20/0x38
[   18.309325]  kunit_try_run_case+0x170/0x3f0
[   18.309723]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.310770]  kthread+0x318/0x620
[   18.311203]  ret_from_fork+0x10/0x20
[   18.311441] 
[   18.311582] The buggy address belongs to the object at fff00000c1789c00
[   18.311582]  which belongs to the cache kmalloc-256 of size 256
[   18.312094] The buggy address is located 33 bytes to the right of
[   18.312094]  allocated 201-byte region [fff00000c1789c00, fff00000c1789cc9)
[   18.312640] 
[   18.312779] The buggy address belongs to the physical page:
[   18.313050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101788
[   18.315225] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.316373] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.316990] page_type: f5(slab)
[   18.317350] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.318315] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.318574] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.318802] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.319029] head: 0bfffe0000000001 ffffc1ffc305e201 ffffffffffffffff 0000000000000000
[   18.319361] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.320063] page dumped because: kasan: bad access detected
[   18.321269] 
[   18.321700] Memory state around the buggy address:
[   18.322533]  fff00000c1789b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.323071]  fff00000c1789c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.323668] >fff00000c1789c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.325561]                                                           ^
[   18.326366]  fff00000c1789d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.326682]  fff00000c1789d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.326896] ==================================================================
[   18.224076] ==================================================================
[   18.224915] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.225668] Write of size 1 at addr fff00000c1789cd0 by task kunit_try_catch/148
[   18.227226] 
[   18.227455] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.227562] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.227596] Hardware name: linux,dummy-virt (DT)
[   18.227635] Call trace:
[   18.227661]  show_stack+0x20/0x38 (C)
[   18.227733]  dump_stack_lvl+0x8c/0xd0
[   18.227788]  print_report+0x118/0x608
[   18.227843]  kasan_report+0xdc/0x128
[   18.227894]  __asan_report_store1_noabort+0x20/0x30
[   18.227948]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.228002]  krealloc_less_oob+0x20/0x38
[   18.228052]  kunit_try_run_case+0x170/0x3f0
[   18.228106]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.229425]  kthread+0x318/0x620
[   18.229575]  ret_from_fork+0x10/0x20
[   18.229641] 
[   18.236738] Allocated by task 148:
[   18.237118]  kasan_save_stack+0x3c/0x68
[   18.237769]  kasan_save_track+0x20/0x40
[   18.238395]  kasan_save_alloc_info+0x40/0x58
[   18.239644]  __kasan_krealloc+0x118/0x178
[   18.240100]  krealloc_noprof+0x128/0x360
[   18.240752]  krealloc_less_oob_helper+0x168/0xc50
[   18.241218]  krealloc_less_oob+0x20/0x38
[   18.241858]  kunit_try_run_case+0x170/0x3f0
[   18.242474]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.243373]  kthread+0x318/0x620
[   18.243931]  ret_from_fork+0x10/0x20
[   18.244343] 
[   18.244578] The buggy address belongs to the object at fff00000c1789c00
[   18.244578]  which belongs to the cache kmalloc-256 of size 256
[   18.245795] The buggy address is located 7 bytes to the right of
[   18.245795]  allocated 201-byte region [fff00000c1789c00, fff00000c1789cc9)
[   18.246865] 
[   18.247064] The buggy address belongs to the physical page:
[   18.248244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101788
[   18.249178] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.250099] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.250921] page_type: f5(slab)
[   18.251412] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.252109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.252679] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.252924] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.253169] head: 0bfffe0000000001 ffffc1ffc305e201 ffffffffffffffff 0000000000000000
[   18.253405] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.253635] page dumped because: kasan: bad access detected
[   18.253814] 
[   18.253915] Memory state around the buggy address:
[   18.254136]  fff00000c1789b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.254581]  fff00000c1789c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.256314] >fff00000c1789c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.256961]                                                  ^
[   18.257429]  fff00000c1789d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.257953]  fff00000c1789d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.259234] ==================================================================
[   18.261554] ==================================================================
[   18.262101] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.262904] Write of size 1 at addr fff00000c1789cda by task kunit_try_catch/148
[   18.264710] 
[   18.265031] CPU: 1 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.265237] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.265284] Hardware name: linux,dummy-virt (DT)
[   18.265324] Call trace:
[   18.265369]  show_stack+0x20/0x38 (C)
[   18.265449]  dump_stack_lvl+0x8c/0xd0
[   18.265513]  print_report+0x118/0x608
[   18.265581]  kasan_report+0xdc/0x128
[   18.265633]  __asan_report_store1_noabort+0x20/0x30
[   18.265686]  krealloc_less_oob_helper+0xa80/0xc50
[   18.265741]  krealloc_less_oob+0x20/0x38
[   18.265792]  kunit_try_run_case+0x170/0x3f0
[   18.265845]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.265902]  kthread+0x318/0x620
[   18.265953]  ret_from_fork+0x10/0x20
[   18.266009] 
[   18.271805] Allocated by task 148:
[   18.272479]  kasan_save_stack+0x3c/0x68
[   18.272903]  kasan_save_track+0x20/0x40
[   18.273285]  kasan_save_alloc_info+0x40/0x58
[   18.273814]  __kasan_krealloc+0x118/0x178
[   18.274701]  krealloc_noprof+0x128/0x360
[   18.275108]  krealloc_less_oob_helper+0x168/0xc50
[   18.275525]  krealloc_less_oob+0x20/0x38
[   18.275969]  kunit_try_run_case+0x170/0x3f0
[   18.276407]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.276893]  kthread+0x318/0x620
[   18.277321]  ret_from_fork+0x10/0x20
[   18.277799] 
[   18.278352] The buggy address belongs to the object at fff00000c1789c00
[   18.278352]  which belongs to the cache kmalloc-256 of size 256
[   18.279239] The buggy address is located 17 bytes to the right of
[   18.279239]  allocated 201-byte region [fff00000c1789c00, fff00000c1789cc9)
[   18.281017] 
[   18.281229] The buggy address belongs to the physical page:
[   18.281558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101788
[   18.282694] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.283218] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.283893] page_type: f5(slab)
[   18.284268] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.284945] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.285635] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.287201] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.287793] head: 0bfffe0000000001 ffffc1ffc305e201 ffffffffffffffff 0000000000000000
[   18.288468] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   18.289063] page dumped because: kasan: bad access detected
[   18.289642] 
[   18.289879] Memory state around the buggy address:
[   18.290648]  fff00000c1789b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.291325]  fff00000c1789c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.291950] >fff00000c1789c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.292961]                                                     ^
[   18.293441]  fff00000c1789d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.294063]  fff00000c1789d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.295437] ==================================================================
[   18.529010] ==================================================================
[   18.529953] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.530737] Write of size 1 at addr fff00000c65f20eb by task kunit_try_catch/152
[   18.531183] 
[   18.531501] CPU: 1 UID: 0 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.531614] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.531645] Hardware name: linux,dummy-virt (DT)
[   18.531710] Call trace:
[   18.531736]  show_stack+0x20/0x38 (C)
[   18.531800]  dump_stack_lvl+0x8c/0xd0
[   18.531853]  print_report+0x118/0x608
[   18.531903]  kasan_report+0xdc/0x128
[   18.531950]  __asan_report_store1_noabort+0x20/0x30
[   18.532000]  krealloc_less_oob_helper+0xa58/0xc50
[   18.532049]  krealloc_large_less_oob+0x20/0x38
[   18.532097]  kunit_try_run_case+0x170/0x3f0
[   18.532145]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.533240]  kthread+0x318/0x620
[   18.533295]  ret_from_fork+0x10/0x20
[   18.533354] 
[   18.537812] The buggy address belongs to the physical page:
[   18.538203] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f0
[   18.538948] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.540036] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.540819] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.541607] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.542739] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.543471] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.544558] head: 0bfffe0000000002 ffffc1ffc3197c01 ffffffffffffffff 0000000000000000
[   18.545360] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.546102] page dumped because: kasan: bad access detected
[   18.546906] 
[   18.547161] Memory state around the buggy address:
[   18.547565]  fff00000c65f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.548031]  fff00000c65f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.548523] >fff00000c65f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.549296]                                                           ^
[   18.549846]  fff00000c65f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.551312]  fff00000c65f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.552044] ==================================================================
[   18.454118] ==================================================================
[   18.455285] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.455658] Write of size 1 at addr fff00000c65f20d0 by task kunit_try_catch/152
[   18.455997] 
[   18.456147] CPU: 1 UID: 0 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   18.456262] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.456294] Hardware name: linux,dummy-virt (DT)
[   18.456332] Call trace:
[   18.456358]  show_stack+0x20/0x38 (C)
[   18.456418]  dump_stack_lvl+0x8c/0xd0
[   18.456471]  print_report+0x118/0x608
[   18.456524]  kasan_report+0xdc/0x128
[   18.456574]  __asan_report_store1_noabort+0x20/0x30
[   18.456626]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.456679]  krealloc_large_less_oob+0x20/0x38
[   18.456730]  kunit_try_run_case+0x170/0x3f0
[   18.456782]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.456838]  kthread+0x318/0x620
[   18.456886]  ret_from_fork+0x10/0x20
[   18.456941] 
[   18.464887] The buggy address belongs to the physical page:
[   18.465361] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065f0
[   18.465962] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.467069] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.467793] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.468511] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.469255] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.470029] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   18.470938] head: 0bfffe0000000002 ffffc1ffc3197c01 ffffffffffffffff 0000000000000000
[   18.471509] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   18.472072] page dumped because: kasan: bad access detected
[   18.473316] 
[   18.473737] Memory state around the buggy address:
[   18.474549]  fff00000c65f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.475140]  fff00000c65f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.475939] >fff00000c65f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.476619]                                                  ^
[   18.477328]  fff00000c65f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.478110]  fff00000c65f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.479011] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xxIrjnY3qrEVj7fL32ZBFnpdUJ

job_id

TEST:linaro@lkft#2xxIwXuNlIzxQj0IpkkVRHMEZcO

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxIwXuNlIzxQj0IpkkVRHMEZcO

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIt2FGzQnKvGggP0xsi4xIwvI/Image.gz
sha256sum	32a8b72922f193882a307c25103255c66d67e9f963c008702ba8ba647a4a98c3

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxIt2FGzQnKvGggP0xsi4xIwvI/modules.tar.xz
sha256sum	58cc75b6d61cea97f72b8fd292af11ead6934a75d8117cee65e72b5a129f94d4

durations

tests

boot	0
kunit	343.69

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.594150] ==================================================================
[   12.594427] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   12.594684] Write of size 1 at addr ffff8881028860eb by task kunit_try_catch/170
[   12.594906] 
[   12.594987] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.595036] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.595047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.595068] Call Trace:
[   12.595084]  <TASK>
[   12.595098]  dump_stack_lvl+0x73/0xb0
[   12.595121]  print_report+0xd1/0x650
[   12.595142]  ? __virt_addr_valid+0x1db/0x2d0
[   12.595163]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.595185]  ? kasan_addr_to_slab+0x11/0xa0
[   12.595204]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.595227]  kasan_report+0x140/0x180
[   12.595248]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.595275]  __asan_report_store1_noabort+0x1b/0x30
[   12.595297]  krealloc_less_oob_helper+0xd49/0x11d0
[   12.595321]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.595345]  ? finish_task_switch.isra.0+0x153/0x700
[   12.595368]  ? __switch_to+0x5d9/0xf60
[   12.595392]  ? __schedule+0xce8/0x2840
[   12.595414]  ? __pfx_read_tsc+0x10/0x10
[   12.595438]  krealloc_large_less_oob+0x1c/0x30
[   12.595459]  kunit_try_run_case+0x1a6/0x480
[   12.595482]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.595504]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.595527]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.595550]  ? __kthread_parkme+0x82/0x160
[   12.595571]  ? preempt_count_sub+0x50/0x80
[   12.595595]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.595616]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.595642]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.595667]  kthread+0x324/0x6e0
[   12.595687]  ? trace_preempt_on+0x20/0xc0
[   12.595710]  ? __pfx_kthread+0x10/0x10
[   12.595731]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.595752]  ? calculate_sigpending+0x7b/0xa0
[   12.595772]  ? __pfx_kthread+0x10/0x10
[   12.595794]  ret_from_fork+0x41/0x80
[   12.595811]  ? __pfx_kthread+0x10/0x10
[   12.595832]  ret_from_fork_asm+0x1a/0x30
[   12.595863]  </TASK>
[   12.595874] 
[   12.607308] The buggy address belongs to the physical page:
[   12.607496] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102884
[   12.608230] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.608951] flags: 0x200000000000040(head|node=0|zone=2)
[   12.609477] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.610194] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.611065] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.611796] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.612494] head: 0200000000000002 ffffea00040a2101 ffffffffffffffff 0000000000000000
[   12.613072] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.613296] page dumped because: kasan: bad access detected
[   12.613466] 
[   12.613535] Memory state around the buggy address:
[   12.613736]  ffff888102885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.614188]  ffff888102886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.614542] >ffff888102886080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.614752]                                                           ^
[   12.615068]  ffff888102886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.615430]  ffff888102886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.615760] ==================================================================
[   12.459349] ==================================================================
[   12.459737] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd49/0x11d0
[   12.459978] Write of size 1 at addr ffff888100ad2aeb by task kunit_try_catch/166
[   12.460525] 
[   12.460910] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.460954] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.460975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.460994] Call Trace:
[   12.461011]  <TASK>
[   12.461037]  dump_stack_lvl+0x73/0xb0
[   12.461064]  print_report+0xd1/0x650
[   12.461084]  ? __virt_addr_valid+0x1db/0x2d0
[   12.461105]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.461128]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.461152]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.461174]  kasan_report+0x140/0x180
[   12.461197]  ? krealloc_less_oob_helper+0xd49/0x11d0
[   12.461225]  __asan_report_store1_noabort+0x1b/0x30
[   12.461248]  krealloc_less_oob_helper+0xd49/0x11d0
[   12.461273]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.461295]  ? finish_task_switch.isra.0+0x153/0x700
[   12.461317]  ? __switch_to+0x5d9/0xf60
[   12.461341]  ? __schedule+0xce8/0x2840
[   12.461362]  ? __pfx_read_tsc+0x10/0x10
[   12.461386]  krealloc_less_oob+0x1c/0x30
[   12.461406]  kunit_try_run_case+0x1a6/0x480
[   12.461428]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.461448]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.461470]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.461493]  ? __kthread_parkme+0x82/0x160
[   12.461514]  ? preempt_count_sub+0x50/0x80
[   12.461538]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.461746]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.461775]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.461801]  kthread+0x324/0x6e0
[   12.461859]  ? trace_preempt_on+0x20/0xc0
[   12.461883]  ? __pfx_kthread+0x10/0x10
[   12.461904]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.461926]  ? calculate_sigpending+0x7b/0xa0
[   12.461946]  ? __pfx_kthread+0x10/0x10
[   12.461968]  ret_from_fork+0x41/0x80
[   12.461986]  ? __pfx_kthread+0x10/0x10
[   12.462007]  ret_from_fork_asm+0x1a/0x30
[   12.462052]  </TASK>
[   12.462062] 
[   12.471865] Allocated by task 166:
[   12.472068]  kasan_save_stack+0x45/0x70
[   12.472249]  kasan_save_track+0x18/0x40
[   12.472382]  kasan_save_alloc_info+0x3b/0x50
[   12.472555]  __kasan_krealloc+0x190/0x1f0
[   12.472813]  krealloc_noprof+0xf3/0x340
[   12.473004]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.473212]  krealloc_less_oob+0x1c/0x30
[   12.473385]  kunit_try_run_case+0x1a6/0x480
[   12.473653]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.473880]  kthread+0x324/0x6e0
[   12.474055]  ret_from_fork+0x41/0x80
[   12.474238]  ret_from_fork_asm+0x1a/0x30
[   12.474401] 
[   12.474494] The buggy address belongs to the object at ffff888100ad2a00
[   12.474494]  which belongs to the cache kmalloc-256 of size 256
[   12.474918] The buggy address is located 34 bytes to the right of
[   12.474918]  allocated 201-byte region [ffff888100ad2a00, ffff888100ad2ac9)
[   12.475394] 
[   12.475492] The buggy address belongs to the physical page:
[   12.475736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ad2
[   12.476031] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.476303] flags: 0x200000000000040(head|node=0|zone=2)
[   12.476556] page_type: f5(slab)
[   12.476723] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.477114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.477407] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.477929] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.478245] head: 0200000000000001 ffffea000402b481 ffffffffffffffff 0000000000000000
[   12.478539] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.478914] page dumped because: kasan: bad access detected
[   12.479131] 
[   12.479203] Memory state around the buggy address:
[   12.479408]  ffff888100ad2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.479789]  ffff888100ad2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.480082] >ffff888100ad2a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.480370]                                                           ^
[   12.480704]  ffff888100ad2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.480920]  ffff888100ad2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.481208] ==================================================================
[   12.524679] ==================================================================
[   12.525190] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   12.525526] Write of size 1 at addr ffff8881028860c9 by task kunit_try_catch/170
[   12.525862] 
[   12.525944] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.525982] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.525993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.526045] Call Trace:
[   12.526059]  <TASK>
[   12.526074]  dump_stack_lvl+0x73/0xb0
[   12.526099]  print_report+0xd1/0x650
[   12.526138]  ? __virt_addr_valid+0x1db/0x2d0
[   12.526159]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.526182]  ? kasan_addr_to_slab+0x11/0xa0
[   12.526201]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.526224]  kasan_report+0x140/0x180
[   12.526245]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.526272]  __asan_report_store1_noabort+0x1b/0x30
[   12.526295]  krealloc_less_oob_helper+0xd72/0x11d0
[   12.526336]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.526358]  ? finish_task_switch.isra.0+0x153/0x700
[   12.526395]  ? __switch_to+0x5d9/0xf60
[   12.526421]  ? __schedule+0xce8/0x2840
[   12.526442]  ? __pfx_read_tsc+0x10/0x10
[   12.526466]  krealloc_large_less_oob+0x1c/0x30
[   12.526487]  kunit_try_run_case+0x1a6/0x480
[   12.526510]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.526530]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.526553]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.526575]  ? __kthread_parkme+0x82/0x160
[   12.526596]  ? preempt_count_sub+0x50/0x80
[   12.526619]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.526641]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.526666]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.526691]  kthread+0x324/0x6e0
[   12.526712]  ? trace_preempt_on+0x20/0xc0
[   12.526734]  ? __pfx_kthread+0x10/0x10
[   12.526755]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.526776]  ? calculate_sigpending+0x7b/0xa0
[   12.526798]  ? __pfx_kthread+0x10/0x10
[   12.526820]  ret_from_fork+0x41/0x80
[   12.526838]  ? __pfx_kthread+0x10/0x10
[   12.526859]  ret_from_fork_asm+0x1a/0x30
[   12.526890]  </TASK>
[   12.526900] 
[   12.534379] The buggy address belongs to the physical page:
[   12.534657] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102884
[   12.535064] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.535346] flags: 0x200000000000040(head|node=0|zone=2)
[   12.535557] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.535807] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.536057] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.536388] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.536714] head: 0200000000000002 ffffea00040a2101 ffffffffffffffff 0000000000000000
[   12.537073] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.537291] page dumped because: kasan: bad access detected
[   12.537454] 
[   12.537562] Memory state around the buggy address:
[   12.537792]  ffff888102885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.538234]  ffff888102886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.538579] >ffff888102886080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.538889]                                               ^
[   12.539191]  ffff888102886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.539514]  ffff888102886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.539817] ==================================================================
[   12.381211] ==================================================================
[   12.381537] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   12.382108] Write of size 1 at addr ffff888100ad2ad0 by task kunit_try_catch/166
[   12.382415] 
[   12.382497] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.382534] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.382545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.382565] Call Trace:
[   12.382577]  <TASK>
[   12.382591]  dump_stack_lvl+0x73/0xb0
[   12.382616]  print_report+0xd1/0x650
[   12.382636]  ? __virt_addr_valid+0x1db/0x2d0
[   12.382658]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.382680]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.382704]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.382727]  kasan_report+0x140/0x180
[   12.382747]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.382775]  __asan_report_store1_noabort+0x1b/0x30
[   12.382851]  krealloc_less_oob_helper+0xe25/0x11d0
[   12.382877]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.382900]  ? finish_task_switch.isra.0+0x153/0x700
[   12.382922]  ? __switch_to+0x5d9/0xf60
[   12.382948]  ? __schedule+0xce8/0x2840
[   12.382970]  ? __pfx_read_tsc+0x10/0x10
[   12.382994]  krealloc_less_oob+0x1c/0x30
[   12.383014]  kunit_try_run_case+0x1a6/0x480
[   12.383049]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.383070]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.383093]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.383115]  ? __kthread_parkme+0x82/0x160
[   12.383136]  ? preempt_count_sub+0x50/0x80
[   12.383159]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.383181]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.383207]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.383232]  kthread+0x324/0x6e0
[   12.383252]  ? trace_preempt_on+0x20/0xc0
[   12.383275]  ? __pfx_kthread+0x10/0x10
[   12.383296]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.383318]  ? calculate_sigpending+0x7b/0xa0
[   12.383339]  ? __pfx_kthread+0x10/0x10
[   12.383361]  ret_from_fork+0x41/0x80
[   12.383379]  ? __pfx_kthread+0x10/0x10
[   12.383400]  ret_from_fork_asm+0x1a/0x30
[   12.383431]  </TASK>
[   12.383440] 
[   12.393302] Allocated by task 166:
[   12.393469]  kasan_save_stack+0x45/0x70
[   12.393930]  kasan_save_track+0x18/0x40
[   12.394107]  kasan_save_alloc_info+0x3b/0x50
[   12.394321]  __kasan_krealloc+0x190/0x1f0
[   12.394500]  krealloc_noprof+0xf3/0x340
[   12.395133]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.395352]  krealloc_less_oob+0x1c/0x30
[   12.395507]  kunit_try_run_case+0x1a6/0x480
[   12.395703]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.396163]  kthread+0x324/0x6e0
[   12.396327]  ret_from_fork+0x41/0x80
[   12.396487]  ret_from_fork_asm+0x1a/0x30
[   12.396912] 
[   12.397039] The buggy address belongs to the object at ffff888100ad2a00
[   12.397039]  which belongs to the cache kmalloc-256 of size 256
[   12.397556] The buggy address is located 7 bytes to the right of
[   12.397556]  allocated 201-byte region [ffff888100ad2a00, ffff888100ad2ac9)
[   12.398438] 
[   12.398526] The buggy address belongs to the physical page:
[   12.399126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ad2
[   12.399457] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.399915] flags: 0x200000000000040(head|node=0|zone=2)
[   12.400254] page_type: f5(slab)
[   12.400391] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.400903] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.401206] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.401628] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.401986] head: 0200000000000001 ffffea000402b481 ffffffffffffffff 0000000000000000
[   12.402327] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.402858] page dumped because: kasan: bad access detected
[   12.403195] 
[   12.403286] Memory state around the buggy address:
[   12.403464]  ffff888100ad2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.404086]  ffff888100ad2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.404367] >ffff888100ad2a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.404927]                                                  ^
[   12.405141]  ffff888100ad2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.405554]  ffff888100ad2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.406072] ==================================================================
[   12.572539] ==================================================================
[   12.572865] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   12.573380] Write of size 1 at addr ffff8881028860ea by task kunit_try_catch/170
[   12.573876] 
[   12.573953] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.573987] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.573998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.574303] Call Trace:
[   12.574325]  <TASK>
[   12.574341]  dump_stack_lvl+0x73/0xb0
[   12.574370]  print_report+0xd1/0x650
[   12.574392]  ? __virt_addr_valid+0x1db/0x2d0
[   12.574414]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.574470]  ? kasan_addr_to_slab+0x11/0xa0
[   12.574490]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.574525]  kasan_report+0x140/0x180
[   12.574559]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.574586]  __asan_report_store1_noabort+0x1b/0x30
[   12.574624]  krealloc_less_oob_helper+0xe92/0x11d0
[   12.574661]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.574683]  ? finish_task_switch.isra.0+0x153/0x700
[   12.574718]  ? __switch_to+0x5d9/0xf60
[   12.574756]  ? __schedule+0xce8/0x2840
[   12.574790]  ? __pfx_read_tsc+0x10/0x10
[   12.574813]  krealloc_large_less_oob+0x1c/0x30
[   12.574835]  kunit_try_run_case+0x1a6/0x480
[   12.574858]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574878]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.574900]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.574923]  ? __kthread_parkme+0x82/0x160
[   12.574944]  ? preempt_count_sub+0x50/0x80
[   12.574967]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574989]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.575014]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.575049]  kthread+0x324/0x6e0
[   12.575069]  ? trace_preempt_on+0x20/0xc0
[   12.575092]  ? __pfx_kthread+0x10/0x10
[   12.575113]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.575134]  ? calculate_sigpending+0x7b/0xa0
[   12.575155]  ? __pfx_kthread+0x10/0x10
[   12.575176]  ret_from_fork+0x41/0x80
[   12.575194]  ? __pfx_kthread+0x10/0x10
[   12.575215]  ret_from_fork_asm+0x1a/0x30
[   12.575246]  </TASK>
[   12.575256] 
[   12.585679] The buggy address belongs to the physical page:
[   12.585931] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102884
[   12.586450] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.586907] flags: 0x200000000000040(head|node=0|zone=2)
[   12.587266] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.587603] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.588046] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.588456] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.588937] head: 0200000000000002 ffffea00040a2101 ffffffffffffffff 0000000000000000
[   12.589372] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.589805] page dumped because: kasan: bad access detected
[   12.590097] 
[   12.590203] Memory state around the buggy address:
[   12.590449]  ffff888102885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.590986]  ffff888102886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.591301] >ffff888102886080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.591808]                                                           ^
[   12.592194]  ffff888102886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.592583]  ffff888102886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.592898] ==================================================================
[   12.406768] ==================================================================
[   12.407130] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   12.407457] Write of size 1 at addr ffff888100ad2ada by task kunit_try_catch/166
[   12.408468] 
[   12.408784] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.408834] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.408846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.408867] Call Trace:
[   12.408878]  <TASK>
[   12.408893]  dump_stack_lvl+0x73/0xb0
[   12.408920]  print_report+0xd1/0x650
[   12.408943]  ? __virt_addr_valid+0x1db/0x2d0
[   12.408965]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.408986]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.409011]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.409049]  kasan_report+0x140/0x180
[   12.409072]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.409100]  __asan_report_store1_noabort+0x1b/0x30
[   12.409123]  krealloc_less_oob_helper+0xec8/0x11d0
[   12.409147]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.409170]  ? finish_task_switch.isra.0+0x153/0x700
[   12.409192]  ? __switch_to+0x5d9/0xf60
[   12.409217]  ? __schedule+0xce8/0x2840
[   12.409238]  ? __pfx_read_tsc+0x10/0x10
[   12.409262]  krealloc_less_oob+0x1c/0x30
[   12.409282]  kunit_try_run_case+0x1a6/0x480
[   12.409304]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.409324]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.409346]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.409369]  ? __kthread_parkme+0x82/0x160
[   12.409390]  ? preempt_count_sub+0x50/0x80
[   12.409413]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.409434]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.409459]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.409484]  kthread+0x324/0x6e0
[   12.409505]  ? trace_preempt_on+0x20/0xc0
[   12.409527]  ? __pfx_kthread+0x10/0x10
[   12.409548]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.409569]  ? calculate_sigpending+0x7b/0xa0
[   12.409590]  ? __pfx_kthread+0x10/0x10
[   12.409612]  ret_from_fork+0x41/0x80
[   12.409630]  ? __pfx_kthread+0x10/0x10
[   12.409651]  ret_from_fork_asm+0x1a/0x30
[   12.409681]  </TASK>
[   12.409692] 
[   12.419325] Allocated by task 166:
[   12.419515]  kasan_save_stack+0x45/0x70
[   12.419693]  kasan_save_track+0x18/0x40
[   12.420625]  kasan_save_alloc_info+0x3b/0x50
[   12.420835]  __kasan_krealloc+0x190/0x1f0
[   12.420985]  krealloc_noprof+0xf3/0x340
[   12.421314]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.421574]  krealloc_less_oob+0x1c/0x30
[   12.421883]  kunit_try_run_case+0x1a6/0x480
[   12.422081]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.422414]  kthread+0x324/0x6e0
[   12.422718]  ret_from_fork+0x41/0x80
[   12.422862]  ret_from_fork_asm+0x1a/0x30
[   12.423180] 
[   12.423282] The buggy address belongs to the object at ffff888100ad2a00
[   12.423282]  which belongs to the cache kmalloc-256 of size 256
[   12.424264] The buggy address is located 17 bytes to the right of
[   12.424264]  allocated 201-byte region [ffff888100ad2a00, ffff888100ad2ac9)
[   12.424919] 
[   12.424998] The buggy address belongs to the physical page:
[   12.425269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ad2
[   12.425578] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.425900] flags: 0x200000000000040(head|node=0|zone=2)
[   12.426143] page_type: f5(slab)
[   12.426291] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.426575] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.426896] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.427761] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.428208] head: 0200000000000001 ffffea000402b481 ffffffffffffffff 0000000000000000
[   12.428518] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.429003] page dumped because: kasan: bad access detected
[   12.429342] 
[   12.429418] Memory state around the buggy address:
[   12.429640]  ffff888100ad2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.430239]  ffff888100ad2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.430907] >ffff888100ad2a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.431309]                                                     ^
[   12.431635]  ffff888100ad2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.432087]  ffff888100ad2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.432455] ==================================================================
[   12.351167] ==================================================================
[   12.351799] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd72/0x11d0
[   12.352182] Write of size 1 at addr ffff888100ad2ac9 by task kunit_try_catch/166
[   12.352477] 
[   12.352659] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.352699] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.352710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.352729] Call Trace:
[   12.352741]  <TASK>
[   12.352754]  dump_stack_lvl+0x73/0xb0
[   12.352778]  print_report+0xd1/0x650
[   12.352799]  ? __virt_addr_valid+0x1db/0x2d0
[   12.352821]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.352843]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.352868]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.352890]  kasan_report+0x140/0x180
[   12.352911]  ? krealloc_less_oob_helper+0xd72/0x11d0
[   12.352938]  __asan_report_store1_noabort+0x1b/0x30
[   12.352961]  krealloc_less_oob_helper+0xd72/0x11d0
[   12.352985]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.353008]  ? finish_task_switch.isra.0+0x153/0x700
[   12.353044]  ? __switch_to+0x5d9/0xf60
[   12.353071]  ? __schedule+0xce8/0x2840
[   12.353093]  ? __pfx_read_tsc+0x10/0x10
[   12.353117]  krealloc_less_oob+0x1c/0x30
[   12.353138]  kunit_try_run_case+0x1a6/0x480
[   12.353160]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.353180]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.353203]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.353225]  ? __kthread_parkme+0x82/0x160
[   12.353246]  ? preempt_count_sub+0x50/0x80
[   12.353270]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.353292]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.353316]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.353341]  kthread+0x324/0x6e0
[   12.353362]  ? trace_preempt_on+0x20/0xc0
[   12.353384]  ? __pfx_kthread+0x10/0x10
[   12.353405]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.353426]  ? calculate_sigpending+0x7b/0xa0
[   12.353448]  ? __pfx_kthread+0x10/0x10
[   12.353470]  ret_from_fork+0x41/0x80
[   12.353487]  ? __pfx_kthread+0x10/0x10
[   12.353509]  ret_from_fork_asm+0x1a/0x30
[   12.353539]  </TASK>
[   12.353550] 
[   12.362394] Allocated by task 166:
[   12.362538]  kasan_save_stack+0x45/0x70
[   12.365533]  kasan_save_track+0x18/0x40
[   12.367030]  kasan_save_alloc_info+0x3b/0x50
[   12.367696]  __kasan_krealloc+0x190/0x1f0
[   12.367972]  krealloc_noprof+0xf3/0x340
[   12.368391]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.368753]  krealloc_less_oob+0x1c/0x30
[   12.368944]  kunit_try_run_case+0x1a6/0x480
[   12.369297]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.369723]  kthread+0x324/0x6e0
[   12.369879]  ret_from_fork+0x41/0x80
[   12.370110]  ret_from_fork_asm+0x1a/0x30
[   12.370444] 
[   12.370537] The buggy address belongs to the object at ffff888100ad2a00
[   12.370537]  which belongs to the cache kmalloc-256 of size 256
[   12.371410] The buggy address is located 0 bytes to the right of
[   12.371410]  allocated 201-byte region [ffff888100ad2a00, ffff888100ad2ac9)
[   12.372456] 
[   12.372553] The buggy address belongs to the physical page:
[   12.372963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ad2
[   12.373425] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.373968] flags: 0x200000000000040(head|node=0|zone=2)
[   12.374392] page_type: f5(slab)
[   12.374535] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.375114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.375417] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.376095] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.376416] head: 0200000000000001 ffffea000402b481 ffffffffffffffff 0000000000000000
[   12.377055] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.377509] page dumped because: kasan: bad access detected
[   12.377851] 
[   12.377928] Memory state around the buggy address:
[   12.378365]  ffff888100ad2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.378915]  ffff888100ad2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.379245] >ffff888100ad2a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.379646]                                               ^
[   12.379946]  ffff888100ad2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.380271]  ffff888100ad2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.380567] ==================================================================
[   12.433112] ==================================================================
[   12.433684] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe92/0x11d0
[   12.434166] Write of size 1 at addr ffff888100ad2aea by task kunit_try_catch/166
[   12.434522] 
[   12.434711] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.434751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.434762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.434780] Call Trace:
[   12.434794]  <TASK>
[   12.434809]  dump_stack_lvl+0x73/0xb0
[   12.434833]  print_report+0xd1/0x650
[   12.435075]  ? __virt_addr_valid+0x1db/0x2d0
[   12.435104]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.435127]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.435152]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.435174]  kasan_report+0x140/0x180
[   12.435195]  ? krealloc_less_oob_helper+0xe92/0x11d0
[   12.435222]  __asan_report_store1_noabort+0x1b/0x30
[   12.435245]  krealloc_less_oob_helper+0xe92/0x11d0
[   12.435269]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.435291]  ? finish_task_switch.isra.0+0x153/0x700
[   12.435313]  ? __switch_to+0x5d9/0xf60
[   12.435338]  ? __schedule+0xce8/0x2840
[   12.435359]  ? __pfx_read_tsc+0x10/0x10
[   12.435383]  krealloc_less_oob+0x1c/0x30
[   12.435403]  kunit_try_run_case+0x1a6/0x480
[   12.435425]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.435445]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.435468]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.435491]  ? __kthread_parkme+0x82/0x160
[   12.435512]  ? preempt_count_sub+0x50/0x80
[   12.435535]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.435557]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.435582]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.435607]  kthread+0x324/0x6e0
[   12.435627]  ? trace_preempt_on+0x20/0xc0
[   12.435649]  ? __pfx_kthread+0x10/0x10
[   12.435671]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.435691]  ? calculate_sigpending+0x7b/0xa0
[   12.435712]  ? __pfx_kthread+0x10/0x10
[   12.435734]  ret_from_fork+0x41/0x80
[   12.435752]  ? __pfx_kthread+0x10/0x10
[   12.435773]  ret_from_fork_asm+0x1a/0x30
[   12.435804]  </TASK>
[   12.435813] 
[   12.445848] Allocated by task 166:
[   12.446111]  kasan_save_stack+0x45/0x70
[   12.446266]  kasan_save_track+0x18/0x40
[   12.446527]  kasan_save_alloc_info+0x3b/0x50
[   12.446944]  __kasan_krealloc+0x190/0x1f0
[   12.447117]  krealloc_noprof+0xf3/0x340
[   12.447451]  krealloc_less_oob_helper+0x1ab/0x11d0
[   12.447801]  krealloc_less_oob+0x1c/0x30
[   12.447972]  kunit_try_run_case+0x1a6/0x480
[   12.448312]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.448549]  kthread+0x324/0x6e0
[   12.448689]  ret_from_fork+0x41/0x80
[   12.448869]  ret_from_fork_asm+0x1a/0x30
[   12.449045] 
[   12.449146] The buggy address belongs to the object at ffff888100ad2a00
[   12.449146]  which belongs to the cache kmalloc-256 of size 256
[   12.449613] The buggy address is located 33 bytes to the right of
[   12.449613]  allocated 201-byte region [ffff888100ad2a00, ffff888100ad2ac9)
[   12.450730] 
[   12.450815] The buggy address belongs to the physical page:
[   12.451210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ad2
[   12.451596] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.452032] flags: 0x200000000000040(head|node=0|zone=2)
[   12.452276] page_type: f5(slab)
[   12.452428] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.452953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.453280] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.453777] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.454148] head: 0200000000000001 ffffea000402b481 ffffffffffffffff 0000000000000000
[   12.454515] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   12.454926] page dumped because: kasan: bad access detected
[   12.455164] 
[   12.455669] Memory state around the buggy address:
[   12.455839]  ffff888100ad2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.456336]  ffff888100ad2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.456768] >ffff888100ad2a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.457186]                                                           ^
[   12.457473]  ffff888100ad2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.458033]  ffff888100ad2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.458401] ==================================================================
[   12.556651] ==================================================================
[   12.556994] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec8/0x11d0
[   12.557506] Write of size 1 at addr ffff8881028860da by task kunit_try_catch/170
[   12.557881] 
[   12.558027] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.558065] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.558076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.558111] Call Trace:
[   12.558125]  <TASK>
[   12.558138]  dump_stack_lvl+0x73/0xb0
[   12.558163]  print_report+0xd1/0x650
[   12.558184]  ? __virt_addr_valid+0x1db/0x2d0
[   12.558206]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.558228]  ? kasan_addr_to_slab+0x11/0xa0
[   12.558247]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.558269]  kasan_report+0x140/0x180
[   12.558290]  ? krealloc_less_oob_helper+0xec8/0x11d0
[   12.558317]  __asan_report_store1_noabort+0x1b/0x30
[   12.558341]  krealloc_less_oob_helper+0xec8/0x11d0
[   12.558365]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.558388]  ? finish_task_switch.isra.0+0x153/0x700
[   12.558411]  ? __switch_to+0x5d9/0xf60
[   12.558435]  ? __schedule+0xce8/0x2840
[   12.558457]  ? __pfx_read_tsc+0x10/0x10
[   12.558481]  krealloc_large_less_oob+0x1c/0x30
[   12.558503]  kunit_try_run_case+0x1a6/0x480
[   12.558526]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.558547]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.558570]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.558592]  ? __kthread_parkme+0x82/0x160
[   12.558614]  ? preempt_count_sub+0x50/0x80
[   12.558637]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.558659]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.558684]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.558709]  kthread+0x324/0x6e0
[   12.558730]  ? trace_preempt_on+0x20/0xc0
[   12.558752]  ? __pfx_kthread+0x10/0x10
[   12.558773]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.558795]  ? calculate_sigpending+0x7b/0xa0
[   12.558815]  ? __pfx_kthread+0x10/0x10
[   12.558837]  ret_from_fork+0x41/0x80
[   12.558855]  ? __pfx_kthread+0x10/0x10
[   12.558876]  ret_from_fork_asm+0x1a/0x30
[   12.558908]  </TASK>
[   12.558918] 
[   12.566218] The buggy address belongs to the physical page:
[   12.566387] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102884
[   12.566617] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.567199] flags: 0x200000000000040(head|node=0|zone=2)
[   12.567478] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.567856] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.568245] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.568832] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.569192] head: 0200000000000002 ffffea00040a2101 ffffffffffffffff 0000000000000000
[   12.569556] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.569899] page dumped because: kasan: bad access detected
[   12.570156] 
[   12.570272] Memory state around the buggy address:
[   12.570494]  ffff888102885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.570806]  ffff888102886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.571104] >ffff888102886080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.571404]                                                     ^
[   12.571719]  ffff888102886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.571959]  ffff888102886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.572181] ==================================================================
[   12.540353] ==================================================================
[   12.541067] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe25/0x11d0
[   12.541382] Write of size 1 at addr ffff8881028860d0 by task kunit_try_catch/170
[   12.541643] 
[   12.541807] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.14.10-rc1 #1
[   12.541843] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.541854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.541872] Call Trace:
[   12.541905]  <TASK>
[   12.541917]  dump_stack_lvl+0x73/0xb0
[   12.541954]  print_report+0xd1/0x650
[   12.541988]  ? __virt_addr_valid+0x1db/0x2d0
[   12.542010]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.542056]  ? kasan_addr_to_slab+0x11/0xa0
[   12.542075]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.542098]  kasan_report+0x140/0x180
[   12.542133]  ? krealloc_less_oob_helper+0xe25/0x11d0
[   12.542173]  __asan_report_store1_noabort+0x1b/0x30
[   12.542209]  krealloc_less_oob_helper+0xe25/0x11d0
[   12.542234]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.542256]  ? finish_task_switch.isra.0+0x153/0x700
[   12.542278]  ? __switch_to+0x5d9/0xf60
[   12.542303]  ? __schedule+0xce8/0x2840
[   12.542325]  ? __pfx_read_tsc+0x10/0x10
[   12.542348]  krealloc_large_less_oob+0x1c/0x30
[   12.542370]  kunit_try_run_case+0x1a6/0x480
[   12.542392]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.542412]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.542434]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.542457]  ? __kthread_parkme+0x82/0x160
[   12.542478]  ? preempt_count_sub+0x50/0x80
[   12.542501]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.542523]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.542548]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.542573]  kthread+0x324/0x6e0
[   12.542593]  ? trace_preempt_on+0x20/0xc0
[   12.542615]  ? __pfx_kthread+0x10/0x10
[   12.542637]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.542674]  ? calculate_sigpending+0x7b/0xa0
[   12.542708]  ? __pfx_kthread+0x10/0x10
[   12.542730]  ret_from_fork+0x41/0x80
[   12.542748]  ? __pfx_kthread+0x10/0x10
[   12.542769]  ret_from_fork_asm+0x1a/0x30
[   12.542799]  </TASK>
[   12.542809] 
[   12.550153] The buggy address belongs to the physical page:
[   12.550380] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102884
[   12.550760] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.551092] flags: 0x200000000000040(head|node=0|zone=2)
[   12.551338] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.551659] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.551950] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.552286] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   12.552610] head: 0200000000000002 ffffea00040a2101 ffffffffffffffff 0000000000000000
[   12.552962] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   12.553256] page dumped because: kasan: bad access detected
[   12.553501] 
[   12.553621] Memory state around the buggy address:
[   12.553785]  ffff888102885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.554110]  ffff888102886000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.554425] >ffff888102886080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.554763]                                                  ^
[   12.555001]  ffff888102886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.555302]  ffff888102886180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.555596] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xxIrjnY3qrEVj7fL32ZBFnpdUJ

job_id

TEST:linaro@lkft#2xxIxn9sGUCjhYDADrJyFeeOXJo

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xxIxn9sGUCjhYDADrJyFeeOXJo

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxItzMuImjAiaUtl4SAGohS14v/bzImage
sha256sum	a377c082a32d4d46ee2b75abc46da75add70fe012212fc2b65618c407015869d

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xxItzMuImjAiaUtl4SAGohS14v/modules.tar.xz
sha256sum	7b365c5d60d997915f8a000edaa45aecbf60745fa7ace2e9d3d5e4c844fd9dc8

durations

tests

boot	0
kunit	193.97

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit