lkft/linux-mainline-master - v6.15-rc3-8-ga33b5a08cbbd - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

April 22, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64
rk3399-rock-pi-4b

[   17.607441] ==================================================================
[   17.607633] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.607733] Write of size 1 at addr fff00000c79d60da by task kunit_try_catch/164
[   17.608262] 
[   17.608344] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.608610] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.608679] Hardware name: linux,dummy-virt (DT)
[   17.608830] Call trace:
[   17.608893]  show_stack+0x20/0x38 (C)
[   17.609366]  dump_stack_lvl+0x8c/0xd0
[   17.609657]  print_report+0x118/0x608
[   17.609868]  kasan_report+0xdc/0x128
[   17.609970]  __asan_report_store1_noabort+0x20/0x30
[   17.610285]  krealloc_less_oob_helper+0xa80/0xc50
[   17.610620]  krealloc_large_less_oob+0x20/0x38
[   17.610815]  kunit_try_run_case+0x170/0x3f0
[   17.611004]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.611122]  kthread+0x328/0x630
[   17.611222]  ret_from_fork+0x10/0x20
[   17.611793] 
[   17.611870] The buggy address belongs to the physical page:
[   17.611953] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079d4
[   17.612162] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.612264] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.612621] page_type: f8(unknown)
[   17.612869] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.613010] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.613403] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.613954] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.614204] head: 0bfffe0000000002 ffffc1ffc31e7501 00000000ffffffff 00000000ffffffff
[   17.614323] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.614432] page dumped because: kasan: bad access detected
[   17.614510] 
[   17.614560] Memory state around the buggy address:
[   17.614633]  fff00000c79d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.614730]  fff00000c79d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.614903] >fff00000c79d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.615024]                                                     ^
[   17.615108]  fff00000c79d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.615208]  fff00000c79d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.615919] ==================================================================
[   17.532312] ==================================================================
[   17.532417] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.532524] Write of size 1 at addr fff00000c47146eb by task kunit_try_catch/160
[   17.532682] 
[   17.532751] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.532920] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.532988] Hardware name: linux,dummy-virt (DT)
[   17.533062] Call trace:
[   17.533109]  show_stack+0x20/0x38 (C)
[   17.533201]  dump_stack_lvl+0x8c/0xd0
[   17.533352]  print_report+0x118/0x608
[   17.533439]  kasan_report+0xdc/0x128
[   17.533553]  __asan_report_store1_noabort+0x20/0x30
[   17.533657]  krealloc_less_oob_helper+0xa58/0xc50
[   17.533762]  krealloc_less_oob+0x20/0x38
[   17.533851]  kunit_try_run_case+0x170/0x3f0
[   17.533951]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.534060]  kthread+0x328/0x630
[   17.534148]  ret_from_fork+0x10/0x20
[   17.534767] 
[   17.534815] Allocated by task 160:
[   17.535000]  kasan_save_stack+0x3c/0x68
[   17.536598]  kasan_save_track+0x20/0x40
[   17.536725]  kasan_save_alloc_info+0x40/0x58
[   17.536993]  __kasan_krealloc+0x118/0x178
[   17.537080]  krealloc_noprof+0x128/0x360
[   17.537223]  krealloc_less_oob_helper+0x168/0xc50
[   17.537323]  krealloc_less_oob+0x20/0x38
[   17.537404]  kunit_try_run_case+0x170/0x3f0
[   17.537684]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.538042]  kthread+0x328/0x630
[   17.538167]  ret_from_fork+0x10/0x20
[   17.538252] 
[   17.538297] The buggy address belongs to the object at fff00000c4714600
[   17.538297]  which belongs to the cache kmalloc-256 of size 256
[   17.538431] The buggy address is located 34 bytes to the right of
[   17.538431]  allocated 201-byte region [fff00000c4714600, fff00000c47146c9)
[   17.538586] 
[   17.538634] The buggy address belongs to the physical page:
[   17.539014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104714
[   17.539164] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.539484] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.539884] page_type: f5(slab)
[   17.540018] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.540309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.540438] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.540655] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.540922] head: 0bfffe0000000001 ffffc1ffc311c501 00000000ffffffff 00000000ffffffff
[   17.541038] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.541404] page dumped because: kasan: bad access detected
[   17.541664] 
[   17.541731] Memory state around the buggy address:
[   17.541819]  fff00000c4714580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.541924]  fff00000c4714600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.542023] >fff00000c4714680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.542111]                                                           ^
[   17.542200]  fff00000c4714700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.543044]  fff00000c4714780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.543171] ==================================================================
[   17.503231] ==================================================================
[   17.503787] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.504050] Write of size 1 at addr fff00000c47146d0 by task kunit_try_catch/160
[   17.504179] 
[   17.504322] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.504701] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.504800] Hardware name: linux,dummy-virt (DT)
[   17.504867] Call trace:
[   17.505068]  show_stack+0x20/0x38 (C)
[   17.505283]  dump_stack_lvl+0x8c/0xd0
[   17.505402]  print_report+0x118/0x608
[   17.505514]  kasan_report+0xdc/0x128
[   17.505627]  __asan_report_store1_noabort+0x20/0x30
[   17.505745]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.505863]  krealloc_less_oob+0x20/0x38
[   17.505971]  kunit_try_run_case+0x170/0x3f0
[   17.506080]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.506203]  kthread+0x328/0x630
[   17.506310]  ret_from_fork+0x10/0x20
[   17.506439] 
[   17.506491] Allocated by task 160:
[   17.506577]  kasan_save_stack+0x3c/0x68
[   17.506684]  kasan_save_track+0x20/0x40
[   17.506774]  kasan_save_alloc_info+0x40/0x58
[   17.506861]  __kasan_krealloc+0x118/0x178
[   17.506939]  krealloc_noprof+0x128/0x360
[   17.507039]  krealloc_less_oob_helper+0x168/0xc50
[   17.507143]  krealloc_less_oob+0x20/0x38
[   17.507230]  kunit_try_run_case+0x170/0x3f0
[   17.507349]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.507440]  kthread+0x328/0x630
[   17.507521]  ret_from_fork+0x10/0x20
[   17.507613] 
[   17.507658] The buggy address belongs to the object at fff00000c4714600
[   17.507658]  which belongs to the cache kmalloc-256 of size 256
[   17.508227] The buggy address is located 7 bytes to the right of
[   17.508227]  allocated 201-byte region [fff00000c4714600, fff00000c47146c9)
[   17.508357] 
[   17.508398] The buggy address belongs to the physical page:
[   17.508461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104714
[   17.508818] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.508959] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.509081] page_type: f5(slab)
[   17.509182] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.509347] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.509511] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.509670] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.509785] head: 0bfffe0000000001 ffffc1ffc311c501 00000000ffffffff 00000000ffffffff
[   17.509896] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.509988] page dumped because: kasan: bad access detected
[   17.510056] 
[   17.510098] Memory state around the buggy address:
[   17.510169]  fff00000c4714580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.510270]  fff00000c4714600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.510378] >fff00000c4714680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.510515]                                                  ^
[   17.510954]  fff00000c4714700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.511164]  fff00000c4714780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.511255] ==================================================================
[   17.632258] ==================================================================
[   17.632820] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.633059] Write of size 1 at addr fff00000c79d60eb by task kunit_try_catch/164
[   17.633597] 
[   17.633671] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.633844] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.633902] Hardware name: linux,dummy-virt (DT)
[   17.633968] Call trace:
[   17.634042]  show_stack+0x20/0x38 (C)
[   17.634168]  dump_stack_lvl+0x8c/0xd0
[   17.634274]  print_report+0x118/0x608
[   17.634377]  kasan_report+0xdc/0x128
[   17.634477]  __asan_report_store1_noabort+0x20/0x30
[   17.634957]  krealloc_less_oob_helper+0xa58/0xc50
[   17.635220]  krealloc_large_less_oob+0x20/0x38
[   17.635346]  kunit_try_run_case+0x170/0x3f0
[   17.635454]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.635579]  kthread+0x328/0x630
[   17.635673]  ret_from_fork+0x10/0x20
[   17.635770] 
[   17.635810] The buggy address belongs to the physical page:
[   17.635869] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079d4
[   17.636207] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.636347] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.636517] page_type: f8(unknown)
[   17.636633] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.636811] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.636941] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.637048] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.637139] head: 0bfffe0000000002 ffffc1ffc31e7501 00000000ffffffff 00000000ffffffff
[   17.637251] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.637341] page dumped because: kasan: bad access detected
[   17.637407] 
[   17.637443] Memory state around the buggy address:
[   17.637519]  fff00000c79d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.637631]  fff00000c79d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.637700] >fff00000c79d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.637739]                                                           ^
[   17.637779]  fff00000c79d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.637837]  fff00000c79d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.637910] ==================================================================
[   17.596373] ==================================================================
[   17.596470] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.597362] Write of size 1 at addr fff00000c79d60d0 by task kunit_try_catch/164
[   17.597575] 
[   17.597840] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.598217] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.598289] Hardware name: linux,dummy-virt (DT)
[   17.598361] Call trace:
[   17.598408]  show_stack+0x20/0x38 (C)
[   17.598522]  dump_stack_lvl+0x8c/0xd0
[   17.598641]  print_report+0x118/0x608
[   17.599186]  kasan_report+0xdc/0x128
[   17.599654]  __asan_report_store1_noabort+0x20/0x30
[   17.599957]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.600148]  krealloc_large_less_oob+0x20/0x38
[   17.600253]  kunit_try_run_case+0x170/0x3f0
[   17.600349]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.600446]  kthread+0x328/0x630
[   17.600548]  ret_from_fork+0x10/0x20
[   17.601295] 
[   17.601433] The buggy address belongs to the physical page:
[   17.601729] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079d4
[   17.601856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.602071] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.602199] page_type: f8(unknown)
[   17.602503] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.602670] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.603100] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.603330] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.603463] head: 0bfffe0000000002 ffffc1ffc31e7501 00000000ffffffff 00000000ffffffff
[   17.603656] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.603931] page dumped because: kasan: bad access detected
[   17.604003] 
[   17.604041] Memory state around the buggy address:
[   17.604400]  fff00000c79d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.604569]  fff00000c79d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.604748] >fff00000c79d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.604956]                                                  ^
[   17.605038]  fff00000c79d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.605343]  fff00000c79d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.605540] ==================================================================
[   17.582686] ==================================================================
[   17.582803] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.582912] Write of size 1 at addr fff00000c79d60c9 by task kunit_try_catch/164
[   17.583063] 
[   17.583159] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.583458] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.583523] Hardware name: linux,dummy-virt (DT)
[   17.583874] Call trace:
[   17.584170]  show_stack+0x20/0x38 (C)
[   17.584292]  dump_stack_lvl+0x8c/0xd0
[   17.584427]  print_report+0x118/0x608
[   17.584766]  kasan_report+0xdc/0x128
[   17.585033]  __asan_report_store1_noabort+0x20/0x30
[   17.585324]  krealloc_less_oob_helper+0xa48/0xc50
[   17.585497]  krealloc_large_less_oob+0x20/0x38
[   17.586006]  kunit_try_run_case+0x170/0x3f0
[   17.586306]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.586662]  kthread+0x328/0x630
[   17.586891]  ret_from_fork+0x10/0x20
[   17.586997] 
[   17.587363] The buggy address belongs to the physical page:
[   17.587459] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079d4
[   17.587615] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.587718] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.588183] page_type: f8(unknown)
[   17.588352] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.588470] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.588819] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.589228] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.589357] head: 0bfffe0000000002 ffffc1ffc31e7501 00000000ffffffff 00000000ffffffff
[   17.589829] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.590033] page dumped because: kasan: bad access detected
[   17.590371] 
[   17.590421] Memory state around the buggy address:
[   17.590492]  fff00000c79d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.590967]  fff00000c79d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.591334] >fff00000c79d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.591444]                                               ^
[   17.591528]  fff00000c79d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.591644]  fff00000c79d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.591741] ==================================================================
[   17.617832] ==================================================================
[   17.618324] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.618441] Write of size 1 at addr fff00000c79d60ea by task kunit_try_catch/164
[   17.618573] 
[   17.618640] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.618812] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.618874] Hardware name: linux,dummy-virt (DT)
[   17.619249] Call trace:
[   17.619395]  show_stack+0x20/0x38 (C)
[   17.619522]  dump_stack_lvl+0x8c/0xd0
[   17.620131]  print_report+0x118/0x608
[   17.620374]  kasan_report+0xdc/0x128
[   17.620488]  __asan_report_store1_noabort+0x20/0x30
[   17.620739]  krealloc_less_oob_helper+0xae4/0xc50
[   17.621193]  krealloc_large_less_oob+0x20/0x38
[   17.622073]  kunit_try_run_case+0x170/0x3f0
[   17.622260]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.622873]  kthread+0x328/0x630
[   17.622991]  ret_from_fork+0x10/0x20
[   17.623112] 
[   17.623166] The buggy address belongs to the physical page:
[   17.623238] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1079d4
[   17.623353] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.623784] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.623915] page_type: f8(unknown)
[   17.624605] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.624998] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.625153] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.625263] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.625866] head: 0bfffe0000000002 ffffc1ffc31e7501 00000000ffffffff 00000000ffffffff
[   17.626158] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.626278] page dumped because: kasan: bad access detected
[   17.626390] 
[   17.626437] Memory state around the buggy address:
[   17.626752]  fff00000c79d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.627013]  fff00000c79d6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.627159] >fff00000c79d6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.627239]                                                           ^
[   17.627502]  fff00000c79d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.627754]  fff00000c79d6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.628179] ==================================================================
[   17.486757] ==================================================================
[   17.486888] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.487009] Write of size 1 at addr fff00000c47146c9 by task kunit_try_catch/160
[   17.487120] 
[   17.487201] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.487400] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.487457] Hardware name: linux,dummy-virt (DT)
[   17.487653] Call trace:
[   17.487716]  show_stack+0x20/0x38 (C)
[   17.487829]  dump_stack_lvl+0x8c/0xd0
[   17.487945]  print_report+0x118/0x608
[   17.488256]  kasan_report+0xdc/0x128
[   17.488363]  __asan_report_store1_noabort+0x20/0x30
[   17.488472]  krealloc_less_oob_helper+0xa48/0xc50
[   17.488598]  krealloc_less_oob+0x20/0x38
[   17.488696]  kunit_try_run_case+0x170/0x3f0
[   17.488857]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.489097]  kthread+0x328/0x630
[   17.489256]  ret_from_fork+0x10/0x20
[   17.489438] 
[   17.489519] Allocated by task 160:
[   17.489593]  kasan_save_stack+0x3c/0x68
[   17.489683]  kasan_save_track+0x20/0x40
[   17.489757]  kasan_save_alloc_info+0x40/0x58
[   17.489840]  __kasan_krealloc+0x118/0x178
[   17.489921]  krealloc_noprof+0x128/0x360
[   17.490009]  krealloc_less_oob_helper+0x168/0xc50
[   17.490094]  krealloc_less_oob+0x20/0x38
[   17.490276]  kunit_try_run_case+0x170/0x3f0
[   17.490360]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.490452]  kthread+0x328/0x630
[   17.490523]  ret_from_fork+0x10/0x20
[   17.490611] 
[   17.490652] The buggy address belongs to the object at fff00000c4714600
[   17.490652]  which belongs to the cache kmalloc-256 of size 256
[   17.490852] The buggy address is located 0 bytes to the right of
[   17.490852]  allocated 201-byte region [fff00000c4714600, fff00000c47146c9)
[   17.491079] 
[   17.491154] The buggy address belongs to the physical page:
[   17.491235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104714
[   17.491419] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.491702] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.492059] page_type: f5(slab)
[   17.492182] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.492401] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.492844] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.493131] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.493713] head: 0bfffe0000000001 ffffc1ffc311c501 00000000ffffffff 00000000ffffffff
[   17.493837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.494364] page dumped because: kasan: bad access detected
[   17.494569] 
[   17.494608] Memory state around the buggy address:
[   17.495008]  fff00000c4714580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.495123]  fff00000c4714600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.495740] >fff00000c4714680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.496055]                                               ^
[   17.496135]  fff00000c4714700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.496415]  fff00000c4714780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.496669] ==================================================================
[   17.521301] ==================================================================
[   17.521404] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.521544] Write of size 1 at addr fff00000c47146ea by task kunit_try_catch/160
[   17.521657] 
[   17.521721] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.521873] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.521928] Hardware name: linux,dummy-virt (DT)
[   17.521991] Call trace:
[   17.522035]  show_stack+0x20/0x38 (C)
[   17.522135]  dump_stack_lvl+0x8c/0xd0
[   17.522228]  print_report+0x118/0x608
[   17.522323]  kasan_report+0xdc/0x128
[   17.522410]  __asan_report_store1_noabort+0x20/0x30
[   17.522509]  krealloc_less_oob_helper+0xae4/0xc50
[   17.522629]  krealloc_less_oob+0x20/0x38
[   17.522728]  kunit_try_run_case+0x170/0x3f0
[   17.522816]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.522908]  kthread+0x328/0x630
[   17.522999]  ret_from_fork+0x10/0x20
[   17.523613] 
[   17.523664] Allocated by task 160:
[   17.523717]  kasan_save_stack+0x3c/0x68
[   17.523792]  kasan_save_track+0x20/0x40
[   17.523850]  kasan_save_alloc_info+0x40/0x58
[   17.523912]  __kasan_krealloc+0x118/0x178
[   17.523973]  krealloc_noprof+0x128/0x360
[   17.524040]  krealloc_less_oob_helper+0x168/0xc50
[   17.524116]  krealloc_less_oob+0x20/0x38
[   17.524188]  kunit_try_run_case+0x170/0x3f0
[   17.524259]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.524336]  kthread+0x328/0x630
[   17.524401]  ret_from_fork+0x10/0x20
[   17.524455] 
[   17.524486] The buggy address belongs to the object at fff00000c4714600
[   17.524486]  which belongs to the cache kmalloc-256 of size 256
[   17.524598] The buggy address is located 33 bytes to the right of
[   17.524598]  allocated 201-byte region [fff00000c4714600, fff00000c47146c9)
[   17.524743] 
[   17.524829] The buggy address belongs to the physical page:
[   17.524887] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104714
[   17.525644] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.525773] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.525875] page_type: f5(slab)
[   17.525944] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.526300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.526427] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.526769] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.527469] head: 0bfffe0000000001 ffffc1ffc311c501 00000000ffffffff 00000000ffffffff
[   17.527926] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.528188] page dumped because: kasan: bad access detected
[   17.528388] 
[   17.528494] Memory state around the buggy address:
[   17.528645]  fff00000c4714580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.528742]  fff00000c4714600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.529172] >fff00000c4714680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.529412]                                                           ^
[   17.529885]  fff00000c4714700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.530009]  fff00000c4714780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.530719] ==================================================================
[   17.513058] ==================================================================
[   17.513170] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.513279] Write of size 1 at addr fff00000c47146da by task kunit_try_catch/160
[   17.513396] 
[   17.513480] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   17.514007] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.514547] Hardware name: linux,dummy-virt (DT)
[   17.514716] Call trace:
[   17.514785]  show_stack+0x20/0x38 (C)
[   17.514962]  dump_stack_lvl+0x8c/0xd0
[   17.515289]  print_report+0x118/0x608
[   17.515478]  kasan_report+0xdc/0x128
[   17.515614]  __asan_report_store1_noabort+0x20/0x30
[   17.515910]  krealloc_less_oob_helper+0xa80/0xc50
[   17.516009]  krealloc_less_oob+0x20/0x38
[   17.516091]  kunit_try_run_case+0x170/0x3f0
[   17.516188]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.516293]  kthread+0x328/0x630
[   17.516550]  ret_from_fork+0x10/0x20
[   17.516648] 
[   17.516685] Allocated by task 160:
[   17.516743]  kasan_save_stack+0x3c/0x68
[   17.516829]  kasan_save_track+0x20/0x40
[   17.516897]  kasan_save_alloc_info+0x40/0x58
[   17.516974]  __kasan_krealloc+0x118/0x178
[   17.517046]  krealloc_noprof+0x128/0x360
[   17.517161]  krealloc_less_oob_helper+0x168/0xc50
[   17.517241]  krealloc_less_oob+0x20/0x38
[   17.517304]  kunit_try_run_case+0x170/0x3f0
[   17.517380]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.517456]  kthread+0x328/0x630
[   17.517549]  ret_from_fork+0x10/0x20
[   17.517625] 
[   17.517659] The buggy address belongs to the object at fff00000c4714600
[   17.517659]  which belongs to the cache kmalloc-256 of size 256
[   17.517766] The buggy address is located 17 bytes to the right of
[   17.517766]  allocated 201-byte region [fff00000c4714600, fff00000c47146c9)
[   17.518419] 
[   17.518488] The buggy address belongs to the physical page:
[   17.518572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104714
[   17.518663] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.518743] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.518836] page_type: f5(slab)
[   17.518907] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.519005] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.519097] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.519191] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.519321] head: 0bfffe0000000001 ffffc1ffc311c501 00000000ffffffff 00000000ffffffff
[   17.519416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.519491] page dumped because: kasan: bad access detected
[   17.519562] 
[   17.519597] Memory state around the buggy address:
[   17.519658]  fff00000c4714580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.519743]  fff00000c4714600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.519817] >fff00000c4714680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.519879]                                                     ^
[   17.519942]  fff00000c4714700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.520023]  fff00000c4714780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.520100] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2w58bPRPTycbz1vmAdBLBc0aa6B

job_id

TEST:linaro@lkft#2w58fxq4bKj9vp73CIYpItcyxn6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w58fxq4bKj9vp73CIYpItcyxn6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58cme5gejaHmq4RPVvp3S5u7p/Image.gz
sha256sum	4b4388c6f3ff4d9d5f37e24b5dd96bcea12d5773962644bca64d76518d1261ab

rootfs

url	https://storage.tuxboot.com/debian/trixie/arm64/rootfs.ext4.xz
sha256sum	6e7d093e93027c909f889e69aec109c9a1b0ec1ca5f1beffa4bce78be31bff20

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58cme5gejaHmq4RPVvp3S5u7p/modules.tar.xz
sha256sum	ea868b19cf381ec631b74a7beed07667a57ebf8839290b6192a6a06165583a43

durations

tests

boot	0
kunit	115.30

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   17.625423] ==================================================================
[   17.626429] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   17.626973] Write of size 1 at addr ffff888103b8e0c9 by task kunit_try_catch/182
[   17.627467] 
[   17.627940] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.628058] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.628094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.628152] Call Trace:
[   17.628191]  <TASK>
[   17.628238]  dump_stack_lvl+0x73/0xb0
[   17.628320]  print_report+0xd1/0x650
[   17.628394]  ? __virt_addr_valid+0x1db/0x2d0
[   17.628470]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.628599]  ? kasan_addr_to_slab+0x11/0xa0
[   17.628675]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.628887]  kasan_report+0x141/0x180
[   17.628970]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.629062]  __asan_report_store1_noabort+0x1b/0x30
[   17.629122]  krealloc_less_oob_helper+0xd70/0x11d0
[   17.629165]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.629202]  ? finish_task_switch.isra.0+0x153/0x700
[   17.629238]  ? __switch_to+0x5d9/0xf60
[   17.629268]  ? dequeue_task_fair+0x166/0x4e0
[   17.629304]  ? __schedule+0x10cc/0x2b30
[   17.629338]  ? __pfx_read_tsc+0x10/0x10
[   17.629372]  krealloc_large_less_oob+0x1c/0x30
[   17.629406]  kunit_try_run_case+0x1a5/0x480
[   17.629540]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.629598]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.629636]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.629670]  ? __kthread_parkme+0x82/0x180
[   17.629701]  ? preempt_count_sub+0x50/0x80
[   17.629734]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.629765]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.629796]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.629826]  kthread+0x337/0x6f0
[   17.629855]  ? trace_preempt_on+0x20/0xc0
[   17.629888]  ? __pfx_kthread+0x10/0x10
[   17.629918]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.629947]  ? calculate_sigpending+0x7b/0xa0
[   17.629976]  ? __pfx_kthread+0x10/0x10
[   17.630007]  ret_from_fork+0x41/0x80
[   17.630036]  ? __pfx_kthread+0x10/0x10
[   17.630066]  ret_from_fork_asm+0x1a/0x30
[   17.630108]  </TASK>
[   17.630124] 
[   17.648078] The buggy address belongs to the physical page:
[   17.648793] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b8c
[   17.649394] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.650331] flags: 0x200000000000040(head|node=0|zone=2)
[   17.651016] page_type: f8(unknown)
[   17.651432] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.652106] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.652959] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.653766] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.654466] head: 0200000000000002 ffffea00040ee301 00000000ffffffff 00000000ffffffff
[   17.655234] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.656054] page dumped because: kasan: bad access detected
[   17.656672] 
[   17.656908] Memory state around the buggy address:
[   17.657403]  ffff888103b8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.658193]  ffff888103b8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.658936] >ffff888103b8e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.659746]                                               ^
[   17.660218]  ffff888103b8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.660967]  ffff888103b8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.661609] ==================================================================
[   17.468866] ==================================================================
[   17.469416] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   17.470728] Write of size 1 at addr ffff888100aaeeeb by task kunit_try_catch/178
[   17.471277] 
[   17.471693] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.471819] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.471857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.471911] Call Trace:
[   17.471963]  <TASK>
[   17.472012]  dump_stack_lvl+0x73/0xb0
[   17.472088]  print_report+0xd1/0x650
[   17.472158]  ? __virt_addr_valid+0x1db/0x2d0
[   17.472227]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.472299]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.472369]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.472596]  kasan_report+0x141/0x180
[   17.472679]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.472767]  __asan_report_store1_noabort+0x1b/0x30
[   17.472841]  krealloc_less_oob_helper+0xd47/0x11d0
[   17.472928]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.473005]  ? finish_task_switch.isra.0+0x153/0x700
[   17.473073]  ? __switch_to+0x5d9/0xf60
[   17.473121]  ? dequeue_task_fair+0x166/0x4e0
[   17.473158]  ? __schedule+0x10cc/0x2b30
[   17.473192]  ? __pfx_read_tsc+0x10/0x10
[   17.473224]  krealloc_less_oob+0x1c/0x30
[   17.473255]  kunit_try_run_case+0x1a5/0x480
[   17.473287]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.473316]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.473349]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.473381]  ? __kthread_parkme+0x82/0x180
[   17.473410]  ? preempt_count_sub+0x50/0x80
[   17.473441]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.473473]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.473547]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.473954]  kthread+0x337/0x6f0
[   17.473988]  ? trace_preempt_on+0x20/0xc0
[   17.474021]  ? __pfx_kthread+0x10/0x10
[   17.474051]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.474082]  ? calculate_sigpending+0x7b/0xa0
[   17.474111]  ? __pfx_kthread+0x10/0x10
[   17.474141]  ret_from_fork+0x41/0x80
[   17.474169]  ? __pfx_kthread+0x10/0x10
[   17.474198]  ret_from_fork_asm+0x1a/0x30
[   17.474239]  </TASK>
[   17.474252] 
[   17.495958] Allocated by task 178:
[   17.496262]  kasan_save_stack+0x45/0x70
[   17.497031]  kasan_save_track+0x18/0x40
[   17.497414]  kasan_save_alloc_info+0x3b/0x50
[   17.498512]  __kasan_krealloc+0x190/0x1f0
[   17.499234]  krealloc_noprof+0xf3/0x340
[   17.499878]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.500252]  krealloc_less_oob+0x1c/0x30
[   17.501196]  kunit_try_run_case+0x1a5/0x480
[   17.501484]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.501985]  kthread+0x337/0x6f0
[   17.502666]  ret_from_fork+0x41/0x80
[   17.503985]  ret_from_fork_asm+0x1a/0x30
[   17.504329] 
[   17.504565] The buggy address belongs to the object at ffff888100aaee00
[   17.504565]  which belongs to the cache kmalloc-256 of size 256
[   17.506557] The buggy address is located 34 bytes to the right of
[   17.506557]  allocated 201-byte region [ffff888100aaee00, ffff888100aaeec9)
[   17.507404] 
[   17.508084] The buggy address belongs to the physical page:
[   17.508865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   17.509662] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.510235] flags: 0x200000000000040(head|node=0|zone=2)
[   17.510723] page_type: f5(slab)
[   17.511113] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.512731] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.513593] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.514390] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.515032] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   17.515709] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.516415] page dumped because: kasan: bad access detected
[   17.517206] 
[   17.517417] Memory state around the buggy address:
[   17.517925]  ffff888100aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.518547]  ffff888100aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.519334] >ffff888100aaee80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.520047]                                                           ^
[   17.520570]  ffff888100aaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.521861]  ffff888100aaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.522333] ==================================================================
[   17.417954] ==================================================================
[   17.418743] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   17.419867] Write of size 1 at addr ffff888100aaeeea by task kunit_try_catch/178
[   17.420441] 
[   17.420752] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.420873] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.420908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.420962] Call Trace:
[   17.421001]  <TASK>
[   17.421049]  dump_stack_lvl+0x73/0xb0
[   17.421129]  print_report+0xd1/0x650
[   17.421206]  ? __virt_addr_valid+0x1db/0x2d0
[   17.421275]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.421346]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.421417]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.421494]  kasan_report+0x141/0x180
[   17.421596]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.421920]  __asan_report_store1_noabort+0x1b/0x30
[   17.421963]  krealloc_less_oob_helper+0xe90/0x11d0
[   17.422002]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.422037]  ? finish_task_switch.isra.0+0x153/0x700
[   17.422068]  ? __switch_to+0x5d9/0xf60
[   17.422094]  ? dequeue_task_fair+0x166/0x4e0
[   17.422127]  ? __schedule+0x10cc/0x2b30
[   17.422158]  ? __pfx_read_tsc+0x10/0x10
[   17.422189]  krealloc_less_oob+0x1c/0x30
[   17.422219]  kunit_try_run_case+0x1a5/0x480
[   17.422250]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.422279]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.422311]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.422342]  ? __kthread_parkme+0x82/0x180
[   17.422371]  ? preempt_count_sub+0x50/0x80
[   17.422403]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.422444]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.422585]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.422625]  kthread+0x337/0x6f0
[   17.422657]  ? trace_preempt_on+0x20/0xc0
[   17.422690]  ? __pfx_kthread+0x10/0x10
[   17.422720]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.422751]  ? calculate_sigpending+0x7b/0xa0
[   17.422780]  ? __pfx_kthread+0x10/0x10
[   17.422810]  ret_from_fork+0x41/0x80
[   17.422839]  ? __pfx_kthread+0x10/0x10
[   17.422869]  ret_from_fork_asm+0x1a/0x30
[   17.422912]  </TASK>
[   17.422924] 
[   17.443348] Allocated by task 178:
[   17.443920]  kasan_save_stack+0x45/0x70
[   17.444398]  kasan_save_track+0x18/0x40
[   17.444964]  kasan_save_alloc_info+0x3b/0x50
[   17.445376]  __kasan_krealloc+0x190/0x1f0
[   17.446340]  krealloc_noprof+0xf3/0x340
[   17.446741]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.447316]  krealloc_less_oob+0x1c/0x30
[   17.447845]  kunit_try_run_case+0x1a5/0x480
[   17.448331]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.449092]  kthread+0x337/0x6f0
[   17.449902]  ret_from_fork+0x41/0x80
[   17.450353]  ret_from_fork_asm+0x1a/0x30
[   17.450727] 
[   17.450968] The buggy address belongs to the object at ffff888100aaee00
[   17.450968]  which belongs to the cache kmalloc-256 of size 256
[   17.452019] The buggy address is located 33 bytes to the right of
[   17.452019]  allocated 201-byte region [ffff888100aaee00, ffff888100aaeec9)
[   17.453154] 
[   17.454520] The buggy address belongs to the physical page:
[   17.455067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   17.455689] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.456283] flags: 0x200000000000040(head|node=0|zone=2)
[   17.456870] page_type: f5(slab)
[   17.457240] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.458396] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.459124] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.459860] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.460457] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   17.461218] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.462254] page dumped because: kasan: bad access detected
[   17.462708] 
[   17.463085] Memory state around the buggy address:
[   17.463656]  ffff888100aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.464217]  ffff888100aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.464985] >ffff888100aaee80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.466098]                                                           ^
[   17.466633]  ffff888100aaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.467175]  ffff888100aaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.467749] ==================================================================
[   17.706241] ==================================================================
[   17.707425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   17.708813] Write of size 1 at addr ffff888103b8e0da by task kunit_try_catch/182
[   17.709325] 
[   17.710626] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.710711] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.710734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.710764] Call Trace:
[   17.710790]  <TASK>
[   17.710824]  dump_stack_lvl+0x73/0xb0
[   17.710863]  print_report+0xd1/0x650
[   17.710915]  ? __virt_addr_valid+0x1db/0x2d0
[   17.710947]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.711000]  ? kasan_addr_to_slab+0x11/0xa0
[   17.711034]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.711087]  kasan_report+0x141/0x180
[   17.711122]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.711178]  __asan_report_store1_noabort+0x1b/0x30
[   17.711211]  krealloc_less_oob_helper+0xec6/0x11d0
[   17.711265]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.711305]  ? finish_task_switch.isra.0+0x153/0x700
[   17.711357]  ? __switch_to+0x5d9/0xf60
[   17.711387]  ? dequeue_task_fair+0x166/0x4e0
[   17.711439]  ? __schedule+0x10cc/0x2b30
[   17.711556]  ? __pfx_read_tsc+0x10/0x10
[   17.711609]  krealloc_large_less_oob+0x1c/0x30
[   17.711646]  kunit_try_run_case+0x1a5/0x480
[   17.711681]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.711712]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.711745]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.711777]  ? __kthread_parkme+0x82/0x180
[   17.711806]  ? preempt_count_sub+0x50/0x80
[   17.711838]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.711869]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.711899]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.711929]  kthread+0x337/0x6f0
[   17.711957]  ? trace_preempt_on+0x20/0xc0
[   17.711989]  ? __pfx_kthread+0x10/0x10
[   17.712019]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.712050]  ? calculate_sigpending+0x7b/0xa0
[   17.712080]  ? __pfx_kthread+0x10/0x10
[   17.712111]  ret_from_fork+0x41/0x80
[   17.712139]  ? __pfx_kthread+0x10/0x10
[   17.712169]  ret_from_fork_asm+0x1a/0x30
[   17.712213]  </TASK>
[   17.712226] 
[   17.734724] The buggy address belongs to the physical page:
[   17.735954] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b8c
[   17.737267] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.738015] flags: 0x200000000000040(head|node=0|zone=2)
[   17.738958] page_type: f8(unknown)
[   17.739301] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.740361] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.741354] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.742253] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.743735] head: 0200000000000002 ffffea00040ee301 00000000ffffffff 00000000ffffffff
[   17.744381] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.745270] page dumped because: kasan: bad access detected
[   17.745922] 
[   17.746101] Memory state around the buggy address:
[   17.746752]  ffff888103b8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.747258]  ffff888103b8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.748206] >ffff888103b8e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.748910]                                                     ^
[   17.750548]  ffff888103b8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.751109]  ffff888103b8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.751723] ==================================================================
[   17.662864] ==================================================================
[   17.663318] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   17.664414] Write of size 1 at addr ffff888103b8e0d0 by task kunit_try_catch/182
[   17.665976] 
[   17.666291] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.666586] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.666631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.666687] Call Trace:
[   17.666726]  <TASK>
[   17.666795]  dump_stack_lvl+0x73/0xb0
[   17.666907]  print_report+0xd1/0x650
[   17.666977]  ? __virt_addr_valid+0x1db/0x2d0
[   17.667010]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.667044]  ? kasan_addr_to_slab+0x11/0xa0
[   17.667073]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.667122]  kasan_report+0x141/0x180
[   17.667189]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.667234]  __asan_report_store1_noabort+0x1b/0x30
[   17.667263]  krealloc_less_oob_helper+0xe23/0x11d0
[   17.667301]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.667335]  ? finish_task_switch.isra.0+0x153/0x700
[   17.667367]  ? __switch_to+0x5d9/0xf60
[   17.667393]  ? dequeue_task_fair+0x166/0x4e0
[   17.667448]  ? __schedule+0x10cc/0x2b30
[   17.667574]  ? __pfx_read_tsc+0x10/0x10
[   17.667614]  krealloc_large_less_oob+0x1c/0x30
[   17.667650]  kunit_try_run_case+0x1a5/0x480
[   17.667686]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.667716]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.667750]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.667784]  ? __kthread_parkme+0x82/0x180
[   17.667815]  ? preempt_count_sub+0x50/0x80
[   17.667847]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.667880]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.667911]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.667943]  kthread+0x337/0x6f0
[   17.667972]  ? trace_preempt_on+0x20/0xc0
[   17.668006]  ? __pfx_kthread+0x10/0x10
[   17.668037]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.668068]  ? calculate_sigpending+0x7b/0xa0
[   17.668098]  ? __pfx_kthread+0x10/0x10
[   17.668130]  ret_from_fork+0x41/0x80
[   17.668160]  ? __pfx_kthread+0x10/0x10
[   17.668190]  ret_from_fork_asm+0x1a/0x30
[   17.668231]  </TASK>
[   17.668244] 
[   17.688408] The buggy address belongs to the physical page:
[   17.689883] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b8c
[   17.690668] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.691268] flags: 0x200000000000040(head|node=0|zone=2)
[   17.692146] page_type: f8(unknown)
[   17.692831] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.693653] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.694397] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.695307] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.696407] head: 0200000000000002 ffffea00040ee301 00000000ffffffff 00000000ffffffff
[   17.697280] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.698112] page dumped because: kasan: bad access detected
[   17.698571] 
[   17.699092] Memory state around the buggy address:
[   17.699440]  ffff888103b8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.700189]  ffff888103b8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.701766] >ffff888103b8e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.702285]                                                  ^
[   17.703573]  ffff888103b8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.704156]  ffff888103b8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.704986] ==================================================================
[   17.752073] ==================================================================
[   17.752316] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   17.753544] Write of size 1 at addr ffff888103b8e0ea by task kunit_try_catch/182
[   17.755200] 
[   17.755764] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.755944] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.755982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.756038] Call Trace:
[   17.756109]  <TASK>
[   17.756189]  dump_stack_lvl+0x73/0xb0
[   17.756261]  print_report+0xd1/0x650
[   17.756297]  ? __virt_addr_valid+0x1db/0x2d0
[   17.756327]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.756362]  ? kasan_addr_to_slab+0x11/0xa0
[   17.756391]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.756427]  kasan_report+0x141/0x180
[   17.756529]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.756607]  __asan_report_store1_noabort+0x1b/0x30
[   17.756640]  krealloc_less_oob_helper+0xe90/0x11d0
[   17.756679]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.756714]  ? finish_task_switch.isra.0+0x153/0x700
[   17.756745]  ? __switch_to+0x5d9/0xf60
[   17.756771]  ? dequeue_task_fair+0x166/0x4e0
[   17.756807]  ? __schedule+0x10cc/0x2b30
[   17.756840]  ? __pfx_read_tsc+0x10/0x10
[   17.756872]  krealloc_large_less_oob+0x1c/0x30
[   17.756906]  kunit_try_run_case+0x1a5/0x480
[   17.756940]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.756971]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.757004]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.757039]  ? __kthread_parkme+0x82/0x180
[   17.757071]  ? preempt_count_sub+0x50/0x80
[   17.757105]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.757138]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.757170]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.757202]  kthread+0x337/0x6f0
[   17.757232]  ? trace_preempt_on+0x20/0xc0
[   17.757264]  ? __pfx_kthread+0x10/0x10
[   17.757295]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.757326]  ? calculate_sigpending+0x7b/0xa0
[   17.757357]  ? __pfx_kthread+0x10/0x10
[   17.757390]  ret_from_fork+0x41/0x80
[   17.757419]  ? __pfx_kthread+0x10/0x10
[   17.757548]  ret_from_fork_asm+0x1a/0x30
[   17.757628]  </TASK>
[   17.757643] 
[   17.779221] The buggy address belongs to the physical page:
[   17.780021] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b8c
[   17.780878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.782384] flags: 0x200000000000040(head|node=0|zone=2)
[   17.782898] page_type: f8(unknown)
[   17.783712] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.784250] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.785033] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.786058] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.787307] head: 0200000000000002 ffffea00040ee301 00000000ffffffff 00000000ffffffff
[   17.788282] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.789347] page dumped because: kasan: bad access detected
[   17.790085] 
[   17.790313] Memory state around the buggy address:
[   17.791128]  ffff888103b8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.791368]  ffff888103b8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.792125] >ffff888103b8e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.793620]                                                           ^
[   17.794369]  ffff888103b8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.795767]  ffff888103b8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.796038] ==================================================================
[   17.315827] ==================================================================
[   17.316366] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   17.317897] Write of size 1 at addr ffff888100aaeed0 by task kunit_try_catch/178
[   17.318299] 
[   17.318409] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.318541] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.318578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.318630] Call Trace:
[   17.318667]  <TASK>
[   17.318710]  dump_stack_lvl+0x73/0xb0
[   17.318788]  print_report+0xd1/0x650
[   17.318862]  ? __virt_addr_valid+0x1db/0x2d0
[   17.318927]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.319004]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.319078]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.319155]  kasan_report+0x141/0x180
[   17.319231]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.319332]  __asan_report_store1_noabort+0x1b/0x30
[   17.319406]  krealloc_less_oob_helper+0xe23/0x11d0
[   17.319514]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.319595]  ? finish_task_switch.isra.0+0x153/0x700
[   17.319665]  ? __switch_to+0x5d9/0xf60
[   17.319728]  ? dequeue_task_fair+0x166/0x4e0
[   17.319805]  ? __schedule+0x10cc/0x2b30
[   17.319878]  ? __pfx_read_tsc+0x10/0x10
[   17.319948]  krealloc_less_oob+0x1c/0x30
[   17.320020]  kunit_try_run_case+0x1a5/0x480
[   17.320097]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.320168]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.320242]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.320317]  ? __kthread_parkme+0x82/0x180
[   17.320389]  ? preempt_count_sub+0x50/0x80
[   17.320466]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.320618]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.320695]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.320768]  kthread+0x337/0x6f0
[   17.320840]  ? trace_preempt_on+0x20/0xc0
[   17.320963]  ? __pfx_kthread+0x10/0x10
[   17.321037]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.321105]  ? calculate_sigpending+0x7b/0xa0
[   17.321174]  ? __pfx_kthread+0x10/0x10
[   17.321242]  ret_from_fork+0x41/0x80
[   17.321308]  ? __pfx_kthread+0x10/0x10
[   17.321363]  ret_from_fork_asm+0x1a/0x30
[   17.321409]  </TASK>
[   17.321422] 
[   17.340298] Allocated by task 178:
[   17.340924]  kasan_save_stack+0x45/0x70
[   17.341400]  kasan_save_track+0x18/0x40
[   17.342271]  kasan_save_alloc_info+0x3b/0x50
[   17.342898]  __kasan_krealloc+0x190/0x1f0
[   17.343261]  krealloc_noprof+0xf3/0x340
[   17.343803]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.344340]  krealloc_less_oob+0x1c/0x30
[   17.344902]  kunit_try_run_case+0x1a5/0x480
[   17.345410]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.346358]  kthread+0x337/0x6f0
[   17.346859]  ret_from_fork+0x41/0x80
[   17.347214]  ret_from_fork_asm+0x1a/0x30
[   17.347853] 
[   17.348128] The buggy address belongs to the object at ffff888100aaee00
[   17.348128]  which belongs to the cache kmalloc-256 of size 256
[   17.349192] The buggy address is located 7 bytes to the right of
[   17.349192]  allocated 201-byte region [ffff888100aaee00, ffff888100aaeec9)
[   17.350697] 
[   17.350936] The buggy address belongs to the physical page:
[   17.351595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   17.352207] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.352904] flags: 0x200000000000040(head|node=0|zone=2)
[   17.354006] page_type: f5(slab)
[   17.354374] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.355003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.355718] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.356598] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.357220] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   17.358246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.358945] page dumped because: kasan: bad access detected
[   17.359567] 
[   17.359802] Memory state around the buggy address:
[   17.360307]  ffff888100aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.361046]  ffff888100aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.362073] >ffff888100aaee80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.362612]                                                  ^
[   17.363295]  ffff888100aaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.364085]  ffff888100aaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.364736] ==================================================================
[   17.796401] ==================================================================
[   17.797953] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   17.799191] Write of size 1 at addr ffff888103b8e0eb by task kunit_try_catch/182
[   17.800212] 
[   17.800399] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.800684] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.800724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.800781] Call Trace:
[   17.800870]  <TASK>
[   17.800926]  dump_stack_lvl+0x73/0xb0
[   17.801005]  print_report+0xd1/0x650
[   17.801078]  ? __virt_addr_valid+0x1db/0x2d0
[   17.801149]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.801224]  ? kasan_addr_to_slab+0x11/0xa0
[   17.801333]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.801418]  kasan_report+0x141/0x180
[   17.801531]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.801638]  __asan_report_store1_noabort+0x1b/0x30
[   17.801705]  krealloc_less_oob_helper+0xd47/0x11d0
[   17.801792]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.801871]  ? finish_task_switch.isra.0+0x153/0x700
[   17.801941]  ? __switch_to+0x5d9/0xf60
[   17.802011]  ? dequeue_task_fair+0x166/0x4e0
[   17.802095]  ? __schedule+0x10cc/0x2b30
[   17.802169]  ? __pfx_read_tsc+0x10/0x10
[   17.802242]  krealloc_large_less_oob+0x1c/0x30
[   17.802315]  kunit_try_run_case+0x1a5/0x480
[   17.802456]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.802545]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.802616]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.802684]  ? __kthread_parkme+0x82/0x180
[   17.802747]  ? preempt_count_sub+0x50/0x80
[   17.802813]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.802876]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.802942]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.803002]  kthread+0x337/0x6f0
[   17.803035]  ? trace_preempt_on+0x20/0xc0
[   17.803069]  ? __pfx_kthread+0x10/0x10
[   17.803100]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.803132]  ? calculate_sigpending+0x7b/0xa0
[   17.803161]  ? __pfx_kthread+0x10/0x10
[   17.803193]  ret_from_fork+0x41/0x80
[   17.803223]  ? __pfx_kthread+0x10/0x10
[   17.803254]  ret_from_fork_asm+0x1a/0x30
[   17.803297]  </TASK>
[   17.803311] 
[   17.823153] The buggy address belongs to the physical page:
[   17.826576] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b8c
[   17.828172] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.829221] flags: 0x200000000000040(head|node=0|zone=2)
[   17.830091] page_type: f8(unknown)
[   17.830356] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.831413] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.832404] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.834084] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.835017] head: 0200000000000002 ffffea00040ee301 00000000ffffffff 00000000ffffffff
[   17.836726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.837266] page dumped because: kasan: bad access detected
[   17.837682] 
[   17.837998] Memory state around the buggy address:
[   17.838445]  ffff888103b8df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.839341]  ffff888103b8e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.840276] >ffff888103b8e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.840946]                                                           ^
[   17.842371]  ffff888103b8e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.842990]  ffff888103b8e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.843462] ==================================================================
[   17.253785] ==================================================================
[   17.254760] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   17.255790] Write of size 1 at addr ffff888100aaeec9 by task kunit_try_catch/178
[   17.257212] 
[   17.257403] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.258030] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.258052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.258083] Call Trace:
[   17.258101]  <TASK>
[   17.258124]  dump_stack_lvl+0x73/0xb0
[   17.258163]  print_report+0xd1/0x650
[   17.258196]  ? __virt_addr_valid+0x1db/0x2d0
[   17.258227]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.258260]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.258291]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.258324]  kasan_report+0x141/0x180
[   17.258353]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.258393]  __asan_report_store1_noabort+0x1b/0x30
[   17.258420]  krealloc_less_oob_helper+0xd70/0x11d0
[   17.258559]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.258620]  ? finish_task_switch.isra.0+0x153/0x700
[   17.258657]  ? __switch_to+0x5d9/0xf60
[   17.258685]  ? dequeue_task_fair+0x166/0x4e0
[   17.258719]  ? __schedule+0x10cc/0x2b30
[   17.258751]  ? __pfx_read_tsc+0x10/0x10
[   17.258782]  krealloc_less_oob+0x1c/0x30
[   17.258812]  kunit_try_run_case+0x1a5/0x480
[   17.258846]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.258875]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.258907]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.258938]  ? __kthread_parkme+0x82/0x180
[   17.258967]  ? preempt_count_sub+0x50/0x80
[   17.259002]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.259033]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.259062]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.259092]  kthread+0x337/0x6f0
[   17.259120]  ? trace_preempt_on+0x20/0xc0
[   17.259152]  ? __pfx_kthread+0x10/0x10
[   17.259182]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.259210]  ? calculate_sigpending+0x7b/0xa0
[   17.259239]  ? __pfx_kthread+0x10/0x10
[   17.259269]  ret_from_fork+0x41/0x80
[   17.259296]  ? __pfx_kthread+0x10/0x10
[   17.259325]  ret_from_fork_asm+0x1a/0x30
[   17.259368]  </TASK>
[   17.259381] 
[   17.281292] Allocated by task 178:
[   17.281633]  kasan_save_stack+0x45/0x70
[   17.282478]  kasan_save_track+0x18/0x40
[   17.283646]  kasan_save_alloc_info+0x3b/0x50
[   17.284256]  __kasan_krealloc+0x190/0x1f0
[   17.285565]  krealloc_noprof+0xf3/0x340
[   17.286810]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.287731]  krealloc_less_oob+0x1c/0x30
[   17.288048]  kunit_try_run_case+0x1a5/0x480
[   17.288323]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.290621]  kthread+0x337/0x6f0
[   17.291803]  ret_from_fork+0x41/0x80
[   17.293139]  ret_from_fork_asm+0x1a/0x30
[   17.294410] 
[   17.294936] The buggy address belongs to the object at ffff888100aaee00
[   17.294936]  which belongs to the cache kmalloc-256 of size 256
[   17.296292] The buggy address is located 0 bytes to the right of
[   17.296292]  allocated 201-byte region [ffff888100aaee00, ffff888100aaeec9)
[   17.297952] 
[   17.298176] The buggy address belongs to the physical page:
[   17.298748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   17.299635] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.300219] flags: 0x200000000000040(head|node=0|zone=2)
[   17.300827] page_type: f5(slab)
[   17.301138] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.302009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.303120] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.304260] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.305361] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   17.307065] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.307683] page dumped because: kasan: bad access detected
[   17.308335] 
[   17.308882] Memory state around the buggy address:
[   17.309467]  ffff888100aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.310310]  ffff888100aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.311280] >ffff888100aaee80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.312038]                                               ^
[   17.312933]  ffff888100aaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.313409]  ffff888100aaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.314221] ==================================================================
[   17.366416] ==================================================================
[   17.367028] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   17.368587] Write of size 1 at addr ffff888100aaeeda by task kunit_try_catch/178
[   17.369810] 
[   17.370273] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   17.370945] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.370968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.370999] Call Trace:
[   17.371022]  <TASK>
[   17.371043]  dump_stack_lvl+0x73/0xb0
[   17.371085]  print_report+0xd1/0x650
[   17.371117]  ? __virt_addr_valid+0x1db/0x2d0
[   17.371146]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.371179]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.371209]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.371242]  kasan_report+0x141/0x180
[   17.371273]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.371314]  __asan_report_store1_noabort+0x1b/0x30
[   17.371341]  krealloc_less_oob_helper+0xec6/0x11d0
[   17.371377]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.371410]  ? finish_task_switch.isra.0+0x153/0x700
[   17.371450]  ? __switch_to+0x5d9/0xf60
[   17.371596]  ? dequeue_task_fair+0x166/0x4e0
[   17.371653]  ? __schedule+0x10cc/0x2b30
[   17.371687]  ? __pfx_read_tsc+0x10/0x10
[   17.371719]  krealloc_less_oob+0x1c/0x30
[   17.371750]  kunit_try_run_case+0x1a5/0x480
[   17.371784]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.371814]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.371845]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.371877]  ? __kthread_parkme+0x82/0x180
[   17.371906]  ? preempt_count_sub+0x50/0x80
[   17.371938]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.371969]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.371998]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.372027]  kthread+0x337/0x6f0
[   17.372054]  ? trace_preempt_on+0x20/0xc0
[   17.372085]  ? __pfx_kthread+0x10/0x10
[   17.372114]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.372144]  ? calculate_sigpending+0x7b/0xa0
[   17.372171]  ? __pfx_kthread+0x10/0x10
[   17.372201]  ret_from_fork+0x41/0x80
[   17.372229]  ? __pfx_kthread+0x10/0x10
[   17.372258]  ret_from_fork_asm+0x1a/0x30
[   17.372298]  </TASK>
[   17.372311] 
[   17.391196] Allocated by task 178:
[   17.391726]  kasan_save_stack+0x45/0x70
[   17.392240]  kasan_save_track+0x18/0x40
[   17.393027]  kasan_save_alloc_info+0x3b/0x50
[   17.393526]  __kasan_krealloc+0x190/0x1f0
[   17.394107]  krealloc_noprof+0xf3/0x340
[   17.394732]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.395288]  krealloc_less_oob+0x1c/0x30
[   17.395886]  kunit_try_run_case+0x1a5/0x480
[   17.396356]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.397290]  kthread+0x337/0x6f0
[   17.397713]  ret_from_fork+0x41/0x80
[   17.398287]  ret_from_fork_asm+0x1a/0x30
[   17.398949] 
[   17.399201] The buggy address belongs to the object at ffff888100aaee00
[   17.399201]  which belongs to the cache kmalloc-256 of size 256
[   17.400288] The buggy address is located 17 bytes to the right of
[   17.400288]  allocated 201-byte region [ffff888100aaee00, ffff888100aaeec9)
[   17.401194] 
[   17.401426] The buggy address belongs to the physical page:
[   17.402329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   17.403590] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.404194] flags: 0x200000000000040(head|node=0|zone=2)
[   17.404811] page_type: f5(slab)
[   17.405179] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.406295] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.406967] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.407591] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.408163] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   17.408883] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.409807] page dumped because: kasan: bad access detected
[   17.410263] 
[   17.410605] Memory state around the buggy address:
[   17.411065]  ffff888100aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.411771]  ffff888100aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.412333] >ffff888100aaee80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.412880]                                                     ^
[   17.413401]  ffff888100aaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.414420]  ffff888100aaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.415176] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2w58bPRPTycbz1vmAdBLBc0aa6B

job_id

TEST:linaro@lkft#2w58gtgABx34QfpACxxt1FW8tt4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2w58gtgABx34QfpACxxt1FW8tt4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58e0U5Ru8v4eqp9FzDEGsLRcM/bzImage
sha256sum	f59986011cb969c7a1cdd138a2f9f0805d494458126148234385e9c958ff6025

rootfs

url	https://storage.tuxboot.com/debian/trixie/amd64/rootfs.ext4.xz
sha256sum	46d08c6812c5a56498fb2daa39090f5328578b27d1cc7e901eb03c5578fd0198

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2w58e0U5Ru8v4eqp9FzDEGsLRcM/modules.tar.xz
sha256sum	8a4ca15b5d29d47a50af2e54c5fa80863c1756101b85f2c14a51465bf17dc7f1

durations

tests

boot	0
kunit	46.19

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:9.2.2+ds-1+b2

[   19.575343] ==================================================================
[   19.576018] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.576723] Write of size 1 at addr ffff00001039a0ea by task kunit_try_catch/220
[   19.577395] 
[   19.577551] CPU: 4 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.577587] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.577596] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.577608] Call trace:
[   19.577616]  show_stack+0x20/0x38 (C)
[   19.577639]  dump_stack_lvl+0x8c/0xd0
[   19.577660]  print_report+0x118/0x608
[   19.577678]  kasan_report+0xdc/0x128
[   19.577697]  __asan_report_store1_noabort+0x20/0x30
[   19.577719]  krealloc_less_oob_helper+0xae4/0xc50
[   19.577743]  krealloc_large_less_oob+0x20/0x38
[   19.577766]  kunit_try_run_case+0x170/0x3f0
[   19.577790]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.577815]  kthread+0x328/0x630
[   19.577838]  ret_from_fork+0x10/0x20
[   19.577859] 
[   19.583835] The buggy address belongs to the physical page:
[   19.584341] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398
[   19.585058] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.585751] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.586387] page_type: f8(unknown)
[   19.586709] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.587408] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.588109] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.588814] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.589520] head: 03fffe0000000002 fffffdffc040e601 00000000ffffffff 00000000ffffffff
[   19.590225] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.590926] page dumped because: kasan: bad access detected
[   19.591429] 
[   19.591574] Memory state around the buggy address:
[   19.592010]  ffff000010399f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.592662]  ffff00001039a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.593313] >ffff00001039a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.593961]                                                           ^
[   19.594559]  ffff00001039a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.595212]  ffff00001039a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.595861] ==================================================================
[   19.508879] ==================================================================
[   19.509969] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.510699] Write of size 1 at addr ffff00001039a0c9 by task kunit_try_catch/220
[   19.511384] 
[   19.511550] CPU: 2 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.511599] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.511613] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.511630] Call trace:
[   19.511641]  show_stack+0x20/0x38 (C)
[   19.511673]  dump_stack_lvl+0x8c/0xd0
[   19.511704]  print_report+0x118/0x608
[   19.511733]  kasan_report+0xdc/0x128
[   19.511761]  __asan_report_store1_noabort+0x20/0x30
[   19.511795]  krealloc_less_oob_helper+0xa48/0xc50
[   19.511831]  krealloc_large_less_oob+0x20/0x38
[   19.511865]  kunit_try_run_case+0x170/0x3f0
[   19.511901]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.511940]  kthread+0x328/0x630
[   19.511974]  ret_from_fork+0x10/0x20
[   19.512006] 
[   19.518036] The buggy address belongs to the physical page:
[   19.518553] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398
[   19.519283] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.519988] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.520640] page_type: f8(unknown)
[   19.520976] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.521690] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.522405] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.523127] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.523850] head: 03fffe0000000002 fffffdffc040e601 00000000ffffffff 00000000ffffffff
[   19.524572] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.525287] page dumped because: kasan: bad access detected
[   19.525801] 
[   19.525953] Memory state around the buggy address:
[   19.526401]  ffff000010399f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.527067]  ffff00001039a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.527732] >ffff00001039a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.528393]                                               ^
[   19.528910]  ffff00001039a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.529576]  ffff00001039a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.530237] ==================================================================
[   19.553119] ==================================================================
[   19.553790] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.554507] Write of size 1 at addr ffff00001039a0da by task kunit_try_catch/220
[   19.555192] 
[   19.555356] CPU: 2 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.555405] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.555419] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.555436] Call trace:
[   19.555447]  show_stack+0x20/0x38 (C)
[   19.555479]  dump_stack_lvl+0x8c/0xd0
[   19.555509]  print_report+0x118/0x608
[   19.555538]  kasan_report+0xdc/0x128
[   19.555566]  __asan_report_store1_noabort+0x20/0x30
[   19.555601]  krealloc_less_oob_helper+0xa80/0xc50
[   19.555636]  krealloc_large_less_oob+0x20/0x38
[   19.555671]  kunit_try_run_case+0x170/0x3f0
[   19.555706]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.555744]  kthread+0x328/0x630
[   19.555778]  ret_from_fork+0x10/0x20
[   19.555810] 
[   19.561839] The buggy address belongs to the physical page:
[   19.562354] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398
[   19.563085] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.563788] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.564439] page_type: f8(unknown)
[   19.564773] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.565487] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.566201] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.566921] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.567644] head: 03fffe0000000002 fffffdffc040e601 00000000ffffffff 00000000ffffffff
[   19.568366] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.569081] page dumped because: kasan: bad access detected
[   19.569595] 
[   19.569747] Memory state around the buggy address:
[   19.570194]  ffff000010399f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.570860]  ffff00001039a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.571525] >ffff00001039a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.572186]                                                     ^
[   19.572749]  ffff00001039a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.573414]  ffff00001039a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.574075] ==================================================================
[   19.375361] ==================================================================
[   19.376015] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.376704] Write of size 1 at addr ffff00000d6fccda by task kunit_try_catch/216
[   19.377373] 
[   19.377522] CPU: 4 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.377554] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.377563] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.377573] Call trace:
[   19.377580]  show_stack+0x20/0x38 (C)
[   19.377600]  dump_stack_lvl+0x8c/0xd0
[   19.377619]  print_report+0x118/0x608
[   19.377638]  kasan_report+0xdc/0x128
[   19.377656]  __asan_report_store1_noabort+0x20/0x30
[   19.377678]  krealloc_less_oob_helper+0xa80/0xc50
[   19.377702]  krealloc_less_oob+0x20/0x38
[   19.377725]  kunit_try_run_case+0x170/0x3f0
[   19.377747]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.377772]  kthread+0x328/0x630
[   19.377793]  ret_from_fork+0x10/0x20
[   19.377812] 
[   19.383740] Allocated by task 216:
[   19.384055]  kasan_save_stack+0x3c/0x68
[   19.384415]  kasan_save_track+0x20/0x40
[   19.384773]  kasan_save_alloc_info+0x40/0x58
[   19.385172]  __kasan_krealloc+0x118/0x178
[   19.385546]  krealloc_noprof+0x128/0x360
[   19.385912]  krealloc_less_oob_helper+0x168/0xc50
[   19.386352]  krealloc_less_oob+0x20/0x38
[   19.386724]  kunit_try_run_case+0x170/0x3f0
[   19.387115]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.387624]  kthread+0x328/0x630
[   19.387932]  ret_from_fork+0x10/0x20
[   19.388269] 
[   19.388413] The buggy address belongs to the object at ffff00000d6fcc00
[   19.388413]  which belongs to the cache kmalloc-256 of size 256
[   19.389528] The buggy address is located 17 bytes to the right of
[   19.389528]  allocated 201-byte region [ffff00000d6fcc00, ffff00000d6fccc9)
[   19.390693] 
[   19.390838] The buggy address belongs to the physical page:
[   19.391341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd6fc
[   19.392049] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.392737] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.393370] page_type: f5(slab)
[   19.393667] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.394365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.395065] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.395770] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.396476] head: 03fffe0000000001 fffffdffc035bf01 00000000ffffffff 00000000ffffffff
[   19.397182] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.397883] page dumped because: kasan: bad access detected
[   19.398387] 
[   19.398533] Memory state around the buggy address:
[   19.398969]  ffff00000d6fcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.399621]  ffff00000d6fcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.400273] >ffff00000d6fcc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.400921]                                                     ^
[   19.401473]  ffff00000d6fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.402125]  ffff00000d6fcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.402774] ==================================================================
[   19.596686] ==================================================================
[   19.597340] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.598029] Write of size 1 at addr ffff00001039a0eb by task kunit_try_catch/220
[   19.598699] 
[   19.598848] CPU: 4 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.598880] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.598889] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.598899] Call trace:
[   19.598905]  show_stack+0x20/0x38 (C)
[   19.598925]  dump_stack_lvl+0x8c/0xd0
[   19.598943]  print_report+0x118/0x608
[   19.598961]  kasan_report+0xdc/0x128
[   19.598979]  __asan_report_store1_noabort+0x20/0x30
[   19.599000]  krealloc_less_oob_helper+0xa58/0xc50
[   19.599024]  krealloc_large_less_oob+0x20/0x38
[   19.599047]  kunit_try_run_case+0x170/0x3f0
[   19.599069]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.599094]  kthread+0x328/0x630
[   19.599116]  ret_from_fork+0x10/0x20
[   19.599136] 
[   19.605108] The buggy address belongs to the physical page:
[   19.605610] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398
[   19.606325] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.607014] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.607646] page_type: f8(unknown)
[   19.607966] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.608664] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.609363] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.610068] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.610774] head: 03fffe0000000002 fffffdffc040e601 00000000ffffffff 00000000ffffffff
[   19.611480] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.612181] page dumped because: kasan: bad access detected
[   19.612683] 
[   19.612828] Memory state around the buggy address:
[   19.613263]  ffff000010399f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.613916]  ffff00001039a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.614566] >ffff00001039a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.615214]                                                           ^
[   19.615810]  ffff00001039a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.616461]  ffff00001039a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.617109] ==================================================================
[   19.403560] ==================================================================
[   19.404214] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.404903] Write of size 1 at addr ffff00000d6fccea by task kunit_try_catch/216
[   19.405572] 
[   19.405722] CPU: 4 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.405754] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.405763] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.405773] Call trace:
[   19.405780]  show_stack+0x20/0x38 (C)
[   19.405800]  dump_stack_lvl+0x8c/0xd0
[   19.405820]  print_report+0x118/0x608
[   19.405838]  kasan_report+0xdc/0x128
[   19.405856]  __asan_report_store1_noabort+0x20/0x30
[   19.405879]  krealloc_less_oob_helper+0xae4/0xc50
[   19.405903]  krealloc_less_oob+0x20/0x38
[   19.405926]  kunit_try_run_case+0x170/0x3f0
[   19.405947]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.405972]  kthread+0x328/0x630
[   19.405993]  ret_from_fork+0x10/0x20
[   19.406013] 
[   19.411939] Allocated by task 216:
[   19.412255]  kasan_save_stack+0x3c/0x68
[   19.412614]  kasan_save_track+0x20/0x40
[   19.412972]  kasan_save_alloc_info+0x40/0x58
[   19.413372]  __kasan_krealloc+0x118/0x178
[   19.413745]  krealloc_noprof+0x128/0x360
[   19.414111]  krealloc_less_oob_helper+0x168/0xc50
[   19.414552]  krealloc_less_oob+0x20/0x38
[   19.414923]  kunit_try_run_case+0x170/0x3f0
[   19.415315]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.415823]  kthread+0x328/0x630
[   19.416131]  ret_from_fork+0x10/0x20
[   19.416468] 
[   19.416614] The buggy address belongs to the object at ffff00000d6fcc00
[   19.416614]  which belongs to the cache kmalloc-256 of size 256
[   19.417728] The buggy address is located 33 bytes to the right of
[   19.417728]  allocated 201-byte region [ffff00000d6fcc00, ffff00000d6fccc9)
[   19.418892] 
[   19.419037] The buggy address belongs to the physical page:
[   19.419541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd6fc
[   19.420247] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.420936] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.421567] page_type: f5(slab)
[   19.421864] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.422563] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.423261] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.423967] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.424674] head: 03fffe0000000001 fffffdffc035bf01 00000000ffffffff 00000000ffffffff
[   19.425378] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.426079] page dumped because: kasan: bad access detected
[   19.426581] 
[   19.426726] Memory state around the buggy address:
[   19.427162]  ffff00000d6fcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.427813]  ffff00000d6fcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.428463] >ffff00000d6fcc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.429112]                                                           ^
[   19.429708]  ffff00000d6fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.430359]  ffff00000d6fcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.431008] ==================================================================
[   19.347103] ==================================================================
[   19.347777] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.348480] Write of size 1 at addr ffff00000d6fccd0 by task kunit_try_catch/216
[   19.349151] 
[   19.349306] CPU: 4 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.349342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.349351] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.349363] Call trace:
[   19.349371]  show_stack+0x20/0x38 (C)
[   19.349394]  dump_stack_lvl+0x8c/0xd0
[   19.349415]  print_report+0x118/0x608
[   19.349434]  kasan_report+0xdc/0x128
[   19.349452]  __asan_report_store1_noabort+0x20/0x30
[   19.349475]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.349499]  krealloc_less_oob+0x20/0x38
[   19.349523]  kunit_try_run_case+0x170/0x3f0
[   19.349546]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.349571]  kthread+0x328/0x630
[   19.349593]  ret_from_fork+0x10/0x20
[   19.349614] 
[   19.355545] Allocated by task 216:
[   19.355862]  kasan_save_stack+0x3c/0x68
[   19.356223]  kasan_save_track+0x20/0x40
[   19.356582]  kasan_save_alloc_info+0x40/0x58
[   19.356981]  __kasan_krealloc+0x118/0x178
[   19.357355]  krealloc_noprof+0x128/0x360
[   19.357722]  krealloc_less_oob_helper+0x168/0xc50
[   19.358162]  krealloc_less_oob+0x20/0x38
[   19.358532]  kunit_try_run_case+0x170/0x3f0
[   19.358925]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.359433]  kthread+0x328/0x630
[   19.359743]  ret_from_fork+0x10/0x20
[   19.360079] 
[   19.360226] The buggy address belongs to the object at ffff00000d6fcc00
[   19.360226]  which belongs to the cache kmalloc-256 of size 256
[   19.361342] The buggy address is located 7 bytes to the right of
[   19.361342]  allocated 201-byte region [ffff00000d6fcc00, ffff00000d6fccc9)
[   19.362499] 
[   19.362645] The buggy address belongs to the physical page:
[   19.363149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd6fc
[   19.363858] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.364550] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.365185] page_type: f5(slab)
[   19.365485] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.366185] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.366884] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.367590] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.368297] head: 03fffe0000000001 fffffdffc035bf01 00000000ffffffff 00000000ffffffff
[   19.369003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.369704] page dumped because: kasan: bad access detected
[   19.370208] 
[   19.370353] Memory state around the buggy address:
[   19.370790]  ffff00000d6fcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.371442]  ffff00000d6fcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.372093] >ffff00000d6fcc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.372741]                                                  ^
[   19.373269]  ffff00000d6fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.373921]  ffff00000d6fcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.374568] ==================================================================
[   19.531305] ==================================================================
[   19.531989] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.532704] Write of size 1 at addr ffff00001039a0d0 by task kunit_try_catch/220
[   19.533388] 
[   19.533552] CPU: 2 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.533601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.533615] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.533632] Call trace:
[   19.533643]  show_stack+0x20/0x38 (C)
[   19.533674]  dump_stack_lvl+0x8c/0xd0
[   19.533705]  print_report+0x118/0x608
[   19.533734]  kasan_report+0xdc/0x128
[   19.533761]  __asan_report_store1_noabort+0x20/0x30
[   19.533795]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.533831]  krealloc_large_less_oob+0x20/0x38
[   19.533866]  kunit_try_run_case+0x170/0x3f0
[   19.533901]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.533939]  kthread+0x328/0x630
[   19.533973]  ret_from_fork+0x10/0x20
[   19.534005] 
[   19.540033] The buggy address belongs to the physical page:
[   19.540549] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10398
[   19.541280] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.541984] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.542634] page_type: f8(unknown)
[   19.542969] raw: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.543684] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.544398] head: 03fffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.545120] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.545843] head: 03fffe0000000002 fffffdffc040e601 00000000ffffffff 00000000ffffffff
[   19.546566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.547280] page dumped because: kasan: bad access detected
[   19.547794] 
[   19.547946] Memory state around the buggy address:
[   19.548393]  ffff000010399f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.549059]  ffff00001039a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.549724] >ffff00001039a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.550385]                                                  ^
[   19.550927]  ffff00001039a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.551591]  ffff00001039a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.552252] ==================================================================
[   19.317399] ==================================================================
[   19.318458] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.319185] Write of size 1 at addr ffff00000d6fccc9 by task kunit_try_catch/216
[   19.319869] 
[   19.320034] CPU: 0 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.320083] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.320097] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.320113] Call trace:
[   19.320125]  show_stack+0x20/0x38 (C)
[   19.320157]  dump_stack_lvl+0x8c/0xd0
[   19.320188]  print_report+0x118/0x608
[   19.320217]  kasan_report+0xdc/0x128
[   19.320244]  __asan_report_store1_noabort+0x20/0x30
[   19.320278]  krealloc_less_oob_helper+0xa48/0xc50
[   19.320314]  krealloc_less_oob+0x20/0x38
[   19.320348]  kunit_try_run_case+0x170/0x3f0
[   19.320382]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.320421]  kthread+0x328/0x630
[   19.320454]  ret_from_fork+0x10/0x20
[   19.320487] 
[   19.326473] Allocated by task 216:
[   19.326801]  kasan_save_stack+0x3c/0x68
[   19.327176]  kasan_save_track+0x20/0x40
[   19.327547]  kasan_save_alloc_info+0x40/0x58
[   19.327961]  __kasan_krealloc+0x118/0x178
[   19.328348]  krealloc_noprof+0x128/0x360
[   19.328728]  krealloc_less_oob_helper+0x168/0xc50
[   19.329183]  krealloc_less_oob+0x20/0x38
[   19.329567]  kunit_try_run_case+0x170/0x3f0
[   19.329974]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.330499]  kthread+0x328/0x630
[   19.330821]  ret_from_fork+0x10/0x20
[   19.331171] 
[   19.331324] The buggy address belongs to the object at ffff00000d6fcc00
[   19.331324]  which belongs to the cache kmalloc-256 of size 256
[   19.332455] The buggy address is located 0 bytes to the right of
[   19.332455]  allocated 201-byte region [ffff00000d6fcc00, ffff00000d6fccc9)
[   19.333627] 
[   19.333781] The buggy address belongs to the physical page:
[   19.334298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd6fc
[   19.335021] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.335727] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.336378] page_type: f5(slab)
[   19.336692] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.337408] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.338123] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.338846] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.339569] head: 03fffe0000000001 fffffdffc035bf01 00000000ffffffff 00000000ffffffff
[   19.340292] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.341006] page dumped because: kasan: bad access detected
[   19.341519] 
[   19.341671] Memory state around the buggy address:
[   19.342119]  ffff00000d6fcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.342785]  ffff00000d6fcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.343450] >ffff00000d6fcc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.344112]                                               ^
[   19.344629]  ffff00000d6fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.345294]  ffff00000d6fcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.345955] ==================================================================
[   19.431786] ==================================================================
[   19.432440] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.433131] Write of size 1 at addr ffff00000d6fcceb by task kunit_try_catch/216
[   19.433800] 
[   19.433949] CPU: 4 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT 
[   19.433980] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.433989] Hardware name: Radxa ROCK Pi 4B (DT)
[   19.433999] Call trace:
[   19.434006]  show_stack+0x20/0x38 (C)
[   19.434025]  dump_stack_lvl+0x8c/0xd0
[   19.434043]  print_report+0x118/0x608
[   19.434062]  kasan_report+0xdc/0x128
[   19.434080]  __asan_report_store1_noabort+0x20/0x30
[   19.434101]  krealloc_less_oob_helper+0xa58/0xc50
[   19.434126]  krealloc_less_oob+0x20/0x38
[   19.434149]  kunit_try_run_case+0x170/0x3f0
[   19.434170]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.434195]  kthread+0x328/0x630
[   19.434216]  ret_from_fork+0x10/0x20
[   19.434236] 
[   19.440161] Allocated by task 216:
[   19.440476]  kasan_save_stack+0x3c/0x68
[   19.440834]  kasan_save_track+0x20/0x40
[   19.441192]  kasan_save_alloc_info+0x40/0x58
[   19.441591]  __kasan_krealloc+0x118/0x178
[   19.441964]  krealloc_noprof+0x128/0x360
[   19.442329]  krealloc_less_oob_helper+0x168/0xc50
[   19.442768]  krealloc_less_oob+0x20/0x38
[   19.443138]  kunit_try_run_case+0x170/0x3f0
[   19.443530]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.444036]  kthread+0x328/0x630
[   19.444345]  ret_from_fork+0x10/0x20
[   19.444681] 
[   19.444827] The buggy address belongs to the object at ffff00000d6fcc00
[   19.444827]  which belongs to the cache kmalloc-256 of size 256
[   19.445941] The buggy address is located 34 bytes to the right of
[   19.445941]  allocated 201-byte region [ffff00000d6fcc00, ffff00000d6fccc9)
[   19.447104] 
[   19.447250] The buggy address belongs to the physical page:
[   19.447752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd6fc
[   19.448459] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.449148] flags: 0x3fffe0000000040(head|node=0|zone=0|lastcpupid=0x1ffff)
[   19.449779] page_type: f5(slab)
[   19.450075] raw: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.450774] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.451473] head: 03fffe0000000040 ffff000000402b40 dead000000000122 0000000000000000
[   19.452179] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.452885] head: 03fffe0000000001 fffffdffc035bf01 00000000ffffffff 00000000ffffffff
[   19.453591] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.454292] page dumped because: kasan: bad access detected
[   19.454795] 
[   19.454940] Memory state around the buggy address:
[   19.455376]  ffff00000d6fcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.456027]  ffff00000d6fcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.456677] >ffff00000d6fcc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.457326]                                                           ^
[   19.457923]  ffff00000d6fcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.458574]  ffff00000d6fcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.459223] ==================================================================

Metadata Full log Test run details

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit

Failure - rk3399-rock-pi-4b - gcc-13-lkftconfig-kunit