lkft/linux-mainline-master - v6.15-rc7-142-g4856ebd99715 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

May 23, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   27.160639] ==================================================================
[   27.160784] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   27.160934] Write of size 1 at addr fff00000c1a548eb by task kunit_try_catch/160
[   27.161085] 
[   27.161208] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.162064] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.162172] Hardware name: linux,dummy-virt (DT)
[   27.162285] Call trace:
[   27.162467]  show_stack+0x20/0x38 (C)
[   27.162734]  dump_stack_lvl+0x8c/0xd0
[   27.162887]  print_report+0x118/0x608
[   27.163016]  kasan_report+0xdc/0x128
[   27.163150]  __asan_report_store1_noabort+0x20/0x30
[   27.163300]  krealloc_less_oob_helper+0xa58/0xc50
[   27.163851]  krealloc_less_oob+0x20/0x38
[   27.164840]  kunit_try_run_case+0x170/0x3f0
[   27.164990]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.165151]  kthread+0x328/0x630
[   27.165437]  ret_from_fork+0x10/0x20
[   27.165723] 
[   27.165780] Allocated by task 160:
[   27.165970]  kasan_save_stack+0x3c/0x68
[   27.166623]  kasan_save_track+0x20/0x40
[   27.166760]  kasan_save_alloc_info+0x40/0x58
[   27.166873]  __kasan_krealloc+0x118/0x178
[   27.167085]  krealloc_noprof+0x128/0x360
[   27.167191]  krealloc_less_oob_helper+0x168/0xc50
[   27.167324]  krealloc_less_oob+0x20/0x38
[   27.167478]  kunit_try_run_case+0x170/0x3f0
[   27.167595]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.167734]  kthread+0x328/0x630
[   27.167845]  ret_from_fork+0x10/0x20
[   27.168204] 
[   27.168788] The buggy address belongs to the object at fff00000c1a54800
[   27.168788]  which belongs to the cache kmalloc-256 of size 256
[   27.169117] The buggy address is located 34 bytes to the right of
[   27.169117]  allocated 201-byte region [fff00000c1a54800, fff00000c1a548c9)
[   27.169461] 
[   27.169532] The buggy address belongs to the physical page:
[   27.169877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54
[   27.170091] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.170249] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.170407] page_type: f5(slab)
[   27.170534] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.171791] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.172373] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.172558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.172674] head: 0bfffe0000000001 ffffc1ffc3069501 00000000ffffffff 00000000ffffffff
[   27.172782] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   27.172903] page dumped because: kasan: bad access detected
[   27.172994] 
[   27.173550] Memory state around the buggy address:
[   27.173945]  fff00000c1a54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.174295]  fff00000c1a54800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.174474] >fff00000c1a54880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   27.174593]                                                           ^
[   27.174749]  fff00000c1a54900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.174942]  fff00000c1a54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.175517] ==================================================================
[   27.095479] ==================================================================
[   27.095662] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   27.096121] Write of size 1 at addr fff00000c1a548c9 by task kunit_try_catch/160
[   27.096545] 
[   27.096817] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.097435] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.097538] Hardware name: linux,dummy-virt (DT)
[   27.097631] Call trace:
[   27.097698]  show_stack+0x20/0x38 (C)
[   27.097846]  dump_stack_lvl+0x8c/0xd0
[   27.097987]  print_report+0x118/0x608
[   27.098123]  kasan_report+0xdc/0x128
[   27.098262]  __asan_report_store1_noabort+0x20/0x30
[   27.098473]  krealloc_less_oob_helper+0xa48/0xc50
[   27.098605]  krealloc_less_oob+0x20/0x38
[   27.099073]  kunit_try_run_case+0x170/0x3f0
[   27.099260]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.099442]  kthread+0x328/0x630
[   27.099626]  ret_from_fork+0x10/0x20
[   27.099790] 
[   27.099840] Allocated by task 160:
[   27.099912]  kasan_save_stack+0x3c/0x68
[   27.100018]  kasan_save_track+0x20/0x40
[   27.100203]  kasan_save_alloc_info+0x40/0x58
[   27.100611]  __kasan_krealloc+0x118/0x178
[   27.100804]  krealloc_noprof+0x128/0x360
[   27.100917]  krealloc_less_oob_helper+0x168/0xc50
[   27.101028]  krealloc_less_oob+0x20/0x38
[   27.101140]  kunit_try_run_case+0x170/0x3f0
[   27.101252]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.101381]  kthread+0x328/0x630
[   27.101501]  ret_from_fork+0x10/0x20
[   27.101606] 
[   27.101658] The buggy address belongs to the object at fff00000c1a54800
[   27.101658]  which belongs to the cache kmalloc-256 of size 256
[   27.101790] The buggy address is located 0 bytes to the right of
[   27.101790]  allocated 201-byte region [fff00000c1a54800, fff00000c1a548c9)
[   27.101945] 
[   27.102000] The buggy address belongs to the physical page:
[   27.102208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54
[   27.102353] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.102690] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.102935] page_type: f5(slab)
[   27.103096] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.103249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.103430] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.103648] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.103792] head: 0bfffe0000000001 ffffc1ffc3069501 00000000ffffffff 00000000ffffffff
[   27.103945] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   27.104053] page dumped because: kasan: bad access detected
[   27.104140] 
[   27.104465] Memory state around the buggy address:
[   27.104571]  fff00000c1a54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.104701]  fff00000c1a54800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.104829] >fff00000c1a54880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   27.104932]                                               ^
[   27.105350]  fff00000c1a54900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.105502]  fff00000c1a54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.106110] ==================================================================
[   27.258677] ==================================================================
[   27.258933] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   27.259111] Write of size 1 at addr fff00000c77da0c9 by task kunit_try_catch/164
[   27.259312] 
[   27.259465] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.259673] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.259752] Hardware name: linux,dummy-virt (DT)
[   27.259843] Call trace:
[   27.259953]  show_stack+0x20/0x38 (C)
[   27.260107]  dump_stack_lvl+0x8c/0xd0
[   27.260243]  print_report+0x118/0x608
[   27.260469]  kasan_report+0xdc/0x128
[   27.260601]  __asan_report_store1_noabort+0x20/0x30
[   27.260740]  krealloc_less_oob_helper+0xa48/0xc50
[   27.260907]  krealloc_large_less_oob+0x20/0x38
[   27.261045]  kunit_try_run_case+0x170/0x3f0
[   27.261164]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.261314]  kthread+0x328/0x630
[   27.261389]  ret_from_fork+0x10/0x20
[   27.261508] 
[   27.261566] The buggy address belongs to the physical page:
[   27.261676] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8
[   27.261832] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.261967] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.262124] page_type: f8(unknown)
[   27.262235] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.262378] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.262544] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.262688] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.262839] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff
[   27.262973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   27.263086] page dumped because: kasan: bad access detected
[   27.263197] 
[   27.263245] Memory state around the buggy address:
[   27.263340]  fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.263486]  fff00000c77da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.263648] >fff00000c77da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   27.263832]                                               ^
[   27.263970]  fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.264098]  fff00000c77da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.264212] ==================================================================
[   27.281773] ==================================================================
[   27.281902] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   27.282048] Write of size 1 at addr fff00000c77da0da by task kunit_try_catch/164
[   27.282192] 
[   27.282284] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.285000] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.285361] Hardware name: linux,dummy-virt (DT)
[   27.285951] Call trace:
[   27.286457]  show_stack+0x20/0x38 (C)
[   27.287183]  dump_stack_lvl+0x8c/0xd0
[   27.288100]  print_report+0x118/0x608
[   27.288299]  kasan_report+0xdc/0x128
[   27.288415]  __asan_report_store1_noabort+0x20/0x30
[   27.289345]  krealloc_less_oob_helper+0xa80/0xc50
[   27.289686]  krealloc_large_less_oob+0x20/0x38
[   27.290462]  kunit_try_run_case+0x170/0x3f0
[   27.290750]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.291033]  kthread+0x328/0x630
[   27.291626]  ret_from_fork+0x10/0x20
[   27.291793] 
[   27.291904] The buggy address belongs to the physical page:
[   27.292271] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8
[   27.292700] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.292904] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.295877] page_type: f8(unknown)
[   27.296055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.296304] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.296509] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.296628] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.296941] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff
[   27.297096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   27.297355] page dumped because: kasan: bad access detected
[   27.297839] 
[   27.297908] Memory state around the buggy address:
[   27.298094]  fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.298337]  fff00000c77da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.298542] >fff00000c77da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   27.298670]                                                     ^
[   27.298784]  fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.298948]  fff00000c77da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.299126] ==================================================================
[   27.313821] ==================================================================
[   27.314232] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   27.314559] Write of size 1 at addr fff00000c77da0eb by task kunit_try_catch/164
[   27.314798] 
[   27.315053] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.315579] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.315661] Hardware name: linux,dummy-virt (DT)
[   27.315852] Call trace:
[   27.316023]  show_stack+0x20/0x38 (C)
[   27.316330]  dump_stack_lvl+0x8c/0xd0
[   27.316486]  print_report+0x118/0x608
[   27.316620]  kasan_report+0xdc/0x128
[   27.316733]  __asan_report_store1_noabort+0x20/0x30
[   27.317045]  krealloc_less_oob_helper+0xa58/0xc50
[   27.317311]  krealloc_large_less_oob+0x20/0x38
[   27.317654]  kunit_try_run_case+0x170/0x3f0
[   27.317927]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.318304]  kthread+0x328/0x630
[   27.318608]  ret_from_fork+0x10/0x20
[   27.319233] 
[   27.319407] The buggy address belongs to the physical page:
[   27.319662] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8
[   27.319848] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.319982] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.320117] page_type: f8(unknown)
[   27.320211] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.320344] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.320500] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.320644] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.321225] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff
[   27.321784] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   27.322237] page dumped because: kasan: bad access detected
[   27.322443] 
[   27.322510] Memory state around the buggy address:
[   27.322619]  fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.322788]  fff00000c77da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.322942] >fff00000c77da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   27.323065]                                                           ^
[   27.323230]  fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.323415]  fff00000c77da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.323591] ==================================================================
[   27.122828] ==================================================================
[   27.122963] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   27.123108] Write of size 1 at addr fff00000c1a548da by task kunit_try_catch/160
[   27.123250] 
[   27.123339] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.125891] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.126281] Hardware name: linux,dummy-virt (DT)
[   27.126799] Call trace:
[   27.126889]  show_stack+0x20/0x38 (C)
[   27.127053]  dump_stack_lvl+0x8c/0xd0
[   27.127194]  print_report+0x118/0x608
[   27.128099]  kasan_report+0xdc/0x128
[   27.128351]  __asan_report_store1_noabort+0x20/0x30
[   27.128497]  krealloc_less_oob_helper+0xa80/0xc50
[   27.129222]  krealloc_less_oob+0x20/0x38
[   27.129392]  kunit_try_run_case+0x170/0x3f0
[   27.129750]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.130391]  kthread+0x328/0x630
[   27.130876]  ret_from_fork+0x10/0x20
[   27.131058] 
[   27.131113] Allocated by task 160:
[   27.131197]  kasan_save_stack+0x3c/0x68
[   27.131570]  kasan_save_track+0x20/0x40
[   27.131709]  kasan_save_alloc_info+0x40/0x58
[   27.131891]  __kasan_krealloc+0x118/0x178
[   27.132144]  krealloc_noprof+0x128/0x360
[   27.132256]  krealloc_less_oob_helper+0x168/0xc50
[   27.132359]  krealloc_less_oob+0x20/0x38
[   27.132464]  kunit_try_run_case+0x170/0x3f0
[   27.133232]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.133516]  kthread+0x328/0x630
[   27.133964]  ret_from_fork+0x10/0x20
[   27.134333] 
[   27.134409] The buggy address belongs to the object at fff00000c1a54800
[   27.134409]  which belongs to the cache kmalloc-256 of size 256
[   27.134941] The buggy address is located 17 bytes to the right of
[   27.134941]  allocated 201-byte region [fff00000c1a54800, fff00000c1a548c9)
[   27.135514] 
[   27.135576] The buggy address belongs to the physical page:
[   27.136045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54
[   27.136631] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.136777] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.136937] page_type: f5(slab)
[   27.138053] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.138249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.138463] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.138898] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.139316] head: 0bfffe0000000001 ffffc1ffc3069501 00000000ffffffff 00000000ffffffff
[   27.139706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   27.139999] page dumped because: kasan: bad access detected
[   27.140099] 
[   27.140160] Memory state around the buggy address:
[   27.140242]  fff00000c1a54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.140340]  fff00000c1a54800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.141101] >fff00000c1a54880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   27.141374]                                                     ^
[   27.141598]  fff00000c1a54900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.141741]  fff00000c1a54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.141859] ==================================================================
[   27.109364] ==================================================================
[   27.109570] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   27.109726] Write of size 1 at addr fff00000c1a548d0 by task kunit_try_catch/160
[   27.109867] 
[   27.109959] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.110196] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.110274] Hardware name: linux,dummy-virt (DT)
[   27.110365] Call trace:
[   27.110429]  show_stack+0x20/0x38 (C)
[   27.110586]  dump_stack_lvl+0x8c/0xd0
[   27.110986]  print_report+0x118/0x608
[   27.111137]  kasan_report+0xdc/0x128
[   27.111267]  __asan_report_store1_noabort+0x20/0x30
[   27.111432]  krealloc_less_oob_helper+0xb9c/0xc50
[   27.112586]  krealloc_less_oob+0x20/0x38
[   27.113120]  kunit_try_run_case+0x170/0x3f0
[   27.113580]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.114074]  kthread+0x328/0x630
[   27.114251]  ret_from_fork+0x10/0x20
[   27.114412] 
[   27.114505] Allocated by task 160:
[   27.114621]  kasan_save_stack+0x3c/0x68
[   27.114780]  kasan_save_track+0x20/0x40
[   27.114884]  kasan_save_alloc_info+0x40/0x58
[   27.115008]  __kasan_krealloc+0x118/0x178
[   27.115144]  krealloc_noprof+0x128/0x360
[   27.115247]  krealloc_less_oob_helper+0x168/0xc50
[   27.115423]  krealloc_less_oob+0x20/0x38
[   27.115591]  kunit_try_run_case+0x170/0x3f0
[   27.115867]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.116054]  kthread+0x328/0x630
[   27.116280]  ret_from_fork+0x10/0x20
[   27.116596] 
[   27.116656] The buggy address belongs to the object at fff00000c1a54800
[   27.116656]  which belongs to the cache kmalloc-256 of size 256
[   27.116856] The buggy address is located 7 bytes to the right of
[   27.116856]  allocated 201-byte region [fff00000c1a54800, fff00000c1a548c9)
[   27.117117] 
[   27.117197] The buggy address belongs to the physical page:
[   27.117350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54
[   27.117599] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.118113] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.118283] page_type: f5(slab)
[   27.118396] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.118560] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.118705] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.118854] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.119941] head: 0bfffe0000000001 ffffc1ffc3069501 00000000ffffffff 00000000ffffffff
[   27.120101] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   27.120164] page dumped because: kasan: bad access detected
[   27.120207] 
[   27.120246] Memory state around the buggy address:
[   27.120325]  fff00000c1a54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.120469]  fff00000c1a54800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.120595] >fff00000c1a54880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   27.120694]                                                  ^
[   27.120778]  fff00000c1a54900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.120911]  fff00000c1a54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.121020] ==================================================================
[   27.145670] ==================================================================
[   27.145909] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   27.146744] Write of size 1 at addr fff00000c1a548ea by task kunit_try_catch/160
[   27.147000] 
[   27.147179] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.147799] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.147886] Hardware name: linux,dummy-virt (DT)
[   27.148509] Call trace:
[   27.148792]  show_stack+0x20/0x38 (C)
[   27.148960]  dump_stack_lvl+0x8c/0xd0
[   27.149101]  print_report+0x118/0x608
[   27.149357]  kasan_report+0xdc/0x128
[   27.149629]  __asan_report_store1_noabort+0x20/0x30
[   27.150482]  krealloc_less_oob_helper+0xae4/0xc50
[   27.150875]  krealloc_less_oob+0x20/0x38
[   27.151126]  kunit_try_run_case+0x170/0x3f0
[   27.151284]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.151468]  kthread+0x328/0x630
[   27.152030]  ret_from_fork+0x10/0x20
[   27.152371] 
[   27.152432] Allocated by task 160:
[   27.152746]  kasan_save_stack+0x3c/0x68
[   27.152862]  kasan_save_track+0x20/0x40
[   27.152962]  kasan_save_alloc_info+0x40/0x58
[   27.153523]  __kasan_krealloc+0x118/0x178
[   27.153704]  krealloc_noprof+0x128/0x360
[   27.153825]  krealloc_less_oob_helper+0x168/0xc50
[   27.153946]  krealloc_less_oob+0x20/0x38
[   27.154066]  kunit_try_run_case+0x170/0x3f0
[   27.154223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.154347]  kthread+0x328/0x630
[   27.154501]  ret_from_fork+0x10/0x20
[   27.154647] 
[   27.154732] The buggy address belongs to the object at fff00000c1a54800
[   27.154732]  which belongs to the cache kmalloc-256 of size 256
[   27.154967] The buggy address is located 33 bytes to the right of
[   27.154967]  allocated 201-byte region [fff00000c1a54800, fff00000c1a548c9)
[   27.155229] 
[   27.155314] The buggy address belongs to the physical page:
[   27.155423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54
[   27.155572] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.155723] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.156123] page_type: f5(slab)
[   27.156289] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.156431] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.156569] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   27.156692] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.156796] head: 0bfffe0000000001 ffffc1ffc3069501 00000000ffffffff 00000000ffffffff
[   27.156921] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   27.157262] page dumped because: kasan: bad access detected
[   27.157550] 
[   27.157638] Memory state around the buggy address:
[   27.157726]  fff00000c1a54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.157896]  fff00000c1a54800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.158020] >fff00000c1a54880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   27.158131]                                                           ^
[   27.158248]  fff00000c1a54900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.158410]  fff00000c1a54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.158537] ==================================================================
[   27.301547] ==================================================================
[   27.301681] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   27.301919] Write of size 1 at addr fff00000c77da0ea by task kunit_try_catch/164
[   27.302262] 
[   27.302482] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.302791] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.302915] Hardware name: linux,dummy-virt (DT)
[   27.303315] Call trace:
[   27.303419]  show_stack+0x20/0x38 (C)
[   27.303651]  dump_stack_lvl+0x8c/0xd0
[   27.303867]  print_report+0x118/0x608
[   27.304197]  kasan_report+0xdc/0x128
[   27.304361]  __asan_report_store1_noabort+0x20/0x30
[   27.304508]  krealloc_less_oob_helper+0xae4/0xc50
[   27.304646]  krealloc_large_less_oob+0x20/0x38
[   27.304776]  kunit_try_run_case+0x170/0x3f0
[   27.304977]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.305218]  kthread+0x328/0x630
[   27.305401]  ret_from_fork+0x10/0x20
[   27.305607] 
[   27.305665] The buggy address belongs to the physical page:
[   27.305978] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8
[   27.306336] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.306537] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.306902] page_type: f8(unknown)
[   27.307061] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.307229] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.307389] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.307923] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.308184] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff
[   27.308489] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   27.308867] page dumped because: kasan: bad access detected
[   27.308960] 
[   27.309017] Memory state around the buggy address:
[   27.309102]  fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.309198]  fff00000c77da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.309305] >fff00000c77da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   27.309406]                                                           ^
[   27.309612]  fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.309826]  fff00000c77da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.310084] ==================================================================
[   27.268287] ==================================================================
[   27.268432] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   27.270305] Write of size 1 at addr fff00000c77da0d0 by task kunit_try_catch/164
[   27.270536] 
[   27.270653] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT 
[   27.270889] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.270964] Hardware name: linux,dummy-virt (DT)
[   27.271053] Call trace:
[   27.271136]  show_stack+0x20/0x38 (C)
[   27.271331]  dump_stack_lvl+0x8c/0xd0
[   27.271558]  print_report+0x118/0x608
[   27.271695]  kasan_report+0xdc/0x128
[   27.271829]  __asan_report_store1_noabort+0x20/0x30
[   27.271984]  krealloc_less_oob_helper+0xb9c/0xc50
[   27.272120]  krealloc_large_less_oob+0x20/0x38
[   27.272604]  kunit_try_run_case+0x170/0x3f0
[   27.272781]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   27.272940]  kthread+0x328/0x630
[   27.273061]  ret_from_fork+0x10/0x20
[   27.273442] 
[   27.273528] The buggy address belongs to the physical page:
[   27.273673] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8
[   27.273824] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   27.273971] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   27.274235] page_type: f8(unknown)
[   27.274367] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.274558] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.274771] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   27.275068] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   27.275820] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff
[   27.276022] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   27.276138] page dumped because: kasan: bad access detected
[   27.276358] 
[   27.276416] Memory state around the buggy address:
[   27.276631]  fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.276882]  fff00000c77da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.276989] >fff00000c77da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   27.277672]                                                  ^
[   27.277992]  fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.278219]  fff00000c77da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   27.278510] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6oKOcbQKiXvB9zY8T3TP346C

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6oKOcbQKiXvB9zY8T3TP346C

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/Image.gz
sha256sum	dc9d86ed0aa28c5a8c7aea5e5bbc5feee23ca57992b3a59f2660a2851e548fda

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6lBcJ3YUEUCP4IFFBrKHUWR4/modules.tar.xz
sha256sum	bbf3712a920adb12a832cfcb69e456c8653dc36a192261fbeb4c1ef5e924a8d4

durations

tests

boot	0
kunit	423.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.331619] ==================================================================
[   12.332066] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.332362] Write of size 1 at addr ffff8881003478da by task kunit_try_catch/177
[   12.332586] 
[   12.332670] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.332713] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.332725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.332744] Call Trace:
[   12.332759]  <TASK>
[   12.332772]  dump_stack_lvl+0x73/0xb0
[   12.332797]  print_report+0xd1/0x650
[   12.332819]  ? __virt_addr_valid+0x1db/0x2d0
[   12.332839]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.332862]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.332883]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.332908]  kasan_report+0x141/0x180
[   12.332930]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.332958]  __asan_report_store1_noabort+0x1b/0x30
[   12.332979]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.333004]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.333028]  ? finish_task_switch.isra.0+0x153/0x700
[   12.333050]  ? __switch_to+0x5d9/0xf60
[   12.333069]  ? dequeue_task_fair+0x156/0x4e0
[   12.333092]  ? __schedule+0x10cc/0x2b30
[   12.333114]  ? __pfx_read_tsc+0x10/0x10
[   12.333136]  krealloc_less_oob+0x1c/0x30
[   12.333157]  kunit_try_run_case+0x1a5/0x480
[   12.333180]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.333201]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.333222]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.333244]  ? __kthread_parkme+0x82/0x180
[   12.333265]  ? preempt_count_sub+0x50/0x80
[   12.333299]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.333322]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.333343]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.333365]  kthread+0x337/0x6f0
[   12.333383]  ? trace_preempt_on+0x20/0xc0
[   12.333405]  ? __pfx_kthread+0x10/0x10
[   12.333423]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.333443]  ? calculate_sigpending+0x7b/0xa0
[   12.333464]  ? __pfx_kthread+0x10/0x10
[   12.333482]  ret_from_fork+0x41/0x80
[   12.333502]  ? __pfx_kthread+0x10/0x10
[   12.333520]  ret_from_fork_asm+0x1a/0x30
[   12.333549]  </TASK>
[   12.333559] 
[   12.342245] Allocated by task 177:
[   12.342434]  kasan_save_stack+0x45/0x70
[   12.342591]  kasan_save_track+0x18/0x40
[   12.342734]  kasan_save_alloc_info+0x3b/0x50
[   12.342879]  __kasan_krealloc+0x190/0x1f0
[   12.343019]  krealloc_noprof+0xf3/0x340
[   12.343156]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.343394]  krealloc_less_oob+0x1c/0x30
[   12.343979]  kunit_try_run_case+0x1a5/0x480
[   12.344202]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.344448]  kthread+0x337/0x6f0
[   12.344575]  ret_from_fork+0x41/0x80
[   12.344707]  ret_from_fork_asm+0x1a/0x30
[   12.344847] 
[   12.344918] The buggy address belongs to the object at ffff888100347800
[   12.344918]  which belongs to the cache kmalloc-256 of size 256
[   12.345436] The buggy address is located 17 bytes to the right of
[   12.345436]  allocated 201-byte region [ffff888100347800, ffff8881003478c9)
[   12.346001] 
[   12.346103] The buggy address belongs to the physical page:
[   12.346471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.346851] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.347397] flags: 0x200000000000040(head|node=0|zone=2)
[   12.347629] page_type: f5(slab)
[   12.347799] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.348269] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.348663] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.348907] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.349270] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.349757] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.350254] page dumped because: kasan: bad access detected
[   12.350556] 
[   12.350656] Memory state around the buggy address:
[   12.350828]  ffff888100347780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.351043]  ffff888100347800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.351258] >ffff888100347880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.351928]                                                     ^
[   12.352430]  ffff888100347900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.352734]  ffff888100347980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.353083] ==================================================================
[   12.374872] ==================================================================
[   12.375231] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.375645] Write of size 1 at addr ffff8881003478eb by task kunit_try_catch/177
[   12.375875] 
[   12.376129] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.376176] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.376188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.376208] Call Trace:
[   12.376220]  <TASK>
[   12.376234]  dump_stack_lvl+0x73/0xb0
[   12.376260]  print_report+0xd1/0x650
[   12.376282]  ? __virt_addr_valid+0x1db/0x2d0
[   12.376315]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.376338]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.376360]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.376383]  kasan_report+0x141/0x180
[   12.376405]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.376442]  __asan_report_store1_noabort+0x1b/0x30
[   12.376463]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.376488]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.376512]  ? finish_task_switch.isra.0+0x153/0x700
[   12.376534]  ? __switch_to+0x5d9/0xf60
[   12.376553]  ? dequeue_task_fair+0x156/0x4e0
[   12.376577]  ? __schedule+0x10cc/0x2b30
[   12.376598]  ? __pfx_read_tsc+0x10/0x10
[   12.376621]  krealloc_less_oob+0x1c/0x30
[   12.376642]  kunit_try_run_case+0x1a5/0x480
[   12.376664]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.376685]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.376707]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.376729]  ? __kthread_parkme+0x82/0x180
[   12.376749]  ? preempt_count_sub+0x50/0x80
[   12.376773]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.376795]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.376816]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.376838]  kthread+0x337/0x6f0
[   12.376854]  ? trace_preempt_on+0x20/0xc0
[   12.376876]  ? __pfx_kthread+0x10/0x10
[   12.376944]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.376967]  ? calculate_sigpending+0x7b/0xa0
[   12.376988]  ? __pfx_kthread+0x10/0x10
[   12.377006]  ret_from_fork+0x41/0x80
[   12.377026]  ? __pfx_kthread+0x10/0x10
[   12.377044]  ret_from_fork_asm+0x1a/0x30
[   12.377074]  </TASK>
[   12.377084] 
[   12.385409] Allocated by task 177:
[   12.385592]  kasan_save_stack+0x45/0x70
[   12.385797]  kasan_save_track+0x18/0x40
[   12.386039]  kasan_save_alloc_info+0x3b/0x50
[   12.386190]  __kasan_krealloc+0x190/0x1f0
[   12.386383]  krealloc_noprof+0xf3/0x340
[   12.386613]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.386943]  krealloc_less_oob+0x1c/0x30
[   12.387111]  kunit_try_run_case+0x1a5/0x480
[   12.387341]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.387569]  kthread+0x337/0x6f0
[   12.387739]  ret_from_fork+0x41/0x80
[   12.388122]  ret_from_fork_asm+0x1a/0x30
[   12.388316] 
[   12.388413] The buggy address belongs to the object at ffff888100347800
[   12.388413]  which belongs to the cache kmalloc-256 of size 256
[   12.388836] The buggy address is located 34 bytes to the right of
[   12.388836]  allocated 201-byte region [ffff888100347800, ffff8881003478c9)
[   12.389204] 
[   12.389274] The buggy address belongs to the physical page:
[   12.389525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.390343] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.390762] flags: 0x200000000000040(head|node=0|zone=2)
[   12.390935] page_type: f5(slab)
[   12.391055] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.391286] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.391866] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.392223] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.392578] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.392917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.393151] page dumped because: kasan: bad access detected
[   12.393409] 
[   12.393504] Memory state around the buggy address:
[   12.393843]  ffff888100347780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.394131]  ffff888100347800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.394556] >ffff888100347880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.395103]                                                           ^
[   12.395421]  ffff888100347900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.395711]  ffff888100347980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.395965] ==================================================================
[   12.309750] ==================================================================
[   12.310550] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.311086] Write of size 1 at addr ffff8881003478d0 by task kunit_try_catch/177
[   12.311407] 
[   12.311505] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.311547] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.311560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.311579] Call Trace:
[   12.311591]  <TASK>
[   12.311605]  dump_stack_lvl+0x73/0xb0
[   12.311630]  print_report+0xd1/0x650
[   12.311652]  ? __virt_addr_valid+0x1db/0x2d0
[   12.311672]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.311695]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.311717]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.311740]  kasan_report+0x141/0x180
[   12.311762]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.311790]  __asan_report_store1_noabort+0x1b/0x30
[   12.311812]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.311838]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.311862]  ? finish_task_switch.isra.0+0x153/0x700
[   12.311883]  ? __switch_to+0x5d9/0xf60
[   12.311902]  ? dequeue_task_fair+0x156/0x4e0
[   12.311925]  ? __schedule+0x10cc/0x2b30
[   12.311947]  ? __pfx_read_tsc+0x10/0x10
[   12.311969]  krealloc_less_oob+0x1c/0x30
[   12.311990]  kunit_try_run_case+0x1a5/0x480
[   12.312015]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.312036]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.312058]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.312080]  ? __kthread_parkme+0x82/0x180
[   12.312101]  ? preempt_count_sub+0x50/0x80
[   12.312125]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.312147]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.312169]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.312191]  kthread+0x337/0x6f0
[   12.312208]  ? trace_preempt_on+0x20/0xc0
[   12.312230]  ? __pfx_kthread+0x10/0x10
[   12.312248]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.312268]  ? calculate_sigpending+0x7b/0xa0
[   12.312299]  ? __pfx_kthread+0x10/0x10
[   12.312317]  ret_from_fork+0x41/0x80
[   12.312337]  ? __pfx_kthread+0x10/0x10
[   12.312355]  ret_from_fork_asm+0x1a/0x30
[   12.312386]  </TASK>
[   12.312396] 
[   12.320352] Allocated by task 177:
[   12.320595]  kasan_save_stack+0x45/0x70
[   12.320805]  kasan_save_track+0x18/0x40
[   12.320944]  kasan_save_alloc_info+0x3b/0x50
[   12.321091]  __kasan_krealloc+0x190/0x1f0
[   12.321232]  krealloc_noprof+0xf3/0x340
[   12.321489]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.321851]  krealloc_less_oob+0x1c/0x30
[   12.322048]  kunit_try_run_case+0x1a5/0x480
[   12.322321]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.322693]  kthread+0x337/0x6f0
[   12.322843]  ret_from_fork+0x41/0x80
[   12.323233]  ret_from_fork_asm+0x1a/0x30
[   12.323452] 
[   12.323537] The buggy address belongs to the object at ffff888100347800
[   12.323537]  which belongs to the cache kmalloc-256 of size 256
[   12.323893] The buggy address is located 7 bytes to the right of
[   12.323893]  allocated 201-byte region [ffff888100347800, ffff8881003478c9)
[   12.324340] 
[   12.324434] The buggy address belongs to the physical page:
[   12.324685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.325204] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.325446] flags: 0x200000000000040(head|node=0|zone=2)
[   12.325622] page_type: f5(slab)
[   12.325743] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.326131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.326496] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.327048] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.327487] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.328239] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.328601] page dumped because: kasan: bad access detected
[   12.328833] 
[   12.329005] Memory state around the buggy address:
[   12.329175]  ffff888100347780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.329459]  ffff888100347800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.329787] >ffff888100347880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.330168]                                                  ^
[   12.330462]  ffff888100347900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.330754]  ffff888100347980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.331189] ==================================================================
[   12.353529] ==================================================================
[   12.353768] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.354116] Write of size 1 at addr ffff8881003478ea by task kunit_try_catch/177
[   12.354525] 
[   12.354632] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.354681] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.354693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.354712] Call Trace:
[   12.354728]  <TASK>
[   12.354744]  dump_stack_lvl+0x73/0xb0
[   12.354768]  print_report+0xd1/0x650
[   12.354789]  ? __virt_addr_valid+0x1db/0x2d0
[   12.354809]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.354832]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.354854]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.354877]  kasan_report+0x141/0x180
[   12.354899]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.354927]  __asan_report_store1_noabort+0x1b/0x30
[   12.354947]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.354973]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.354996]  ? finish_task_switch.isra.0+0x153/0x700
[   12.355018]  ? __switch_to+0x5d9/0xf60
[   12.355037]  ? dequeue_task_fair+0x156/0x4e0
[   12.355060]  ? __schedule+0x10cc/0x2b30
[   12.355082]  ? __pfx_read_tsc+0x10/0x10
[   12.355104]  krealloc_less_oob+0x1c/0x30
[   12.355125]  kunit_try_run_case+0x1a5/0x480
[   12.355148]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.355169]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.355190]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.355212]  ? __kthread_parkme+0x82/0x180
[   12.355233]  ? preempt_count_sub+0x50/0x80
[   12.355256]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.355279]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.355311]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.355332]  kthread+0x337/0x6f0
[   12.355349]  ? trace_preempt_on+0x20/0xc0
[   12.355371]  ? __pfx_kthread+0x10/0x10
[   12.355389]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.355409]  ? calculate_sigpending+0x7b/0xa0
[   12.355429]  ? __pfx_kthread+0x10/0x10
[   12.355447]  ret_from_fork+0x41/0x80
[   12.355467]  ? __pfx_kthread+0x10/0x10
[   12.355636]  ret_from_fork_asm+0x1a/0x30
[   12.355677]  </TASK>
[   12.355689] 
[   12.364328] Allocated by task 177:
[   12.364458]  kasan_save_stack+0x45/0x70
[   12.364605]  kasan_save_track+0x18/0x40
[   12.364812]  kasan_save_alloc_info+0x3b/0x50
[   12.365025]  __kasan_krealloc+0x190/0x1f0
[   12.365237]  krealloc_noprof+0xf3/0x340
[   12.365563]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.365857]  krealloc_less_oob+0x1c/0x30
[   12.366051]  kunit_try_run_case+0x1a5/0x480
[   12.366249]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.366525]  kthread+0x337/0x6f0
[   12.366702]  ret_from_fork+0x41/0x80
[   12.366837]  ret_from_fork_asm+0x1a/0x30
[   12.366975] 
[   12.367070] The buggy address belongs to the object at ffff888100347800
[   12.367070]  which belongs to the cache kmalloc-256 of size 256
[   12.367645] The buggy address is located 33 bytes to the right of
[   12.367645]  allocated 201-byte region [ffff888100347800, ffff8881003478c9)
[   12.368010] 
[   12.368082] The buggy address belongs to the physical page:
[   12.368322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.368853] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.369245] flags: 0x200000000000040(head|node=0|zone=2)
[   12.369525] page_type: f5(slab)
[   12.369676] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.370049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.370307] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.370540] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.370792] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.371362] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.371706] page dumped because: kasan: bad access detected
[   12.371960] 
[   12.372072] Memory state around the buggy address:
[   12.372305]  ffff888100347780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.372823]  ffff888100347800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.373179] >ffff888100347880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.373466]                                                           ^
[   12.373726]  ffff888100347900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.374136]  ffff888100347980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.374493] ==================================================================
[   12.436187] ==================================================================
[   12.436682] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.436998] Write of size 1 at addr ffff888102ad60c9 by task kunit_try_catch/181
[   12.437414] 
[   12.437522] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.437571] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.437583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.437606] Call Trace:
[   12.437619]  <TASK>
[   12.437636]  dump_stack_lvl+0x73/0xb0
[   12.437665]  print_report+0xd1/0x650
[   12.437687]  ? __virt_addr_valid+0x1db/0x2d0
[   12.437709]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.437733]  ? kasan_addr_to_slab+0x11/0xa0
[   12.437754]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.437778]  kasan_report+0x141/0x180
[   12.437801]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.437830]  __asan_report_store1_noabort+0x1b/0x30
[   12.437851]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.437929]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.437958]  ? finish_task_switch.isra.0+0x153/0x700
[   12.437983]  ? __switch_to+0x5d9/0xf60
[   12.438003]  ? dequeue_task_fair+0x166/0x4e0
[   12.438027]  ? __schedule+0x10cc/0x2b30
[   12.438050]  ? __pfx_read_tsc+0x10/0x10
[   12.438073]  krealloc_large_less_oob+0x1c/0x30
[   12.438097]  kunit_try_run_case+0x1a5/0x480
[   12.438122]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.438143]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.438167]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.438190]  ? __kthread_parkme+0x82/0x180
[   12.438212]  ? preempt_count_sub+0x50/0x80
[   12.438236]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.438259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.438281]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.438316]  kthread+0x337/0x6f0
[   12.438333]  ? trace_preempt_on+0x20/0xc0
[   12.438357]  ? __pfx_kthread+0x10/0x10
[   12.438375]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.438396]  ? calculate_sigpending+0x7b/0xa0
[   12.438418]  ? __pfx_kthread+0x10/0x10
[   12.438437]  ret_from_fork+0x41/0x80
[   12.438458]  ? __pfx_kthread+0x10/0x10
[   12.438476]  ret_from_fork_asm+0x1a/0x30
[   12.438520]  </TASK>
[   12.438532] 
[   12.446632] The buggy address belongs to the physical page:
[   12.446944] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4
[   12.447192] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.447814] flags: 0x200000000000040(head|node=0|zone=2)
[   12.448256] page_type: f8(unknown)
[   12.448446] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.448736] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.449249] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.449619] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.449993] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff
[   12.450284] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.450593] page dumped because: kasan: bad access detected
[   12.450771] 
[   12.450842] Memory state around the buggy address:
[   12.451053]  ffff888102ad5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.451584]  ffff888102ad6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.451813] >ffff888102ad6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.452022]                                               ^
[   12.452415]  ffff888102ad6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.452750]  ffff888102ad6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.453066] ==================================================================
[   12.453639] ==================================================================
[   12.454244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.454586] Write of size 1 at addr ffff888102ad60d0 by task kunit_try_catch/181
[   12.454820] 
[   12.454907] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.454995] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.455009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.455031] Call Trace:
[   12.455042]  <TASK>
[   12.455057]  dump_stack_lvl+0x73/0xb0
[   12.455085]  print_report+0xd1/0x650
[   12.455107]  ? __virt_addr_valid+0x1db/0x2d0
[   12.455129]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.455152]  ? kasan_addr_to_slab+0x11/0xa0
[   12.455173]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.455196]  kasan_report+0x141/0x180
[   12.455218]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.455247]  __asan_report_store1_noabort+0x1b/0x30
[   12.455267]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.455305]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.455329]  ? finish_task_switch.isra.0+0x153/0x700
[   12.455352]  ? __switch_to+0x5d9/0xf60
[   12.455372]  ? dequeue_task_fair+0x166/0x4e0
[   12.455396]  ? __schedule+0x10cc/0x2b30
[   12.455418]  ? __pfx_read_tsc+0x10/0x10
[   12.455451]  krealloc_large_less_oob+0x1c/0x30
[   12.455473]  kunit_try_run_case+0x1a5/0x480
[   12.455497]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.455518]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.455542]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.455564]  ? __kthread_parkme+0x82/0x180
[   12.455585]  ? preempt_count_sub+0x50/0x80
[   12.455609]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.455631]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.455653]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.455675]  kthread+0x337/0x6f0
[   12.455691]  ? trace_preempt_on+0x20/0xc0
[   12.455715]  ? __pfx_kthread+0x10/0x10
[   12.455732]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.455753]  ? calculate_sigpending+0x7b/0xa0
[   12.455774]  ? __pfx_kthread+0x10/0x10
[   12.455792]  ret_from_fork+0x41/0x80
[   12.455812]  ? __pfx_kthread+0x10/0x10
[   12.455830]  ret_from_fork_asm+0x1a/0x30
[   12.455861]  </TASK>
[   12.455872] 
[   12.464111] The buggy address belongs to the physical page:
[   12.464398] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4
[   12.464761] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.465143] flags: 0x200000000000040(head|node=0|zone=2)
[   12.465340] page_type: f8(unknown)
[   12.465477] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.465825] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.466172] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.466469] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.466708] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff
[   12.466981] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.467336] page dumped because: kasan: bad access detected
[   12.467740] 
[   12.467833] Memory state around the buggy address:
[   12.468111]  ffff888102ad5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.468374]  ffff888102ad6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.468830] >ffff888102ad6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.469205]                                                  ^
[   12.469491]  ffff888102ad6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.469732]  ffff888102ad6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.469945] ==================================================================
[   12.503812] ==================================================================
[   12.504342] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.504695] Write of size 1 at addr ffff888102ad60eb by task kunit_try_catch/181
[   12.504938] 
[   12.505047] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.505089] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.505101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.505121] Call Trace:
[   12.505135]  <TASK>
[   12.505168]  dump_stack_lvl+0x73/0xb0
[   12.505194]  print_report+0xd1/0x650
[   12.505216]  ? __virt_addr_valid+0x1db/0x2d0
[   12.505236]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.505259]  ? kasan_addr_to_slab+0x11/0xa0
[   12.505280]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.505315]  kasan_report+0x141/0x180
[   12.505337]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.505365]  __asan_report_store1_noabort+0x1b/0x30
[   12.505385]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.505411]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.505435]  ? finish_task_switch.isra.0+0x153/0x700
[   12.505457]  ? __switch_to+0x5d9/0xf60
[   12.505476]  ? dequeue_task_fair+0x166/0x4e0
[   12.505499]  ? __schedule+0x10cc/0x2b30
[   12.505521]  ? __pfx_read_tsc+0x10/0x10
[   12.505543]  krealloc_large_less_oob+0x1c/0x30
[   12.505566]  kunit_try_run_case+0x1a5/0x480
[   12.505589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.505610]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.505633]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.505655]  ? __kthread_parkme+0x82/0x180
[   12.505676]  ? preempt_count_sub+0x50/0x80
[   12.505700]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.505722]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.505744]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.505766]  kthread+0x337/0x6f0
[   12.505782]  ? trace_preempt_on+0x20/0xc0
[   12.505804]  ? __pfx_kthread+0x10/0x10
[   12.505822]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.505842]  ? calculate_sigpending+0x7b/0xa0
[   12.505863]  ? __pfx_kthread+0x10/0x10
[   12.505881]  ret_from_fork+0x41/0x80
[   12.505901]  ? __pfx_kthread+0x10/0x10
[   12.505918]  ret_from_fork_asm+0x1a/0x30
[   12.505949]  </TASK>
[   12.505959] 
[   12.514323] The buggy address belongs to the physical page:
[   12.514564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4
[   12.514867] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.515199] flags: 0x200000000000040(head|node=0|zone=2)
[   12.515419] page_type: f8(unknown)
[   12.515598] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.515842] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.516073] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.516367] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.516717] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff
[   12.517374] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.517964] page dumped because: kasan: bad access detected
[   12.518143] 
[   12.518214] Memory state around the buggy address:
[   12.518381]  ffff888102ad5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.518710]  ffff888102ad6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.519287] >ffff888102ad6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.519516]                                                           ^
[   12.519717]  ffff888102ad6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.519931]  ffff888102ad6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.520187] ==================================================================
[   12.486488] ==================================================================
[   12.487090] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.487489] Write of size 1 at addr ffff888102ad60ea by task kunit_try_catch/181
[   12.487820] 
[   12.487923] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.487964] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.487975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.487993] Call Trace:
[   12.488007]  <TASK>
[   12.488020]  dump_stack_lvl+0x73/0xb0
[   12.488045]  print_report+0xd1/0x650
[   12.488066]  ? __virt_addr_valid+0x1db/0x2d0
[   12.488086]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.488109]  ? kasan_addr_to_slab+0x11/0xa0
[   12.488129]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.488153]  kasan_report+0x141/0x180
[   12.488175]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.488205]  __asan_report_store1_noabort+0x1b/0x30
[   12.488225]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.488251]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.488275]  ? finish_task_switch.isra.0+0x153/0x700
[   12.488320]  ? __switch_to+0x5d9/0xf60
[   12.488379]  ? dequeue_task_fair+0x166/0x4e0
[   12.488403]  ? __schedule+0x10cc/0x2b30
[   12.488437]  ? __pfx_read_tsc+0x10/0x10
[   12.488460]  krealloc_large_less_oob+0x1c/0x30
[   12.488482]  kunit_try_run_case+0x1a5/0x480
[   12.488507]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.488528]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.488550]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.488572]  ? __kthread_parkme+0x82/0x180
[   12.488593]  ? preempt_count_sub+0x50/0x80
[   12.488616]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.488639]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.488660]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.488682]  kthread+0x337/0x6f0
[   12.488699]  ? trace_preempt_on+0x20/0xc0
[   12.488721]  ? __pfx_kthread+0x10/0x10
[   12.488738]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.488758]  ? calculate_sigpending+0x7b/0xa0
[   12.488778]  ? __pfx_kthread+0x10/0x10
[   12.488797]  ret_from_fork+0x41/0x80
[   12.488816]  ? __pfx_kthread+0x10/0x10
[   12.488834]  ret_from_fork_asm+0x1a/0x30
[   12.488864]  </TASK>
[   12.488874] 
[   12.497082] The buggy address belongs to the physical page:
[   12.497306] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4
[   12.497711] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.498198] flags: 0x200000000000040(head|node=0|zone=2)
[   12.498418] page_type: f8(unknown)
[   12.498602] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.498918] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.499195] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.499802] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.500159] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff
[   12.500527] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.500757] page dumped because: kasan: bad access detected
[   12.500927] 
[   12.500997] Memory state around the buggy address:
[   12.501153]  ffff888102ad5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.501411]  ffff888102ad6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.501871] >ffff888102ad6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.502582]                                                           ^
[   12.502926]  ffff888102ad6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.503203]  ffff888102ad6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.503436] ==================================================================
[   12.470327] ==================================================================
[   12.470671] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.471168] Write of size 1 at addr ffff888102ad60da by task kunit_try_catch/181
[   12.471420] 
[   12.471504] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.471565] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.471577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.471595] Call Trace:
[   12.471608]  <TASK>
[   12.471621]  dump_stack_lvl+0x73/0xb0
[   12.471647]  print_report+0xd1/0x650
[   12.471668]  ? __virt_addr_valid+0x1db/0x2d0
[   12.471688]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.471711]  ? kasan_addr_to_slab+0x11/0xa0
[   12.471732]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.471755]  kasan_report+0x141/0x180
[   12.471777]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.471805]  __asan_report_store1_noabort+0x1b/0x30
[   12.471826]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.471851]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.471875]  ? finish_task_switch.isra.0+0x153/0x700
[   12.471896]  ? __switch_to+0x5d9/0xf60
[   12.471915]  ? dequeue_task_fair+0x166/0x4e0
[   12.471938]  ? __schedule+0x10cc/0x2b30
[   12.471960]  ? __pfx_read_tsc+0x10/0x10
[   12.471982]  krealloc_large_less_oob+0x1c/0x30
[   12.472004]  kunit_try_run_case+0x1a5/0x480
[   12.472027]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.472048]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.472070]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.472092]  ? __kthread_parkme+0x82/0x180
[   12.472112]  ? preempt_count_sub+0x50/0x80
[   12.472136]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.472158]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.472180]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.472202]  kthread+0x337/0x6f0
[   12.472218]  ? trace_preempt_on+0x20/0xc0
[   12.472240]  ? __pfx_kthread+0x10/0x10
[   12.472257]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.472278]  ? calculate_sigpending+0x7b/0xa0
[   12.472310]  ? __pfx_kthread+0x10/0x10
[   12.472328]  ret_from_fork+0x41/0x80
[   12.472348]  ? __pfx_kthread+0x10/0x10
[   12.472366]  ret_from_fork_asm+0x1a/0x30
[   12.472396]  </TASK>
[   12.472406] 
[   12.479895] The buggy address belongs to the physical page:
[   12.480234] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4
[   12.480669] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.480950] flags: 0x200000000000040(head|node=0|zone=2)
[   12.481207] page_type: f8(unknown)
[   12.481402] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.481709] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.482099] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.482508] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.482812] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff
[   12.483180] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.483533] page dumped because: kasan: bad access detected
[   12.483720] 
[   12.483791] Memory state around the buggy address:
[   12.484327]  ffff888102ad5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.484771]  ffff888102ad6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.485142] >ffff888102ad6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.485404]                                                     ^
[   12.485736]  ffff888102ad6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.485994]  ffff888102ad6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.486205] ==================================================================
[   12.287816] ==================================================================
[   12.288414] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.288719] Write of size 1 at addr ffff8881003478c9 by task kunit_try_catch/177
[   12.289077] 
[   12.289198] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7 #1 PREEMPT(voluntary) 
[   12.289247] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.289259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.289280] Call Trace:
[   12.289305]  <TASK>
[   12.289323]  dump_stack_lvl+0x73/0xb0
[   12.289352]  print_report+0xd1/0x650
[   12.289374]  ? __virt_addr_valid+0x1db/0x2d0
[   12.289395]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.289419]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.289441]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.289465]  kasan_report+0x141/0x180
[   12.289487]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.289515]  __asan_report_store1_noabort+0x1b/0x30
[   12.289537]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.289563]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.289587]  ? finish_task_switch.isra.0+0x153/0x700
[   12.289610]  ? __switch_to+0x5d9/0xf60
[   12.289630]  ? dequeue_task_fair+0x156/0x4e0
[   12.289654]  ? __schedule+0x10cc/0x2b30
[   12.289676]  ? __pfx_read_tsc+0x10/0x10
[   12.289699]  krealloc_less_oob+0x1c/0x30
[   12.289721]  kunit_try_run_case+0x1a5/0x480
[   12.289744]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.289765]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.289788]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.289810]  ? __kthread_parkme+0x82/0x180
[   12.289831]  ? preempt_count_sub+0x50/0x80
[   12.289854]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.289877]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.289898]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.289920]  kthread+0x337/0x6f0
[   12.289937]  ? trace_preempt_on+0x20/0xc0
[   12.289960]  ? __pfx_kthread+0x10/0x10
[   12.289977]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.289997]  ? calculate_sigpending+0x7b/0xa0
[   12.290018]  ? __pfx_kthread+0x10/0x10
[   12.290036]  ret_from_fork+0x41/0x80
[   12.290056]  ? __pfx_kthread+0x10/0x10
[   12.290130]  ret_from_fork_asm+0x1a/0x30
[   12.290161]  </TASK>
[   12.290173] 
[   12.298339] Allocated by task 177:
[   12.298618]  kasan_save_stack+0x45/0x70
[   12.298829]  kasan_save_track+0x18/0x40
[   12.299202]  kasan_save_alloc_info+0x3b/0x50
[   12.299394]  __kasan_krealloc+0x190/0x1f0
[   12.299537]  krealloc_noprof+0xf3/0x340
[   12.299675]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.299987]  krealloc_less_oob+0x1c/0x30
[   12.300200]  kunit_try_run_case+0x1a5/0x480
[   12.300424]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.300649]  kthread+0x337/0x6f0
[   12.300802]  ret_from_fork+0x41/0x80
[   12.301026]  ret_from_fork_asm+0x1a/0x30
[   12.301208] 
[   12.301327] The buggy address belongs to the object at ffff888100347800
[   12.301327]  which belongs to the cache kmalloc-256 of size 256
[   12.301749] The buggy address is located 0 bytes to the right of
[   12.301749]  allocated 201-byte region [ffff888100347800, ffff8881003478c9)
[   12.302268] 
[   12.302380] The buggy address belongs to the physical page:
[   12.302834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100346
[   12.303323] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.303679] flags: 0x200000000000040(head|node=0|zone=2)
[   12.303960] page_type: f5(slab)
[   12.304116] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.304423] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.304737] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.305144] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.305394] head: 0200000000000001 ffffea000400d181 00000000ffffffff 00000000ffffffff
[   12.305625] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.306043] page dumped because: kasan: bad access detected
[   12.306303] 
[   12.306402] Memory state around the buggy address:
[   12.306687]  ffff888100347780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.307159]  ffff888100347800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.307466] >ffff888100347880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.307727]                                               ^
[   12.307909]  ffff888100347900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.308409]  ffff888100347980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.308689] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xW6jyjRLhF201JSI2Tr47G0b92

job_id

TEST:linaro@lkft#2xW6pFlrRJjT7hepkB9aiMlUziD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xW6pFlrRJjT7hepkB9aiMlUziD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/bzImage
sha256sum	87310a5ce2e449ea32174d5c60c63ddcd1873527b924fc92af17800f3b6a0c85

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xW6mCYBRhgDllz16lydYGKzl0K/modules.tar.xz
sha256sum	392011dc561b93e70d20c4f59de7bf990a438ea01b5984e8279d811e404b080b

durations

tests

boot	0
kunit	211.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit