lkft/linux-next-master - next-20250512 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

May 12, 2025, 11:48 a.m.

Environment
qemu-arm64
qemu-x86_64

[   16.476973] ==================================================================
[   16.477074] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.477170] Write of size 1 at addr fff00000c450a4d0 by task kunit_try_catch/158
[   16.477273] 
[   16.477332] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.477503] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.477558] Hardware name: linux,dummy-virt (DT)
[   16.477617] Call trace:
[   16.477660]  show_stack+0x20/0x38 (C)
[   16.477760]  dump_stack_lvl+0x8c/0xd0
[   16.477859]  print_report+0x118/0x608
[   16.477967]  kasan_report+0xdc/0x128
[   16.478092]  __asan_report_store1_noabort+0x20/0x30
[   16.478190]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.478287]  krealloc_less_oob+0x20/0x38
[   16.478387]  kunit_try_run_case+0x170/0x3f0
[   16.478480]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.478577]  kthread+0x328/0x630
[   16.478668]  ret_from_fork+0x10/0x20
[   16.478774] 
[   16.478816] Allocated by task 158:
[   16.478879]  kasan_save_stack+0x3c/0x68
[   16.478955]  kasan_save_track+0x20/0x40
[   16.479035]  kasan_save_alloc_info+0x40/0x58
[   16.479167]  __kasan_krealloc+0x118/0x178
[   16.479250]  krealloc_noprof+0x128/0x360
[   16.479336]  krealloc_less_oob_helper+0x168/0xc50
[   16.479418]  krealloc_less_oob+0x20/0x38
[   16.479520]  kunit_try_run_case+0x170/0x3f0
[   16.479602]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.479679]  kthread+0x328/0x630
[   16.479744]  ret_from_fork+0x10/0x20
[   16.479806] 
[   16.479840] The buggy address belongs to the object at fff00000c450a400
[   16.479840]  which belongs to the cache kmalloc-256 of size 256
[   16.479941] The buggy address is located 7 bytes to the right of
[   16.479941]  allocated 201-byte region [fff00000c450a400, fff00000c450a4c9)
[   16.480087] 
[   16.480130] The buggy address belongs to the physical page:
[   16.480187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10450a
[   16.480290] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.480382] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.480483] page_type: f5(slab)
[   16.480599] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.480710] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.480806] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.480903] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.481008] head: 0bfffe0000000001 ffffc1ffc3114281 00000000ffffffff 00000000ffffffff
[   16.481123] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.481217] page dumped because: kasan: bad access detected
[   16.481275] 
[   16.481310] Memory state around the buggy address:
[   16.481366]  fff00000c450a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.481440]  fff00000c450a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.481529] >fff00000c450a480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.481597]                                                  ^
[   16.481703]  fff00000c450a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.481807]  fff00000c450a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.481935] ==================================================================
[   16.555254] ==================================================================
[   16.555405] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.555555] Write of size 1 at addr fff00000c78e20da by task kunit_try_catch/162
[   16.555678] 
[   16.555742] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.555924] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.555980] Hardware name: linux,dummy-virt (DT)
[   16.556051] Call trace:
[   16.556091]  show_stack+0x20/0x38 (C)
[   16.556176]  dump_stack_lvl+0x8c/0xd0
[   16.556301]  print_report+0x118/0x608
[   16.556413]  kasan_report+0xdc/0x128
[   16.556512]  __asan_report_store1_noabort+0x20/0x30
[   16.556606]  krealloc_less_oob_helper+0xa80/0xc50
[   16.556982]  krealloc_large_less_oob+0x20/0x38
[   16.557263]  kunit_try_run_case+0x170/0x3f0
[   16.557357]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.557502]  kthread+0x328/0x630
[   16.557597]  ret_from_fork+0x10/0x20
[   16.557725] 
[   16.557761] The buggy address belongs to the physical page:
[   16.557833] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   16.558304] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.558399] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.558487] page_type: f8(unknown)
[   16.558527] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.558583] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.558632] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.558676] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.558720] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   16.558764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.558801] page dumped because: kasan: bad access detected
[   16.558830] 
[   16.558848] Memory state around the buggy address:
[   16.558878]  fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.558918]  fff00000c78e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.558956] >fff00000c78e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.558990]                                                     ^
[   16.559024]  fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.559086]  fff00000c78e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.559122] ==================================================================
[   16.483220] ==================================================================
[   16.483315] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.483412] Write of size 1 at addr fff00000c450a4da by task kunit_try_catch/158
[   16.483514] 
[   16.483573] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.484189] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.484269] Hardware name: linux,dummy-virt (DT)
[   16.484338] Call trace:
[   16.484388]  show_stack+0x20/0x38 (C)
[   16.484628]  dump_stack_lvl+0x8c/0xd0
[   16.484858]  print_report+0x118/0x608
[   16.485065]  kasan_report+0xdc/0x128
[   16.485485]  __asan_report_store1_noabort+0x20/0x30
[   16.485731]  krealloc_less_oob_helper+0xa80/0xc50
[   16.485948]  krealloc_less_oob+0x20/0x38
[   16.486031]  kunit_try_run_case+0x170/0x3f0
[   16.486137]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.486323]  kthread+0x328/0x630
[   16.486663]  ret_from_fork+0x10/0x20
[   16.486766] 
[   16.486887] Allocated by task 158:
[   16.486950]  kasan_save_stack+0x3c/0x68
[   16.487089]  kasan_save_track+0x20/0x40
[   16.487189]  kasan_save_alloc_info+0x40/0x58
[   16.487310]  __kasan_krealloc+0x118/0x178
[   16.487388]  krealloc_noprof+0x128/0x360
[   16.487461]  krealloc_less_oob_helper+0x168/0xc50
[   16.487538]  krealloc_less_oob+0x20/0x38
[   16.487609]  kunit_try_run_case+0x170/0x3f0
[   16.487681]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.487765]  kthread+0x328/0x630
[   16.487831]  ret_from_fork+0x10/0x20
[   16.487900] 
[   16.487940] The buggy address belongs to the object at fff00000c450a400
[   16.487940]  which belongs to the cache kmalloc-256 of size 256
[   16.488068] The buggy address is located 17 bytes to the right of
[   16.488068]  allocated 201-byte region [fff00000c450a400, fff00000c450a4c9)
[   16.488206] 
[   16.488252] The buggy address belongs to the physical page:
[   16.488338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10450a
[   16.488496] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.488593] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.488704] page_type: f5(slab)
[   16.488811] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.488957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.489067] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.489155] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.489250] head: 0bfffe0000000001 ffffc1ffc3114281 00000000ffffffff 00000000ffffffff
[   16.489344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.489412] page dumped because: kasan: bad access detected
[   16.489470] 
[   16.489501] Memory state around the buggy address:
[   16.489567]  fff00000c450a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.489655]  fff00000c450a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.489735] >fff00000c450a480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.489812]                                                     ^
[   16.489901]  fff00000c450a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.489997]  fff00000c450a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.490088] ==================================================================
[   16.559460] ==================================================================
[   16.559555] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.559661] Write of size 1 at addr fff00000c78e20ea by task kunit_try_catch/162
[   16.559768] 
[   16.559828] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.560002] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.560067] Hardware name: linux,dummy-virt (DT)
[   16.560132] Call trace:
[   16.560179]  show_stack+0x20/0x38 (C)
[   16.560282]  dump_stack_lvl+0x8c/0xd0
[   16.560384]  print_report+0x118/0x608
[   16.560480]  kasan_report+0xdc/0x128
[   16.561090]  __asan_report_store1_noabort+0x20/0x30
[   16.562150]  krealloc_less_oob_helper+0xae4/0xc50
[   16.562538]  krealloc_large_less_oob+0x20/0x38
[   16.562651]  kunit_try_run_case+0x170/0x3f0
[   16.563381]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.564090]  kthread+0x328/0x630
[   16.564616]  ret_from_fork+0x10/0x20
[   16.565091] 
[   16.565137] The buggy address belongs to the physical page:
[   16.565641] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   16.566242] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.566406] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.566569] page_type: f8(unknown)
[   16.566684] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.566957] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.567667] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.567806] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.567916] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   16.568024] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.568125] page dumped because: kasan: bad access detected
[   16.568193] 
[   16.568712] Memory state around the buggy address:
[   16.568991]  fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.569794]  fff00000c78e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.570002] >fff00000c78e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.570304]                                                           ^
[   16.570400]  fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.570499]  fff00000c78e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.570581] ==================================================================
[   16.490863] ==================================================================
[   16.491211] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.491321] Write of size 1 at addr fff00000c450a4ea by task kunit_try_catch/158
[   16.491425] 
[   16.491483] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.491647] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.491703] Hardware name: linux,dummy-virt (DT)
[   16.491843] Call trace:
[   16.491893]  show_stack+0x20/0x38 (C)
[   16.492068]  dump_stack_lvl+0x8c/0xd0
[   16.492264]  print_report+0x118/0x608
[   16.492365]  kasan_report+0xdc/0x128
[   16.492521]  __asan_report_store1_noabort+0x20/0x30
[   16.492634]  krealloc_less_oob_helper+0xae4/0xc50
[   16.492740]  krealloc_less_oob+0x20/0x38
[   16.493203]  kunit_try_run_case+0x170/0x3f0
[   16.493333]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.493437]  kthread+0x328/0x630
[   16.493532]  ret_from_fork+0x10/0x20
[   16.493629] 
[   16.493667] Allocated by task 158:
[   16.493723]  kasan_save_stack+0x3c/0x68
[   16.493805]  kasan_save_track+0x20/0x40
[   16.493878]  kasan_save_alloc_info+0x40/0x58
[   16.493971]  __kasan_krealloc+0x118/0x178
[   16.494310]  krealloc_noprof+0x128/0x360
[   16.494501]  krealloc_less_oob_helper+0x168/0xc50
[   16.494550]  krealloc_less_oob+0x20/0x38
[   16.494598]  kunit_try_run_case+0x170/0x3f0
[   16.494656]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.494758]  kthread+0x328/0x630
[   16.494854]  ret_from_fork+0x10/0x20
[   16.494929] 
[   16.494964] The buggy address belongs to the object at fff00000c450a400
[   16.494964]  which belongs to the cache kmalloc-256 of size 256
[   16.495109] The buggy address is located 33 bytes to the right of
[   16.495109]  allocated 201-byte region [fff00000c450a400, fff00000c450a4c9)
[   16.495233] 
[   16.495269] The buggy address belongs to the physical page:
[   16.495327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10450a
[   16.495622] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.495733] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.495887] page_type: f5(slab)
[   16.495976] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.496092] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.496203] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.496312] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.496408] head: 0bfffe0000000001 ffffc1ffc3114281 00000000ffffffff 00000000ffffffff
[   16.496513] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.496601] page dumped because: kasan: bad access detected
[   16.496667] 
[   16.496706] Memory state around the buggy address:
[   16.496779]  fff00000c450a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.496867]  fff00000c450a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.496955] >fff00000c450a480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.497259]                                                           ^
[   16.497455]  fff00000c450a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.497542]  fff00000c450a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.497653] ==================================================================
[   16.498631] ==================================================================
[   16.498730] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.498830] Write of size 1 at addr fff00000c450a4eb by task kunit_try_catch/158
[   16.498935] 
[   16.498994] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.499184] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.499241] Hardware name: linux,dummy-virt (DT)
[   16.499303] Call trace:
[   16.499347]  show_stack+0x20/0x38 (C)
[   16.499450]  dump_stack_lvl+0x8c/0xd0
[   16.499552]  print_report+0x118/0x608
[   16.499646]  kasan_report+0xdc/0x128
[   16.499739]  __asan_report_store1_noabort+0x20/0x30
[   16.499843]  krealloc_less_oob_helper+0xa58/0xc50
[   16.499943]  krealloc_less_oob+0x20/0x38
[   16.500038]  kunit_try_run_case+0x170/0x3f0
[   16.500786]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.500934]  kthread+0x328/0x630
[   16.501835]  ret_from_fork+0x10/0x20
[   16.501968] 
[   16.502024] Allocated by task 158:
[   16.502118]  kasan_save_stack+0x3c/0x68
[   16.502212]  kasan_save_track+0x20/0x40
[   16.502288]  kasan_save_alloc_info+0x40/0x58
[   16.502365]  __kasan_krealloc+0x118/0x178
[   16.502440]  krealloc_noprof+0x128/0x360
[   16.502512]  krealloc_less_oob_helper+0x168/0xc50
[   16.502598]  krealloc_less_oob+0x20/0x38
[   16.502664]  kunit_try_run_case+0x170/0x3f0
[   16.502724]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.502796]  kthread+0x328/0x630
[   16.502862]  ret_from_fork+0x10/0x20
[   16.503301] 
[   16.503356] The buggy address belongs to the object at fff00000c450a400
[   16.503356]  which belongs to the cache kmalloc-256 of size 256
[   16.503927] The buggy address is located 34 bytes to the right of
[   16.503927]  allocated 201-byte region [fff00000c450a400, fff00000c450a4c9)
[   16.504201] 
[   16.504252] The buggy address belongs to the physical page:
[   16.504315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10450a
[   16.504759] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.504948] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.505164] page_type: f5(slab)
[   16.505274] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.505552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.505755] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.506269] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.506395] head: 0bfffe0000000001 ffffc1ffc3114281 00000000ffffffff 00000000ffffffff
[   16.506544] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.506681] page dumped because: kasan: bad access detected
[   16.506778] 
[   16.506966] Memory state around the buggy address:
[   16.507072]  fff00000c450a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.507163]  fff00000c450a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.507242] >fff00000c450a480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.507312]                                                           ^
[   16.507814]  fff00000c450a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.508154]  fff00000c450a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.508275] ==================================================================
[   16.549211] ==================================================================
[   16.549422] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.549633] Write of size 1 at addr fff00000c78e20d0 by task kunit_try_catch/162
[   16.549739] 
[   16.549827] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.550023] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.550122] Hardware name: linux,dummy-virt (DT)
[   16.550207] Call trace:
[   16.550249]  show_stack+0x20/0x38 (C)
[   16.550364]  dump_stack_lvl+0x8c/0xd0
[   16.550506]  print_report+0x118/0x608
[   16.550618]  kasan_report+0xdc/0x128
[   16.550798]  __asan_report_store1_noabort+0x20/0x30
[   16.550894]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.550991]  krealloc_large_less_oob+0x20/0x38
[   16.551138]  kunit_try_run_case+0x170/0x3f0
[   16.551252]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.551634]  kthread+0x328/0x630
[   16.551726]  ret_from_fork+0x10/0x20
[   16.551817] 
[   16.551851] The buggy address belongs to the physical page:
[   16.551927] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   16.552053] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.552194] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.552345] page_type: f8(unknown)
[   16.552455] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.552607] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.552731] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.552874] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.552989] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   16.553101] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.553184] page dumped because: kasan: bad access detected
[   16.553288] 
[   16.553324] Memory state around the buggy address:
[   16.553526]  fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.553655]  fff00000c78e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.553916] >fff00000c78e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.554035]                                                  ^
[   16.554211]  fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.554307]  fff00000c78e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.554393] ==================================================================
[   16.571798] ==================================================================
[   16.571892] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.571992] Write of size 1 at addr fff00000c78e20eb by task kunit_try_catch/162
[   16.572108] 
[   16.572170] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.572344] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.572401] Hardware name: linux,dummy-virt (DT)
[   16.572468] Call trace:
[   16.572515]  show_stack+0x20/0x38 (C)
[   16.572616]  dump_stack_lvl+0x8c/0xd0
[   16.572716]  print_report+0x118/0x608
[   16.572811]  kasan_report+0xdc/0x128
[   16.572910]  __asan_report_store1_noabort+0x20/0x30
[   16.573019]  krealloc_less_oob_helper+0xa58/0xc50
[   16.573136]  krealloc_large_less_oob+0x20/0x38
[   16.573237]  kunit_try_run_case+0x170/0x3f0
[   16.573336]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.573450]  kthread+0x328/0x630
[   16.573553]  ret_from_fork+0x10/0x20
[   16.573648] 
[   16.573687] The buggy address belongs to the physical page:
[   16.573786] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   16.573967] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.574125] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.574279] page_type: f8(unknown)
[   16.574377] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.574466] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.574554] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.574651] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.574752] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   16.574885] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.574958] page dumped because: kasan: bad access detected
[   16.575021] 
[   16.575519] Memory state around the buggy address:
[   16.575639]  fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.575870]  fff00000c78e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.576066] >fff00000c78e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.576191]                                                           ^
[   16.576280]  fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.576372]  fff00000c78e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.576455] ==================================================================
[   16.539885] ==================================================================
[   16.539997] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.540118] Write of size 1 at addr fff00000c78e20c9 by task kunit_try_catch/162
[   16.540212] 
[   16.540647] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.541156] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.541227] Hardware name: linux,dummy-virt (DT)
[   16.541285] Call trace:
[   16.541336]  show_stack+0x20/0x38 (C)
[   16.541483]  dump_stack_lvl+0x8c/0xd0
[   16.541616]  print_report+0x118/0x608
[   16.541745]  kasan_report+0xdc/0x128
[   16.541867]  __asan_report_store1_noabort+0x20/0x30
[   16.542151]  krealloc_less_oob_helper+0xa48/0xc50
[   16.542545]  krealloc_large_less_oob+0x20/0x38
[   16.542645]  kunit_try_run_case+0x170/0x3f0
[   16.542877]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.543207]  kthread+0x328/0x630
[   16.543394]  ret_from_fork+0x10/0x20
[   16.543514] 
[   16.543674] The buggy address belongs to the physical page:
[   16.543763] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   16.543874] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.544238] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.544495] page_type: f8(unknown)
[   16.544735] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.544916] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.545096] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.545545] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.547117] head: 0bfffe0000000002 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   16.547201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.547240] page dumped because: kasan: bad access detected
[   16.547274] 
[   16.547293] Memory state around the buggy address:
[   16.547332]  fff00000c78e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.547403]  fff00000c78e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.547645] >fff00000c78e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.547875]                                               ^
[   16.548020]  fff00000c78e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.548309]  fff00000c78e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.548426] ==================================================================
[   16.471012] ==================================================================
[   16.471172] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.471306] Write of size 1 at addr fff00000c450a4c9 by task kunit_try_catch/158
[   16.471436] 
[   16.471521] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT 
[   16.471704] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.471754] Hardware name: linux,dummy-virt (DT)
[   16.471811] Call trace:
[   16.471855]  show_stack+0x20/0x38 (C)
[   16.471937]  dump_stack_lvl+0x8c/0xd0
[   16.472022]  print_report+0x118/0x608
[   16.472121]  kasan_report+0xdc/0x128
[   16.472223]  __asan_report_store1_noabort+0x20/0x30
[   16.472342]  krealloc_less_oob_helper+0xa48/0xc50
[   16.472474]  krealloc_less_oob+0x20/0x38
[   16.472587]  kunit_try_run_case+0x170/0x3f0
[   16.472701]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.472876]  kthread+0x328/0x630
[   16.472941]  ret_from_fork+0x10/0x20
[   16.472988] 
[   16.473007] Allocated by task 158:
[   16.473034]  kasan_save_stack+0x3c/0x68
[   16.473128]  kasan_save_track+0x20/0x40
[   16.473202]  kasan_save_alloc_info+0x40/0x58
[   16.473280]  __kasan_krealloc+0x118/0x178
[   16.473382]  krealloc_noprof+0x128/0x360
[   16.473491]  krealloc_less_oob_helper+0x168/0xc50
[   16.473569]  krealloc_less_oob+0x20/0x38
[   16.473639]  kunit_try_run_case+0x170/0x3f0
[   16.473711]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.473795]  kthread+0x328/0x630
[   16.473866]  ret_from_fork+0x10/0x20
[   16.473976] 
[   16.474014] The buggy address belongs to the object at fff00000c450a400
[   16.474014]  which belongs to the cache kmalloc-256 of size 256
[   16.474139] The buggy address is located 0 bytes to the right of
[   16.474139]  allocated 201-byte region [fff00000c450a400, fff00000c450a4c9)
[   16.474248] 
[   16.474285] The buggy address belongs to the physical page:
[   16.474343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10450a
[   16.474453] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.474583] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.474712] page_type: f5(slab)
[   16.474823] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.474952] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.475100] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.475203] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.475293] head: 0bfffe0000000001 ffffc1ffc3114281 00000000ffffffff 00000000ffffffff
[   16.475373] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.475473] page dumped because: kasan: bad access detected
[   16.475534] 
[   16.475568] Memory state around the buggy address:
[   16.475621]  fff00000c450a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.475699]  fff00000c450a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.475774] >fff00000c450a480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.475848]                                               ^
[   16.475913]  fff00000c450a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.476008]  fff00000c450a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.476101] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzht4TVw0WlfY69jnhMqjXElSg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzht4TVw0WlfY69jnhMqjXElSg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/Image.gz
sha256sum	70b1e536f53e9eb91aae94372b64952481bbf47e27b20cb5870c7e3e80457074

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhpWU42EtYm7kZLPp7OLc8QYa/modules.tar.xz
sha256sum	95c3dca0f224e5b598c2e0728f570672c34de953e709490ceb7378a1ba9035be

durations

tests

boot	0
kunit	235.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

[   16.090709] ==================================================================
[   16.091567] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   16.092663] Write of size 1 at addr ffff888100a35ec9 by task kunit_try_catch/175
[   16.093207] 
[   16.093488] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.093622] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.093652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.093731] Call Trace:
[   16.093764]  <TASK>
[   16.093805]  dump_stack_lvl+0x73/0xb0
[   16.093883]  print_report+0xd1/0x650
[   16.093936]  ? __virt_addr_valid+0x1db/0x2d0
[   16.093982]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   16.094023]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.094075]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   16.094113]  kasan_report+0x141/0x180
[   16.094148]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   16.094192]  __asan_report_store1_noabort+0x1b/0x30
[   16.094218]  krealloc_less_oob_helper+0xd70/0x11d0
[   16.094245]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.094290]  ? irqentry_exit+0x2a/0x60
[   16.094319]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.094348]  ? __pfx_krealloc_less_oob+0x10/0x10
[   16.094375]  krealloc_less_oob+0x1c/0x30
[   16.094399]  kunit_try_run_case+0x1a5/0x480
[   16.094428]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.094452]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.094478]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.094501]  ? __kthread_parkme+0x82/0x180
[   16.094524]  ? preempt_count_sub+0x50/0x80
[   16.094550]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.094575]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.094599]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.094623]  kthread+0x337/0x6f0
[   16.094645]  ? trace_preempt_on+0x20/0xc0
[   16.094683]  ? __pfx_kthread+0x10/0x10
[   16.094709]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.094730]  ? calculate_sigpending+0x7b/0xa0
[   16.094756]  ? __pfx_kthread+0x10/0x10
[   16.094778]  ret_from_fork+0x116/0x1d0
[   16.094799]  ? __pfx_kthread+0x10/0x10
[   16.094820]  ret_from_fork_asm+0x1a/0x30
[   16.094852]  </TASK>
[   16.094867] 
[   16.108284] Allocated by task 175:
[   16.108672]  kasan_save_stack+0x45/0x70
[   16.109296]  kasan_save_track+0x18/0x40
[   16.109693]  kasan_save_alloc_info+0x3b/0x50
[   16.110118]  __kasan_krealloc+0x190/0x1f0
[   16.110497]  krealloc_noprof+0xf3/0x340
[   16.110923]  krealloc_less_oob_helper+0x1aa/0x11d0
[   16.111363]  krealloc_less_oob+0x1c/0x30
[   16.111920]  kunit_try_run_case+0x1a5/0x480
[   16.112453]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.112910]  kthread+0x337/0x6f0
[   16.113397]  ret_from_fork+0x116/0x1d0
[   16.113763]  ret_from_fork_asm+0x1a/0x30
[   16.114341] 
[   16.114570] The buggy address belongs to the object at ffff888100a35e00
[   16.114570]  which belongs to the cache kmalloc-256 of size 256
[   16.115418] The buggy address is located 0 bytes to the right of
[   16.115418]  allocated 201-byte region [ffff888100a35e00, ffff888100a35ec9)
[   16.116507] 
[   16.116771] The buggy address belongs to the physical page:
[   16.117357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a34
[   16.117555] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.117779] flags: 0x200000000000040(head|node=0|zone=2)
[   16.118338] page_type: f5(slab)
[   16.118824] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.119838] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.120530] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.121154] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.121718] head: 0200000000000001 ffffea0004028d01 00000000ffffffff 00000000ffffffff
[   16.122449] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.123280] page dumped because: kasan: bad access detected
[   16.123554] 
[   16.123666] Memory state around the buggy address:
[   16.124033]  ffff888100a35d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.124788]  ffff888100a35e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.125055] >ffff888100a35e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.125605]                                               ^
[   16.125849]  ffff888100a35f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.127052]  ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.127705] ==================================================================
[   16.394812] ==================================================================
[   16.395243] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   16.395992] Write of size 1 at addr ffff8881029960da by task kunit_try_catch/179
[   16.396631] 
[   16.396951] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.397060] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.397086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.397130] Call Trace:
[   16.397161]  <TASK>
[   16.397198]  dump_stack_lvl+0x73/0xb0
[   16.397277]  print_report+0xd1/0x650
[   16.397332]  ? __virt_addr_valid+0x1db/0x2d0
[   16.397384]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   16.397434]  ? kasan_addr_to_slab+0x11/0xa0
[   16.397471]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   16.397515]  kasan_report+0x141/0x180
[   16.397558]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   16.397646]  __asan_report_store1_noabort+0x1b/0x30
[   16.397756]  krealloc_less_oob_helper+0xec6/0x11d0
[   16.397803]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.397856]  ? irqentry_exit+0x2a/0x60
[   16.397913]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.397956]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   16.397995]  krealloc_large_less_oob+0x1c/0x30
[   16.398028]  kunit_try_run_case+0x1a5/0x480
[   16.398092]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.398133]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.398178]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.398218]  ? __kthread_parkme+0x82/0x180
[   16.398254]  ? preempt_count_sub+0x50/0x80
[   16.398312]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.398357]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.398438]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.398488]  kthread+0x337/0x6f0
[   16.398548]  ? trace_preempt_on+0x20/0xc0
[   16.398601]  ? __pfx_kthread+0x10/0x10
[   16.398647]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.398729]  ? calculate_sigpending+0x7b/0xa0
[   16.398767]  ? __pfx_kthread+0x10/0x10
[   16.398800]  ret_from_fork+0x116/0x1d0
[   16.398828]  ? __pfx_kthread+0x10/0x10
[   16.398860]  ret_from_fork_asm+0x1a/0x30
[   16.398908]  </TASK>
[   16.398945] 
[   16.409415] The buggy address belongs to the physical page:
[   16.409920] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994
[   16.410505] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.411017] flags: 0x200000000000040(head|node=0|zone=2)
[   16.411461] page_type: f8(unknown)
[   16.411833] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.412299] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.412610] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.412937] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.413558] head: 0200000000000002 ffffea00040a6501 00000000ffffffff 00000000ffffffff
[   16.414177] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.414798] page dumped because: kasan: bad access detected
[   16.415142] 
[   16.415353] Memory state around the buggy address:
[   16.415619]  ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.415929]  ffff888102996000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.416504] >ffff888102996080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.417075]                                                     ^
[   16.417455]  ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.417926]  ffff888102996180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.418355] ==================================================================
[   16.241088] ==================================================================
[   16.241740] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   16.242439] Write of size 1 at addr ffff888100a35eeb by task kunit_try_catch/175
[   16.243249] 
[   16.243501] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.243609] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.243633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.243702] Call Trace:
[   16.243743]  <TASK>
[   16.243781]  dump_stack_lvl+0x73/0xb0
[   16.243852]  print_report+0xd1/0x650
[   16.243898]  ? __virt_addr_valid+0x1db/0x2d0
[   16.243942]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   16.243989]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.244031]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   16.244114]  kasan_report+0x141/0x180
[   16.244159]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   16.244213]  __asan_report_store1_noabort+0x1b/0x30
[   16.244252]  krealloc_less_oob_helper+0xd47/0x11d0
[   16.244313]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.244358]  ? irqentry_exit+0x2a/0x60
[   16.244401]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.244461]  ? __pfx_krealloc_less_oob+0x10/0x10
[   16.244515]  krealloc_less_oob+0x1c/0x30
[   16.244551]  kunit_try_run_case+0x1a5/0x480
[   16.244592]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.244627]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.244682]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.244732]  ? __kthread_parkme+0x82/0x180
[   16.244756]  ? preempt_count_sub+0x50/0x80
[   16.244781]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.244806]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.244832]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.244856]  kthread+0x337/0x6f0
[   16.244877]  ? trace_preempt_on+0x20/0xc0
[   16.244905]  ? __pfx_kthread+0x10/0x10
[   16.244928]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.244949]  ? calculate_sigpending+0x7b/0xa0
[   16.244975]  ? __pfx_kthread+0x10/0x10
[   16.244998]  ret_from_fork+0x116/0x1d0
[   16.245019]  ? __pfx_kthread+0x10/0x10
[   16.245048]  ret_from_fork_asm+0x1a/0x30
[   16.245113]  </TASK>
[   16.245134] 
[   16.256825] Allocated by task 175:
[   16.257046]  kasan_save_stack+0x45/0x70
[   16.257283]  kasan_save_track+0x18/0x40
[   16.257620]  kasan_save_alloc_info+0x3b/0x50
[   16.258797]  __kasan_krealloc+0x190/0x1f0
[   16.259381]  krealloc_noprof+0xf3/0x340
[   16.259720]  krealloc_less_oob_helper+0x1aa/0x11d0
[   16.260290]  krealloc_less_oob+0x1c/0x30
[   16.260600]  kunit_try_run_case+0x1a5/0x480
[   16.260976]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.261659]  kthread+0x337/0x6f0
[   16.261870]  ret_from_fork+0x116/0x1d0
[   16.262307]  ret_from_fork_asm+0x1a/0x30
[   16.262509] 
[   16.262643] The buggy address belongs to the object at ffff888100a35e00
[   16.262643]  which belongs to the cache kmalloc-256 of size 256
[   16.264145] The buggy address is located 34 bytes to the right of
[   16.264145]  allocated 201-byte region [ffff888100a35e00, ffff888100a35ec9)
[   16.264892] 
[   16.265131] The buggy address belongs to the physical page:
[   16.265391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a34
[   16.265881] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.266381] flags: 0x200000000000040(head|node=0|zone=2)
[   16.266784] page_type: f5(slab)
[   16.267106] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.267512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.267977] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.268269] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.269454] head: 0200000000000001 ffffea0004028d01 00000000ffffffff 00000000ffffffff
[   16.269989] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.270385] page dumped because: kasan: bad access detected
[   16.270615] 
[   16.270726] Memory state around the buggy address:
[   16.270932]  ffff888100a35d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.271204]  ffff888100a35e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.271759] >ffff888100a35e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.272532]                                                           ^
[   16.273786]  ffff888100a35f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.275578]  ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.275861] ==================================================================
[   16.203243] ==================================================================
[   16.204340] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   16.204911] Write of size 1 at addr ffff888100a35eea by task kunit_try_catch/175
[   16.205598] 
[   16.205810] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.205915] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.205942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.205987] Call Trace:
[   16.206026]  <TASK>
[   16.206235]  dump_stack_lvl+0x73/0xb0
[   16.206332]  print_report+0xd1/0x650
[   16.206380]  ? __virt_addr_valid+0x1db/0x2d0
[   16.206428]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   16.206470]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.206509]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   16.206553]  kasan_report+0x141/0x180
[   16.206613]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   16.206713]  __asan_report_store1_noabort+0x1b/0x30
[   16.206757]  krealloc_less_oob_helper+0xe90/0x11d0
[   16.206807]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.206855]  ? irqentry_exit+0x2a/0x60
[   16.206894]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.206948]  ? __pfx_krealloc_less_oob+0x10/0x10
[   16.207009]  krealloc_less_oob+0x1c/0x30
[   16.207071]  kunit_try_run_case+0x1a5/0x480
[   16.207122]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.207194]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.207238]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.207290]  ? __kthread_parkme+0x82/0x180
[   16.207326]  ? preempt_count_sub+0x50/0x80
[   16.207364]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.207403]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.207442]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.207480]  kthread+0x337/0x6f0
[   16.207514]  ? trace_preempt_on+0x20/0xc0
[   16.207555]  ? __pfx_kthread+0x10/0x10
[   16.207590]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.207618]  ? calculate_sigpending+0x7b/0xa0
[   16.207645]  ? __pfx_kthread+0x10/0x10
[   16.207692]  ret_from_fork+0x116/0x1d0
[   16.207730]  ? __pfx_kthread+0x10/0x10
[   16.207752]  ret_from_fork_asm+0x1a/0x30
[   16.207785]  </TASK>
[   16.207799] 
[   16.219611] Allocated by task 175:
[   16.220001]  kasan_save_stack+0x45/0x70
[   16.220548]  kasan_save_track+0x18/0x40
[   16.220988]  kasan_save_alloc_info+0x3b/0x50
[   16.221412]  __kasan_krealloc+0x190/0x1f0
[   16.221757]  krealloc_noprof+0xf3/0x340
[   16.222125]  krealloc_less_oob_helper+0x1aa/0x11d0
[   16.222639]  krealloc_less_oob+0x1c/0x30
[   16.223076]  kunit_try_run_case+0x1a5/0x480
[   16.223441]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.223834]  kthread+0x337/0x6f0
[   16.224191]  ret_from_fork+0x116/0x1d0
[   16.224505]  ret_from_fork_asm+0x1a/0x30
[   16.224771] 
[   16.224948] The buggy address belongs to the object at ffff888100a35e00
[   16.224948]  which belongs to the cache kmalloc-256 of size 256
[   16.226359] The buggy address is located 33 bytes to the right of
[   16.226359]  allocated 201-byte region [ffff888100a35e00, ffff888100a35ec9)
[   16.227414] 
[   16.227559] The buggy address belongs to the physical page:
[   16.228137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a34
[   16.229039] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.229761] flags: 0x200000000000040(head|node=0|zone=2)
[   16.230297] page_type: f5(slab)
[   16.230680] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.231172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.231897] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.232497] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.233402] head: 0200000000000001 ffffea0004028d01 00000000ffffffff 00000000ffffffff
[   16.233934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.234676] page dumped because: kasan: bad access detected
[   16.235197] 
[   16.235416] Memory state around the buggy address:
[   16.235888]  ffff888100a35d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.236713]  ffff888100a35e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.237345] >ffff888100a35e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.237886]                                                           ^
[   16.238452]  ffff888100a35f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.239235]  ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.239814] ==================================================================
[   16.419629] ==================================================================
[   16.420024] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   16.421293] Write of size 1 at addr ffff8881029960ea by task kunit_try_catch/179
[   16.421964] 
[   16.422249] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.422395] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.422449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.422493] Call Trace:
[   16.422532]  <TASK>
[   16.422583]  dump_stack_lvl+0x73/0xb0
[   16.422695]  print_report+0xd1/0x650
[   16.422750]  ? __virt_addr_valid+0x1db/0x2d0
[   16.422812]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   16.422874]  ? kasan_addr_to_slab+0x11/0xa0
[   16.422919]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   16.422972]  kasan_report+0x141/0x180
[   16.423027]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   16.423080]  __asan_report_store1_noabort+0x1b/0x30
[   16.423120]  krealloc_less_oob_helper+0xe90/0x11d0
[   16.423183]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.423246]  ? irqentry_exit+0x2a/0x60
[   16.423304]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.423365]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   16.423424]  krealloc_large_less_oob+0x1c/0x30
[   16.423475]  kunit_try_run_case+0x1a5/0x480
[   16.423530]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.423578]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.423629]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.423709]  ? __kthread_parkme+0x82/0x180
[   16.423841]  ? preempt_count_sub+0x50/0x80
[   16.423881]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.424331]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.424391]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.424432]  kthread+0x337/0x6f0
[   16.424464]  ? trace_preempt_on+0x20/0xc0
[   16.424492]  ? __pfx_kthread+0x10/0x10
[   16.424514]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.424538]  ? calculate_sigpending+0x7b/0xa0
[   16.424564]  ? __pfx_kthread+0x10/0x10
[   16.424586]  ret_from_fork+0x116/0x1d0
[   16.424607]  ? __pfx_kthread+0x10/0x10
[   16.424628]  ret_from_fork_asm+0x1a/0x30
[   16.424682]  </TASK>
[   16.424721] 
[   16.437084] The buggy address belongs to the physical page:
[   16.437517] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994
[   16.438023] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.438415] flags: 0x200000000000040(head|node=0|zone=2)
[   16.438776] page_type: f8(unknown)
[   16.439115] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.439608] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.440002] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.440604] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.440963] head: 0200000000000002 ffffea00040a6501 00000000ffffffff 00000000ffffffff
[   16.441508] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.442074] page dumped because: kasan: bad access detected
[   16.442379] 
[   16.442498] Memory state around the buggy address:
[   16.442868]  ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.443294]  ffff888102996000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.443722] >ffff888102996080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.444190]                                                           ^
[   16.444552]  ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.445088]  ffff888102996180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.445375] ==================================================================
[   16.128806] ==================================================================
[   16.129458] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   16.130504] Write of size 1 at addr ffff888100a35ed0 by task kunit_try_catch/175
[   16.131535] 
[   16.131717] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.131810] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.131835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.131877] Call Trace:
[   16.131900]  <TASK>
[   16.132117]  dump_stack_lvl+0x73/0xb0
[   16.132197]  print_report+0xd1/0x650
[   16.132239]  ? __virt_addr_valid+0x1db/0x2d0
[   16.132293]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   16.132331]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.132365]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   16.132403]  kasan_report+0x141/0x180
[   16.132439]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   16.132481]  __asan_report_store1_noabort+0x1b/0x30
[   16.132514]  krealloc_less_oob_helper+0xe23/0x11d0
[   16.132555]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.132589]  ? irqentry_exit+0x2a/0x60
[   16.132623]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.132669]  ? __pfx_krealloc_less_oob+0x10/0x10
[   16.132903]  krealloc_less_oob+0x1c/0x30
[   16.133001]  kunit_try_run_case+0x1a5/0x480
[   16.133036]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.133072]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.133135]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.133168]  ? __kthread_parkme+0x82/0x180
[   16.133200]  ? preempt_count_sub+0x50/0x80
[   16.133236]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.133285]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.133324]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.133358]  kthread+0x337/0x6f0
[   16.133389]  ? trace_preempt_on+0x20/0xc0
[   16.133430]  ? __pfx_kthread+0x10/0x10
[   16.133461]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.133493]  ? calculate_sigpending+0x7b/0xa0
[   16.133526]  ? __pfx_kthread+0x10/0x10
[   16.133549]  ret_from_fork+0x116/0x1d0
[   16.133569]  ? __pfx_kthread+0x10/0x10
[   16.133591]  ret_from_fork_asm+0x1a/0x30
[   16.133622]  </TASK>
[   16.133635] 
[   16.147523] Allocated by task 175:
[   16.148153]  kasan_save_stack+0x45/0x70
[   16.148446]  kasan_save_track+0x18/0x40
[   16.148651]  kasan_save_alloc_info+0x3b/0x50
[   16.149393]  __kasan_krealloc+0x190/0x1f0
[   16.150010]  krealloc_noprof+0xf3/0x340
[   16.150577]  krealloc_less_oob_helper+0x1aa/0x11d0
[   16.150925]  krealloc_less_oob+0x1c/0x30
[   16.151446]  kunit_try_run_case+0x1a5/0x480
[   16.151924]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.152255]  kthread+0x337/0x6f0
[   16.152782]  ret_from_fork+0x116/0x1d0
[   16.153145]  ret_from_fork_asm+0x1a/0x30
[   16.153547] 
[   16.153805] The buggy address belongs to the object at ffff888100a35e00
[   16.153805]  which belongs to the cache kmalloc-256 of size 256
[   16.154552] The buggy address is located 7 bytes to the right of
[   16.154552]  allocated 201-byte region [ffff888100a35e00, ffff888100a35ec9)
[   16.155348] 
[   16.155662] The buggy address belongs to the physical page:
[   16.156089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a34
[   16.157710] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.158249] flags: 0x200000000000040(head|node=0|zone=2)
[   16.158655] page_type: f5(slab)
[   16.159171] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.160006] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.160642] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.161106] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.161967] head: 0200000000000001 ffffea0004028d01 00000000ffffffff 00000000ffffffff
[   16.162842] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.163341] page dumped because: kasan: bad access detected
[   16.163561] 
[   16.163760] Memory state around the buggy address:
[   16.164212]  ffff888100a35d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.164618]  ffff888100a35e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.165223] >ffff888100a35e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.165620]                                                  ^
[   16.166141]  ffff888100a35f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.166677]  ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.166907] ==================================================================
[   16.168371] ==================================================================
[   16.168970] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   16.169506] Write of size 1 at addr ffff888100a35eda by task kunit_try_catch/175
[   16.170000] 
[   16.170321] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.170448] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.170476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.170518] Call Trace:
[   16.170548]  <TASK>
[   16.170603]  dump_stack_lvl+0x73/0xb0
[   16.170713]  print_report+0xd1/0x650
[   16.170764]  ? __virt_addr_valid+0x1db/0x2d0
[   16.170807]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   16.170854]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.170901]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   16.170953]  kasan_report+0x141/0x180
[   16.171011]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   16.171106]  __asan_report_store1_noabort+0x1b/0x30
[   16.171154]  krealloc_less_oob_helper+0xec6/0x11d0
[   16.171209]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.171269]  ? irqentry_exit+0x2a/0x60
[   16.171320]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.171372]  ? __pfx_krealloc_less_oob+0x10/0x10
[   16.171435]  krealloc_less_oob+0x1c/0x30
[   16.171470]  kunit_try_run_case+0x1a5/0x480
[   16.171511]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.171547]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.171589]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.171632]  ? __kthread_parkme+0x82/0x180
[   16.171726]  ? preempt_count_sub+0x50/0x80
[   16.171779]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.171837]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.171882]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.171920]  kthread+0x337/0x6f0
[   16.171956]  ? trace_preempt_on+0x20/0xc0
[   16.172001]  ? __pfx_kthread+0x10/0x10
[   16.172074]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.172112]  ? calculate_sigpending+0x7b/0xa0
[   16.172151]  ? __pfx_kthread+0x10/0x10
[   16.172191]  ret_from_fork+0x116/0x1d0
[   16.172233]  ? __pfx_kthread+0x10/0x10
[   16.172285]  ret_from_fork_asm+0x1a/0x30
[   16.172350]  </TASK>
[   16.172379] 
[   16.183894] Allocated by task 175:
[   16.184181]  kasan_save_stack+0x45/0x70
[   16.184561]  kasan_save_track+0x18/0x40
[   16.184823]  kasan_save_alloc_info+0x3b/0x50
[   16.185019]  __kasan_krealloc+0x190/0x1f0
[   16.185207]  krealloc_noprof+0xf3/0x340
[   16.185555]  krealloc_less_oob_helper+0x1aa/0x11d0
[   16.185953]  krealloc_less_oob+0x1c/0x30
[   16.186189]  kunit_try_run_case+0x1a5/0x480
[   16.186925]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.187399]  kthread+0x337/0x6f0
[   16.187630]  ret_from_fork+0x116/0x1d0
[   16.187885]  ret_from_fork_asm+0x1a/0x30
[   16.188242] 
[   16.188429] The buggy address belongs to the object at ffff888100a35e00
[   16.188429]  which belongs to the cache kmalloc-256 of size 256
[   16.189287] The buggy address is located 17 bytes to the right of
[   16.189287]  allocated 201-byte region [ffff888100a35e00, ffff888100a35ec9)
[   16.190200] 
[   16.190536] The buggy address belongs to the physical page:
[   16.191561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a34
[   16.192252] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.192981] flags: 0x200000000000040(head|node=0|zone=2)
[   16.193426] page_type: f5(slab)
[   16.193782] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.194373] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.195158] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   16.195644] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.196442] head: 0200000000000001 ffffea0004028d01 00000000ffffffff 00000000ffffffff
[   16.197460] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.197851] page dumped because: kasan: bad access detected
[   16.198050] 
[   16.198427] Memory state around the buggy address:
[   16.198869]  ffff888100a35d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.199432]  ffff888100a35e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.199955] >ffff888100a35e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.200551]                                                     ^
[   16.200990]  ffff888100a35f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.201607]  ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.202395] ==================================================================
[   16.341340] ==================================================================
[   16.341855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   16.342618] Write of size 1 at addr ffff8881029960c9 by task kunit_try_catch/179
[   16.343188] 
[   16.343458] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.343572] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.343598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.343639] Call Trace:
[   16.343666]  <TASK>
[   16.343712]  dump_stack_lvl+0x73/0xb0
[   16.343779]  print_report+0xd1/0x650
[   16.343858]  ? __virt_addr_valid+0x1db/0x2d0
[   16.343903]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   16.343951]  ? kasan_addr_to_slab+0x11/0xa0
[   16.343995]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   16.344042]  kasan_report+0x141/0x180
[   16.344107]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   16.344166]  __asan_report_store1_noabort+0x1b/0x30
[   16.344207]  krealloc_less_oob_helper+0xd70/0x11d0
[   16.344279]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.344312]  ? irqentry_exit+0x2a/0x60
[   16.344345]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.344390]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   16.344440]  krealloc_large_less_oob+0x1c/0x30
[   16.344485]  kunit_try_run_case+0x1a5/0x480
[   16.344559]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.344604]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.344653]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.344693]  ? __kthread_parkme+0x82/0x180
[   16.344734]  ? preempt_count_sub+0x50/0x80
[   16.344782]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.344827]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.344868]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.344960]  kthread+0x337/0x6f0
[   16.344999]  ? trace_preempt_on+0x20/0xc0
[   16.345050]  ? __pfx_kthread+0x10/0x10
[   16.345093]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.345132]  ? calculate_sigpending+0x7b/0xa0
[   16.345160]  ? __pfx_kthread+0x10/0x10
[   16.345182]  ret_from_fork+0x116/0x1d0
[   16.345204]  ? __pfx_kthread+0x10/0x10
[   16.345226]  ret_from_fork_asm+0x1a/0x30
[   16.345272]  </TASK>
[   16.345290] 
[   16.356652] The buggy address belongs to the physical page:
[   16.357130] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994
[   16.357461] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.358026] flags: 0x200000000000040(head|node=0|zone=2)
[   16.358495] page_type: f8(unknown)
[   16.358826] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.359480] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.360046] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.360407] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.361077] head: 0200000000000002 ffffea00040a6501 00000000ffffffff 00000000ffffffff
[   16.361741] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.362268] page dumped because: kasan: bad access detected
[   16.362565] 
[   16.362711] Memory state around the buggy address:
[   16.363123]  ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.363512]  ffff888102996000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.364104] >ffff888102996080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.364522]                                               ^
[   16.364929]  ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.365201]  ffff888102996180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.365599] ==================================================================
[   16.368303] ==================================================================
[   16.368855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   16.369324] Write of size 1 at addr ffff8881029960d0 by task kunit_try_catch/179
[   16.370095] 
[   16.370621] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.370742] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.370772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.370817] Call Trace:
[   16.370845]  <TASK>
[   16.370894]  dump_stack_lvl+0x73/0xb0
[   16.370981]  print_report+0xd1/0x650
[   16.371042]  ? __virt_addr_valid+0x1db/0x2d0
[   16.371091]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   16.371134]  ? kasan_addr_to_slab+0x11/0xa0
[   16.371164]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   16.371190]  kasan_report+0x141/0x180
[   16.371214]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   16.371244]  __asan_report_store1_noabort+0x1b/0x30
[   16.371291]  krealloc_less_oob_helper+0xe23/0x11d0
[   16.371322]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.371347]  ? irqentry_exit+0x2a/0x60
[   16.371369]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.371399]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   16.371426]  krealloc_large_less_oob+0x1c/0x30
[   16.371450]  kunit_try_run_case+0x1a5/0x480
[   16.371476]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.371499]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.371524]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.371546]  ? __kthread_parkme+0x82/0x180
[   16.371568]  ? preempt_count_sub+0x50/0x80
[   16.371592]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.371617]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.371640]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.371687]  kthread+0x337/0x6f0
[   16.371717]  ? trace_preempt_on+0x20/0xc0
[   16.371744]  ? __pfx_kthread+0x10/0x10
[   16.371766]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.371788]  ? calculate_sigpending+0x7b/0xa0
[   16.371814]  ? __pfx_kthread+0x10/0x10
[   16.371836]  ret_from_fork+0x116/0x1d0
[   16.371856]  ? __pfx_kthread+0x10/0x10
[   16.371878]  ret_from_fork_asm+0x1a/0x30
[   16.371913]  </TASK>
[   16.371926] 
[   16.383211] The buggy address belongs to the physical page:
[   16.383820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994
[   16.384503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.385482] flags: 0x200000000000040(head|node=0|zone=2)
[   16.385754] page_type: f8(unknown)
[   16.386005] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.386342] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.387190] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.387876] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.388219] head: 0200000000000002 ffffea00040a6501 00000000ffffffff 00000000ffffffff
[   16.388452] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.389508] page dumped because: kasan: bad access detected
[   16.390040] 
[   16.390158] Memory state around the buggy address:
[   16.390538]  ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.390983]  ffff888102996000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.391579] >ffff888102996080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.392217]                                                  ^
[   16.392480]  ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.393012]  ffff888102996180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.393335] ==================================================================
[   16.446520] ==================================================================
[   16.447977] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   16.448401] Write of size 1 at addr ffff8881029960eb by task kunit_try_catch/179
[   16.448897] 
[   16.449133] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) 
[   16.449230] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.449256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.449311] Call Trace:
[   16.449348]  <TASK>
[   16.449385]  dump_stack_lvl+0x73/0xb0
[   16.449449]  print_report+0xd1/0x650
[   16.449494]  ? __virt_addr_valid+0x1db/0x2d0
[   16.449538]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   16.449580]  ? kasan_addr_to_slab+0x11/0xa0
[   16.449619]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   16.449665]  kasan_report+0x141/0x180
[   16.449728]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   16.449775]  __asan_report_store1_noabort+0x1b/0x30
[   16.449812]  krealloc_less_oob_helper+0xd47/0x11d0
[   16.449862]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   16.449904]  ? irqentry_exit+0x2a/0x60
[   16.449940]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   16.449993]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   16.450050]  krealloc_large_less_oob+0x1c/0x30
[   16.450093]  kunit_try_run_case+0x1a5/0x480
[   16.450141]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.450185]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   16.450231]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.450287]  ? __kthread_parkme+0x82/0x180
[   16.450332]  ? preempt_count_sub+0x50/0x80
[   16.450384]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.450429]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.450464]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.450489]  kthread+0x337/0x6f0
[   16.450511]  ? trace_preempt_on+0x20/0xc0
[   16.450537]  ? __pfx_kthread+0x10/0x10
[   16.450559]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.450580]  ? calculate_sigpending+0x7b/0xa0
[   16.450606]  ? __pfx_kthread+0x10/0x10
[   16.450628]  ret_from_fork+0x116/0x1d0
[   16.450649]  ? __pfx_kthread+0x10/0x10
[   16.450681]  ret_from_fork_asm+0x1a/0x30
[   16.450738]  </TASK>
[   16.450752] 
[   16.460168] The buggy address belongs to the physical page:
[   16.460513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102994
[   16.461292] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.461583] flags: 0x200000000000040(head|node=0|zone=2)
[   16.462131] page_type: f8(unknown)
[   16.462474] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.462903] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.463212] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   16.463775] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.464289] head: 0200000000000002 ffffea00040a6501 00000000ffffffff 00000000ffffffff
[   16.464808] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.465118] page dumped because: kasan: bad access detected
[   16.465467] 
[   16.465685] Memory state around the buggy address:
[   16.466091]  ffff888102995f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.466531]  ffff888102996000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.467005] >ffff888102996080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.467757]                                                           ^
[   16.468024]  ffff888102996100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.468310]  ffff888102996180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.468568] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2wzhoXbX8z5uxnTgWVmeHFPVt5w

job_id

TEST:linaro@lkft#2wzhu6iaWdJjc5OBxEyTCXoH7hg

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2wzhu6iaWdJjc5OBxEyTCXoH7hg

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/bzImage
sha256sum	a903e4e22fae7c9fda402890fe1753d53b5e12289f993655dd063c1cd604c332

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2wzhqgGEQZAOcyKh8cNNiRpI84n/modules.tar.xz
sha256sum	5e08ec47b0a73d33001c0f25787e3eb58851b97c569c3621f07d2da65a7a22ff

durations

tests

boot	0
kunit	361.27

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0~rc3+ds-2

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit