lkft/linux-next-master - next-20250513 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

May 13, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.209407] ==================================================================
[   19.209476] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.209549] Write of size 1 at addr fff00000c65620ea by task kunit_try_catch/162
[   19.209605] 
[   19.209645] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.209739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.209770] Hardware name: linux,dummy-virt (DT)
[   19.209805] Call trace:
[   19.209844]  show_stack+0x20/0x38 (C)
[   19.209906]  dump_stack_lvl+0x8c/0xd0
[   19.209958]  print_report+0x118/0x608
[   19.210028]  kasan_report+0xdc/0x128
[   19.210081]  __asan_report_store1_noabort+0x20/0x30
[   19.210139]  krealloc_less_oob_helper+0xae4/0xc50
[   19.210192]  krealloc_large_less_oob+0x20/0x38
[   19.210245]  kunit_try_run_case+0x170/0x3f0
[   19.210296]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.210354]  kthread+0x328/0x630
[   19.210406]  ret_from_fork+0x10/0x20
[   19.210691] 
[   19.210724] The buggy address belongs to the physical page:
[   19.210774] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560
[   19.210851] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.210994] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.211054] page_type: f8(unknown)
[   19.211370] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.211453] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.211527] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.211655] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.211740] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff
[   19.212073] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.212121] page dumped because: kasan: bad access detected
[   19.212168] 
[   19.212233] Memory state around the buggy address:
[   19.212287]  fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.212510]  fff00000c6562000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.212593] >fff00000c6562080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.212638]                                                           ^
[   19.212994]  fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.213252]  fff00000c6562180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.213499] ==================================================================
[   19.133452] ==================================================================
[   19.133686] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.134064] Write of size 1 at addr fff00000c5b13cc9 by task kunit_try_catch/158
[   19.134130] 
[   19.134183] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.134291] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.134322] Hardware name: linux,dummy-virt (DT)
[   19.134361] Call trace:
[   19.134811]  show_stack+0x20/0x38 (C)
[   19.134982]  dump_stack_lvl+0x8c/0xd0
[   19.135244]  print_report+0x118/0x608
[   19.135300]  kasan_report+0xdc/0x128
[   19.135349]  __asan_report_store1_noabort+0x20/0x30
[   19.135572]  krealloc_less_oob_helper+0xa48/0xc50
[   19.135708]  krealloc_less_oob+0x20/0x38
[   19.135806]  kunit_try_run_case+0x170/0x3f0
[   19.135932]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.136005]  kthread+0x328/0x630
[   19.136118]  ret_from_fork+0x10/0x20
[   19.136189] 
[   19.136235] Allocated by task 158:
[   19.136314]  kasan_save_stack+0x3c/0x68
[   19.136367]  kasan_save_track+0x20/0x40
[   19.136422]  kasan_save_alloc_info+0x40/0x58
[   19.136462]  __kasan_krealloc+0x118/0x178
[   19.136501]  krealloc_noprof+0x128/0x360
[   19.136539]  krealloc_less_oob_helper+0x168/0xc50
[   19.136617]  krealloc_less_oob+0x20/0x38
[   19.136688]  kunit_try_run_case+0x170/0x3f0
[   19.137271]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.137530]  kthread+0x328/0x630
[   19.137580]  ret_from_fork+0x10/0x20
[   19.137920] 
[   19.137947] The buggy address belongs to the object at fff00000c5b13c00
[   19.137947]  which belongs to the cache kmalloc-256 of size 256
[   19.138030] The buggy address is located 0 bytes to the right of
[   19.138030]  allocated 201-byte region [fff00000c5b13c00, fff00000c5b13cc9)
[   19.138099] 
[   19.138124] The buggy address belongs to the physical page:
[   19.138163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b12
[   19.138222] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.138274] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.138338] page_type: f5(slab)
[   19.138388] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.138455] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.138516] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.138569] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.138622] head: 0bfffe0000000001 ffffc1ffc316c481 00000000ffffffff 00000000ffffffff
[   19.138674] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.138718] page dumped because: kasan: bad access detected
[   19.138753] 
[   19.138773] Memory state around the buggy address:
[   19.139223]  fff00000c5b13b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.139336]  fff00000c5b13c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.139390] >fff00000c5b13c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.139435]                                               ^
[   19.139491]  fff00000c5b13d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.139728]  fff00000c5b13d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.139779] ==================================================================
[   19.191826] ==================================================================
[   19.191913] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.192095] Write of size 1 at addr fff00000c65620c9 by task kunit_try_catch/162
[   19.192184] 
[   19.192242] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.192342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.192374] Hardware name: linux,dummy-virt (DT)
[   19.192410] Call trace:
[   19.192444]  show_stack+0x20/0x38 (C)
[   19.192563]  dump_stack_lvl+0x8c/0xd0
[   19.192660]  print_report+0x118/0x608
[   19.192760]  kasan_report+0xdc/0x128
[   19.192842]  __asan_report_store1_noabort+0x20/0x30
[   19.192906]  krealloc_less_oob_helper+0xa48/0xc50
[   19.193541]  krealloc_large_less_oob+0x20/0x38
[   19.193732]  kunit_try_run_case+0x170/0x3f0
[   19.193792]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.193886]  kthread+0x328/0x630
[   19.193993]  ret_from_fork+0x10/0x20
[   19.194100] 
[   19.194127] The buggy address belongs to the physical page:
[   19.194165] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560
[   19.194225] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.194277] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.194338] page_type: f8(unknown)
[   19.194388] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.194457] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.194519] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.194642] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.194768] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff
[   19.194876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.195169] page dumped because: kasan: bad access detected
[   19.195331] 
[   19.195393] Memory state around the buggy address:
[   19.195586]  fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.195736]  fff00000c6562000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.196014] >fff00000c6562080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.196176]                                               ^
[   19.196390]  fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.196721]  fff00000c6562180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.197137] ==================================================================
[   19.160968] ==================================================================
[   19.161044] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.161111] Write of size 1 at addr fff00000c5b13ceb by task kunit_try_catch/158
[   19.161162] 
[   19.161198] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.161282] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.161310] Hardware name: linux,dummy-virt (DT)
[   19.161342] Call trace:
[   19.161365]  show_stack+0x20/0x38 (C)
[   19.161418]  dump_stack_lvl+0x8c/0xd0
[   19.161468]  print_report+0x118/0x608
[   19.161518]  kasan_report+0xdc/0x128
[   19.161568]  __asan_report_store1_noabort+0x20/0x30
[   19.161622]  krealloc_less_oob_helper+0xa58/0xc50
[   19.161674]  krealloc_less_oob+0x20/0x38
[   19.161723]  kunit_try_run_case+0x170/0x3f0
[   19.161773]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.161860]  kthread+0x328/0x630
[   19.161915]  ret_from_fork+0x10/0x20
[   19.162906] 
[   19.162961] Allocated by task 158:
[   19.163018]  kasan_save_stack+0x3c/0x68
[   19.163072]  kasan_save_track+0x20/0x40
[   19.163114]  kasan_save_alloc_info+0x40/0x58
[   19.163156]  __kasan_krealloc+0x118/0x178
[   19.163196]  krealloc_noprof+0x128/0x360
[   19.163659]  krealloc_less_oob_helper+0x168/0xc50
[   19.163750]  krealloc_less_oob+0x20/0x38
[   19.163948]  kunit_try_run_case+0x170/0x3f0
[   19.164024]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.164070]  kthread+0x328/0x630
[   19.164177]  ret_from_fork+0x10/0x20
[   19.164317] 
[   19.164344] The buggy address belongs to the object at fff00000c5b13c00
[   19.164344]  which belongs to the cache kmalloc-256 of size 256
[   19.164415] The buggy address is located 34 bytes to the right of
[   19.164415]  allocated 201-byte region [fff00000c5b13c00, fff00000c5b13cc9)
[   19.164479] 
[   19.164502] The buggy address belongs to the physical page:
[   19.164536] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b12
[   19.164589] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.164636] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.164939] page_type: f5(slab)
[   19.165112] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.165177] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.165246] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.165330] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.165404] head: 0bfffe0000000001 ffffc1ffc316c481 00000000ffffffff 00000000ffffffff
[   19.165462] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.165505] page dumped because: kasan: bad access detected
[   19.165541] 
[   19.165562] Memory state around the buggy address:
[   19.165619]  fff00000c5b13b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.165672]  fff00000c5b13c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.165719] >fff00000c5b13c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.165936]                                                           ^
[   19.166339]  fff00000c5b13d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.166559]  fff00000c5b13d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.166621] ==================================================================
[   19.198107] ==================================================================
[   19.198182] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.198330] Write of size 1 at addr fff00000c65620d0 by task kunit_try_catch/162
[   19.198388] 
[   19.198431] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.198535] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.198566] Hardware name: linux,dummy-virt (DT)
[   19.198602] Call trace:
[   19.198629]  show_stack+0x20/0x38 (C)
[   19.198690]  dump_stack_lvl+0x8c/0xd0
[   19.198876]  print_report+0x118/0x608
[   19.198982]  kasan_report+0xdc/0x128
[   19.199069]  __asan_report_store1_noabort+0x20/0x30
[   19.199143]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.199199]  krealloc_large_less_oob+0x20/0x38
[   19.199251]  kunit_try_run_case+0x170/0x3f0
[   19.199304]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.199361]  kthread+0x328/0x630
[   19.199416]  ret_from_fork+0x10/0x20
[   19.199485] 
[   19.199514] The buggy address belongs to the physical page:
[   19.199551] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560
[   19.199612] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.199772] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.199933] page_type: f8(unknown)
[   19.200191] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.200421] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.200476] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.200569] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.200623] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff
[   19.200674] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.200717] page dumped because: kasan: bad access detected
[   19.200758] 
[   19.200795] Memory state around the buggy address:
[   19.200849]  fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.200951]  fff00000c6562000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.201007] >fff00000c6562080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.201048]                                                  ^
[   19.201194]  fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.201330]  fff00000c6562180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.201598] ==================================================================
[   19.141202] ==================================================================
[   19.141319] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.141399] Write of size 1 at addr fff00000c5b13cd0 by task kunit_try_catch/158
[   19.141453] 
[   19.141706] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.141841] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.141877] Hardware name: linux,dummy-virt (DT)
[   19.141914] Call trace:
[   19.141998]  show_stack+0x20/0x38 (C)
[   19.142069]  dump_stack_lvl+0x8c/0xd0
[   19.142123]  print_report+0x118/0x608
[   19.142504]  kasan_report+0xdc/0x128
[   19.142659]  __asan_report_store1_noabort+0x20/0x30
[   19.142719]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.142809]  krealloc_less_oob+0x20/0x38
[   19.142873]  kunit_try_run_case+0x170/0x3f0
[   19.142929]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.142995]  kthread+0x328/0x630
[   19.143049]  ret_from_fork+0x10/0x20
[   19.143748] 
[   19.143853] Allocated by task 158:
[   19.143890]  kasan_save_stack+0x3c/0x68
[   19.143948]  kasan_save_track+0x20/0x40
[   19.144098]  kasan_save_alloc_info+0x40/0x58
[   19.144146]  __kasan_krealloc+0x118/0x178
[   19.144187]  krealloc_noprof+0x128/0x360
[   19.144566]  krealloc_less_oob_helper+0x168/0xc50
[   19.144620]  krealloc_less_oob+0x20/0x38
[   19.144808]  kunit_try_run_case+0x170/0x3f0
[   19.144853]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.145184]  kthread+0x328/0x630
[   19.145268]  ret_from_fork+0x10/0x20
[   19.145331] 
[   19.145449] The buggy address belongs to the object at fff00000c5b13c00
[   19.145449]  which belongs to the cache kmalloc-256 of size 256
[   19.145522] The buggy address is located 7 bytes to the right of
[   19.145522]  allocated 201-byte region [fff00000c5b13c00, fff00000c5b13cc9)
[   19.145593] 
[   19.145617] The buggy address belongs to the physical page:
[   19.145652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b12
[   19.146137] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.146261] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.146324] page_type: f5(slab)
[   19.146382] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.146473] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.146591] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.146772] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.146863] head: 0bfffe0000000001 ffffc1ffc316c481 00000000ffffffff 00000000ffffffff
[   19.146916] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.146958] page dumped because: kasan: bad access detected
[   19.147004] 
[   19.147025] Memory state around the buggy address:
[   19.147083]  fff00000c5b13b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.147137]  fff00000c5b13c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.147184] >fff00000c5b13c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.147223]                                                  ^
[   19.147263]  fff00000c5b13d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.147307]  fff00000c5b13d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.147346] ==================================================================
[   19.201847] ==================================================================
[   19.201900] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.201964] Write of size 1 at addr fff00000c65620da by task kunit_try_catch/162
[   19.202367] 
[   19.202425] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.203276] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.203670] Hardware name: linux,dummy-virt (DT)
[   19.203717] Call trace:
[   19.203752]  show_stack+0x20/0x38 (C)
[   19.203832]  dump_stack_lvl+0x8c/0xd0
[   19.203933]  print_report+0x118/0x608
[   19.204013]  kasan_report+0xdc/0x128
[   19.204075]  __asan_report_store1_noabort+0x20/0x30
[   19.204132]  krealloc_less_oob_helper+0xa80/0xc50
[   19.204187]  krealloc_large_less_oob+0x20/0x38
[   19.204412]  kunit_try_run_case+0x170/0x3f0
[   19.204514]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.204803]  kthread+0x328/0x630
[   19.204863]  ret_from_fork+0x10/0x20
[   19.205027] 
[   19.205188] The buggy address belongs to the physical page:
[   19.205475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560
[   19.205540] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.205608] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.206178] page_type: f8(unknown)
[   19.206285] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.206359] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.206485] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.206542] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.206595] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff
[   19.206647] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.206689] page dumped because: kasan: bad access detected
[   19.207010] 
[   19.207037] Memory state around the buggy address:
[   19.207086]  fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.207137]  fff00000c6562000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.207274] >fff00000c6562080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.207380]                                                     ^
[   19.207670]  fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.207735]  fff00000c6562180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.207866] ==================================================================
[   19.149603] ==================================================================
[   19.149821] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.149918] Write of size 1 at addr fff00000c5b13cda by task kunit_try_catch/158
[   19.149986] 
[   19.150031] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.150328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.150400] Hardware name: linux,dummy-virt (DT)
[   19.150440] Call trace:
[   19.150565]  show_stack+0x20/0x38 (C)
[   19.150683]  dump_stack_lvl+0x8c/0xd0
[   19.150742]  print_report+0x118/0x608
[   19.150796]  kasan_report+0xdc/0x128
[   19.150870]  __asan_report_store1_noabort+0x20/0x30
[   19.150926]  krealloc_less_oob_helper+0xa80/0xc50
[   19.151097]  krealloc_less_oob+0x20/0x38
[   19.151183]  kunit_try_run_case+0x170/0x3f0
[   19.151331]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.151428]  kthread+0x328/0x630
[   19.151482]  ret_from_fork+0x10/0x20
[   19.151534] 
[   19.151555] Allocated by task 158:
[   19.151586]  kasan_save_stack+0x3c/0x68
[   19.151631]  kasan_save_track+0x20/0x40
[   19.151697]  kasan_save_alloc_info+0x40/0x58
[   19.151756]  __kasan_krealloc+0x118/0x178
[   19.151804]  krealloc_noprof+0x128/0x360
[   19.151888]  krealloc_less_oob_helper+0x168/0xc50
[   19.151934]  krealloc_less_oob+0x20/0x38
[   19.151981]  kunit_try_run_case+0x170/0x3f0
[   19.152032]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.152121]  kthread+0x328/0x630
[   19.152192]  ret_from_fork+0x10/0x20
[   19.152263] 
[   19.152307] The buggy address belongs to the object at fff00000c5b13c00
[   19.152307]  which belongs to the cache kmalloc-256 of size 256
[   19.152366] The buggy address is located 17 bytes to the right of
[   19.152366]  allocated 201-byte region [fff00000c5b13c00, fff00000c5b13cc9)
[   19.152435] 
[   19.152479] The buggy address belongs to the physical page:
[   19.152538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b12
[   19.152623] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.152671] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.152778] page_type: f5(slab)
[   19.152873] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.152979] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.153034] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.153082] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.153131] head: 0bfffe0000000001 ffffc1ffc316c481 00000000ffffffff 00000000ffffffff
[   19.153182] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.153680] page dumped because: kasan: bad access detected
[   19.153865] 
[   19.153946] Memory state around the buggy address:
[   19.154031]  fff00000c5b13b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.154142]  fff00000c5b13c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.154244] >fff00000c5b13c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.154287]                                                     ^
[   19.154332]  fff00000c5b13d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.154377]  fff00000c5b13d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.154416] ==================================================================
[   19.155062] ==================================================================
[   19.155125] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.155196] Write of size 1 at addr fff00000c5b13cea by task kunit_try_catch/158
[   19.155252] 
[   19.155291] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.155381] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.155409] Hardware name: linux,dummy-virt (DT)
[   19.155443] Call trace:
[   19.155468]  show_stack+0x20/0x38 (C)
[   19.155524]  dump_stack_lvl+0x8c/0xd0
[   19.155576]  print_report+0x118/0x608
[   19.155627]  kasan_report+0xdc/0x128
[   19.155677]  __asan_report_store1_noabort+0x20/0x30
[   19.155733]  krealloc_less_oob_helper+0xae4/0xc50
[   19.155786]  krealloc_less_oob+0x20/0x38
[   19.155834]  kunit_try_run_case+0x170/0x3f0
[   19.155883]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.155938]  kthread+0x328/0x630
[   19.156407]  ret_from_fork+0x10/0x20
[   19.156528] 
[   19.156570] Allocated by task 158:
[   19.156630]  kasan_save_stack+0x3c/0x68
[   19.156710]  kasan_save_track+0x20/0x40
[   19.156752]  kasan_save_alloc_info+0x40/0x58
[   19.156835]  __kasan_krealloc+0x118/0x178
[   19.156914]  krealloc_noprof+0x128/0x360
[   19.157009]  krealloc_less_oob_helper+0x168/0xc50
[   19.157067]  krealloc_less_oob+0x20/0x38
[   19.157126]  kunit_try_run_case+0x170/0x3f0
[   19.157205]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.157294]  kthread+0x328/0x630
[   19.157373]  ret_from_fork+0x10/0x20
[   19.157452] 
[   19.157475] The buggy address belongs to the object at fff00000c5b13c00
[   19.157475]  which belongs to the cache kmalloc-256 of size 256
[   19.157535] The buggy address is located 33 bytes to the right of
[   19.157535]  allocated 201-byte region [fff00000c5b13c00, fff00000c5b13cc9)
[   19.157602] 
[   19.157624] The buggy address belongs to the physical page:
[   19.157657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b12
[   19.157712] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.157763] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.157831] page_type: f5(slab)
[   19.157881] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.157938] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.158005] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.158060] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.158112] head: 0bfffe0000000001 ffffc1ffc316c481 00000000ffffffff 00000000ffffffff
[   19.158163] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.158204] page dumped because: kasan: bad access detected
[   19.158238] 
[   19.158257] Memory state around the buggy address:
[   19.158291]  fff00000c5b13b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.158336]  fff00000c5b13c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.158381] >fff00000c5b13c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.159379]                                                           ^
[   19.159448]  fff00000c5b13d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.159672]  fff00000c5b13d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.159729] ==================================================================
[   19.214289] ==================================================================
[   19.214356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.214427] Write of size 1 at addr fff00000c65620eb by task kunit_try_catch/162
[   19.214703] 
[   19.214917] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT 
[   19.215220] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.215266] Hardware name: linux,dummy-virt (DT)
[   19.215337] Call trace:
[   19.215571]  show_stack+0x20/0x38 (C)
[   19.215769]  dump_stack_lvl+0x8c/0xd0
[   19.215882]  print_report+0x118/0x608
[   19.215938]  kasan_report+0xdc/0x128
[   19.216043]  __asan_report_store1_noabort+0x20/0x30
[   19.216107]  krealloc_less_oob_helper+0xa58/0xc50
[   19.216407]  krealloc_large_less_oob+0x20/0x38
[   19.216575]  kunit_try_run_case+0x170/0x3f0
[   19.216640]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.216861]  kthread+0x328/0x630
[   19.217063]  ret_from_fork+0x10/0x20
[   19.217141] 
[   19.217167] The buggy address belongs to the physical page:
[   19.217205] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106560
[   19.217264] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.217316] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.217374] page_type: f8(unknown)
[   19.217730] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.217802] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.218161] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.218225] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.218411] head: 0bfffe0000000002 ffffc1ffc3195801 00000000ffffffff 00000000ffffffff
[   19.218484] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.218539] page dumped because: kasan: bad access detected
[   19.218838] 
[   19.218954] Memory state around the buggy address:
[   19.219153]  fff00000c6561f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.219230]  fff00000c6562000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.219283] >fff00000c6562080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.219502]                                                           ^
[   19.219675]  fff00000c6562100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.219928]  fff00000c6562180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.220006] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x2ZFae8Ls3qEfTe0PRCYFb5eF9

job_id

TEST:linaro@lkft#2x2ZJwMkybAJ0V3AdwW8YXrmLW4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x2ZJwMkybAJ0V3AdwW8YXrmLW4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZGjWiQXEqdPbxYxRYAHypUXF/Image.gz
sha256sum	504e1d37524260fa95a6f6e6498e4daa3458f89c70f1974ff57f1740645ee541

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZGjWiQXEqdPbxYxRYAHypUXF/modules.tar.xz
sha256sum	a71187f290b93746206f2f75a3cb5731ed4583beeb2a9abe36ca5193decfd1c5

durations

tests

boot	0
kunit	376.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.929734] ==================================================================
[   10.930741] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.931643] Write of size 1 at addr ffff888102aa60d0 by task kunit_try_catch/179
[   10.932283] 
[   10.932372] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.932418] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.932429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.932449] Call Trace:
[   10.932462]  <TASK>
[   10.932477]  dump_stack_lvl+0x73/0xb0
[   10.932505]  print_report+0xd1/0x650
[   10.932538]  ? __virt_addr_valid+0x1db/0x2d0
[   10.932561]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.932584]  ? kasan_addr_to_slab+0x11/0xa0
[   10.932604]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.932641]  kasan_report+0x141/0x180
[   10.932663]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.932692]  __asan_report_store1_noabort+0x1b/0x30
[   10.932713]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.932738]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.932762]  ? finish_task_switch.isra.0+0x153/0x700
[   10.932782]  ? __switch_to+0x47/0xf50
[   10.932807]  ? __schedule+0x10cc/0x2b60
[   10.932828]  ? __pfx_read_tsc+0x10/0x10
[   10.932852]  krealloc_large_less_oob+0x1c/0x30
[   10.932874]  kunit_try_run_case+0x1a5/0x480
[   10.932898]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.932919]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.932941]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.932962]  ? __kthread_parkme+0x82/0x180
[   10.932982]  ? preempt_count_sub+0x50/0x80
[   10.933005]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.933027]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.933049]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.933072]  kthread+0x337/0x6f0
[   10.933091]  ? trace_preempt_on+0x20/0xc0
[   10.933114]  ? __pfx_kthread+0x10/0x10
[   10.933134]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.933154]  ? calculate_sigpending+0x7b/0xa0
[   10.933176]  ? __pfx_kthread+0x10/0x10
[   10.933209]  ret_from_fork+0x116/0x1d0
[   10.933227]  ? __pfx_kthread+0x10/0x10
[   10.933247]  ret_from_fork_asm+0x1a/0x30
[   10.933278]  </TASK>
[   10.933288] 
[   10.946635] The buggy address belongs to the physical page:
[   10.947204] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4
[   10.948157] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.948940] flags: 0x200000000000040(head|node=0|zone=2)
[   10.949242] page_type: f8(unknown)
[   10.949673] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.950085] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.950666] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.951437] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.952056] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff
[   10.952345] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.953113] page dumped because: kasan: bad access detected
[   10.953679] 
[   10.953840] Memory state around the buggy address:
[   10.954294]  ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.954833]  ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.955051] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.955389]                                                  ^
[   10.955973]  ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.956853]  ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.957516] ==================================================================
[   10.716395] ==================================================================
[   10.717356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.718243] Write of size 1 at addr ffff888100356ac9 by task kunit_try_catch/175
[   10.718560] 
[   10.718680] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.718729] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.718741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.718762] Call Trace:
[   10.718774]  <TASK>
[   10.718789]  dump_stack_lvl+0x73/0xb0
[   10.718818]  print_report+0xd1/0x650
[   10.718841]  ? __virt_addr_valid+0x1db/0x2d0
[   10.719062]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.719087]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.719109]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.719133]  kasan_report+0x141/0x180
[   10.719156]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.719420]  __asan_report_store1_noabort+0x1b/0x30
[   10.719449]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.719476]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.719501]  ? finish_task_switch.isra.0+0x153/0x700
[   10.719582]  ? __switch_to+0x47/0xf50
[   10.719625]  ? __schedule+0x10cc/0x2b60
[   10.719647]  ? __pfx_read_tsc+0x10/0x10
[   10.719672]  krealloc_less_oob+0x1c/0x30
[   10.719694]  kunit_try_run_case+0x1a5/0x480
[   10.719718]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.719739]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.719763]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.719785]  ? __kthread_parkme+0x82/0x180
[   10.719807]  ? preempt_count_sub+0x50/0x80
[   10.719831]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.719855]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.719877]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.719899]  kthread+0x337/0x6f0
[   10.719920]  ? trace_preempt_on+0x20/0xc0
[   10.719943]  ? __pfx_kthread+0x10/0x10
[   10.719963]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.719983]  ? calculate_sigpending+0x7b/0xa0
[   10.720007]  ? __pfx_kthread+0x10/0x10
[   10.720029]  ret_from_fork+0x116/0x1d0
[   10.720048]  ? __pfx_kthread+0x10/0x10
[   10.720069]  ret_from_fork_asm+0x1a/0x30
[   10.720100]  </TASK>
[   10.720112] 
[   10.732464] Allocated by task 175:
[   10.732848]  kasan_save_stack+0x45/0x70
[   10.733172]  kasan_save_track+0x18/0x40
[   10.733382]  kasan_save_alloc_info+0x3b/0x50
[   10.733749]  __kasan_krealloc+0x190/0x1f0
[   10.734090]  krealloc_noprof+0xf3/0x340
[   10.734418]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.734931]  krealloc_less_oob+0x1c/0x30
[   10.735203]  kunit_try_run_case+0x1a5/0x480
[   10.735508]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.735917]  kthread+0x337/0x6f0
[   10.736074]  ret_from_fork+0x116/0x1d0
[   10.736488]  ret_from_fork_asm+0x1a/0x30
[   10.736782] 
[   10.736995] The buggy address belongs to the object at ffff888100356a00
[   10.736995]  which belongs to the cache kmalloc-256 of size 256
[   10.737926] The buggy address is located 0 bytes to the right of
[   10.737926]  allocated 201-byte region [ffff888100356a00, ffff888100356ac9)
[   10.738800] 
[   10.738903] The buggy address belongs to the physical page:
[   10.739133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356
[   10.739945] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.740464] flags: 0x200000000000040(head|node=0|zone=2)
[   10.740907] page_type: f5(slab)
[   10.741068] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.741836] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.742306] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.743009] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.743757] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff
[   10.744153] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.744469] page dumped because: kasan: bad access detected
[   10.744952] 
[   10.745049] Memory state around the buggy address:
[   10.745428]  ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.745885]  ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.746359] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.746839]                                               ^
[   10.747086]  ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.747697]  ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.748149] ==================================================================
[   10.896963] ==================================================================
[   10.897452] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.897995] Write of size 1 at addr ffff888102aa60c9 by task kunit_try_catch/179
[   10.898855] 
[   10.898960] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.899009] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.899021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.899042] Call Trace:
[   10.899055]  <TASK>
[   10.899072]  dump_stack_lvl+0x73/0xb0
[   10.899103]  print_report+0xd1/0x650
[   10.899126]  ? __virt_addr_valid+0x1db/0x2d0
[   10.899149]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.899173]  ? kasan_addr_to_slab+0x11/0xa0
[   10.899359]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.899385]  kasan_report+0x141/0x180
[   10.899422]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.899451]  __asan_report_store1_noabort+0x1b/0x30
[   10.899501]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.899528]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.899564]  ? finish_task_switch.isra.0+0x153/0x700
[   10.899588]  ? __switch_to+0x47/0xf50
[   10.899625]  ? __schedule+0x10cc/0x2b60
[   10.899646]  ? __pfx_read_tsc+0x10/0x10
[   10.899671]  krealloc_large_less_oob+0x1c/0x30
[   10.899693]  kunit_try_run_case+0x1a5/0x480
[   10.899719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.899740]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.899762]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.899784]  ? __kthread_parkme+0x82/0x180
[   10.899805]  ? preempt_count_sub+0x50/0x80
[   10.899827]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.899850]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.899872]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.899894]  kthread+0x337/0x6f0
[   10.899914]  ? trace_preempt_on+0x20/0xc0
[   10.899937]  ? __pfx_kthread+0x10/0x10
[   10.899958]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.899978]  ? calculate_sigpending+0x7b/0xa0
[   10.900001]  ? __pfx_kthread+0x10/0x10
[   10.900022]  ret_from_fork+0x116/0x1d0
[   10.900040]  ? __pfx_kthread+0x10/0x10
[   10.900061]  ret_from_fork_asm+0x1a/0x30
[   10.900093]  </TASK>
[   10.900104] 
[   10.917015] The buggy address belongs to the physical page:
[   10.917847] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4
[   10.918546] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.919159] flags: 0x200000000000040(head|node=0|zone=2)
[   10.919504] page_type: f8(unknown)
[   10.919966] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.920767] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.921463] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.921844] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.922790] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff
[   10.923571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.924356] page dumped because: kasan: bad access detected
[   10.924902] 
[   10.924981] Memory state around the buggy address:
[   10.925139]  ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.925964]  ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.926941] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.927644]                                               ^
[   10.928134]  ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.928912]  ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.929320] ==================================================================
[   10.770412] ==================================================================
[   10.770903] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.771250] Write of size 1 at addr ffff888100356ada by task kunit_try_catch/175
[   10.771548] 
[   10.772373] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.772426] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.772438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.772459] Call Trace:
[   10.772473]  <TASK>
[   10.772488]  dump_stack_lvl+0x73/0xb0
[   10.772525]  print_report+0xd1/0x650
[   10.772548]  ? __virt_addr_valid+0x1db/0x2d0
[   10.772570]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.772594]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.772625]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.772649]  kasan_report+0x141/0x180
[   10.772671]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.772701]  __asan_report_store1_noabort+0x1b/0x30
[   10.772722]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.772748]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.772771]  ? finish_task_switch.isra.0+0x153/0x700
[   10.772793]  ? __switch_to+0x47/0xf50
[   10.772818]  ? __schedule+0x10cc/0x2b60
[   10.772840]  ? __pfx_read_tsc+0x10/0x10
[   10.772863]  krealloc_less_oob+0x1c/0x30
[   10.772885]  kunit_try_run_case+0x1a5/0x480
[   10.772908]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.772929]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.772952]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.772973]  ? __kthread_parkme+0x82/0x180
[   10.772993]  ? preempt_count_sub+0x50/0x80
[   10.773015]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.773038]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.773061]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.773083]  kthread+0x337/0x6f0
[   10.773102]  ? trace_preempt_on+0x20/0xc0
[   10.773124]  ? __pfx_kthread+0x10/0x10
[   10.773144]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.773164]  ? calculate_sigpending+0x7b/0xa0
[   10.773187]  ? __pfx_kthread+0x10/0x10
[   10.773209]  ret_from_fork+0x116/0x1d0
[   10.773227]  ? __pfx_kthread+0x10/0x10
[   10.773247]  ret_from_fork_asm+0x1a/0x30
[   10.773278]  </TASK>
[   10.773288] 
[   10.788269] Allocated by task 175:
[   10.788710]  kasan_save_stack+0x45/0x70
[   10.789110]  kasan_save_track+0x18/0x40
[   10.789465]  kasan_save_alloc_info+0x3b/0x50
[   10.789916]  __kasan_krealloc+0x190/0x1f0
[   10.790063]  krealloc_noprof+0xf3/0x340
[   10.790214]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.790757]  krealloc_less_oob+0x1c/0x30
[   10.791292]  kunit_try_run_case+0x1a5/0x480
[   10.791838]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.792322]  kthread+0x337/0x6f0
[   10.792447]  ret_from_fork+0x116/0x1d0
[   10.792768]  ret_from_fork_asm+0x1a/0x30
[   10.793174] 
[   10.793347] The buggy address belongs to the object at ffff888100356a00
[   10.793347]  which belongs to the cache kmalloc-256 of size 256
[   10.794666] The buggy address is located 17 bytes to the right of
[   10.794666]  allocated 201-byte region [ffff888100356a00, ffff888100356ac9)
[   10.795039] 
[   10.795114] The buggy address belongs to the physical page:
[   10.795595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356
[   10.796436] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.797191] flags: 0x200000000000040(head|node=0|zone=2)
[   10.797886] page_type: f5(slab)
[   10.798234] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.798686] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.799387] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.799962] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.800214] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff
[   10.800972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.801753] page dumped because: kasan: bad access detected
[   10.802275] 
[   10.802383] Memory state around the buggy address:
[   10.803021]  ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.803552]  ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.804004] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.804465]                                                     ^
[   10.804866]  ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.805550]  ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.806200] ==================================================================
[   10.996917] ==================================================================
[   10.997197] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.997712] Write of size 1 at addr ffff888102aa60eb by task kunit_try_catch/179
[   10.998013] 
[   10.998101] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.998145] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.998157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.998176] Call Trace:
[   10.998188]  <TASK>
[   10.998201]  dump_stack_lvl+0x73/0xb0
[   10.998227]  print_report+0xd1/0x650
[   10.998248]  ? __virt_addr_valid+0x1db/0x2d0
[   10.998270]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.998293]  ? kasan_addr_to_slab+0x11/0xa0
[   10.998313]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.998337]  kasan_report+0x141/0x180
[   10.998359]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.998388]  __asan_report_store1_noabort+0x1b/0x30
[   10.998408]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.998434]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.998457]  ? finish_task_switch.isra.0+0x153/0x700
[   10.998484]  ? __switch_to+0x47/0xf50
[   10.998508]  ? __schedule+0x10cc/0x2b60
[   10.998530]  ? __pfx_read_tsc+0x10/0x10
[   10.998553]  krealloc_large_less_oob+0x1c/0x30
[   10.998575]  kunit_try_run_case+0x1a5/0x480
[   10.998599]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.998632]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.998654]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.998675]  ? __kthread_parkme+0x82/0x180
[   10.998695]  ? preempt_count_sub+0x50/0x80
[   10.998718]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.998740]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.998817]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.998840]  kthread+0x337/0x6f0
[   10.998859]  ? trace_preempt_on+0x20/0xc0
[   10.998882]  ? __pfx_kthread+0x10/0x10
[   10.998903]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.998923]  ? calculate_sigpending+0x7b/0xa0
[   10.998945]  ? __pfx_kthread+0x10/0x10
[   10.998967]  ret_from_fork+0x116/0x1d0
[   10.998985]  ? __pfx_kthread+0x10/0x10
[   10.999005]  ret_from_fork_asm+0x1a/0x30
[   10.999036]  </TASK>
[   10.999045] 
[   11.007078] The buggy address belongs to the physical page:
[   11.007400] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4
[   11.007823] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.008103] flags: 0x200000000000040(head|node=0|zone=2)
[   11.008350] page_type: f8(unknown)
[   11.008508] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.008890] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.009242] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.009754] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.010076] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff
[   11.010358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.010586] page dumped because: kasan: bad access detected
[   11.010841] 
[   11.011006] Memory state around the buggy address:
[   11.011214]  ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.011429]  ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.011968] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.012442]                                                           ^
[   11.012734]  ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.013061]  ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.013365] ==================================================================
[   10.958362] ==================================================================
[   10.958864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.959111] Write of size 1 at addr ffff888102aa60da by task kunit_try_catch/179
[   10.959342] 
[   10.959523] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.959580] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.959592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.959621] Call Trace:
[   10.959636]  <TASK>
[   10.959650]  dump_stack_lvl+0x73/0xb0
[   10.959675]  print_report+0xd1/0x650
[   10.959697]  ? __virt_addr_valid+0x1db/0x2d0
[   10.959720]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.959743]  ? kasan_addr_to_slab+0x11/0xa0
[   10.959763]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.959786]  kasan_report+0x141/0x180
[   10.959809]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.959837]  __asan_report_store1_noabort+0x1b/0x30
[   10.959857]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.959883]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.959907]  ? finish_task_switch.isra.0+0x153/0x700
[   10.959928]  ? __switch_to+0x47/0xf50
[   10.959953]  ? __schedule+0x10cc/0x2b60
[   10.959974]  ? __pfx_read_tsc+0x10/0x10
[   10.959997]  krealloc_large_less_oob+0x1c/0x30
[   10.960019]  kunit_try_run_case+0x1a5/0x480
[   10.960042]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.960063]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.960085]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.960106]  ? __kthread_parkme+0x82/0x180
[   10.960126]  ? preempt_count_sub+0x50/0x80
[   10.960148]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.960171]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.960203]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.960225]  kthread+0x337/0x6f0
[   10.960244]  ? trace_preempt_on+0x20/0xc0
[   10.960266]  ? __pfx_kthread+0x10/0x10
[   10.960286]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.960306]  ? calculate_sigpending+0x7b/0xa0
[   10.960329]  ? __pfx_kthread+0x10/0x10
[   10.960350]  ret_from_fork+0x116/0x1d0
[   10.960378]  ? __pfx_kthread+0x10/0x10
[   10.960546]  ret_from_fork_asm+0x1a/0x30
[   10.960579]  </TASK>
[   10.960589] 
[   10.973173] The buggy address belongs to the physical page:
[   10.973434] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4
[   10.973879] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.974158] flags: 0x200000000000040(head|node=0|zone=2)
[   10.974471] page_type: f8(unknown)
[   10.974663] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.975057] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.975361] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.975812] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.976079] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff
[   10.976379] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.976910] page dumped because: kasan: bad access detected
[   10.977092] 
[   10.977280] Memory state around the buggy address:
[   10.977583]  ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.977834]  ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.978207] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.978472]                                                     ^
[   10.978769]  ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.979140]  ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.979490] ==================================================================
[   10.806711] ==================================================================
[   10.807132] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.807886] Write of size 1 at addr ffff888100356aea by task kunit_try_catch/175
[   10.808622] 
[   10.808827] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.808887] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.808899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.808919] Call Trace:
[   10.808931]  <TASK>
[   10.808947]  dump_stack_lvl+0x73/0xb0
[   10.808975]  print_report+0xd1/0x650
[   10.809007]  ? __virt_addr_valid+0x1db/0x2d0
[   10.809030]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.809054]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.809086]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.809110]  kasan_report+0x141/0x180
[   10.809133]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.809162]  __asan_report_store1_noabort+0x1b/0x30
[   10.809191]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.809224]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.809248]  ? finish_task_switch.isra.0+0x153/0x700
[   10.809279]  ? __switch_to+0x47/0xf50
[   10.809305]  ? __schedule+0x10cc/0x2b60
[   10.809326]  ? __pfx_read_tsc+0x10/0x10
[   10.809351]  krealloc_less_oob+0x1c/0x30
[   10.809381]  kunit_try_run_case+0x1a5/0x480
[   10.809404]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.809425]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.809459]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.809481]  ? __kthread_parkme+0x82/0x180
[   10.809501]  ? preempt_count_sub+0x50/0x80
[   10.809524]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.809546]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.809569]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.809591]  kthread+0x337/0x6f0
[   10.809610]  ? trace_preempt_on+0x20/0xc0
[   10.809640]  ? __pfx_kthread+0x10/0x10
[   10.809661]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.809681]  ? calculate_sigpending+0x7b/0xa0
[   10.809704]  ? __pfx_kthread+0x10/0x10
[   10.809726]  ret_from_fork+0x116/0x1d0
[   10.809744]  ? __pfx_kthread+0x10/0x10
[   10.809765]  ret_from_fork_asm+0x1a/0x30
[   10.809796]  </TASK>
[   10.809807] 
[   10.817542] Allocated by task 175:
[   10.817699]  kasan_save_stack+0x45/0x70
[   10.817899]  kasan_save_track+0x18/0x40
[   10.818116]  kasan_save_alloc_info+0x3b/0x50
[   10.818376]  __kasan_krealloc+0x190/0x1f0
[   10.818642]  krealloc_noprof+0xf3/0x340
[   10.818834]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.819068]  krealloc_less_oob+0x1c/0x30
[   10.819224]  kunit_try_run_case+0x1a5/0x480
[   10.819442]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.819688]  kthread+0x337/0x6f0
[   10.819940]  ret_from_fork+0x116/0x1d0
[   10.820103]  ret_from_fork_asm+0x1a/0x30
[   10.820309] 
[   10.820445] The buggy address belongs to the object at ffff888100356a00
[   10.820445]  which belongs to the cache kmalloc-256 of size 256
[   10.820938] The buggy address is located 33 bytes to the right of
[   10.820938]  allocated 201-byte region [ffff888100356a00, ffff888100356ac9)
[   10.821305] 
[   10.821378] The buggy address belongs to the physical page:
[   10.821668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356
[   10.822024] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.822381] flags: 0x200000000000040(head|node=0|zone=2)
[   10.822648] page_type: f5(slab)
[   10.822818] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.823147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.823487] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.823729] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.824005] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff
[   10.824592] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.824906] page dumped because: kasan: bad access detected
[   10.825136] 
[   10.825245] Memory state around the buggy address:
[   10.825451]  ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.825761]  ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.826062] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.826377]                                                           ^
[   10.826650]  ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.826965]  ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.827300] ==================================================================
[   10.827957] ==================================================================
[   10.828384] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.828643] Write of size 1 at addr ffff888100356aeb by task kunit_try_catch/175
[   10.829160] 
[   10.829248] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.829292] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.829304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.829323] Call Trace:
[   10.829336]  <TASK>
[   10.829351]  dump_stack_lvl+0x73/0xb0
[   10.829377]  print_report+0xd1/0x650
[   10.829398]  ? __virt_addr_valid+0x1db/0x2d0
[   10.829420]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.829443]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.829465]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.829488]  kasan_report+0x141/0x180
[   10.829510]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.829538]  __asan_report_store1_noabort+0x1b/0x30
[   10.829558]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.829584]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.829607]  ? finish_task_switch.isra.0+0x153/0x700
[   10.829638]  ? __switch_to+0x47/0xf50
[   10.829663]  ? __schedule+0x10cc/0x2b60
[   10.829684]  ? __pfx_read_tsc+0x10/0x10
[   10.829707]  krealloc_less_oob+0x1c/0x30
[   10.829729]  kunit_try_run_case+0x1a5/0x480
[   10.829763]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.829794]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.829817]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.829838]  ? __kthread_parkme+0x82/0x180
[   10.829870]  ? preempt_count_sub+0x50/0x80
[   10.829892]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.829915]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.829938]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.829960]  kthread+0x337/0x6f0
[   10.829979]  ? trace_preempt_on+0x20/0xc0
[   10.830002]  ? __pfx_kthread+0x10/0x10
[   10.830023]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.830043]  ? calculate_sigpending+0x7b/0xa0
[   10.830066]  ? __pfx_kthread+0x10/0x10
[   10.830087]  ret_from_fork+0x116/0x1d0
[   10.830106]  ? __pfx_kthread+0x10/0x10
[   10.830126]  ret_from_fork_asm+0x1a/0x30
[   10.830157]  </TASK>
[   10.830167] 
[   10.837928] Allocated by task 175:
[   10.838135]  kasan_save_stack+0x45/0x70
[   10.838352]  kasan_save_track+0x18/0x40
[   10.838546]  kasan_save_alloc_info+0x3b/0x50
[   10.838756]  __kasan_krealloc+0x190/0x1f0
[   10.838924]  krealloc_noprof+0xf3/0x340
[   10.839062]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.839249]  krealloc_less_oob+0x1c/0x30
[   10.839491]  kunit_try_run_case+0x1a5/0x480
[   10.839715]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.839994]  kthread+0x337/0x6f0
[   10.840120]  ret_from_fork+0x116/0x1d0
[   10.840472]  ret_from_fork_asm+0x1a/0x30
[   10.840675] 
[   10.840770] The buggy address belongs to the object at ffff888100356a00
[   10.840770]  which belongs to the cache kmalloc-256 of size 256
[   10.841267] The buggy address is located 34 bytes to the right of
[   10.841267]  allocated 201-byte region [ffff888100356a00, ffff888100356ac9)
[   10.841709] 
[   10.841782] The buggy address belongs to the physical page:
[   10.841957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356
[   10.842203] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.842568] flags: 0x200000000000040(head|node=0|zone=2)
[   10.842826] page_type: f5(slab)
[   10.842994] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.843515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.843870] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.844209] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.844476] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff
[   10.844719] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.844946] page dumped because: kasan: bad access detected
[   10.845202] 
[   10.845299] Memory state around the buggy address:
[   10.845551]  ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.845901]  ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.846305] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.846635]                                                           ^
[   10.846848]  ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.847190]  ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.847475] ==================================================================
[   10.979990] ==================================================================
[   10.980299] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.980827] Write of size 1 at addr ffff888102aa60ea by task kunit_try_catch/179
[   10.981133] 
[   10.981244] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.981288] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.981299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.981319] Call Trace:
[   10.981333]  <TASK>
[   10.981347]  dump_stack_lvl+0x73/0xb0
[   10.981375]  print_report+0xd1/0x650
[   10.981396]  ? __virt_addr_valid+0x1db/0x2d0
[   10.981419]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.981442]  ? kasan_addr_to_slab+0x11/0xa0
[   10.981462]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.981486]  kasan_report+0x141/0x180
[   10.981518]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.981546]  __asan_report_store1_noabort+0x1b/0x30
[   10.981640]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.981666]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.981690]  ? finish_task_switch.isra.0+0x153/0x700
[   10.981711]  ? __switch_to+0x47/0xf50
[   10.981737]  ? __schedule+0x10cc/0x2b60
[   10.981757]  ? __pfx_read_tsc+0x10/0x10
[   10.981782]  krealloc_large_less_oob+0x1c/0x30
[   10.981804]  kunit_try_run_case+0x1a5/0x480
[   10.981827]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.981849]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.981870]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.981892]  ? __kthread_parkme+0x82/0x180
[   10.981911]  ? preempt_count_sub+0x50/0x80
[   10.981934]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.981956]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.981979]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.982001]  kthread+0x337/0x6f0
[   10.982020]  ? trace_preempt_on+0x20/0xc0
[   10.982043]  ? __pfx_kthread+0x10/0x10
[   10.982063]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.982083]  ? calculate_sigpending+0x7b/0xa0
[   10.982106]  ? __pfx_kthread+0x10/0x10
[   10.982127]  ret_from_fork+0x116/0x1d0
[   10.982145]  ? __pfx_kthread+0x10/0x10
[   10.982165]  ret_from_fork_asm+0x1a/0x30
[   10.982196]  </TASK>
[   10.982205] 
[   10.990225] The buggy address belongs to the physical page:
[   10.990404] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4
[   10.990793] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.991073] flags: 0x200000000000040(head|node=0|zone=2)
[   10.991242] page_type: f8(unknown)
[   10.991367] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.991829] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.992181] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.992537] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.993296] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff
[   10.993699] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.993929] page dumped because: kasan: bad access detected
[   10.994162] 
[   10.994319] Memory state around the buggy address:
[   10.994548]  ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.994805]  ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.995018] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.995327]                                                           ^
[   10.995627]  ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.996019]  ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.996355] ==================================================================
[   10.749315] ==================================================================
[   10.749668] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.750042] Write of size 1 at addr ffff888100356ad0 by task kunit_try_catch/175
[   10.750402] 
[   10.750525] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) 
[   10.750571] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.750583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.750603] Call Trace:
[   10.750625]  <TASK>
[   10.750640]  dump_stack_lvl+0x73/0xb0
[   10.750666]  print_report+0xd1/0x650
[   10.750688]  ? __virt_addr_valid+0x1db/0x2d0
[   10.750721]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.750745]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.750767]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.750790]  kasan_report+0x141/0x180
[   10.750813]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.750841]  __asan_report_store1_noabort+0x1b/0x30
[   10.750862]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.750888]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.750912]  ? finish_task_switch.isra.0+0x153/0x700
[   10.750934]  ? __switch_to+0x47/0xf50
[   10.750960]  ? __schedule+0x10cc/0x2b60
[   10.750981]  ? __pfx_read_tsc+0x10/0x10
[   10.751006]  krealloc_less_oob+0x1c/0x30
[   10.751027]  kunit_try_run_case+0x1a5/0x480
[   10.751051]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.751072]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.751095]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.751116]  ? __kthread_parkme+0x82/0x180
[   10.751136]  ? preempt_count_sub+0x50/0x80
[   10.751159]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.751191]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.751214]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.751237]  kthread+0x337/0x6f0
[   10.751256]  ? trace_preempt_on+0x20/0xc0
[   10.751279]  ? __pfx_kthread+0x10/0x10
[   10.751300]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.751320]  ? calculate_sigpending+0x7b/0xa0
[   10.751343]  ? __pfx_kthread+0x10/0x10
[   10.751365]  ret_from_fork+0x116/0x1d0
[   10.751383]  ? __pfx_kthread+0x10/0x10
[   10.751403]  ret_from_fork_asm+0x1a/0x30
[   10.751435]  </TASK>
[   10.751445] 
[   10.759124] Allocated by task 175:
[   10.759249]  kasan_save_stack+0x45/0x70
[   10.759433]  kasan_save_track+0x18/0x40
[   10.759836]  kasan_save_alloc_info+0x3b/0x50
[   10.760042]  __kasan_krealloc+0x190/0x1f0
[   10.760239]  krealloc_noprof+0xf3/0x340
[   10.760432]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.760599]  krealloc_less_oob+0x1c/0x30
[   10.760746]  kunit_try_run_case+0x1a5/0x480
[   10.760902]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.761431]  kthread+0x337/0x6f0
[   10.761600]  ret_from_fork+0x116/0x1d0
[   10.761798]  ret_from_fork_asm+0x1a/0x30
[   10.761961] 
[   10.762031] The buggy address belongs to the object at ffff888100356a00
[   10.762031]  which belongs to the cache kmalloc-256 of size 256
[   10.762377] The buggy address is located 7 bytes to the right of
[   10.762377]  allocated 201-byte region [ffff888100356a00, ffff888100356ac9)
[   10.763237] 
[   10.763384] The buggy address belongs to the physical page:
[   10.763628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356
[   10.763916] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.764246] flags: 0x200000000000040(head|node=0|zone=2)
[   10.764482] page_type: f5(slab)
[   10.764719] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.764950] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.765178] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.765534] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.766021] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff
[   10.766343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.766777] page dumped because: kasan: bad access detected
[   10.767002] 
[   10.767076] Memory state around the buggy address:
[   10.767309]  ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.767522]  ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.767743] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.768057]                                                  ^
[   10.768320]  ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.768783]  ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.769196] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x2ZFae8Ls3qEfTe0PRCYFb5eF9

job_id

TEST:linaro@lkft#2x2ZKfXq1x4rE5uAs6VLnxuNkCP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x2ZKfXq1x4rE5uAs6VLnxuNkCP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZHlHBYbYCHYJaF5eD66G530I/bzImage
sha256sum	e89f03c19c78189cd68c59a16440604de847a1695c893a93d8173d838704e698

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x2ZHlHBYbYCHYJaF5eD66G530I/modules.tar.xz
sha256sum	8a5955c9acfee51bf7a3c12d37a8784f27ef2d8796875e5fb6568a2ec65c0fa8

durations

tests

boot	0
kunit	206.87

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit