lkft/linux-next-master - next-20250515 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

May 15, 2025, 10:38 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.962584] ==================================================================
[   17.962625] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.962667] Write of size 1 at addr fff00000c77560eb by task kunit_try_catch/162
[   17.962714] 
[   17.962746] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.962824] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.962864] Hardware name: linux,dummy-virt (DT)
[   17.962892] Call trace:
[   17.962912]  show_stack+0x20/0x38 (C)
[   17.962971]  dump_stack_lvl+0x8c/0xd0
[   17.963014]  print_report+0x118/0x608
[   17.963058]  kasan_report+0xdc/0x128
[   17.963102]  __asan_report_store1_noabort+0x20/0x30
[   17.963151]  krealloc_less_oob_helper+0xa58/0xc50
[   17.963208]  krealloc_large_less_oob+0x20/0x38
[   17.963253]  kunit_try_run_case+0x170/0x3f0
[   17.963306]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.963356]  kthread+0x328/0x630
[   17.963411]  ret_from_fork+0x10/0x20
[   17.963456] 
[   17.963474] The buggy address belongs to the physical page:
[   17.963503] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   17.963551] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.963614] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.963691] page_type: f8(unknown)
[   17.963727] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.963774] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.963839] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.963948] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.964013] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   17.964060] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.964116] page dumped because: kasan: bad access detected
[   17.964171] 
[   17.964189] Memory state around the buggy address:
[   17.964217]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.964280]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.964590] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.964646]                                                           ^
[   17.964755]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.964823]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.964880] ==================================================================
[   17.880805] ==================================================================
[   17.880868] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.880919] Write of size 1 at addr fff00000c473dcc9 by task kunit_try_catch/158
[   17.881200] 
[   17.881260] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.881346] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.881372] Hardware name: linux,dummy-virt (DT)
[   17.881403] Call trace:
[   17.881625]  show_stack+0x20/0x38 (C)
[   17.881710]  dump_stack_lvl+0x8c/0xd0
[   17.881798]  print_report+0x118/0x608
[   17.881884]  kasan_report+0xdc/0x128
[   17.881947]  __asan_report_store1_noabort+0x20/0x30
[   17.882011]  krealloc_less_oob_helper+0xa48/0xc50
[   17.882292]  krealloc_less_oob+0x20/0x38
[   17.882447]  kunit_try_run_case+0x170/0x3f0
[   17.882512]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.882883]  kthread+0x328/0x630
[   17.883018]  ret_from_fork+0x10/0x20
[   17.883098] 
[   17.883414] Allocated by task 158:
[   17.883460]  kasan_save_stack+0x3c/0x68
[   17.883587]  kasan_save_track+0x20/0x40
[   17.883780]  kasan_save_alloc_info+0x40/0x58
[   17.883841]  __kasan_krealloc+0x118/0x178
[   17.884029]  krealloc_noprof+0x128/0x360
[   17.884186]  krealloc_less_oob_helper+0x168/0xc50
[   17.884262]  krealloc_less_oob+0x20/0x38
[   17.884399]  kunit_try_run_case+0x170/0x3f0
[   17.884436]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.884778]  kthread+0x328/0x630
[   17.884889]  ret_from_fork+0x10/0x20
[   17.885094] 
[   17.885135] The buggy address belongs to the object at fff00000c473dc00
[   17.885135]  which belongs to the cache kmalloc-256 of size 256
[   17.885485] The buggy address is located 0 bytes to the right of
[   17.885485]  allocated 201-byte region [fff00000c473dc00, fff00000c473dcc9)
[   17.885592] 
[   17.885613] The buggy address belongs to the physical page:
[   17.885681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10473c
[   17.886055] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.886113] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.886178] page_type: f5(slab)
[   17.886217] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.886566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.886639] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.886943] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.887148] head: 0bfffe0000000001 ffffc1ffc311cf01 00000000ffffffff 00000000ffffffff
[   17.887551] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.887618] page dumped because: kasan: bad access detected
[   17.887747] 
[   17.887800] Memory state around the buggy address:
[   17.887968]  fff00000c473db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.888091]  fff00000c473dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.888138] >fff00000c473dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.888392]                                               ^
[   17.888592]  fff00000c473dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.888685]  fff00000c473dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.888819] ==================================================================
[   17.910397] ==================================================================
[   17.910467] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.910689] Write of size 1 at addr fff00000c473dceb by task kunit_try_catch/158
[   17.910789] 
[   17.910858] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.910939] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.910965] Hardware name: linux,dummy-virt (DT)
[   17.910994] Call trace:
[   17.911075]  show_stack+0x20/0x38 (C)
[   17.911131]  dump_stack_lvl+0x8c/0xd0
[   17.911218]  print_report+0x118/0x608
[   17.911264]  kasan_report+0xdc/0x128
[   17.911308]  __asan_report_store1_noabort+0x20/0x30
[   17.911358]  krealloc_less_oob_helper+0xa58/0xc50
[   17.911434]  krealloc_less_oob+0x20/0x38
[   17.911530]  kunit_try_run_case+0x170/0x3f0
[   17.911607]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.911660]  kthread+0x328/0x630
[   17.911732]  ret_from_fork+0x10/0x20
[   17.911809] 
[   17.911846] Allocated by task 158:
[   17.911873]  kasan_save_stack+0x3c/0x68
[   17.911911]  kasan_save_track+0x20/0x40
[   17.911982]  kasan_save_alloc_info+0x40/0x58
[   17.912021]  __kasan_krealloc+0x118/0x178
[   17.912267]  krealloc_noprof+0x128/0x360
[   17.912334]  krealloc_less_oob_helper+0x168/0xc50
[   17.912436]  krealloc_less_oob+0x20/0x38
[   17.912474]  kunit_try_run_case+0x170/0x3f0
[   17.912509]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.912568]  kthread+0x328/0x630
[   17.912603]  ret_from_fork+0x10/0x20
[   17.912637] 
[   17.912749] The buggy address belongs to the object at fff00000c473dc00
[   17.912749]  which belongs to the cache kmalloc-256 of size 256
[   17.912817] The buggy address is located 34 bytes to the right of
[   17.912817]  allocated 201-byte region [fff00000c473dc00, fff00000c473dcc9)
[   17.912987] 
[   17.913047] The buggy address belongs to the physical page:
[   17.913107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10473c
[   17.913185] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.913230] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.913308] page_type: f5(slab)
[   17.913445] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.913682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.913782] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.913881] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.913929] head: 0bfffe0000000001 ffffc1ffc311cf01 00000000ffffffff 00000000ffffffff
[   17.913991] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.914153] page dumped because: kasan: bad access detected
[   17.914231] 
[   17.914328] Memory state around the buggy address:
[   17.914415]  fff00000c473db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.914518]  fff00000c473dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.914568] >fff00000c473dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.914605]                                                           ^
[   17.914641]  fff00000c473dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.914681]  fff00000c473dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.914716] ==================================================================
[   17.960474] ==================================================================
[   17.960507] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.960547] Write of size 1 at addr fff00000c77560ea by task kunit_try_catch/162
[   17.960592] 
[   17.960629] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.960708] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.960732] Hardware name: linux,dummy-virt (DT)
[   17.960760] Call trace:
[   17.960780]  show_stack+0x20/0x38 (C)
[   17.960825]  dump_stack_lvl+0x8c/0xd0
[   17.960869]  print_report+0x118/0x608
[   17.960928]  kasan_report+0xdc/0x128
[   17.960975]  __asan_report_store1_noabort+0x20/0x30
[   17.961032]  krealloc_less_oob_helper+0xae4/0xc50
[   17.961079]  krealloc_large_less_oob+0x20/0x38
[   17.961125]  kunit_try_run_case+0x170/0x3f0
[   17.961180]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.961231]  kthread+0x328/0x630
[   17.961275]  ret_from_fork+0x10/0x20
[   17.961319] 
[   17.961337] The buggy address belongs to the physical page:
[   17.961366] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   17.961416] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.961459] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.961517] page_type: f8(unknown)
[   17.961552] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.961598] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.961645] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.961691] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.961770] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   17.961817] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.961855] page dumped because: kasan: bad access detected
[   17.961884] 
[   17.961901] Memory state around the buggy address:
[   17.961929]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.961968]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.962019] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.962054]                                                           ^
[   17.962101]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.962140]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.962185] ==================================================================
[   17.944007] ==================================================================
[   17.944061] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.944111] Write of size 1 at addr fff00000c77560c9 by task kunit_try_catch/162
[   17.944993] 
[   17.945035] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.945268] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.945317] Hardware name: linux,dummy-virt (DT)
[   17.945365] Call trace:
[   17.945403]  show_stack+0x20/0x38 (C)
[   17.945605]  dump_stack_lvl+0x8c/0xd0
[   17.945916]  print_report+0x118/0x608
[   17.946266]  kasan_report+0xdc/0x128
[   17.946409]  __asan_report_store1_noabort+0x20/0x30
[   17.946485]  krealloc_less_oob_helper+0xa48/0xc50
[   17.946533]  krealloc_large_less_oob+0x20/0x38
[   17.946608]  kunit_try_run_case+0x170/0x3f0
[   17.946983]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.947108]  kthread+0x328/0x630
[   17.947304]  ret_from_fork+0x10/0x20
[   17.947487] 
[   17.947509] The buggy address belongs to the physical page:
[   17.947539] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   17.947875] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.947993] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.948202] page_type: f8(unknown)
[   17.948410] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.948481] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.948607] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.948760] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.948858] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   17.949248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.949308] page dumped because: kasan: bad access detected
[   17.949443] 
[   17.949474] Memory state around the buggy address:
[   17.949582]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.949666]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.949808] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.949926]                                               ^
[   17.949987]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.950136]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.950398] ==================================================================
[   17.907345] ==================================================================
[   17.907388] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.907434] Write of size 1 at addr fff00000c473dcea by task kunit_try_catch/158
[   17.907481] 
[   17.907510] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.907590] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.907615] Hardware name: linux,dummy-virt (DT)
[   17.907647] Call trace:
[   17.907669]  show_stack+0x20/0x38 (C)
[   17.907717]  dump_stack_lvl+0x8c/0xd0
[   17.907762]  print_report+0x118/0x608
[   17.907806]  kasan_report+0xdc/0x128
[   17.907850]  __asan_report_store1_noabort+0x20/0x30
[   17.907900]  krealloc_less_oob_helper+0xae4/0xc50
[   17.907946]  krealloc_less_oob+0x20/0x38
[   17.907990]  kunit_try_run_case+0x170/0x3f0
[   17.908034]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.908084]  kthread+0x328/0x630
[   17.908127]  ret_from_fork+0x10/0x20
[   17.908186] 
[   17.908204] Allocated by task 158:
[   17.908230]  kasan_save_stack+0x3c/0x68
[   17.908267]  kasan_save_track+0x20/0x40
[   17.908302]  kasan_save_alloc_info+0x40/0x58
[   17.908339]  __kasan_krealloc+0x118/0x178
[   17.908375]  krealloc_noprof+0x128/0x360
[   17.908409]  krealloc_less_oob_helper+0x168/0xc50
[   17.908445]  krealloc_less_oob+0x20/0x38
[   17.908479]  kunit_try_run_case+0x170/0x3f0
[   17.908513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.908553]  kthread+0x328/0x630
[   17.908586]  ret_from_fork+0x10/0x20
[   17.908619] 
[   17.908637] The buggy address belongs to the object at fff00000c473dc00
[   17.908637]  which belongs to the cache kmalloc-256 of size 256
[   17.908689] The buggy address is located 33 bytes to the right of
[   17.908689]  allocated 201-byte region [fff00000c473dc00, fff00000c473dcc9)
[   17.908749] 
[   17.908767] The buggy address belongs to the physical page:
[   17.908796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10473c
[   17.908845] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.908888] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.908936] page_type: f5(slab)
[   17.908970] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.909018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.909066] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.909112] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.909192] head: 0bfffe0000000001 ffffc1ffc311cf01 00000000ffffffff 00000000ffffffff
[   17.909268] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.909335] page dumped because: kasan: bad access detected
[   17.909393] 
[   17.909422] Memory state around the buggy address:
[   17.909490]  fff00000c473db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.909558]  fff00000c473dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.909629] >fff00000c473dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.909676]                                                           ^
[   17.909714]  fff00000c473dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.910109]  fff00000c473dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.910170] ==================================================================
[   17.958267] ==================================================================
[   17.958309] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.958352] Write of size 1 at addr fff00000c77560da by task kunit_try_catch/162
[   17.958399] 
[   17.958426] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.958980] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.959016] Hardware name: linux,dummy-virt (DT)
[   17.959045] Call trace:
[   17.959066]  show_stack+0x20/0x38 (C)
[   17.959115]  dump_stack_lvl+0x8c/0xd0
[   17.959171]  print_report+0x118/0x608
[   17.959215]  kasan_report+0xdc/0x128
[   17.959259]  __asan_report_store1_noabort+0x20/0x30
[   17.959308]  krealloc_less_oob_helper+0xa80/0xc50
[   17.959354]  krealloc_large_less_oob+0x20/0x38
[   17.959400]  kunit_try_run_case+0x170/0x3f0
[   17.959444]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.959493]  kthread+0x328/0x630
[   17.959536]  ret_from_fork+0x10/0x20
[   17.959581] 
[   17.959600] The buggy address belongs to the physical page:
[   17.959628] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   17.959678] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.959721] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.959768] page_type: f8(unknown)
[   17.959803] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.959850] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.959898] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.959944] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.959990] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   17.960036] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.960074] page dumped because: kasan: bad access detected
[   17.960102] 
[   17.960120] Memory state around the buggy address:
[   17.960148]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.960196]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.960236] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.960300]                                                     ^
[   17.960336]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.960382]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.960418] ==================================================================
[   17.897052] ==================================================================
[   17.897096] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.897142] Write of size 1 at addr fff00000c473dcda by task kunit_try_catch/158
[   17.897754] 
[   17.897931] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.898169] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.898207] Hardware name: linux,dummy-virt (DT)
[   17.898266] Call trace:
[   17.898288]  show_stack+0x20/0x38 (C)
[   17.898671]  dump_stack_lvl+0x8c/0xd0
[   17.898806]  print_report+0x118/0x608
[   17.898950]  kasan_report+0xdc/0x128
[   17.899106]  __asan_report_store1_noabort+0x20/0x30
[   17.899233]  krealloc_less_oob_helper+0xa80/0xc50
[   17.899305]  krealloc_less_oob+0x20/0x38
[   17.899640]  kunit_try_run_case+0x170/0x3f0
[   17.899750]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.899861]  kthread+0x328/0x630
[   17.900064]  ret_from_fork+0x10/0x20
[   17.900153] 
[   17.900186] Allocated by task 158:
[   17.900426]  kasan_save_stack+0x3c/0x68
[   17.900514]  kasan_save_track+0x20/0x40
[   17.900581]  kasan_save_alloc_info+0x40/0x58
[   17.900983]  __kasan_krealloc+0x118/0x178
[   17.901101]  krealloc_noprof+0x128/0x360
[   17.901256]  krealloc_less_oob_helper+0x168/0xc50
[   17.901422]  krealloc_less_oob+0x20/0x38
[   17.901531]  kunit_try_run_case+0x170/0x3f0
[   17.901935]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.902091]  kthread+0x328/0x630
[   17.902334]  ret_from_fork+0x10/0x20
[   17.902537] 
[   17.902588] The buggy address belongs to the object at fff00000c473dc00
[   17.902588]  which belongs to the cache kmalloc-256 of size 256
[   17.903028] The buggy address is located 17 bytes to the right of
[   17.903028]  allocated 201-byte region [fff00000c473dc00, fff00000c473dcc9)
[   17.903166] 
[   17.903305] The buggy address belongs to the physical page:
[   17.903376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10473c
[   17.903546] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.903604] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.903692] page_type: f5(slab)
[   17.903963] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.904121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.904866] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.904940] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.905023] head: 0bfffe0000000001 ffffc1ffc311cf01 00000000ffffffff 00000000ffffffff
[   17.905099] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.905231] page dumped because: kasan: bad access detected
[   17.905263] 
[   17.905466] Memory state around the buggy address:
[   17.905731]  fff00000c473db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.906213]  fff00000c473dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.906258] >fff00000c473dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.906295]                                                     ^
[   17.906330]  fff00000c473dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.906858]  fff00000c473dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.906915] ==================================================================
[   17.952860] ==================================================================
[   17.952940] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.953016] Write of size 1 at addr fff00000c77560d0 by task kunit_try_catch/162
[   17.953082] 
[   17.953383] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.953560] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.953618] Hardware name: linux,dummy-virt (DT)
[   17.953676] Call trace:
[   17.953770]  show_stack+0x20/0x38 (C)
[   17.953845]  dump_stack_lvl+0x8c/0xd0
[   17.953957]  print_report+0x118/0x608
[   17.954077]  kasan_report+0xdc/0x128
[   17.954253]  __asan_report_store1_noabort+0x20/0x30
[   17.954429]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.954675]  krealloc_large_less_oob+0x20/0x38
[   17.954786]  kunit_try_run_case+0x170/0x3f0
[   17.954935]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.954988]  kthread+0x328/0x630
[   17.955290]  ret_from_fork+0x10/0x20
[   17.955420] 
[   17.955465] The buggy address belongs to the physical page:
[   17.955710] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   17.955808] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.955913] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.956224] page_type: f8(unknown)
[   17.956286] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.956483] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.956636] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.956743] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.956848] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   17.956934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.957765] page dumped because: kasan: bad access detected
[   17.957809] 
[   17.957827] Memory state around the buggy address:
[   17.957865]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.957907]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.957950] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.957988]                                                  ^
[   17.958023]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.958064]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.958100] ==================================================================
[   17.890012] ==================================================================
[   17.890057] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.890420] Write of size 1 at addr fff00000c473dcd0 by task kunit_try_catch/158
[   17.890593] 
[   17.890632] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.890813] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.890841] Hardware name: linux,dummy-virt (DT)
[   17.891124] Call trace:
[   17.891195]  show_stack+0x20/0x38 (C)
[   17.891314]  dump_stack_lvl+0x8c/0xd0
[   17.891400]  print_report+0x118/0x608
[   17.891511]  kasan_report+0xdc/0x128
[   17.891673]  __asan_report_store1_noabort+0x20/0x30
[   17.891810]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.892246]  krealloc_less_oob+0x20/0x38
[   17.892329]  kunit_try_run_case+0x170/0x3f0
[   17.892524]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.892735]  kthread+0x328/0x630
[   17.892819]  ret_from_fork+0x10/0x20
[   17.892989] 
[   17.893172] Allocated by task 158:
[   17.893231]  kasan_save_stack+0x3c/0x68
[   17.893385]  kasan_save_track+0x20/0x40
[   17.893582]  kasan_save_alloc_info+0x40/0x58
[   17.893681]  __kasan_krealloc+0x118/0x178
[   17.893859]  krealloc_noprof+0x128/0x360
[   17.893899]  krealloc_less_oob_helper+0x168/0xc50
[   17.893960]  krealloc_less_oob+0x20/0x38
[   17.893998]  kunit_try_run_case+0x170/0x3f0
[   17.894319]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.894479]  kthread+0x328/0x630
[   17.894589]  ret_from_fork+0x10/0x20
[   17.894711] 
[   17.894805] The buggy address belongs to the object at fff00000c473dc00
[   17.894805]  which belongs to the cache kmalloc-256 of size 256
[   17.894940] The buggy address is located 7 bytes to the right of
[   17.894940]  allocated 201-byte region [fff00000c473dc00, fff00000c473dcc9)
[   17.895003] 
[   17.895022] The buggy address belongs to the physical page:
[   17.895420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10473c
[   17.895657] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.895726] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.895789] page_type: f5(slab)
[   17.895835] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.895884] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.895946] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.896002] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.896050] head: 0bfffe0000000001 ffffc1ffc311cf01 00000000ffffffff 00000000ffffffff
[   17.896106] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.896166] page dumped because: kasan: bad access detected
[   17.896205] 
[   17.896223] Memory state around the buggy address:
[   17.896261]  fff00000c473db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.896301]  fff00000c473dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.896349] >fff00000c473dc80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.896384]                                                  ^
[   17.896434]  fff00000c473dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.896474]  fff00000c473dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.896527] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2x82cn95lnaJcv25aBcIbqxmNlW

job_id

TEST:linaro@lkft#2x82i0VEAX8AHEnAIjjHU38fOa5

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x82i0VEAX8AHEnAIjjHU38fOa5

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82eG237Xz0oehRyoZ2sE2FTZZ/Image.gz
sha256sum	8d10f44ec72bc28243b4fef40985d64e1d2a2da67aaf1203ca0c5f056291b385

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82eG237Xz0oehRyoZ2sE2FTZZ/modules.tar.xz
sha256sum	260beefc77a5cb8d14f0b0fb6da10f4b829dae2598932fe8a7db834d3bf2199f

durations

tests

boot	0
kunit	179.62

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.881635] ==================================================================
[   13.881867] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   13.882148] Write of size 1 at addr ffff88810298e0da by task kunit_try_catch/180
[   13.882953] 
[   13.883557] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.883657] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.883682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.883720] Call Trace:
[   13.883761]  <TASK>
[   13.883796]  dump_stack_lvl+0x73/0xb0
[   13.883883]  print_report+0xd1/0x650
[   13.884091]  ? __virt_addr_valid+0x1db/0x2d0
[   13.884146]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.884195]  ? kasan_addr_to_slab+0x11/0xa0
[   13.884249]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.884298]  kasan_report+0x141/0x180
[   13.884336]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.884389]  __asan_report_store1_noabort+0x1b/0x30
[   13.884423]  krealloc_less_oob_helper+0xec6/0x11d0
[   13.884478]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.884516]  ? finish_task_switch.isra.0+0x153/0x700
[   13.884550]  ? __switch_to+0x47/0xf50
[   13.884592]  ? __schedule+0x10cc/0x2b60
[   13.884620]  ? __pfx_read_tsc+0x10/0x10
[   13.884645]  krealloc_large_less_oob+0x1c/0x30
[   13.884668]  kunit_try_run_case+0x1a5/0x480
[   13.884695]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.884715]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.884737]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.884758]  ? __kthread_parkme+0x82/0x180
[   13.884779]  ? preempt_count_sub+0x50/0x80
[   13.884801]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.884823]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.884844]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.884865]  kthread+0x337/0x6f0
[   13.884884]  ? trace_preempt_on+0x20/0xc0
[   13.884907]  ? __pfx_kthread+0x10/0x10
[   13.884926]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.884946]  ? calculate_sigpending+0x7b/0xa0
[   13.884970]  ? __pfx_kthread+0x10/0x10
[   13.884990]  ret_from_fork+0x116/0x1d0
[   13.885008]  ? __pfx_kthread+0x10/0x10
[   13.885028]  ret_from_fork_asm+0x1a/0x30
[   13.885060]  </TASK>
[   13.885072] 
[   13.896777] The buggy address belongs to the physical page:
[   13.897158] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298c
[   13.897682] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.898175] flags: 0x200000000000040(head|node=0|zone=2)
[   13.899160] page_type: f8(unknown)
[   13.899654] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.900162] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.900637] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.900882] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.901685] head: 0200000000000002 ffffea00040a6301 00000000ffffffff 00000000ffffffff
[   13.902097] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.902420] page dumped because: kasan: bad access detected
[   13.902882] 
[   13.903047] Memory state around the buggy address:
[   13.903762]  ffff88810298df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.904175]  ffff88810298e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.904741] >ffff88810298e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.905101]                                                     ^
[   13.905653]  ffff88810298e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.905955]  ffff88810298e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.906430] ==================================================================
[   13.643860] ==================================================================
[   13.644449] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   13.644887] Write of size 1 at addr ffff888100ab36d0 by task kunit_try_catch/176
[   13.645261] 
[   13.645459] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.645547] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.645570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.645608] Call Trace:
[   13.645640]  <TASK>
[   13.645672]  dump_stack_lvl+0x73/0xb0
[   13.645727]  print_report+0xd1/0x650
[   13.645772]  ? __virt_addr_valid+0x1db/0x2d0
[   13.645818]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.645863]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.645907]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.645952]  kasan_report+0x141/0x180
[   13.645990]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.646039]  __asan_report_store1_noabort+0x1b/0x30
[   13.646075]  krealloc_less_oob_helper+0xe23/0x11d0
[   13.646121]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.646166]  ? finish_task_switch.isra.0+0x153/0x700
[   13.646207]  ? __switch_to+0x47/0xf50
[   13.646271]  ? __schedule+0x10cc/0x2b60
[   13.646314]  ? __pfx_read_tsc+0x10/0x10
[   13.646373]  krealloc_less_oob+0x1c/0x30
[   13.646418]  kunit_try_run_case+0x1a5/0x480
[   13.646469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.646511]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.646556]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.646592]  ? __kthread_parkme+0x82/0x180
[   13.646626]  ? preempt_count_sub+0x50/0x80
[   13.646669]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.646708]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.646745]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.646784]  kthread+0x337/0x6f0
[   13.646818]  ? trace_preempt_on+0x20/0xc0
[   13.646860]  ? __pfx_kthread+0x10/0x10
[   13.646896]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.646930]  ? calculate_sigpending+0x7b/0xa0
[   13.646970]  ? __pfx_kthread+0x10/0x10
[   13.647011]  ret_from_fork+0x116/0x1d0
[   13.647049]  ? __pfx_kthread+0x10/0x10
[   13.647091]  ret_from_fork_asm+0x1a/0x30
[   13.647151]  </TASK>
[   13.647170] 
[   13.657063] Allocated by task 176:
[   13.657327]  kasan_save_stack+0x45/0x70
[   13.657755]  kasan_save_track+0x18/0x40
[   13.658007]  kasan_save_alloc_info+0x3b/0x50
[   13.658190]  __kasan_krealloc+0x190/0x1f0
[   13.658951]  krealloc_noprof+0xf3/0x340
[   13.659154]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.659507]  krealloc_less_oob+0x1c/0x30
[   13.659687]  kunit_try_run_case+0x1a5/0x480
[   13.659976]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.660362]  kthread+0x337/0x6f0
[   13.660620]  ret_from_fork+0x116/0x1d0
[   13.660906]  ret_from_fork_asm+0x1a/0x30
[   13.661100] 
[   13.661423] The buggy address belongs to the object at ffff888100ab3600
[   13.661423]  which belongs to the cache kmalloc-256 of size 256
[   13.661966] The buggy address is located 7 bytes to the right of
[   13.661966]  allocated 201-byte region [ffff888100ab3600, ffff888100ab36c9)
[   13.663085] 
[   13.663273] The buggy address belongs to the physical page:
[   13.663706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2
[   13.664030] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.664403] flags: 0x200000000000040(head|node=0|zone=2)
[   13.664917] page_type: f5(slab)
[   13.665091] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.665613] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.666126] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.666984] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.667334] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff
[   13.668008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.668351] page dumped because: kasan: bad access detected
[   13.668865] 
[   13.669032] Memory state around the buggy address:
[   13.669267]  ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.669819]  ffff888100ab3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.670283] >ffff888100ab3680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.671113]                                                  ^
[   13.671438]  ffff888100ab3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.671903]  ffff888100ab3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.672448] ==================================================================
[   13.673386] ==================================================================
[   13.673932] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   13.674394] Write of size 1 at addr ffff888100ab36da by task kunit_try_catch/176
[   13.675295] 
[   13.675620] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.675740] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.675761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.675795] Call Trace:
[   13.675827]  <TASK>
[   13.675859]  dump_stack_lvl+0x73/0xb0
[   13.675918]  print_report+0xd1/0x650
[   13.675963]  ? __virt_addr_valid+0x1db/0x2d0
[   13.676009]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.676055]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.676099]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.676145]  kasan_report+0x141/0x180
[   13.676191]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.676254]  __asan_report_store1_noabort+0x1b/0x30
[   13.676290]  krealloc_less_oob_helper+0xec6/0x11d0
[   13.676329]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.676369]  ? finish_task_switch.isra.0+0x153/0x700
[   13.676408]  ? __switch_to+0x47/0xf50
[   13.676451]  ? __schedule+0x10cc/0x2b60
[   13.676659]  ? __pfx_read_tsc+0x10/0x10
[   13.676709]  krealloc_less_oob+0x1c/0x30
[   13.676755]  kunit_try_run_case+0x1a5/0x480
[   13.676804]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.676847]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.676887]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.676922]  ? __kthread_parkme+0x82/0x180
[   13.676954]  ? preempt_count_sub+0x50/0x80
[   13.676992]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.677030]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.677071]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.677115]  kthread+0x337/0x6f0
[   13.677154]  ? trace_preempt_on+0x20/0xc0
[   13.677202]  ? __pfx_kthread+0x10/0x10
[   13.677254]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.677297]  ? calculate_sigpending+0x7b/0xa0
[   13.677343]  ? __pfx_kthread+0x10/0x10
[   13.677387]  ret_from_fork+0x116/0x1d0
[   13.677421]  ? __pfx_kthread+0x10/0x10
[   13.677557]  ret_from_fork_asm+0x1a/0x30
[   13.677625]  </TASK>
[   13.677640] 
[   13.691284] Allocated by task 176:
[   13.691674]  kasan_save_stack+0x45/0x70
[   13.691927]  kasan_save_track+0x18/0x40
[   13.692123]  kasan_save_alloc_info+0x3b/0x50
[   13.692296]  __kasan_krealloc+0x190/0x1f0
[   13.692607]  krealloc_noprof+0xf3/0x340
[   13.692810]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.693011]  krealloc_less_oob+0x1c/0x30
[   13.693976]  kunit_try_run_case+0x1a5/0x480
[   13.694196]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.694398]  kthread+0x337/0x6f0
[   13.695128]  ret_from_fork+0x116/0x1d0
[   13.695580]  ret_from_fork_asm+0x1a/0x30
[   13.696091] 
[   13.696191] The buggy address belongs to the object at ffff888100ab3600
[   13.696191]  which belongs to the cache kmalloc-256 of size 256
[   13.697085] The buggy address is located 17 bytes to the right of
[   13.697085]  allocated 201-byte region [ffff888100ab3600, ffff888100ab36c9)
[   13.697546] 
[   13.697701] The buggy address belongs to the physical page:
[   13.697881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2
[   13.698458] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.698748] flags: 0x200000000000040(head|node=0|zone=2)
[   13.699097] page_type: f5(slab)
[   13.699776] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.700071] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.700337] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.700850] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.701442] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff
[   13.701908] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.702423] page dumped because: kasan: bad access detected
[   13.702931] 
[   13.703047] Memory state around the buggy address:
[   13.703437]  ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.704160]  ffff888100ab3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.704490] >ffff888100ab3680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.704852]                                                     ^
[   13.705457]  ffff888100ab3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.705919]  ffff888100ab3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.706318] ==================================================================
[   13.854821] ==================================================================
[   13.855356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   13.855858] Write of size 1 at addr ffff88810298e0d0 by task kunit_try_catch/180
[   13.856239] 
[   13.856386] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.856491] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.856516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.856553] Call Trace:
[   13.856578]  <TASK>
[   13.856611]  dump_stack_lvl+0x73/0xb0
[   13.856727]  print_report+0xd1/0x650
[   13.856769]  ? __virt_addr_valid+0x1db/0x2d0
[   13.856816]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.856872]  ? kasan_addr_to_slab+0x11/0xa0
[   13.856915]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.856971]  kasan_report+0x141/0x180
[   13.857026]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.857088]  __asan_report_store1_noabort+0x1b/0x30
[   13.857136]  krealloc_less_oob_helper+0xe23/0x11d0
[   13.857178]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.857217]  ? finish_task_switch.isra.0+0x153/0x700
[   13.857268]  ? __switch_to+0x47/0xf50
[   13.857317]  ? __schedule+0x10cc/0x2b60
[   13.857362]  ? __pfx_read_tsc+0x10/0x10
[   13.857415]  krealloc_large_less_oob+0x1c/0x30
[   13.857486]  kunit_try_run_case+0x1a5/0x480
[   13.857538]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.857580]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.857626]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.857665]  ? __kthread_parkme+0x82/0x180
[   13.857702]  ? preempt_count_sub+0x50/0x80
[   13.857737]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.857773]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.857813]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.857873]  kthread+0x337/0x6f0
[   13.857911]  ? trace_preempt_on+0x20/0xc0
[   13.857948]  ? __pfx_kthread+0x10/0x10
[   13.857980]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.858027]  ? calculate_sigpending+0x7b/0xa0
[   13.858063]  ? __pfx_kthread+0x10/0x10
[   13.858097]  ret_from_fork+0x116/0x1d0
[   13.858128]  ? __pfx_kthread+0x10/0x10
[   13.858162]  ret_from_fork_asm+0x1a/0x30
[   13.858215]  </TASK>
[   13.858245] 
[   13.867170] The buggy address belongs to the physical page:
[   13.868625] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298c
[   13.869279] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.871379] flags: 0x200000000000040(head|node=0|zone=2)
[   13.871774] page_type: f8(unknown)
[   13.872042] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.872580] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.873419] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.875606] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.875939] head: 0200000000000002 ffffea00040a6301 00000000ffffffff 00000000ffffffff
[   13.876514] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.876958] page dumped because: kasan: bad access detected
[   13.877266] 
[   13.877397] Memory state around the buggy address:
[   13.877681]  ffff88810298df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.877962]  ffff88810298e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.878997] >ffff88810298e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.879659]                                                  ^
[   13.880211]  ffff88810298e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.880730]  ffff88810298e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.881032] ==================================================================
[   13.932386] ==================================================================
[   13.932964] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   13.933330] Write of size 1 at addr ffff88810298e0eb by task kunit_try_catch/180
[   13.933749] 
[   13.933931] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.934014] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.934035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.934071] Call Trace:
[   13.934107]  <TASK>
[   13.934143]  dump_stack_lvl+0x73/0xb0
[   13.934199]  print_report+0xd1/0x650
[   13.934259]  ? __virt_addr_valid+0x1db/0x2d0
[   13.934305]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.934356]  ? kasan_addr_to_slab+0x11/0xa0
[   13.934392]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.934433]  kasan_report+0x141/0x180
[   13.934474]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.934531]  __asan_report_store1_noabort+0x1b/0x30
[   13.934570]  krealloc_less_oob_helper+0xd47/0x11d0
[   13.934618]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.934660]  ? finish_task_switch.isra.0+0x153/0x700
[   13.934701]  ? __switch_to+0x47/0xf50
[   13.934748]  ? __schedule+0x10cc/0x2b60
[   13.934789]  ? __pfx_read_tsc+0x10/0x10
[   13.934837]  krealloc_large_less_oob+0x1c/0x30
[   13.934878]  kunit_try_run_case+0x1a5/0x480
[   13.934925]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.934960]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.934999]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.935040]  ? __kthread_parkme+0x82/0x180
[   13.935074]  ? preempt_count_sub+0x50/0x80
[   13.935098]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.935120]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.935142]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.935164]  kthread+0x337/0x6f0
[   13.935183]  ? trace_preempt_on+0x20/0xc0
[   13.935207]  ? __pfx_kthread+0x10/0x10
[   13.935275]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.935313]  ? calculate_sigpending+0x7b/0xa0
[   13.935348]  ? __pfx_kthread+0x10/0x10
[   13.935401]  ret_from_fork+0x116/0x1d0
[   13.935436]  ? __pfx_kthread+0x10/0x10
[   13.935488]  ret_from_fork_asm+0x1a/0x30
[   13.935549]  </TASK>
[   13.935568] 
[   13.945604] The buggy address belongs to the physical page:
[   13.945918] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298c
[   13.946296] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.946564] flags: 0x200000000000040(head|node=0|zone=2)
[   13.946935] page_type: f8(unknown)
[   13.947205] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.947929] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.948567] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.948823] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.949074] head: 0200000000000002 ffffea00040a6301 00000000ffffffff 00000000ffffffff
[   13.949418] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.949912] page dumped because: kasan: bad access detected
[   13.950743] 
[   13.950922] Memory state around the buggy address:
[   13.951249]  ffff88810298df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.951967]  ffff88810298e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.952245] >ffff88810298e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.952474]                                                           ^
[   13.953151]  ffff88810298e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.953834]  ffff88810298e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.954185] ==================================================================
[   13.708030] ==================================================================
[   13.708367] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   13.708996] Write of size 1 at addr ffff888100ab36ea by task kunit_try_catch/176
[   13.710025] 
[   13.710291] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.710392] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.710416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.710487] Call Trace:
[   13.710537]  <TASK>
[   13.710581]  dump_stack_lvl+0x73/0xb0
[   13.710635]  print_report+0xd1/0x650
[   13.710678]  ? __virt_addr_valid+0x1db/0x2d0
[   13.710720]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.710763]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.710806]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.710851]  kasan_report+0x141/0x180
[   13.710886]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.710916]  __asan_report_store1_noabort+0x1b/0x30
[   13.710936]  krealloc_less_oob_helper+0xe90/0x11d0
[   13.710960]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.710982]  ? finish_task_switch.isra.0+0x153/0x700
[   13.711005]  ? __switch_to+0x47/0xf50
[   13.711042]  ? __schedule+0x10cc/0x2b60
[   13.711078]  ? __pfx_read_tsc+0x10/0x10
[   13.711104]  krealloc_less_oob+0x1c/0x30
[   13.711124]  kunit_try_run_case+0x1a5/0x480
[   13.711148]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.711169]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.711191]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.711212]  ? __kthread_parkme+0x82/0x180
[   13.711252]  ? preempt_count_sub+0x50/0x80
[   13.711275]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.711297]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.711318]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.711339]  kthread+0x337/0x6f0
[   13.711357]  ? trace_preempt_on+0x20/0xc0
[   13.711381]  ? __pfx_kthread+0x10/0x10
[   13.711400]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.711420]  ? calculate_sigpending+0x7b/0xa0
[   13.711443]  ? __pfx_kthread+0x10/0x10
[   13.711484]  ret_from_fork+0x116/0x1d0
[   13.711515]  ? __pfx_kthread+0x10/0x10
[   13.711545]  ret_from_fork_asm+0x1a/0x30
[   13.711617]  </TASK>
[   13.711631] 
[   13.722326] Allocated by task 176:
[   13.722630]  kasan_save_stack+0x45/0x70
[   13.723084]  kasan_save_track+0x18/0x40
[   13.723423]  kasan_save_alloc_info+0x3b/0x50
[   13.723881]  __kasan_krealloc+0x190/0x1f0
[   13.724130]  krealloc_noprof+0xf3/0x340
[   13.724295]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.724990]  krealloc_less_oob+0x1c/0x30
[   13.725289]  kunit_try_run_case+0x1a5/0x480
[   13.725670]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.725875]  kthread+0x337/0x6f0
[   13.726035]  ret_from_fork+0x116/0x1d0
[   13.726202]  ret_from_fork_asm+0x1a/0x30
[   13.726767] 
[   13.726994] The buggy address belongs to the object at ffff888100ab3600
[   13.726994]  which belongs to the cache kmalloc-256 of size 256
[   13.727789] The buggy address is located 33 bytes to the right of
[   13.727789]  allocated 201-byte region [ffff888100ab3600, ffff888100ab36c9)
[   13.729011] 
[   13.729341] The buggy address belongs to the physical page:
[   13.729941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2
[   13.730301] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.730575] flags: 0x200000000000040(head|node=0|zone=2)
[   13.730949] page_type: f5(slab)
[   13.731401] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.731929] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.732939] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.733233] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.734042] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff
[   13.734468] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.734718] page dumped because: kasan: bad access detected
[   13.734953] 
[   13.735111] Memory state around the buggy address:
[   13.735477]  ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.736261]  ffff888100ab3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.736975] >ffff888100ab3680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.737454]                                                           ^
[   13.737983]  ffff888100ab3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.738624]  ffff888100ab3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.738992] ==================================================================
[   13.907378] ==================================================================
[   13.907809] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   13.908366] Write of size 1 at addr ffff88810298e0ea by task kunit_try_catch/180
[   13.908834] 
[   13.909025] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.909117] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.909140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.909177] Call Trace:
[   13.909215]  <TASK>
[   13.909262]  dump_stack_lvl+0x73/0xb0
[   13.909322]  print_report+0xd1/0x650
[   13.909363]  ? __virt_addr_valid+0x1db/0x2d0
[   13.909409]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.909607]  ? kasan_addr_to_slab+0x11/0xa0
[   13.909670]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.909714]  kasan_report+0x141/0x180
[   13.909754]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.909806]  __asan_report_store1_noabort+0x1b/0x30
[   13.909848]  krealloc_less_oob_helper+0xe90/0x11d0
[   13.909897]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.909936]  ? finish_task_switch.isra.0+0x153/0x700
[   13.909977]  ? __switch_to+0x47/0xf50
[   13.910023]  ? __schedule+0x10cc/0x2b60
[   13.910062]  ? __pfx_read_tsc+0x10/0x10
[   13.910111]  krealloc_large_less_oob+0x1c/0x30
[   13.910155]  kunit_try_run_case+0x1a5/0x480
[   13.910198]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.910249]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.910290]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.910328]  ? __kthread_parkme+0x82/0x180
[   13.910373]  ? preempt_count_sub+0x50/0x80
[   13.910418]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.910498]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.910548]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.910607]  kthread+0x337/0x6f0
[   13.910642]  ? trace_preempt_on+0x20/0xc0
[   13.910681]  ? __pfx_kthread+0x10/0x10
[   13.910714]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.910749]  ? calculate_sigpending+0x7b/0xa0
[   13.910786]  ? __pfx_kthread+0x10/0x10
[   13.910821]  ret_from_fork+0x116/0x1d0
[   13.910853]  ? __pfx_kthread+0x10/0x10
[   13.910885]  ret_from_fork_asm+0x1a/0x30
[   13.910920]  </TASK>
[   13.910933] 
[   13.920845] The buggy address belongs to the physical page:
[   13.921134] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298c
[   13.921419] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.921910] flags: 0x200000000000040(head|node=0|zone=2)
[   13.922283] page_type: f8(unknown)
[   13.923057] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.923586] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.923920] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.924173] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.924434] head: 0200000000000002 ffffea00040a6301 00000000ffffffff 00000000ffffffff
[   13.925021] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.925520] page dumped because: kasan: bad access detected
[   13.925900] 
[   13.926052] Memory state around the buggy address:
[   13.926405]  ffff88810298df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.926691]  ffff88810298e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.926934] >ffff88810298e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.927210]                                                           ^
[   13.928163]  ffff88810298e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.928817]  ffff88810298e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.929274] ==================================================================
[   13.740084] ==================================================================
[   13.740556] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   13.741089] Write of size 1 at addr ffff888100ab36eb by task kunit_try_catch/176
[   13.741688] 
[   13.741934] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.742056] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.742086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.742124] Call Trace:
[   13.742177]  <TASK>
[   13.742214]  dump_stack_lvl+0x73/0xb0
[   13.742282]  print_report+0xd1/0x650
[   13.742328]  ? __virt_addr_valid+0x1db/0x2d0
[   13.742383]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.742438]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.742496]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.742550]  kasan_report+0x141/0x180
[   13.742674]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.742735]  __asan_report_store1_noabort+0x1b/0x30
[   13.742780]  krealloc_less_oob_helper+0xd47/0x11d0
[   13.742827]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.742871]  ? finish_task_switch.isra.0+0x153/0x700
[   13.742913]  ? __switch_to+0x47/0xf50
[   13.743062]  ? __schedule+0x10cc/0x2b60
[   13.743110]  ? __pfx_read_tsc+0x10/0x10
[   13.743161]  krealloc_less_oob+0x1c/0x30
[   13.743207]  kunit_try_run_case+0x1a5/0x480
[   13.743272]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.743317]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.743359]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.743395]  ? __kthread_parkme+0x82/0x180
[   13.743421]  ? preempt_count_sub+0x50/0x80
[   13.743445]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.743477]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.743543]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.743577]  kthread+0x337/0x6f0
[   13.743608]  ? trace_preempt_on+0x20/0xc0
[   13.743645]  ? __pfx_kthread+0x10/0x10
[   13.743676]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.743709]  ? calculate_sigpending+0x7b/0xa0
[   13.743746]  ? __pfx_kthread+0x10/0x10
[   13.743780]  ret_from_fork+0x116/0x1d0
[   13.743813]  ? __pfx_kthread+0x10/0x10
[   13.743847]  ret_from_fork_asm+0x1a/0x30
[   13.743886]  </TASK>
[   13.743899] 
[   13.756868] Allocated by task 176:
[   13.757445]  kasan_save_stack+0x45/0x70
[   13.757655]  kasan_save_track+0x18/0x40
[   13.758119]  kasan_save_alloc_info+0x3b/0x50
[   13.758630]  __kasan_krealloc+0x190/0x1f0
[   13.758966]  krealloc_noprof+0xf3/0x340
[   13.759188]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.759548]  krealloc_less_oob+0x1c/0x30
[   13.759813]  kunit_try_run_case+0x1a5/0x480
[   13.759993]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.760406]  kthread+0x337/0x6f0
[   13.760963]  ret_from_fork+0x116/0x1d0
[   13.761275]  ret_from_fork_asm+0x1a/0x30
[   13.761598] 
[   13.761755] The buggy address belongs to the object at ffff888100ab3600
[   13.761755]  which belongs to the cache kmalloc-256 of size 256
[   13.762618] The buggy address is located 34 bytes to the right of
[   13.762618]  allocated 201-byte region [ffff888100ab3600, ffff888100ab36c9)
[   13.763284] 
[   13.763462] The buggy address belongs to the physical page:
[   13.763899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2
[   13.764296] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.764546] flags: 0x200000000000040(head|node=0|zone=2)
[   13.764958] page_type: f5(slab)
[   13.765518] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.766294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.766772] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.767234] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.768024] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff
[   13.768568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.769124] page dumped because: kasan: bad access detected
[   13.769374] 
[   13.769532] Memory state around the buggy address:
[   13.769886]  ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.770708]  ffff888100ab3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.771185] >ffff888100ab3680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.771838]                                                           ^
[   13.772156]  ffff888100ab3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.772748]  ffff888100ab3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.773248] ==================================================================
[   13.611596] ==================================================================
[   13.612214] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   13.613124] Write of size 1 at addr ffff888100ab36c9 by task kunit_try_catch/176
[   13.613978] 
[   13.614356] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.614488] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.614513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.614548] Call Trace:
[   13.614573]  <TASK>
[   13.614604]  dump_stack_lvl+0x73/0xb0
[   13.614809]  print_report+0xd1/0x650
[   13.614838]  ? __virt_addr_valid+0x1db/0x2d0
[   13.614864]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.614888]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.614910]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.614933]  kasan_report+0x141/0x180
[   13.614955]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.614983]  __asan_report_store1_noabort+0x1b/0x30
[   13.615004]  krealloc_less_oob_helper+0xd70/0x11d0
[   13.615029]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.615053]  ? finish_task_switch.isra.0+0x153/0x700
[   13.615076]  ? __switch_to+0x47/0xf50
[   13.615104]  ? __schedule+0x10cc/0x2b60
[   13.615126]  ? __pfx_read_tsc+0x10/0x10
[   13.615152]  krealloc_less_oob+0x1c/0x30
[   13.615173]  kunit_try_run_case+0x1a5/0x480
[   13.615199]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.615231]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.615259]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.615282]  ? __kthread_parkme+0x82/0x180
[   13.615304]  ? preempt_count_sub+0x50/0x80
[   13.615327]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.615351]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.615374]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.615396]  kthread+0x337/0x6f0
[   13.615416]  ? trace_preempt_on+0x20/0xc0
[   13.615438]  ? __pfx_kthread+0x10/0x10
[   13.615474]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.615508]  ? calculate_sigpending+0x7b/0xa0
[   13.615541]  ? __pfx_kthread+0x10/0x10
[   13.615574]  ret_from_fork+0x116/0x1d0
[   13.615604]  ? __pfx_kthread+0x10/0x10
[   13.615634]  ret_from_fork_asm+0x1a/0x30
[   13.615683]  </TASK>
[   13.615702] 
[   13.628028] Allocated by task 176:
[   13.628351]  kasan_save_stack+0x45/0x70
[   13.628671]  kasan_save_track+0x18/0x40
[   13.629180]  kasan_save_alloc_info+0x3b/0x50
[   13.629416]  __kasan_krealloc+0x190/0x1f0
[   13.629564]  krealloc_noprof+0xf3/0x340
[   13.629721]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.630045]  krealloc_less_oob+0x1c/0x30
[   13.630273]  kunit_try_run_case+0x1a5/0x480
[   13.630498]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.631207]  kthread+0x337/0x6f0
[   13.631573]  ret_from_fork+0x116/0x1d0
[   13.631747]  ret_from_fork_asm+0x1a/0x30
[   13.632061] 
[   13.632895] The buggy address belongs to the object at ffff888100ab3600
[   13.632895]  which belongs to the cache kmalloc-256 of size 256
[   13.633345] The buggy address is located 0 bytes to the right of
[   13.633345]  allocated 201-byte region [ffff888100ab3600, ffff888100ab36c9)
[   13.633949] 
[   13.634122] The buggy address belongs to the physical page:
[   13.634472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab2
[   13.634782] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.635177] flags: 0x200000000000040(head|node=0|zone=2)
[   13.636258] page_type: f5(slab)
[   13.636660] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.637362] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.637800] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.638261] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.638541] head: 0200000000000001 ffffea000402ac81 00000000ffffffff 00000000ffffffff
[   13.638947] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.639168] page dumped because: kasan: bad access detected
[   13.639353] 
[   13.639519] Memory state around the buggy address:
[   13.639995]  ffff888100ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.640208]  ffff888100ab3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.641373] >ffff888100ab3680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.642010]                                               ^
[   13.642567]  ffff888100ab3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.642838]  ffff888100ab3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.643050] ==================================================================
[   13.830916] ==================================================================
[   13.831430] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   13.831988] Write of size 1 at addr ffff88810298e0c9 by task kunit_try_catch/180
[   13.832400] 
[   13.832576] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   13.832639] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.832652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.832676] Call Trace:
[   13.832692]  <TASK>
[   13.832714]  dump_stack_lvl+0x73/0xb0
[   13.832765]  print_report+0xd1/0x650
[   13.832811]  ? __virt_addr_valid+0x1db/0x2d0
[   13.832858]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.832904]  ? kasan_addr_to_slab+0x11/0xa0
[   13.832940]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.832977]  kasan_report+0x141/0x180
[   13.833000]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.833028]  __asan_report_store1_noabort+0x1b/0x30
[   13.833048]  krealloc_less_oob_helper+0xd70/0x11d0
[   13.833073]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.833096]  ? finish_task_switch.isra.0+0x153/0x700
[   13.833120]  ? __switch_to+0x47/0xf50
[   13.833147]  ? __schedule+0x10cc/0x2b60
[   13.833170]  ? __pfx_read_tsc+0x10/0x10
[   13.833196]  krealloc_large_less_oob+0x1c/0x30
[   13.833218]  kunit_try_run_case+0x1a5/0x480
[   13.833897]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.833940]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.833976]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.834014]  ? __kthread_parkme+0x82/0x180
[   13.834054]  ? preempt_count_sub+0x50/0x80
[   13.834099]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.834137]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.834171]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.834195]  kthread+0x337/0x6f0
[   13.834214]  ? trace_preempt_on+0x20/0xc0
[   13.834265]  ? __pfx_kthread+0x10/0x10
[   13.834286]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.834306]  ? calculate_sigpending+0x7b/0xa0
[   13.834330]  ? __pfx_kthread+0x10/0x10
[   13.834365]  ret_from_fork+0x116/0x1d0
[   13.834385]  ? __pfx_kthread+0x10/0x10
[   13.834406]  ret_from_fork_asm+0x1a/0x30
[   13.834439]  </TASK>
[   13.834453] 
[   13.845684] The buggy address belongs to the physical page:
[   13.846079] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298c
[   13.846758] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.847254] flags: 0x200000000000040(head|node=0|zone=2)
[   13.847649] page_type: f8(unknown)
[   13.847869] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.848442] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.848657] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.849157] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.849646] head: 0200000000000002 ffffea00040a6301 00000000ffffffff 00000000ffffffff
[   13.850076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.850511] page dumped because: kasan: bad access detected
[   13.850869] 
[   13.850991] Memory state around the buggy address:
[   13.851212]  ffff88810298df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.851704]  ffff88810298e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.852354] >ffff88810298e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.852666]                                               ^
[   13.852935]  ffff88810298e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.853463]  ffff88810298e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.853728] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2x82cn95lnaJcv25aBcIbqxmNlW

job_id

TEST:linaro@lkft#2x82ipUVL9WHfkZvKCNBEYbkXTJ

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2x82ipUVL9WHfkZvKCNBEYbkXTJ

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82fkCMGUVy57MkjmocaW2NNv8/bzImage
sha256sum	74edfec95eb8d8148308a14fc1b668c3e17d558cc339e0295e288f4cacaf4e2e

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2x82fkCMGUVy57MkjmocaW2NNv8/modules.tar.xz
sha256sum	07b80db55c46bb7e71e92134a37f3185bcd0da1c71552ff3a0f50f901a05a4fb

durations

tests

boot	0
kunit	322.83

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE