lkft/linux-next-master - next-20250526 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

May 26, 2025, 9:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.208064] ==================================================================
[   17.208200] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.208306] Write of size 1 at addr fff00000c63230eb by task kunit_try_catch/158
[   17.208436] 
[   17.208527] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.208729] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.208790] Hardware name: linux,dummy-virt (DT)
[   17.208855] Call trace:
[   17.208899]  show_stack+0x20/0x38 (C)
[   17.209014]  dump_stack_lvl+0x8c/0xd0
[   17.209126]  print_report+0x118/0x608
[   17.209231]  kasan_report+0xdc/0x128
[   17.209354]  __asan_report_store1_noabort+0x20/0x30
[   17.209465]  krealloc_less_oob_helper+0xa58/0xc50
[   17.210030]  krealloc_less_oob+0x20/0x38
[   17.210193]  kunit_try_run_case+0x170/0x3f0
[   17.210359]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.210524]  kthread+0x328/0x630
[   17.210651]  ret_from_fork+0x10/0x20
[   17.210824] 
[   17.210865] Allocated by task 158:
[   17.211218]  kasan_save_stack+0x3c/0x68
[   17.211635]  kasan_save_track+0x20/0x40
[   17.211714]  kasan_save_alloc_info+0x40/0x58
[   17.211794]  __kasan_krealloc+0x118/0x178
[   17.212108]  krealloc_noprof+0x128/0x360
[   17.212196]  krealloc_less_oob_helper+0x168/0xc50
[   17.212333]  krealloc_less_oob+0x20/0x38
[   17.212469]  kunit_try_run_case+0x170/0x3f0
[   17.212600]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.212738]  kthread+0x328/0x630
[   17.212826]  ret_from_fork+0x10/0x20
[   17.212940] 
[   17.213003] The buggy address belongs to the object at fff00000c6323000
[   17.213003]  which belongs to the cache kmalloc-256 of size 256
[   17.213150] The buggy address is located 34 bytes to the right of
[   17.213150]  allocated 201-byte region [fff00000c6323000, fff00000c63230c9)
[   17.213303] 
[   17.213354] The buggy address belongs to the physical page:
[   17.213423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.213607] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.213702] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.214035] page_type: f5(slab)
[   17.214117] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.214221] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.214605] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.214798] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.214880] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.214932] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.215002] page dumped because: kasan: bad access detected
[   17.215037] 
[   17.215057] Memory state around the buggy address:
[   17.215097]  fff00000c6322f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.215159]  fff00000c6323000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.215214] >fff00000c6323080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.215253]                                                           ^
[   17.215295]  fff00000c6323100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.215362]  fff00000c6323180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.215403] ==================================================================
[   17.256756] ==================================================================
[   17.256882] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.257001] Write of size 1 at addr fff00000c65b60c9 by task kunit_try_catch/162
[   17.257096] 
[   17.257172] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.257372] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.257434] Hardware name: linux,dummy-virt (DT)
[   17.257503] Call trace:
[   17.257560]  show_stack+0x20/0x38 (C)
[   17.257685]  dump_stack_lvl+0x8c/0xd0
[   17.257830]  print_report+0x118/0x608
[   17.257964]  kasan_report+0xdc/0x128
[   17.258125]  __asan_report_store1_noabort+0x20/0x30
[   17.258285]  krealloc_less_oob_helper+0xa48/0xc50
[   17.258448]  krealloc_large_less_oob+0x20/0x38
[   17.258578]  kunit_try_run_case+0x170/0x3f0
[   17.258674]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.258812]  kthread+0x328/0x630
[   17.258899]  ret_from_fork+0x10/0x20
[   17.259001] 
[   17.259044] The buggy address belongs to the physical page:
[   17.259130] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4
[   17.259307] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.259427] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.259550] page_type: f8(unknown)
[   17.259640] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.259755] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.259889] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.259988] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.260077] head: 0bfffe0000000002 ffffc1ffc3196d01 00000000ffffffff 00000000ffffffff
[   17.260197] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.260282] page dumped because: kasan: bad access detected
[   17.260360] 
[   17.260397] Memory state around the buggy address:
[   17.260467]  fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.260569]  fff00000c65b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.260658] >fff00000c65b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.260738]                                               ^
[   17.260848]  fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.260982]  fff00000c65b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.261106] ==================================================================
[   17.183676] ==================================================================
[   17.183798] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.183959] Write of size 1 at addr fff00000c63230da by task kunit_try_catch/158
[   17.184084] 
[   17.184159] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.184366] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.184434] Hardware name: linux,dummy-virt (DT)
[   17.184522] Call trace:
[   17.184976]  show_stack+0x20/0x38 (C)
[   17.185481]  dump_stack_lvl+0x8c/0xd0
[   17.185596]  print_report+0x118/0x608
[   17.185702]  kasan_report+0xdc/0x128
[   17.185803]  __asan_report_store1_noabort+0x20/0x30
[   17.185916]  krealloc_less_oob_helper+0xa80/0xc50
[   17.186022]  krealloc_less_oob+0x20/0x38
[   17.186125]  kunit_try_run_case+0x170/0x3f0
[   17.186230]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.186354]  kthread+0x328/0x630
[   17.186449]  ret_from_fork+0x10/0x20
[   17.186555] 
[   17.186597] Allocated by task 158:
[   17.186659]  kasan_save_stack+0x3c/0x68
[   17.186746]  kasan_save_track+0x20/0x40
[   17.186841]  kasan_save_alloc_info+0x40/0x58
[   17.186927]  __kasan_krealloc+0x118/0x178
[   17.187008]  krealloc_noprof+0x128/0x360
[   17.187090]  krealloc_less_oob_helper+0x168/0xc50
[   17.187175]  krealloc_less_oob+0x20/0x38
[   17.187252]  kunit_try_run_case+0x170/0x3f0
[   17.188016]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.188794]  kthread+0x328/0x630
[   17.188894]  ret_from_fork+0x10/0x20
[   17.188969] 
[   17.189016] The buggy address belongs to the object at fff00000c6323000
[   17.189016]  which belongs to the cache kmalloc-256 of size 256
[   17.189145] The buggy address is located 17 bytes to the right of
[   17.189145]  allocated 201-byte region [fff00000c6323000, fff00000c63230c9)
[   17.189295] 
[   17.189356] The buggy address belongs to the physical page:
[   17.189393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.189450] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.189496] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.189555] page_type: f5(slab)
[   17.189599] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.189650] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.189699] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.189746] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.189793] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.189840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.189878] page dumped because: kasan: bad access detected
[   17.189909] 
[   17.189927] Memory state around the buggy address:
[   17.189958]  fff00000c6322f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.189999]  fff00000c6323000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.190039] >fff00000c6323080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.190076]                                                     ^
[   17.190112]  fff00000c6323100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.190152]  fff00000c6323180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.190188] ==================================================================
[   17.157766] ==================================================================
[   17.157914] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.158041] Write of size 1 at addr fff00000c63230c9 by task kunit_try_catch/158
[   17.158147] 
[   17.158226] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.158566] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.158820] Hardware name: linux,dummy-virt (DT)
[   17.158903] Call trace:
[   17.158960]  show_stack+0x20/0x38 (C)
[   17.159172]  dump_stack_lvl+0x8c/0xd0
[   17.159506]  print_report+0x118/0x608
[   17.159661]  kasan_report+0xdc/0x128
[   17.159757]  __asan_report_store1_noabort+0x20/0x30
[   17.160057]  krealloc_less_oob_helper+0xa48/0xc50
[   17.160229]  krealloc_less_oob+0x20/0x38
[   17.160387]  kunit_try_run_case+0x170/0x3f0
[   17.160686]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.160950]  kthread+0x328/0x630
[   17.161069]  ret_from_fork+0x10/0x20
[   17.161438] 
[   17.161694] Allocated by task 158:
[   17.161979]  kasan_save_stack+0x3c/0x68
[   17.162397]  kasan_save_track+0x20/0x40
[   17.162626]  kasan_save_alloc_info+0x40/0x58
[   17.162926]  __kasan_krealloc+0x118/0x178
[   17.163299]  krealloc_noprof+0x128/0x360
[   17.163398]  krealloc_less_oob_helper+0x168/0xc50
[   17.163949]  krealloc_less_oob+0x20/0x38
[   17.164114]  kunit_try_run_case+0x170/0x3f0
[   17.164429]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.164595]  kthread+0x328/0x630
[   17.164702]  ret_from_fork+0x10/0x20
[   17.164826] 
[   17.164901] The buggy address belongs to the object at fff00000c6323000
[   17.164901]  which belongs to the cache kmalloc-256 of size 256
[   17.165042] The buggy address is located 0 bytes to the right of
[   17.165042]  allocated 201-byte region [fff00000c6323000, fff00000c63230c9)
[   17.165196] 
[   17.165261] The buggy address belongs to the physical page:
[   17.165377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.165532] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.165639] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.165812] page_type: f5(slab)
[   17.165933] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.166082] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.166219] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.166359] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.166448] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.166719] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.166812] page dumped because: kasan: bad access detected
[   17.167125] 
[   17.167171] Memory state around the buggy address:
[   17.167279]  fff00000c6322f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.167513]  fff00000c6323000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.167618] >fff00000c6323080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.167738]                                               ^
[   17.167906]  fff00000c6323100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.168017]  fff00000c6323180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.168128] ==================================================================
[   17.293239] ==================================================================
[   17.293376] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.293486] Write of size 1 at addr fff00000c65b60eb by task kunit_try_catch/162
[   17.293598] 
[   17.293667] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.293859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.294610] Hardware name: linux,dummy-virt (DT)
[   17.295346] Call trace:
[   17.295710]  show_stack+0x20/0x38 (C)
[   17.296199]  dump_stack_lvl+0x8c/0xd0
[   17.296526]  print_report+0x118/0x608
[   17.297082]  kasan_report+0xdc/0x128
[   17.297339]  __asan_report_store1_noabort+0x20/0x30
[   17.297485]  krealloc_less_oob_helper+0xa58/0xc50
[   17.297604]  krealloc_large_less_oob+0x20/0x38
[   17.297745]  kunit_try_run_case+0x170/0x3f0
[   17.297899]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.298040]  kthread+0x328/0x630
[   17.298567]  ret_from_fork+0x10/0x20
[   17.298761] 
[   17.298809] The buggy address belongs to the physical page:
[   17.298936] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4
[   17.299209] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.299496] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.299623] page_type: f8(unknown)
[   17.299780] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.300248] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.300737] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.301156] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.301333] head: 0bfffe0000000002 ffffc1ffc3196d01 00000000ffffffff 00000000ffffffff
[   17.301790] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.301955] page dumped because: kasan: bad access detected
[   17.302031] 
[   17.302069] Memory state around the buggy address:
[   17.302137]  fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.302235]  fff00000c65b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.302516] >fff00000c65b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.303131]                                                           ^
[   17.303273]  fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.303383]  fff00000c65b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.303835] ==================================================================
[   17.262076] ==================================================================
[   17.262171] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.262274] Write of size 1 at addr fff00000c65b60d0 by task kunit_try_catch/162
[   17.262380] 
[   17.262445] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.262634] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.262724] Hardware name: linux,dummy-virt (DT)
[   17.262824] Call trace:
[   17.262894]  show_stack+0x20/0x38 (C)
[   17.262963]  dump_stack_lvl+0x8c/0xd0
[   17.263159]  print_report+0x118/0x608
[   17.263291]  kasan_report+0xdc/0x128
[   17.263492]  __asan_report_store1_noabort+0x20/0x30
[   17.264102]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.264257]  krealloc_large_less_oob+0x20/0x38
[   17.264371]  kunit_try_run_case+0x170/0x3f0
[   17.264487]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.264759]  kthread+0x328/0x630
[   17.264969]  ret_from_fork+0x10/0x20
[   17.265207] 
[   17.265348] The buggy address belongs to the physical page:
[   17.265427] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4
[   17.265566] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.265675] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.265807] page_type: f8(unknown)
[   17.265900] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.266408] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.266807] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.266953] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.267148] head: 0bfffe0000000002 ffffc1ffc3196d01 00000000ffffffff 00000000ffffffff
[   17.267378] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.267564] page dumped because: kasan: bad access detected
[   17.267709] 
[   17.267754] Memory state around the buggy address:
[   17.267822]  fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.268382]  fff00000c65b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.268530] >fff00000c65b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.268729]                                                  ^
[   17.268823]  fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.268928]  fff00000c65b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.269016] ==================================================================
[   17.282645] ==================================================================
[   17.282992] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.283458] Write of size 1 at addr fff00000c65b60ea by task kunit_try_catch/162
[   17.283589] 
[   17.283834] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.284105] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.284288] Hardware name: linux,dummy-virt (DT)
[   17.284373] Call trace:
[   17.284663]  show_stack+0x20/0x38 (C)
[   17.285197]  dump_stack_lvl+0x8c/0xd0
[   17.285522]  print_report+0x118/0x608
[   17.285635]  kasan_report+0xdc/0x128
[   17.286114]  __asan_report_store1_noabort+0x20/0x30
[   17.286496]  krealloc_less_oob_helper+0xae4/0xc50
[   17.286687]  krealloc_large_less_oob+0x20/0x38
[   17.286818]  kunit_try_run_case+0x170/0x3f0
[   17.286917]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.287482]  kthread+0x328/0x630
[   17.287656]  ret_from_fork+0x10/0x20
[   17.287833] 
[   17.287883] The buggy address belongs to the physical page:
[   17.287959] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4
[   17.288078] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.288185] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.288573] page_type: f8(unknown)
[   17.288743] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.289254] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.289555] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.289663] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.289774] head: 0bfffe0000000002 ffffc1ffc3196d01 00000000ffffffff 00000000ffffffff
[   17.289880] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.289979] page dumped because: kasan: bad access detected
[   17.290047] 
[   17.290086] Memory state around the buggy address:
[   17.290154]  fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.290249]  fff00000c65b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.290357] >fff00000c65b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.290444]                                                           ^
[   17.290530]  fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.290628]  fff00000c65b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.290730] ==================================================================
[   17.270038] ==================================================================
[   17.270198] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.270555] Write of size 1 at addr fff00000c65b60da by task kunit_try_catch/162
[   17.270858] 
[   17.270933] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.271134] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.271199] Hardware name: linux,dummy-virt (DT)
[   17.271275] Call trace:
[   17.271607]  show_stack+0x20/0x38 (C)
[   17.271906]  dump_stack_lvl+0x8c/0xd0
[   17.272030]  print_report+0x118/0x608
[   17.272927]  kasan_report+0xdc/0x128
[   17.273542]  __asan_report_store1_noabort+0x20/0x30
[   17.273998]  krealloc_less_oob_helper+0xa80/0xc50
[   17.274119]  krealloc_large_less_oob+0x20/0x38
[   17.275083]  kunit_try_run_case+0x170/0x3f0
[   17.275525]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.275657]  kthread+0x328/0x630
[   17.276013]  ret_from_fork+0x10/0x20
[   17.276192] 
[   17.276241] The buggy address belongs to the physical page:
[   17.276369] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b4
[   17.276692] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.277103] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.277278] page_type: f8(unknown)
[   17.277552] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.277666] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.277954] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.278374] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.278855] head: 0bfffe0000000002 ffffc1ffc3196d01 00000000ffffffff 00000000ffffffff
[   17.279157] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.279313] page dumped because: kasan: bad access detected
[   17.279406] 
[   17.279503] Memory state around the buggy address:
[   17.279584]  fff00000c65b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.279731]  fff00000c65b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.279846] >fff00000c65b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.279919]                                                     ^
[   17.280181]  fff00000c65b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.280314]  fff00000c65b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.280744] ==================================================================
[   17.192726] ==================================================================
[   17.192843] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.192954] Write of size 1 at addr fff00000c63230ea by task kunit_try_catch/158
[   17.193070] 
[   17.193146] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.193347] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.193415] Hardware name: linux,dummy-virt (DT)
[   17.193487] Call trace:
[   17.193536]  show_stack+0x20/0x38 (C)
[   17.193651]  dump_stack_lvl+0x8c/0xd0
[   17.193762]  print_report+0x118/0x608
[   17.193870]  kasan_report+0xdc/0x128
[   17.193976]  __asan_report_store1_noabort+0x20/0x30
[   17.194096]  krealloc_less_oob_helper+0xae4/0xc50
[   17.195843]  krealloc_less_oob+0x20/0x38
[   17.196912]  kunit_try_run_case+0x170/0x3f0
[   17.197446]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.198126]  kthread+0x328/0x630
[   17.198650]  ret_from_fork+0x10/0x20
[   17.199310] 
[   17.199365] Allocated by task 158:
[   17.199427]  kasan_save_stack+0x3c/0x68
[   17.199512]  kasan_save_track+0x20/0x40
[   17.199578]  kasan_save_alloc_info+0x40/0x58
[   17.199642]  __kasan_krealloc+0x118/0x178
[   17.199730]  krealloc_noprof+0x128/0x360
[   17.199806]  krealloc_less_oob_helper+0x168/0xc50
[   17.199990]  krealloc_less_oob+0x20/0x38
[   17.200236]  kunit_try_run_case+0x170/0x3f0
[   17.200809]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.200922]  kthread+0x328/0x630
[   17.201181]  ret_from_fork+0x10/0x20
[   17.201727] 
[   17.201789] The buggy address belongs to the object at fff00000c6323000
[   17.201789]  which belongs to the cache kmalloc-256 of size 256
[   17.201928] The buggy address is located 33 bytes to the right of
[   17.201928]  allocated 201-byte region [fff00000c6323000, fff00000c63230c9)
[   17.202065] 
[   17.202109] The buggy address belongs to the physical page:
[   17.202182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.202297] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.202406] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.203789] page_type: f5(slab)
[   17.203949] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.204104] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.204270] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.204395] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.204523] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.204638] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.204723] page dumped because: kasan: bad access detected
[   17.204791] 
[   17.204831] Memory state around the buggy address:
[   17.204901]  fff00000c6322f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.204998]  fff00000c6323000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.205132] >fff00000c6323080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.205218]                                                           ^
[   17.205325]  fff00000c6323100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.205406]  fff00000c6323180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.205485] ==================================================================
[   17.169669] ==================================================================
[   17.169784] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.169889] Write of size 1 at addr fff00000c63230d0 by task kunit_try_catch/158
[   17.170000] 
[   17.170072] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT 
[   17.170262] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.170373] Hardware name: linux,dummy-virt (DT)
[   17.170443] Call trace:
[   17.170486]  show_stack+0x20/0x38 (C)
[   17.170877]  dump_stack_lvl+0x8c/0xd0
[   17.171011]  print_report+0x118/0x608
[   17.171315]  kasan_report+0xdc/0x128
[   17.171752]  __asan_report_store1_noabort+0x20/0x30
[   17.171919]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.172083]  krealloc_less_oob+0x20/0x38
[   17.172195]  kunit_try_run_case+0x170/0x3f0
[   17.172361]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.172518]  kthread+0x328/0x630
[   17.172630]  ret_from_fork+0x10/0x20
[   17.172841] 
[   17.172882] Allocated by task 158:
[   17.172943]  kasan_save_stack+0x3c/0x68
[   17.173489]  kasan_save_track+0x20/0x40
[   17.173920]  kasan_save_alloc_info+0x40/0x58
[   17.174343]  __kasan_krealloc+0x118/0x178
[   17.174521]  krealloc_noprof+0x128/0x360
[   17.174608]  krealloc_less_oob_helper+0x168/0xc50
[   17.174696]  krealloc_less_oob+0x20/0x38
[   17.174782]  kunit_try_run_case+0x170/0x3f0
[   17.174861]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.174956]  kthread+0x328/0x630
[   17.175661]  ret_from_fork+0x10/0x20
[   17.175746] 
[   17.175783] The buggy address belongs to the object at fff00000c6323000
[   17.175783]  which belongs to the cache kmalloc-256 of size 256
[   17.175890] The buggy address is located 7 bytes to the right of
[   17.175890]  allocated 201-byte region [fff00000c6323000, fff00000c63230c9)
[   17.176030] 
[   17.176097] The buggy address belongs to the physical page:
[   17.176162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106322
[   17.176273] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.176389] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.176527] page_type: f5(slab)
[   17.176630] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.176750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.176878] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.177070] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.177246] head: 0bfffe0000000001 ffffc1ffc318c881 00000000ffffffff 00000000ffffffff
[   17.177394] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.177532] page dumped because: kasan: bad access detected
[   17.177641] 
[   17.177725] Memory state around the buggy address:
[   17.177798]  fff00000c6322f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.178246]  fff00000c6323000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.178355] >fff00000c6323080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.178604]                                                  ^
[   17.178689]  fff00000c6323100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.178900]  fff00000c6323180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.179040] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper: Failure

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwKRqCiBXqZTfBUVGk3R7kFyV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwKRqCiBXqZTfBUVGk3R7kFyV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/Image.gz
sha256sum	5eb220ec8a0577057e846893fd6765de2862993ea9b0ac08817113a8276aa5f2

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/arm64/rootfs.ext4.xz
sha256sum	1cc8d041751cc9cfe19b957ffa27d6115f076efaeb324bcd0fb145c37c99e1b7

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwGRUG0qgTViQo8lxhjQlVFdS/modules.tar.xz
sha256sum	4b1624b924fe7746dfbcb89db1c4c5f348e5b645d9f62b80c2bae0383b878251

durations

tests

boot	0
kunit	238.58

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.851538] ==================================================================
[   10.851936] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.852449] Write of size 1 at addr ffff88810294e0da by task kunit_try_catch/180
[   10.852761] 
[   10.852856] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.852899] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.852911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.852930] Call Trace:
[   10.852945]  <TASK>
[   10.852958]  dump_stack_lvl+0x73/0xb0
[   10.852983]  print_report+0xd1/0x650
[   10.853005]  ? __virt_addr_valid+0x1db/0x2d0
[   10.853027]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.853050]  ? kasan_addr_to_slab+0x11/0xa0
[   10.853070]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.853093]  kasan_report+0x141/0x180
[   10.853115]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.853144]  __asan_report_store1_noabort+0x1b/0x30
[   10.853181]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.853206]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.853230]  ? finish_task_switch.isra.0+0x153/0x700
[   10.853251]  ? __switch_to+0x47/0xf50
[   10.853275]  ? __schedule+0x10cc/0x2b60
[   10.853298]  ? __pfx_read_tsc+0x10/0x10
[   10.853321]  krealloc_large_less_oob+0x1c/0x30
[   10.853343]  kunit_try_run_case+0x1a5/0x480
[   10.853364]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.853393]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.853416]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.853440]  ? __kthread_parkme+0x82/0x180
[   10.853459]  ? preempt_count_sub+0x50/0x80
[   10.853482]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.853504]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.853530]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.853555]  kthread+0x337/0x6f0
[   10.853575]  ? trace_preempt_on+0x20/0xc0
[   10.853598]  ? __pfx_kthread+0x10/0x10
[   10.853618]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.853640]  ? calculate_sigpending+0x7b/0xa0
[   10.853663]  ? __pfx_kthread+0x10/0x10
[   10.853684]  ret_from_fork+0x116/0x1d0
[   10.853702]  ? __pfx_kthread+0x10/0x10
[   10.853772]  ret_from_fork_asm+0x1a/0x30
[   10.853805]  </TASK>
[   10.853815] 
[   10.861881] The buggy address belongs to the physical page:
[   10.862071] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c
[   10.862641] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.863418] flags: 0x200000000000040(head|node=0|zone=2)
[   10.863605] page_type: f8(unknown)
[   10.863739] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.864227] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.864589] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.864944] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.865178] head: 0200000000000002 ffffea00040a5301 00000000ffffffff 00000000ffffffff
[   10.865532] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.865871] page dumped because: kasan: bad access detected
[   10.866047] 
[   10.866117] Memory state around the buggy address:
[   10.866272]  ffff88810294df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.866774]  ffff88810294e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.867090] >ffff88810294e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.867413]                                                     ^
[   10.867700]  ffff88810294e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.868060]  ffff88810294e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.868335] ==================================================================
[   10.735701] ==================================================================
[   10.736041] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.736414] Write of size 1 at addr ffff888100a372ea by task kunit_try_catch/176
[   10.737312] 
[   10.737417] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.737461] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.737472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.737493] Call Trace:
[   10.737505]  <TASK>
[   10.737519]  dump_stack_lvl+0x73/0xb0
[   10.737546]  print_report+0xd1/0x650
[   10.737569]  ? __virt_addr_valid+0x1db/0x2d0
[   10.737590]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.737614]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.737636]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.737660]  kasan_report+0x141/0x180
[   10.737682]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.737710]  __asan_report_store1_noabort+0x1b/0x30
[   10.737733]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.737758]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.737782]  ? finish_task_switch.isra.0+0x153/0x700
[   10.737803]  ? __switch_to+0x47/0xf50
[   10.737827]  ? __schedule+0x10cc/0x2b60
[   10.737849]  ? __pfx_read_tsc+0x10/0x10
[   10.737873]  krealloc_less_oob+0x1c/0x30
[   10.737893]  kunit_try_run_case+0x1a5/0x480
[   10.737914]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.737932]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.737956]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.737979]  ? __kthread_parkme+0x82/0x180
[   10.737999]  ? preempt_count_sub+0x50/0x80
[   10.738021]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.738048]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.738071]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.738096]  kthread+0x337/0x6f0
[   10.738114]  ? trace_preempt_on+0x20/0xc0
[   10.738137]  ? __pfx_kthread+0x10/0x10
[   10.738157]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.738179]  ? calculate_sigpending+0x7b/0xa0
[   10.738202]  ? __pfx_kthread+0x10/0x10
[   10.738223]  ret_from_fork+0x116/0x1d0
[   10.738241]  ? __pfx_kthread+0x10/0x10
[   10.738261]  ret_from_fork_asm+0x1a/0x30
[   10.738292]  </TASK>
[   10.738303] 
[   10.746494] Allocated by task 176:
[   10.746627]  kasan_save_stack+0x45/0x70
[   10.746946]  kasan_save_track+0x18/0x40
[   10.747152]  kasan_save_alloc_info+0x3b/0x50
[   10.747532]  __kasan_krealloc+0x190/0x1f0
[   10.747764]  krealloc_noprof+0xf3/0x340
[   10.747956]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.748272]  krealloc_less_oob+0x1c/0x30
[   10.748452]  kunit_try_run_case+0x1a5/0x480
[   10.748665]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.748902]  kthread+0x337/0x6f0
[   10.749101]  ret_from_fork+0x116/0x1d0
[   10.749386]  ret_from_fork_asm+0x1a/0x30
[   10.749593] 
[   10.749670] The buggy address belongs to the object at ffff888100a37200
[   10.749670]  which belongs to the cache kmalloc-256 of size 256
[   10.750435] The buggy address is located 33 bytes to the right of
[   10.750435]  allocated 201-byte region [ffff888100a37200, ffff888100a372c9)
[   10.750972] 
[   10.751072] The buggy address belongs to the physical page:
[   10.751367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.751736] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.752033] flags: 0x200000000000040(head|node=0|zone=2)
[   10.752243] page_type: f5(slab)
[   10.752362] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.752708] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.753047] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.753358] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.753603] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.754129] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.754396] page dumped because: kasan: bad access detected
[   10.754568] 
[   10.754637] Memory state around the buggy address:
[   10.754836]  ffff888100a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.755157]  ffff888100a37200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.755521] >ffff888100a37280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.755830]                                                           ^
[   10.756151]  ffff888100a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.756370]  ffff888100a37380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.756708] ==================================================================
[   10.690393] ==================================================================
[   10.690669] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.691443] Write of size 1 at addr ffff888100a372d0 by task kunit_try_catch/176
[   10.691776] 
[   10.691891] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.691935] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.691947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.691967] Call Trace:
[   10.691982]  <TASK>
[   10.691997]  dump_stack_lvl+0x73/0xb0
[   10.692025]  print_report+0xd1/0x650
[   10.692047]  ? __virt_addr_valid+0x1db/0x2d0
[   10.692069]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.692092]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.692114]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.692138]  kasan_report+0x141/0x180
[   10.692159]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.692187]  __asan_report_store1_noabort+0x1b/0x30
[   10.692208]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.692233]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.692345]  ? finish_task_switch.isra.0+0x153/0x700
[   10.692367]  ? __switch_to+0x47/0xf50
[   10.692405]  ? __schedule+0x10cc/0x2b60
[   10.692428]  ? __pfx_read_tsc+0x10/0x10
[   10.692452]  krealloc_less_oob+0x1c/0x30
[   10.692473]  kunit_try_run_case+0x1a5/0x480
[   10.692494]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.692513]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.692536]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.692560]  ? __kthread_parkme+0x82/0x180
[   10.692579]  ? preempt_count_sub+0x50/0x80
[   10.692602]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.692624]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.692648]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.692672]  kthread+0x337/0x6f0
[   10.692690]  ? trace_preempt_on+0x20/0xc0
[   10.692713]  ? __pfx_kthread+0x10/0x10
[   10.692745]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.692767]  ? calculate_sigpending+0x7b/0xa0
[   10.692790]  ? __pfx_kthread+0x10/0x10
[   10.692810]  ret_from_fork+0x116/0x1d0
[   10.692828]  ? __pfx_kthread+0x10/0x10
[   10.692848]  ret_from_fork_asm+0x1a/0x30
[   10.692878]  </TASK>
[   10.692887] 
[   10.703591] Allocated by task 176:
[   10.704048]  kasan_save_stack+0x45/0x70
[   10.704331]  kasan_save_track+0x18/0x40
[   10.704492]  kasan_save_alloc_info+0x3b/0x50
[   10.704872]  __kasan_krealloc+0x190/0x1f0
[   10.705107]  krealloc_noprof+0xf3/0x340
[   10.705292]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.705532]  krealloc_less_oob+0x1c/0x30
[   10.705712]  kunit_try_run_case+0x1a5/0x480
[   10.706174]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.706544]  kthread+0x337/0x6f0
[   10.706731]  ret_from_fork+0x116/0x1d0
[   10.707255]  ret_from_fork_asm+0x1a/0x30
[   10.707453] 
[   10.707646] The buggy address belongs to the object at ffff888100a37200
[   10.707646]  which belongs to the cache kmalloc-256 of size 256
[   10.708154] The buggy address is located 7 bytes to the right of
[   10.708154]  allocated 201-byte region [ffff888100a37200, ffff888100a372c9)
[   10.708675] 
[   10.708850] The buggy address belongs to the physical page:
[   10.709035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.709356] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.709660] flags: 0x200000000000040(head|node=0|zone=2)
[   10.710102] page_type: f5(slab)
[   10.710277] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.710583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.710839] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.711180] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.711550] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.711973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.712340] page dumped because: kasan: bad access detected
[   10.712529] 
[   10.712623] Memory state around the buggy address:
[   10.712854]  ffff888100a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.713335]  ffff888100a37200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.713658] >ffff888100a37280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.713940]                                                  ^
[   10.714196]  ffff888100a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.714587]  ffff888100a37380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.714868] ==================================================================
[   10.657139] ==================================================================
[   10.658131] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.658407] Write of size 1 at addr ffff888100a372c9 by task kunit_try_catch/176
[   10.658634] 
[   10.658722] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.658765] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.658777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.658797] Call Trace:
[   10.658810]  <TASK>
[   10.658826]  dump_stack_lvl+0x73/0xb0
[   10.658852]  print_report+0xd1/0x650
[   10.658876]  ? __virt_addr_valid+0x1db/0x2d0
[   10.658897]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.658921]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.658943]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.658966]  kasan_report+0x141/0x180
[   10.658988]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.659016]  __asan_report_store1_noabort+0x1b/0x30
[   10.659037]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.659062]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.659086]  ? finish_task_switch.isra.0+0x153/0x700
[   10.659107]  ? __switch_to+0x47/0xf50
[   10.659131]  ? __schedule+0x10cc/0x2b60
[   10.659154]  ? __pfx_read_tsc+0x10/0x10
[   10.659178]  krealloc_less_oob+0x1c/0x30
[   10.659199]  kunit_try_run_case+0x1a5/0x480
[   10.659220]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.659239]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.659262]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.659286]  ? __kthread_parkme+0x82/0x180
[   10.659305]  ? preempt_count_sub+0x50/0x80
[   10.659327]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.659347]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.659370]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.659403]  kthread+0x337/0x6f0
[   10.659422]  ? trace_preempt_on+0x20/0xc0
[   10.659446]  ? __pfx_kthread+0x10/0x10
[   10.659466]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.659880]  ? calculate_sigpending+0x7b/0xa0
[   10.659908]  ? __pfx_kthread+0x10/0x10
[   10.659930]  ret_from_fork+0x116/0x1d0
[   10.660138]  ? __pfx_kthread+0x10/0x10
[   10.660162]  ret_from_fork_asm+0x1a/0x30
[   10.660193]  </TASK>
[   10.660204] 
[   10.673655] Allocated by task 176:
[   10.673926]  kasan_save_stack+0x45/0x70
[   10.674437]  kasan_save_track+0x18/0x40
[   10.674817]  kasan_save_alloc_info+0x3b/0x50
[   10.674963]  __kasan_krealloc+0x190/0x1f0
[   10.675483]  krealloc_noprof+0xf3/0x340
[   10.675887]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.676232]  krealloc_less_oob+0x1c/0x30
[   10.676394]  kunit_try_run_case+0x1a5/0x480
[   10.676845]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.677413]  kthread+0x337/0x6f0
[   10.677683]  ret_from_fork+0x116/0x1d0
[   10.678123]  ret_from_fork_asm+0x1a/0x30
[   10.678405] 
[   10.678477] The buggy address belongs to the object at ffff888100a37200
[   10.678477]  which belongs to the cache kmalloc-256 of size 256
[   10.678972] The buggy address is located 0 bytes to the right of
[   10.678972]  allocated 201-byte region [ffff888100a37200, ffff888100a372c9)
[   10.680248] 
[   10.680445] The buggy address belongs to the physical page:
[   10.680872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.681118] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.681339] flags: 0x200000000000040(head|node=0|zone=2)
[   10.681970] page_type: f5(slab)
[   10.682426] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.683135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.684042] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.684586] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.684848] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.685739] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.686552] page dumped because: kasan: bad access detected
[   10.686934] 
[   10.687012] Memory state around the buggy address:
[   10.687336]  ffff888100a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.688006]  ffff888100a37200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.688410] >ffff888100a37280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.688629]                                               ^
[   10.688829]  ffff888100a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.689129]  ffff888100a37380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.689527] ==================================================================
[   10.868614] ==================================================================
[   10.869087] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.869460] Write of size 1 at addr ffff88810294e0ea by task kunit_try_catch/180
[   10.869781] 
[   10.869890] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.869933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.869944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.869964] Call Trace:
[   10.869978]  <TASK>
[   10.869992]  dump_stack_lvl+0x73/0xb0
[   10.870016]  print_report+0xd1/0x650
[   10.870041]  ? __virt_addr_valid+0x1db/0x2d0
[   10.870062]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.870085]  ? kasan_addr_to_slab+0x11/0xa0
[   10.870106]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.870129]  kasan_report+0x141/0x180
[   10.870151]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.870179]  __asan_report_store1_noabort+0x1b/0x30
[   10.870200]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.870226]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.870250]  ? finish_task_switch.isra.0+0x153/0x700
[   10.870271]  ? __switch_to+0x47/0xf50
[   10.870295]  ? __schedule+0x10cc/0x2b60
[   10.870318]  ? __pfx_read_tsc+0x10/0x10
[   10.870341]  krealloc_large_less_oob+0x1c/0x30
[   10.870363]  kunit_try_run_case+0x1a5/0x480
[   10.870393]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.870412]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.870435]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.870459]  ? __kthread_parkme+0x82/0x180
[   10.870478]  ? preempt_count_sub+0x50/0x80
[   10.870500]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.870520]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.870544]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.870567]  kthread+0x337/0x6f0
[   10.870586]  ? trace_preempt_on+0x20/0xc0
[   10.870608]  ? __pfx_kthread+0x10/0x10
[   10.870628]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.870650]  ? calculate_sigpending+0x7b/0xa0
[   10.870673]  ? __pfx_kthread+0x10/0x10
[   10.870694]  ret_from_fork+0x116/0x1d0
[   10.870711]  ? __pfx_kthread+0x10/0x10
[   10.870731]  ret_from_fork_asm+0x1a/0x30
[   10.870761]  </TASK>
[   10.870770] 
[   10.881820] The buggy address belongs to the physical page:
[   10.882373] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c
[   10.883138] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.883814] flags: 0x200000000000040(head|node=0|zone=2)
[   10.884351] page_type: f8(unknown)
[   10.884557] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.884796] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.885026] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.885261] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.886225] head: 0200000000000002 ffffea00040a5301 00000000ffffffff 00000000ffffffff
[   10.886929] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.887671] page dumped because: kasan: bad access detected
[   10.888264] 
[   10.888445] Memory state around the buggy address:
[   10.888902]  ffff88810294df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.889625]  ffff88810294e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.890500] >ffff88810294e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.891288]                                                           ^
[   10.892010]  ffff88810294e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.892412]  ffff88810294e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.892629] ==================================================================
[   10.757249] ==================================================================
[   10.757575] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.757901] Write of size 1 at addr ffff888100a372eb by task kunit_try_catch/176
[   10.758411] 
[   10.758499] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.758541] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.758552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.758571] Call Trace:
[   10.758586]  <TASK>
[   10.758601]  dump_stack_lvl+0x73/0xb0
[   10.758628]  print_report+0xd1/0x650
[   10.758650]  ? __virt_addr_valid+0x1db/0x2d0
[   10.758671]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.758694]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.758716]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.758740]  kasan_report+0x141/0x180
[   10.758761]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.758790]  __asan_report_store1_noabort+0x1b/0x30
[   10.758810]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.758835]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.758859]  ? finish_task_switch.isra.0+0x153/0x700
[   10.758880]  ? __switch_to+0x47/0xf50
[   10.758904]  ? __schedule+0x10cc/0x2b60
[   10.758928]  ? __pfx_read_tsc+0x10/0x10
[   10.758951]  krealloc_less_oob+0x1c/0x30
[   10.758972]  kunit_try_run_case+0x1a5/0x480
[   10.758992]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.759010]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.759034]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.759057]  ? __kthread_parkme+0x82/0x180
[   10.759076]  ? preempt_count_sub+0x50/0x80
[   10.759099]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.759119]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.759142]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.759165]  kthread+0x337/0x6f0
[   10.759184]  ? trace_preempt_on+0x20/0xc0
[   10.759207]  ? __pfx_kthread+0x10/0x10
[   10.759227]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.759249]  ? calculate_sigpending+0x7b/0xa0
[   10.759274]  ? __pfx_kthread+0x10/0x10
[   10.759296]  ret_from_fork+0x116/0x1d0
[   10.759313]  ? __pfx_kthread+0x10/0x10
[   10.759333]  ret_from_fork_asm+0x1a/0x30
[   10.759362]  </TASK>
[   10.759371] 
[   10.767659] Allocated by task 176:
[   10.767997]  kasan_save_stack+0x45/0x70
[   10.768206]  kasan_save_track+0x18/0x40
[   10.768418]  kasan_save_alloc_info+0x3b/0x50
[   10.768626]  __kasan_krealloc+0x190/0x1f0
[   10.768933]  krealloc_noprof+0xf3/0x340
[   10.769102]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.769321]  krealloc_less_oob+0x1c/0x30
[   10.769499]  kunit_try_run_case+0x1a5/0x480
[   10.769683]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.769944]  kthread+0x337/0x6f0
[   10.770133]  ret_from_fork+0x116/0x1d0
[   10.770365]  ret_from_fork_asm+0x1a/0x30
[   10.770513] 
[   10.770582] The buggy address belongs to the object at ffff888100a37200
[   10.770582]  which belongs to the cache kmalloc-256 of size 256
[   10.770932] The buggy address is located 34 bytes to the right of
[   10.770932]  allocated 201-byte region [ffff888100a37200, ffff888100a372c9)
[   10.771533] 
[   10.771630] The buggy address belongs to the physical page:
[   10.771876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.772191] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.772426] flags: 0x200000000000040(head|node=0|zone=2)
[   10.772601] page_type: f5(slab)
[   10.772719] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.773517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.774091] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.774438] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.774672] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.774915] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.775428] page dumped because: kasan: bad access detected
[   10.775677] 
[   10.775769] Memory state around the buggy address:
[   10.776089]  ffff888100a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.776385]  ffff888100a37200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.776623] >ffff888100a37280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.777179]                                                           ^
[   10.777445]  ffff888100a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.777737]  ffff888100a37380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.777975] ==================================================================
[   10.817204] ==================================================================
[   10.817711] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.818335] Write of size 1 at addr ffff88810294e0c9 by task kunit_try_catch/180
[   10.818674] 
[   10.818775] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.818819] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.818831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.818853] Call Trace:
[   10.818864]  <TASK>
[   10.818878]  dump_stack_lvl+0x73/0xb0
[   10.818906]  print_report+0xd1/0x650
[   10.818929]  ? __virt_addr_valid+0x1db/0x2d0
[   10.818952]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.818975]  ? kasan_addr_to_slab+0x11/0xa0
[   10.818995]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.819018]  kasan_report+0x141/0x180
[   10.819040]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.819068]  __asan_report_store1_noabort+0x1b/0x30
[   10.819088]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.819113]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.819137]  ? finish_task_switch.isra.0+0x153/0x700
[   10.819158]  ? __switch_to+0x47/0xf50
[   10.819184]  ? __schedule+0x10cc/0x2b60
[   10.819207]  ? __pfx_read_tsc+0x10/0x10
[   10.819319]  krealloc_large_less_oob+0x1c/0x30
[   10.819344]  kunit_try_run_case+0x1a5/0x480
[   10.819366]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.819397]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.819421]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.819445]  ? __kthread_parkme+0x82/0x180
[   10.819464]  ? preempt_count_sub+0x50/0x80
[   10.819487]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.819507]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.819530]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.819555]  kthread+0x337/0x6f0
[   10.819574]  ? trace_preempt_on+0x20/0xc0
[   10.819598]  ? __pfx_kthread+0x10/0x10
[   10.819618]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.819640]  ? calculate_sigpending+0x7b/0xa0
[   10.819664]  ? __pfx_kthread+0x10/0x10
[   10.819684]  ret_from_fork+0x116/0x1d0
[   10.819702]  ? __pfx_kthread+0x10/0x10
[   10.819731]  ret_from_fork_asm+0x1a/0x30
[   10.819761]  </TASK>
[   10.819771] 
[   10.827613] The buggy address belongs to the physical page:
[   10.827802] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c
[   10.828187] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.828533] flags: 0x200000000000040(head|node=0|zone=2)
[   10.828833] page_type: f8(unknown)
[   10.829045] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.829306] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.829644] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.830045] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.830625] head: 0200000000000002 ffffea00040a5301 00000000ffffffff 00000000ffffffff
[   10.831003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.831408] page dumped because: kasan: bad access detected
[   10.831643] 
[   10.831740] Memory state around the buggy address:
[   10.832042]  ffff88810294df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.832325]  ffff88810294e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.832664] >ffff88810294e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.832983]                                               ^
[   10.833248]  ffff88810294e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.833563]  ffff88810294e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.833903] ==================================================================
[   10.834567] ==================================================================
[   10.834931] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.835485] Write of size 1 at addr ffff88810294e0d0 by task kunit_try_catch/180
[   10.835788] 
[   10.835899] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.835941] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.835953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.835973] Call Trace:
[   10.835985]  <TASK>
[   10.836000]  dump_stack_lvl+0x73/0xb0
[   10.836030]  print_report+0xd1/0x650
[   10.836054]  ? __virt_addr_valid+0x1db/0x2d0
[   10.836077]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.836100]  ? kasan_addr_to_slab+0x11/0xa0
[   10.836121]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.836144]  kasan_report+0x141/0x180
[   10.836166]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.836194]  __asan_report_store1_noabort+0x1b/0x30
[   10.836215]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.836241]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.836264]  ? finish_task_switch.isra.0+0x153/0x700
[   10.836286]  ? __switch_to+0x47/0xf50
[   10.836311]  ? __schedule+0x10cc/0x2b60
[   10.836335]  ? __pfx_read_tsc+0x10/0x10
[   10.836360]  krealloc_large_less_oob+0x1c/0x30
[   10.836393]  kunit_try_run_case+0x1a5/0x480
[   10.836415]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.836434]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.836458]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.836482]  ? __kthread_parkme+0x82/0x180
[   10.836501]  ? preempt_count_sub+0x50/0x80
[   10.836523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.836543]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.836566]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.836590]  kthread+0x337/0x6f0
[   10.836609]  ? trace_preempt_on+0x20/0xc0
[   10.836633]  ? __pfx_kthread+0x10/0x10
[   10.836653]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.836675]  ? calculate_sigpending+0x7b/0xa0
[   10.836699]  ? __pfx_kthread+0x10/0x10
[   10.836720]  ret_from_fork+0x116/0x1d0
[   10.836738]  ? __pfx_kthread+0x10/0x10
[   10.836758]  ret_from_fork_asm+0x1a/0x30
[   10.836788]  </TASK>
[   10.836797] 
[   10.844442] The buggy address belongs to the physical page:
[   10.844624] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c
[   10.845326] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.845646] flags: 0x200000000000040(head|node=0|zone=2)
[   10.845947] page_type: f8(unknown)
[   10.846083] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.846348] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.846710] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.847197] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.847504] head: 0200000000000002 ffffea00040a5301 00000000ffffffff 00000000ffffffff
[   10.847845] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.848071] page dumped because: kasan: bad access detected
[   10.848240] 
[   10.848310] Memory state around the buggy address:
[   10.848544]  ffff88810294df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.849215]  ffff88810294e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.849541] >ffff88810294e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.849755]                                                  ^
[   10.849933]  ffff88810294e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.850439]  ffff88810294e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.850873] ==================================================================
[   10.893190] ==================================================================
[   10.893883] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.894633] Write of size 1 at addr ffff88810294e0eb by task kunit_try_catch/180
[   10.895404] 
[   10.895580] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.895626] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.895638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.895658] Call Trace:
[   10.895670]  <TASK>
[   10.895685]  dump_stack_lvl+0x73/0xb0
[   10.895711]  print_report+0xd1/0x650
[   10.895734]  ? __virt_addr_valid+0x1db/0x2d0
[   10.895755]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.895778]  ? kasan_addr_to_slab+0x11/0xa0
[   10.895798]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.895822]  kasan_report+0x141/0x180
[   10.895852]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.895881]  __asan_report_store1_noabort+0x1b/0x30
[   10.895901]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.895926]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.895950]  ? finish_task_switch.isra.0+0x153/0x700
[   10.895971]  ? __switch_to+0x47/0xf50
[   10.895995]  ? __schedule+0x10cc/0x2b60
[   10.896065]  ? __pfx_read_tsc+0x10/0x10
[   10.896089]  krealloc_large_less_oob+0x1c/0x30
[   10.896112]  kunit_try_run_case+0x1a5/0x480
[   10.896132]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.896151]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.896174]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.896198]  ? __kthread_parkme+0x82/0x180
[   10.896217]  ? preempt_count_sub+0x50/0x80
[   10.896239]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.896259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.896283]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.896306]  kthread+0x337/0x6f0
[   10.896325]  ? trace_preempt_on+0x20/0xc0
[   10.896347]  ? __pfx_kthread+0x10/0x10
[   10.896367]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.896401]  ? calculate_sigpending+0x7b/0xa0
[   10.896424]  ? __pfx_kthread+0x10/0x10
[   10.896445]  ret_from_fork+0x116/0x1d0
[   10.896462]  ? __pfx_kthread+0x10/0x10
[   10.896483]  ret_from_fork_asm+0x1a/0x30
[   10.896513]  </TASK>
[   10.896523] 
[   10.904971] The buggy address belongs to the physical page:
[   10.905244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c
[   10.905595] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.906052] flags: 0x200000000000040(head|node=0|zone=2)
[   10.906305] page_type: f8(unknown)
[   10.906478] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.906808] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.907086] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.907469] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.907709] head: 0200000000000002 ffffea00040a5301 00000000ffffffff 00000000ffffffff
[   10.908005] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.908344] page dumped because: kasan: bad access detected
[   10.908612] 
[   10.908704] Memory state around the buggy address:
[   10.908886]  ffff88810294df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.909154]  ffff88810294e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.909370] >ffff88810294e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.910052]                                                           ^
[   10.910390]  ffff88810294e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.910685]  ffff88810294e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.910998] ==================================================================
[   10.715658] ==================================================================
[   10.715991] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.716339] Write of size 1 at addr ffff888100a372da by task kunit_try_catch/176
[   10.716612] 
[   10.716725] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc7-next-20250526 #1 PREEMPT(voluntary) 
[   10.716769] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.716780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.716801] Call Trace:
[   10.716812]  <TASK>
[   10.716826]  dump_stack_lvl+0x73/0xb0
[   10.716850]  print_report+0xd1/0x650
[   10.716873]  ? __virt_addr_valid+0x1db/0x2d0
[   10.716894]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.716917]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.716939]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.716962]  kasan_report+0x141/0x180
[   10.716984]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.717012]  __asan_report_store1_noabort+0x1b/0x30
[   10.717032]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.717058]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.717081]  ? finish_task_switch.isra.0+0x153/0x700
[   10.717102]  ? __switch_to+0x47/0xf50
[   10.717126]  ? __schedule+0x10cc/0x2b60
[   10.717149]  ? __pfx_read_tsc+0x10/0x10
[   10.717171]  krealloc_less_oob+0x1c/0x30
[   10.717193]  kunit_try_run_case+0x1a5/0x480
[   10.717212]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.717231]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.717255]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.717278]  ? __kthread_parkme+0x82/0x180
[   10.717297]  ? preempt_count_sub+0x50/0x80
[   10.717319]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.717339]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.717363]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.717397]  kthread+0x337/0x6f0
[   10.717415]  ? trace_preempt_on+0x20/0xc0
[   10.717438]  ? __pfx_kthread+0x10/0x10
[   10.717457]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.717479]  ? calculate_sigpending+0x7b/0xa0
[   10.717502]  ? __pfx_kthread+0x10/0x10
[   10.717523]  ret_from_fork+0x116/0x1d0
[   10.717540]  ? __pfx_kthread+0x10/0x10
[   10.717560]  ret_from_fork_asm+0x1a/0x30
[   10.717589]  </TASK>
[   10.717600] 
[   10.725057] Allocated by task 176:
[   10.725293]  kasan_save_stack+0x45/0x70
[   10.725492]  kasan_save_track+0x18/0x40
[   10.725692]  kasan_save_alloc_info+0x3b/0x50
[   10.725839]  __kasan_krealloc+0x190/0x1f0
[   10.725979]  krealloc_noprof+0xf3/0x340
[   10.726141]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.726422]  krealloc_less_oob+0x1c/0x30
[   10.726621]  kunit_try_run_case+0x1a5/0x480
[   10.726822]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.727065]  kthread+0x337/0x6f0
[   10.727187]  ret_from_fork+0x116/0x1d0
[   10.727542]  ret_from_fork_asm+0x1a/0x30
[   10.727817] 
[   10.727915] The buggy address belongs to the object at ffff888100a37200
[   10.727915]  which belongs to the cache kmalloc-256 of size 256
[   10.728428] The buggy address is located 17 bytes to the right of
[   10.728428]  allocated 201-byte region [ffff888100a37200, ffff888100a372c9)
[   10.729104] 
[   10.729222] The buggy address belongs to the physical page:
[   10.729485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36
[   10.729803] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.730036] flags: 0x200000000000040(head|node=0|zone=2)
[   10.730212] page_type: f5(slab)
[   10.730330] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.731065] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.731428] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.731843] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.732226] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff
[   10.732543] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.732891] page dumped because: kasan: bad access detected
[   10.733158] 
[   10.733229] Memory state around the buggy address:
[   10.733462]  ffff888100a37180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.733805]  ffff888100a37200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.734027] >ffff888100a37280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.734306]                                                     ^
[   10.734740]  ffff888100a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.735014]  ffff888100a37380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.735324] ==================================================================

KNOWN ISSUE - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper: Failure

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2xcwEtleCVFbykBd3frwUKpWhSE

job_id

TEST:linaro@lkft#2xcwLWYXo1r3LJpulqtiW2zsnrb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2xcwLWYXo1r3LJpulqtiW2zsnrb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/bzImage
sha256sum	b09b9976970e4221a2c7611dba5f82a6b21199333e8eaa872d8eeba71513307b

rootfs

url	https://storage.tuxboot.com/debian/20250425/trixie/amd64/rootfs.ext4.xz
sha256sum	3e64c22b7a85dd4a60fd0a31f22599e711e865f841aed0d517fae37e9c171158

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2xcwHqqp93abqTBQc904Rt03Tly/modules.tar.xz
sha256sum	2494407470591358d825e0a38516dda0affd27e1b84431d2c86d654acedface9

durations

tests

boot	0
kunit	198.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit KNOWN ISSUE Automatically assigned