lkft/linux-stable-rc-linux-6.15.y - v6.15.1-35-g04e133874a24 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64

[   22.215132] ==================================================================
[   22.215260] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   22.215392] Write of size 1 at addr fff00000c57b0ceb by task kunit_try_catch/162
[   22.215531] 
[   22.215624] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.215837] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.215906] Hardware name: linux,dummy-virt (DT)
[   22.215995] Call trace:
[   22.216080]  show_stack+0x20/0x38 (C)
[   22.216254]  dump_stack_lvl+0x8c/0xd0
[   22.216424]  print_report+0x118/0x608
[   22.216527]  kasan_report+0xdc/0x128
[   22.216633]  __asan_report_store1_noabort+0x20/0x30
[   22.216762]  krealloc_less_oob_helper+0xa58/0xc50
[   22.216888]  krealloc_less_oob+0x20/0x38
[   22.217072]  kunit_try_run_case+0x170/0x3f0
[   22.217215]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.217350]  kthread+0x328/0x630
[   22.217472]  ret_from_fork+0x10/0x20
[   22.217593] 
[   22.217658] Allocated by task 162:
[   22.217770]  kasan_save_stack+0x3c/0x68
[   22.217868]  kasan_save_track+0x20/0x40
[   22.217964]  kasan_save_alloc_info+0x40/0x58
[   22.218073]  __kasan_krealloc+0x118/0x178
[   22.218200]  krealloc_noprof+0x128/0x360
[   22.218325]  krealloc_less_oob_helper+0x168/0xc50
[   22.218549]  krealloc_less_oob+0x20/0x38
[   22.218677]  kunit_try_run_case+0x170/0x3f0
[   22.218790]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.218904]  kthread+0x328/0x630
[   22.218989]  ret_from_fork+0x10/0x20
[   22.219059] 
[   22.219096] The buggy address belongs to the object at fff00000c57b0c00
[   22.219096]  which belongs to the cache kmalloc-256 of size 256
[   22.219227] The buggy address is located 34 bytes to the right of
[   22.219227]  allocated 201-byte region [fff00000c57b0c00, fff00000c57b0cc9)
[   22.219908] 
[   22.219987] The buggy address belongs to the physical page:
[   22.220209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057b0
[   22.220602] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.221291] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.221896] page_type: f5(slab)
[   22.222172] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.222597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.222711] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.222804] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.222916] head: 0bfffe0000000001 ffffc1ffc315ec01 00000000ffffffff 00000000ffffffff
[   22.224420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.225499] page dumped because: kasan: bad access detected
[   22.225946] 
[   22.226005] Memory state around the buggy address:
[   22.226298]  fff00000c57b0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.227364]  fff00000c57b0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.227493] >fff00000c57b0c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.227648]                                                           ^
[   22.227912]  fff00000c57b0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.228170]  fff00000c57b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.228281] ==================================================================
[   22.325019] ==================================================================
[   22.325128] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   22.325277] Write of size 1 at addr fff00000c777e0ea by task kunit_try_catch/166
[   22.325419] 
[   22.325501] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.325711] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.325779] Hardware name: linux,dummy-virt (DT)
[   22.325857] Call trace:
[   22.325911]  show_stack+0x20/0x38 (C)
[   22.326030]  dump_stack_lvl+0x8c/0xd0
[   22.326152]  print_report+0x118/0x608
[   22.326283]  kasan_report+0xdc/0x128
[   22.326410]  __asan_report_store1_noabort+0x20/0x30
[   22.326578]  krealloc_less_oob_helper+0xae4/0xc50
[   22.326706]  krealloc_large_less_oob+0x20/0x38
[   22.326845]  kunit_try_run_case+0x170/0x3f0
[   22.326981]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.327127]  kthread+0x328/0x630
[   22.327292]  ret_from_fork+0x10/0x20
[   22.327447] 
[   22.327518] The buggy address belongs to the physical page:
[   22.327609] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10777c
[   22.327818] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.327934] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.328043] page_type: f8(unknown)
[   22.328305] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.328455] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.328587] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.328715] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.328841] head: 0bfffe0000000002 ffffc1ffc31ddf01 00000000ffffffff 00000000ffffffff
[   22.329822] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.330362] page dumped because: kasan: bad access detected
[   22.330466] 
[   22.330699] Memory state around the buggy address:
[   22.330972]  fff00000c777df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.331092]  fff00000c777e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.331191] >fff00000c777e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.331277]                                                           ^
[   22.331545]  fff00000c777e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.331780]  fff00000c777e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.331995] ==================================================================
[   22.333792] ==================================================================
[   22.333919] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   22.334057] Write of size 1 at addr fff00000c777e0eb by task kunit_try_catch/166
[   22.334187] 
[   22.334274] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.335269] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.335479] Hardware name: linux,dummy-virt (DT)
[   22.335605] Call trace:
[   22.335748]  show_stack+0x20/0x38 (C)
[   22.336076]  dump_stack_lvl+0x8c/0xd0
[   22.336320]  print_report+0x118/0x608
[   22.336548]  kasan_report+0xdc/0x128
[   22.336909]  __asan_report_store1_noabort+0x20/0x30
[   22.337431]  krealloc_less_oob_helper+0xa58/0xc50
[   22.337570]  krealloc_large_less_oob+0x20/0x38
[   22.338147]  kunit_try_run_case+0x170/0x3f0
[   22.338318]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.338606]  kthread+0x328/0x630
[   22.338841]  ret_from_fork+0x10/0x20
[   22.338952] 
[   22.338993] The buggy address belongs to the physical page:
[   22.339071] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10777c
[   22.339885] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.340187] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.340964] page_type: f8(unknown)
[   22.341236] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.342156] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.342327] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.342537] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.342666] head: 0bfffe0000000002 ffffc1ffc31ddf01 00000000ffffffff 00000000ffffffff
[   22.343194] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.343365] page dumped because: kasan: bad access detected
[   22.343441] 
[   22.343475] Memory state around the buggy address:
[   22.343573]  fff00000c777df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.343676]  fff00000c777e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.343756] >fff00000c777e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.343821]                                                           ^
[   22.343913]  fff00000c777e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.344068]  fff00000c777e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.344176] ==================================================================
[   22.195307] ==================================================================
[   22.195449] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   22.195584] Write of size 1 at addr fff00000c57b0cda by task kunit_try_catch/162
[   22.195708] 
[   22.195795] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.196002] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.196069] Hardware name: linux,dummy-virt (DT)
[   22.196148] Call trace:
[   22.196241]  show_stack+0x20/0x38 (C)
[   22.196356]  dump_stack_lvl+0x8c/0xd0
[   22.196486]  print_report+0x118/0x608
[   22.196608]  kasan_report+0xdc/0x128
[   22.196718]  __asan_report_store1_noabort+0x20/0x30
[   22.196916]  krealloc_less_oob_helper+0xa80/0xc50
[   22.197114]  krealloc_less_oob+0x20/0x38
[   22.197290]  kunit_try_run_case+0x170/0x3f0
[   22.197482]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.197637]  kthread+0x328/0x630
[   22.197798]  ret_from_fork+0x10/0x20
[   22.197966] 
[   22.198029] Allocated by task 162:
[   22.198124]  kasan_save_stack+0x3c/0x68
[   22.198257]  kasan_save_track+0x20/0x40
[   22.198423]  kasan_save_alloc_info+0x40/0x58
[   22.198514]  __kasan_krealloc+0x118/0x178
[   22.198602]  krealloc_noprof+0x128/0x360
[   22.198865]  krealloc_less_oob_helper+0x168/0xc50
[   22.199088]  krealloc_less_oob+0x20/0x38
[   22.199416]  kunit_try_run_case+0x170/0x3f0
[   22.199897]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.200052]  kthread+0x328/0x630
[   22.200136]  ret_from_fork+0x10/0x20
[   22.200230] 
[   22.200279] The buggy address belongs to the object at fff00000c57b0c00
[   22.200279]  which belongs to the cache kmalloc-256 of size 256
[   22.200430] The buggy address is located 17 bytes to the right of
[   22.200430]  allocated 201-byte region [fff00000c57b0c00, fff00000c57b0cc9)
[   22.200545] 
[   22.200581] The buggy address belongs to the physical page:
[   22.200650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057b0
[   22.200838] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.200960] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.201118] page_type: f5(slab)
[   22.201255] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.201434] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.201593] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.201709] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.202085] head: 0bfffe0000000001 ffffc1ffc315ec01 00000000ffffffff 00000000ffffffff
[   22.202793] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.202941] page dumped because: kasan: bad access detected
[   22.203009] 
[   22.203044] Memory state around the buggy address:
[   22.203141]  fff00000c57b0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.203243]  fff00000c57b0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.203372] >fff00000c57b0c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.203474]                                                     ^
[   22.203779]  fff00000c57b0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.203900]  fff00000c57b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.203989] ==================================================================
[   22.313277] ==================================================================
[   22.313423] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   22.313573] Write of size 1 at addr fff00000c777e0d0 by task kunit_try_catch/166
[   22.313755] 
[   22.313833] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.314037] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.314130] Hardware name: linux,dummy-virt (DT)
[   22.314228] Call trace:
[   22.314306]  show_stack+0x20/0x38 (C)
[   22.314481]  dump_stack_lvl+0x8c/0xd0
[   22.314718]  print_report+0x118/0x608
[   22.314910]  kasan_report+0xdc/0x128
[   22.315031]  __asan_report_store1_noabort+0x20/0x30
[   22.315160]  krealloc_less_oob_helper+0xb9c/0xc50
[   22.315269]  krealloc_large_less_oob+0x20/0x38
[   22.315597]  kunit_try_run_case+0x170/0x3f0
[   22.315745]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.315892]  kthread+0x328/0x630
[   22.316010]  ret_from_fork+0x10/0x20
[   22.316139] 
[   22.316194] The buggy address belongs to the physical page:
[   22.316277] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10777c
[   22.316444] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.316627] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.316788] page_type: f8(unknown)
[   22.316893] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.317022] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.317150] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.317276] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.317411] head: 0bfffe0000000002 ffffc1ffc31ddf01 00000000ffffffff 00000000ffffffff
[   22.317524] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.317624] page dumped because: kasan: bad access detected
[   22.317695] 
[   22.317740] Memory state around the buggy address:
[   22.317895]  fff00000c777df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.318013]  fff00000c777e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.318123] >fff00000c777e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.318212]                                                  ^
[   22.318355]  fff00000c777e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.318489]  fff00000c777e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.318572] ==================================================================
[   22.306748] ==================================================================
[   22.306859] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   22.306960] Write of size 1 at addr fff00000c777e0c9 by task kunit_try_catch/166
[   22.307020] 
[   22.307074] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.307174] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.307205] Hardware name: linux,dummy-virt (DT)
[   22.307242] Call trace:
[   22.307271]  show_stack+0x20/0x38 (C)
[   22.307331]  dump_stack_lvl+0x8c/0xd0
[   22.307388]  print_report+0x118/0x608
[   22.307541]  kasan_report+0xdc/0x128
[   22.307702]  __asan_report_store1_noabort+0x20/0x30
[   22.307883]  krealloc_less_oob_helper+0xa48/0xc50
[   22.308009]  krealloc_large_less_oob+0x20/0x38
[   22.308107]  kunit_try_run_case+0x170/0x3f0
[   22.308223]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.308419]  kthread+0x328/0x630
[   22.308594]  ret_from_fork+0x10/0x20
[   22.308770] 
[   22.308843] The buggy address belongs to the physical page:
[   22.308966] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10777c
[   22.309107] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.309229] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.309371] page_type: f8(unknown)
[   22.309476] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.309683] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.310106] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.310451] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.310632] head: 0bfffe0000000002 ffffc1ffc31ddf01 00000000ffffffff 00000000ffffffff
[   22.310781] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.310900] page dumped because: kasan: bad access detected
[   22.310978] 
[   22.311040] Memory state around the buggy address:
[   22.311158]  fff00000c777df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.311268]  fff00000c777e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.311365] >fff00000c777e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.311452]                                               ^
[   22.311540]  fff00000c777e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.311642]  fff00000c777e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.311752] ==================================================================
[   22.188150] ==================================================================
[   22.188251] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   22.188339] Write of size 1 at addr fff00000c57b0cd0 by task kunit_try_catch/162
[   22.188398] 
[   22.188514] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.188803] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.188866] Hardware name: linux,dummy-virt (DT)
[   22.188929] Call trace:
[   22.188976]  show_stack+0x20/0x38 (C)
[   22.189084]  dump_stack_lvl+0x8c/0xd0
[   22.189193]  print_report+0x118/0x608
[   22.189296]  kasan_report+0xdc/0x128
[   22.189838]  __asan_report_store1_noabort+0x20/0x30
[   22.190013]  krealloc_less_oob_helper+0xb9c/0xc50
[   22.190162]  krealloc_less_oob+0x20/0x38
[   22.190323]  kunit_try_run_case+0x170/0x3f0
[   22.190501]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.190657]  kthread+0x328/0x630
[   22.190757]  ret_from_fork+0x10/0x20
[   22.190860] 
[   22.190922] Allocated by task 162:
[   22.190995]  kasan_save_stack+0x3c/0x68
[   22.191097]  kasan_save_track+0x20/0x40
[   22.191151]  kasan_save_alloc_info+0x40/0x58
[   22.191196]  __kasan_krealloc+0x118/0x178
[   22.191238]  krealloc_noprof+0x128/0x360
[   22.191279]  krealloc_less_oob_helper+0x168/0xc50
[   22.191330]  krealloc_less_oob+0x20/0x38
[   22.191373]  kunit_try_run_case+0x170/0x3f0
[   22.191445]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.191499]  kthread+0x328/0x630
[   22.191539]  ret_from_fork+0x10/0x20
[   22.191579] 
[   22.191604] The buggy address belongs to the object at fff00000c57b0c00
[   22.191604]  which belongs to the cache kmalloc-256 of size 256
[   22.191671] The buggy address is located 7 bytes to the right of
[   22.191671]  allocated 201-byte region [fff00000c57b0c00, fff00000c57b0cc9)
[   22.191741] 
[   22.191766] The buggy address belongs to the physical page:
[   22.191803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057b0
[   22.191866] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.191920] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.191988] page_type: f5(slab)
[   22.192038] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.192093] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.192148] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.192201] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.192255] head: 0bfffe0000000001 ffffc1ffc315ec01 00000000ffffffff 00000000ffffffff
[   22.192307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.192351] page dumped because: kasan: bad access detected
[   22.192386] 
[   22.192416] Memory state around the buggy address:
[   22.192458]  fff00000c57b0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.192509]  fff00000c57b0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.192556] >fff00000c57b0c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.192597]                                                  ^
[   22.192638]  fff00000c57b0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.192685]  fff00000c57b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.192727] ==================================================================
[   22.319632] ==================================================================
[   22.319753] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   22.319883] Write of size 1 at addr fff00000c777e0da by task kunit_try_catch/166
[   22.320012] 
[   22.320100] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.320311] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.320378] Hardware name: linux,dummy-virt (DT)
[   22.320464] Call trace:
[   22.320512]  show_stack+0x20/0x38 (C)
[   22.320628]  dump_stack_lvl+0x8c/0xd0
[   22.320828]  print_report+0x118/0x608
[   22.320935]  kasan_report+0xdc/0x128
[   22.321051]  __asan_report_store1_noabort+0x20/0x30
[   22.321175]  krealloc_less_oob_helper+0xa80/0xc50
[   22.321352]  krealloc_large_less_oob+0x20/0x38
[   22.321523]  kunit_try_run_case+0x170/0x3f0
[   22.321696]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.321831]  kthread+0x328/0x630
[   22.321944]  ret_from_fork+0x10/0x20
[   22.322073] 
[   22.322124] The buggy address belongs to the physical page:
[   22.322204] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10777c
[   22.322352] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.322486] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.322669] page_type: f8(unknown)
[   22.322757] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.322879] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.323050] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   22.323177] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   22.323330] head: 0bfffe0000000002 ffffc1ffc31ddf01 00000000ffffffff 00000000ffffffff
[   22.323487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   22.323617] page dumped because: kasan: bad access detected
[   22.323722] 
[   22.323787] Memory state around the buggy address:
[   22.323937]  fff00000c777df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.324050]  fff00000c777e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.324171] >fff00000c777e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   22.324268]                                                     ^
[   22.324364]  fff00000c777e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.324467]  fff00000c777e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   22.324540] ==================================================================
[   22.178047] ==================================================================
[   22.178232] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   22.178475] Write of size 1 at addr fff00000c57b0cc9 by task kunit_try_catch/162
[   22.178612] 
[   22.178702] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.178929] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.179002] Hardware name: linux,dummy-virt (DT)
[   22.179082] Call trace:
[   22.179147]  show_stack+0x20/0x38 (C)
[   22.179321]  dump_stack_lvl+0x8c/0xd0
[   22.179438]  print_report+0x118/0x608
[   22.179529]  kasan_report+0xdc/0x128
[   22.179611]  __asan_report_store1_noabort+0x20/0x30
[   22.179749]  krealloc_less_oob_helper+0xa48/0xc50
[   22.179895]  krealloc_less_oob+0x20/0x38
[   22.180004]  kunit_try_run_case+0x170/0x3f0
[   22.180122]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.180239]  kthread+0x328/0x630
[   22.180337]  ret_from_fork+0x10/0x20
[   22.180502] 
[   22.180560] Allocated by task 162:
[   22.180635]  kasan_save_stack+0x3c/0x68
[   22.180739]  kasan_save_track+0x20/0x40
[   22.180838]  kasan_save_alloc_info+0x40/0x58
[   22.180970]  __kasan_krealloc+0x118/0x178
[   22.181099]  krealloc_noprof+0x128/0x360
[   22.181224]  krealloc_less_oob_helper+0x168/0xc50
[   22.181356]  krealloc_less_oob+0x20/0x38
[   22.181462]  kunit_try_run_case+0x170/0x3f0
[   22.181602]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.181758]  kthread+0x328/0x630
[   22.181878]  ret_from_fork+0x10/0x20
[   22.182003] 
[   22.182068] The buggy address belongs to the object at fff00000c57b0c00
[   22.182068]  which belongs to the cache kmalloc-256 of size 256
[   22.182273] The buggy address is located 0 bytes to the right of
[   22.182273]  allocated 201-byte region [fff00000c57b0c00, fff00000c57b0cc9)
[   22.182503] 
[   22.182553] The buggy address belongs to the physical page:
[   22.182630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057b0
[   22.182782] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.182898] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.183032] page_type: f5(slab)
[   22.183143] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.183267] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.183412] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.183590] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.183725] head: 0bfffe0000000001 ffffc1ffc315ec01 00000000ffffffff 00000000ffffffff
[   22.184201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.184291] page dumped because: kasan: bad access detected
[   22.184388] 
[   22.184445] Memory state around the buggy address:
[   22.184521]  fff00000c57b0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.184619]  fff00000c57b0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.184800] >fff00000c57b0c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.184897]                                               ^
[   22.184991]  fff00000c57b0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.185099]  fff00000c57b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.185231] ==================================================================
[   22.205540] ==================================================================
[   22.205667] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   22.205795] Write of size 1 at addr fff00000c57b0cea by task kunit_try_catch/162
[   22.205918] 
[   22.206003] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   22.206207] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.206274] Hardware name: linux,dummy-virt (DT)
[   22.206365] Call trace:
[   22.206476]  show_stack+0x20/0x38 (C)
[   22.206591]  dump_stack_lvl+0x8c/0xd0
[   22.206752]  print_report+0x118/0x608
[   22.207048]  kasan_report+0xdc/0x128
[   22.207282]  __asan_report_store1_noabort+0x20/0x30
[   22.207613]  krealloc_less_oob_helper+0xae4/0xc50
[   22.207732]  krealloc_less_oob+0x20/0x38
[   22.207835]  kunit_try_run_case+0x170/0x3f0
[   22.207972]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.208108]  kthread+0x328/0x630
[   22.208218]  ret_from_fork+0x10/0x20
[   22.208374] 
[   22.208459] Allocated by task 162:
[   22.208538]  kasan_save_stack+0x3c/0x68
[   22.208664]  kasan_save_track+0x20/0x40
[   22.208756]  kasan_save_alloc_info+0x40/0x58
[   22.208871]  __kasan_krealloc+0x118/0x178
[   22.209004]  krealloc_noprof+0x128/0x360
[   22.209119]  krealloc_less_oob_helper+0x168/0xc50
[   22.209247]  krealloc_less_oob+0x20/0x38
[   22.209386]  kunit_try_run_case+0x170/0x3f0
[   22.209498]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.209611]  kthread+0x328/0x630
[   22.209702]  ret_from_fork+0x10/0x20
[   22.209796] 
[   22.209855] The buggy address belongs to the object at fff00000c57b0c00
[   22.209855]  which belongs to the cache kmalloc-256 of size 256
[   22.210023] The buggy address is located 33 bytes to the right of
[   22.210023]  allocated 201-byte region [fff00000c57b0c00, fff00000c57b0cc9)
[   22.210177] 
[   22.210230] The buggy address belongs to the physical page:
[   22.210327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057b0
[   22.210585] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   22.211190] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   22.211429] page_type: f5(slab)
[   22.211607] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.211850] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.211981] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   22.212131] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.212253] head: 0bfffe0000000001 ffffc1ffc315ec01 00000000ffffffff 00000000ffffffff
[   22.212368] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   22.212500] page dumped because: kasan: bad access detected
[   22.212580] 
[   22.212624] Memory state around the buggy address:
[   22.212708]  fff00000c57b0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.212854]  fff00000c57b0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.212985] >fff00000c57b0c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   22.213090]                                                           ^
[   22.213195]  fff00000c57b0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.213306]  fff00000c57b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.213414] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0l1lM4PPUPWLjAP2OyhEuEu2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0l1lM4PPUPWLjAP2OyhEuEu2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/Image.gz
sha256sum	1b531226140e142190e4cd0e4f3862050b0e2c45e059974a53d69b2b25304bf8

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/modules.tar.xz
sha256sum	96aed9ab36b698bb4c9bf06650847db2adf83170cdf96c9ed9e744a15d7b27ec

durations

tests

boot	0
kunit	362.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.414064] ==================================================================
[   13.415101] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   13.415541] Write of size 1 at addr ffff8881029be0c9 by task kunit_try_catch/182
[   13.415905] 
[   13.416050] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.416148] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.416178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.416209] Call Trace:
[   13.416226]  <TASK>
[   13.416248]  dump_stack_lvl+0x73/0xb0
[   13.416283]  print_report+0xd1/0x650
[   13.416309]  ? __virt_addr_valid+0x1db/0x2d0
[   13.416334]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.416369]  ? kasan_addr_to_slab+0x11/0xa0
[   13.416554]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.416955]  kasan_report+0x141/0x180
[   13.417035]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.417095]  __asan_report_store1_noabort+0x1b/0x30
[   13.417135]  krealloc_less_oob_helper+0xd70/0x11d0
[   13.417168]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.417191]  ? finish_task_switch.isra.0+0x153/0x700
[   13.417216]  ? __switch_to+0x5d9/0xf60
[   13.417237]  ? dequeue_task_fair+0x166/0x4e0
[   13.417259]  ? __schedule+0x10cc/0x2b30
[   13.417281]  ? __pfx_read_tsc+0x10/0x10
[   13.417304]  krealloc_large_less_oob+0x1c/0x30
[   13.417325]  kunit_try_run_case+0x1a5/0x480
[   13.417348]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.417368]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.417390]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.417411]  ? __kthread_parkme+0x82/0x180
[   13.417432]  ? preempt_count_sub+0x50/0x80
[   13.417455]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.417476]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.417497]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.417518]  kthread+0x337/0x6f0
[   13.417534]  ? trace_preempt_on+0x20/0xc0
[   13.417576]  ? __pfx_kthread+0x10/0x10
[   13.417602]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.417662]  ? calculate_sigpending+0x7b/0xa0
[   13.417709]  ? __pfx_kthread+0x10/0x10
[   13.417742]  ret_from_fork+0x41/0x80
[   13.417767]  ? __pfx_kthread+0x10/0x10
[   13.417784]  ret_from_fork_asm+0x1a/0x30
[   13.417813]  </TASK>
[   13.417827] 
[   13.431444] The buggy address belongs to the physical page:
[   13.432250] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   13.432714] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.433253] flags: 0x200000000000040(head|node=0|zone=2)
[   13.433449] page_type: f8(unknown)
[   13.433616] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.434456] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.434990] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.435439] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.435719] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   13.435941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.436156] page dumped because: kasan: bad access detected
[   13.436320] 
[   13.436403] Memory state around the buggy address:
[   13.436570]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.436774]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.436980] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.437177]                                               ^
[   13.437347]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.437554]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.437829] ==================================================================
[   13.438383] ==================================================================
[   13.440388] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   13.440675] Write of size 1 at addr ffff8881029be0d0 by task kunit_try_catch/182
[   13.440890] 
[   13.440993] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.441045] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.441058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.441080] Call Trace:
[   13.441094]  <TASK>
[   13.441113]  dump_stack_lvl+0x73/0xb0
[   13.441143]  print_report+0xd1/0x650
[   13.441167]  ? __virt_addr_valid+0x1db/0x2d0
[   13.441189]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.441210]  ? kasan_addr_to_slab+0x11/0xa0
[   13.441230]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.441252]  kasan_report+0x141/0x180
[   13.441273]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.441299]  __asan_report_store1_noabort+0x1b/0x30
[   13.441318]  krealloc_less_oob_helper+0xe23/0x11d0
[   13.441342]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.441364]  ? finish_task_switch.isra.0+0x153/0x700
[   13.441387]  ? __switch_to+0x5d9/0xf60
[   13.441407]  ? dequeue_task_fair+0x166/0x4e0
[   13.441429]  ? __schedule+0x10cc/0x2b30
[   13.441451]  ? __pfx_read_tsc+0x10/0x10
[   13.441473]  krealloc_large_less_oob+0x1c/0x30
[   13.441495]  kunit_try_run_case+0x1a5/0x480
[   13.441520]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.441541]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.441580]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.441604]  ? __kthread_parkme+0x82/0x180
[   13.441625]  ? preempt_count_sub+0x50/0x80
[   13.441648]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.441669]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.441690]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.441712]  kthread+0x337/0x6f0
[   13.441729]  ? trace_preempt_on+0x20/0xc0
[   13.441751]  ? __pfx_kthread+0x10/0x10
[   13.441769]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.441789]  ? calculate_sigpending+0x7b/0xa0
[   13.441810]  ? __pfx_kthread+0x10/0x10
[   13.441828]  ret_from_fork+0x41/0x80
[   13.441847]  ? __pfx_kthread+0x10/0x10
[   13.441864]  ret_from_fork_asm+0x1a/0x30
[   13.441891]  </TASK>
[   13.441903] 
[   13.455448] The buggy address belongs to the physical page:
[   13.456536] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   13.457175] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.457408] flags: 0x200000000000040(head|node=0|zone=2)
[   13.458003] page_type: f8(unknown)
[   13.458168] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.458388] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.459435] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.459806] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.460157] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   13.460696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.461532] page dumped because: kasan: bad access detected
[   13.462035] 
[   13.462286] Memory state around the buggy address:
[   13.462582]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.463577]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.464048] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.464476]                                                  ^
[   13.464830]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.465269]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.465652] ==================================================================
[   13.529199] ==================================================================
[   13.529543] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   13.530472] Write of size 1 at addr ffff8881029be0eb by task kunit_try_catch/182
[   13.531100] 
[   13.531284] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.531370] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.531395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.531433] Call Trace:
[   13.531507]  <TASK>
[   13.531568]  dump_stack_lvl+0x73/0xb0
[   13.531638]  print_report+0xd1/0x650
[   13.531787]  ? __virt_addr_valid+0x1db/0x2d0
[   13.531935]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.531994]  ? kasan_addr_to_slab+0x11/0xa0
[   13.532044]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.532097]  kasan_report+0x141/0x180
[   13.532136]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.532165]  __asan_report_store1_noabort+0x1b/0x30
[   13.532187]  krealloc_less_oob_helper+0xd47/0x11d0
[   13.532213]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.532237]  ? finish_task_switch.isra.0+0x153/0x700
[   13.532263]  ? __switch_to+0x5d9/0xf60
[   13.532284]  ? dequeue_task_fair+0x166/0x4e0
[   13.532308]  ? __schedule+0x10cc/0x2b30
[   13.532331]  ? __pfx_read_tsc+0x10/0x10
[   13.532356]  krealloc_large_less_oob+0x1c/0x30
[   13.532379]  kunit_try_run_case+0x1a5/0x480
[   13.532405]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.532427]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.532450]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.532473]  ? __kthread_parkme+0x82/0x180
[   13.532496]  ? preempt_count_sub+0x50/0x80
[   13.532520]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.532542]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.532588]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.532623]  kthread+0x337/0x6f0
[   13.532656]  ? trace_preempt_on+0x20/0xc0
[   13.532691]  ? __pfx_kthread+0x10/0x10
[   13.532718]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.532747]  ? calculate_sigpending+0x7b/0xa0
[   13.532778]  ? __pfx_kthread+0x10/0x10
[   13.532806]  ret_from_fork+0x41/0x80
[   13.532836]  ? __pfx_kthread+0x10/0x10
[   13.532863]  ret_from_fork_asm+0x1a/0x30
[   13.532907]  </TASK>
[   13.532926] 
[   13.545943] The buggy address belongs to the physical page:
[   13.546419] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   13.547178] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.547610] flags: 0x200000000000040(head|node=0|zone=2)
[   13.548184] page_type: f8(unknown)
[   13.548418] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.549322] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.549682] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.550579] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.550958] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   13.551533] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.552299] page dumped because: kasan: bad access detected
[   13.552596] 
[   13.552979] Memory state around the buggy address:
[   13.553215]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.553733]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.554028] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.554493]                                                           ^
[   13.555610]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.556542]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.557186] ==================================================================
[   13.161550] ==================================================================
[   13.162313] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   13.162593] Write of size 1 at addr ffff8881003412c9 by task kunit_try_catch/178
[   13.162890] 
[   13.163041] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.163104] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.163119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.163154] Call Trace:
[   13.163181]  <TASK>
[   13.163218]  dump_stack_lvl+0x73/0xb0
[   13.163284]  print_report+0xd1/0x650
[   13.163331]  ? __virt_addr_valid+0x1db/0x2d0
[   13.163376]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.163417]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.163461]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.163508]  kasan_report+0x141/0x180
[   13.163552]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.164284]  __asan_report_store1_noabort+0x1b/0x30
[   13.164328]  krealloc_less_oob_helper+0xd70/0x11d0
[   13.164357]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.164382]  ? finish_task_switch.isra.0+0x153/0x700
[   13.164410]  ? __switch_to+0x5d9/0xf60
[   13.164433]  ? dequeue_task_fair+0x166/0x4e0
[   13.164458]  ? __schedule+0x10cc/0x2b30
[   13.164480]  ? __pfx_read_tsc+0x10/0x10
[   13.164504]  krealloc_less_oob+0x1c/0x30
[   13.164525]  kunit_try_run_case+0x1a5/0x480
[   13.164552]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.164587]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.164620]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.164667]  ? __kthread_parkme+0x82/0x180
[   13.164697]  ? preempt_count_sub+0x50/0x80
[   13.164720]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.164743]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.164765]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.164786]  kthread+0x337/0x6f0
[   13.164803]  ? trace_preempt_on+0x20/0xc0
[   13.164827]  ? __pfx_kthread+0x10/0x10
[   13.164845]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.164865]  ? calculate_sigpending+0x7b/0xa0
[   13.164887]  ? __pfx_kthread+0x10/0x10
[   13.164904]  ret_from_fork+0x41/0x80
[   13.164924]  ? __pfx_kthread+0x10/0x10
[   13.164941]  ret_from_fork_asm+0x1a/0x30
[   13.164970]  </TASK>
[   13.164983] 
[   13.177739] Allocated by task 178:
[   13.178009]  kasan_save_stack+0x45/0x70
[   13.178269]  kasan_save_track+0x18/0x40
[   13.178516]  kasan_save_alloc_info+0x3b/0x50
[   13.179826]  __kasan_krealloc+0x190/0x1f0
[   13.180246]  krealloc_noprof+0xf3/0x340
[   13.180536]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.181394]  krealloc_less_oob+0x1c/0x30
[   13.181973]  kunit_try_run_case+0x1a5/0x480
[   13.182276]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.182464]  kthread+0x337/0x6f0
[   13.182721]  ret_from_fork+0x41/0x80
[   13.183503]  ret_from_fork_asm+0x1a/0x30
[   13.184079] 
[   13.184195] The buggy address belongs to the object at ffff888100341200
[   13.184195]  which belongs to the cache kmalloc-256 of size 256
[   13.185097] The buggy address is located 0 bytes to the right of
[   13.185097]  allocated 201-byte region [ffff888100341200, ffff8881003412c9)
[   13.185989] 
[   13.186182] The buggy address belongs to the physical page:
[   13.186589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.186891] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.187195] flags: 0x200000000000040(head|node=0|zone=2)
[   13.187401] page_type: f5(slab)
[   13.187534] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.187940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.188162] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.188380] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.189859] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.190117] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.190336] page dumped because: kasan: bad access detected
[   13.190505] 
[   13.190606] Memory state around the buggy address:
[   13.190796]  ffff888100341180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.191053]  ffff888100341200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.192354] >ffff888100341280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.193142]                                               ^
[   13.193408]  ffff888100341300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.193857]  ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.194431] ==================================================================
[   13.494428] ==================================================================
[   13.495068] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   13.495520] Write of size 1 at addr ffff8881029be0ea by task kunit_try_catch/182
[   13.496115] 
[   13.496335] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.496450] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.496477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.496517] Call Trace:
[   13.496553]  <TASK>
[   13.496596]  dump_stack_lvl+0x73/0xb0
[   13.497193]  print_report+0xd1/0x650
[   13.498148]  ? __virt_addr_valid+0x1db/0x2d0
[   13.498237]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.498723]  ? kasan_addr_to_slab+0x11/0xa0
[   13.498763]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.498801]  kasan_report+0x141/0x180
[   13.498841]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.498886]  __asan_report_store1_noabort+0x1b/0x30
[   13.498918]  krealloc_less_oob_helper+0xe90/0x11d0
[   13.498955]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.498990]  ? finish_task_switch.isra.0+0x153/0x700
[   13.499025]  ? __switch_to+0x5d9/0xf60
[   13.499053]  ? dequeue_task_fair+0x166/0x4e0
[   13.499089]  ? __schedule+0x10cc/0x2b30
[   13.499140]  ? __pfx_read_tsc+0x10/0x10
[   13.499187]  krealloc_large_less_oob+0x1c/0x30
[   13.499229]  kunit_try_run_case+0x1a5/0x480
[   13.499275]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.499310]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.499343]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.499377]  ? __kthread_parkme+0x82/0x180
[   13.499410]  ? preempt_count_sub+0x50/0x80
[   13.499627]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.499677]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.499722]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.499763]  kthread+0x337/0x6f0
[   13.499797]  ? trace_preempt_on+0x20/0xc0
[   13.499841]  ? __pfx_kthread+0x10/0x10
[   13.499876]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.499915]  ? calculate_sigpending+0x7b/0xa0
[   13.499955]  ? __pfx_kthread+0x10/0x10
[   13.499992]  ret_from_fork+0x41/0x80
[   13.500031]  ? __pfx_kthread+0x10/0x10
[   13.500064]  ret_from_fork_asm+0x1a/0x30
[   13.500117]  </TASK>
[   13.500141] 
[   13.518284] The buggy address belongs to the physical page:
[   13.518483] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   13.519983] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.520234] flags: 0x200000000000040(head|node=0|zone=2)
[   13.520418] page_type: f8(unknown)
[   13.520554] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.521123] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.521363] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.521586] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.522241] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   13.523213] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.523781] page dumped because: kasan: bad access detected
[   13.524004] 
[   13.524386] Memory state around the buggy address:
[   13.524926]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.525916]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.526158] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.526768]                                                           ^
[   13.527311]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.527624]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.528251] ==================================================================
[   13.270268] ==================================================================
[   13.270510] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   13.270795] Write of size 1 at addr ffff8881003412ea by task kunit_try_catch/178
[   13.271316] 
[   13.271446] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.271507] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.271521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.271546] Call Trace:
[   13.271582]  <TASK>
[   13.271611]  dump_stack_lvl+0x73/0xb0
[   13.271669]  print_report+0xd1/0x650
[   13.271708]  ? __virt_addr_valid+0x1db/0x2d0
[   13.271747]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.271777]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.271802]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.271828]  kasan_report+0x141/0x180
[   13.271852]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.271883]  __asan_report_store1_noabort+0x1b/0x30
[   13.271905]  krealloc_less_oob_helper+0xe90/0x11d0
[   13.271933]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.271957]  ? finish_task_switch.isra.0+0x153/0x700
[   13.271981]  ? __switch_to+0x5d9/0xf60
[   13.272001]  ? dequeue_task_fair+0x166/0x4e0
[   13.272025]  ? __schedule+0x10cc/0x2b30
[   13.272047]  ? __pfx_read_tsc+0x10/0x10
[   13.272071]  krealloc_less_oob+0x1c/0x30
[   13.272093]  kunit_try_run_case+0x1a5/0x480
[   13.272118]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.272139]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.272163]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.272184]  ? __kthread_parkme+0x82/0x180
[   13.272206]  ? preempt_count_sub+0x50/0x80
[   13.272230]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.272252]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.272273]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.272295]  kthread+0x337/0x6f0
[   13.272312]  ? trace_preempt_on+0x20/0xc0
[   13.272335]  ? __pfx_kthread+0x10/0x10
[   13.272353]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.272373]  ? calculate_sigpending+0x7b/0xa0
[   13.272394]  ? __pfx_kthread+0x10/0x10
[   13.272412]  ret_from_fork+0x41/0x80
[   13.272433]  ? __pfx_kthread+0x10/0x10
[   13.272450]  ret_from_fork_asm+0x1a/0x30
[   13.272480]  </TASK>
[   13.272493] 
[   13.289260] Allocated by task 178:
[   13.289534]  kasan_save_stack+0x45/0x70
[   13.289837]  kasan_save_track+0x18/0x40
[   13.290110]  kasan_save_alloc_info+0x3b/0x50
[   13.290444]  __kasan_krealloc+0x190/0x1f0
[   13.290886]  krealloc_noprof+0xf3/0x340
[   13.291127]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.291363]  krealloc_less_oob+0x1c/0x30
[   13.291593]  kunit_try_run_case+0x1a5/0x480
[   13.292070]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.292671]  kthread+0x337/0x6f0
[   13.293014]  ret_from_fork+0x41/0x80
[   13.293321]  ret_from_fork_asm+0x1a/0x30
[   13.293521] 
[   13.293982] The buggy address belongs to the object at ffff888100341200
[   13.293982]  which belongs to the cache kmalloc-256 of size 256
[   13.295107] The buggy address is located 33 bytes to the right of
[   13.295107]  allocated 201-byte region [ffff888100341200, ffff8881003412c9)
[   13.295711] 
[   13.295843] The buggy address belongs to the physical page:
[   13.296430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.297073] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.297340] flags: 0x200000000000040(head|node=0|zone=2)
[   13.297898] page_type: f5(slab)
[   13.298284] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.299231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.299539] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.300101] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.301401] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.301799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.302228] page dumped because: kasan: bad access detected
[   13.302515] 
[   13.302686] Memory state around the buggy address:
[   13.303059]  ffff888100341180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.303340]  ffff888100341200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.303904] >ffff888100341280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.304318]                                                           ^
[   13.305636]  ffff888100341300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.305910]  ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.306475] ==================================================================
[   13.230329] ==================================================================
[   13.230827] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   13.231434] Write of size 1 at addr ffff8881003412da by task kunit_try_catch/178
[   13.232524] 
[   13.233532] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.234073] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.234112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.234151] Call Trace:
[   13.234190]  <TASK>
[   13.234224]  dump_stack_lvl+0x73/0xb0
[   13.234284]  print_report+0xd1/0x650
[   13.234325]  ? __virt_addr_valid+0x1db/0x2d0
[   13.234363]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.234403]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.234442]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.234482]  kasan_report+0x141/0x180
[   13.234520]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.235044]  __asan_report_store1_noabort+0x1b/0x30
[   13.235148]  krealloc_less_oob_helper+0xec6/0x11d0
[   13.235204]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.235248]  ? finish_task_switch.isra.0+0x153/0x700
[   13.235291]  ? __switch_to+0x5d9/0xf60
[   13.235326]  ? dequeue_task_fair+0x166/0x4e0
[   13.235362]  ? __schedule+0x10cc/0x2b30
[   13.235397]  ? __pfx_read_tsc+0x10/0x10
[   13.235432]  krealloc_less_oob+0x1c/0x30
[   13.235466]  kunit_try_run_case+0x1a5/0x480
[   13.235507]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.235544]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.235604]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.235643]  ? __kthread_parkme+0x82/0x180
[   13.235683]  ? preempt_count_sub+0x50/0x80
[   13.235721]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.235757]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.235790]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.235824]  kthread+0x337/0x6f0
[   13.235850]  ? trace_preempt_on+0x20/0xc0
[   13.235884]  ? __pfx_kthread+0x10/0x10
[   13.235915]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.235937]  ? calculate_sigpending+0x7b/0xa0
[   13.235959]  ? __pfx_kthread+0x10/0x10
[   13.235978]  ret_from_fork+0x41/0x80
[   13.235999]  ? __pfx_kthread+0x10/0x10
[   13.236017]  ret_from_fork_asm+0x1a/0x30
[   13.236049]  </TASK>
[   13.236063] 
[   13.253176] Allocated by task 178:
[   13.253530]  kasan_save_stack+0x45/0x70
[   13.253725]  kasan_save_track+0x18/0x40
[   13.254498]  kasan_save_alloc_info+0x3b/0x50
[   13.254831]  __kasan_krealloc+0x190/0x1f0
[   13.255004]  krealloc_noprof+0xf3/0x340
[   13.255163]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.255290]  krealloc_less_oob+0x1c/0x30
[   13.255385]  kunit_try_run_case+0x1a5/0x480
[   13.255482]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.255628]  kthread+0x337/0x6f0
[   13.255771]  ret_from_fork+0x41/0x80
[   13.255911]  ret_from_fork_asm+0x1a/0x30
[   13.256167] 
[   13.256353] The buggy address belongs to the object at ffff888100341200
[   13.256353]  which belongs to the cache kmalloc-256 of size 256
[   13.257355] The buggy address is located 17 bytes to the right of
[   13.257355]  allocated 201-byte region [ffff888100341200, ffff8881003412c9)
[   13.258418] 
[   13.258629] The buggy address belongs to the physical page:
[   13.259119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.259821] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.260355] flags: 0x200000000000040(head|node=0|zone=2)
[   13.260900] page_type: f5(slab)
[   13.261177] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.261911] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.262509] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.263105] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.263697] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.264163] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.264458] page dumped because: kasan: bad access detected
[   13.265190] 
[   13.265313] Memory state around the buggy address:
[   13.265739]  ffff888100341180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.266283]  ffff888100341200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.266986] >ffff888100341280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.267567]                                                     ^
[   13.268155]  ffff888100341300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.268539]  ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.269620] ==================================================================
[   13.195115] ==================================================================
[   13.195308] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   13.195477] Write of size 1 at addr ffff8881003412d0 by task kunit_try_catch/178
[   13.195768] 
[   13.197236] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.197391] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.197420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.197454] Call Trace:
[   13.197492]  <TASK>
[   13.197526]  dump_stack_lvl+0x73/0xb0
[   13.197597]  print_report+0xd1/0x650
[   13.198025]  ? __virt_addr_valid+0x1db/0x2d0
[   13.198052]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.198076]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.198097]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.198120]  kasan_report+0x141/0x180
[   13.198141]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.198168]  __asan_report_store1_noabort+0x1b/0x30
[   13.198187]  krealloc_less_oob_helper+0xe23/0x11d0
[   13.198212]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.198235]  ? finish_task_switch.isra.0+0x153/0x700
[   13.198258]  ? __switch_to+0x5d9/0xf60
[   13.198277]  ? dequeue_task_fair+0x166/0x4e0
[   13.198300]  ? __schedule+0x10cc/0x2b30
[   13.198322]  ? __pfx_read_tsc+0x10/0x10
[   13.198344]  krealloc_less_oob+0x1c/0x30
[   13.198365]  kunit_try_run_case+0x1a5/0x480
[   13.198388]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.198408]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.198431]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.198452]  ? __kthread_parkme+0x82/0x180
[   13.198473]  ? preempt_count_sub+0x50/0x80
[   13.198497]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.198518]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.198539]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.198581]  kthread+0x337/0x6f0
[   13.198606]  ? trace_preempt_on+0x20/0xc0
[   13.198671]  ? __pfx_kthread+0x10/0x10
[   13.198700]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.198733]  ? calculate_sigpending+0x7b/0xa0
[   13.198761]  ? __pfx_kthread+0x10/0x10
[   13.198779]  ret_from_fork+0x41/0x80
[   13.198800]  ? __pfx_kthread+0x10/0x10
[   13.198817]  ret_from_fork_asm+0x1a/0x30
[   13.198847]  </TASK>
[   13.198861] 
[   13.210076] Allocated by task 178:
[   13.210739]  kasan_save_stack+0x45/0x70
[   13.211336]  kasan_save_track+0x18/0x40
[   13.212011]  kasan_save_alloc_info+0x3b/0x50
[   13.212427]  __kasan_krealloc+0x190/0x1f0
[   13.212960]  krealloc_noprof+0xf3/0x340
[   13.213262]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.213625]  krealloc_less_oob+0x1c/0x30
[   13.214076]  kunit_try_run_case+0x1a5/0x480
[   13.214375]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.214919]  kthread+0x337/0x6f0
[   13.215546]  ret_from_fork+0x41/0x80
[   13.215974]  ret_from_fork_asm+0x1a/0x30
[   13.216167] 
[   13.216249] The buggy address belongs to the object at ffff888100341200
[   13.216249]  which belongs to the cache kmalloc-256 of size 256
[   13.216600] The buggy address is located 7 bytes to the right of
[   13.216600]  allocated 201-byte region [ffff888100341200, ffff8881003412c9)
[   13.217966] 
[   13.218266] The buggy address belongs to the physical page:
[   13.219051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.219742] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.220117] flags: 0x200000000000040(head|node=0|zone=2)
[   13.220396] page_type: f5(slab)
[   13.220681] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.221515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.222198] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.222439] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.223449] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.224085] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.224606] page dumped because: kasan: bad access detected
[   13.224828] 
[   13.224987] Memory state around the buggy address:
[   13.225251]  ffff888100341180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.225536]  ffff888100341200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.226618] >ffff888100341280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.227447]                                                  ^
[   13.228061]  ffff888100341300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.228586]  ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.229008] ==================================================================
[   13.467549] ==================================================================
[   13.468017] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   13.468502] Write of size 1 at addr ffff8881029be0da by task kunit_try_catch/182
[   13.469249] 
[   13.469847] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.469911] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.469924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.469946] Call Trace:
[   13.469964]  <TASK>
[   13.469984]  dump_stack_lvl+0x73/0xb0
[   13.470021]  print_report+0xd1/0x650
[   13.470044]  ? __virt_addr_valid+0x1db/0x2d0
[   13.470065]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.470086]  ? kasan_addr_to_slab+0x11/0xa0
[   13.470106]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.470127]  kasan_report+0x141/0x180
[   13.470148]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.470174]  __asan_report_store1_noabort+0x1b/0x30
[   13.470193]  krealloc_less_oob_helper+0xec6/0x11d0
[   13.470216]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.470238]  ? finish_task_switch.isra.0+0x153/0x700
[   13.470260]  ? __switch_to+0x5d9/0xf60
[   13.470279]  ? dequeue_task_fair+0x166/0x4e0
[   13.470301]  ? __schedule+0x10cc/0x2b30
[   13.470322]  ? __pfx_read_tsc+0x10/0x10
[   13.470343]  krealloc_large_less_oob+0x1c/0x30
[   13.470364]  kunit_try_run_case+0x1a5/0x480
[   13.470386]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.470406]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.470426]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.470446]  ? __kthread_parkme+0x82/0x180
[   13.470466]  ? preempt_count_sub+0x50/0x80
[   13.470488]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.470508]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.470529]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.470549]  kthread+0x337/0x6f0
[   13.470589]  ? trace_preempt_on+0x20/0xc0
[   13.470625]  ? __pfx_kthread+0x10/0x10
[   13.470656]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.470692]  ? calculate_sigpending+0x7b/0xa0
[   13.470727]  ? __pfx_kthread+0x10/0x10
[   13.471193]  ret_from_fork+0x41/0x80
[   13.471224]  ? __pfx_kthread+0x10/0x10
[   13.471243]  ret_from_fork_asm+0x1a/0x30
[   13.471274]  </TASK>
[   13.471287] 
[   13.482835] The buggy address belongs to the physical page:
[   13.483285] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029bc
[   13.484375] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.485039] flags: 0x200000000000040(head|node=0|zone=2)
[   13.485502] page_type: f8(unknown)
[   13.485934] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.486779] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.487229] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.487749] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.488089] head: 0200000000000002 ffffea00040a6f01 00000000ffffffff 00000000ffffffff
[   13.488425] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.489226] page dumped because: kasan: bad access detected
[   13.489583] 
[   13.489931] Memory state around the buggy address:
[   13.490278]  ffff8881029bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.490941]  ffff8881029be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.491333] >ffff8881029be080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.492036]                                                     ^
[   13.492310]  ffff8881029be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.493201]  ffff8881029be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.493526] ==================================================================
[   13.307309] ==================================================================
[   13.307879] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   13.308539] Write of size 1 at addr ffff8881003412eb by task kunit_try_catch/178
[   13.309423] 
[   13.309651] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   13.309740] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.309764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.309802] Call Trace:
[   13.309841]  <TASK>
[   13.309880]  dump_stack_lvl+0x73/0xb0
[   13.309943]  print_report+0xd1/0x650
[   13.309990]  ? __virt_addr_valid+0x1db/0x2d0
[   13.310035]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.310079]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.310294]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.310347]  kasan_report+0x141/0x180
[   13.310396]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.310458]  __asan_report_store1_noabort+0x1b/0x30
[   13.310501]  krealloc_less_oob_helper+0xd47/0x11d0
[   13.310546]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.310595]  ? finish_task_switch.isra.0+0x153/0x700
[   13.310688]  ? __switch_to+0x5d9/0xf60
[   13.310740]  ? dequeue_task_fair+0x166/0x4e0
[   13.310769]  ? __schedule+0x10cc/0x2b30
[   13.310793]  ? __pfx_read_tsc+0x10/0x10
[   13.310817]  krealloc_less_oob+0x1c/0x30
[   13.310841]  kunit_try_run_case+0x1a5/0x480
[   13.310866]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.310888]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.310912]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.310935]  ? __kthread_parkme+0x82/0x180
[   13.310957]  ? preempt_count_sub+0x50/0x80
[   13.310982]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.311005]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.311027]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.311049]  kthread+0x337/0x6f0
[   13.311067]  ? trace_preempt_on+0x20/0xc0
[   13.311090]  ? __pfx_kthread+0x10/0x10
[   13.311108]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.311129]  ? calculate_sigpending+0x7b/0xa0
[   13.311165]  ? __pfx_kthread+0x10/0x10
[   13.311184]  ret_from_fork+0x41/0x80
[   13.311206]  ? __pfx_kthread+0x10/0x10
[   13.311225]  ret_from_fork_asm+0x1a/0x30
[   13.311258]  </TASK>
[   13.311272] 
[   13.324157] Allocated by task 178:
[   13.324310]  kasan_save_stack+0x45/0x70
[   13.324469]  kasan_save_track+0x18/0x40
[   13.324978]  kasan_save_alloc_info+0x3b/0x50
[   13.325968]  __kasan_krealloc+0x190/0x1f0
[   13.326232]  krealloc_noprof+0xf3/0x340
[   13.326532]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.326813]  krealloc_less_oob+0x1c/0x30
[   13.328050]  kunit_try_run_case+0x1a5/0x480
[   13.328356]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.329090]  kthread+0x337/0x6f0
[   13.329379]  ret_from_fork+0x41/0x80
[   13.329769]  ret_from_fork_asm+0x1a/0x30
[   13.329995] 
[   13.330179] The buggy address belongs to the object at ffff888100341200
[   13.330179]  which belongs to the cache kmalloc-256 of size 256
[   13.331194] The buggy address is located 34 bytes to the right of
[   13.331194]  allocated 201-byte region [ffff888100341200, ffff8881003412c9)
[   13.331992] 
[   13.332204] The buggy address belongs to the physical page:
[   13.332693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.333237] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.333787] flags: 0x200000000000040(head|node=0|zone=2)
[   13.334339] page_type: f5(slab)
[   13.334515] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.335038] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.336242] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.337041] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.337352] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.337932] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.338578] page dumped because: kasan: bad access detected
[   13.339067] 
[   13.339296] Memory state around the buggy address:
[   13.339511]  ffff888100341180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.340404]  ffff888100341200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.340992] >ffff888100341280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.341641]                                                           ^
[   13.342234]  ffff888100341300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.342477]  ffff888100341380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.343140] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0mjaDXA0CwqutKjQjRIFyOIe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0mjaDXA0CwqutKjQjRIFyOIe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/bzImage
sha256sum	47ba1de281267f956a3a48f9181f4c477feef4bcb70a0c3d7e92edaf4b0c05cf

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/modules.tar.xz
sha256sum	8e7e333ca033c5e02b3a17a5149fd9967683e83e27203dc8ee3885518ea01f50

durations

tests

boot	0
kunit	394.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit