lkft/linux-stable-rc-linux-6.15.y - v6.15.3-589-g0e4c88a0cd37 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 24, 2025, 12:47 p.m.

Environment
qemu-arm64
qemu-x86_64

[   23.702063] ==================================================================
[   23.702219] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   23.702327] Write of size 1 at addr fff00000c77e20eb by task kunit_try_catch/164
[   23.702465] 
[   23.702528] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.702729] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.702809] Hardware name: linux,dummy-virt (DT)
[   23.702929] Call trace:
[   23.702990]  show_stack+0x20/0x38 (C)
[   23.703127]  dump_stack_lvl+0x8c/0xd0
[   23.703455]  print_report+0x118/0x608
[   23.703573]  kasan_report+0xdc/0x128
[   23.703682]  __asan_report_store1_noabort+0x20/0x30
[   23.703809]  krealloc_less_oob_helper+0xa58/0xc50
[   23.703925]  krealloc_large_less_oob+0x20/0x38
[   23.704045]  kunit_try_run_case+0x170/0x3f0
[   23.704376]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.704538]  kthread+0x328/0x630
[   23.704653]  ret_from_fork+0x10/0x20
[   23.704766] 
[   23.704811] The buggy address belongs to the physical page:
[   23.704878] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   23.704995] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.705103] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.705218] page_type: f8(unknown)
[   23.705304] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.705449] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.705635] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.705776] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.705979] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   23.706123] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.706237] page dumped because: kasan: bad access detected
[   23.706320] 
[   23.706367] Memory state around the buggy address:
[   23.706537]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.706656]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.706820] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.706926]                                                           ^
[   23.707026]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.707178]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.707277] ==================================================================
[   23.683774] ==================================================================
[   23.683872] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   23.683991] Write of size 1 at addr fff00000c77e20da by task kunit_try_catch/164
[   23.684127] 
[   23.684847] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.685061] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.685135] Hardware name: linux,dummy-virt (DT)
[   23.685243] Call trace:
[   23.685301]  show_stack+0x20/0x38 (C)
[   23.685568]  dump_stack_lvl+0x8c/0xd0
[   23.686144]  print_report+0x118/0x608
[   23.686680]  kasan_report+0xdc/0x128
[   23.686804]  __asan_report_store1_noabort+0x20/0x30
[   23.687114]  krealloc_less_oob_helper+0xa80/0xc50
[   23.687301]  krealloc_large_less_oob+0x20/0x38
[   23.687456]  kunit_try_run_case+0x170/0x3f0
[   23.687609]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.687818]  kthread+0x328/0x630
[   23.688093]  ret_from_fork+0x10/0x20
[   23.688415] 
[   23.688489] The buggy address belongs to the physical page:
[   23.688571] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   23.688707] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.688873] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.689011] page_type: f8(unknown)
[   23.689117] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.689976] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.690120] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.690255] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.690406] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   23.690832] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.690993] page dumped because: kasan: bad access detected
[   23.691141] 
[   23.691213] Memory state around the buggy address:
[   23.691360]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.691507]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.691906] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.692060]                                                     ^
[   23.692174]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.692468]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.692684] ==================================================================
[   23.657960] ==================================================================
[   23.658067] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   23.658184] Write of size 1 at addr fff00000c77e20c9 by task kunit_try_catch/164
[   23.658317] 
[   23.658414] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.658809] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.659005] Hardware name: linux,dummy-virt (DT)
[   23.659215] Call trace:
[   23.659271]  show_stack+0x20/0x38 (C)
[   23.659404]  dump_stack_lvl+0x8c/0xd0
[   23.659528]  print_report+0x118/0x608
[   23.659641]  kasan_report+0xdc/0x128
[   23.659748]  __asan_report_store1_noabort+0x20/0x30
[   23.659866]  krealloc_less_oob_helper+0xa48/0xc50
[   23.659980]  krealloc_large_less_oob+0x20/0x38
[   23.660422]  kunit_try_run_case+0x170/0x3f0
[   23.660842]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.661179]  kthread+0x328/0x630
[   23.661322]  ret_from_fork+0x10/0x20
[   23.661778] 
[   23.662035] The buggy address belongs to the physical page:
[   23.662137] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   23.663075] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.663307] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.663448] page_type: f8(unknown)
[   23.664356] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.664846] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.665938] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.666133] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.666254] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   23.666374] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.667708] page dumped because: kasan: bad access detected
[   23.668092] 
[   23.668142] Memory state around the buggy address:
[   23.668216]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.668321]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.668440] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.669059]                                               ^
[   23.669847]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.670803]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.670906] ==================================================================
[   23.561082] ==================================================================
[   23.561180] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   23.561282] Write of size 1 at addr fff00000c1921ada by task kunit_try_catch/160
[   23.561414] 
[   23.561482] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.561671] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.561734] Hardware name: linux,dummy-virt (DT)
[   23.561805] Call trace:
[   23.561867]  show_stack+0x20/0x38 (C)
[   23.562203]  dump_stack_lvl+0x8c/0xd0
[   23.562457]  print_report+0x118/0x608
[   23.562730]  kasan_report+0xdc/0x128
[   23.562844]  __asan_report_store1_noabort+0x20/0x30
[   23.562984]  krealloc_less_oob_helper+0xa80/0xc50
[   23.563121]  krealloc_less_oob+0x20/0x38
[   23.564520]  kunit_try_run_case+0x170/0x3f0
[   23.564761]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.565133]  kthread+0x328/0x630
[   23.565288]  ret_from_fork+0x10/0x20
[   23.565632] 
[   23.565760] Allocated by task 160:
[   23.565865]  kasan_save_stack+0x3c/0x68
[   23.565977]  kasan_save_track+0x20/0x40
[   23.566074]  kasan_save_alloc_info+0x40/0x58
[   23.566181]  __kasan_krealloc+0x118/0x178
[   23.566393]  krealloc_noprof+0x128/0x360
[   23.566506]  krealloc_less_oob_helper+0x168/0xc50
[   23.566620]  krealloc_less_oob+0x20/0x38
[   23.567183]  kunit_try_run_case+0x170/0x3f0
[   23.567295]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.567839]  kthread+0x328/0x630
[   23.568132]  ret_from_fork+0x10/0x20
[   23.568393] 
[   23.568463] The buggy address belongs to the object at fff00000c1921a00
[   23.568463]  which belongs to the cache kmalloc-256 of size 256
[   23.568606] The buggy address is located 17 bytes to the right of
[   23.568606]  allocated 201-byte region [fff00000c1921a00, fff00000c1921ac9)
[   23.568761] 
[   23.568809] The buggy address belongs to the physical page:
[   23.569455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101920
[   23.569595] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.569720] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.569900] page_type: f5(slab)
[   23.570202] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.570333] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.571030] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.571168] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.571913] head: 0bfffe0000000001 ffffc1ffc3064801 00000000ffffffff 00000000ffffffff
[   23.572037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.572830] page dumped because: kasan: bad access detected
[   23.573269] 
[   23.573396] Memory state around the buggy address:
[   23.573482]  fff00000c1921980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.574327]  fff00000c1921a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.575193] >fff00000c1921a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.575434]                                                     ^
[   23.575524]  fff00000c1921b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.575626]  fff00000c1921b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.575720] ==================================================================
[   23.594807] ==================================================================
[   23.594904] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   23.595011] Write of size 1 at addr fff00000c1921aeb by task kunit_try_catch/160
[   23.595126] 
[   23.595189] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.595373] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.595463] Hardware name: linux,dummy-virt (DT)
[   23.595534] Call trace:
[   23.595581]  show_stack+0x20/0x38 (C)
[   23.595699]  dump_stack_lvl+0x8c/0xd0
[   23.595823]  print_report+0x118/0x608
[   23.595932]  kasan_report+0xdc/0x128
[   23.596039]  __asan_report_store1_noabort+0x20/0x30
[   23.596550]  krealloc_less_oob_helper+0xa58/0xc50
[   23.596705]  krealloc_less_oob+0x20/0x38
[   23.596953]  kunit_try_run_case+0x170/0x3f0
[   23.597122]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.597521]  kthread+0x328/0x630
[   23.597701]  ret_from_fork+0x10/0x20
[   23.598027] 
[   23.598091] Allocated by task 160:
[   23.598242]  kasan_save_stack+0x3c/0x68
[   23.598336]  kasan_save_track+0x20/0x40
[   23.598452]  kasan_save_alloc_info+0x40/0x58
[   23.598563]  __kasan_krealloc+0x118/0x178
[   23.598768]  krealloc_noprof+0x128/0x360
[   23.598980]  krealloc_less_oob_helper+0x168/0xc50
[   23.599091]  krealloc_less_oob+0x20/0x38
[   23.599192]  kunit_try_run_case+0x170/0x3f0
[   23.599313]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.599657]  kthread+0x328/0x630
[   23.599776]  ret_from_fork+0x10/0x20
[   23.599880] 
[   23.599932] The buggy address belongs to the object at fff00000c1921a00
[   23.599932]  which belongs to the cache kmalloc-256 of size 256
[   23.600192] The buggy address is located 34 bytes to the right of
[   23.600192]  allocated 201-byte region [fff00000c1921a00, fff00000c1921ac9)
[   23.600398] 
[   23.600464] The buggy address belongs to the physical page:
[   23.600566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101920
[   23.600786] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.600938] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.601063] page_type: f5(slab)
[   23.601229] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.601357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.601501] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.601673] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.601884] head: 0bfffe0000000001 ffffc1ffc3064801 00000000ffffffff 00000000ffffffff
[   23.602045] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.602184] page dumped because: kasan: bad access detected
[   23.602321] 
[   23.602428] Memory state around the buggy address:
[   23.602504]  fff00000c1921980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.602617]  fff00000c1921a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.602851] >fff00000c1921a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.602947]                                                           ^
[   23.603035]  fff00000c1921b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.603165]  fff00000c1921b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.603263] ==================================================================
[   23.694609] ==================================================================
[   23.694699] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   23.694799] Write of size 1 at addr fff00000c77e20ea by task kunit_try_catch/164
[   23.694911] 
[   23.694972] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.695157] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.695221] Hardware name: linux,dummy-virt (DT)
[   23.695290] Call trace:
[   23.695336]  show_stack+0x20/0x38 (C)
[   23.695473]  dump_stack_lvl+0x8c/0xd0
[   23.696813]  print_report+0x118/0x608
[   23.696921]  kasan_report+0xdc/0x128
[   23.697050]  __asan_report_store1_noabort+0x20/0x30
[   23.697196]  krealloc_less_oob_helper+0xae4/0xc50
[   23.697332]  krealloc_large_less_oob+0x20/0x38
[   23.697564]  kunit_try_run_case+0x170/0x3f0
[   23.697701]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.697833]  kthread+0x328/0x630
[   23.697962]  ret_from_fork+0x10/0x20
[   23.698148] 
[   23.698198] The buggy address belongs to the physical page:
[   23.698352] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   23.698496] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.698605] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.698728] page_type: f8(unknown)
[   23.698814] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.699167] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.699315] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.699509] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.699719] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   23.699885] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.699996] page dumped because: kasan: bad access detected
[   23.700081] 
[   23.700150] Memory state around the buggy address:
[   23.700234]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.700426]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.700650] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.700749]                                                           ^
[   23.700842]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.700945]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.701039] ==================================================================
[   23.549563] ==================================================================
[   23.549674] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   23.549995] Write of size 1 at addr fff00000c1921ad0 by task kunit_try_catch/160
[   23.550115] 
[   23.550189] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.550398] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.550475] Hardware name: linux,dummy-virt (DT)
[   23.550563] Call trace:
[   23.550620]  show_stack+0x20/0x38 (C)
[   23.550742]  dump_stack_lvl+0x8c/0xd0
[   23.550862]  print_report+0x118/0x608
[   23.550972]  kasan_report+0xdc/0x128
[   23.551078]  __asan_report_store1_noabort+0x20/0x30
[   23.551197]  krealloc_less_oob_helper+0xb9c/0xc50
[   23.551310]  krealloc_less_oob+0x20/0x38
[   23.551696]  kunit_try_run_case+0x170/0x3f0
[   23.552511]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.552728]  kthread+0x328/0x630
[   23.553086]  ret_from_fork+0x10/0x20
[   23.553242] 
[   23.553336] Allocated by task 160:
[   23.553477]  kasan_save_stack+0x3c/0x68
[   23.553676]  kasan_save_track+0x20/0x40
[   23.553767]  kasan_save_alloc_info+0x40/0x58
[   23.553869]  __kasan_krealloc+0x118/0x178
[   23.554048]  krealloc_noprof+0x128/0x360
[   23.554173]  krealloc_less_oob_helper+0x168/0xc50
[   23.554264]  krealloc_less_oob+0x20/0x38
[   23.554357]  kunit_try_run_case+0x170/0x3f0
[   23.554620]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.554800]  kthread+0x328/0x630
[   23.554919]  ret_from_fork+0x10/0x20
[   23.555011] 
[   23.555105] The buggy address belongs to the object at fff00000c1921a00
[   23.555105]  which belongs to the cache kmalloc-256 of size 256
[   23.555240] The buggy address is located 7 bytes to the right of
[   23.555240]  allocated 201-byte region [fff00000c1921a00, fff00000c1921ac9)
[   23.555404] 
[   23.555450] The buggy address belongs to the physical page:
[   23.555524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101920
[   23.555663] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.556194] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.556660] page_type: f5(slab)
[   23.556810] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.557073] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.557225] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.557400] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.557536] head: 0bfffe0000000001 ffffc1ffc3064801 00000000ffffffff 00000000ffffffff
[   23.557672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.558002] page dumped because: kasan: bad access detected
[   23.558113] 
[   23.558154] Memory state around the buggy address:
[   23.558234]  fff00000c1921980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.558338]  fff00000c1921a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.558487] >fff00000c1921a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.558600]                                                  ^
[   23.558691]  fff00000c1921b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.558797]  fff00000c1921b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.558918] ==================================================================
[   23.580554] ==================================================================
[   23.580670] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   23.580784] Write of size 1 at addr fff00000c1921aea by task kunit_try_catch/160
[   23.580909] 
[   23.580983] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.581173] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.581248] Hardware name: linux,dummy-virt (DT)
[   23.581467] Call trace:
[   23.581613]  show_stack+0x20/0x38 (C)
[   23.581862]  dump_stack_lvl+0x8c/0xd0
[   23.582099]  print_report+0x118/0x608
[   23.582404]  kasan_report+0xdc/0x128
[   23.582537]  __asan_report_store1_noabort+0x20/0x30
[   23.582750]  krealloc_less_oob_helper+0xae4/0xc50
[   23.582950]  krealloc_less_oob+0x20/0x38
[   23.583636]  kunit_try_run_case+0x170/0x3f0
[   23.583850]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.584125]  kthread+0x328/0x630
[   23.584399]  ret_from_fork+0x10/0x20
[   23.584971] 
[   23.585028] Allocated by task 160:
[   23.585317]  kasan_save_stack+0x3c/0x68
[   23.585635]  kasan_save_track+0x20/0x40
[   23.586071]  kasan_save_alloc_info+0x40/0x58
[   23.586272]  __kasan_krealloc+0x118/0x178
[   23.586622]  krealloc_noprof+0x128/0x360
[   23.586720]  krealloc_less_oob_helper+0x168/0xc50
[   23.586815]  krealloc_less_oob+0x20/0x38
[   23.586899]  kunit_try_run_case+0x170/0x3f0
[   23.586990]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.587092]  kthread+0x328/0x630
[   23.587176]  ret_from_fork+0x10/0x20
[   23.588904] 
[   23.589059] The buggy address belongs to the object at fff00000c1921a00
[   23.589059]  which belongs to the cache kmalloc-256 of size 256
[   23.589956] The buggy address is located 33 bytes to the right of
[   23.589956]  allocated 201-byte region [fff00000c1921a00, fff00000c1921ac9)
[   23.590200] 
[   23.590327] The buggy address belongs to the physical page:
[   23.590504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101920
[   23.590685] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.590799] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.590926] page_type: f5(slab)
[   23.591083] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.591321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.591599] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.591961] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.592141] head: 0bfffe0000000001 ffffc1ffc3064801 00000000ffffffff 00000000ffffffff
[   23.592283] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.592651] page dumped because: kasan: bad access detected
[   23.592740] 
[   23.592789] Memory state around the buggy address:
[   23.592872]  fff00000c1921980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.592994]  fff00000c1921a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.593156] >fff00000c1921a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.593254]                                                           ^
[   23.593348]  fff00000c1921b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.593524]  fff00000c1921b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.593713] ==================================================================
[   23.533725] ==================================================================
[   23.533889] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   23.534030] Write of size 1 at addr fff00000c1921ac9 by task kunit_try_catch/160
[   23.534149] 
[   23.534341] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.534940] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.535098] Hardware name: linux,dummy-virt (DT)
[   23.535178] Call trace:
[   23.535310]  show_stack+0x20/0x38 (C)
[   23.535499]  dump_stack_lvl+0x8c/0xd0
[   23.535646]  print_report+0x118/0x608
[   23.535782]  kasan_report+0xdc/0x128
[   23.535964]  __asan_report_store1_noabort+0x20/0x30
[   23.536138]  krealloc_less_oob_helper+0xa48/0xc50
[   23.536294]  krealloc_less_oob+0x20/0x38
[   23.536541]  kunit_try_run_case+0x170/0x3f0
[   23.536880]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.537021]  kthread+0x328/0x630
[   23.537145]  ret_from_fork+0x10/0x20
[   23.537263] 
[   23.537324] Allocated by task 160:
[   23.537655]  kasan_save_stack+0x3c/0x68
[   23.537759]  kasan_save_track+0x20/0x40
[   23.537905]  kasan_save_alloc_info+0x40/0x58
[   23.538014]  __kasan_krealloc+0x118/0x178
[   23.538332]  krealloc_noprof+0x128/0x360
[   23.538809]  krealloc_less_oob_helper+0x168/0xc50
[   23.539304]  krealloc_less_oob+0x20/0x38
[   23.539706]  kunit_try_run_case+0x170/0x3f0
[   23.540402]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.540546]  kthread+0x328/0x630
[   23.540939]  ret_from_fork+0x10/0x20
[   23.541166] 
[   23.541286] The buggy address belongs to the object at fff00000c1921a00
[   23.541286]  which belongs to the cache kmalloc-256 of size 256
[   23.541605] The buggy address is located 0 bytes to the right of
[   23.541605]  allocated 201-byte region [fff00000c1921a00, fff00000c1921ac9)
[   23.541776] 
[   23.541943] The buggy address belongs to the physical page:
[   23.542316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101920
[   23.542509] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.542821] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.543085] page_type: f5(slab)
[   23.543203] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.543484] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.543721] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   23.543847] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.543990] head: 0bfffe0000000001 ffffc1ffc3064801 00000000ffffffff 00000000ffffffff
[   23.544341] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   23.544744] page dumped because: kasan: bad access detected
[   23.545041] 
[   23.545091] Memory state around the buggy address:
[   23.545482]  fff00000c1921980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.545857]  fff00000c1921a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.546038] >fff00000c1921a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   23.546441]                                               ^
[   23.546602]  fff00000c1921b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.546853]  fff00000c1921b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.546966] ==================================================================
[   23.674780] ==================================================================
[   23.674871] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   23.674972] Write of size 1 at addr fff00000c77e20d0 by task kunit_try_catch/164
[   23.675085] 
[   23.675145] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT 
[   23.675328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.675421] Hardware name: linux,dummy-virt (DT)
[   23.675618] Call trace:
[   23.675762]  show_stack+0x20/0x38 (C)
[   23.676136]  dump_stack_lvl+0x8c/0xd0
[   23.676282]  print_report+0x118/0x608
[   23.677063]  kasan_report+0xdc/0x128
[   23.677193]  __asan_report_store1_noabort+0x20/0x30
[   23.677466]  krealloc_less_oob_helper+0xb9c/0xc50
[   23.677596]  krealloc_large_less_oob+0x20/0x38
[   23.677829]  kunit_try_run_case+0x170/0x3f0
[   23.678089]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   23.678242]  kthread+0x328/0x630
[   23.678355]  ret_from_fork+0x10/0x20
[   23.678782] 
[   23.678858] The buggy address belongs to the physical page:
[   23.679285] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0
[   23.679428] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.679553] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   23.679685] page_type: f8(unknown)
[   23.679777] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.680307] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.680589] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   23.680865] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   23.681047] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff
[   23.681169] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   23.681268] page dumped because: kasan: bad access detected
[   23.681349] 
[   23.681413] Memory state around the buggy address:
[   23.681487]  fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.681670]  fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.681941] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   23.682080]                                                  ^
[   23.682172]  fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.682425]  fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   23.682527] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHLQauKmmDRvn1GR1ZUkvl3N9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHLQauKmmDRvn1GR1ZUkvl3N9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/Image.gz
sha256sum	5f569b7032e517b4206d440631e131cb31d81d7f365d610fec12fc249e3ecc88

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHGGlBBGXGFUnJJh2INKpzdu4/modules.tar.xz
sha256sum	9a32a6e401d68f3ff82d0c47495efa6c9203238907e9ea48aee314ec659ae3fc

durations

tests

boot	0
kunit	329.09

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.339764] ==================================================================
[   11.340046] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.340289] Write of size 1 at addr ffff8881003454da by task kunit_try_catch/178
[   11.340469] 
[   11.340583] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.340678] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.340697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.340733] Call Trace:
[   11.340763]  <TASK>
[   11.340796]  dump_stack_lvl+0x73/0xb0
[   11.340846]  print_report+0xd1/0x650
[   11.340888]  ? __virt_addr_valid+0x1db/0x2d0
[   11.340927]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.340964]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.341006]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.341043]  kasan_report+0x141/0x180
[   11.341080]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.341123]  __asan_report_store1_noabort+0x1b/0x30
[   11.341163]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.341207]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.341246]  ? finish_task_switch.isra.0+0x153/0x700
[   11.341290]  ? __switch_to+0x5d9/0xf60
[   11.341328]  ? dequeue_task_fair+0x166/0x4e0
[   11.341367]  ? __schedule+0x10cc/0x2b60
[   11.341422]  ? __pfx_read_tsc+0x10/0x10
[   11.341464]  krealloc_less_oob+0x1c/0x30
[   11.341490]  kunit_try_run_case+0x1a5/0x480
[   11.341525]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.341555]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.341586]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.341615]  ? __kthread_parkme+0x82/0x180
[   11.341661]  ? preempt_count_sub+0x50/0x80
[   11.341693]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.341729]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.341761]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.341796]  kthread+0x337/0x6f0
[   11.341821]  ? trace_preempt_on+0x20/0xc0
[   11.341853]  ? __pfx_kthread+0x10/0x10
[   11.341877]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.341906]  ? calculate_sigpending+0x7b/0xa0
[   11.341939]  ? __pfx_kthread+0x10/0x10
[   11.341977]  ret_from_fork+0x41/0x80
[   11.342012]  ? __pfx_kthread+0x10/0x10
[   11.342047]  ret_from_fork_asm+0x1a/0x30
[   11.342106]  </TASK>
[   11.342130] 
[   11.350646] Allocated by task 178:
[   11.350909]  kasan_save_stack+0x45/0x70
[   11.351201]  kasan_save_track+0x18/0x40
[   11.351423]  kasan_save_alloc_info+0x3b/0x50
[   11.351746]  __kasan_krealloc+0x190/0x1f0
[   11.352026]  krealloc_noprof+0xf3/0x340
[   11.352183]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.352488]  krealloc_less_oob+0x1c/0x30
[   11.352853]  kunit_try_run_case+0x1a5/0x480
[   11.353089]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.353339]  kthread+0x337/0x6f0
[   11.353508]  ret_from_fork+0x41/0x80
[   11.353753]  ret_from_fork_asm+0x1a/0x30
[   11.353925] 
[   11.354092] The buggy address belongs to the object at ffff888100345400
[   11.354092]  which belongs to the cache kmalloc-256 of size 256
[   11.354722] The buggy address is located 17 bytes to the right of
[   11.354722]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   11.355155] 
[   11.355310] The buggy address belongs to the physical page:
[   11.355725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   11.356011] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.356384] flags: 0x200000000000040(head|node=0|zone=2)
[   11.356638] page_type: f5(slab)
[   11.356902] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.357473] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.357857] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.358121] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.358369] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   11.358658] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.359157] page dumped because: kasan: bad access detected
[   11.359538] 
[   11.359714] Memory state around the buggy address:
[   11.360082]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.360576]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.360867] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.361142]                                                     ^
[   11.361517]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.361895]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.362244] ==================================================================
[   11.538283] ==================================================================
[   11.539571] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.540103] Write of size 1 at addr ffff8881028620da by task kunit_try_catch/182
[   11.540525] 
[   11.540765] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.540913] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.540938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.540991] Call Trace:
[   11.541028]  <TASK>
[   11.541067]  dump_stack_lvl+0x73/0xb0
[   11.541115]  print_report+0xd1/0x650
[   11.541145]  ? __virt_addr_valid+0x1db/0x2d0
[   11.541173]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.541197]  ? kasan_addr_to_slab+0x11/0xa0
[   11.541225]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.541255]  kasan_report+0x141/0x180
[   11.541289]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.541333]  __asan_report_store1_noabort+0x1b/0x30
[   11.541397]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.541453]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.541511]  ? finish_task_switch.isra.0+0x153/0x700
[   11.541566]  ? __switch_to+0x5d9/0xf60
[   11.541608]  ? dequeue_task_fair+0x166/0x4e0
[   11.541666]  ? __schedule+0x10cc/0x2b60
[   11.541712]  ? __pfx_read_tsc+0x10/0x10
[   11.541752]  krealloc_large_less_oob+0x1c/0x30
[   11.541780]  kunit_try_run_case+0x1a5/0x480
[   11.541804]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.541823]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.541846]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.541867]  ? __kthread_parkme+0x82/0x180
[   11.541888]  ? preempt_count_sub+0x50/0x80
[   11.541909]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.541931]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.541965]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.541988]  kthread+0x337/0x6f0
[   11.542005]  ? trace_preempt_on+0x20/0xc0
[   11.542029]  ? __pfx_kthread+0x10/0x10
[   11.542046]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.542067]  ? calculate_sigpending+0x7b/0xa0
[   11.542088]  ? __pfx_kthread+0x10/0x10
[   11.542105]  ret_from_fork+0x41/0x80
[   11.542124]  ? __pfx_kthread+0x10/0x10
[   11.542140]  ret_from_fork_asm+0x1a/0x30
[   11.542169]  </TASK>
[   11.542182] 
[   11.551401] The buggy address belongs to the physical page:
[   11.551960] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860
[   11.552588] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.553144] flags: 0x200000000000040(head|node=0|zone=2)
[   11.553366] page_type: f8(unknown)
[   11.553538] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.553813] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.554238] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.554782] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.555112] head: 0200000000000002 ffffea00040a1801 00000000ffffffff 00000000ffffffff
[   11.555356] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.555616] page dumped because: kasan: bad access detected
[   11.555997] 
[   11.556153] Memory state around the buggy address:
[   11.556499]  ffff888102861f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.557043]  ffff888102862000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.557434] >ffff888102862080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.557903]                                                     ^
[   11.559130]  ffff888102862100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.559389]  ffff888102862180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.559610] ==================================================================
[   11.560819] ==================================================================
[   11.561402] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.562482] Write of size 1 at addr ffff8881028620ea by task kunit_try_catch/182
[   11.563425] 
[   11.563800] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.563875] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.563893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.563917] Call Trace:
[   11.563943]  <TASK>
[   11.563968]  dump_stack_lvl+0x73/0xb0
[   11.564007]  print_report+0xd1/0x650
[   11.564030]  ? __virt_addr_valid+0x1db/0x2d0
[   11.564050]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.564069]  ? kasan_addr_to_slab+0x11/0xa0
[   11.564087]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.564106]  kasan_report+0x141/0x180
[   11.564126]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.564149]  __asan_report_store1_noabort+0x1b/0x30
[   11.564169]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.564189]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.564208]  ? finish_task_switch.isra.0+0x153/0x700
[   11.564229]  ? __switch_to+0x5d9/0xf60
[   11.564248]  ? dequeue_task_fair+0x166/0x4e0
[   11.564270]  ? __schedule+0x10cc/0x2b60
[   11.564472]  ? __pfx_read_tsc+0x10/0x10
[   11.564518]  krealloc_large_less_oob+0x1c/0x30
[   11.564548]  kunit_try_run_case+0x1a5/0x480
[   11.564580]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.564668]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.564702]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.564732]  ? __kthread_parkme+0x82/0x180
[   11.564761]  ? preempt_count_sub+0x50/0x80
[   11.564791]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.564821]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.564850]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.564879]  kthread+0x337/0x6f0
[   11.564900]  ? trace_preempt_on+0x20/0xc0
[   11.564930]  ? __pfx_kthread+0x10/0x10
[   11.564956]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.564985]  ? calculate_sigpending+0x7b/0xa0
[   11.565015]  ? __pfx_kthread+0x10/0x10
[   11.565042]  ret_from_fork+0x41/0x80
[   11.565070]  ? __pfx_kthread+0x10/0x10
[   11.565095]  ret_from_fork_asm+0x1a/0x30
[   11.565169]  </TASK>
[   11.565198] 
[   11.577069] The buggy address belongs to the physical page:
[   11.577351] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860
[   11.577902] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.578274] flags: 0x200000000000040(head|node=0|zone=2)
[   11.578551] page_type: f8(unknown)
[   11.578761] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.579123] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.579470] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.579924] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.580268] head: 0200000000000002 ffffea00040a1801 00000000ffffffff 00000000ffffffff
[   11.580593] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.580965] page dumped because: kasan: bad access detected
[   11.581328] 
[   11.581433] Memory state around the buggy address:
[   11.581831]  ffff888102861f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.582180]  ffff888102862000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.582493] >ffff888102862080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.582835]                                                           ^
[   11.583345]  ffff888102862100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.583581]  ffff888102862180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.583932] ==================================================================
[   11.394108] ==================================================================
[   11.395427] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.395717] Write of size 1 at addr ffff8881003454eb by task kunit_try_catch/178
[   11.395981] 
[   11.396126] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.396208] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.396229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.396267] Call Trace:
[   11.396305]  <TASK>
[   11.396342]  dump_stack_lvl+0x73/0xb0
[   11.396397]  print_report+0xd1/0x650
[   11.396437]  ? __virt_addr_valid+0x1db/0x2d0
[   11.396475]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.396511]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.396563]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.396606]  kasan_report+0x141/0x180
[   11.396666]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.396714]  __asan_report_store1_noabort+0x1b/0x30
[   11.396747]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.396786]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.396822]  ? finish_task_switch.isra.0+0x153/0x700
[   11.396863]  ? __switch_to+0x5d9/0xf60
[   11.396902]  ? dequeue_task_fair+0x166/0x4e0
[   11.396943]  ? __schedule+0x10cc/0x2b60
[   11.396979]  ? __pfx_read_tsc+0x10/0x10
[   11.397022]  krealloc_less_oob+0x1c/0x30
[   11.397055]  kunit_try_run_case+0x1a5/0x480
[   11.397102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.397143]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.397189]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.397226]  ? __kthread_parkme+0x82/0x180
[   11.397270]  ? preempt_count_sub+0x50/0x80
[   11.397304]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.397334]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.397364]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.397394]  kthread+0x337/0x6f0
[   11.397416]  ? trace_preempt_on+0x20/0xc0
[   11.397448]  ? __pfx_kthread+0x10/0x10
[   11.397471]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.397491]  ? calculate_sigpending+0x7b/0xa0
[   11.397512]  ? __pfx_kthread+0x10/0x10
[   11.397529]  ret_from_fork+0x41/0x80
[   11.397564]  ? __pfx_kthread+0x10/0x10
[   11.397587]  ret_from_fork_asm+0x1a/0x30
[   11.397640]  </TASK>
[   11.397655] 
[   11.409841] Allocated by task 178:
[   11.410228]  kasan_save_stack+0x45/0x70
[   11.410676]  kasan_save_track+0x18/0x40
[   11.410936]  kasan_save_alloc_info+0x3b/0x50
[   11.411210]  __kasan_krealloc+0x190/0x1f0
[   11.411523]  krealloc_noprof+0xf3/0x340
[   11.411759]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.412073]  krealloc_less_oob+0x1c/0x30
[   11.412379]  kunit_try_run_case+0x1a5/0x480
[   11.412662]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.413002]  kthread+0x337/0x6f0
[   11.413253]  ret_from_fork+0x41/0x80
[   11.413567]  ret_from_fork_asm+0x1a/0x30
[   11.413801] 
[   11.413989] The buggy address belongs to the object at ffff888100345400
[   11.413989]  which belongs to the cache kmalloc-256 of size 256
[   11.414694] The buggy address is located 34 bytes to the right of
[   11.414694]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   11.415401] 
[   11.415580] The buggy address belongs to the physical page:
[   11.415880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   11.416356] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.416696] flags: 0x200000000000040(head|node=0|zone=2)
[   11.417097] page_type: f5(slab)
[   11.417348] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.417649] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.418181] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.418679] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.419034] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   11.419452] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.419799] page dumped because: kasan: bad access detected
[   11.420145] 
[   11.420290] Memory state around the buggy address:
[   11.420590]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.420985]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.421467] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.421759]                                                           ^
[   11.422219]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.422584]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.423074] ==================================================================
[   11.305837] ==================================================================
[   11.306298] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.306547] Write of size 1 at addr ffff8881003454d0 by task kunit_try_catch/178
[   11.307117] 
[   11.307380] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.307482] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.307506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.307553] Call Trace:
[   11.307596]  <TASK>
[   11.307795]  dump_stack_lvl+0x73/0xb0
[   11.307840]  print_report+0xd1/0x650
[   11.307866]  ? __virt_addr_valid+0x1db/0x2d0
[   11.307888]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.307907]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.307937]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.307966]  kasan_report+0x141/0x180
[   11.308001]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.308044]  __asan_report_store1_noabort+0x1b/0x30
[   11.308103]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.308142]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.308179]  ? finish_task_switch.isra.0+0x153/0x700
[   11.308223]  ? __switch_to+0x5d9/0xf60
[   11.308257]  ? dequeue_task_fair+0x166/0x4e0
[   11.308448]  ? __schedule+0x10cc/0x2b60
[   11.308496]  ? __pfx_read_tsc+0x10/0x10
[   11.308531]  krealloc_less_oob+0x1c/0x30
[   11.308569]  kunit_try_run_case+0x1a5/0x480
[   11.308597]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.308618]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.308662]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.308685]  ? __kthread_parkme+0x82/0x180
[   11.308708]  ? preempt_count_sub+0x50/0x80
[   11.308731]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.308754]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.308777]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.308799]  kthread+0x337/0x6f0
[   11.308815]  ? trace_preempt_on+0x20/0xc0
[   11.308838]  ? __pfx_kthread+0x10/0x10
[   11.308855]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.308876]  ? calculate_sigpending+0x7b/0xa0
[   11.308897]  ? __pfx_kthread+0x10/0x10
[   11.308914]  ret_from_fork+0x41/0x80
[   11.308934]  ? __pfx_kthread+0x10/0x10
[   11.308951]  ret_from_fork_asm+0x1a/0x30
[   11.308981]  </TASK>
[   11.308993] 
[   11.322999] Allocated by task 178:
[   11.323311]  kasan_save_stack+0x45/0x70
[   11.323564]  kasan_save_track+0x18/0x40
[   11.323755]  kasan_save_alloc_info+0x3b/0x50
[   11.323918]  __kasan_krealloc+0x190/0x1f0
[   11.324104]  krealloc_noprof+0xf3/0x340
[   11.324839]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.325370]  krealloc_less_oob+0x1c/0x30
[   11.325763]  kunit_try_run_case+0x1a5/0x480
[   11.326046]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.326315]  kthread+0x337/0x6f0
[   11.327164]  ret_from_fork+0x41/0x80
[   11.327503]  ret_from_fork_asm+0x1a/0x30
[   11.327678] 
[   11.327771] The buggy address belongs to the object at ffff888100345400
[   11.327771]  which belongs to the cache kmalloc-256 of size 256
[   11.328323] The buggy address is located 7 bytes to the right of
[   11.328323]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   11.328964] 
[   11.329177] The buggy address belongs to the physical page:
[   11.329655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   11.330085] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.330414] flags: 0x200000000000040(head|node=0|zone=2)
[   11.330832] page_type: f5(slab)
[   11.331124] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.332531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.332885] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.333261] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.333805] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   11.334087] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.334601] page dumped because: kasan: bad access detected
[   11.334844] 
[   11.334997] Memory state around the buggy address:
[   11.335258]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.335586]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.335979] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.336357]                                                  ^
[   11.336964]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.337324]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.338392] ==================================================================
[   11.585078] ==================================================================
[   11.586417] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.587356] Write of size 1 at addr ffff8881028620eb by task kunit_try_catch/182
[   11.587896] 
[   11.588077] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.588171] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.588195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.588231] Call Trace:
[   11.588272]  <TASK>
[   11.588310]  dump_stack_lvl+0x73/0xb0
[   11.588371]  print_report+0xd1/0x650
[   11.588414]  ? __virt_addr_valid+0x1db/0x2d0
[   11.588455]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.588494]  ? kasan_addr_to_slab+0x11/0xa0
[   11.588530]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.588806]  kasan_report+0x141/0x180
[   11.588875]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.588917]  __asan_report_store1_noabort+0x1b/0x30
[   11.588942]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.588964]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.588983]  ? finish_task_switch.isra.0+0x153/0x700
[   11.589006]  ? __switch_to+0x5d9/0xf60
[   11.589028]  ? dequeue_task_fair+0x166/0x4e0
[   11.589051]  ? __schedule+0x10cc/0x2b60
[   11.589073]  ? __pfx_read_tsc+0x10/0x10
[   11.589095]  krealloc_large_less_oob+0x1c/0x30
[   11.589113]  kunit_try_run_case+0x1a5/0x480
[   11.589137]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.589156]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.589179]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.589200]  ? __kthread_parkme+0x82/0x180
[   11.589222]  ? preempt_count_sub+0x50/0x80
[   11.589244]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.589265]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.589328]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.589370]  kthread+0x337/0x6f0
[   11.589396]  ? trace_preempt_on+0x20/0xc0
[   11.589429]  ? __pfx_kthread+0x10/0x10
[   11.589453]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.589482]  ? calculate_sigpending+0x7b/0xa0
[   11.589508]  ? __pfx_kthread+0x10/0x10
[   11.589533]  ret_from_fork+0x41/0x80
[   11.589571]  ? __pfx_kthread+0x10/0x10
[   11.589597]  ret_from_fork_asm+0x1a/0x30
[   11.589653]  </TASK>
[   11.589672] 
[   11.603384] The buggy address belongs to the physical page:
[   11.603770] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860
[   11.604367] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.604908] flags: 0x200000000000040(head|node=0|zone=2)
[   11.605319] page_type: f8(unknown)
[   11.605788] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.606051] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.606574] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.606908] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.607302] head: 0200000000000002 ffffea00040a1801 00000000ffffffff 00000000ffffffff
[   11.607773] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.608182] page dumped because: kasan: bad access detected
[   11.608503] 
[   11.608705] Memory state around the buggy address:
[   11.609030]  ffff888102861f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.609390]  ffff888102862000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.609747] >ffff888102862080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.610245]                                                           ^
[   11.610706]  ffff888102862100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.611138]  ffff888102862180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.611484] ==================================================================
[   11.490236] ==================================================================
[   11.490977] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.491492] Write of size 1 at addr ffff8881028620c9 by task kunit_try_catch/182
[   11.492343] 
[   11.492732] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.492840] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.492864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.492905] Call Trace:
[   11.492932]  <TASK>
[   11.492965]  dump_stack_lvl+0x73/0xb0
[   11.493027]  print_report+0xd1/0x650
[   11.493070]  ? __virt_addr_valid+0x1db/0x2d0
[   11.493111]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.493142]  ? kasan_addr_to_slab+0x11/0xa0
[   11.493173]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.493206]  kasan_report+0x141/0x180
[   11.493245]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.493288]  __asan_report_store1_noabort+0x1b/0x30
[   11.493325]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.493367]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.493402]  ? finish_task_switch.isra.0+0x153/0x700
[   11.493440]  ? __switch_to+0x5d9/0xf60
[   11.493473]  ? dequeue_task_fair+0x166/0x4e0
[   11.493531]  ? __schedule+0x10cc/0x2b60
[   11.493572]  ? __pfx_read_tsc+0x10/0x10
[   11.493615]  krealloc_large_less_oob+0x1c/0x30
[   11.493673]  kunit_try_run_case+0x1a5/0x480
[   11.493721]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.493780]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.493831]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.493866]  ? __kthread_parkme+0x82/0x180
[   11.493899]  ? preempt_count_sub+0x50/0x80
[   11.493930]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.493963]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.493988]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.494009]  kthread+0x337/0x6f0
[   11.494026]  ? trace_preempt_on+0x20/0xc0
[   11.494049]  ? __pfx_kthread+0x10/0x10
[   11.494066]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.494086]  ? calculate_sigpending+0x7b/0xa0
[   11.494106]  ? __pfx_kthread+0x10/0x10
[   11.494124]  ret_from_fork+0x41/0x80
[   11.494144]  ? __pfx_kthread+0x10/0x10
[   11.494161]  ret_from_fork_asm+0x1a/0x30
[   11.494191]  </TASK>
[   11.494205] 
[   11.505195] The buggy address belongs to the physical page:
[   11.505541] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860
[   11.506255] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.506508] flags: 0x200000000000040(head|node=0|zone=2)
[   11.507088] page_type: f8(unknown)
[   11.507950] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.508328] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.508709] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.509003] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.509258] head: 0200000000000002 ffffea00040a1801 00000000ffffffff 00000000ffffffff
[   11.509715] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.510427] page dumped because: kasan: bad access detected
[   11.510741] 
[   11.511044] Memory state around the buggy address:
[   11.511308]  ffff888102861f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.511573]  ffff888102862000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.512128] >ffff888102862080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.512361]                                               ^
[   11.512831]  ffff888102862100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.513080]  ffff888102862180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.513458] ==================================================================
[   11.516123] ==================================================================
[   11.516487] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.516746] Write of size 1 at addr ffff8881028620d0 by task kunit_try_catch/182
[   11.516937] 
[   11.517139] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.517223] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.517244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.517283] Call Trace:
[   11.517333]  <TASK>
[   11.517371]  dump_stack_lvl+0x73/0xb0
[   11.517429]  print_report+0xd1/0x650
[   11.517475]  ? __virt_addr_valid+0x1db/0x2d0
[   11.517508]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.517542]  ? kasan_addr_to_slab+0x11/0xa0
[   11.517576]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.517610]  kasan_report+0x141/0x180
[   11.517686]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.517727]  __asan_report_store1_noabort+0x1b/0x30
[   11.517761]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.517802]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.517838]  ? finish_task_switch.isra.0+0x153/0x700
[   11.517878]  ? __switch_to+0x5d9/0xf60
[   11.517916]  ? dequeue_task_fair+0x166/0x4e0
[   11.517965]  ? __schedule+0x10cc/0x2b60
[   11.518006]  ? __pfx_read_tsc+0x10/0x10
[   11.518045]  krealloc_large_less_oob+0x1c/0x30
[   11.518080]  kunit_try_run_case+0x1a5/0x480
[   11.518116]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.518146]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.518180]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.518534]  ? __kthread_parkme+0x82/0x180
[   11.518585]  ? preempt_count_sub+0x50/0x80
[   11.518636]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.518673]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.518712]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.518744]  kthread+0x337/0x6f0
[   11.518776]  ? trace_preempt_on+0x20/0xc0
[   11.518809]  ? __pfx_kthread+0x10/0x10
[   11.518835]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.518865]  ? calculate_sigpending+0x7b/0xa0
[   11.518894]  ? __pfx_kthread+0x10/0x10
[   11.518921]  ret_from_fork+0x41/0x80
[   11.518952]  ? __pfx_kthread+0x10/0x10
[   11.518970]  ret_from_fork_asm+0x1a/0x30
[   11.519000]  </TASK>
[   11.519013] 
[   11.528784] The buggy address belongs to the physical page:
[   11.529147] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860
[   11.529451] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.529882] flags: 0x200000000000040(head|node=0|zone=2)
[   11.530324] page_type: f8(unknown)
[   11.530640] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.531154] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.531582] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.531903] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.532338] head: 0200000000000002 ffffea00040a1801 00000000ffffffff 00000000ffffffff
[   11.533029] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.533312] page dumped because: kasan: bad access detected
[   11.533696] 
[   11.533870] Memory state around the buggy address:
[   11.534157]  ffff888102861f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.534563]  ffff888102862000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.534978] >ffff888102862080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.535409]                                                  ^
[   11.535796]  ffff888102862100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.536186]  ffff888102862180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.536511] ==================================================================
[   11.270207] ==================================================================
[   11.271339] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.271874] Write of size 1 at addr ffff8881003454c9 by task kunit_try_catch/178
[   11.272171] 
[   11.272313] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.272405] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.272426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.272464] Call Trace:
[   11.272493]  <TASK>
[   11.272528]  dump_stack_lvl+0x73/0xb0
[   11.272579]  print_report+0xd1/0x650
[   11.272611]  ? __virt_addr_valid+0x1db/0x2d0
[   11.272679]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.273039]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.273076]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.273098]  kasan_report+0x141/0x180
[   11.273121]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.273145]  __asan_report_store1_noabort+0x1b/0x30
[   11.273164]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.273185]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.273204]  ? finish_task_switch.isra.0+0x153/0x700
[   11.273228]  ? __switch_to+0x5d9/0xf60
[   11.273249]  ? dequeue_task_fair+0x166/0x4e0
[   11.273272]  ? __schedule+0x10cc/0x2b60
[   11.273312]  ? __pfx_read_tsc+0x10/0x10
[   11.273346]  krealloc_less_oob+0x1c/0x30
[   11.273374]  kunit_try_run_case+0x1a5/0x480
[   11.273407]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.273428]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.273451]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.273473]  ? __kthread_parkme+0x82/0x180
[   11.273495]  ? preempt_count_sub+0x50/0x80
[   11.273518]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.273540]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.273570]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.273591]  kthread+0x337/0x6f0
[   11.273608]  ? trace_preempt_on+0x20/0xc0
[   11.273650]  ? __pfx_kthread+0x10/0x10
[   11.273669]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.273690]  ? calculate_sigpending+0x7b/0xa0
[   11.273711]  ? __pfx_kthread+0x10/0x10
[   11.273729]  ret_from_fork+0x41/0x80
[   11.273749]  ? __pfx_kthread+0x10/0x10
[   11.273766]  ret_from_fork_asm+0x1a/0x30
[   11.273797]  </TASK>
[   11.273810] 
[   11.288185] Allocated by task 178:
[   11.288716]  kasan_save_stack+0x45/0x70
[   11.289063]  kasan_save_track+0x18/0x40
[   11.289324]  kasan_save_alloc_info+0x3b/0x50
[   11.289619]  __kasan_krealloc+0x190/0x1f0
[   11.289962]  krealloc_noprof+0xf3/0x340
[   11.290456]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.290860]  krealloc_less_oob+0x1c/0x30
[   11.291111]  kunit_try_run_case+0x1a5/0x480
[   11.291432]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.291897]  kthread+0x337/0x6f0
[   11.292134]  ret_from_fork+0x41/0x80
[   11.292734]  ret_from_fork_asm+0x1a/0x30
[   11.292986] 
[   11.293094] The buggy address belongs to the object at ffff888100345400
[   11.293094]  which belongs to the cache kmalloc-256 of size 256
[   11.293727] The buggy address is located 0 bytes to the right of
[   11.293727]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   11.294118] 
[   11.294283] The buggy address belongs to the physical page:
[   11.295384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   11.295891] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.296213] flags: 0x200000000000040(head|node=0|zone=2)
[   11.296636] page_type: f5(slab)
[   11.296923] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.297268] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.297752] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.298265] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.299025] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   11.299315] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.300038] page dumped because: kasan: bad access detected
[   11.300463] 
[   11.300826] Memory state around the buggy address:
[   11.301184]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.301961]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.302749] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.302961]                                               ^
[   11.303384]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.303674]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.304046] ==================================================================
[   11.363817] ==================================================================
[   11.365285] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.365731] Write of size 1 at addr ffff8881003454ea by task kunit_try_catch/178
[   11.366003] 
[   11.366147] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc2 #1 PREEMPT(voluntary) 
[   11.366251] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.366277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.366321] Call Trace:
[   11.366359]  <TASK>
[   11.366399]  dump_stack_lvl+0x73/0xb0
[   11.366455]  print_report+0xd1/0x650
[   11.366505]  ? __virt_addr_valid+0x1db/0x2d0
[   11.366551]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.366594]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.366654]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.366700]  kasan_report+0x141/0x180
[   11.366748]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.366802]  __asan_report_store1_noabort+0x1b/0x30
[   11.366832]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.366855]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.366875]  ? finish_task_switch.isra.0+0x153/0x700
[   11.366900]  ? __switch_to+0x5d9/0xf60
[   11.366922]  ? dequeue_task_fair+0x166/0x4e0
[   11.366945]  ? __schedule+0x10cc/0x2b60
[   11.366969]  ? __pfx_read_tsc+0x10/0x10
[   11.366992]  krealloc_less_oob+0x1c/0x30
[   11.367010]  kunit_try_run_case+0x1a5/0x480
[   11.367035]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.367058]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.367081]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.367103]  ? __kthread_parkme+0x82/0x180
[   11.367124]  ? preempt_count_sub+0x50/0x80
[   11.367146]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.367168]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.367189]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.367210]  kthread+0x337/0x6f0
[   11.367226]  ? trace_preempt_on+0x20/0xc0
[   11.367248]  ? __pfx_kthread+0x10/0x10
[   11.367265]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.367285]  ? calculate_sigpending+0x7b/0xa0
[   11.367305]  ? __pfx_kthread+0x10/0x10
[   11.367322]  ret_from_fork+0x41/0x80
[   11.367341]  ? __pfx_kthread+0x10/0x10
[   11.367357]  ret_from_fork_asm+0x1a/0x30
[   11.367386]  </TASK>
[   11.367399] 
[   11.378880] Allocated by task 178:
[   11.379348]  kasan_save_stack+0x45/0x70
[   11.379784]  kasan_save_track+0x18/0x40
[   11.380067]  kasan_save_alloc_info+0x3b/0x50
[   11.380389]  __kasan_krealloc+0x190/0x1f0
[   11.380692]  krealloc_noprof+0xf3/0x340
[   11.381011]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.381388]  krealloc_less_oob+0x1c/0x30
[   11.381778]  kunit_try_run_case+0x1a5/0x480
[   11.382022]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.382427]  kthread+0x337/0x6f0
[   11.382768]  ret_from_fork+0x41/0x80
[   11.383009]  ret_from_fork_asm+0x1a/0x30
[   11.383301] 
[   11.383447] The buggy address belongs to the object at ffff888100345400
[   11.383447]  which belongs to the cache kmalloc-256 of size 256
[   11.384118] The buggy address is located 33 bytes to the right of
[   11.384118]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   11.384866] 
[   11.385041] The buggy address belongs to the physical page:
[   11.385311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   11.385639] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.385933] flags: 0x200000000000040(head|node=0|zone=2)
[   11.386207] page_type: f5(slab)
[   11.386487] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.386855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.387112] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.387377] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.387786] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   11.388449] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.389004] page dumped because: kasan: bad access detected
[   11.389396] 
[   11.389582] Memory state around the buggy address:
[   11.389822]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.390301]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.390712] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.391168]                                                           ^
[   11.391581]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.392030]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.392443] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yxHFATOg4xd5cOk7A6Oo5SQLFr

job_id

TEST:linaro@lkft#2yxHMkevU93EIqRtXZQ3tGY4itd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yxHMkevU93EIqRtXZQ3tGY4itd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/bzImage
sha256sum	453ec96a6544da365eca74576dbe75de49d576db4e04b528c27ab9d3cb251d29

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yxHHKBJSOltLiYsLWwKkWEIluQ/modules.tar.xz
sha256sum	52055fb894ed1f3fdb3335393e3f2e81da91906b8281f913fc0885beb5e85fa3

durations

tests

boot	0
kunit	331.46

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit