lkft/linux-stable-rc-linux-6.15.y - v6.15.4-264-gd5e6f0c9ca48 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 3, 2025, 3:13 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.424051] ==================================================================
[   15.424174] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.424221] Write of size 1 at addr fff00000c4600eeb by task kunit_try_catch/161
[   15.424509] 
[   15.424590] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.424676] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.424703] Hardware name: linux,dummy-virt (DT)
[   15.424778] Call trace:
[   15.424803]  show_stack+0x20/0x38 (C)
[   15.424992]  dump_stack_lvl+0x8c/0xd0
[   15.425047]  print_report+0x118/0x608
[   15.425091]  kasan_report+0xdc/0x128
[   15.425173]  __asan_report_store1_noabort+0x20/0x30
[   15.425224]  krealloc_less_oob_helper+0xa58/0xc50
[   15.425270]  krealloc_less_oob+0x20/0x38
[   15.425312]  kunit_try_run_case+0x170/0x3f0
[   15.425780]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.425857]  kthread+0x328/0x630
[   15.425903]  ret_from_fork+0x10/0x20
[   15.426177] 
[   15.426369] Allocated by task 161:
[   15.426415]  kasan_save_stack+0x3c/0x68
[   15.426476]  kasan_save_track+0x20/0x40
[   15.426523]  kasan_save_alloc_info+0x40/0x58
[   15.426580]  __kasan_krealloc+0x118/0x178
[   15.426901]  krealloc_noprof+0x128/0x360
[   15.427147]  krealloc_less_oob_helper+0x168/0xc50
[   15.427308]  krealloc_less_oob+0x20/0x38
[   15.427426]  kunit_try_run_case+0x170/0x3f0
[   15.427472]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.427897]  kthread+0x328/0x630
[   15.428177]  ret_from_fork+0x10/0x20
[   15.428312] 
[   15.428352] The buggy address belongs to the object at fff00000c4600e00
[   15.428352]  which belongs to the cache kmalloc-256 of size 256
[   15.428407] The buggy address is located 34 bytes to the right of
[   15.428407]  allocated 201-byte region [fff00000c4600e00, fff00000c4600ec9)
[   15.428479] 
[   15.428499] The buggy address belongs to the physical page:
[   15.428535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104600
[   15.428588] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.428644] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.428694] page_type: f5(slab)
[   15.428731] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.428779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.428836] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.428892] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.428939] head: 0bfffe0000000001 ffffc1ffc3118001 00000000ffffffff 00000000ffffffff
[   15.429006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.429049] page dumped because: kasan: bad access detected
[   15.429089] 
[   15.429106] Memory state around the buggy address:
[   15.429142]  fff00000c4600d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.429193]  fff00000c4600e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.429238] >fff00000c4600e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.429280]                                                           ^
[   15.429333]  fff00000c4600f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.429394]  fff00000c4600f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.429439] ==================================================================
[   15.464810] ==================================================================
[   15.464895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.465263] Write of size 1 at addr fff00000c786e0c9 by task kunit_try_catch/165
[   15.465331] 
[   15.465367] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.465447] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.465474] Hardware name: linux,dummy-virt (DT)
[   15.465505] Call trace:
[   15.465527]  show_stack+0x20/0x38 (C)
[   15.465601]  dump_stack_lvl+0x8c/0xd0
[   15.465660]  print_report+0x118/0x608
[   15.465705]  kasan_report+0xdc/0x128
[   15.465747]  __asan_report_store1_noabort+0x20/0x30
[   15.465812]  krealloc_less_oob_helper+0xa48/0xc50
[   15.465858]  krealloc_large_less_oob+0x20/0x38
[   15.465903]  kunit_try_run_case+0x170/0x3f0
[   15.465989]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.466051]  kthread+0x328/0x630
[   15.466097]  ret_from_fork+0x10/0x20
[   15.466364] 
[   15.466401] The buggy address belongs to the physical page:
[   15.466638] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c
[   15.466697] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.466744] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.467228] page_type: f8(unknown)
[   15.467323] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.467574] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.467904] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.468065] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.468453] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff
[   15.468552] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.468816] page dumped because: kasan: bad access detected
[   15.468880] 
[   15.468980] Memory state around the buggy address:
[   15.469072]  fff00000c786df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.469399]  fff00000c786e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.469487] >fff00000c786e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.469571]                                               ^
[   15.469894]  fff00000c786e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.470099]  fff00000c786e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.470144] ==================================================================
[   15.472049] ==================================================================
[   15.472114] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.472162] Write of size 1 at addr fff00000c786e0d0 by task kunit_try_catch/165
[   15.472209] 
[   15.472239] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.472583] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.472741] Hardware name: linux,dummy-virt (DT)
[   15.472859] Call trace:
[   15.472884]  show_stack+0x20/0x38 (C)
[   15.472961]  dump_stack_lvl+0x8c/0xd0
[   15.473040]  print_report+0x118/0x608
[   15.473112]  kasan_report+0xdc/0x128
[   15.473158]  __asan_report_store1_noabort+0x20/0x30
[   15.473251]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.473441]  krealloc_large_less_oob+0x20/0x38
[   15.473599]  kunit_try_run_case+0x170/0x3f0
[   15.473722]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.474001]  kthread+0x328/0x630
[   15.474064]  ret_from_fork+0x10/0x20
[   15.474112] 
[   15.474131] The buggy address belongs to the physical page:
[   15.474173] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c
[   15.474516] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.474597] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.474697] page_type: f8(unknown)
[   15.474736] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.474881] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.475091] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.475460] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.475566] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff
[   15.476016] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.476104] page dumped because: kasan: bad access detected
[   15.476156] 
[   15.476326] Memory state around the buggy address:
[   15.476544]  fff00000c786df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.476694]  fff00000c786e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.476741] >fff00000c786e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.476778]                                                  ^
[   15.476813]  fff00000c786e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.477233]  fff00000c786e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.477403] ==================================================================
[   15.392742] ==================================================================
[   15.393058] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.393185] Write of size 1 at addr fff00000c4600ed0 by task kunit_try_catch/161
[   15.393279] 
[   15.393317] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.393433] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.393460] Hardware name: linux,dummy-virt (DT)
[   15.393489] Call trace:
[   15.393516]  show_stack+0x20/0x38 (C)
[   15.393661]  dump_stack_lvl+0x8c/0xd0
[   15.393713]  print_report+0x118/0x608
[   15.393782]  kasan_report+0xdc/0x128
[   15.394147]  __asan_report_store1_noabort+0x20/0x30
[   15.394306]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.394412]  krealloc_less_oob+0x20/0x38
[   15.394743]  kunit_try_run_case+0x170/0x3f0
[   15.394895]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.395482]  kthread+0x328/0x630
[   15.395554]  ret_from_fork+0x10/0x20
[   15.395856] 
[   15.395956] Allocated by task 161:
[   15.396102]  kasan_save_stack+0x3c/0x68
[   15.396329]  kasan_save_track+0x20/0x40
[   15.396523]  kasan_save_alloc_info+0x40/0x58
[   15.396586]  __kasan_krealloc+0x118/0x178
[   15.396621]  krealloc_noprof+0x128/0x360
[   15.396903]  krealloc_less_oob_helper+0x168/0xc50
[   15.397172]  krealloc_less_oob+0x20/0x38
[   15.397686]  kunit_try_run_case+0x170/0x3f0
[   15.397811]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.398019]  kthread+0x328/0x630
[   15.398208]  ret_from_fork+0x10/0x20
[   15.398336] 
[   15.398370] The buggy address belongs to the object at fff00000c4600e00
[   15.398370]  which belongs to the cache kmalloc-256 of size 256
[   15.398433] The buggy address is located 7 bytes to the right of
[   15.398433]  allocated 201-byte region [fff00000c4600e00, fff00000c4600ec9)
[   15.398651] 
[   15.398797] The buggy address belongs to the physical page:
[   15.399070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104600
[   15.399127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.399229] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.399537] page_type: f5(slab)
[   15.399698] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.400053] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.400363] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.400444] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.400909] head: 0bfffe0000000001 ffffc1ffc3118001 00000000ffffffff 00000000ffffffff
[   15.400987] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.401355] page dumped because: kasan: bad access detected
[   15.401441] 
[   15.401459] Memory state around the buggy address:
[   15.401733]  fff00000c4600d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.402011]  fff00000c4600e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.402162] >fff00000c4600e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.402203]                                                  ^
[   15.402238]  fff00000c4600f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.402440]  fff00000c4600f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.402686] ==================================================================
[   15.479030] ==================================================================
[   15.479083] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.479128] Write of size 1 at addr fff00000c786e0da by task kunit_try_catch/165
[   15.479478] 
[   15.479545] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.479729] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.479802] Hardware name: linux,dummy-virt (DT)
[   15.479835] Call trace:
[   15.479861]  show_stack+0x20/0x38 (C)
[   15.479909]  dump_stack_lvl+0x8c/0xd0
[   15.479966]  print_report+0x118/0x608
[   15.480009]  kasan_report+0xdc/0x128
[   15.480052]  __asan_report_store1_noabort+0x20/0x30
[   15.480100]  krealloc_less_oob_helper+0xa80/0xc50
[   15.480145]  krealloc_large_less_oob+0x20/0x38
[   15.480189]  kunit_try_run_case+0x170/0x3f0
[   15.480236]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.480296]  kthread+0x328/0x630
[   15.480340]  ret_from_fork+0x10/0x20
[   15.480394] 
[   15.480414] The buggy address belongs to the physical page:
[   15.480448] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c
[   15.480499] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.480546] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.480606] page_type: f8(unknown)
[   15.480648] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.480696] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.480748] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.480796] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.480843] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff
[   15.480889] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.480936] page dumped because: kasan: bad access detected
[   15.480984] 
[   15.481002] Memory state around the buggy address:
[   15.481146]  fff00000c786df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.481199]  fff00000c786e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.481854] >fff00000c786e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.481920]                                                     ^
[   15.482194]  fff00000c786e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.482255]  fff00000c786e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.482293] ==================================================================
[   15.413370] ==================================================================
[   15.413488] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.413741] Write of size 1 at addr fff00000c4600eea by task kunit_try_catch/161
[   15.413803] 
[   15.413900] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.414006] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.414032] Hardware name: linux,dummy-virt (DT)
[   15.414196] Call trace:
[   15.414375]  show_stack+0x20/0x38 (C)
[   15.414438]  dump_stack_lvl+0x8c/0xd0
[   15.414485]  print_report+0x118/0x608
[   15.415000]  kasan_report+0xdc/0x128
[   15.415482]  __asan_report_store1_noabort+0x20/0x30
[   15.415834]  krealloc_less_oob_helper+0xae4/0xc50
[   15.416012]  krealloc_less_oob+0x20/0x38
[   15.416059]  kunit_try_run_case+0x170/0x3f0
[   15.416443]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.416643]  kthread+0x328/0x630
[   15.416931]  ret_from_fork+0x10/0x20
[   15.417041] 
[   15.417060] Allocated by task 161:
[   15.417575]  kasan_save_stack+0x3c/0x68
[   15.417748]  kasan_save_track+0x20/0x40
[   15.417980]  kasan_save_alloc_info+0x40/0x58
[   15.418377]  __kasan_krealloc+0x118/0x178
[   15.418585]  krealloc_noprof+0x128/0x360
[   15.418865]  krealloc_less_oob_helper+0x168/0xc50
[   15.419085]  krealloc_less_oob+0x20/0x38
[   15.419128]  kunit_try_run_case+0x170/0x3f0
[   15.419166]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.419208]  kthread+0x328/0x630
[   15.419241]  ret_from_fork+0x10/0x20
[   15.419457] 
[   15.419731] The buggy address belongs to the object at fff00000c4600e00
[   15.419731]  which belongs to the cache kmalloc-256 of size 256
[   15.419893] The buggy address is located 33 bytes to the right of
[   15.419893]  allocated 201-byte region [fff00000c4600e00, fff00000c4600ec9)
[   15.420028] 
[   15.420183] The buggy address belongs to the physical page:
[   15.420215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104600
[   15.420513] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.420701] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.421101] page_type: f5(slab)
[   15.421213] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.421684] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.421768] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.422078] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.422142] head: 0bfffe0000000001 ffffc1ffc3118001 00000000ffffffff 00000000ffffffff
[   15.422189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.422227] page dumped because: kasan: bad access detected
[   15.422257] 
[   15.422275] Memory state around the buggy address:
[   15.422315]  fff00000c4600d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.422358]  fff00000c4600e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.422399] >fff00000c4600e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.422440]                                                           ^
[   15.422480]  fff00000c4600f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.422522]  fff00000c4600f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.422558] ==================================================================
[   15.490717] ==================================================================
[   15.490770] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.490981] Write of size 1 at addr fff00000c786e0eb by task kunit_try_catch/165
[   15.491169] 
[   15.491223] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.491353] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.491624] Hardware name: linux,dummy-virt (DT)
[   15.491672] Call trace:
[   15.491716]  show_stack+0x20/0x38 (C)
[   15.491928]  dump_stack_lvl+0x8c/0xd0
[   15.492272]  print_report+0x118/0x608
[   15.492360]  kasan_report+0xdc/0x128
[   15.492405]  __asan_report_store1_noabort+0x20/0x30
[   15.492456]  krealloc_less_oob_helper+0xa58/0xc50
[   15.492503]  krealloc_large_less_oob+0x20/0x38
[   15.492547]  kunit_try_run_case+0x170/0x3f0
[   15.492593]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.492647]  kthread+0x328/0x630
[   15.492694]  ret_from_fork+0x10/0x20
[   15.492739] 
[   15.492874] The buggy address belongs to the physical page:
[   15.492913] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c
[   15.492976] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.493022] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.493070] page_type: f8(unknown)
[   15.493107] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.493154] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.493201] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.493256] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.493303] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff
[   15.493349] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.493387] page dumped because: kasan: bad access detected
[   15.493416] 
[   15.493433] Memory state around the buggy address:
[   15.493462]  fff00000c786df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.493503]  fff00000c786e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.493542] >fff00000c786e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.493578]                                                           ^
[   15.493615]  fff00000c786e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.493655]  fff00000c786e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.493690] ==================================================================
[   15.404631] ==================================================================
[   15.404686] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.404926] Write of size 1 at addr fff00000c4600eda by task kunit_try_catch/161
[   15.404988] 
[   15.405018] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.405219] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.405493] Hardware name: linux,dummy-virt (DT)
[   15.405537] Call trace:
[   15.405797]  show_stack+0x20/0x38 (C)
[   15.406004]  dump_stack_lvl+0x8c/0xd0
[   15.406134]  print_report+0x118/0x608
[   15.406197]  kasan_report+0xdc/0x128
[   15.406270]  __asan_report_store1_noabort+0x20/0x30
[   15.406613]  krealloc_less_oob_helper+0xa80/0xc50
[   15.406794]  krealloc_less_oob+0x20/0x38
[   15.407060]  kunit_try_run_case+0x170/0x3f0
[   15.407150]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.407323]  kthread+0x328/0x630
[   15.407577]  ret_from_fork+0x10/0x20
[   15.407807] 
[   15.407912] Allocated by task 161:
[   15.408126]  kasan_save_stack+0x3c/0x68
[   15.408312]  kasan_save_track+0x20/0x40
[   15.408379]  kasan_save_alloc_info+0x40/0x58
[   15.408772]  __kasan_krealloc+0x118/0x178
[   15.408854]  krealloc_noprof+0x128/0x360
[   15.409042]  krealloc_less_oob_helper+0x168/0xc50
[   15.409083]  krealloc_less_oob+0x20/0x38
[   15.409188]  kunit_try_run_case+0x170/0x3f0
[   15.409228]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.409280]  kthread+0x328/0x630
[   15.409315]  ret_from_fork+0x10/0x20
[   15.409359] 
[   15.409392] The buggy address belongs to the object at fff00000c4600e00
[   15.409392]  which belongs to the cache kmalloc-256 of size 256
[   15.409449] The buggy address is located 17 bytes to the right of
[   15.409449]  allocated 201-byte region [fff00000c4600e00, fff00000c4600ec9)
[   15.409510] 
[   15.409529] The buggy address belongs to the physical page:
[   15.409561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104600
[   15.409632] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.409684] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.409734] page_type: f5(slab)
[   15.409777] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.409834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.409881] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.409935] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.410002] head: 0bfffe0000000001 ffffc1ffc3118001 00000000ffffffff 00000000ffffffff
[   15.410057] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.410109] page dumped because: kasan: bad access detected
[   15.410423] 
[   15.410465] Memory state around the buggy address:
[   15.410703]  fff00000c4600d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.410766]  fff00000c4600e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.410807] >fff00000c4600e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.411162]                                                     ^
[   15.411282]  fff00000c4600f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.411553]  fff00000c4600f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.411911] ==================================================================
[   15.483500] ==================================================================
[   15.483552] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.483834] Write of size 1 at addr fff00000c786e0ea by task kunit_try_catch/165
[   15.483909] 
[   15.483940] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.484400] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.484443] Hardware name: linux,dummy-virt (DT)
[   15.484672] Call trace:
[   15.484720]  show_stack+0x20/0x38 (C)
[   15.484889]  dump_stack_lvl+0x8c/0xd0
[   15.484941]  print_report+0x118/0x608
[   15.485059]  kasan_report+0xdc/0x128
[   15.485104]  __asan_report_store1_noabort+0x20/0x30
[   15.485191]  krealloc_less_oob_helper+0xae4/0xc50
[   15.485329]  krealloc_large_less_oob+0x20/0x38
[   15.485394]  kunit_try_run_case+0x170/0x3f0
[   15.485650]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.485722]  kthread+0x328/0x630
[   15.485804]  ret_from_fork+0x10/0x20
[   15.485919] 
[   15.486162] The buggy address belongs to the physical page:
[   15.486233] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10786c
[   15.486319] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.486413] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.486593] page_type: f8(unknown)
[   15.487050] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.487282] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.487506] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.487614] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.488032] head: 0bfffe0000000002 ffffc1ffc31e1b01 00000000ffffffff 00000000ffffffff
[   15.488130] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.488337] page dumped because: kasan: bad access detected
[   15.488384] 
[   15.488412] Memory state around the buggy address:
[   15.488625]  fff00000c786df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.488757]  fff00000c786e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.488880] >fff00000c786e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.489377]                                                           ^
[   15.489470]  fff00000c786e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.489569]  fff00000c786e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.489679] ==================================================================
[   15.384584] ==================================================================
[   15.384644] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.384905] Write of size 1 at addr fff00000c4600ec9 by task kunit_try_catch/161
[   15.385203] 
[   15.385258] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.385423] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.385500] Hardware name: linux,dummy-virt (DT)
[   15.385532] Call trace:
[   15.385553]  show_stack+0x20/0x38 (C)
[   15.385782]  dump_stack_lvl+0x8c/0xd0
[   15.386101]  print_report+0x118/0x608
[   15.386192]  kasan_report+0xdc/0x128
[   15.386402]  __asan_report_store1_noabort+0x20/0x30
[   15.386645]  krealloc_less_oob_helper+0xa48/0xc50
[   15.386895]  krealloc_less_oob+0x20/0x38
[   15.387124]  kunit_try_run_case+0x170/0x3f0
[   15.387255]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.387310]  kthread+0x328/0x630
[   15.387355]  ret_from_fork+0x10/0x20
[   15.387403] 
[   15.387421] Allocated by task 161:
[   15.387450]  kasan_save_stack+0x3c/0x68
[   15.387505]  kasan_save_track+0x20/0x40
[   15.387549]  kasan_save_alloc_info+0x40/0x58
[   15.387592]  __kasan_krealloc+0x118/0x178
[   15.387643]  krealloc_noprof+0x128/0x360
[   15.387680]  krealloc_less_oob_helper+0x168/0xc50
[   15.387716]  krealloc_less_oob+0x20/0x38
[   15.387749]  kunit_try_run_case+0x170/0x3f0
[   15.387797]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.387840]  kthread+0x328/0x630
[   15.387874]  ret_from_fork+0x10/0x20
[   15.387918] 
[   15.387937] The buggy address belongs to the object at fff00000c4600e00
[   15.387937]  which belongs to the cache kmalloc-256 of size 256
[   15.388002] The buggy address is located 0 bytes to the right of
[   15.388002]  allocated 201-byte region [fff00000c4600e00, fff00000c4600ec9)
[   15.388072] 
[   15.388092] The buggy address belongs to the physical page:
[   15.388124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104600
[   15.388185] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.388242] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.388295] page_type: f5(slab)
[   15.388332] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.388391] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.388454] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.388506] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.388563] head: 0bfffe0000000001 ffffc1ffc3118001 00000000ffffffff 00000000ffffffff
[   15.388609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.388666] page dumped because: kasan: bad access detected
[   15.388708] 
[   15.388726] Memory state around the buggy address:
[   15.388766]  fff00000c4600d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.388814]  fff00000c4600e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.388854] >fff00000c4600e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.388890]                                               ^
[   15.388934]  fff00000c4600f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.389239]  fff00000c4600f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.389289] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzF16Z6vC8SBU5IjlfCa7naD2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzF16Z6vC8SBU5IjlfCa7naD2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/Image.gz
sha256sum	d34d37a275cf1c4a311c4e7f05818074baab15ba48579f286d9d01d393ed7e9c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzBla3NpehcZh74FSmgRW49Gp/modules.tar.xz
sha256sum	9c89e8adf491cb2a422508baae089982fd64fb3878557b807536b4a091a3a0ca

durations

tests

boot	0
kunit	203.05

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.013102] ==================================================================
[   11.013700] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.014082] Write of size 1 at addr ffff8881039120c9 by task kunit_try_catch/181
[   11.014446] 
[   11.014645] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   11.014689] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.014713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.014734] Call Trace:
[   11.014746]  <TASK>
[   11.014760]  dump_stack_lvl+0x73/0xb0
[   11.014784]  print_report+0xd1/0x650
[   11.014806]  ? __virt_addr_valid+0x1db/0x2d0
[   11.014826]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.014846]  ? kasan_addr_to_slab+0x11/0xa0
[   11.014866]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.014896]  kasan_report+0x141/0x180
[   11.014919]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.014944]  __asan_report_store1_noabort+0x1b/0x30
[   11.014976]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.014999]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.015019]  ? finish_task_switch.isra.0+0x153/0x700
[   11.015042]  ? __switch_to+0x5d9/0xf60
[   11.015062]  ? dequeue_task_fair+0x166/0x4e0
[   11.015084]  ? __schedule+0x10cc/0x2b60
[   11.015106]  ? __pfx_read_tsc+0x10/0x10
[   11.015129]  krealloc_large_less_oob+0x1c/0x30
[   11.015148]  kunit_try_run_case+0x1a5/0x480
[   11.015179]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.015201]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.015224]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.015262]  ? __kthread_parkme+0x82/0x180
[   11.015297]  ? preempt_count_sub+0x50/0x80
[   11.015321]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.015345]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.015367]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.015435]  kthread+0x337/0x6f0
[   11.015465]  ? trace_preempt_on+0x20/0xc0
[   11.015489]  ? __pfx_kthread+0x10/0x10
[   11.015506]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.015528]  ? calculate_sigpending+0x7b/0xa0
[   11.015549]  ? __pfx_kthread+0x10/0x10
[   11.015567]  ret_from_fork+0x41/0x80
[   11.015587]  ? __pfx_kthread+0x10/0x10
[   11.015605]  ret_from_fork_asm+0x1a/0x30
[   11.015635]  </TASK>
[   11.015645] 
[   11.024700] The buggy address belongs to the physical page:
[   11.024977] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103910
[   11.025307] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.025863] flags: 0x200000000000040(head|node=0|zone=2)
[   11.026105] page_type: f8(unknown)
[   11.026432] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.026795] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.027126] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.027554] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.027964] head: 0200000000000002 ffffea00040e4401 00000000ffffffff 00000000ffffffff
[   11.028321] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.028926] page dumped because: kasan: bad access detected
[   11.029105] 
[   11.029176] Memory state around the buggy address:
[   11.029510]  ffff888103911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.029957]  ffff888103912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.030174] >ffff888103912080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.030618]                                               ^
[   11.031016]  ffff888103912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.031334]  ffff888103912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.031686] ==================================================================
[   10.861020] ==================================================================
[   10.861691] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.862181] Write of size 1 at addr ffff888100a2bac9 by task kunit_try_catch/177
[   10.862642] 
[   10.862786] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.862832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.862844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.862877] Call Trace:
[   10.862889]  <TASK>
[   10.862905]  dump_stack_lvl+0x73/0xb0
[   10.862932]  print_report+0xd1/0x650
[   10.862955]  ? __virt_addr_valid+0x1db/0x2d0
[   10.862987]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.863007]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.863030]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.863061]  kasan_report+0x141/0x180
[   10.863083]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.863109]  __asan_report_store1_noabort+0x1b/0x30
[   10.863130]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.863152]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.863172]  ? __schedule+0x207f/0x2b60
[   10.863194]  ? schedule+0x7c/0x2e0
[   10.863214]  ? trace_hardirqs_on+0x37/0xe0
[   10.863248]  ? __schedule+0x207f/0x2b60
[   10.863270]  ? __pfx_read_tsc+0x10/0x10
[   10.863332]  krealloc_less_oob+0x1c/0x30
[   10.863352]  kunit_try_run_case+0x1a5/0x480
[   10.863377]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.863399]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.863422]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.863445]  ? __kthread_parkme+0x82/0x180
[   10.863467]  ? preempt_count_sub+0x50/0x80
[   10.863493]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.863516]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.863538]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.863561]  kthread+0x337/0x6f0
[   10.863578]  ? trace_preempt_on+0x20/0xc0
[   10.863600]  ? __pfx_kthread+0x10/0x10
[   10.863617]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.863639]  ? calculate_sigpending+0x7b/0xa0
[   10.863660]  ? __pfx_kthread+0x10/0x10
[   10.863678]  ret_from_fork+0x41/0x80
[   10.863699]  ? __pfx_kthread+0x10/0x10
[   10.863716]  ret_from_fork_asm+0x1a/0x30
[   10.863747]  </TASK>
[   10.863757] 
[   10.872583] Allocated by task 177:
[   10.872882]  kasan_save_stack+0x45/0x70
[   10.873169]  kasan_save_track+0x18/0x40
[   10.873334]  kasan_save_alloc_info+0x3b/0x50
[   10.873619]  __kasan_krealloc+0x190/0x1f0
[   10.873854]  krealloc_noprof+0xf3/0x340
[   10.874082]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.874306]  krealloc_less_oob+0x1c/0x30
[   10.874509]  kunit_try_run_case+0x1a5/0x480
[   10.874769]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.875008]  kthread+0x337/0x6f0
[   10.875179]  ret_from_fork+0x41/0x80
[   10.875401]  ret_from_fork_asm+0x1a/0x30
[   10.875624] 
[   10.875750] The buggy address belongs to the object at ffff888100a2ba00
[   10.875750]  which belongs to the cache kmalloc-256 of size 256
[   10.876278] The buggy address is located 0 bytes to the right of
[   10.876278]  allocated 201-byte region [ffff888100a2ba00, ffff888100a2bac9)
[   10.877105] 
[   10.877216] The buggy address belongs to the physical page:
[   10.877563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   10.878049] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.878305] flags: 0x200000000000040(head|node=0|zone=2)
[   10.878532] page_type: f5(slab)
[   10.878742] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.879113] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.879388] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.879618] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.880210] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   10.880564] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.880956] page dumped because: kasan: bad access detected
[   10.881233] 
[   10.881435] Memory state around the buggy address:
[   10.881642]  ffff888100a2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.881950]  ffff888100a2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.882274] >ffff888100a2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.882596]                                               ^
[   10.882984]  ffff888100a2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.883247]  ffff888100a2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.883686] ==================================================================
[   10.928619] ==================================================================
[   10.928912] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.929136] Write of size 1 at addr ffff888100a2baea by task kunit_try_catch/177
[   10.929815] 
[   10.929949] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.929992] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.930004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.930024] Call Trace:
[   10.930039]  <TASK>
[   10.930053]  dump_stack_lvl+0x73/0xb0
[   10.930076]  print_report+0xd1/0x650
[   10.930098]  ? __virt_addr_valid+0x1db/0x2d0
[   10.930118]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.930138]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.930160]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.930180]  kasan_report+0x141/0x180
[   10.930203]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.930230]  __asan_report_store1_noabort+0x1b/0x30
[   10.930273]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.930295]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.930316]  ? __schedule+0x207f/0x2b60
[   10.930336]  ? schedule+0x7c/0x2e0
[   10.930367]  ? trace_hardirqs_on+0x37/0xe0
[   10.930389]  ? __schedule+0x207f/0x2b60
[   10.930411]  ? __pfx_read_tsc+0x10/0x10
[   10.930434]  krealloc_less_oob+0x1c/0x30
[   10.930460]  kunit_try_run_case+0x1a5/0x480
[   10.930484]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.930505]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.930539]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.930562]  ? __kthread_parkme+0x82/0x180
[   10.930583]  ? preempt_count_sub+0x50/0x80
[   10.930606]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.930638]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.930660]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.930683]  kthread+0x337/0x6f0
[   10.930710]  ? trace_preempt_on+0x20/0xc0
[   10.930732]  ? __pfx_kthread+0x10/0x10
[   10.930750]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.930771]  ? calculate_sigpending+0x7b/0xa0
[   10.930792]  ? __pfx_kthread+0x10/0x10
[   10.930810]  ret_from_fork+0x41/0x80
[   10.930830]  ? __pfx_kthread+0x10/0x10
[   10.930848]  ret_from_fork_asm+0x1a/0x30
[   10.930878]  </TASK>
[   10.930888] 
[   10.938366] Allocated by task 177:
[   10.938551]  kasan_save_stack+0x45/0x70
[   10.938774]  kasan_save_track+0x18/0x40
[   10.939054]  kasan_save_alloc_info+0x3b/0x50
[   10.939297]  __kasan_krealloc+0x190/0x1f0
[   10.939540]  krealloc_noprof+0xf3/0x340
[   10.939831]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.940041]  krealloc_less_oob+0x1c/0x30
[   10.940183]  kunit_try_run_case+0x1a5/0x480
[   10.940413]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.940697]  kthread+0x337/0x6f0
[   10.940867]  ret_from_fork+0x41/0x80
[   10.941056]  ret_from_fork_asm+0x1a/0x30
[   10.941267] 
[   10.941349] The buggy address belongs to the object at ffff888100a2ba00
[   10.941349]  which belongs to the cache kmalloc-256 of size 256
[   10.941830] The buggy address is located 33 bytes to the right of
[   10.941830]  allocated 201-byte region [ffff888100a2ba00, ffff888100a2bac9)
[   10.942427] 
[   10.942526] The buggy address belongs to the physical page:
[   10.942808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   10.943157] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.943506] flags: 0x200000000000040(head|node=0|zone=2)
[   10.943837] page_type: f5(slab)
[   10.943973] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.944206] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.944588] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.944953] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.945187] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   10.945583] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.946014] page dumped because: kasan: bad access detected
[   10.946289] 
[   10.946413] Memory state around the buggy address:
[   10.946570]  ffff888100a2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.947041]  ffff888100a2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.947365] >ffff888100a2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.947650]                                                           ^
[   10.947984]  ffff888100a2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.948300]  ffff888100a2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.948602] ==================================================================
[   10.907684] ==================================================================
[   10.907968] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.908600] Write of size 1 at addr ffff888100a2bada by task kunit_try_catch/177
[   10.909022] 
[   10.909162] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.909205] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.909216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.909247] Call Trace:
[   10.909258]  <TASK>
[   10.909271]  dump_stack_lvl+0x73/0xb0
[   10.909306]  print_report+0xd1/0x650
[   10.909327]  ? __virt_addr_valid+0x1db/0x2d0
[   10.909348]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.909379]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.909401]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.909421]  kasan_report+0x141/0x180
[   10.909444]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.909477]  __asan_report_store1_noabort+0x1b/0x30
[   10.909498]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.909521]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.909552]  ? __schedule+0x207f/0x2b60
[   10.909577]  ? schedule+0x7c/0x2e0
[   10.909597]  ? trace_hardirqs_on+0x37/0xe0
[   10.909620]  ? __schedule+0x207f/0x2b60
[   10.909650]  ? __pfx_read_tsc+0x10/0x10
[   10.909674]  krealloc_less_oob+0x1c/0x30
[   10.909692]  kunit_try_run_case+0x1a5/0x480
[   10.909735]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.909757]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.909780]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.909804]  ? __kthread_parkme+0x82/0x180
[   10.909825]  ? preempt_count_sub+0x50/0x80
[   10.909849]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.909872]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.909894]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.909917]  kthread+0x337/0x6f0
[   10.909934]  ? trace_preempt_on+0x20/0xc0
[   10.909955]  ? __pfx_kthread+0x10/0x10
[   10.909973]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.909994]  ? calculate_sigpending+0x7b/0xa0
[   10.910015]  ? __pfx_kthread+0x10/0x10
[   10.910033]  ret_from_fork+0x41/0x80
[   10.910053]  ? __pfx_kthread+0x10/0x10
[   10.910079]  ret_from_fork_asm+0x1a/0x30
[   10.910109]  </TASK>
[   10.910119] 
[   10.918199] Allocated by task 177:
[   10.918375]  kasan_save_stack+0x45/0x70
[   10.918567]  kasan_save_track+0x18/0x40
[   10.918784]  kasan_save_alloc_info+0x3b/0x50
[   10.918932]  __kasan_krealloc+0x190/0x1f0
[   10.919077]  krealloc_noprof+0xf3/0x340
[   10.919230]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.919491]  krealloc_less_oob+0x1c/0x30
[   10.919684]  kunit_try_run_case+0x1a5/0x480
[   10.919891]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.920147]  kthread+0x337/0x6f0
[   10.920340]  ret_from_fork+0x41/0x80
[   10.920471]  ret_from_fork_asm+0x1a/0x30
[   10.920671] 
[   10.920768] The buggy address belongs to the object at ffff888100a2ba00
[   10.920768]  which belongs to the cache kmalloc-256 of size 256
[   10.921301] The buggy address is located 17 bytes to the right of
[   10.921301]  allocated 201-byte region [ffff888100a2ba00, ffff888100a2bac9)
[   10.921875] 
[   10.921946] The buggy address belongs to the physical page:
[   10.922118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   10.922369] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.922699] flags: 0x200000000000040(head|node=0|zone=2)
[   10.922951] page_type: f5(slab)
[   10.923125] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.923673] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.923951] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.924182] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.924521] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   10.924909] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.925352] page dumped because: kasan: bad access detected
[   10.925625] 
[   10.925784] Memory state around the buggy address:
[   10.926030]  ffff888100a2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.926269]  ffff888100a2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.926484] >ffff888100a2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.926845]                                                     ^
[   10.927121]  ffff888100a2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.927481]  ffff888100a2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.928008] ==================================================================
[   10.949090] ==================================================================
[   10.949514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.949987] Write of size 1 at addr ffff888100a2baeb by task kunit_try_catch/177
[   10.950421] 
[   10.950522] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.950564] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.950575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.950594] Call Trace:
[   10.950609]  <TASK>
[   10.950624]  dump_stack_lvl+0x73/0xb0
[   10.950647]  print_report+0xd1/0x650
[   10.950669]  ? __virt_addr_valid+0x1db/0x2d0
[   10.950690]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.950710]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.950732]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.950753]  kasan_report+0x141/0x180
[   10.950776]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.950801]  __asan_report_store1_noabort+0x1b/0x30
[   10.950822]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.950858]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.950879]  ? __schedule+0x207f/0x2b60
[   10.950900]  ? schedule+0x7c/0x2e0
[   10.950932]  ? trace_hardirqs_on+0x37/0xe0
[   10.950955]  ? __schedule+0x207f/0x2b60
[   10.950977]  ? __pfx_read_tsc+0x10/0x10
[   10.951000]  krealloc_less_oob+0x1c/0x30
[   10.951018]  kunit_try_run_case+0x1a5/0x480
[   10.951041]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.951063]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.951087]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.951111]  ? __kthread_parkme+0x82/0x180
[   10.951131]  ? preempt_count_sub+0x50/0x80
[   10.951156]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.951181]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.951205]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.951230]  kthread+0x337/0x6f0
[   10.951257]  ? trace_preempt_on+0x20/0xc0
[   10.951279]  ? __pfx_kthread+0x10/0x10
[   10.951297]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.951319]  ? calculate_sigpending+0x7b/0xa0
[   10.951340]  ? __pfx_kthread+0x10/0x10
[   10.951359]  ret_from_fork+0x41/0x80
[   10.951379]  ? __pfx_kthread+0x10/0x10
[   10.951397]  ret_from_fork_asm+0x1a/0x30
[   10.951426]  </TASK>
[   10.951436] 
[   10.958953] Allocated by task 177:
[   10.959200]  kasan_save_stack+0x45/0x70
[   10.959422]  kasan_save_track+0x18/0x40
[   10.959618]  kasan_save_alloc_info+0x3b/0x50
[   10.959926]  __kasan_krealloc+0x190/0x1f0
[   10.960067]  krealloc_noprof+0xf3/0x340
[   10.960216]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.960474]  krealloc_less_oob+0x1c/0x30
[   10.960687]  kunit_try_run_case+0x1a5/0x480
[   10.960922]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.961178]  kthread+0x337/0x6f0
[   10.961335]  ret_from_fork+0x41/0x80
[   10.961536]  ret_from_fork_asm+0x1a/0x30
[   10.961755] 
[   10.961826] The buggy address belongs to the object at ffff888100a2ba00
[   10.961826]  which belongs to the cache kmalloc-256 of size 256
[   10.962281] The buggy address is located 34 bytes to the right of
[   10.962281]  allocated 201-byte region [ffff888100a2ba00, ffff888100a2bac9)
[   10.962791] 
[   10.962865] The buggy address belongs to the physical page:
[   10.963102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   10.963473] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.963930] flags: 0x200000000000040(head|node=0|zone=2)
[   10.964195] page_type: f5(slab)
[   10.964331] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.964686] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.965006] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.965343] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.965681] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   10.965984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.966211] page dumped because: kasan: bad access detected
[   10.966393] 
[   10.966462] Memory state around the buggy address:
[   10.966618]  ffff888100a2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.966918]  ffff888100a2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.967244] >ffff888100a2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.967558]                                                           ^
[   10.967857]  ffff888100a2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.968116]  ffff888100a2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.968337] ==================================================================
[   10.884746] ==================================================================
[   10.885100] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.885867] Write of size 1 at addr ffff888100a2bad0 by task kunit_try_catch/177
[   10.886293] 
[   10.886594] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.886645] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.886657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.886676] Call Trace:
[   10.886700]  <TASK>
[   10.886715]  dump_stack_lvl+0x73/0xb0
[   10.886741]  print_report+0xd1/0x650
[   10.886775]  ? __virt_addr_valid+0x1db/0x2d0
[   10.886796]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.886816]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.886838]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.886859]  kasan_report+0x141/0x180
[   10.886881]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.886906]  __asan_report_store1_noabort+0x1b/0x30
[   10.886927]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.886950]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.886970]  ? __schedule+0x207f/0x2b60
[   10.887000]  ? schedule+0x7c/0x2e0
[   10.887020]  ? trace_hardirqs_on+0x37/0xe0
[   10.887043]  ? __schedule+0x207f/0x2b60
[   10.887075]  ? __pfx_read_tsc+0x10/0x10
[   10.887098]  krealloc_less_oob+0x1c/0x30
[   10.887116]  kunit_try_run_case+0x1a5/0x480
[   10.887140]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.887171]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.887194]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.887218]  ? __kthread_parkme+0x82/0x180
[   10.887262]  ? preempt_count_sub+0x50/0x80
[   10.887287]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.887310]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.887333]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.887356]  kthread+0x337/0x6f0
[   10.887372]  ? trace_preempt_on+0x20/0xc0
[   10.887394]  ? __pfx_kthread+0x10/0x10
[   10.887412]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.887433]  ? calculate_sigpending+0x7b/0xa0
[   10.887455]  ? __pfx_kthread+0x10/0x10
[   10.887473]  ret_from_fork+0x41/0x80
[   10.887494]  ? __pfx_kthread+0x10/0x10
[   10.887512]  ret_from_fork_asm+0x1a/0x30
[   10.887541]  </TASK>
[   10.887551] 
[   10.895946] Allocated by task 177:
[   10.896101]  kasan_save_stack+0x45/0x70
[   10.896266]  kasan_save_track+0x18/0x40
[   10.896517]  kasan_save_alloc_info+0x3b/0x50
[   10.896819]  __kasan_krealloc+0x190/0x1f0
[   10.896990]  krealloc_noprof+0xf3/0x340
[   10.897183]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.897613]  krealloc_less_oob+0x1c/0x30
[   10.897905]  kunit_try_run_case+0x1a5/0x480
[   10.898091]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.898399]  kthread+0x337/0x6f0
[   10.898557]  ret_from_fork+0x41/0x80
[   10.898689]  ret_from_fork_asm+0x1a/0x30
[   10.898827] 
[   10.898898] The buggy address belongs to the object at ffff888100a2ba00
[   10.898898]  which belongs to the cache kmalloc-256 of size 256
[   10.899384] The buggy address is located 7 bytes to the right of
[   10.899384]  allocated 201-byte region [ffff888100a2ba00, ffff888100a2bac9)
[   10.900011] 
[   10.900108] The buggy address belongs to the physical page:
[   10.900413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   10.900670] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.901008] flags: 0x200000000000040(head|node=0|zone=2)
[   10.901376] page_type: f5(slab)
[   10.901617] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.901909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.902140] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.902585] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.903097] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   10.903337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.903561] page dumped because: kasan: bad access detected
[   10.903920] 
[   10.904021] Memory state around the buggy address:
[   10.904287]  ffff888100a2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.904638]  ffff888100a2ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.905166] >ffff888100a2ba80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.905779]                                                  ^
[   10.906044]  ffff888100a2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.906420]  ffff888100a2bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.906810] ==================================================================
[   11.032106] ==================================================================
[   11.032804] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.033185] Write of size 1 at addr ffff8881039120d0 by task kunit_try_catch/181
[   11.033530] 
[   11.033636] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   11.033676] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.033688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.033706] Call Trace:
[   11.033717]  <TASK>
[   11.033731]  dump_stack_lvl+0x73/0xb0
[   11.033755]  print_report+0xd1/0x650
[   11.033777]  ? __virt_addr_valid+0x1db/0x2d0
[   11.033797]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.033817]  ? kasan_addr_to_slab+0x11/0xa0
[   11.033838]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.033859]  kasan_report+0x141/0x180
[   11.033881]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.033907]  __asan_report_store1_noabort+0x1b/0x30
[   11.033928]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.033950]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.033971]  ? finish_task_switch.isra.0+0x153/0x700
[   11.033994]  ? __switch_to+0x5d9/0xf60
[   11.034014]  ? dequeue_task_fair+0x166/0x4e0
[   11.034037]  ? __schedule+0x10cc/0x2b60
[   11.034060]  ? __pfx_read_tsc+0x10/0x10
[   11.034082]  krealloc_large_less_oob+0x1c/0x30
[   11.034101]  kunit_try_run_case+0x1a5/0x480
[   11.034124]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.034146]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.034170]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.034193]  ? __kthread_parkme+0x82/0x180
[   11.034213]  ? preempt_count_sub+0x50/0x80
[   11.034257]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.034281]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.034304]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.034339]  kthread+0x337/0x6f0
[   11.034356]  ? trace_preempt_on+0x20/0xc0
[   11.034388]  ? __pfx_kthread+0x10/0x10
[   11.034405]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.034427]  ? calculate_sigpending+0x7b/0xa0
[   11.034458]  ? __pfx_kthread+0x10/0x10
[   11.034476]  ret_from_fork+0x41/0x80
[   11.034496]  ? __pfx_kthread+0x10/0x10
[   11.034514]  ret_from_fork_asm+0x1a/0x30
[   11.034544]  </TASK>
[   11.034553] 
[   11.042517] The buggy address belongs to the physical page:
[   11.042796] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103910
[   11.043147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.043488] flags: 0x200000000000040(head|node=0|zone=2)
[   11.043769] page_type: f8(unknown)
[   11.043949] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.044243] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.044475] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.044711] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.045041] head: 0200000000000002 ffffea00040e4401 00000000ffffffff 00000000ffffffff
[   11.045392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.045979] page dumped because: kasan: bad access detected
[   11.046266] 
[   11.046360] Memory state around the buggy address:
[   11.046573]  ffff888103911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.046927]  ffff888103912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.047230] >ffff888103912080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.047456]                                                  ^
[   11.047636]  ffff888103912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.047920]  ffff888103912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.048277] ==================================================================
[   11.048951] ==================================================================
[   11.049821] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.050303] Write of size 1 at addr ffff8881039120da by task kunit_try_catch/181
[   11.050625] 
[   11.050845] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   11.050889] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.050900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.050920] Call Trace:
[   11.050935]  <TASK>
[   11.050949]  dump_stack_lvl+0x73/0xb0
[   11.050972]  print_report+0xd1/0x650
[   11.051007]  ? __virt_addr_valid+0x1db/0x2d0
[   11.051028]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.051048]  ? kasan_addr_to_slab+0x11/0xa0
[   11.051081]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.051101]  kasan_report+0x141/0x180
[   11.051124]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.051149]  __asan_report_store1_noabort+0x1b/0x30
[   11.051170]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.051193]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.051213]  ? finish_task_switch.isra.0+0x153/0x700
[   11.051245]  ? __switch_to+0x5d9/0xf60
[   11.051265]  ? dequeue_task_fair+0x166/0x4e0
[   11.051289]  ? __schedule+0x10cc/0x2b60
[   11.051311]  ? __pfx_read_tsc+0x10/0x10
[   11.051333]  krealloc_large_less_oob+0x1c/0x30
[   11.051352]  kunit_try_run_case+0x1a5/0x480
[   11.051375]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.051397]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.051420]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.051443]  ? __kthread_parkme+0x82/0x180
[   11.051464]  ? preempt_count_sub+0x50/0x80
[   11.051488]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.051511]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.051534]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.051557]  kthread+0x337/0x6f0
[   11.051573]  ? trace_preempt_on+0x20/0xc0
[   11.051606]  ? __pfx_kthread+0x10/0x10
[   11.051624]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.051645]  ? calculate_sigpending+0x7b/0xa0
[   11.051677]  ? __pfx_kthread+0x10/0x10
[   11.051695]  ret_from_fork+0x41/0x80
[   11.051715]  ? __pfx_kthread+0x10/0x10
[   11.051733]  ret_from_fork_asm+0x1a/0x30
[   11.051763]  </TASK>
[   11.051773] 
[   11.059428] The buggy address belongs to the physical page:
[   11.059695] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103910
[   11.059955] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.060315] flags: 0x200000000000040(head|node=0|zone=2)
[   11.060568] page_type: f8(unknown)
[   11.060738] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.060968] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.061198] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.061580] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.063866] head: 0200000000000002 ffffea00040e4401 00000000ffffffff 00000000ffffffff
[   11.064120] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.064361] page dumped because: kasan: bad access detected
[   11.064532] 
[   11.064603] Memory state around the buggy address:
[   11.064769]  ffff888103911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.064987]  ffff888103912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.065204] >ffff888103912080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.066930]                                                     ^
[   11.068026]  ffff888103912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.069181]  ffff888103912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.070342] ==================================================================
[   11.071264] ==================================================================
[   11.071786] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.072136] Write of size 1 at addr ffff8881039120ea by task kunit_try_catch/181
[   11.072672] 
[   11.072828] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   11.072872] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.072902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.072936] Call Trace:
[   11.072948]  <TASK>
[   11.072962]  dump_stack_lvl+0x73/0xb0
[   11.072987]  print_report+0xd1/0x650
[   11.073008]  ? __virt_addr_valid+0x1db/0x2d0
[   11.073030]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.073050]  ? kasan_addr_to_slab+0x11/0xa0
[   11.073070]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.073090]  kasan_report+0x141/0x180
[   11.073112]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.073137]  __asan_report_store1_noabort+0x1b/0x30
[   11.073157]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.073179]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.073199]  ? finish_task_switch.isra.0+0x153/0x700
[   11.073222]  ? __switch_to+0x5d9/0xf60
[   11.073253]  ? dequeue_task_fair+0x166/0x4e0
[   11.073276]  ? __schedule+0x10cc/0x2b60
[   11.073298]  ? __pfx_read_tsc+0x10/0x10
[   11.073321]  krealloc_large_less_oob+0x1c/0x30
[   11.073339]  kunit_try_run_case+0x1a5/0x480
[   11.073363]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.073385]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.073407]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.073430]  ? __kthread_parkme+0x82/0x180
[   11.073451]  ? preempt_count_sub+0x50/0x80
[   11.073475]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.073497]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.073520]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.073542]  kthread+0x337/0x6f0
[   11.073563]  ? trace_preempt_on+0x20/0xc0
[   11.073585]  ? __pfx_kthread+0x10/0x10
[   11.073603]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.073623]  ? calculate_sigpending+0x7b/0xa0
[   11.073644]  ? __pfx_kthread+0x10/0x10
[   11.073673]  ret_from_fork+0x41/0x80
[   11.073694]  ? __pfx_kthread+0x10/0x10
[   11.073711]  ret_from_fork_asm+0x1a/0x30
[   11.073740]  </TASK>
[   11.073750] 
[   11.082133] The buggy address belongs to the physical page:
[   11.082514] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103910
[   11.083680] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.083922] flags: 0x200000000000040(head|node=0|zone=2)
[   11.084104] page_type: f8(unknown)
[   11.084234] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.084592] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.084939] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.085361] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.085776] head: 0200000000000002 ffffea00040e4401 00000000ffffffff 00000000ffffffff
[   11.086422] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.086854] page dumped because: kasan: bad access detected
[   11.087033] 
[   11.087106] Memory state around the buggy address:
[   11.087298]  ffff888103911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.088024]  ffff888103912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.088696] >ffff888103912080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.089342]                                                           ^
[   11.089947]  ffff888103912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.090585]  ffff888103912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.091013] ==================================================================
[   11.092009] ==================================================================
[   11.092904] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.093799] Write of size 1 at addr ffff8881039120eb by task kunit_try_catch/181
[   11.094145] 
[   11.094250] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   11.094295] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.094307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.094329] Call Trace:
[   11.094347]  <TASK>
[   11.094366]  dump_stack_lvl+0x73/0xb0
[   11.094392]  print_report+0xd1/0x650
[   11.094415]  ? __virt_addr_valid+0x1db/0x2d0
[   11.094435]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.094455]  ? kasan_addr_to_slab+0x11/0xa0
[   11.094476]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.094496]  kasan_report+0x141/0x180
[   11.094518]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.094545]  __asan_report_store1_noabort+0x1b/0x30
[   11.094566]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.094588]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.094609]  ? finish_task_switch.isra.0+0x153/0x700
[   11.094632]  ? __switch_to+0x5d9/0xf60
[   11.094682]  ? dequeue_task_fair+0x166/0x4e0
[   11.094706]  ? __schedule+0x10cc/0x2b60
[   11.094728]  ? __pfx_read_tsc+0x10/0x10
[   11.094751]  krealloc_large_less_oob+0x1c/0x30
[   11.094780]  kunit_try_run_case+0x1a5/0x480
[   11.094805]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.094827]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.094862]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.094885]  ? __kthread_parkme+0x82/0x180
[   11.094907]  ? preempt_count_sub+0x50/0x80
[   11.094939]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.094963]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.094985]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.095018]  kthread+0x337/0x6f0
[   11.095034]  ? trace_preempt_on+0x20/0xc0
[   11.095057]  ? __pfx_kthread+0x10/0x10
[   11.095075]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.095096]  ? calculate_sigpending+0x7b/0xa0
[   11.095117]  ? __pfx_kthread+0x10/0x10
[   11.095135]  ret_from_fork+0x41/0x80
[   11.095155]  ? __pfx_kthread+0x10/0x10
[   11.095173]  ret_from_fork_asm+0x1a/0x30
[   11.095203]  </TASK>
[   11.095212] 
[   11.108377] The buggy address belongs to the physical page:
[   11.108584] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103910
[   11.109315] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.109844] flags: 0x200000000000040(head|node=0|zone=2)
[   11.110023] page_type: f8(unknown)
[   11.110151] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.110729] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.111410] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.112083] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.112754] head: 0200000000000002 ffffea00040e4401 00000000ffffffff 00000000ffffffff
[   11.112985] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.113212] page dumped because: kasan: bad access detected
[   11.113747] 
[   11.113905] Memory state around the buggy address:
[   11.114358]  ffff888103911f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.114990]  ffff888103912000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.115606] >ffff888103912080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.116066]                                                           ^
[   11.116279]  ffff888103912100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.116495]  ffff888103912180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.116859] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zMzAavAUYId8lMegBc4Ix8oXJl

job_id

TEST:linaro@lkft#2zMzGKQRfnDRM24c8Stupaj3rNM

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zMzGKQRfnDRM24c8Stupaj3rNM

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/bzImage
sha256sum	131f25972ccf6d3dc07ed6136378c45c710f56a35a63be51ac66f3e0e6b9356d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zMzClOGh4ggI5aPwS9KctYtNXI/modules.tar.xz
sha256sum	cdc15104f6ae1897761e61b0f8dc24b998aab0a2fc2653c5aa0cdafc3e2c29fc

durations

tests

boot	0
kunit	225.03

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit