lkft/linux-stable-rc-linux-6.15.y - v6.15.5-179-gb283c37b8f14 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 8, 2025, 4:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.752830] ==================================================================
[   17.753015] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.753090] Write of size 1 at addr fff00000c4480ceb by task kunit_try_catch/160
[   17.753157] 
[   17.753205] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.753282] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.753357] Hardware name: linux,dummy-virt (DT)
[   17.753433] Call trace:
[   17.753462]  show_stack+0x20/0x38 (C)
[   17.753526]  dump_stack_lvl+0x8c/0xd0
[   17.753573]  print_report+0x118/0x608
[   17.753617]  kasan_report+0xdc/0x128
[   17.753660]  __asan_report_store1_noabort+0x20/0x30
[   17.753709]  krealloc_less_oob_helper+0xa58/0xc50
[   17.753754]  krealloc_less_oob+0x20/0x38
[   17.754394]  kunit_try_run_case+0x170/0x3f0
[   17.754457]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.754527]  kthread+0x328/0x630
[   17.754599]  ret_from_fork+0x10/0x20
[   17.754666] 
[   17.754685] Allocated by task 160:
[   17.754711]  kasan_save_stack+0x3c/0x68
[   17.754749]  kasan_save_track+0x20/0x40
[   17.754783]  kasan_save_alloc_info+0x40/0x58
[   17.754855]  __kasan_krealloc+0x118/0x178
[   17.754890]  krealloc_noprof+0x128/0x360
[   17.754924]  krealloc_less_oob_helper+0x168/0xc50
[   17.754962]  krealloc_less_oob+0x20/0x38
[   17.755076]  kunit_try_run_case+0x170/0x3f0
[   17.755121]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.755203]  kthread+0x328/0x630
[   17.755240]  ret_from_fork+0x10/0x20
[   17.755274] 
[   17.755293] The buggy address belongs to the object at fff00000c4480c00
[   17.755293]  which belongs to the cache kmalloc-256 of size 256
[   17.755427] The buggy address is located 34 bytes to the right of
[   17.755427]  allocated 201-byte region [fff00000c4480c00, fff00000c4480cc9)
[   17.755570] 
[   17.755630] The buggy address belongs to the physical page:
[   17.755678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480
[   17.755747] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.755792] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.755858] page_type: f5(slab)
[   17.755974] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.756024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.756071] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.756194] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.756355] head: 0bfffe0000000001 ffffc1ffc3112001 00000000ffffffff 00000000ffffffff
[   17.756433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.756530] page dumped because: kasan: bad access detected
[   17.756605] 
[   17.756676] Memory state around the buggy address:
[   17.756718]  fff00000c4480b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.756759]  fff00000c4480c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.756815] >fff00000c4480c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.756851]                                                           ^
[   17.756889]  fff00000c4480d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.756928]  fff00000c4480d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.756965] ==================================================================
[   17.789767] ==================================================================
[   17.789935] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.790184] Write of size 1 at addr fff00000c784a0da by task kunit_try_catch/164
[   17.790531] 
[   17.790622] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.790701] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.790727] Hardware name: linux,dummy-virt (DT)
[   17.790766] Call trace:
[   17.790875]  show_stack+0x20/0x38 (C)
[   17.790930]  dump_stack_lvl+0x8c/0xd0
[   17.791000]  print_report+0x118/0x608
[   17.791130]  kasan_report+0xdc/0x128
[   17.791173]  __asan_report_store1_noabort+0x20/0x30
[   17.791221]  krealloc_less_oob_helper+0xa80/0xc50
[   17.791267]  krealloc_large_less_oob+0x20/0x38
[   17.791311]  kunit_try_run_case+0x170/0x3f0
[   17.791368]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.791420]  kthread+0x328/0x630
[   17.791464]  ret_from_fork+0x10/0x20
[   17.791510] 
[   17.791659] The buggy address belongs to the physical page:
[   17.791697] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.792085] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.792305] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.792366] page_type: f8(unknown)
[   17.792404] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.792452] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.792499] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.792973] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.793045] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.793135] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.793174] page dumped because: kasan: bad access detected
[   17.793204] 
[   17.793222] Memory state around the buggy address:
[   17.793531]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.793623]  fff00000c784a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.793786] >fff00000c784a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.793847]                                                     ^
[   17.793896]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.794017]  fff00000c784a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.794053] ==================================================================
[   17.736086] ==================================================================
[   17.736146] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.736406] Write of size 1 at addr fff00000c4480cd0 by task kunit_try_catch/160
[   17.736541] 
[   17.736833] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.736981] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.737086] Hardware name: linux,dummy-virt (DT)
[   17.737148] Call trace:
[   17.737307]  show_stack+0x20/0x38 (C)
[   17.737538]  dump_stack_lvl+0x8c/0xd0
[   17.737701]  print_report+0x118/0x608
[   17.737799]  kasan_report+0xdc/0x128
[   17.737950]  __asan_report_store1_noabort+0x20/0x30
[   17.738071]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.738204]  krealloc_less_oob+0x20/0x38
[   17.738279]  kunit_try_run_case+0x170/0x3f0
[   17.738371]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.738682]  kthread+0x328/0x630
[   17.738760]  ret_from_fork+0x10/0x20
[   17.738931] 
[   17.739028] Allocated by task 160:
[   17.739131]  kasan_save_stack+0x3c/0x68
[   17.739221]  kasan_save_track+0x20/0x40
[   17.739275]  kasan_save_alloc_info+0x40/0x58
[   17.739621]  __kasan_krealloc+0x118/0x178
[   17.739691]  krealloc_noprof+0x128/0x360
[   17.739744]  krealloc_less_oob_helper+0x168/0xc50
[   17.739858]  krealloc_less_oob+0x20/0x38
[   17.739913]  kunit_try_run_case+0x170/0x3f0
[   17.739957]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.740008]  kthread+0x328/0x630
[   17.740045]  ret_from_fork+0x10/0x20
[   17.740126] 
[   17.740146] The buggy address belongs to the object at fff00000c4480c00
[   17.740146]  which belongs to the cache kmalloc-256 of size 256
[   17.740201] The buggy address is located 7 bytes to the right of
[   17.740201]  allocated 201-byte region [fff00000c4480c00, fff00000c4480cc9)
[   17.740418] 
[   17.740439] The buggy address belongs to the physical page:
[   17.740469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480
[   17.740551] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.740607] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.740658] page_type: f5(slab)
[   17.740715] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.740762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.740811] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.740857] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.740905] head: 0bfffe0000000001 ffffc1ffc3112001 00000000ffffffff 00000000ffffffff
[   17.740968] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.741006] page dumped because: kasan: bad access detected
[   17.741041] 
[   17.741059] Memory state around the buggy address:
[   17.741088]  fff00000c4480b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.741130]  fff00000c4480c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.741170] >fff00000c4480c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.741215]                                                  ^
[   17.741258]  fff00000c4480d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.741307]  fff00000c4480d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.741369] ==================================================================
[   17.777889] ==================================================================
[   17.778109] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.778328] Write of size 1 at addr fff00000c784a0c9 by task kunit_try_catch/164
[   17.778457] 
[   17.778486] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.778568] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.778699] Hardware name: linux,dummy-virt (DT)
[   17.778736] Call trace:
[   17.778847]  show_stack+0x20/0x38 (C)
[   17.778900]  dump_stack_lvl+0x8c/0xd0
[   17.778948]  print_report+0x118/0x608
[   17.778992]  kasan_report+0xdc/0x128
[   17.779041]  __asan_report_store1_noabort+0x20/0x30
[   17.779261]  krealloc_less_oob_helper+0xa48/0xc50
[   17.779372]  krealloc_large_less_oob+0x20/0x38
[   17.779417]  kunit_try_run_case+0x170/0x3f0
[   17.779798]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.780408]  kthread+0x328/0x630
[   17.780465]  ret_from_fork+0x10/0x20
[   17.780570] 
[   17.780597] The buggy address belongs to the physical page:
[   17.780672] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.780722] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.780767] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.780815] page_type: f8(unknown)
[   17.780877] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.780926] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.781268] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.781370] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.781451] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.781497] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.781683] page dumped because: kasan: bad access detected
[   17.781921] 
[   17.781941] Memory state around the buggy address:
[   17.781973]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.782015]  fff00000c784a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.782057] >fff00000c784a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.782104]                                               ^
[   17.782139]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.782479]  fff00000c784a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.782738] ==================================================================
[   17.749254] ==================================================================
[   17.749362] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.749427] Write of size 1 at addr fff00000c4480cea by task kunit_try_catch/160
[   17.749476] 
[   17.749504] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.749599] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.749625] Hardware name: linux,dummy-virt (DT)
[   17.749673] Call trace:
[   17.749699]  show_stack+0x20/0x38 (C)
[   17.749745]  dump_stack_lvl+0x8c/0xd0
[   17.749791]  print_report+0x118/0x608
[   17.749855]  kasan_report+0xdc/0x128
[   17.749899]  __asan_report_store1_noabort+0x20/0x30
[   17.749949]  krealloc_less_oob_helper+0xae4/0xc50
[   17.749996]  krealloc_less_oob+0x20/0x38
[   17.750039]  kunit_try_run_case+0x170/0x3f0
[   17.750087]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.750267]  kthread+0x328/0x630
[   17.750322]  ret_from_fork+0x10/0x20
[   17.750400] 
[   17.750419] Allocated by task 160:
[   17.750445]  kasan_save_stack+0x3c/0x68
[   17.750502]  kasan_save_track+0x20/0x40
[   17.750548]  kasan_save_alloc_info+0x40/0x58
[   17.750586]  __kasan_krealloc+0x118/0x178
[   17.750621]  krealloc_noprof+0x128/0x360
[   17.750656]  krealloc_less_oob_helper+0x168/0xc50
[   17.750721]  krealloc_less_oob+0x20/0x38
[   17.750755]  kunit_try_run_case+0x170/0x3f0
[   17.750793]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.750842]  kthread+0x328/0x630
[   17.750877]  ret_from_fork+0x10/0x20
[   17.750911] 
[   17.750931] The buggy address belongs to the object at fff00000c4480c00
[   17.750931]  which belongs to the cache kmalloc-256 of size 256
[   17.751007] The buggy address is located 33 bytes to the right of
[   17.751007]  allocated 201-byte region [fff00000c4480c00, fff00000c4480cc9)
[   17.751078] 
[   17.751171] The buggy address belongs to the physical page:
[   17.751221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480
[   17.751277] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.751331] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.751414] page_type: f5(slab)
[   17.751450] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.751507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.751572] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.751646] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.751695] head: 0bfffe0000000001 ffffc1ffc3112001 00000000ffffffff 00000000ffffffff
[   17.751765] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.751804] page dumped because: kasan: bad access detected
[   17.751833] 
[   17.751850] Memory state around the buggy address:
[   17.751879]  fff00000c4480b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.752014]  fff00000c4480c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.752061] >fff00000c4480c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.752098]                                                           ^
[   17.752155]  fff00000c4480d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.752218]  fff00000c4480d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.752303] ==================================================================
[   17.783805] ==================================================================
[   17.783850] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.784347] Write of size 1 at addr fff00000c784a0d0 by task kunit_try_catch/164
[   17.784424] 
[   17.784454] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.784815] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.784923] Hardware name: linux,dummy-virt (DT)
[   17.784960] Call trace:
[   17.785010]  show_stack+0x20/0x38 (C)
[   17.785060]  dump_stack_lvl+0x8c/0xd0
[   17.785254]  print_report+0x118/0x608
[   17.785305]  kasan_report+0xdc/0x128
[   17.785500]  __asan_report_store1_noabort+0x20/0x30
[   17.785644]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.785691]  krealloc_large_less_oob+0x20/0x38
[   17.785736]  kunit_try_run_case+0x170/0x3f0
[   17.785783]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.786093]  kthread+0x328/0x630
[   17.786553]  ret_from_fork+0x10/0x20
[   17.786611] 
[   17.786631] The buggy address belongs to the physical page:
[   17.786667] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.786866] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.787183] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.787237] page_type: f8(unknown)
[   17.787288] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.787360] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.787764] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.787816] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.787864] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.787911] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.787949] page dumped because: kasan: bad access detected
[   17.788241] 
[   17.788263] Memory state around the buggy address:
[   17.788294]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.788348]  fff00000c784a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.788388] >fff00000c784a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.788424]                                                  ^
[   17.788459]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.788499]  fff00000c784a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.788977] ==================================================================
[   17.743431] ==================================================================
[   17.744064] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.744127] Write of size 1 at addr fff00000c4480cda by task kunit_try_catch/160
[   17.744487] 
[   17.744526] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.744606] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.744657] Hardware name: linux,dummy-virt (DT)
[   17.744688] Call trace:
[   17.744710]  show_stack+0x20/0x38 (C)
[   17.744759]  dump_stack_lvl+0x8c/0xd0
[   17.744969]  print_report+0x118/0x608
[   17.745046]  kasan_report+0xdc/0x128
[   17.745168]  __asan_report_store1_noabort+0x20/0x30
[   17.745231]  krealloc_less_oob_helper+0xa80/0xc50
[   17.745277]  krealloc_less_oob+0x20/0x38
[   17.745320]  kunit_try_run_case+0x170/0x3f0
[   17.745403]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.745456]  kthread+0x328/0x630
[   17.745504]  ret_from_fork+0x10/0x20
[   17.745681] 
[   17.745768] Allocated by task 160:
[   17.745845]  kasan_save_stack+0x3c/0x68
[   17.745950]  kasan_save_track+0x20/0x40
[   17.745986]  kasan_save_alloc_info+0x40/0x58
[   17.746051]  __kasan_krealloc+0x118/0x178
[   17.746373]  krealloc_noprof+0x128/0x360
[   17.746452]  krealloc_less_oob_helper+0x168/0xc50
[   17.746567]  krealloc_less_oob+0x20/0x38
[   17.746637]  kunit_try_run_case+0x170/0x3f0
[   17.746686]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.746729]  kthread+0x328/0x630
[   17.746764]  ret_from_fork+0x10/0x20
[   17.746798] 
[   17.746818] The buggy address belongs to the object at fff00000c4480c00
[   17.746818]  which belongs to the cache kmalloc-256 of size 256
[   17.747025] The buggy address is located 17 bytes to the right of
[   17.747025]  allocated 201-byte region [fff00000c4480c00, fff00000c4480cc9)
[   17.747146] 
[   17.747184] The buggy address belongs to the physical page:
[   17.747248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480
[   17.747367] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.747425] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.747474] page_type: f5(slab)
[   17.747510] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.747583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.747792] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.747915] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.748011] head: 0bfffe0000000001 ffffc1ffc3112001 00000000ffffffff 00000000ffffffff
[   17.748094] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.748170] page dumped because: kasan: bad access detected
[   17.748201] 
[   17.748243] Memory state around the buggy address:
[   17.748297]  fff00000c4480b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.748352]  fff00000c4480c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.748495] >fff00000c4480c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.748563]                                                     ^
[   17.748680]  fff00000c4480d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.748768]  fff00000c4480d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.748866] ==================================================================
[   17.794283] ==================================================================
[   17.794323] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.794563] Write of size 1 at addr fff00000c784a0ea by task kunit_try_catch/164
[   17.794615] 
[   17.794642] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.794719] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.794744] Hardware name: linux,dummy-virt (DT)
[   17.794773] Call trace:
[   17.794842]  show_stack+0x20/0x38 (C)
[   17.795130]  dump_stack_lvl+0x8c/0xd0
[   17.795253]  print_report+0x118/0x608
[   17.795385]  kasan_report+0xdc/0x128
[   17.795429]  __asan_report_store1_noabort+0x20/0x30
[   17.795480]  krealloc_less_oob_helper+0xae4/0xc50
[   17.795813]  krealloc_large_less_oob+0x20/0x38
[   17.795901]  kunit_try_run_case+0x170/0x3f0
[   17.795955]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.796007]  kthread+0x328/0x630
[   17.796051]  ret_from_fork+0x10/0x20
[   17.796096] 
[   17.796125] The buggy address belongs to the physical page:
[   17.796259] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.796585] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.796637] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.796686] page_type: f8(unknown)
[   17.796882] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.796933] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.796981] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.797092] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.797140] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.797186] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.797225] page dumped because: kasan: bad access detected
[   17.797303] 
[   17.797327] Memory state around the buggy address:
[   17.797369]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.797410]  fff00000c784a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.797451] >fff00000c784a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.797486]                                                           ^
[   17.797523]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.797573]  fff00000c784a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.797609] ==================================================================
[   17.798562] ==================================================================
[   17.798607] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.798835] Write of size 1 at addr fff00000c784a0eb by task kunit_try_catch/164
[   17.798969] 
[   17.799115] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.799455] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.799484] Hardware name: linux,dummy-virt (DT)
[   17.799514] Call trace:
[   17.799540]  show_stack+0x20/0x38 (C)
[   17.799629]  dump_stack_lvl+0x8c/0xd0
[   17.799676]  print_report+0x118/0x608
[   17.799926]  kasan_report+0xdc/0x128
[   17.799972]  __asan_report_store1_noabort+0x20/0x30
[   17.800023]  krealloc_less_oob_helper+0xa58/0xc50
[   17.800070]  krealloc_large_less_oob+0x20/0x38
[   17.800115]  kunit_try_run_case+0x170/0x3f0
[   17.800163]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.800224]  kthread+0x328/0x630
[   17.800271]  ret_from_fork+0x10/0x20
[   17.800383] 
[   17.800410] The buggy address belongs to the physical page:
[   17.800690] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107848
[   17.800809] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.800856] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.800925] page_type: f8(unknown)
[   17.800969] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.801017] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.801306] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.801482] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.801563] head: 0bfffe0000000002 ffffc1ffc31e1201 00000000ffffffff 00000000ffffffff
[   17.801696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.801735] page dumped because: kasan: bad access detected
[   17.801765] 
[   17.801783] Memory state around the buggy address:
[   17.801812]  fff00000c7849f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.801854]  fff00000c784a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.801894] >fff00000c784a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.802083]                                                           ^
[   17.802192]  fff00000c784a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.802240]  fff00000c784a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.802276] ==================================================================
[   17.729819] ==================================================================
[   17.729873] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.729921] Write of size 1 at addr fff00000c4480cc9 by task kunit_try_catch/160
[   17.729969] 
[   17.729997] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.730074] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.730100] Hardware name: linux,dummy-virt (DT)
[   17.730129] Call trace:
[   17.730150]  show_stack+0x20/0x38 (C)
[   17.730196]  dump_stack_lvl+0x8c/0xd0
[   17.730244]  print_report+0x118/0x608
[   17.730290]  kasan_report+0xdc/0x128
[   17.730352]  __asan_report_store1_noabort+0x20/0x30
[   17.730402]  krealloc_less_oob_helper+0xa48/0xc50
[   17.730449]  krealloc_less_oob+0x20/0x38
[   17.730493]  kunit_try_run_case+0x170/0x3f0
[   17.730541]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.730593]  kthread+0x328/0x630
[   17.730639]  ret_from_fork+0x10/0x20
[   17.730685] 
[   17.730703] Allocated by task 160:
[   17.730729]  kasan_save_stack+0x3c/0x68
[   17.730766]  kasan_save_track+0x20/0x40
[   17.730801]  kasan_save_alloc_info+0x40/0x58
[   17.730843]  __kasan_krealloc+0x118/0x178
[   17.730878]  krealloc_noprof+0x128/0x360
[   17.730913]  krealloc_less_oob_helper+0x168/0xc50
[   17.730950]  krealloc_less_oob+0x20/0x38
[   17.733712]  kunit_try_run_case+0x170/0x3f0
[   17.733767]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.733811]  kthread+0x328/0x630
[   17.733855]  ret_from_fork+0x10/0x20
[   17.733890] 
[   17.733909] The buggy address belongs to the object at fff00000c4480c00
[   17.733909]  which belongs to the cache kmalloc-256 of size 256
[   17.733967] The buggy address is located 0 bytes to the right of
[   17.733967]  allocated 201-byte region [fff00000c4480c00, fff00000c4480cc9)
[   17.734028] 
[   17.734047] The buggy address belongs to the physical page:
[   17.734078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104480
[   17.734128] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.734175] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.734224] page_type: f5(slab)
[   17.734261] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.734309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.734371] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.734418] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.734465] head: 0bfffe0000000001 ffffc1ffc3112001 00000000ffffffff 00000000ffffffff
[   17.734512] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.734552] page dumped because: kasan: bad access detected
[   17.734582] 
[   17.734600] Memory state around the buggy address:
[   17.734629]  fff00000c4480b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.734670]  fff00000c4480c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.734711] >fff00000c4480c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.734747]                                               ^
[   17.734780]  fff00000c4480d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.734820]  fff00000c4480d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.734862] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHCHYqfIu4VBVZVnMqPbdHKQ6

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHCHYqfIu4VBVZVnMqPbdHKQ6

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/Image.gz
sha256sum	377fc1f956356f0192a0ae5a36f5141cc4f5c82f23686cbb581490c555233292

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbH8Y0IZhej6MjZmlQZ6gbMfpu/modules.tar.xz
sha256sum	63862ff5342865dbcabf053997348687cbf8c69b4178e317b99ac30d13bd68f5

durations

tests

boot	0
kunit	196.44

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.923084] ==================================================================
[   10.924197] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.924456] Write of size 1 at addr ffff888100a9c6ea by task kunit_try_catch/178
[   10.925679] 
[   10.926260] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.926309] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.926332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.926353] Call Trace:
[   10.926370]  <TASK>
[   10.926385]  dump_stack_lvl+0x73/0xb0
[   10.926413]  print_report+0xd1/0x650
[   10.926436]  ? __virt_addr_valid+0x1db/0x2d0
[   10.926458]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.926478]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.926501]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.926522]  kasan_report+0x141/0x180
[   10.926544]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.926569]  __asan_report_store1_noabort+0x1b/0x30
[   10.926591]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.926613]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.926634]  ? finish_task_switch.isra.0+0x153/0x700
[   10.926657]  ? __switch_to+0x5d9/0xf60
[   10.926677]  ? dequeue_task_fair+0x166/0x4e0
[   10.926702]  ? __schedule+0x10cc/0x2b60
[   10.926727]  ? __pfx_read_tsc+0x10/0x10
[   10.926751]  krealloc_less_oob+0x1c/0x30
[   10.926771]  kunit_try_run_case+0x1a5/0x480
[   10.926792]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.926810]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.926979]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.927014]  ? __kthread_parkme+0x82/0x180
[   10.927036]  ? preempt_count_sub+0x50/0x80
[   10.927060]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.927082]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.927140]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.927165]  kthread+0x337/0x6f0
[   10.927182]  ? trace_preempt_on+0x20/0xc0
[   10.927205]  ? __pfx_kthread+0x10/0x10
[   10.927223]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.927246]  ? calculate_sigpending+0x7b/0xa0
[   10.927267]  ? __pfx_kthread+0x10/0x10
[   10.927285]  ret_from_fork+0x41/0x80
[   10.927306]  ? __pfx_kthread+0x10/0x10
[   10.927323]  ret_from_fork_asm+0x1a/0x30
[   10.927353]  </TASK>
[   10.927365] 
[   10.942296] Allocated by task 178:
[   10.942484]  kasan_save_stack+0x45/0x70
[   10.943008]  kasan_save_track+0x18/0x40
[   10.943622]  kasan_save_alloc_info+0x3b/0x50
[   10.944164]  __kasan_krealloc+0x190/0x1f0
[   10.944370]  krealloc_noprof+0xf3/0x340
[   10.944678]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.945217]  krealloc_less_oob+0x1c/0x30
[   10.945413]  kunit_try_run_case+0x1a5/0x480
[   10.945868]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.946178]  kthread+0x337/0x6f0
[   10.946463]  ret_from_fork+0x41/0x80
[   10.947019]  ret_from_fork_asm+0x1a/0x30
[   10.947274] 
[   10.947531] The buggy address belongs to the object at ffff888100a9c600
[   10.947531]  which belongs to the cache kmalloc-256 of size 256
[   10.948592] The buggy address is located 33 bytes to the right of
[   10.948592]  allocated 201-byte region [ffff888100a9c600, ffff888100a9c6c9)
[   10.949527] 
[   10.949764] The buggy address belongs to the physical page:
[   10.950319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9c
[   10.950918] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.951257] flags: 0x200000000000040(head|node=0|zone=2)
[   10.951843] page_type: f5(slab)
[   10.952270] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.952813] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.953284] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.953914] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.954380] head: 0200000000000001 ffffea000402a701 00000000ffffffff 00000000ffffffff
[   10.955280] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.955929] page dumped because: kasan: bad access detected
[   10.956328] 
[   10.956589] Memory state around the buggy address:
[   10.956807]  ffff888100a9c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.957265]  ffff888100a9c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.957805] >ffff888100a9c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.958701]                                                           ^
[   10.959481]  ffff888100a9c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.960129]  ffff888100a9c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.960448] ==================================================================
[   10.898587] ==================================================================
[   10.899028] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.899376] Write of size 1 at addr ffff888100a9c6da by task kunit_try_catch/178
[   10.899745] 
[   10.900021] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.900082] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.900094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.900117] Call Trace:
[   10.900144]  <TASK>
[   10.900161]  dump_stack_lvl+0x73/0xb0
[   10.900187]  print_report+0xd1/0x650
[   10.900211]  ? __virt_addr_valid+0x1db/0x2d0
[   10.900232]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.900252]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.900275]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.900297]  kasan_report+0x141/0x180
[   10.900322]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.900358]  __asan_report_store1_noabort+0x1b/0x30
[   10.900380]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.900402]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.900434]  ? finish_task_switch.isra.0+0x153/0x700
[   10.900459]  ? __switch_to+0x5d9/0xf60
[   10.900479]  ? dequeue_task_fair+0x166/0x4e0
[   10.900513]  ? __schedule+0x10cc/0x2b60
[   10.900539]  ? __pfx_read_tsc+0x10/0x10
[   10.900562]  krealloc_less_oob+0x1c/0x30
[   10.900592]  kunit_try_run_case+0x1a5/0x480
[   10.900614]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.900633]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.900677]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.900702]  ? __kthread_parkme+0x82/0x180
[   10.900723]  ? preempt_count_sub+0x50/0x80
[   10.900748]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.900768]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.900792]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.900816]  kthread+0x337/0x6f0
[   10.900928]  ? trace_preempt_on+0x20/0xc0
[   10.900953]  ? __pfx_kthread+0x10/0x10
[   10.900983]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.901006]  ? calculate_sigpending+0x7b/0xa0
[   10.901028]  ? __pfx_kthread+0x10/0x10
[   10.901056]  ret_from_fork+0x41/0x80
[   10.901077]  ? __pfx_kthread+0x10/0x10
[   10.901096]  ret_from_fork_asm+0x1a/0x30
[   10.901136]  </TASK>
[   10.901148] 
[   10.909786] Allocated by task 178:
[   10.910091]  kasan_save_stack+0x45/0x70
[   10.910351]  kasan_save_track+0x18/0x40
[   10.910590]  kasan_save_alloc_info+0x3b/0x50
[   10.910800]  __kasan_krealloc+0x190/0x1f0
[   10.911125]  krealloc_noprof+0xf3/0x340
[   10.911347]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.911525]  krealloc_less_oob+0x1c/0x30
[   10.911724]  kunit_try_run_case+0x1a5/0x480
[   10.912010]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.912272]  kthread+0x337/0x6f0
[   10.912418]  ret_from_fork+0x41/0x80
[   10.912961]  ret_from_fork_asm+0x1a/0x30
[   10.913246] 
[   10.913382] The buggy address belongs to the object at ffff888100a9c600
[   10.913382]  which belongs to the cache kmalloc-256 of size 256
[   10.913991] The buggy address is located 17 bytes to the right of
[   10.913991]  allocated 201-byte region [ffff888100a9c600, ffff888100a9c6c9)
[   10.914726] 
[   10.914803] The buggy address belongs to the physical page:
[   10.915134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9c
[   10.915582] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.916078] flags: 0x200000000000040(head|node=0|zone=2)
[   10.916358] page_type: f5(slab)
[   10.916564] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.917091] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.917395] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.917793] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.918243] head: 0200000000000001 ffffea000402a701 00000000ffffffff 00000000ffffffff
[   10.918618] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.919044] page dumped because: kasan: bad access detected
[   10.919273] 
[   10.919383] Memory state around the buggy address:
[   10.919657]  ffff888100a9c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.919966]  ffff888100a9c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.920293] >ffff888100a9c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.920594]                                                     ^
[   10.920862]  ffff888100a9c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.921334]  ffff888100a9c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.921734] ==================================================================
[   10.870985] ==================================================================
[   10.871651] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.872181] Write of size 1 at addr ffff888100a9c6d0 by task kunit_try_catch/178
[   10.873296] 
[   10.873415] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.873459] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.873471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.873491] Call Trace:
[   10.873503]  <TASK>
[   10.873724]  dump_stack_lvl+0x73/0xb0
[   10.873760]  print_report+0xd1/0x650
[   10.873799]  ? __virt_addr_valid+0x1db/0x2d0
[   10.873822]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.873930]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.873957]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.873978]  kasan_report+0x141/0x180
[   10.874002]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.874027]  __asan_report_store1_noabort+0x1b/0x30
[   10.874049]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.874072]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.874095]  ? finish_task_switch.isra.0+0x153/0x700
[   10.874119]  ? __switch_to+0x5d9/0xf60
[   10.874140]  ? dequeue_task_fair+0x166/0x4e0
[   10.874165]  ? __schedule+0x10cc/0x2b60
[   10.874188]  ? __pfx_read_tsc+0x10/0x10
[   10.874211]  krealloc_less_oob+0x1c/0x30
[   10.874230]  kunit_try_run_case+0x1a5/0x480
[   10.874252]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.874271]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.874295]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.874319]  ? __kthread_parkme+0x82/0x180
[   10.874340]  ? preempt_count_sub+0x50/0x80
[   10.874364]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.874385]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.874408]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.874432]  kthread+0x337/0x6f0
[   10.874450]  ? trace_preempt_on+0x20/0xc0
[   10.874474]  ? __pfx_kthread+0x10/0x10
[   10.874492]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.874514]  ? calculate_sigpending+0x7b/0xa0
[   10.874536]  ? __pfx_kthread+0x10/0x10
[   10.874554]  ret_from_fork+0x41/0x80
[   10.874575]  ? __pfx_kthread+0x10/0x10
[   10.874594]  ret_from_fork_asm+0x1a/0x30
[   10.874623]  </TASK>
[   10.874635] 
[   10.886669] Allocated by task 178:
[   10.886889]  kasan_save_stack+0x45/0x70
[   10.887199]  kasan_save_track+0x18/0x40
[   10.887427]  kasan_save_alloc_info+0x3b/0x50
[   10.887621]  __kasan_krealloc+0x190/0x1f0
[   10.887967]  krealloc_noprof+0xf3/0x340
[   10.888336]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.888580]  krealloc_less_oob+0x1c/0x30
[   10.888766]  kunit_try_run_case+0x1a5/0x480
[   10.889040]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.889395]  kthread+0x337/0x6f0
[   10.889549]  ret_from_fork+0x41/0x80
[   10.889762]  ret_from_fork_asm+0x1a/0x30
[   10.890004] 
[   10.890128] The buggy address belongs to the object at ffff888100a9c600
[   10.890128]  which belongs to the cache kmalloc-256 of size 256
[   10.890569] The buggy address is located 7 bytes to the right of
[   10.890569]  allocated 201-byte region [ffff888100a9c600, ffff888100a9c6c9)
[   10.891155] 
[   10.891233] The buggy address belongs to the physical page:
[   10.891477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9c
[   10.891894] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.892427] flags: 0x200000000000040(head|node=0|zone=2)
[   10.892716] page_type: f5(slab)
[   10.892969] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.893231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.893603] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.893978] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.894576] head: 0200000000000001 ffffea000402a701 00000000ffffffff 00000000ffffffff
[   10.895012] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.895364] page dumped because: kasan: bad access detected
[   10.895655] 
[   10.895744] Memory state around the buggy address:
[   10.896206]  ffff888100a9c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.896466]  ffff888100a9c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.896783] >ffff888100a9c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.897067]                                                  ^
[   10.897298]  ffff888100a9c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.897620]  ffff888100a9c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.898006] ==================================================================
[   11.075949] ==================================================================
[   11.076298] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.076763] Write of size 1 at addr ffff8881026fe0d0 by task kunit_try_catch/182
[   11.077072] 
[   11.077155] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   11.077197] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.077208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.077229] Call Trace:
[   11.077244]  <TASK>
[   11.077399]  dump_stack_lvl+0x73/0xb0
[   11.077429]  print_report+0xd1/0x650
[   11.077454]  ? __virt_addr_valid+0x1db/0x2d0
[   11.077476]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.077497]  ? kasan_addr_to_slab+0x11/0xa0
[   11.077520]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.077541]  kasan_report+0x141/0x180
[   11.077564]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.077589]  __asan_report_store1_noabort+0x1b/0x30
[   11.077611]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.077634]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.077656]  ? finish_task_switch.isra.0+0x153/0x700
[   11.077680]  ? __switch_to+0x5d9/0xf60
[   11.077702]  ? dequeue_task_fair+0x166/0x4e0
[   11.077727]  ? __schedule+0x10cc/0x2b60
[   11.077751]  ? __pfx_read_tsc+0x10/0x10
[   11.077775]  krealloc_large_less_oob+0x1c/0x30
[   11.077795]  kunit_try_run_case+0x1a5/0x480
[   11.077817]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.078192]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.078232]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.078257]  ? __kthread_parkme+0x82/0x180
[   11.078280]  ? preempt_count_sub+0x50/0x80
[   11.078305]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.078326]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.078350]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.078374]  kthread+0x337/0x6f0
[   11.078392]  ? trace_preempt_on+0x20/0xc0
[   11.078416]  ? __pfx_kthread+0x10/0x10
[   11.078435]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.078457]  ? calculate_sigpending+0x7b/0xa0
[   11.078479]  ? __pfx_kthread+0x10/0x10
[   11.078498]  ret_from_fork+0x41/0x80
[   11.078528]  ? __pfx_kthread+0x10/0x10
[   11.078547]  ret_from_fork_asm+0x1a/0x30
[   11.078578]  </TASK>
[   11.078590] 
[   11.086577] The buggy address belongs to the physical page:
[   11.086827] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026fc
[   11.087153] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.087487] flags: 0x200000000000040(head|node=0|zone=2)
[   11.087825] page_type: f8(unknown)
[   11.088080] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.088385] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.088731] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.089083] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.089321] head: 0200000000000002 ffffea000409bf01 00000000ffffffff 00000000ffffffff
[   11.089654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.090019] page dumped because: kasan: bad access detected
[   11.090353] 
[   11.090503] Memory state around the buggy address:
[   11.090702]  ffff8881026fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.091014]  ffff8881026fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.091349] >ffff8881026fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.091907]                                                  ^
[   11.092160]  ffff8881026fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.092454]  ffff8881026fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.092756] ==================================================================
[   11.132416] ==================================================================
[   11.132718] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.133078] Write of size 1 at addr ffff8881026fe0eb by task kunit_try_catch/182
[   11.133445] 
[   11.133567] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   11.133611] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.133623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.133644] Call Trace:
[   11.133657]  <TASK>
[   11.133672]  dump_stack_lvl+0x73/0xb0
[   11.133699]  print_report+0xd1/0x650
[   11.133742]  ? __virt_addr_valid+0x1db/0x2d0
[   11.133764]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.133785]  ? kasan_addr_to_slab+0x11/0xa0
[   11.133806]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.133827]  kasan_report+0x141/0x180
[   11.133850]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.133887]  __asan_report_store1_noabort+0x1b/0x30
[   11.133909]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.133932]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.133953]  ? finish_task_switch.isra.0+0x153/0x700
[   11.134051]  ? __switch_to+0x5d9/0xf60
[   11.134074]  ? dequeue_task_fair+0x166/0x4e0
[   11.134099]  ? __schedule+0x10cc/0x2b60
[   11.134136]  ? __pfx_read_tsc+0x10/0x10
[   11.134173]  krealloc_large_less_oob+0x1c/0x30
[   11.134195]  kunit_try_run_case+0x1a5/0x480
[   11.134218]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.134250]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.134287]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.134325]  ? __kthread_parkme+0x82/0x180
[   11.134347]  ? preempt_count_sub+0x50/0x80
[   11.134371]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.134391]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.134415]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.134439]  kthread+0x337/0x6f0
[   11.134455]  ? trace_preempt_on+0x20/0xc0
[   11.134479]  ? __pfx_kthread+0x10/0x10
[   11.134497]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.134520]  ? calculate_sigpending+0x7b/0xa0
[   11.134541]  ? __pfx_kthread+0x10/0x10
[   11.134560]  ret_from_fork+0x41/0x80
[   11.134582]  ? __pfx_kthread+0x10/0x10
[   11.134600]  ret_from_fork_asm+0x1a/0x30
[   11.134631]  </TASK>
[   11.134642] 
[   11.143910] The buggy address belongs to the physical page:
[   11.144187] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026fc
[   11.144734] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.145156] flags: 0x200000000000040(head|node=0|zone=2)
[   11.145418] page_type: f8(unknown)
[   11.145631] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.145993] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.146513] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.146753] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.147225] head: 0200000000000002 ffffea000409bf01 00000000ffffffff 00000000ffffffff
[   11.147571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.147978] page dumped because: kasan: bad access detected
[   11.148256] 
[   11.148330] Memory state around the buggy address:
[   11.148491]  ffff8881026fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.149007]  ffff8881026fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.149349] >ffff8881026fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.149726]                                                           ^
[   11.149969]  ffff8881026fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.150417]  ffff8881026fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.150804] ==================================================================
[   10.839542] ==================================================================
[   10.840196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.841340] Write of size 1 at addr ffff888100a9c6c9 by task kunit_try_catch/178
[   10.842301] 
[   10.842435] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.842484] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.842496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.842628] Call Trace:
[   10.842646]  <TASK>
[   10.842662]  dump_stack_lvl+0x73/0xb0
[   10.842691]  print_report+0xd1/0x650
[   10.842715]  ? __virt_addr_valid+0x1db/0x2d0
[   10.842737]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.842757]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.842780]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.842801]  kasan_report+0x141/0x180
[   10.842825]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.842958]  __asan_report_store1_noabort+0x1b/0x30
[   10.842984]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.843007]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.843030]  ? finish_task_switch.isra.0+0x153/0x700
[   10.843053]  ? __switch_to+0x5d9/0xf60
[   10.843074]  ? dequeue_task_fair+0x166/0x4e0
[   10.843098]  ? __schedule+0x10cc/0x2b60
[   10.843121]  ? __pfx_read_tsc+0x10/0x10
[   10.843144]  krealloc_less_oob+0x1c/0x30
[   10.843162]  kunit_try_run_case+0x1a5/0x480
[   10.843184]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.843203]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.843228]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.843252]  ? __kthread_parkme+0x82/0x180
[   10.843273]  ? preempt_count_sub+0x50/0x80
[   10.843298]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.843319]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.843342]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.843366]  kthread+0x337/0x6f0
[   10.843382]  ? trace_preempt_on+0x20/0xc0
[   10.843406]  ? __pfx_kthread+0x10/0x10
[   10.843424]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.843445]  ? calculate_sigpending+0x7b/0xa0
[   10.843466]  ? __pfx_kthread+0x10/0x10
[   10.843485]  ret_from_fork+0x41/0x80
[   10.843505]  ? __pfx_kthread+0x10/0x10
[   10.843524]  ret_from_fork_asm+0x1a/0x30
[   10.843554]  </TASK>
[   10.843565] 
[   10.855326] Allocated by task 178:
[   10.855665]  kasan_save_stack+0x45/0x70
[   10.855928]  kasan_save_track+0x18/0x40
[   10.856103]  kasan_save_alloc_info+0x3b/0x50
[   10.856417]  __kasan_krealloc+0x190/0x1f0
[   10.856790]  krealloc_noprof+0xf3/0x340
[   10.857066]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.857440]  krealloc_less_oob+0x1c/0x30
[   10.857784]  kunit_try_run_case+0x1a5/0x480
[   10.858232]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.858616]  kthread+0x337/0x6f0
[   10.858957]  ret_from_fork+0x41/0x80
[   10.859104]  ret_from_fork_asm+0x1a/0x30
[   10.859299] 
[   10.859385] The buggy address belongs to the object at ffff888100a9c600
[   10.859385]  which belongs to the cache kmalloc-256 of size 256
[   10.860253] The buggy address is located 0 bytes to the right of
[   10.860253]  allocated 201-byte region [ffff888100a9c600, ffff888100a9c6c9)
[   10.861151] 
[   10.861258] The buggy address belongs to the physical page:
[   10.861598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9c
[   10.862124] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.862449] flags: 0x200000000000040(head|node=0|zone=2)
[   10.862925] page_type: f5(slab)
[   10.863112] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.863690] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.864229] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.864708] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.865278] head: 0200000000000001 ffffea000402a701 00000000ffffffff 00000000ffffffff
[   10.865812] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.866347] page dumped because: kasan: bad access detected
[   10.866591] 
[   10.866963] Memory state around the buggy address:
[   10.867300]  ffff888100a9c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.867761]  ffff888100a9c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.868414] >ffff888100a9c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.868955]                                               ^
[   10.869195]  ffff888100a9c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.869507]  ffff888100a9c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.870097] ==================================================================
[   11.093142] ==================================================================
[   11.093596] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.093848] Write of size 1 at addr ffff8881026fe0da by task kunit_try_catch/182
[   11.094163] 
[   11.094274] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   11.094317] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.094328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.094362] Call Trace:
[   11.094377]  <TASK>
[   11.094392]  dump_stack_lvl+0x73/0xb0
[   11.094418]  print_report+0xd1/0x650
[   11.094443]  ? __virt_addr_valid+0x1db/0x2d0
[   11.094465]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.094487]  ? kasan_addr_to_slab+0x11/0xa0
[   11.094511]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.094533]  kasan_report+0x141/0x180
[   11.094557]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.094582]  __asan_report_store1_noabort+0x1b/0x30
[   11.094604]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.094628]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.094649]  ? finish_task_switch.isra.0+0x153/0x700
[   11.094673]  ? __switch_to+0x5d9/0xf60
[   11.094694]  ? dequeue_task_fair+0x166/0x4e0
[   11.094718]  ? __schedule+0x10cc/0x2b60
[   11.094743]  ? __pfx_read_tsc+0x10/0x10
[   11.094767]  krealloc_large_less_oob+0x1c/0x30
[   11.094787]  kunit_try_run_case+0x1a5/0x480
[   11.094809]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.094828]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.094853]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.094888]  ? __kthread_parkme+0x82/0x180
[   11.094911]  ? preempt_count_sub+0x50/0x80
[   11.094935]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.094956]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.094980]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.095003]  kthread+0x337/0x6f0
[   11.095021]  ? trace_preempt_on+0x20/0xc0
[   11.095044]  ? __pfx_kthread+0x10/0x10
[   11.095063]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.095085]  ? calculate_sigpending+0x7b/0xa0
[   11.095107]  ? __pfx_kthread+0x10/0x10
[   11.095126]  ret_from_fork+0x41/0x80
[   11.095148]  ? __pfx_kthread+0x10/0x10
[   11.095166]  ret_from_fork_asm+0x1a/0x30
[   11.095197]  </TASK>
[   11.095209] 
[   11.105864] The buggy address belongs to the physical page:
[   11.106184] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026fc
[   11.106722] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.107257] flags: 0x200000000000040(head|node=0|zone=2)
[   11.107529] page_type: f8(unknown)
[   11.107685] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.108167] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.108515] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.108953] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.109300] head: 0200000000000002 ffffea000409bf01 00000000ffffffff 00000000ffffffff
[   11.109638] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.110050] page dumped because: kasan: bad access detected
[   11.110278] 
[   11.110377] Memory state around the buggy address:
[   11.110585]  ffff8881026fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.110856]  ffff8881026fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.111359] >ffff8881026fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.111718]                                                     ^
[   11.112305]  ffff8881026fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.112580]  ffff8881026fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.113162] ==================================================================
[   10.961405] ==================================================================
[   10.962140] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.962479] Write of size 1 at addr ffff888100a9c6eb by task kunit_try_catch/178
[   10.963258] 
[   10.963398] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.963542] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.963567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.963594] Call Trace:
[   10.963613]  <TASK>
[   10.963632]  dump_stack_lvl+0x73/0xb0
[   10.963668]  print_report+0xd1/0x650
[   10.963693]  ? __virt_addr_valid+0x1db/0x2d0
[   10.963715]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.963736]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.963759]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.963780]  kasan_report+0x141/0x180
[   10.963803]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.963829]  __asan_report_store1_noabort+0x1b/0x30
[   10.963897]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.963921]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.963942]  ? finish_task_switch.isra.0+0x153/0x700
[   10.963966]  ? __switch_to+0x5d9/0xf60
[   10.963988]  ? dequeue_task_fair+0x166/0x4e0
[   10.964012]  ? __schedule+0x10cc/0x2b60
[   10.964037]  ? __pfx_read_tsc+0x10/0x10
[   10.964060]  krealloc_less_oob+0x1c/0x30
[   10.964079]  kunit_try_run_case+0x1a5/0x480
[   10.964102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.964120]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.964145]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.964170]  ? __kthread_parkme+0x82/0x180
[   10.964192]  ? preempt_count_sub+0x50/0x80
[   10.964216]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.964237]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.964260]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.964284]  kthread+0x337/0x6f0
[   10.964301]  ? trace_preempt_on+0x20/0xc0
[   10.964325]  ? __pfx_kthread+0x10/0x10
[   10.964343]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.964365]  ? calculate_sigpending+0x7b/0xa0
[   10.964387]  ? __pfx_kthread+0x10/0x10
[   10.964406]  ret_from_fork+0x41/0x80
[   10.964427]  ? __pfx_kthread+0x10/0x10
[   10.964445]  ret_from_fork_asm+0x1a/0x30
[   10.964476]  </TASK>
[   10.964488] 
[   10.977255] Allocated by task 178:
[   10.977440]  kasan_save_stack+0x45/0x70
[   10.977987]  kasan_save_track+0x18/0x40
[   10.978181]  kasan_save_alloc_info+0x3b/0x50
[   10.978375]  __kasan_krealloc+0x190/0x1f0
[   10.978797]  krealloc_noprof+0xf3/0x340
[   10.979413]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.979985]  krealloc_less_oob+0x1c/0x30
[   10.980225]  kunit_try_run_case+0x1a5/0x480
[   10.980431]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.981041]  kthread+0x337/0x6f0
[   10.981249]  ret_from_fork+0x41/0x80
[   10.981550]  ret_from_fork_asm+0x1a/0x30
[   10.981982] 
[   10.982230] The buggy address belongs to the object at ffff888100a9c600
[   10.982230]  which belongs to the cache kmalloc-256 of size 256
[   10.983035] The buggy address is located 34 bytes to the right of
[   10.983035]  allocated 201-byte region [ffff888100a9c600, ffff888100a9c6c9)
[   10.983866] 
[   10.984049] The buggy address belongs to the physical page:
[   10.984295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a9c
[   10.985031] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.985652] flags: 0x200000000000040(head|node=0|zone=2)
[   10.986172] page_type: f5(slab)
[   10.986571] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.987012] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.987485] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.988299] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.988778] head: 0200000000000001 ffffea000402a701 00000000ffffffff 00000000ffffffff
[   10.989310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.990018] page dumped because: kasan: bad access detected
[   10.990318] 
[   10.990541] Memory state around the buggy address:
[   10.990781]  ffff888100a9c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.991259]  ffff888100a9c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.991816] >ffff888100a9c680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.992427]                                                           ^
[   10.993135]  ffff888100a9c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.993440]  ffff888100a9c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.994189] ==================================================================
[   11.113578] ==================================================================
[   11.113973] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.114323] Write of size 1 at addr ffff8881026fe0ea by task kunit_try_catch/182
[   11.114695] 
[   11.114815] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   11.114940] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.114954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.114975] Call Trace:
[   11.114991]  <TASK>
[   11.115006]  dump_stack_lvl+0x73/0xb0
[   11.115033]  print_report+0xd1/0x650
[   11.115058]  ? __virt_addr_valid+0x1db/0x2d0
[   11.115098]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.115120]  ? kasan_addr_to_slab+0x11/0xa0
[   11.115141]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.115162]  kasan_report+0x141/0x180
[   11.115185]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.115211]  __asan_report_store1_noabort+0x1b/0x30
[   11.115232]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.115255]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.115276]  ? finish_task_switch.isra.0+0x153/0x700
[   11.115300]  ? __switch_to+0x5d9/0xf60
[   11.115321]  ? dequeue_task_fair+0x166/0x4e0
[   11.115345]  ? __schedule+0x10cc/0x2b60
[   11.115368]  ? __pfx_read_tsc+0x10/0x10
[   11.115392]  krealloc_large_less_oob+0x1c/0x30
[   11.115412]  kunit_try_run_case+0x1a5/0x480
[   11.115452]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.115471]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.115495]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.115526]  ? __kthread_parkme+0x82/0x180
[   11.115549]  ? preempt_count_sub+0x50/0x80
[   11.115580]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.115617]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.115653]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.115678]  kthread+0x337/0x6f0
[   11.115708]  ? trace_preempt_on+0x20/0xc0
[   11.115733]  ? __pfx_kthread+0x10/0x10
[   11.115751]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.115787]  ? calculate_sigpending+0x7b/0xa0
[   11.115822]  ? __pfx_kthread+0x10/0x10
[   11.115841]  ret_from_fork+0x41/0x80
[   11.115862]  ? __pfx_kthread+0x10/0x10
[   11.115891]  ret_from_fork_asm+0x1a/0x30
[   11.115923]  </TASK>
[   11.115934] 
[   11.125217] The buggy address belongs to the physical page:
[   11.125574] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026fc
[   11.125820] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.126186] flags: 0x200000000000040(head|node=0|zone=2)
[   11.126445] page_type: f8(unknown)
[   11.126699] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.127107] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.127452] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.127813] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.128257] head: 0200000000000002 ffffea000409bf01 00000000ffffffff 00000000ffffffff
[   11.128539] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.129095] page dumped because: kasan: bad access detected
[   11.129384] 
[   11.129472] Memory state around the buggy address:
[   11.129724]  ffff8881026fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.130198]  ffff8881026fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.130541] >ffff8881026fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.130947]                                                           ^
[   11.131238]  ffff8881026fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.131594]  ffff8881026fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.132013] ==================================================================
[   11.054508] ==================================================================
[   11.055189] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.055546] Write of size 1 at addr ffff8881026fe0c9 by task kunit_try_catch/182
[   11.055976] 
[   11.056103] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   11.056152] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.056164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.056187] Call Trace:
[   11.056200]  <TASK>
[   11.056217]  dump_stack_lvl+0x73/0xb0
[   11.056246]  print_report+0xd1/0x650
[   11.056270]  ? __virt_addr_valid+0x1db/0x2d0
[   11.056293]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.056314]  ? kasan_addr_to_slab+0x11/0xa0
[   11.056335]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.056356]  kasan_report+0x141/0x180
[   11.056379]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.056405]  __asan_report_store1_noabort+0x1b/0x30
[   11.056426]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.056449]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.056470]  ? finish_task_switch.isra.0+0x153/0x700
[   11.056548]  ? __switch_to+0x5d9/0xf60
[   11.056589]  ? dequeue_task_fair+0x166/0x4e0
[   11.056614]  ? __schedule+0x10cc/0x2b60
[   11.056645]  ? __pfx_read_tsc+0x10/0x10
[   11.056669]  krealloc_large_less_oob+0x1c/0x30
[   11.056689]  kunit_try_run_case+0x1a5/0x480
[   11.056712]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.056732]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.056757]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.056781]  ? __kthread_parkme+0x82/0x180
[   11.056804]  ? preempt_count_sub+0x50/0x80
[   11.056828]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.057067]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.057093]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.057117]  kthread+0x337/0x6f0
[   11.057135]  ? trace_preempt_on+0x20/0xc0
[   11.057161]  ? __pfx_kthread+0x10/0x10
[   11.057179]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.057202]  ? calculate_sigpending+0x7b/0xa0
[   11.057224]  ? __pfx_kthread+0x10/0x10
[   11.057242]  ret_from_fork+0x41/0x80
[   11.057264]  ? __pfx_kthread+0x10/0x10
[   11.057282]  ret_from_fork_asm+0x1a/0x30
[   11.057314]  </TASK>
[   11.057326] 
[   11.068590] The buggy address belongs to the physical page:
[   11.068929] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026fc
[   11.069273] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.069632] flags: 0x200000000000040(head|node=0|zone=2)
[   11.069918] page_type: f8(unknown)
[   11.070375] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.070683] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.071043] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.071401] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.071721] head: 0200000000000002 ffffea000409bf01 00000000ffffffff 00000000ffffffff
[   11.072289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.072605] page dumped because: kasan: bad access detected
[   11.072914] 
[   11.073017] Memory state around the buggy address:
[   11.073237]  ffff8881026fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.073665]  ffff8881026fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.074050] >ffff8881026fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.074375]                                               ^
[   11.074669]  ffff8881026fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.075053]  ffff8881026fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.075330] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zbH6wKLxV1MpyPrsiPCH34DxD7

job_id

TEST:linaro@lkft#2zbHDX45bldMSBJpzmaNX6Oa8ya

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zbHDX45bldMSBJpzmaNX6Oa8ya

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/bzImage
sha256sum	f832e357085de19206056a035510bd43f1bc47badc4ae10b58ebab3542c23787

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zbHA1Bjc8UGyPoSazWRKkmPbWO/modules.tar.xz
sha256sum	ab3c5377b690ddf19fc7a14491556416ddf08419ceb427959995f1c420d461c9

durations

tests

boot	0
kunit	224.81

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit