lkft/linux-stable-rc-linux-6.15.y - v6.15.7-188-g81bcc8b99854 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 22, 2025, 2:40 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.056756] ==================================================================
[   17.057101] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.057363] Write of size 1 at addr fff00000c09234eb by task kunit_try_catch/160
[   17.057549] 
[   17.057666] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.057760] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.057785] Hardware name: linux,dummy-virt (DT)
[   17.058125] Call trace:
[   17.058243]  show_stack+0x20/0x38 (C)
[   17.058310]  dump_stack_lvl+0x8c/0xd0
[   17.058515]  print_report+0x118/0x5d0
[   17.058576]  kasan_report+0xdc/0x128
[   17.058835]  __asan_report_store1_noabort+0x20/0x30
[   17.059151]  krealloc_less_oob_helper+0xa58/0xc50
[   17.059326]  krealloc_less_oob+0x20/0x38
[   17.059449]  kunit_try_run_case+0x170/0x3f0
[   17.059578]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.059788]  kthread+0x328/0x630
[   17.060017]  ret_from_fork+0x10/0x20
[   17.060075] 
[   17.060093] Allocated by task 160:
[   17.060333]  kasan_save_stack+0x3c/0x68
[   17.060494]  kasan_save_track+0x20/0x40
[   17.060561]  kasan_save_alloc_info+0x40/0x58
[   17.060739]  __kasan_krealloc+0x118/0x178
[   17.060784]  krealloc_noprof+0x128/0x360
[   17.061011]  krealloc_less_oob_helper+0x168/0xc50
[   17.061205]  krealloc_less_oob+0x20/0x38
[   17.061371]  kunit_try_run_case+0x170/0x3f0
[   17.061593]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.061712]  kthread+0x328/0x630
[   17.062063]  ret_from_fork+0x10/0x20
[   17.062228] 
[   17.062277] The buggy address belongs to the object at fff00000c0923400
[   17.062277]  which belongs to the cache kmalloc-256 of size 256
[   17.062348] The buggy address is located 34 bytes to the right of
[   17.062348]  allocated 201-byte region [fff00000c0923400, fff00000c09234c9)
[   17.062461] 
[   17.062490] The buggy address belongs to the physical page:
[   17.062529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922
[   17.062597] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.062651] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.062701] page_type: f5(slab)
[   17.062742] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.062800] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.062848] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.062898] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.062945] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff
[   17.062992] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.063030] page dumped because: kasan: bad access detected
[   17.063059] 
[   17.063077] Memory state around the buggy address:
[   17.063106]  fff00000c0923380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.063146]  fff00000c0923400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.063196] >fff00000c0923480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.063241]                                                           ^
[   17.063277]  fff00000c0923500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.063329]  fff00000c0923580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.063375] ==================================================================
[   17.096672] ==================================================================
[   17.096754] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.096809] Write of size 1 at addr fff00000c788e0c9 by task kunit_try_catch/164
[   17.097092] 
[   17.097137] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.097427] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.097484] Hardware name: linux,dummy-virt (DT)
[   17.097543] Call trace:
[   17.097571]  show_stack+0x20/0x38 (C)
[   17.097623]  dump_stack_lvl+0x8c/0xd0
[   17.097740]  print_report+0x118/0x5d0
[   17.097807]  kasan_report+0xdc/0x128
[   17.097851]  __asan_report_store1_noabort+0x20/0x30
[   17.098231]  krealloc_less_oob_helper+0xa48/0xc50
[   17.098311]  krealloc_large_less_oob+0x20/0x38
[   17.098439]  kunit_try_run_case+0x170/0x3f0
[   17.098493]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.098560]  kthread+0x328/0x630
[   17.098670]  ret_from_fork+0x10/0x20
[   17.098720] 
[   17.098740] The buggy address belongs to the physical page:
[   17.098881] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788c
[   17.098936] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.098981] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.099039] page_type: f8(unknown)
[   17.099077] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.099543] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.099657] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.099828] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.099893] head: 0bfffe0000000002 ffffc1ffc31e2301 00000000ffffffff 00000000ffffffff
[   17.100133] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.100251] page dumped because: kasan: bad access detected
[   17.100519] 
[   17.100578] Memory state around the buggy address:
[   17.100705]  fff00000c788df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.100778]  fff00000c788e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.101007] >fff00000c788e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.101112]                                               ^
[   17.101401]  fff00000c788e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.101466]  fff00000c788e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.101600] ==================================================================
[   17.023747] ==================================================================
[   17.024140] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.024203] Write of size 1 at addr fff00000c09234d0 by task kunit_try_catch/160
[   17.024407] 
[   17.024517] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.024749] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.024782] Hardware name: linux,dummy-virt (DT)
[   17.025022] Call trace:
[   17.025073]  show_stack+0x20/0x38 (C)
[   17.025250]  dump_stack_lvl+0x8c/0xd0
[   17.025344]  print_report+0x118/0x5d0
[   17.025528]  kasan_report+0xdc/0x128
[   17.025582]  __asan_report_store1_noabort+0x20/0x30
[   17.025890]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.025967]  krealloc_less_oob+0x20/0x38
[   17.026346]  kunit_try_run_case+0x170/0x3f0
[   17.026425]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.026525]  kthread+0x328/0x630
[   17.026614]  ret_from_fork+0x10/0x20
[   17.026661] 
[   17.027052] Allocated by task 160:
[   17.027211]  kasan_save_stack+0x3c/0x68
[   17.027257]  kasan_save_track+0x20/0x40
[   17.027553]  kasan_save_alloc_info+0x40/0x58
[   17.027698]  __kasan_krealloc+0x118/0x178
[   17.027738]  krealloc_noprof+0x128/0x360
[   17.027824]  krealloc_less_oob_helper+0x168/0xc50
[   17.028277]  krealloc_less_oob+0x20/0x38
[   17.028539]  kunit_try_run_case+0x170/0x3f0
[   17.028618]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.028776]  kthread+0x328/0x630
[   17.028853]  ret_from_fork+0x10/0x20
[   17.029134] 
[   17.029176] The buggy address belongs to the object at fff00000c0923400
[   17.029176]  which belongs to the cache kmalloc-256 of size 256
[   17.029454] The buggy address is located 7 bytes to the right of
[   17.029454]  allocated 201-byte region [fff00000c0923400, fff00000c09234c9)
[   17.029544] 
[   17.029563] The buggy address belongs to the physical page:
[   17.029880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922
[   17.030102] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.030253] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.030362] page_type: f5(slab)
[   17.030598] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.030756] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.030811] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.030965] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.031015] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff
[   17.031062] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.031101] page dumped because: kasan: bad access detected
[   17.031153] 
[   17.031171] Memory state around the buggy address:
[   17.031202]  fff00000c0923380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.031243]  fff00000c0923400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.031468] >fff00000c0923480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.031767]                                                  ^
[   17.031813]  fff00000c0923500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.031871]  fff00000c0923580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.032088] ==================================================================
[   17.104354] ==================================================================
[   17.104404] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.104452] Write of size 1 at addr fff00000c788e0d0 by task kunit_try_catch/164
[   17.104500] 
[   17.104528] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.104603] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.104628] Hardware name: linux,dummy-virt (DT)
[   17.104657] Call trace:
[   17.104678]  show_stack+0x20/0x38 (C)
[   17.104723]  dump_stack_lvl+0x8c/0xd0
[   17.104771]  print_report+0x118/0x5d0
[   17.104816]  kasan_report+0xdc/0x128
[   17.104888]  __asan_report_store1_noabort+0x20/0x30
[   17.104939]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.104985]  krealloc_large_less_oob+0x20/0x38
[   17.105035]  kunit_try_run_case+0x170/0x3f0
[   17.105082]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.105139]  kthread+0x328/0x630
[   17.105184]  ret_from_fork+0x10/0x20
[   17.105229] 
[   17.105247] The buggy address belongs to the physical page:
[   17.105276] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788c
[   17.106271] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.106342] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.106471] page_type: f8(unknown)
[   17.106511] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.106575] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.106629] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.106882] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.107189] head: 0bfffe0000000002 ffffc1ffc31e2301 00000000ffffffff 00000000ffffffff
[   17.107307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.107565] page dumped because: kasan: bad access detected
[   17.107708] 
[   17.107784] Memory state around the buggy address:
[   17.107942]  fff00000c788df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.108192]  fff00000c788e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.108526] >fff00000c788e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.108920]                                                  ^
[   17.108979]  fff00000c788e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.109215]  fff00000c788e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.109624] ==================================================================
[   17.012729] ==================================================================
[   17.012795] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.012849] Write of size 1 at addr fff00000c09234c9 by task kunit_try_catch/160
[   17.013843] 
[   17.014034] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.015052] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.015116] Hardware name: linux,dummy-virt (DT)
[   17.015157] Call trace:
[   17.015212]  show_stack+0x20/0x38 (C)
[   17.015337]  dump_stack_lvl+0x8c/0xd0
[   17.015410]  print_report+0x118/0x5d0
[   17.015592]  kasan_report+0xdc/0x128
[   17.015691]  __asan_report_store1_noabort+0x20/0x30
[   17.015741]  krealloc_less_oob_helper+0xa48/0xc50
[   17.015786]  krealloc_less_oob+0x20/0x38
[   17.015832]  kunit_try_run_case+0x170/0x3f0
[   17.016202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.016593]  kthread+0x328/0x630
[   17.016947]  ret_from_fork+0x10/0x20
[   17.017154] 
[   17.017203] Allocated by task 160:
[   17.017231]  kasan_save_stack+0x3c/0x68
[   17.017656]  kasan_save_track+0x20/0x40
[   17.017731]  kasan_save_alloc_info+0x40/0x58
[   17.018129]  __kasan_krealloc+0x118/0x178
[   17.018203]  krealloc_noprof+0x128/0x360
[   17.018447]  krealloc_less_oob_helper+0x168/0xc50
[   17.018603]  krealloc_less_oob+0x20/0x38
[   17.018740]  kunit_try_run_case+0x170/0x3f0
[   17.018833]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.018881]  kthread+0x328/0x630
[   17.019232]  ret_from_fork+0x10/0x20
[   17.019520] 
[   17.019559] The buggy address belongs to the object at fff00000c0923400
[   17.019559]  which belongs to the cache kmalloc-256 of size 256
[   17.019680] The buggy address is located 0 bytes to the right of
[   17.019680]  allocated 201-byte region [fff00000c0923400, fff00000c09234c9)
[   17.020167] 
[   17.020219] The buggy address belongs to the physical page:
[   17.020251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922
[   17.020510] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.020592] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.020761] page_type: f5(slab)
[   17.020926] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.021124] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.021186] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.021427] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.021616] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff
[   17.021722] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.021863] page dumped because: kasan: bad access detected
[   17.021921] 
[   17.021950] Memory state around the buggy address:
[   17.021982]  fff00000c0923380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.022032]  fff00000c0923400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.022078] >fff00000c0923480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.022114]                                               ^
[   17.022148]  fff00000c0923500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.022189]  fff00000c0923580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.022235] ==================================================================
[   17.037381] ==================================================================
[   17.037439] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.037493] Write of size 1 at addr fff00000c09234da by task kunit_try_catch/160
[   17.037545] 
[   17.037720] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.037817] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.037854] Hardware name: linux,dummy-virt (DT)
[   17.037886] Call trace:
[   17.037907]  show_stack+0x20/0x38 (C)
[   17.037956]  dump_stack_lvl+0x8c/0xd0
[   17.038005]  print_report+0x118/0x5d0
[   17.038057]  kasan_report+0xdc/0x128
[   17.038100]  __asan_report_store1_noabort+0x20/0x30
[   17.038148]  krealloc_less_oob_helper+0xa80/0xc50
[   17.038193]  krealloc_less_oob+0x20/0x38
[   17.038236]  kunit_try_run_case+0x170/0x3f0
[   17.038648]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.038877]  kthread+0x328/0x630
[   17.038979]  ret_from_fork+0x10/0x20
[   17.039409] 
[   17.039497] Allocated by task 160:
[   17.039585]  kasan_save_stack+0x3c/0x68
[   17.039787]  kasan_save_track+0x20/0x40
[   17.039837]  kasan_save_alloc_info+0x40/0x58
[   17.039975]  __kasan_krealloc+0x118/0x178
[   17.040033]  krealloc_noprof+0x128/0x360
[   17.040071]  krealloc_less_oob_helper+0x168/0xc50
[   17.040136]  krealloc_less_oob+0x20/0x38
[   17.040489]  kunit_try_run_case+0x170/0x3f0
[   17.040586]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.040735]  kthread+0x328/0x630
[   17.040826]  ret_from_fork+0x10/0x20
[   17.040944] 
[   17.040964] The buggy address belongs to the object at fff00000c0923400
[   17.040964]  which belongs to the cache kmalloc-256 of size 256
[   17.041047] The buggy address is located 17 bytes to the right of
[   17.041047]  allocated 201-byte region [fff00000c0923400, fff00000c09234c9)
[   17.041306] 
[   17.041483] The buggy address belongs to the physical page:
[   17.041542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922
[   17.041719] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.041815] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.042142] page_type: f5(slab)
[   17.042372] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.042477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.042621] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.042710] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.042765] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff
[   17.042976] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.043065] page dumped because: kasan: bad access detected
[   17.043240] 
[   17.043359] Memory state around the buggy address:
[   17.043429]  fff00000c0923380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.044040]  fff00000c0923400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.044323] >fff00000c0923480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.044394]                                                     ^
[   17.044433]  fff00000c0923500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.044729]  fff00000c0923580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.045305] ==================================================================
[   17.111837] ==================================================================
[   17.111958] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.112034] Write of size 1 at addr fff00000c788e0da by task kunit_try_catch/164
[   17.112138] 
[   17.112172] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.112251] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.112277] Hardware name: linux,dummy-virt (DT)
[   17.112324] Call trace:
[   17.112580]  show_stack+0x20/0x38 (C)
[   17.112753]  dump_stack_lvl+0x8c/0xd0
[   17.112816]  print_report+0x118/0x5d0
[   17.112999]  kasan_report+0xdc/0x128
[   17.113061]  __asan_report_store1_noabort+0x20/0x30
[   17.113335]  krealloc_less_oob_helper+0xa80/0xc50
[   17.113682]  krealloc_large_less_oob+0x20/0x38
[   17.113748]  kunit_try_run_case+0x170/0x3f0
[   17.113934]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.114197]  kthread+0x328/0x630
[   17.114268]  ret_from_fork+0x10/0x20
[   17.114505] 
[   17.114562] The buggy address belongs to the physical page:
[   17.114708] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788c
[   17.115055] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.115219] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.115364] page_type: f8(unknown)
[   17.115633] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.116009] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.116339] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.116411] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.116765] head: 0bfffe0000000002 ffffc1ffc31e2301 00000000ffffffff 00000000ffffffff
[   17.116925] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.117039] page dumped because: kasan: bad access detected
[   17.117310] 
[   17.117355] Memory state around the buggy address:
[   17.117428]  fff00000c788df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.117472]  fff00000c788e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.117512] >fff00000c788e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.117626]                                                     ^
[   17.117676]  fff00000c788e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.117718]  fff00000c788e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.117763] ==================================================================
[   17.118743] ==================================================================
[   17.118790] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.118837] Write of size 1 at addr fff00000c788e0ea by task kunit_try_catch/164
[   17.118888] 
[   17.118916] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.119369] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.119580] Hardware name: linux,dummy-virt (DT)
[   17.119696] Call trace:
[   17.119787]  show_stack+0x20/0x38 (C)
[   17.120046]  dump_stack_lvl+0x8c/0xd0
[   17.120355]  print_report+0x118/0x5d0
[   17.120440]  kasan_report+0xdc/0x128
[   17.120578]  __asan_report_store1_noabort+0x20/0x30
[   17.120671]  krealloc_less_oob_helper+0xae4/0xc50
[   17.120817]  krealloc_large_less_oob+0x20/0x38
[   17.120893]  kunit_try_run_case+0x170/0x3f0
[   17.121099]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.121363]  kthread+0x328/0x630
[   17.121463]  ret_from_fork+0x10/0x20
[   17.121608] 
[   17.121669] The buggy address belongs to the physical page:
[   17.121724] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788c
[   17.121904] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.122128] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.122247] page_type: f8(unknown)
[   17.122312] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.122420] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.122566] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.122613] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.122705] head: 0bfffe0000000002 ffffc1ffc31e2301 00000000ffffffff 00000000ffffffff
[   17.122870] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.123088] page dumped because: kasan: bad access detected
[   17.123141] 
[   17.123208] Memory state around the buggy address:
[   17.123298]  fff00000c788df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.123378]  fff00000c788e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.123503] >fff00000c788e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.123541]                                                           ^
[   17.123596]  fff00000c788e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.124022]  fff00000c788e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.124198] ==================================================================
[   17.047692] ==================================================================
[   17.047746] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.047795] Write of size 1 at addr fff00000c09234ea by task kunit_try_catch/160
[   17.047983] 
[   17.048020] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.048225] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.048406] Hardware name: linux,dummy-virt (DT)
[   17.048473] Call trace:
[   17.048499]  show_stack+0x20/0x38 (C)
[   17.048548]  dump_stack_lvl+0x8c/0xd0
[   17.048792]  print_report+0x118/0x5d0
[   17.048893]  kasan_report+0xdc/0x128
[   17.048938]  __asan_report_store1_noabort+0x20/0x30
[   17.049334]  krealloc_less_oob_helper+0xae4/0xc50
[   17.049405]  krealloc_less_oob+0x20/0x38
[   17.049648]  kunit_try_run_case+0x170/0x3f0
[   17.049851]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.050096]  kthread+0x328/0x630
[   17.050324]  ret_from_fork+0x10/0x20
[   17.050387] 
[   17.050573] Allocated by task 160:
[   17.050670]  kasan_save_stack+0x3c/0x68
[   17.050840]  kasan_save_track+0x20/0x40
[   17.050884]  kasan_save_alloc_info+0x40/0x58
[   17.051168]  __kasan_krealloc+0x118/0x178
[   17.051346]  krealloc_noprof+0x128/0x360
[   17.051427]  krealloc_less_oob_helper+0x168/0xc50
[   17.051465]  krealloc_less_oob+0x20/0x38
[   17.051630]  kunit_try_run_case+0x170/0x3f0
[   17.051863]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.051973]  kthread+0x328/0x630
[   17.052067]  ret_from_fork+0x10/0x20
[   17.052123] 
[   17.052194] The buggy address belongs to the object at fff00000c0923400
[   17.052194]  which belongs to the cache kmalloc-256 of size 256
[   17.052572] The buggy address is located 33 bytes to the right of
[   17.052572]  allocated 201-byte region [fff00000c0923400, fff00000c09234c9)
[   17.052647] 
[   17.052685] The buggy address belongs to the physical page:
[   17.052754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100922
[   17.052806] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.052852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.052902] page_type: f5(slab)
[   17.052959] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.053024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.053096] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.053156] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.053202] head: 0bfffe0000000001 ffffc1ffc3024881 00000000ffffffff 00000000ffffffff
[   17.053248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.053300] page dumped because: kasan: bad access detected
[   17.053720] 
[   17.053749] Memory state around the buggy address:
[   17.054066]  fff00000c0923380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.054411]  fff00000c0923400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.054711] >fff00000c0923480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.054984]                                                           ^
[   17.055036]  fff00000c0923500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.055437]  fff00000c0923580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.055561] ==================================================================
[   17.124755] ==================================================================
[   17.125110] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.125265] Write of size 1 at addr fff00000c788e0eb by task kunit_try_catch/164
[   17.125332] 
[   17.125361] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.125442] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.125467] Hardware name: linux,dummy-virt (DT)
[   17.125496] Call trace:
[   17.125517]  show_stack+0x20/0x38 (C)
[   17.125565]  dump_stack_lvl+0x8c/0xd0
[   17.125612]  print_report+0x118/0x5d0
[   17.125675]  kasan_report+0xdc/0x128
[   17.125727]  __asan_report_store1_noabort+0x20/0x30
[   17.125786]  krealloc_less_oob_helper+0xa58/0xc50
[   17.125834]  krealloc_large_less_oob+0x20/0x38
[   17.125879]  kunit_try_run_case+0x170/0x3f0
[   17.125925]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.125983]  kthread+0x328/0x630
[   17.126028]  ret_from_fork+0x10/0x20
[   17.126074] 
[   17.126094] The buggy address belongs to the physical page:
[   17.126123] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10788c
[   17.126173] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.126217] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.126265] page_type: f8(unknown)
[   17.126667] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.126996] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.127078] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.127155] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.127405] head: 0bfffe0000000002 ffffc1ffc31e2301 00000000ffffffff 00000000ffffffff
[   17.127578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.127734] page dumped because: kasan: bad access detected
[   17.127817] 
[   17.127903] Memory state around the buggy address:
[   17.127937]  fff00000c788df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.128009]  fff00000c788e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.128070] >fff00000c788e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.128392]                                                           ^
[   17.128537]  fff00000c788e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.128601]  fff00000c788e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.128732] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaWVUHqFABEKnxRbofWz5vTxK

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaWVUHqFABEKnxRbofWz5vTxK

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/Image.gz
sha256sum	6f108bf41d35f1fce19b9f3dd48bea0e689f69bd759e1a3761fef3bdacebcbc1

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaSpJ6ulueMjitAIiYHSdicUo/modules.tar.xz
sha256sum	076bc5627f64b7f8fa64e90c5d7ade67331e333d4f3c6ec9ca7d6c88fba26e07

durations

tests

boot	0
kunit	199.35

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   10.903475] ==================================================================
[   10.904466] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.904898] Write of size 1 at addr ffff888102d6a0c9 by task kunit_try_catch/182
[   10.905209] 
[   10.905341] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.905485] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.905501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.905522] Call Trace:
[   10.905535]  <TASK>
[   10.905563]  dump_stack_lvl+0x73/0xb0
[   10.905592]  print_report+0xd1/0x610
[   10.905616]  ? __virt_addr_valid+0x1db/0x2d0
[   10.905639]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.905658]  ? kasan_addr_to_slab+0x11/0xa0
[   10.905679]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.905699]  kasan_report+0x141/0x180
[   10.905720]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.905773]  __asan_report_store1_noabort+0x1b/0x30
[   10.905795]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.905816]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.905885]  ? finish_task_switch.isra.0+0x153/0x700
[   10.905915]  ? __switch_to+0x5d9/0xf60
[   10.905967]  ? dequeue_task_fair+0x156/0x4e0
[   10.905992]  ? __schedule+0x10c6/0x2b60
[   10.906016]  ? __pfx_read_tsc+0x10/0x10
[   10.906051]  krealloc_large_less_oob+0x1c/0x30
[   10.906071]  kunit_try_run_case+0x1a5/0x480
[   10.906092]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.906121]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.906142]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.906166]  ? __kthread_parkme+0x82/0x180
[   10.906187]  ? preempt_count_sub+0x50/0x80
[   10.906212]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.906240]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.906263]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.906285]  kthread+0x337/0x6f0
[   10.906301]  ? trace_preempt_on+0x20/0xc0
[   10.906325]  ? __pfx_kthread+0x10/0x10
[   10.906342]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.906363]  ? calculate_sigpending+0x7b/0xa0
[   10.906384]  ? __pfx_kthread+0x10/0x10
[   10.906402]  ret_from_fork+0x41/0x80
[   10.906423]  ? __pfx_kthread+0x10/0x10
[   10.906440]  ret_from_fork_asm+0x1a/0x30
[   10.906471]  </TASK>
[   10.906483] 
[   10.916187] The buggy address belongs to the physical page:
[   10.916510] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d68
[   10.916980] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.917331] flags: 0x200000000000040(head|node=0|zone=2)
[   10.917679] page_type: f8(unknown)
[   10.917896] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.918575] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.919048] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.919458] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.919905] head: 0200000000000002 ffffea00040b5a01 00000000ffffffff 00000000ffffffff
[   10.920217] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.920807] page dumped because: kasan: bad access detected
[   10.921106] 
[   10.921249] Memory state around the buggy address:
[   10.921566]  ffff888102d69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.921918]  ffff888102d6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.922329] >ffff888102d6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.922538]                                               ^
[   10.923108]  ffff888102d6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.923540]  ffff888102d6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.924053] ==================================================================
[   10.795661] ==================================================================
[   10.796263] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.796834] Write of size 1 at addr ffff888100351aea by task kunit_try_catch/178
[   10.797499] 
[   10.797720] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.797767] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.797778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.797798] Call Trace:
[   10.797816]  <TASK>
[   10.797832]  dump_stack_lvl+0x73/0xb0
[   10.797858]  print_report+0xd1/0x610
[   10.797880]  ? __virt_addr_valid+0x1db/0x2d0
[   10.797901]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.797921]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.797943]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.797962]  kasan_report+0x141/0x180
[   10.797984]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.798009]  __asan_report_store1_noabort+0x1b/0x30
[   10.798029]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.798050]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.798070]  ? finish_task_switch.isra.0+0x153/0x700
[   10.798094]  ? __switch_to+0x5d9/0xf60
[   10.798116]  ? dequeue_task_fair+0x156/0x4e0
[   10.798139]  ? __schedule+0x10c6/0x2b60
[   10.798162]  ? __pfx_read_tsc+0x10/0x10
[   10.798185]  krealloc_less_oob+0x1c/0x30
[   10.798202]  kunit_try_run_case+0x1a5/0x480
[   10.798236]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.798254]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.798274]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.798297]  ? __kthread_parkme+0x82/0x180
[   10.798318]  ? preempt_count_sub+0x50/0x80
[   10.798342]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.798368]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.798391]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.798413]  kthread+0x337/0x6f0
[   10.798429]  ? trace_preempt_on+0x20/0xc0
[   10.798452]  ? __pfx_kthread+0x10/0x10
[   10.798469]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.798491]  ? calculate_sigpending+0x7b/0xa0
[   10.798512]  ? __pfx_kthread+0x10/0x10
[   10.798529]  ret_from_fork+0x41/0x80
[   10.798549]  ? __pfx_kthread+0x10/0x10
[   10.798566]  ret_from_fork_asm+0x1a/0x30
[   10.798596]  </TASK>
[   10.798606] 
[   10.812432] Allocated by task 178:
[   10.812848]  kasan_save_stack+0x45/0x70
[   10.813277]  kasan_save_track+0x18/0x40
[   10.813684]  kasan_save_alloc_info+0x3b/0x50
[   10.814082]  __kasan_krealloc+0x190/0x1f0
[   10.814246]  krealloc_noprof+0xf3/0x340
[   10.814381]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.814538]  krealloc_less_oob+0x1c/0x30
[   10.814684]  kunit_try_run_case+0x1a5/0x480
[   10.814838]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.815056]  kthread+0x337/0x6f0
[   10.815232]  ret_from_fork+0x41/0x80
[   10.815416]  ret_from_fork_asm+0x1a/0x30
[   10.815582] 
[   10.815680] The buggy address belongs to the object at ffff888100351a00
[   10.815680]  which belongs to the cache kmalloc-256 of size 256
[   10.816174] The buggy address is located 33 bytes to the right of
[   10.816174]  allocated 201-byte region [ffff888100351a00, ffff888100351ac9)
[   10.816688] 
[   10.816786] The buggy address belongs to the physical page:
[   10.817214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   10.817743] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.818039] flags: 0x200000000000040(head|node=0|zone=2)
[   10.818281] page_type: f5(slab)
[   10.818404] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.818706] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.819014] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.819717] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.820631] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   10.821246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.822153] page dumped because: kasan: bad access detected
[   10.822679] 
[   10.822761] Memory state around the buggy address:
[   10.822996]  ffff888100351980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.823301]  ffff888100351a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.824139] >ffff888100351a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.824598]                                                           ^
[   10.825116]  ffff888100351b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.825461]  ffff888100351b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.825947] ==================================================================
[   10.826988] ==================================================================
[   10.827316] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.827574] Write of size 1 at addr ffff888100351aeb by task kunit_try_catch/178
[   10.827800] 
[   10.827907] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.827952] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.827963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.827984] Call Trace:
[   10.828002]  <TASK>
[   10.828019]  dump_stack_lvl+0x73/0xb0
[   10.828045]  print_report+0xd1/0x610
[   10.828067]  ? __virt_addr_valid+0x1db/0x2d0
[   10.828088]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.828107]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.828129]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.828148]  kasan_report+0x141/0x180
[   10.828170]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.828194]  __asan_report_store1_noabort+0x1b/0x30
[   10.828235]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.828257]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.828277]  ? finish_task_switch.isra.0+0x153/0x700
[   10.828302]  ? __switch_to+0x5d9/0xf60
[   10.828323]  ? dequeue_task_fair+0x156/0x4e0
[   10.828347]  ? __schedule+0x10c6/0x2b60
[   10.828379]  ? __pfx_read_tsc+0x10/0x10
[   10.828402]  krealloc_less_oob+0x1c/0x30
[   10.828420]  kunit_try_run_case+0x1a5/0x480
[   10.828441]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.828459]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.828479]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.828503]  ? __kthread_parkme+0x82/0x180
[   10.828524]  ? preempt_count_sub+0x50/0x80
[   10.828547]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.828566]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.828589]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.828611]  kthread+0x337/0x6f0
[   10.828628]  ? trace_preempt_on+0x20/0xc0
[   10.828652]  ? __pfx_kthread+0x10/0x10
[   10.828689]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.828711]  ? calculate_sigpending+0x7b/0xa0
[   10.828731]  ? __pfx_kthread+0x10/0x10
[   10.828749]  ret_from_fork+0x41/0x80
[   10.828768]  ? __pfx_kthread+0x10/0x10
[   10.828785]  ret_from_fork_asm+0x1a/0x30
[   10.828816]  </TASK>
[   10.828826] 
[   10.836515] Allocated by task 178:
[   10.836726]  kasan_save_stack+0x45/0x70
[   10.836931]  kasan_save_track+0x18/0x40
[   10.837124]  kasan_save_alloc_info+0x3b/0x50
[   10.837340]  __kasan_krealloc+0x190/0x1f0
[   10.837648]  krealloc_noprof+0xf3/0x340
[   10.837784]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.837940]  krealloc_less_oob+0x1c/0x30
[   10.838074]  kunit_try_run_case+0x1a5/0x480
[   10.838475]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.839003]  kthread+0x337/0x6f0
[   10.839133]  ret_from_fork+0x41/0x80
[   10.839273]  ret_from_fork_asm+0x1a/0x30
[   10.839536] 
[   10.839629] The buggy address belongs to the object at ffff888100351a00
[   10.839629]  which belongs to the cache kmalloc-256 of size 256
[   10.840304] The buggy address is located 34 bytes to the right of
[   10.840304]  allocated 201-byte region [ffff888100351a00, ffff888100351ac9)
[   10.840896] 
[   10.841058] The buggy address belongs to the physical page:
[   10.841252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   10.841641] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.841917] flags: 0x200000000000040(head|node=0|zone=2)
[   10.842090] page_type: f5(slab)
[   10.842209] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.842446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.842674] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.842939] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.843281] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   10.843624] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.844097] page dumped because: kasan: bad access detected
[   10.844356] 
[   10.844424] Memory state around the buggy address:
[   10.844578]  ffff888100351980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.844791]  ffff888100351a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.845010] >ffff888100351a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.845231]                                                           ^
[   10.845553]  ffff888100351b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.846251]  ffff888100351b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.846926] ==================================================================
[   10.764946] ==================================================================
[   10.765245] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.765721] Write of size 1 at addr ffff888100351ada by task kunit_try_catch/178
[   10.765988] 
[   10.766076] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.766119] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.766130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.766150] Call Trace:
[   10.766168]  <TASK>
[   10.766183]  dump_stack_lvl+0x73/0xb0
[   10.766208]  print_report+0xd1/0x610
[   10.766242]  ? __virt_addr_valid+0x1db/0x2d0
[   10.766263]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.766282]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.766304]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.766324]  kasan_report+0x141/0x180
[   10.766345]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.766370]  __asan_report_store1_noabort+0x1b/0x30
[   10.766390]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.766412]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.766432]  ? finish_task_switch.isra.0+0x153/0x700
[   10.766456]  ? __switch_to+0x5d9/0xf60
[   10.766477]  ? dequeue_task_fair+0x156/0x4e0
[   10.766501]  ? __schedule+0x10c6/0x2b60
[   10.766524]  ? __pfx_read_tsc+0x10/0x10
[   10.766547]  krealloc_less_oob+0x1c/0x30
[   10.766564]  kunit_try_run_case+0x1a5/0x480
[   10.766585]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.766603]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.766622]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.766646]  ? __kthread_parkme+0x82/0x180
[   10.766667]  ? preempt_count_sub+0x50/0x80
[   10.766691]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.766710]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.766733]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.766755]  kthread+0x337/0x6f0
[   10.766771]  ? trace_preempt_on+0x20/0xc0
[   10.766850]  ? __pfx_kthread+0x10/0x10
[   10.766873]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.766895]  ? calculate_sigpending+0x7b/0xa0
[   10.766917]  ? __pfx_kthread+0x10/0x10
[   10.766934]  ret_from_fork+0x41/0x80
[   10.766956]  ? __pfx_kthread+0x10/0x10
[   10.766973]  ret_from_fork_asm+0x1a/0x30
[   10.767003]  </TASK>
[   10.767013] 
[   10.775609] Allocated by task 178:
[   10.775737]  kasan_save_stack+0x45/0x70
[   10.775882]  kasan_save_track+0x18/0x40
[   10.776013]  kasan_save_alloc_info+0x3b/0x50
[   10.776154]  __kasan_krealloc+0x190/0x1f0
[   10.776471]  krealloc_noprof+0xf3/0x340
[   10.777199]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.777616]  krealloc_less_oob+0x1c/0x30
[   10.777952]  kunit_try_run_case+0x1a5/0x480
[   10.778527]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.779168]  kthread+0x337/0x6f0
[   10.779595]  ret_from_fork+0x41/0x80
[   10.780288]  ret_from_fork_asm+0x1a/0x30
[   10.780784] 
[   10.780957] The buggy address belongs to the object at ffff888100351a00
[   10.780957]  which belongs to the cache kmalloc-256 of size 256
[   10.782258] The buggy address is located 17 bytes to the right of
[   10.782258]  allocated 201-byte region [ffff888100351a00, ffff888100351ac9)
[   10.783485] 
[   10.783761] The buggy address belongs to the physical page:
[   10.784311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   10.785123] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.785833] flags: 0x200000000000040(head|node=0|zone=2)
[   10.786415] page_type: f5(slab)
[   10.786790] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.787744] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.788328] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.788834] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.789079] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   10.789321] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.789977] page dumped because: kasan: bad access detected
[   10.790643] 
[   10.790833] Memory state around the buggy address:
[   10.790993]  ffff888100351980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.791209]  ffff888100351a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.791570] >ffff888100351a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.792361]                                                     ^
[   10.792957]  ffff888100351b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.793661]  ffff888100351b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.794466] ==================================================================
[   10.964630] ==================================================================
[   10.965217] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.965641] Write of size 1 at addr ffff888102d6a0ea by task kunit_try_catch/182
[   10.966054] 
[   10.966179] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.966221] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.966244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.966328] Call Trace:
[   10.966346]  <TASK>
[   10.966385]  dump_stack_lvl+0x73/0xb0
[   10.966412]  print_report+0xd1/0x610
[   10.966445]  ? __virt_addr_valid+0x1db/0x2d0
[   10.966467]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.966486]  ? kasan_addr_to_slab+0x11/0xa0
[   10.966506]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.966526]  kasan_report+0x141/0x180
[   10.966567]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.966593]  __asan_report_store1_noabort+0x1b/0x30
[   10.966627]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.966649]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.966712]  ? finish_task_switch.isra.0+0x153/0x700
[   10.966740]  ? __switch_to+0x5d9/0xf60
[   10.966773]  ? dequeue_task_fair+0x156/0x4e0
[   10.966797]  ? __schedule+0x10c6/0x2b60
[   10.966820]  ? __pfx_read_tsc+0x10/0x10
[   10.966872]  krealloc_large_less_oob+0x1c/0x30
[   10.966891]  kunit_try_run_case+0x1a5/0x480
[   10.966911]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.966964]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.966984]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.967007]  ? __kthread_parkme+0x82/0x180
[   10.967038]  ? preempt_count_sub+0x50/0x80
[   10.967062]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.967082]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.967104]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.967126]  kthread+0x337/0x6f0
[   10.967142]  ? trace_preempt_on+0x20/0xc0
[   10.967165]  ? __pfx_kthread+0x10/0x10
[   10.967208]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.967247]  ? calculate_sigpending+0x7b/0xa0
[   10.967285]  ? __pfx_kthread+0x10/0x10
[   10.967311]  ret_from_fork+0x41/0x80
[   10.967332]  ? __pfx_kthread+0x10/0x10
[   10.967349]  ret_from_fork_asm+0x1a/0x30
[   10.967391]  </TASK>
[   10.967402] 
[   10.977996] The buggy address belongs to the physical page:
[   10.978561] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d68
[   10.979381] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.980135] flags: 0x200000000000040(head|node=0|zone=2)
[   10.980703] page_type: f8(unknown)
[   10.981090] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.981811] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.982669] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.983240] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.983699] head: 0200000000000002 ffffea00040b5a01 00000000ffffffff 00000000ffffffff
[   10.984457] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.985173] page dumped because: kasan: bad access detected
[   10.985369] 
[   10.985533] Memory state around the buggy address:
[   10.986025]  ffff888102d69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.986697]  ffff888102d6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.987265] >ffff888102d6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.987504]                                                           ^
[   10.987804]  ffff888102d6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.988450]  ffff888102d6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.989145] ==================================================================
[   10.944618] ==================================================================
[   10.945035] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.945614] Write of size 1 at addr ffff888102d6a0da by task kunit_try_catch/182
[   10.945863] 
[   10.945974] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.946091] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.946104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.946137] Call Trace:
[   10.946152]  <TASK>
[   10.946167]  dump_stack_lvl+0x73/0xb0
[   10.946194]  print_report+0xd1/0x610
[   10.946216]  ? __virt_addr_valid+0x1db/0x2d0
[   10.946246]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.946267]  ? kasan_addr_to_slab+0x11/0xa0
[   10.946287]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.946307]  kasan_report+0x141/0x180
[   10.946363]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.946396]  __asan_report_store1_noabort+0x1b/0x30
[   10.946417]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.946450]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.946470]  ? finish_task_switch.isra.0+0x153/0x700
[   10.946495]  ? __switch_to+0x5d9/0xf60
[   10.946515]  ? dequeue_task_fair+0x156/0x4e0
[   10.946565]  ? __schedule+0x10c6/0x2b60
[   10.946589]  ? __pfx_read_tsc+0x10/0x10
[   10.946612]  krealloc_large_less_oob+0x1c/0x30
[   10.946641]  kunit_try_run_case+0x1a5/0x480
[   10.946709]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.946763]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.946784]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.946807]  ? __kthread_parkme+0x82/0x180
[   10.946839]  ? preempt_count_sub+0x50/0x80
[   10.946863]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.946908]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.946931]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.946953]  kthread+0x337/0x6f0
[   10.946970]  ? trace_preempt_on+0x20/0xc0
[   10.947005]  ? __pfx_kthread+0x10/0x10
[   10.947023]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.947044]  ? calculate_sigpending+0x7b/0xa0
[   10.947090]  ? __pfx_kthread+0x10/0x10
[   10.947108]  ret_from_fork+0x41/0x80
[   10.947152]  ? __pfx_kthread+0x10/0x10
[   10.947182]  ret_from_fork_asm+0x1a/0x30
[   10.947248]  </TASK>
[   10.947259] 
[   10.957014] The buggy address belongs to the physical page:
[   10.957325] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d68
[   10.957775] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.958116] flags: 0x200000000000040(head|node=0|zone=2)
[   10.958429] page_type: f8(unknown)
[   10.958617] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.958951] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.959350] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.959807] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.960429] head: 0200000000000002 ffffea00040b5a01 00000000ffffffff 00000000ffffffff
[   10.960811] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.961146] page dumped because: kasan: bad access detected
[   10.961354] 
[   10.961420] Memory state around the buggy address:
[   10.961569]  ffff888102d69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.962010]  ffff888102d6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.962392] >ffff888102d6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.962899]                                                     ^
[   10.963219]  ffff888102d6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.963586]  ffff888102d6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.964143] ==================================================================
[   10.717551] ==================================================================
[   10.718415] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.718726] Write of size 1 at addr ffff888100351ac9 by task kunit_try_catch/178
[   10.719129] 
[   10.719258] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.719303] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.719313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.719334] Call Trace:
[   10.719346]  <TASK>
[   10.719362]  dump_stack_lvl+0x73/0xb0
[   10.719387]  print_report+0xd1/0x610
[   10.719409]  ? __virt_addr_valid+0x1db/0x2d0
[   10.719431]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.719467]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.719489]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.719509]  kasan_report+0x141/0x180
[   10.719531]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.719556]  __asan_report_store1_noabort+0x1b/0x30
[   10.719576]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.719598]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.719618]  ? finish_task_switch.isra.0+0x153/0x700
[   10.719642]  ? __switch_to+0x5d9/0xf60
[   10.719707]  ? dequeue_task_fair+0x156/0x4e0
[   10.719736]  ? __schedule+0x10c6/0x2b60
[   10.719760]  ? __pfx_read_tsc+0x10/0x10
[   10.719784]  krealloc_less_oob+0x1c/0x30
[   10.719802]  kunit_try_run_case+0x1a5/0x480
[   10.719823]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.719841]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.719861]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.719885]  ? __kthread_parkme+0x82/0x180
[   10.719906]  ? preempt_count_sub+0x50/0x80
[   10.719930]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.719949]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.719971]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.719994]  kthread+0x337/0x6f0
[   10.720010]  ? trace_preempt_on+0x20/0xc0
[   10.720033]  ? __pfx_kthread+0x10/0x10
[   10.720050]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.720071]  ? calculate_sigpending+0x7b/0xa0
[   10.720092]  ? __pfx_kthread+0x10/0x10
[   10.720110]  ret_from_fork+0x41/0x80
[   10.720130]  ? __pfx_kthread+0x10/0x10
[   10.720147]  ret_from_fork_asm+0x1a/0x30
[   10.720177]  </TASK>
[   10.720189] 
[   10.727928] Allocated by task 178:
[   10.728060]  kasan_save_stack+0x45/0x70
[   10.728270]  kasan_save_track+0x18/0x40
[   10.728618]  kasan_save_alloc_info+0x3b/0x50
[   10.729095]  __kasan_krealloc+0x190/0x1f0
[   10.729337]  krealloc_noprof+0xf3/0x340
[   10.729532]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.729906]  krealloc_less_oob+0x1c/0x30
[   10.730081]  kunit_try_run_case+0x1a5/0x480
[   10.730239]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.730595]  kthread+0x337/0x6f0
[   10.730794]  ret_from_fork+0x41/0x80
[   10.730929]  ret_from_fork_asm+0x1a/0x30
[   10.731128] 
[   10.731235] The buggy address belongs to the object at ffff888100351a00
[   10.731235]  which belongs to the cache kmalloc-256 of size 256
[   10.731702] The buggy address is located 0 bytes to the right of
[   10.731702]  allocated 201-byte region [ffff888100351a00, ffff888100351ac9)
[   10.732251] 
[   10.732334] The buggy address belongs to the physical page:
[   10.732610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   10.732942] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.733281] flags: 0x200000000000040(head|node=0|zone=2)
[   10.733536] page_type: f5(slab)
[   10.733708] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.733939] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.734168] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.734497] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.734893] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   10.735247] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.735612] page dumped because: kasan: bad access detected
[   10.735782] 
[   10.735849] Memory state around the buggy address:
[   10.736241]  ffff888100351980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.736973]  ffff888100351a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.737285] >ffff888100351a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.737588]                                               ^
[   10.737941]  ffff888100351b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.738323]  ffff888100351b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.738545] ==================================================================
[   10.989799] ==================================================================
[   10.990018] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.990271] Write of size 1 at addr ffff888102d6a0eb by task kunit_try_catch/182
[   10.990713] 
[   10.990852] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.990897] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.990908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.990929] Call Trace:
[   10.990946]  <TASK>
[   10.990962]  dump_stack_lvl+0x73/0xb0
[   10.990987]  print_report+0xd1/0x610
[   10.991009]  ? __virt_addr_valid+0x1db/0x2d0
[   10.991030]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.991049]  ? kasan_addr_to_slab+0x11/0xa0
[   10.991069]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.991089]  kasan_report+0x141/0x180
[   10.991111]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.991136]  __asan_report_store1_noabort+0x1b/0x30
[   10.991156]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.991177]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.991197]  ? finish_task_switch.isra.0+0x153/0x700
[   10.991236]  ? __switch_to+0x5d9/0xf60
[   10.991257]  ? dequeue_task_fair+0x156/0x4e0
[   10.991281]  ? __schedule+0x10c6/0x2b60
[   10.991304]  ? __pfx_read_tsc+0x10/0x10
[   10.991327]  krealloc_large_less_oob+0x1c/0x30
[   10.991346]  kunit_try_run_case+0x1a5/0x480
[   10.991366]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.991384]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.991404]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.991428]  ? __kthread_parkme+0x82/0x180
[   10.991448]  ? preempt_count_sub+0x50/0x80
[   10.991472]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.991491]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.991514]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.991536]  kthread+0x337/0x6f0
[   10.991552]  ? trace_preempt_on+0x20/0xc0
[   10.991575]  ? __pfx_kthread+0x10/0x10
[   10.991592]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.991614]  ? calculate_sigpending+0x7b/0xa0
[   10.991635]  ? __pfx_kthread+0x10/0x10
[   10.991652]  ret_from_fork+0x41/0x80
[   10.991710]  ? __pfx_kthread+0x10/0x10
[   10.991729]  ret_from_fork_asm+0x1a/0x30
[   10.991760]  </TASK>
[   10.991770] 
[   10.999566] The buggy address belongs to the physical page:
[   10.999849] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d68
[   11.000139] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.000541] flags: 0x200000000000040(head|node=0|zone=2)
[   11.000713] page_type: f8(unknown)
[   11.000835] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.001133] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.001482] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.001854] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.002099] head: 0200000000000002 ffffea00040b5a01 00000000ffffffff 00000000ffffffff
[   11.002566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.002886] page dumped because: kasan: bad access detected
[   11.003048] 
[   11.003113] Memory state around the buggy address:
[   11.003272]  ffff888102d69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.003694]  ffff888102d6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.004009] >ffff888102d6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.004398]                                                           ^
[   11.004726]  ffff888102d6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.005000]  ffff888102d6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.005236] ==================================================================
[   10.739049] ==================================================================
[   10.739430] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.739828] Write of size 1 at addr ffff888100351ad0 by task kunit_try_catch/178
[   10.740112] 
[   10.740199] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.740253] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.740264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.740284] Call Trace:
[   10.740295]  <TASK>
[   10.740311]  dump_stack_lvl+0x73/0xb0
[   10.740335]  print_report+0xd1/0x610
[   10.740357]  ? __virt_addr_valid+0x1db/0x2d0
[   10.740378]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.740397]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.740419]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.740439]  kasan_report+0x141/0x180
[   10.740460]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.740485]  __asan_report_store1_noabort+0x1b/0x30
[   10.740505]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.740527]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.740547]  ? finish_task_switch.isra.0+0x153/0x700
[   10.740571]  ? __switch_to+0x5d9/0xf60
[   10.740591]  ? dequeue_task_fair+0x156/0x4e0
[   10.740616]  ? __schedule+0x10c6/0x2b60
[   10.740639]  ? __pfx_read_tsc+0x10/0x10
[   10.740662]  krealloc_less_oob+0x1c/0x30
[   10.740679]  kunit_try_run_case+0x1a5/0x480
[   10.740699]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.740717]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.740737]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.740761]  ? __kthread_parkme+0x82/0x180
[   10.740823]  ? preempt_count_sub+0x50/0x80
[   10.740848]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.740868]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.740890]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.740912]  kthread+0x337/0x6f0
[   10.740933]  ? trace_preempt_on+0x20/0xc0
[   10.740957]  ? __pfx_kthread+0x10/0x10
[   10.740974]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.740996]  ? calculate_sigpending+0x7b/0xa0
[   10.741019]  ? __pfx_kthread+0x10/0x10
[   10.741036]  ret_from_fork+0x41/0x80
[   10.741057]  ? __pfx_kthread+0x10/0x10
[   10.741075]  ret_from_fork_asm+0x1a/0x30
[   10.741106]  </TASK>
[   10.741116] 
[   10.749355] Allocated by task 178:
[   10.749602]  kasan_save_stack+0x45/0x70
[   10.751859]  kasan_save_track+0x18/0x40
[   10.752040]  kasan_save_alloc_info+0x3b/0x50
[   10.752260]  __kasan_krealloc+0x190/0x1f0
[   10.753160]  krealloc_noprof+0xf3/0x340
[   10.753329]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.753815]  krealloc_less_oob+0x1c/0x30
[   10.754089]  kunit_try_run_case+0x1a5/0x480
[   10.754358]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.754777]  kthread+0x337/0x6f0
[   10.754934]  ret_from_fork+0x41/0x80
[   10.755259]  ret_from_fork_asm+0x1a/0x30
[   10.755480] 
[   10.755576] The buggy address belongs to the object at ffff888100351a00
[   10.755576]  which belongs to the cache kmalloc-256 of size 256
[   10.756144] The buggy address is located 7 bytes to the right of
[   10.756144]  allocated 201-byte region [ffff888100351a00, ffff888100351ac9)
[   10.757074] 
[   10.757319] The buggy address belongs to the physical page:
[   10.757542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   10.758108] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.758614] flags: 0x200000000000040(head|node=0|zone=2)
[   10.758890] page_type: f5(slab)
[   10.759245] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.759598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.759909] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.760294] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.760624] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   10.761155] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.761511] page dumped because: kasan: bad access detected
[   10.761687] 
[   10.761904] Memory state around the buggy address:
[   10.762136]  ffff888100351980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.762390]  ffff888100351a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.762682] >ffff888100351a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.763295]                                                  ^
[   10.763524]  ffff888100351b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.763837]  ffff888100351b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.764169] ==================================================================
[   10.924445] ==================================================================
[   10.924940] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.925194] Write of size 1 at addr ffff888102d6a0d0 by task kunit_try_catch/182
[   10.925583] 
[   10.925736] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.925815] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.925826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.925858] Call Trace:
[   10.925875]  <TASK>
[   10.925890]  dump_stack_lvl+0x73/0xb0
[   10.925944]  print_report+0xd1/0x610
[   10.925967]  ? __virt_addr_valid+0x1db/0x2d0
[   10.925987]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.926018]  ? kasan_addr_to_slab+0x11/0xa0
[   10.926038]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.926058]  kasan_report+0x141/0x180
[   10.926080]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.926121]  __asan_report_store1_noabort+0x1b/0x30
[   10.926150]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.926172]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.926192]  ? finish_task_switch.isra.0+0x153/0x700
[   10.926236]  ? __switch_to+0x5d9/0xf60
[   10.926257]  ? dequeue_task_fair+0x156/0x4e0
[   10.926307]  ? __schedule+0x10c6/0x2b60
[   10.926331]  ? __pfx_read_tsc+0x10/0x10
[   10.926354]  krealloc_large_less_oob+0x1c/0x30
[   10.926395]  kunit_try_run_case+0x1a5/0x480
[   10.926417]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.926435]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.926465]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.926489]  ? __kthread_parkme+0x82/0x180
[   10.926510]  ? preempt_count_sub+0x50/0x80
[   10.926533]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.926553]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.926575]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.926616]  kthread+0x337/0x6f0
[   10.926632]  ? trace_preempt_on+0x20/0xc0
[   10.926714]  ? __pfx_kthread+0x10/0x10
[   10.926734]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.926756]  ? calculate_sigpending+0x7b/0xa0
[   10.926789]  ? __pfx_kthread+0x10/0x10
[   10.926806]  ret_from_fork+0x41/0x80
[   10.926827]  ? __pfx_kthread+0x10/0x10
[   10.926844]  ret_from_fork_asm+0x1a/0x30
[   10.926875]  </TASK>
[   10.926886] 
[   10.936033] The buggy address belongs to the physical page:
[   10.936372] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d68
[   10.937098] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.937508] flags: 0x200000000000040(head|node=0|zone=2)
[   10.937880] page_type: f8(unknown)
[   10.938011] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.938377] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.938956] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.939534] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   10.940049] head: 0200000000000002 ffffea00040b5a01 00000000ffffffff 00000000ffffffff
[   10.940470] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.940876] page dumped because: kasan: bad access detected
[   10.941235] 
[   10.941344] Memory state around the buggy address:
[   10.941513]  ffff888102d69f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.941979]  ffff888102d6a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.942325] >ffff888102d6a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.942780]                                                  ^
[   10.943148]  ffff888102d6a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.943448]  ffff888102d6a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.943867] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

30EaRlW1hcZUcAyQauMeYdebh6E

job_id

TEST:linaro@lkft#30EaY1yQOqV4JySRXFsKWTVrukm

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/30EaY1yQOqV4JySRXFsKWTVrukm

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/bzImage
sha256sum	215211c9ffbc30f7da06e446c23393cbd85dd0dce6cfc2e76dfe983268e0fd6f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/30EaTw8uvpYx9tCm3ZICfhNMNnI/modules.tar.xz
sha256sum	a7c1adb8beea2d29cd88ecba2f3d585aa904241bd0d61a861fcebc67fa6cd397

durations

tests

boot	0
kunit	220.14

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit