lkft/linux-mainline-master - v6.16-rc4-123-g4c06e63b9203 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 3, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.519998] ==================================================================
[   19.520143] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.520282] Write of size 1 at addr fff00000c656e0c9 by task kunit_try_catch/162
[   19.520400] 
[   19.520531] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.520748] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.520810] Hardware name: linux,dummy-virt (DT)
[   19.520882] Call trace:
[   19.520927]  show_stack+0x20/0x38 (C)
[   19.521017]  dump_stack_lvl+0x8c/0xd0
[   19.521131]  print_report+0x118/0x608
[   19.521230]  kasan_report+0xdc/0x128
[   19.521333]  __asan_report_store1_noabort+0x20/0x30
[   19.521440]  krealloc_less_oob_helper+0xa48/0xc50
[   19.521914]  krealloc_large_less_oob+0x20/0x38
[   19.522059]  kunit_try_run_case+0x170/0x3f0
[   19.522173]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.522278]  kthread+0x328/0x630
[   19.522370]  ret_from_fork+0x10/0x20
[   19.522466] 
[   19.522510] The buggy address belongs to the physical page:
[   19.522578] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656c
[   19.522772] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.522879] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.523005] page_type: f8(unknown)
[   19.523181] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.523309] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.523424] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.523532] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.523632] head: 0bfffe0000000002 ffffc1ffc3195b01 00000000ffffffff 00000000ffffffff
[   19.524201] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.524301] page dumped because: kasan: bad access detected
[   19.524413] 
[   19.524550] Memory state around the buggy address:
[   19.524645]  fff00000c656df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.524757]  fff00000c656e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.524848] >fff00000c656e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.525264]                                               ^
[   19.525666]  fff00000c656e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.525983]  fff00000c656e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.526091] ==================================================================
[   19.442641] ==================================================================
[   19.442798] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.442935] Write of size 1 at addr fff00000c17b32ea by task kunit_try_catch/158
[   19.443068] 
[   19.443130] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.443282] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.443675] Hardware name: linux,dummy-virt (DT)
[   19.443771] Call trace:
[   19.443818]  show_stack+0x20/0x38 (C)
[   19.443920]  dump_stack_lvl+0x8c/0xd0
[   19.444036]  print_report+0x118/0x608
[   19.444143]  kasan_report+0xdc/0x128
[   19.444243]  __asan_report_store1_noabort+0x20/0x30
[   19.444348]  krealloc_less_oob_helper+0xae4/0xc50
[   19.444455]  krealloc_less_oob+0x20/0x38
[   19.444570]  kunit_try_run_case+0x170/0x3f0
[   19.444683]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.444804]  kthread+0x328/0x630
[   19.444894]  ret_from_fork+0x10/0x20
[   19.444995] 
[   19.445051] Allocated by task 158:
[   19.445123]  kasan_save_stack+0x3c/0x68
[   19.445204]  kasan_save_track+0x20/0x40
[   19.445402]  kasan_save_alloc_info+0x40/0x58
[   19.445745]  __kasan_krealloc+0x118/0x178
[   19.446003]  krealloc_noprof+0x128/0x360
[   19.446190]  krealloc_less_oob_helper+0x168/0xc50
[   19.446320]  krealloc_less_oob+0x20/0x38
[   19.446554]  kunit_try_run_case+0x170/0x3f0
[   19.446659]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.446768]  kthread+0x328/0x630
[   19.446845]  ret_from_fork+0x10/0x20
[   19.446956] 
[   19.447046] The buggy address belongs to the object at fff00000c17b3200
[   19.447046]  which belongs to the cache kmalloc-256 of size 256
[   19.447224] The buggy address is located 33 bytes to the right of
[   19.447224]  allocated 201-byte region [fff00000c17b3200, fff00000c17b32c9)
[   19.447358] 
[   19.447403] The buggy address belongs to the physical page:
[   19.447469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b2
[   19.447586] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.447687] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.447797] page_type: f5(slab)
[   19.447876] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.447992] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.448115] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.448232] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.448333] head: 0bfffe0000000001 ffffc1ffc305ec81 00000000ffffffff 00000000ffffffff
[   19.448840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.449101] page dumped because: kasan: bad access detected
[   19.449350] 
[   19.449445] Memory state around the buggy address:
[   19.449541]  fff00000c17b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.449629]  fff00000c17b3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.449717] >fff00000c17b3280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.450061]                                                           ^
[   19.450158]  fff00000c17b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.450235]  fff00000c17b3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.450449] ==================================================================
[   19.565328] ==================================================================
[   19.565411] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.565514] Write of size 1 at addr fff00000c656e0eb by task kunit_try_catch/162
[   19.565630] 
[   19.565751] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.565910] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.565960] Hardware name: linux,dummy-virt (DT)
[   19.566056] Call trace:
[   19.566101]  show_stack+0x20/0x38 (C)
[   19.566200]  dump_stack_lvl+0x8c/0xd0
[   19.566289]  print_report+0x118/0x608
[   19.566376]  kasan_report+0xdc/0x128
[   19.566470]  __asan_report_store1_noabort+0x20/0x30
[   19.566552]  krealloc_less_oob_helper+0xa58/0xc50
[   19.566624]  krealloc_large_less_oob+0x20/0x38
[   19.566717]  kunit_try_run_case+0x170/0x3f0
[   19.566831]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.567011]  kthread+0x328/0x630
[   19.567158]  ret_from_fork+0x10/0x20
[   19.567306] 
[   19.567367] The buggy address belongs to the physical page:
[   19.567457] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656c
[   19.567577] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.567716] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.567826] page_type: f8(unknown)
[   19.567924] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.568098] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.568344] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.568763] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.568864] head: 0bfffe0000000002 ffffc1ffc3195b01 00000000ffffffff 00000000ffffffff
[   19.569184] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.569275] page dumped because: kasan: bad access detected
[   19.569350] 
[   19.569409] Memory state around the buggy address:
[   19.569563]  fff00000c656df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.569658]  fff00000c656e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.569764] >fff00000c656e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.569846]                                                           ^
[   19.569989]  fff00000c656e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.570153]  fff00000c656e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.570231] ==================================================================
[   19.413629] ==================================================================
[   19.413809] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.413909] Write of size 1 at addr fff00000c17b32c9 by task kunit_try_catch/158
[   19.414046] 
[   19.414150] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.414391] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.414466] Hardware name: linux,dummy-virt (DT)
[   19.414645] Call trace:
[   19.414712]  show_stack+0x20/0x38 (C)
[   19.414824]  dump_stack_lvl+0x8c/0xd0
[   19.414927]  print_report+0x118/0x608
[   19.415078]  kasan_report+0xdc/0x128
[   19.415194]  __asan_report_store1_noabort+0x20/0x30
[   19.415378]  krealloc_less_oob_helper+0xa48/0xc50
[   19.415557]  krealloc_less_oob+0x20/0x38
[   19.415644]  kunit_try_run_case+0x170/0x3f0
[   19.415734]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.415840]  kthread+0x328/0x630
[   19.415959]  ret_from_fork+0x10/0x20
[   19.416223] 
[   19.416265] Allocated by task 158:
[   19.416344]  kasan_save_stack+0x3c/0x68
[   19.416438]  kasan_save_track+0x20/0x40
[   19.416530]  kasan_save_alloc_info+0x40/0x58
[   19.416625]  __kasan_krealloc+0x118/0x178
[   19.416711]  krealloc_noprof+0x128/0x360
[   19.416790]  krealloc_less_oob_helper+0x168/0xc50
[   19.416876]  krealloc_less_oob+0x20/0x38
[   19.416947]  kunit_try_run_case+0x170/0x3f0
[   19.417042]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.417139]  kthread+0x328/0x630
[   19.417210]  ret_from_fork+0x10/0x20
[   19.417286] 
[   19.417325] The buggy address belongs to the object at fff00000c17b3200
[   19.417325]  which belongs to the cache kmalloc-256 of size 256
[   19.417457] The buggy address is located 0 bytes to the right of
[   19.417457]  allocated 201-byte region [fff00000c17b3200, fff00000c17b32c9)
[   19.417656] 
[   19.418114] The buggy address belongs to the physical page:
[   19.418452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b2
[   19.418615] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.418730] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.418874] page_type: f5(slab)
[   19.418960] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.419069] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.419169] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.419464] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.419616] head: 0bfffe0000000001 ffffc1ffc305ec81 00000000ffffffff 00000000ffffffff
[   19.419793] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.419889] page dumped because: kasan: bad access detected
[   19.419978] 
[   19.420079] Memory state around the buggy address:
[   19.420202]  fff00000c17b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.420342]  fff00000c17b3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.420440] >fff00000c17b3280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.420527]                                               ^
[   19.420606]  fff00000c17b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.420709]  fff00000c17b3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.420811] ==================================================================
[   19.432735] ==================================================================
[   19.432889] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.433036] Write of size 1 at addr fff00000c17b32da by task kunit_try_catch/158
[   19.433190] 
[   19.433272] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.433440] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.433499] Hardware name: linux,dummy-virt (DT)
[   19.433568] Call trace:
[   19.433612]  show_stack+0x20/0x38 (C)
[   19.433714]  dump_stack_lvl+0x8c/0xd0
[   19.433802]  print_report+0x118/0x608
[   19.433897]  kasan_report+0xdc/0x128
[   19.434341]  __asan_report_store1_noabort+0x20/0x30
[   19.434450]  krealloc_less_oob_helper+0xa80/0xc50
[   19.434559]  krealloc_less_oob+0x20/0x38
[   19.434663]  kunit_try_run_case+0x170/0x3f0
[   19.435713]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.435916]  kthread+0x328/0x630
[   19.436006]  ret_from_fork+0x10/0x20
[   19.436132] 
[   19.436199] Allocated by task 158:
[   19.436288]  kasan_save_stack+0x3c/0x68
[   19.436409]  kasan_save_track+0x20/0x40
[   19.436697]  kasan_save_alloc_info+0x40/0x58
[   19.436889]  __kasan_krealloc+0x118/0x178
[   19.437014]  krealloc_noprof+0x128/0x360
[   19.437142]  krealloc_less_oob_helper+0x168/0xc50
[   19.437230]  krealloc_less_oob+0x20/0x38
[   19.437301]  kunit_try_run_case+0x170/0x3f0
[   19.437378]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.437473]  kthread+0x328/0x630
[   19.437542]  ret_from_fork+0x10/0x20
[   19.437618] 
[   19.437660] The buggy address belongs to the object at fff00000c17b3200
[   19.437660]  which belongs to the cache kmalloc-256 of size 256
[   19.437780] The buggy address is located 17 bytes to the right of
[   19.437780]  allocated 201-byte region [fff00000c17b3200, fff00000c17b32c9)
[   19.437922] 
[   19.437962] The buggy address belongs to the physical page:
[   19.438051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b2
[   19.438156] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.438825] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.438993] page_type: f5(slab)
[   19.439078] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.439371] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.439488] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.439630] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.439740] head: 0bfffe0000000001 ffffc1ffc305ec81 00000000ffffffff 00000000ffffffff
[   19.439849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.439937] page dumped because: kasan: bad access detected
[   19.440002] 
[   19.440052] Memory state around the buggy address:
[   19.440121]  fff00000c17b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.440219]  fff00000c17b3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.440316] >fff00000c17b3280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.440399]                                                     ^
[   19.440481]  fff00000c17b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.440591]  fff00000c17b3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.440683] ==================================================================
[   19.425208] ==================================================================
[   19.425452] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.425906] Write of size 1 at addr fff00000c17b32d0 by task kunit_try_catch/158
[   19.426222] 
[   19.426385] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.426660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.426935] Hardware name: linux,dummy-virt (DT)
[   19.427016] Call trace:
[   19.427091]  show_stack+0x20/0x38 (C)
[   19.427224]  dump_stack_lvl+0x8c/0xd0
[   19.427313]  print_report+0x118/0x608
[   19.427380]  kasan_report+0xdc/0x128
[   19.427433]  __asan_report_store1_noabort+0x20/0x30
[   19.427480]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.427528]  krealloc_less_oob+0x20/0x38
[   19.427572]  kunit_try_run_case+0x170/0x3f0
[   19.427620]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.427671]  kthread+0x328/0x630
[   19.427712]  ret_from_fork+0x10/0x20
[   19.427759] 
[   19.427779] Allocated by task 158:
[   19.427809]  kasan_save_stack+0x3c/0x68
[   19.427853]  kasan_save_track+0x20/0x40
[   19.427890]  kasan_save_alloc_info+0x40/0x58
[   19.427928]  __kasan_krealloc+0x118/0x178
[   19.427964]  krealloc_noprof+0x128/0x360
[   19.428000]  krealloc_less_oob_helper+0x168/0xc50
[   19.428070]  krealloc_less_oob+0x20/0x38
[   19.428142]  kunit_try_run_case+0x170/0x3f0
[   19.428243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.428334]  kthread+0x328/0x630
[   19.428402]  ret_from_fork+0x10/0x20
[   19.428474] 
[   19.428522] The buggy address belongs to the object at fff00000c17b3200
[   19.428522]  which belongs to the cache kmalloc-256 of size 256
[   19.428669] The buggy address is located 7 bytes to the right of
[   19.428669]  allocated 201-byte region [fff00000c17b3200, fff00000c17b32c9)
[   19.428871] 
[   19.428929] The buggy address belongs to the physical page:
[   19.428990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b2
[   19.429139] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.429258] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.429417] page_type: f5(slab)
[   19.429528] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.429639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.429731] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.429829] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.430193] head: 0bfffe0000000001 ffffc1ffc305ec81 00000000ffffffff 00000000ffffffff
[   19.430289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.430372] page dumped because: kasan: bad access detected
[   19.430432] 
[   19.430463] Memory state around the buggy address:
[   19.430835]  fff00000c17b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.430993]  fff00000c17b3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.431143] >fff00000c17b3280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.431231]                                                  ^
[   19.431311]  fff00000c17b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.431404]  fff00000c17b3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.431486] ==================================================================
[   19.529695] ==================================================================
[   19.529820] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.529934] Write of size 1 at addr fff00000c656e0d0 by task kunit_try_catch/162
[   19.530055] 
[   19.530123] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.530306] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.530371] Hardware name: linux,dummy-virt (DT)
[   19.530438] Call trace:
[   19.530497]  show_stack+0x20/0x38 (C)
[   19.530616]  dump_stack_lvl+0x8c/0xd0
[   19.532386]  print_report+0x118/0x608
[   19.533331]  kasan_report+0xdc/0x128
[   19.534491]  __asan_report_store1_noabort+0x20/0x30
[   19.534614]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.535633]  krealloc_large_less_oob+0x20/0x38
[   19.535790]  kunit_try_run_case+0x170/0x3f0
[   19.537879]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.538002]  kthread+0x328/0x630
[   19.539984]  ret_from_fork+0x10/0x20
[   19.540940] 
[   19.541782] The buggy address belongs to the physical page:
[   19.541863] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656c
[   19.541988] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.544051] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.545051] page_type: f8(unknown)
[   19.545572] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.545933] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.546203] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.546894] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.547513] head: 0bfffe0000000002 ffffc1ffc3195b01 00000000ffffffff 00000000ffffffff
[   19.547763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.548242] page dumped because: kasan: bad access detected
[   19.548522] 
[   19.548578] Memory state around the buggy address:
[   19.548664]  fff00000c656df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.549712]  fff00000c656e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.549921] >fff00000c656e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.549990]                                                  ^
[   19.550101]  fff00000c656e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.551684]  fff00000c656e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.551806] ==================================================================
[   19.554598] ==================================================================
[   19.554805] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.554936] Write of size 1 at addr fff00000c656e0da by task kunit_try_catch/162
[   19.555446] 
[   19.555608] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.555880] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.555940] Hardware name: linux,dummy-virt (DT)
[   19.556398] Call trace:
[   19.556522]  show_stack+0x20/0x38 (C)
[   19.556675]  dump_stack_lvl+0x8c/0xd0
[   19.556847]  print_report+0x118/0x608
[   19.556950]  kasan_report+0xdc/0x128
[   19.557056]  __asan_report_store1_noabort+0x20/0x30
[   19.557167]  krealloc_less_oob_helper+0xa80/0xc50
[   19.557305]  krealloc_large_less_oob+0x20/0x38
[   19.557451]  kunit_try_run_case+0x170/0x3f0
[   19.557596]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.557758]  kthread+0x328/0x630
[   19.557844]  ret_from_fork+0x10/0x20
[   19.557946] 
[   19.558010] The buggy address belongs to the physical page:
[   19.558099] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656c
[   19.558219] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.558324] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.558429] page_type: f8(unknown)
[   19.558497] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.558620] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.558718] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.558805] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.558896] head: 0bfffe0000000002 ffffc1ffc3195b01 00000000ffffffff 00000000ffffffff
[   19.558990] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.559147] page dumped because: kasan: bad access detected
[   19.559216] 
[   19.559256] Memory state around the buggy address:
[   19.559325]  fff00000c656df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.559419]  fff00000c656e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.559510] >fff00000c656e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.559599]                                                     ^
[   19.559712]  fff00000c656e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.559819]  fff00000c656e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.559909] ==================================================================
[   19.560903] ==================================================================
[   19.561038] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.561152] Write of size 1 at addr fff00000c656e0ea by task kunit_try_catch/162
[   19.561263] 
[   19.561338] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.561510] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.561567] Hardware name: linux,dummy-virt (DT)
[   19.561633] Call trace:
[   19.561734]  show_stack+0x20/0x38 (C)
[   19.561832]  dump_stack_lvl+0x8c/0xd0
[   19.561916]  print_report+0x118/0x608
[   19.561999]  kasan_report+0xdc/0x128
[   19.562110]  __asan_report_store1_noabort+0x20/0x30
[   19.562241]  krealloc_less_oob_helper+0xae4/0xc50
[   19.562387]  krealloc_large_less_oob+0x20/0x38
[   19.562517]  kunit_try_run_case+0x170/0x3f0
[   19.562604]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.562719]  kthread+0x328/0x630
[   19.562798]  ret_from_fork+0x10/0x20
[   19.562891] 
[   19.562928] The buggy address belongs to the physical page:
[   19.562981] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10656c
[   19.563102] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.563187] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.563285] page_type: f8(unknown)
[   19.563399] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.563520] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.563648] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.563772] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.563918] head: 0bfffe0000000002 ffffc1ffc3195b01 00000000ffffffff 00000000ffffffff
[   19.564080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.564200] page dumped because: kasan: bad access detected
[   19.564260] 
[   19.564296] Memory state around the buggy address:
[   19.564366]  fff00000c656df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.564509]  fff00000c656e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.564610] >fff00000c656e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.564729]                                                           ^
[   19.564850]  fff00000c656e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.564942]  fff00000c656e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.565036] ==================================================================
[   19.451862] ==================================================================
[   19.451968] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.452093] Write of size 1 at addr fff00000c17b32eb by task kunit_try_catch/158
[   19.452200] 
[   19.452261] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.452437] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.452509] Hardware name: linux,dummy-virt (DT)
[   19.452586] Call trace:
[   19.452636]  show_stack+0x20/0x38 (C)
[   19.452745]  dump_stack_lvl+0x8c/0xd0
[   19.452861]  print_report+0x118/0x608
[   19.452974]  kasan_report+0xdc/0x128
[   19.453790]  __asan_report_store1_noabort+0x20/0x30
[   19.454115]  krealloc_less_oob_helper+0xa58/0xc50
[   19.454220]  krealloc_less_oob+0x20/0x38
[   19.454355]  kunit_try_run_case+0x170/0x3f0
[   19.454502]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.454686]  kthread+0x328/0x630
[   19.454800]  ret_from_fork+0x10/0x20
[   19.454982] 
[   19.455042] Allocated by task 158:
[   19.455104]  kasan_save_stack+0x3c/0x68
[   19.455190]  kasan_save_track+0x20/0x40
[   19.455292]  kasan_save_alloc_info+0x40/0x58
[   19.455379]  __kasan_krealloc+0x118/0x178
[   19.455463]  krealloc_noprof+0x128/0x360
[   19.455574]  krealloc_less_oob_helper+0x168/0xc50
[   19.455656]  krealloc_less_oob+0x20/0x38
[   19.455730]  kunit_try_run_case+0x170/0x3f0
[   19.455811]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.455925]  kthread+0x328/0x630
[   19.455999]  ret_from_fork+0x10/0x20
[   19.456129] 
[   19.456188] The buggy address belongs to the object at fff00000c17b3200
[   19.456188]  which belongs to the cache kmalloc-256 of size 256
[   19.456334] The buggy address is located 34 bytes to the right of
[   19.456334]  allocated 201-byte region [fff00000c17b3200, fff00000c17b32c9)
[   19.456510] 
[   19.456559] The buggy address belongs to the physical page:
[   19.456630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017b2
[   19.456748] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.456850] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.456957] page_type: f5(slab)
[   19.457048] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.457148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.457950] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.458142] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.458244] head: 0bfffe0000000001 ffffc1ffc305ec81 00000000ffffffff 00000000ffffffff
[   19.458556] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.458672] page dumped because: kasan: bad access detected
[   19.458740] 
[   19.458777] Memory state around the buggy address:
[   19.458846]  fff00000c17b3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.458941]  fff00000c17b3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.459042] >fff00000c17b3280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.459137]                                                           ^
[   19.459217]  fff00000c17b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.459430]  fff00000c17b3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.459511] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zNv5yvBPQPFs0AlDSVKFmCWGjk

job_id

TEST:linaro@lkft#2zNvAH2g4ermDeisaxH4EvgiTxa

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNvAH2g4ermDeisaxH4EvgiTxa

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv76IuwowkYB4Sjr8DEDXB6KX/Image.gz
sha256sum	90ec95b90bf87b5324c2dbcf89d31393975c6b7e5ec37927e4403529f8acf5c3

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv76IuwowkYB4Sjr8DEDXB6KX/modules.tar.xz
sha256sum	f86904e93834acd0f5a270dfcf178475dde11d8026543e037dd3a943f3bfae11

durations

tests

boot	0
kunit	273.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.244715] ==================================================================
[   11.245072] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.245439] Write of size 1 at addr ffff888100332eea by task kunit_try_catch/175
[   11.245819] 
[   11.245928] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.245979] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.245990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.246008] Call Trace:
[   11.246024]  <TASK>
[   11.246039]  dump_stack_lvl+0x73/0xb0
[   11.246075]  print_report+0xd1/0x650
[   11.246097]  ? __virt_addr_valid+0x1db/0x2d0
[   11.246119]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.246152]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.246172]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.246204]  kasan_report+0x141/0x180
[   11.246224]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.246251]  __asan_report_store1_noabort+0x1b/0x30
[   11.246281]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.246305]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.246366]  ? finish_task_switch.isra.0+0x153/0x700
[   11.246387]  ? __switch_to+0x47/0xf50
[   11.246410]  ? __schedule+0x10cc/0x2b60
[   11.246431]  ? __pfx_read_tsc+0x10/0x10
[   11.246454]  krealloc_less_oob+0x1c/0x30
[   11.246474]  kunit_try_run_case+0x1a5/0x480
[   11.246498]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.246524]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.246546]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.246567]  ? __kthread_parkme+0x82/0x180
[   11.246587]  ? preempt_count_sub+0x50/0x80
[   11.246608]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.246630]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.246651]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.246673]  kthread+0x337/0x6f0
[   11.246691]  ? trace_preempt_on+0x20/0xc0
[   11.246713]  ? __pfx_kthread+0x10/0x10
[   11.246733]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.246752]  ? calculate_sigpending+0x7b/0xa0
[   11.246774]  ? __pfx_kthread+0x10/0x10
[   11.246794]  ret_from_fork+0x116/0x1d0
[   11.246812]  ? __pfx_kthread+0x10/0x10
[   11.246831]  ret_from_fork_asm+0x1a/0x30
[   11.246871]  </TASK>
[   11.246881] 
[   11.254938] Allocated by task 175:
[   11.255145]  kasan_save_stack+0x45/0x70
[   11.255535]  kasan_save_track+0x18/0x40
[   11.255753]  kasan_save_alloc_info+0x3b/0x50
[   11.255904]  __kasan_krealloc+0x190/0x1f0
[   11.256079]  krealloc_noprof+0xf3/0x340
[   11.256288]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.256598]  krealloc_less_oob+0x1c/0x30
[   11.256811]  kunit_try_run_case+0x1a5/0x480
[   11.257029]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.257285]  kthread+0x337/0x6f0
[   11.257519]  ret_from_fork+0x116/0x1d0
[   11.257711]  ret_from_fork_asm+0x1a/0x30
[   11.257909] 
[   11.258008] The buggy address belongs to the object at ffff888100332e00
[   11.258008]  which belongs to the cache kmalloc-256 of size 256
[   11.258595] The buggy address is located 33 bytes to the right of
[   11.258595]  allocated 201-byte region [ffff888100332e00, ffff888100332ec9)
[   11.259039] 
[   11.259111] The buggy address belongs to the physical page:
[   11.259386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100332
[   11.259807] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.260101] flags: 0x200000000000040(head|node=0|zone=2)
[   11.260514] page_type: f5(slab)
[   11.260699] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.261065] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.261430] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.261752] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.262149] head: 0200000000000001 ffffea000400cc81 00000000ffffffff 00000000ffffffff
[   11.262459] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.262807] page dumped because: kasan: bad access detected
[   11.263082] 
[   11.263211] Memory state around the buggy address:
[   11.263501]  ffff888100332d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.263815]  ffff888100332e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.264114] >ffff888100332e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.264447]                                                           ^
[   11.264652]  ffff888100332f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.265024]  ffff888100332f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.265521] ==================================================================
[   11.342155] ==================================================================
[   11.342945] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.343531] Write of size 1 at addr ffff888102aa20c9 by task kunit_try_catch/179
[   11.344120] 
[   11.344227] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.344268] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.344279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.344298] Call Trace:
[   11.344311]  <TASK>
[   11.344325]  dump_stack_lvl+0x73/0xb0
[   11.344353]  print_report+0xd1/0x650
[   11.344375]  ? __virt_addr_valid+0x1db/0x2d0
[   11.344398]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.344420]  ? kasan_addr_to_slab+0x11/0xa0
[   11.344439]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.344462]  kasan_report+0x141/0x180
[   11.344482]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.344509]  __asan_report_store1_noabort+0x1b/0x30
[   11.344528]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.344552]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.344575]  ? finish_task_switch.isra.0+0x153/0x700
[   11.344597]  ? __switch_to+0x47/0xf50
[   11.344622]  ? __schedule+0x10cc/0x2b60
[   11.344643]  ? __pfx_read_tsc+0x10/0x10
[   11.344666]  krealloc_large_less_oob+0x1c/0x30
[   11.344687]  kunit_try_run_case+0x1a5/0x480
[   11.344711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.344731]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.344754]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.344776]  ? __kthread_parkme+0x82/0x180
[   11.344796]  ? preempt_count_sub+0x50/0x80
[   11.344817]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.344839]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.344860]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.344882]  kthread+0x337/0x6f0
[   11.344900]  ? trace_preempt_on+0x20/0xc0
[   11.344924]  ? __pfx_kthread+0x10/0x10
[   11.344943]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.344962]  ? calculate_sigpending+0x7b/0xa0
[   11.344985]  ? __pfx_kthread+0x10/0x10
[   11.345005]  ret_from_fork+0x116/0x1d0
[   11.345023]  ? __pfx_kthread+0x10/0x10
[   11.345042]  ret_from_fork_asm+0x1a/0x30
[   11.345071]  </TASK>
[   11.345081] 
[   11.361007] The buggy address belongs to the physical page:
[   11.362024] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0
[   11.363292] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.364539] flags: 0x200000000000040(head|node=0|zone=2)
[   11.364736] page_type: f8(unknown)
[   11.364866] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.365099] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.366705] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.367765] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.368677] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff
[   11.368912] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.369147] page dumped because: kasan: bad access detected
[   11.369609] 
[   11.369711] Memory state around the buggy address:
[   11.369934]  ffff888102aa1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.370248]  ffff888102aa2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.370588] >ffff888102aa2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.370963]                                               ^
[   11.371185]  ffff888102aa2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.372018]  ffff888102aa2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.372747] ==================================================================
[   11.265985] ==================================================================
[   11.266413] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.266710] Write of size 1 at addr ffff888100332eeb by task kunit_try_catch/175
[   11.267011] 
[   11.267098] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.267164] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.267176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.267195] Call Trace:
[   11.267206]  <TASK>
[   11.267219]  dump_stack_lvl+0x73/0xb0
[   11.267244]  print_report+0xd1/0x650
[   11.267272]  ? __virt_addr_valid+0x1db/0x2d0
[   11.267361]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.267388]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.267410]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.267433]  kasan_report+0x141/0x180
[   11.267454]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.267481]  __asan_report_store1_noabort+0x1b/0x30
[   11.267500]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.267525]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.267547]  ? finish_task_switch.isra.0+0x153/0x700
[   11.267568]  ? __switch_to+0x47/0xf50
[   11.267603]  ? __schedule+0x10cc/0x2b60
[   11.267626]  ? __pfx_read_tsc+0x10/0x10
[   11.267648]  krealloc_less_oob+0x1c/0x30
[   11.267681]  kunit_try_run_case+0x1a5/0x480
[   11.267704]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.267725]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.267746]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.267768]  ? __kthread_parkme+0x82/0x180
[   11.267795]  ? preempt_count_sub+0x50/0x80
[   11.267816]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.267838]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.267870]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.267891]  kthread+0x337/0x6f0
[   11.267910]  ? trace_preempt_on+0x20/0xc0
[   11.267933]  ? __pfx_kthread+0x10/0x10
[   11.267952]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.267972]  ? calculate_sigpending+0x7b/0xa0
[   11.267994]  ? __pfx_kthread+0x10/0x10
[   11.268016]  ret_from_fork+0x116/0x1d0
[   11.268033]  ? __pfx_kthread+0x10/0x10
[   11.268052]  ret_from_fork_asm+0x1a/0x30
[   11.268081]  </TASK>
[   11.268091] 
[   11.276670] Allocated by task 175:
[   11.276826]  kasan_save_stack+0x45/0x70
[   11.277071]  kasan_save_track+0x18/0x40
[   11.277390]  kasan_save_alloc_info+0x3b/0x50
[   11.277601]  __kasan_krealloc+0x190/0x1f0
[   11.277743]  krealloc_noprof+0xf3/0x340
[   11.277911]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.278194]  krealloc_less_oob+0x1c/0x30
[   11.278407]  kunit_try_run_case+0x1a5/0x480
[   11.278606]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.278871]  kthread+0x337/0x6f0
[   11.279053]  ret_from_fork+0x116/0x1d0
[   11.279279]  ret_from_fork_asm+0x1a/0x30
[   11.279523] 
[   11.279617] The buggy address belongs to the object at ffff888100332e00
[   11.279617]  which belongs to the cache kmalloc-256 of size 256
[   11.280149] The buggy address is located 34 bytes to the right of
[   11.280149]  allocated 201-byte region [ffff888100332e00, ffff888100332ec9)
[   11.280830] 
[   11.280933] The buggy address belongs to the physical page:
[   11.281236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100332
[   11.281592] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.281901] flags: 0x200000000000040(head|node=0|zone=2)
[   11.282194] page_type: f5(slab)
[   11.282339] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.282644] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.283056] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.283466] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.283800] head: 0200000000000001 ffffea000400cc81 00000000ffffffff 00000000ffffffff
[   11.284160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.284539] page dumped because: kasan: bad access detected
[   11.284790] 
[   11.284860] Memory state around the buggy address:
[   11.285081]  ffff888100332d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.285623]  ffff888100332e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.285941] >ffff888100332e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.286250]                                                           ^
[   11.286617]  ffff888100332f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.286939]  ffff888100332f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.287280] ==================================================================
[   11.400251] ==================================================================
[   11.400907] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.401667] Write of size 1 at addr ffff888102aa20da by task kunit_try_catch/179
[   11.402375] 
[   11.402464] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.402504] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.402522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.402541] Call Trace:
[   11.402555]  <TASK>
[   11.402570]  dump_stack_lvl+0x73/0xb0
[   11.402595]  print_report+0xd1/0x650
[   11.402616]  ? __virt_addr_valid+0x1db/0x2d0
[   11.402638]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.402660]  ? kasan_addr_to_slab+0x11/0xa0
[   11.402679]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.402701]  kasan_report+0x141/0x180
[   11.402722]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.402748]  __asan_report_store1_noabort+0x1b/0x30
[   11.402767]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.402791]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.402813]  ? finish_task_switch.isra.0+0x153/0x700
[   11.402833]  ? __switch_to+0x47/0xf50
[   11.402857]  ? __schedule+0x10cc/0x2b60
[   11.402877]  ? __pfx_read_tsc+0x10/0x10
[   11.402899]  krealloc_large_less_oob+0x1c/0x30
[   11.402920]  kunit_try_run_case+0x1a5/0x480
[   11.402942]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.402963]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.402984]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.403005]  ? __kthread_parkme+0x82/0x180
[   11.403024]  ? preempt_count_sub+0x50/0x80
[   11.403045]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.403067]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.403087]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.403109]  kthread+0x337/0x6f0
[   11.403139]  ? trace_preempt_on+0x20/0xc0
[   11.403162]  ? __pfx_kthread+0x10/0x10
[   11.403181]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.403200]  ? calculate_sigpending+0x7b/0xa0
[   11.403222]  ? __pfx_kthread+0x10/0x10
[   11.403242]  ret_from_fork+0x116/0x1d0
[   11.403259]  ? __pfx_kthread+0x10/0x10
[   11.403278]  ret_from_fork_asm+0x1a/0x30
[   11.403308]  </TASK>
[   11.403319] 
[   11.410948] The buggy address belongs to the physical page:
[   11.411270] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0
[   11.411768] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.411996] flags: 0x200000000000040(head|node=0|zone=2)
[   11.412214] page_type: f8(unknown)
[   11.412371] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.412689] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.412972] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.413424] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.413699] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff
[   11.413921] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.414229] page dumped because: kasan: bad access detected
[   11.414474] 
[   11.414573] Memory state around the buggy address:
[   11.414880]  ffff888102aa1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.415112]  ffff888102aa2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.415835] >ffff888102aa2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.416115]                                                     ^
[   11.416833]  ffff888102aa2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.417312]  ffff888102aa2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.417816] ==================================================================
[   11.148170] ==================================================================
[   11.149080] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.149934] Write of size 1 at addr ffff888100332ec9 by task kunit_try_catch/175
[   11.150880] 
[   11.150990] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.151081] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.151094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.151114] Call Trace:
[   11.151322]  <TASK>
[   11.151343]  dump_stack_lvl+0x73/0xb0
[   11.151375]  print_report+0xd1/0x650
[   11.151396]  ? __virt_addr_valid+0x1db/0x2d0
[   11.151419]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.151441]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.151462]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.151485]  kasan_report+0x141/0x180
[   11.151505]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.151532]  __asan_report_store1_noabort+0x1b/0x30
[   11.151551]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.151576]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.151598]  ? finish_task_switch.isra.0+0x153/0x700
[   11.151620]  ? __switch_to+0x47/0xf50
[   11.151648]  ? __schedule+0x10cc/0x2b60
[   11.151670]  ? __pfx_read_tsc+0x10/0x10
[   11.151694]  krealloc_less_oob+0x1c/0x30
[   11.151715]  kunit_try_run_case+0x1a5/0x480
[   11.151738]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.151759]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.151781]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.151803]  ? __kthread_parkme+0x82/0x180
[   11.151823]  ? preempt_count_sub+0x50/0x80
[   11.151844]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.151866]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.151887]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.151909]  kthread+0x337/0x6f0
[   11.151927]  ? trace_preempt_on+0x20/0xc0
[   11.151949]  ? __pfx_kthread+0x10/0x10
[   11.151968]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.151988]  ? calculate_sigpending+0x7b/0xa0
[   11.152010]  ? __pfx_kthread+0x10/0x10
[   11.152031]  ret_from_fork+0x116/0x1d0
[   11.152048]  ? __pfx_kthread+0x10/0x10
[   11.152068]  ret_from_fork_asm+0x1a/0x30
[   11.152097]  </TASK>
[   11.152108] 
[   11.167370] Allocated by task 175:
[   11.167511]  kasan_save_stack+0x45/0x70
[   11.167719]  kasan_save_track+0x18/0x40
[   11.167867]  kasan_save_alloc_info+0x3b/0x50
[   11.168079]  __kasan_krealloc+0x190/0x1f0
[   11.168230]  krealloc_noprof+0xf3/0x340
[   11.168933]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.169188]  krealloc_less_oob+0x1c/0x30
[   11.169554]  kunit_try_run_case+0x1a5/0x480
[   11.169983]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.170529]  kthread+0x337/0x6f0
[   11.170917]  ret_from_fork+0x116/0x1d0
[   11.171147]  ret_from_fork_asm+0x1a/0x30
[   11.171495] 
[   11.171596] The buggy address belongs to the object at ffff888100332e00
[   11.171596]  which belongs to the cache kmalloc-256 of size 256
[   11.172487] The buggy address is located 0 bytes to the right of
[   11.172487]  allocated 201-byte region [ffff888100332e00, ffff888100332ec9)
[   11.173107] 
[   11.173228] The buggy address belongs to the physical page:
[   11.173820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100332
[   11.174346] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.175058] flags: 0x200000000000040(head|node=0|zone=2)
[   11.175592] page_type: f5(slab)
[   11.175729] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.176281] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.176929] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.177828] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.178785] head: 0200000000000001 ffffea000400cc81 00000000ffffffff 00000000ffffffff
[   11.179376] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.180020] page dumped because: kasan: bad access detected
[   11.180607] 
[   11.180754] Memory state around the buggy address:
[   11.181291]  ffff888100332d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.181604]  ffff888100332e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.182670] >ffff888100332e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.183589]                                               ^
[   11.184189]  ffff888100332f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.184882]  ffff888100332f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.185620] ==================================================================
[   11.186175] ==================================================================
[   11.186425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.187873] Write of size 1 at addr ffff888100332ed0 by task kunit_try_catch/175
[   11.189292] 
[   11.189767] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.189815] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.189827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.189846] Call Trace:
[   11.189862]  <TASK>
[   11.189877]  dump_stack_lvl+0x73/0xb0
[   11.189906]  print_report+0xd1/0x650
[   11.189928]  ? __virt_addr_valid+0x1db/0x2d0
[   11.189951]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.189973]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.189994]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.190019]  kasan_report+0x141/0x180
[   11.190041]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.190069]  __asan_report_store1_noabort+0x1b/0x30
[   11.190089]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.190114]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.190148]  ? finish_task_switch.isra.0+0x153/0x700
[   11.190170]  ? __switch_to+0x47/0xf50
[   11.190194]  ? __schedule+0x10cc/0x2b60
[   11.190217]  ? __pfx_read_tsc+0x10/0x10
[   11.190241]  krealloc_less_oob+0x1c/0x30
[   11.190261]  kunit_try_run_case+0x1a5/0x480
[   11.190284]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.190314]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.190336]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.190358]  ? __kthread_parkme+0x82/0x180
[   11.190377]  ? preempt_count_sub+0x50/0x80
[   11.190398]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.190422]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.190443]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.190464]  kthread+0x337/0x6f0
[   11.190483]  ? trace_preempt_on+0x20/0xc0
[   11.190505]  ? __pfx_kthread+0x10/0x10
[   11.190528]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.190548]  ? calculate_sigpending+0x7b/0xa0
[   11.190571]  ? __pfx_kthread+0x10/0x10
[   11.190591]  ret_from_fork+0x116/0x1d0
[   11.190609]  ? __pfx_kthread+0x10/0x10
[   11.190629]  ret_from_fork_asm+0x1a/0x30
[   11.190658]  </TASK>
[   11.190669] 
[   11.205674] Allocated by task 175:
[   11.205987]  kasan_save_stack+0x45/0x70
[   11.206156]  kasan_save_track+0x18/0x40
[   11.206661]  kasan_save_alloc_info+0x3b/0x50
[   11.207084]  __kasan_krealloc+0x190/0x1f0
[   11.207392]  krealloc_noprof+0xf3/0x340
[   11.207750]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.207912]  krealloc_less_oob+0x1c/0x30
[   11.208046]  kunit_try_run_case+0x1a5/0x480
[   11.208224]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.208771]  kthread+0x337/0x6f0
[   11.209092]  ret_from_fork+0x116/0x1d0
[   11.209650]  ret_from_fork_asm+0x1a/0x30
[   11.210037] 
[   11.210227] The buggy address belongs to the object at ffff888100332e00
[   11.210227]  which belongs to the cache kmalloc-256 of size 256
[   11.211352] The buggy address is located 7 bytes to the right of
[   11.211352]  allocated 201-byte region [ffff888100332e00, ffff888100332ec9)
[   11.211897] 
[   11.211971] The buggy address belongs to the physical page:
[   11.212175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100332
[   11.212985] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.213725] flags: 0x200000000000040(head|node=0|zone=2)
[   11.214240] page_type: f5(slab)
[   11.214603] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.215361] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.215919] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.216209] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.216905] head: 0200000000000001 ffffea000400cc81 00000000ffffffff 00000000ffffffff
[   11.217659] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.218225] page dumped because: kasan: bad access detected
[   11.218643] 
[   11.218713] Memory state around the buggy address:
[   11.218863]  ffff888100332d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.219071]  ffff888100332e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.219316] >ffff888100332e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.219739]                                                  ^
[   11.219919]  ffff888100332f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.220496]  ffff888100332f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.220854] ==================================================================
[   11.418569] ==================================================================
[   11.419289] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.419758] Write of size 1 at addr ffff888102aa20ea by task kunit_try_catch/179
[   11.420080] 
[   11.420515] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.420558] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.420569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.420588] Call Trace:
[   11.420601]  <TASK>
[   11.420614]  dump_stack_lvl+0x73/0xb0
[   11.420684]  print_report+0xd1/0x650
[   11.420705]  ? __virt_addr_valid+0x1db/0x2d0
[   11.420729]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.420750]  ? kasan_addr_to_slab+0x11/0xa0
[   11.420769]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.420792]  kasan_report+0x141/0x180
[   11.420812]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.420839]  __asan_report_store1_noabort+0x1b/0x30
[   11.420858]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.420882]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.420904]  ? finish_task_switch.isra.0+0x153/0x700
[   11.420925]  ? __switch_to+0x47/0xf50
[   11.420948]  ? __schedule+0x10cc/0x2b60
[   11.420969]  ? __pfx_read_tsc+0x10/0x10
[   11.420992]  krealloc_large_less_oob+0x1c/0x30
[   11.421014]  kunit_try_run_case+0x1a5/0x480
[   11.421036]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.421057]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.421079]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.421100]  ? __kthread_parkme+0x82/0x180
[   11.421119]  ? preempt_count_sub+0x50/0x80
[   11.421151]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.421173]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.421194]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.421215]  kthread+0x337/0x6f0
[   11.421233]  ? trace_preempt_on+0x20/0xc0
[   11.421256]  ? __pfx_kthread+0x10/0x10
[   11.421275]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.421294]  ? calculate_sigpending+0x7b/0xa0
[   11.421318]  ? __pfx_kthread+0x10/0x10
[   11.421340]  ret_from_fork+0x116/0x1d0
[   11.421358]  ? __pfx_kthread+0x10/0x10
[   11.421377]  ret_from_fork_asm+0x1a/0x30
[   11.421406]  </TASK>
[   11.421416] 
[   11.432832] The buggy address belongs to the physical page:
[   11.433069] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0
[   11.433856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.434354] flags: 0x200000000000040(head|node=0|zone=2)
[   11.434764] page_type: f8(unknown)
[   11.435046] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.435526] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.435847] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.436612] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.437057] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff
[   11.437702] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.438219] page dumped because: kasan: bad access detected
[   11.438644] 
[   11.438738] Memory state around the buggy address:
[   11.438947]  ffff888102aa1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.439715]  ffff888102aa2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.440166] >ffff888102aa2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.440867]                                                           ^
[   11.441544]  ffff888102aa2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.441861]  ffff888102aa2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.442597] ==================================================================
[   11.443105] ==================================================================
[   11.443935] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.444609] Write of size 1 at addr ffff888102aa20eb by task kunit_try_catch/179
[   11.445069] 
[   11.445399] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.445444] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.445455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.445474] Call Trace:
[   11.445488]  <TASK>
[   11.445501]  dump_stack_lvl+0x73/0xb0
[   11.445527]  print_report+0xd1/0x650
[   11.445548]  ? __virt_addr_valid+0x1db/0x2d0
[   11.445571]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.445592]  ? kasan_addr_to_slab+0x11/0xa0
[   11.445611]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.445634]  kasan_report+0x141/0x180
[   11.445654]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.445681]  __asan_report_store1_noabort+0x1b/0x30
[   11.445700]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.445724]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.445746]  ? finish_task_switch.isra.0+0x153/0x700
[   11.445766]  ? __switch_to+0x47/0xf50
[   11.445789]  ? __schedule+0x10cc/0x2b60
[   11.445809]  ? __pfx_read_tsc+0x10/0x10
[   11.445831]  krealloc_large_less_oob+0x1c/0x30
[   11.445852]  kunit_try_run_case+0x1a5/0x480
[   11.445874]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.445894]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.445916]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.445937]  ? __kthread_parkme+0x82/0x180
[   11.445955]  ? preempt_count_sub+0x50/0x80
[   11.445976]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.445998]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.446019]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.446040]  kthread+0x337/0x6f0
[   11.446058]  ? trace_preempt_on+0x20/0xc0
[   11.446080]  ? __pfx_kthread+0x10/0x10
[   11.446100]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.446119]  ? calculate_sigpending+0x7b/0xa0
[   11.446158]  ? __pfx_kthread+0x10/0x10
[   11.446178]  ret_from_fork+0x116/0x1d0
[   11.446195]  ? __pfx_kthread+0x10/0x10
[   11.446214]  ret_from_fork_asm+0x1a/0x30
[   11.446242]  </TASK>
[   11.446252] 
[   11.454304] The buggy address belongs to the physical page:
[   11.454566] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0
[   11.454884] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.455112] flags: 0x200000000000040(head|node=0|zone=2)
[   11.455372] page_type: f8(unknown)
[   11.455551] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.455820] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.456112] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.456704] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.457014] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff
[   11.457419] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.457663] page dumped because: kasan: bad access detected
[   11.457867] 
[   11.457960] Memory state around the buggy address:
[   11.458240]  ffff888102aa1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.458496]  ffff888102aa2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.458863] >ffff888102aa2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.459265]                                                           ^
[   11.459670]  ffff888102aa2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.459890]  ffff888102aa2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.460217] ==================================================================
[   11.221662] ==================================================================
[   11.221949] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.222403] Write of size 1 at addr ffff888100332eda by task kunit_try_catch/175
[   11.222753] 
[   11.222866] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.222908] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.222930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.222950] Call Trace:
[   11.222961]  <TASK>
[   11.222976]  dump_stack_lvl+0x73/0xb0
[   11.223014]  print_report+0xd1/0x650
[   11.223035]  ? __virt_addr_valid+0x1db/0x2d0
[   11.223056]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.223078]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.223106]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.223156]  kasan_report+0x141/0x180
[   11.223177]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.223203]  __asan_report_store1_noabort+0x1b/0x30
[   11.223223]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.223247]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.223269]  ? finish_task_switch.isra.0+0x153/0x700
[   11.223290]  ? __switch_to+0x47/0xf50
[   11.223609]  ? __schedule+0x10cc/0x2b60
[   11.223631]  ? __pfx_read_tsc+0x10/0x10
[   11.223654]  krealloc_less_oob+0x1c/0x30
[   11.223674]  kunit_try_run_case+0x1a5/0x480
[   11.223742]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.223763]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.223784]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.223805]  ? __kthread_parkme+0x82/0x180
[   11.223825]  ? preempt_count_sub+0x50/0x80
[   11.223846]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.223868]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.223890]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.223911]  kthread+0x337/0x6f0
[   11.223929]  ? trace_preempt_on+0x20/0xc0
[   11.223951]  ? __pfx_kthread+0x10/0x10
[   11.223970]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.223989]  ? calculate_sigpending+0x7b/0xa0
[   11.224012]  ? __pfx_kthread+0x10/0x10
[   11.224032]  ret_from_fork+0x116/0x1d0
[   11.224048]  ? __pfx_kthread+0x10/0x10
[   11.224067]  ret_from_fork_asm+0x1a/0x30
[   11.224096]  </TASK>
[   11.224107] 
[   11.232395] Allocated by task 175:
[   11.232532]  kasan_save_stack+0x45/0x70
[   11.232742]  kasan_save_track+0x18/0x40
[   11.232962]  kasan_save_alloc_info+0x3b/0x50
[   11.233499]  __kasan_krealloc+0x190/0x1f0
[   11.233705]  krealloc_noprof+0xf3/0x340
[   11.233900]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.234149]  krealloc_less_oob+0x1c/0x30
[   11.234448]  kunit_try_run_case+0x1a5/0x480
[   11.234636]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.234814]  kthread+0x337/0x6f0
[   11.234951]  ret_from_fork+0x116/0x1d0
[   11.235146]  ret_from_fork_asm+0x1a/0x30
[   11.235427] 
[   11.235525] The buggy address belongs to the object at ffff888100332e00
[   11.235525]  which belongs to the cache kmalloc-256 of size 256
[   11.235906] The buggy address is located 17 bytes to the right of
[   11.235906]  allocated 201-byte region [ffff888100332e00, ffff888100332ec9)
[   11.236936] 
[   11.237047] The buggy address belongs to the physical page:
[   11.237323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100332
[   11.237793] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.238138] flags: 0x200000000000040(head|node=0|zone=2)
[   11.238558] page_type: f5(slab)
[   11.238725] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.238955] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.239304] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.239579] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.240075] head: 0200000000000001 ffffea000400cc81 00000000ffffffff 00000000ffffffff
[   11.240862] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.241158] page dumped because: kasan: bad access detected
[   11.241444] 
[   11.241623] Memory state around the buggy address:
[   11.241943]  ffff888100332d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.242254]  ffff888100332e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.242674] >ffff888100332e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.242989]                                                     ^
[   11.243219]  ffff888100332f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.243564]  ffff888100332f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.243929] ==================================================================
[   11.373560] ==================================================================
[   11.375085] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.375544] Write of size 1 at addr ffff888102aa20d0 by task kunit_try_catch/179
[   11.376093] 
[   11.376192] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.376234] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.376245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.376264] Call Trace:
[   11.376276]  <TASK>
[   11.376290]  dump_stack_lvl+0x73/0xb0
[   11.376318]  print_report+0xd1/0x650
[   11.376340]  ? __virt_addr_valid+0x1db/0x2d0
[   11.376362]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.376384]  ? kasan_addr_to_slab+0x11/0xa0
[   11.376403]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.376425]  kasan_report+0x141/0x180
[   11.376446]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.376472]  __asan_report_store1_noabort+0x1b/0x30
[   11.376931]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.376958]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.376981]  ? finish_task_switch.isra.0+0x153/0x700
[   11.377003]  ? __switch_to+0x47/0xf50
[   11.377027]  ? __schedule+0x10cc/0x2b60
[   11.377048]  ? __pfx_read_tsc+0x10/0x10
[   11.377071]  krealloc_large_less_oob+0x1c/0x30
[   11.377092]  kunit_try_run_case+0x1a5/0x480
[   11.377116]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.377152]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.377173]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.377194]  ? __kthread_parkme+0x82/0x180
[   11.377214]  ? preempt_count_sub+0x50/0x80
[   11.377236]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.377258]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.377279]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.377300]  kthread+0x337/0x6f0
[   11.377318]  ? trace_preempt_on+0x20/0xc0
[   11.377340]  ? __pfx_kthread+0x10/0x10
[   11.377359]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.377378]  ? calculate_sigpending+0x7b/0xa0
[   11.377401]  ? __pfx_kthread+0x10/0x10
[   11.377420]  ret_from_fork+0x116/0x1d0
[   11.377438]  ? __pfx_kthread+0x10/0x10
[   11.377457]  ret_from_fork_asm+0x1a/0x30
[   11.377486]  </TASK>
[   11.377497] 
[   11.389730] The buggy address belongs to the physical page:
[   11.390048] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0
[   11.390314] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.390622] flags: 0x200000000000040(head|node=0|zone=2)
[   11.391079] page_type: f8(unknown)
[   11.391446] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.392302] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.393153] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.393510] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.394260] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff
[   11.395024] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.395560] page dumped because: kasan: bad access detected
[   11.396070] 
[   11.396152] Memory state around the buggy address:
[   11.396494]  ffff888102aa1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.397097]  ffff888102aa2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.397913] >ffff888102aa2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.398523]                                                  ^
[   11.398870]  ffff888102aa2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.399082]  ffff888102aa2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.399539] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zNv5yvBPQPFs0AlDSVKFmCWGjk

job_id

TEST:linaro@lkft#2zNvBO4D4nc0xKyTPLk608IUly0

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zNvBO4D4nc0xKyTPLk608IUly0

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv836Th26QbKhGWrQRhDUjHyV/bzImage
sha256sum	48253da22fbaa889314b6cbcef930a574b8fb498c8287c6334dfcaaac35d2646

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zNv836Th26QbKhGWrQRhDUjHyV/modules.tar.xz
sha256sum	ceda07de898d2f66eaee5047a2cf908012cff52074f56af21475cacb7f203cfd

durations

tests

boot	0
kunit	203.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit