lkft/linux-mainline-master - v6.16-rc4-286-gc435a4f487e8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 4, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   17.890676] ==================================================================
[   17.890740] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.890797] Write of size 1 at addr fff00000c5d294c9 by task kunit_try_catch/158
[   17.891678] 
[   17.891715] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.891793] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.891832] Hardware name: linux,dummy-virt (DT)
[   17.891863] Call trace:
[   17.891885]  show_stack+0x20/0x38 (C)
[   17.891940]  dump_stack_lvl+0x8c/0xd0
[   17.891988]  print_report+0x118/0x608
[   17.892033]  kasan_report+0xdc/0x128
[   17.892078]  __asan_report_store1_noabort+0x20/0x30
[   17.892124]  krealloc_less_oob_helper+0xa48/0xc50
[   17.892171]  krealloc_less_oob+0x20/0x38
[   17.892214]  kunit_try_run_case+0x170/0x3f0
[   17.892260]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.892310]  kthread+0x328/0x630
[   17.892352]  ret_from_fork+0x10/0x20
[   17.892399] 
[   17.892417] Allocated by task 158:
[   17.892443]  kasan_save_stack+0x3c/0x68
[   17.892482]  kasan_save_track+0x20/0x40
[   17.892518]  kasan_save_alloc_info+0x40/0x58
[   17.892557]  __kasan_krealloc+0x118/0x178
[   17.892593]  krealloc_noprof+0x128/0x360
[   17.892629]  krealloc_less_oob_helper+0x168/0xc50
[   17.892666]  krealloc_less_oob+0x20/0x38
[   17.892701]  kunit_try_run_case+0x170/0x3f0
[   17.892737]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.892778]  kthread+0x328/0x630
[   17.892818]  ret_from_fork+0x10/0x20
[   17.892853] 
[   17.892871] The buggy address belongs to the object at fff00000c5d29400
[   17.892871]  which belongs to the cache kmalloc-256 of size 256
[   17.892926] The buggy address is located 0 bytes to the right of
[   17.892926]  allocated 201-byte region [fff00000c5d29400, fff00000c5d294c9)
[   17.892986] 
[   17.893105] The buggy address belongs to the physical page:
[   17.893189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d28
[   17.893406] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.893599] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.893664] page_type: f5(slab)
[   17.893767] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.894168] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.894403] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.894456] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.894504] head: 0bfffe0000000001 ffffc1ffc3174a01 00000000ffffffff 00000000ffffffff
[   17.894723] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.894866] page dumped because: kasan: bad access detected
[   17.894904] 
[   17.894922] Memory state around the buggy address:
[   17.894956]  fff00000c5d29380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.894997]  fff00000c5d29400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.895038] >fff00000c5d29480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.895074]                                               ^
[   17.895109]  fff00000c5d29500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.895149]  fff00000c5d29580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.895185] ==================================================================
[   17.976567] ==================================================================
[   17.976700] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.976797] Write of size 1 at addr fff00000c76c20d0 by task kunit_try_catch/162
[   17.976856] 
[   17.976932] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.977051] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.977150] Hardware name: linux,dummy-virt (DT)
[   17.977207] Call trace:
[   17.977230]  show_stack+0x20/0x38 (C)
[   17.977415]  dump_stack_lvl+0x8c/0xd0
[   17.977483]  print_report+0x118/0x608
[   17.977666]  kasan_report+0xdc/0x128
[   17.977823]  __asan_report_store1_noabort+0x20/0x30
[   17.977876]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.977949]  krealloc_large_less_oob+0x20/0x38
[   17.978032]  kunit_try_run_case+0x170/0x3f0
[   17.978129]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.978274]  kthread+0x328/0x630
[   17.978326]  ret_from_fork+0x10/0x20
[   17.978448] 
[   17.978473] The buggy address belongs to the physical page:
[   17.978503] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c0
[   17.978751] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.978861] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.978968] page_type: f8(unknown)
[   17.979055] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.979193] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.979365] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.979413] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.979669] head: 0bfffe0000000002 ffffc1ffc31db001 00000000ffffffff 00000000ffffffff
[   17.979883] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.979930] page dumped because: kasan: bad access detected
[   17.980165] 
[   17.980344] Memory state around the buggy address:
[   17.980407]  fff00000c76c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.980501]  fff00000c76c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.980544] >fff00000c76c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.980581]                                                  ^
[   17.980615]  fff00000c76c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.980664]  fff00000c76c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.980700] ==================================================================
[   17.987153] ==================================================================
[   17.987197] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.987246] Write of size 1 at addr fff00000c76c20ea by task kunit_try_catch/162
[   17.987294] 
[   17.987322] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.987397] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.987422] Hardware name: linux,dummy-virt (DT)
[   17.987452] Call trace:
[   17.987472]  show_stack+0x20/0x38 (C)
[   17.987517]  dump_stack_lvl+0x8c/0xd0
[   17.987563]  print_report+0x118/0x608
[   17.987609]  kasan_report+0xdc/0x128
[   17.987653]  __asan_report_store1_noabort+0x20/0x30
[   17.987700]  krealloc_less_oob_helper+0xae4/0xc50
[   17.987747]  krealloc_large_less_oob+0x20/0x38
[   17.987792]  kunit_try_run_case+0x170/0x3f0
[   17.987849]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.988025]  kthread+0x328/0x630
[   17.988081]  ret_from_fork+0x10/0x20
[   17.988209] 
[   17.988428] The buggy address belongs to the physical page:
[   17.988473] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c0
[   17.988525] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.988571] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.988742] page_type: f8(unknown)
[   17.988855] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.988954] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.989006] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.989052] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.989098] head: 0bfffe0000000002 ffffc1ffc31db001 00000000ffffffff 00000000ffffffff
[   17.989329] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.989796] page dumped because: kasan: bad access detected
[   17.989927] 
[   17.989952] Memory state around the buggy address:
[   17.989984]  fff00000c76c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.990589]  fff00000c76c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.990748] >fff00000c76c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.990840]                                                           ^
[   17.990888]  fff00000c76c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.991021]  fff00000c76c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.991062] ==================================================================
[   17.969568] ==================================================================
[   17.969640] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.969700] Write of size 1 at addr fff00000c76c20c9 by task kunit_try_catch/162
[   17.969880] 
[   17.969939] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.970030] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.970057] Hardware name: linux,dummy-virt (DT)
[   17.970089] Call trace:
[   17.970112]  show_stack+0x20/0x38 (C)
[   17.970164]  dump_stack_lvl+0x8c/0xd0
[   17.970213]  print_report+0x118/0x608
[   17.970259]  kasan_report+0xdc/0x128
[   17.970326]  __asan_report_store1_noabort+0x20/0x30
[   17.970382]  krealloc_less_oob_helper+0xa48/0xc50
[   17.970438]  krealloc_large_less_oob+0x20/0x38
[   17.970485]  kunit_try_run_case+0x170/0x3f0
[   17.970533]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.970584]  kthread+0x328/0x630
[   17.970626]  ret_from_fork+0x10/0x20
[   17.970674] 
[   17.970696] The buggy address belongs to the physical page:
[   17.970728] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c0
[   17.970789] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.970892] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.971317] page_type: f8(unknown)
[   17.971371] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.971489] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.971538] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.971609] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.971736] head: 0bfffe0000000002 ffffc1ffc31db001 00000000ffffffff 00000000ffffffff
[   17.971891] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.972015] page dumped because: kasan: bad access detected
[   17.972187] 
[   17.972382] Memory state around the buggy address:
[   17.972491]  fff00000c76c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.972714]  fff00000c76c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.972922] >fff00000c76c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.973098]                                               ^
[   17.973264]  fff00000c76c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.973339]  fff00000c76c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.973478] ==================================================================
[   17.912250] ==================================================================
[   17.912642] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.912707] Write of size 1 at addr fff00000c5d294ea by task kunit_try_catch/158
[   17.912852] 
[   17.912920] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.913011] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.913037] Hardware name: linux,dummy-virt (DT)
[   17.913114] Call trace:
[   17.913175]  show_stack+0x20/0x38 (C)
[   17.913226]  dump_stack_lvl+0x8c/0xd0
[   17.913273]  print_report+0x118/0x608
[   17.913563]  kasan_report+0xdc/0x128
[   17.913619]  __asan_report_store1_noabort+0x20/0x30
[   17.913672]  krealloc_less_oob_helper+0xae4/0xc50
[   17.913918]  krealloc_less_oob+0x20/0x38
[   17.914001]  kunit_try_run_case+0x170/0x3f0
[   17.914101]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.914212]  kthread+0x328/0x630
[   17.914263]  ret_from_fork+0x10/0x20
[   17.914309] 
[   17.914327] Allocated by task 158:
[   17.914354]  kasan_save_stack+0x3c/0x68
[   17.914393]  kasan_save_track+0x20/0x40
[   17.914429]  kasan_save_alloc_info+0x40/0x58
[   17.914501]  __kasan_krealloc+0x118/0x178
[   17.914541]  krealloc_noprof+0x128/0x360
[   17.914579]  krealloc_less_oob_helper+0x168/0xc50
[   17.914616]  krealloc_less_oob+0x20/0x38
[   17.914661]  kunit_try_run_case+0x170/0x3f0
[   17.914698]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.914739]  kthread+0x328/0x630
[   17.914770]  ret_from_fork+0x10/0x20
[   17.914815] 
[   17.914834] The buggy address belongs to the object at fff00000c5d29400
[   17.914834]  which belongs to the cache kmalloc-256 of size 256
[   17.914888] The buggy address is located 33 bytes to the right of
[   17.914888]  allocated 201-byte region [fff00000c5d29400, fff00000c5d294c9)
[   17.914949] 
[   17.914967] The buggy address belongs to the physical page:
[   17.914998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d28
[   17.915049] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.915094] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.915144] page_type: f5(slab)
[   17.915180] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.915227] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.915274] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.915833] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.915912] head: 0bfffe0000000001 ffffc1ffc3174a01 00000000ffffffff 00000000ffffffff
[   17.916053] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.916401] page dumped because: kasan: bad access detected
[   17.916432] 
[   17.916450] Memory state around the buggy address:
[   17.916482]  fff00000c5d29380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.916525]  fff00000c5d29400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.916566] >fff00000c5d29480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.916602]                                                           ^
[   17.917518]  fff00000c5d29500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.917567]  fff00000c5d29580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.917604] ==================================================================
[   17.981148] ==================================================================
[   17.981193] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.981240] Write of size 1 at addr fff00000c76c20da by task kunit_try_catch/162
[   17.981297] 
[   17.981341] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.981419] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.981445] Hardware name: linux,dummy-virt (DT)
[   17.981474] Call trace:
[   17.981495]  show_stack+0x20/0x38 (C)
[   17.981551]  dump_stack_lvl+0x8c/0xd0
[   17.981607]  print_report+0x118/0x608
[   17.981653]  kasan_report+0xdc/0x128
[   17.981697]  __asan_report_store1_noabort+0x20/0x30
[   17.981742]  krealloc_less_oob_helper+0xa80/0xc50
[   17.981788]  krealloc_large_less_oob+0x20/0x38
[   17.982338]  kunit_try_run_case+0x170/0x3f0
[   17.982406]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.982515]  kthread+0x328/0x630
[   17.982706]  ret_from_fork+0x10/0x20
[   17.982760] 
[   17.982779] The buggy address belongs to the physical page:
[   17.983347] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c0
[   17.983489] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.983648] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.983812] page_type: f8(unknown)
[   17.983985] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.984164] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.984372] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.984498] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.984747] head: 0bfffe0000000002 ffffc1ffc31db001 00000000ffffffff 00000000ffffffff
[   17.984934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.985051] page dumped because: kasan: bad access detected
[   17.985081] 
[   17.985098] Memory state around the buggy address:
[   17.985392]  fff00000c76c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.985527]  fff00000c76c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.985673] >fff00000c76c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.985836]                                                     ^
[   17.986035]  fff00000c76c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.986119]  fff00000c76c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.986161] ==================================================================
[   17.918708] ==================================================================
[   17.918757] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.918816] Write of size 1 at addr fff00000c5d294eb by task kunit_try_catch/158
[   17.918863] 
[   17.918988] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.919146] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.919176] Hardware name: linux,dummy-virt (DT)
[   17.919244] Call trace:
[   17.919311]  show_stack+0x20/0x38 (C)
[   17.919547]  dump_stack_lvl+0x8c/0xd0
[   17.919597]  print_report+0x118/0x608
[   17.919643]  kasan_report+0xdc/0x128
[   17.919687]  __asan_report_store1_noabort+0x20/0x30
[   17.920263]  krealloc_less_oob_helper+0xa58/0xc50
[   17.920659]  krealloc_less_oob+0x20/0x38
[   17.920731]  kunit_try_run_case+0x170/0x3f0
[   17.920777]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.921338]  kthread+0x328/0x630
[   17.921594]  ret_from_fork+0x10/0x20
[   17.921895] 
[   17.921918] Allocated by task 158:
[   17.922001]  kasan_save_stack+0x3c/0x68
[   17.922194]  kasan_save_track+0x20/0x40
[   17.922239]  kasan_save_alloc_info+0x40/0x58
[   17.922770]  __kasan_krealloc+0x118/0x178
[   17.922861]  krealloc_noprof+0x128/0x360
[   17.923188]  krealloc_less_oob_helper+0x168/0xc50
[   17.923435]  krealloc_less_oob+0x20/0x38
[   17.923474]  kunit_try_run_case+0x170/0x3f0
[   17.923510]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.923552]  kthread+0x328/0x630
[   17.923583]  ret_from_fork+0x10/0x20
[   17.924028] 
[   17.924051] The buggy address belongs to the object at fff00000c5d29400
[   17.924051]  which belongs to the cache kmalloc-256 of size 256
[   17.924248] The buggy address is located 34 bytes to the right of
[   17.924248]  allocated 201-byte region [fff00000c5d29400, fff00000c5d294c9)
[   17.924448] 
[   17.924661] The buggy address belongs to the physical page:
[   17.924799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d28
[   17.924864] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.924909] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.924960] page_type: f5(slab)
[   17.924998] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.925297] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.925955] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.926008] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.926333] head: 0bfffe0000000001 ffffc1ffc3174a01 00000000ffffffff 00000000ffffffff
[   17.926384] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.926659] page dumped because: kasan: bad access detected
[   17.926691] 
[   17.926713] Memory state around the buggy address:
[   17.926745]  fff00000c5d29380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.926788]  fff00000c5d29400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.927306] >fff00000c5d29480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.927389]                                                           ^
[   17.927828]  fff00000c5d29500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.927876]  fff00000c5d29580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.927916] ==================================================================
[   17.904910] ==================================================================
[   17.904966] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.905159] Write of size 1 at addr fff00000c5d294da by task kunit_try_catch/158
[   17.905210] 
[   17.905307] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.905408] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.905441] Hardware name: linux,dummy-virt (DT)
[   17.905575] Call trace:
[   17.905606]  show_stack+0x20/0x38 (C)
[   17.905682]  dump_stack_lvl+0x8c/0xd0
[   17.905886]  print_report+0x118/0x608
[   17.906123]  kasan_report+0xdc/0x128
[   17.906238]  __asan_report_store1_noabort+0x20/0x30
[   17.906289]  krealloc_less_oob_helper+0xa80/0xc50
[   17.906336]  krealloc_less_oob+0x20/0x38
[   17.906379]  kunit_try_run_case+0x170/0x3f0
[   17.906425]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.906505]  kthread+0x328/0x630
[   17.906552]  ret_from_fork+0x10/0x20
[   17.906598] 
[   17.906616] Allocated by task 158:
[   17.906654]  kasan_save_stack+0x3c/0x68
[   17.906694]  kasan_save_track+0x20/0x40
[   17.906731]  kasan_save_alloc_info+0x40/0x58
[   17.906769]  __kasan_krealloc+0x118/0x178
[   17.906824]  krealloc_noprof+0x128/0x360
[   17.906862]  krealloc_less_oob_helper+0x168/0xc50
[   17.906910]  krealloc_less_oob+0x20/0x38
[   17.907131]  kunit_try_run_case+0x170/0x3f0
[   17.907226]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.907271]  kthread+0x328/0x630
[   17.907401]  ret_from_fork+0x10/0x20
[   17.907576] 
[   17.907674] The buggy address belongs to the object at fff00000c5d29400
[   17.907674]  which belongs to the cache kmalloc-256 of size 256
[   17.907842] The buggy address is located 17 bytes to the right of
[   17.907842]  allocated 201-byte region [fff00000c5d29400, fff00000c5d294c9)
[   17.908214] 
[   17.908264] The buggy address belongs to the physical page:
[   17.908424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d28
[   17.908589] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.908655] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.908732] page_type: f5(slab)
[   17.909082] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.909183] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.909440] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.909621] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.909748] head: 0bfffe0000000001 ffffc1ffc3174a01 00000000ffffffff 00000000ffffffff
[   17.909826] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.910127] page dumped because: kasan: bad access detected
[   17.910171] 
[   17.910430] Memory state around the buggy address:
[   17.910630]  fff00000c5d29380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.910734]  fff00000c5d29400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.910812] >fff00000c5d29480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.910894]                                                     ^
[   17.911016]  fff00000c5d29500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.911076]  fff00000c5d29580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.911112] ==================================================================
[   17.896580] ==================================================================
[   17.896635] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.896689] Write of size 1 at addr fff00000c5d294d0 by task kunit_try_catch/158
[   17.896737] 
[   17.896767] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.896857] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.896972] Hardware name: linux,dummy-virt (DT)
[   17.897006] Call trace:
[   17.897107]  show_stack+0x20/0x38 (C)
[   17.897343]  dump_stack_lvl+0x8c/0xd0
[   17.897446]  print_report+0x118/0x608
[   17.897503]  kasan_report+0xdc/0x128
[   17.897567]  __asan_report_store1_noabort+0x20/0x30
[   17.897621]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.897669]  krealloc_less_oob+0x20/0x38
[   17.897714]  kunit_try_run_case+0x170/0x3f0
[   17.897762]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.897822]  kthread+0x328/0x630
[   17.898091]  ret_from_fork+0x10/0x20
[   17.898468] 
[   17.898509] Allocated by task 158:
[   17.898653]  kasan_save_stack+0x3c/0x68
[   17.898773]  kasan_save_track+0x20/0x40
[   17.898826]  kasan_save_alloc_info+0x40/0x58
[   17.898902]  __kasan_krealloc+0x118/0x178
[   17.899333]  krealloc_noprof+0x128/0x360
[   17.899391]  krealloc_less_oob_helper+0x168/0xc50
[   17.899439]  krealloc_less_oob+0x20/0x38
[   17.899474]  kunit_try_run_case+0x170/0x3f0
[   17.899829]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.899985]  kthread+0x328/0x630
[   17.900151]  ret_from_fork+0x10/0x20
[   17.900270] 
[   17.900402] The buggy address belongs to the object at fff00000c5d29400
[   17.900402]  which belongs to the cache kmalloc-256 of size 256
[   17.900624] The buggy address is located 7 bytes to the right of
[   17.900624]  allocated 201-byte region [fff00000c5d29400, fff00000c5d294c9)
[   17.900746] 
[   17.900768] The buggy address belongs to the physical page:
[   17.900813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d28
[   17.901048] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.901113] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.901287] page_type: f5(slab)
[   17.901434] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.901548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.901857] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.902002] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.902205] head: 0bfffe0000000001 ffffc1ffc3174a01 00000000ffffffff 00000000ffffffff
[   17.902274] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.902607] page dumped because: kasan: bad access detected
[   17.902685] 
[   17.902768] Memory state around the buggy address:
[   17.902844]  fff00000c5d29380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.902887]  fff00000c5d29400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.903134] >fff00000c5d29480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.903184]                                                  ^
[   17.903261]  fff00000c5d29500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.903351]  fff00000c5d29580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.903504] ==================================================================
[   17.992121] ==================================================================
[   17.992173] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.992226] Write of size 1 at addr fff00000c76c20eb by task kunit_try_catch/162
[   17.992330] 
[   17.992364] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.992475] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.992542] Hardware name: linux,dummy-virt (DT)
[   17.992589] Call trace:
[   17.992660]  show_stack+0x20/0x38 (C)
[   17.993010]  dump_stack_lvl+0x8c/0xd0
[   17.993083]  print_report+0x118/0x608
[   17.993256]  kasan_report+0xdc/0x128
[   17.993355]  __asan_report_store1_noabort+0x20/0x30
[   17.993742]  krealloc_less_oob_helper+0xa58/0xc50
[   17.993877]  krealloc_large_less_oob+0x20/0x38
[   17.993930]  kunit_try_run_case+0x170/0x3f0
[   17.994375]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.994489]  kthread+0x328/0x630
[   17.994618]  ret_from_fork+0x10/0x20
[   17.994672] 
[   17.994720] The buggy address belongs to the physical page:
[   17.994753] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c0
[   17.994835] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.994891] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.995175] page_type: f8(unknown)
[   17.995500] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.995595] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.995731] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.995797] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.996106] head: 0bfffe0000000002 ffffc1ffc31db001 00000000ffffffff 00000000ffffffff
[   17.996276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.996335] page dumped because: kasan: bad access detected
[   17.996365] 
[   17.996544] Memory state around the buggy address:
[   17.996790]  fff00000c76c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.996947]  fff00000c76c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.997300] >fff00000c76c2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.997415]                                                           ^
[   17.997576]  fff00000c76c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.997661]  fff00000c76c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.997853] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkRTcOxNG0RjFqEvXKm3x6sPC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkRTcOxNG0RjFqEvXKm3x6sPC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/Image.gz
sha256sum	5fbd8c3970ae36e29a834ce01bc6e4bd25f6cdde84c4785eddd5944e7fac6f3e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkOQLY2UDGz7fHqGlDIGwfYK5/modules.tar.xz
sha256sum	dab8e8682ec9a5cba2412ad5c71233241414072bbb9a1ce395053c4d1adb684f

durations

tests

boot	0
kunit	176.42

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.604552] ==================================================================
[   11.604976] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.605365] Write of size 1 at addr ffff8881003514eb by task kunit_try_catch/175
[   11.605657] 
[   11.605776] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.605824] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.605835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.605855] Call Trace:
[   11.605877]  <TASK>
[   11.605897]  dump_stack_lvl+0x73/0xb0
[   11.605927]  print_report+0xd1/0x650
[   11.605949]  ? __virt_addr_valid+0x1db/0x2d0
[   11.605971]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.605993]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.606013]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.606035]  kasan_report+0x141/0x180
[   11.606056]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.606083]  __asan_report_store1_noabort+0x1b/0x30
[   11.606102]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.606126]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.606149]  ? finish_task_switch.isra.0+0x153/0x700
[   11.606171]  ? __switch_to+0x47/0xf50
[   11.606195]  ? __schedule+0x10cc/0x2b60
[   11.606215]  ? __pfx_read_tsc+0x10/0x10
[   11.606251]  krealloc_less_oob+0x1c/0x30
[   11.606271]  kunit_try_run_case+0x1a5/0x480
[   11.606295]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.606315]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.606338]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.606360]  ? __kthread_parkme+0x82/0x180
[   11.606382]  ? preempt_count_sub+0x50/0x80
[   11.606403]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.606425]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.606445]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.606466]  kthread+0x337/0x6f0
[   11.606484]  ? trace_preempt_on+0x20/0xc0
[   11.606507]  ? __pfx_kthread+0x10/0x10
[   11.606526]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.606545]  ? calculate_sigpending+0x7b/0xa0
[   11.606567]  ? __pfx_kthread+0x10/0x10
[   11.606587]  ret_from_fork+0x116/0x1d0
[   11.606604]  ? __pfx_kthread+0x10/0x10
[   11.606623]  ret_from_fork_asm+0x1a/0x30
[   11.606652]  </TASK>
[   11.606662] 
[   11.614781] Allocated by task 175:
[   11.615009]  kasan_save_stack+0x45/0x70
[   11.615299]  kasan_save_track+0x18/0x40
[   11.615464]  kasan_save_alloc_info+0x3b/0x50
[   11.615616]  __kasan_krealloc+0x190/0x1f0
[   11.615770]  krealloc_noprof+0xf3/0x340
[   11.615971]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.616270]  krealloc_less_oob+0x1c/0x30
[   11.616474]  kunit_try_run_case+0x1a5/0x480
[   11.616685]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.616911]  kthread+0x337/0x6f0
[   11.617043]  ret_from_fork+0x116/0x1d0
[   11.617174]  ret_from_fork_asm+0x1a/0x30
[   11.617327] 
[   11.617401] The buggy address belongs to the object at ffff888100351400
[   11.617401]  which belongs to the cache kmalloc-256 of size 256
[   11.617757] The buggy address is located 34 bytes to the right of
[   11.617757]  allocated 201-byte region [ffff888100351400, ffff8881003514c9)
[   11.619199] 
[   11.619450] The buggy address belongs to the physical page:
[   11.619724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.620083] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.620425] flags: 0x200000000000040(head|node=0|zone=2)
[   11.620682] page_type: f5(slab)
[   11.620861] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.621174] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.621580] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.621995] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.622804] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.623286] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.624337] page dumped because: kasan: bad access detected
[   11.624987] 
[   11.625150] Memory state around the buggy address:
[   11.625327]  ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.625544]  ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.625757] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.626016]                                                           ^
[   11.626302]  ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.626575]  ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.626859] ==================================================================
[   11.719455] ==================================================================
[   11.719848] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.720296] Write of size 1 at addr ffff888102a460da by task kunit_try_catch/179
[   11.720558] 
[   11.720710] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.720814] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.720836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.720857] Call Trace:
[   11.720879]  <TASK>
[   11.720900]  dump_stack_lvl+0x73/0xb0
[   11.720935]  print_report+0xd1/0x650
[   11.720960]  ? __virt_addr_valid+0x1db/0x2d0
[   11.720984]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.721008]  ? kasan_addr_to_slab+0x11/0xa0
[   11.721029]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.721053]  kasan_report+0x141/0x180
[   11.721076]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.721104]  __asan_report_store1_noabort+0x1b/0x30
[   11.721125]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.721151]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.721175]  ? finish_task_switch.isra.0+0x153/0x700
[   11.721198]  ? __switch_to+0x47/0xf50
[   11.721304]  ? __schedule+0x10cc/0x2b60
[   11.721329]  ? __pfx_read_tsc+0x10/0x10
[   11.721438]  krealloc_large_less_oob+0x1c/0x30
[   11.721463]  kunit_try_run_case+0x1a5/0x480
[   11.721488]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.721523]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.721548]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.721571]  ? __kthread_parkme+0x82/0x180
[   11.721605]  ? preempt_count_sub+0x50/0x80
[   11.721628]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.721652]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.721689]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.721712]  kthread+0x337/0x6f0
[   11.721734]  ? trace_preempt_on+0x20/0xc0
[   11.721770]  ? __pfx_kthread+0x10/0x10
[   11.721791]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.721812]  ? calculate_sigpending+0x7b/0xa0
[   11.721874]  ? __pfx_kthread+0x10/0x10
[   11.721907]  ret_from_fork+0x116/0x1d0
[   11.721926]  ? __pfx_kthread+0x10/0x10
[   11.721947]  ret_from_fork_asm+0x1a/0x30
[   11.721979]  </TASK>
[   11.721991] 
[   11.729926] The buggy address belongs to the physical page:
[   11.730243] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44
[   11.730611] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.730839] flags: 0x200000000000040(head|node=0|zone=2)
[   11.731160] page_type: f8(unknown)
[   11.731516] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.731760] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.732001] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.732248] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.732648] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff
[   11.733018] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.733541] page dumped because: kasan: bad access detected
[   11.733795] 
[   11.733867] Memory state around the buggy address:
[   11.734026]  ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.734254]  ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.734470] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.734904]                                                     ^
[   11.735184]  ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.735512]  ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.735827] ==================================================================
[   11.560688] ==================================================================
[   11.561015] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.561812] Write of size 1 at addr ffff8881003514da by task kunit_try_catch/175
[   11.562162] 
[   11.562448] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.562499] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.562511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.562532] Call Trace:
[   11.562554]  <TASK>
[   11.562573]  dump_stack_lvl+0x73/0xb0
[   11.562608]  print_report+0xd1/0x650
[   11.562631]  ? __virt_addr_valid+0x1db/0x2d0
[   11.562653]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.562676]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.562697]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.562719]  kasan_report+0x141/0x180
[   11.562739]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.562766]  __asan_report_store1_noabort+0x1b/0x30
[   11.562785]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.562808]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.562831]  ? finish_task_switch.isra.0+0x153/0x700
[   11.562852]  ? __switch_to+0x47/0xf50
[   11.562876]  ? __schedule+0x10cc/0x2b60
[   11.562897]  ? __pfx_read_tsc+0x10/0x10
[   11.562919]  krealloc_less_oob+0x1c/0x30
[   11.562939]  kunit_try_run_case+0x1a5/0x480
[   11.562963]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.562983]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.563006]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.563027]  ? __kthread_parkme+0x82/0x180
[   11.563046]  ? preempt_count_sub+0x50/0x80
[   11.563067]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.563088]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.563109]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.563130]  kthread+0x337/0x6f0
[   11.563148]  ? trace_preempt_on+0x20/0xc0
[   11.563170]  ? __pfx_kthread+0x10/0x10
[   11.563189]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.563208]  ? calculate_sigpending+0x7b/0xa0
[   11.563245]  ? __pfx_kthread+0x10/0x10
[   11.563282]  ret_from_fork+0x116/0x1d0
[   11.563300]  ? __pfx_kthread+0x10/0x10
[   11.563318]  ret_from_fork_asm+0x1a/0x30
[   11.563348]  </TASK>
[   11.563359] 
[   11.571346] Allocated by task 175:
[   11.571565]  kasan_save_stack+0x45/0x70
[   11.571783]  kasan_save_track+0x18/0x40
[   11.571916]  kasan_save_alloc_info+0x3b/0x50
[   11.572073]  __kasan_krealloc+0x190/0x1f0
[   11.572395]  krealloc_noprof+0xf3/0x340
[   11.572681]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.572924]  krealloc_less_oob+0x1c/0x30
[   11.573117]  kunit_try_run_case+0x1a5/0x480
[   11.573276]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.573452]  kthread+0x337/0x6f0
[   11.573574]  ret_from_fork+0x116/0x1d0
[   11.573716]  ret_from_fork_asm+0x1a/0x30
[   11.573909] 
[   11.574005] The buggy address belongs to the object at ffff888100351400
[   11.574005]  which belongs to the cache kmalloc-256 of size 256
[   11.574739] The buggy address is located 17 bytes to the right of
[   11.574739]  allocated 201-byte region [ffff888100351400, ffff8881003514c9)
[   11.575512] 
[   11.575592] The buggy address belongs to the physical page:
[   11.575775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.576070] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.576620] flags: 0x200000000000040(head|node=0|zone=2)
[   11.576892] page_type: f5(slab)
[   11.577076] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.577512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.577805] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.578127] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.578483] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.578802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.579104] page dumped because: kasan: bad access detected
[   11.579844] 
[   11.579976] Memory state around the buggy address:
[   11.580174]  ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.580414]  ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.580629] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.581323]                                                     ^
[   11.581602]  ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.581899]  ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.582194] ==================================================================
[   11.582843] ==================================================================
[   11.583128] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.583635] Write of size 1 at addr ffff8881003514ea by task kunit_try_catch/175
[   11.583928] 
[   11.584045] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.584092] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.584103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.584124] Call Trace:
[   11.584146]  <TASK>
[   11.584165]  dump_stack_lvl+0x73/0xb0
[   11.584194]  print_report+0xd1/0x650
[   11.584216]  ? __virt_addr_valid+0x1db/0x2d0
[   11.584252]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.584274]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.584295]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.584317]  kasan_report+0x141/0x180
[   11.584337]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.584364]  __asan_report_store1_noabort+0x1b/0x30
[   11.584383]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.584407]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.584429]  ? finish_task_switch.isra.0+0x153/0x700
[   11.584450]  ? __switch_to+0x47/0xf50
[   11.584474]  ? __schedule+0x10cc/0x2b60
[   11.584495]  ? __pfx_read_tsc+0x10/0x10
[   11.584518]  krealloc_less_oob+0x1c/0x30
[   11.584538]  kunit_try_run_case+0x1a5/0x480
[   11.584561]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.584582]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.584603]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.584624]  ? __kthread_parkme+0x82/0x180
[   11.584643]  ? preempt_count_sub+0x50/0x80
[   11.584664]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.584686]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.584706]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.584728]  kthread+0x337/0x6f0
[   11.584746]  ? trace_preempt_on+0x20/0xc0
[   11.584767]  ? __pfx_kthread+0x10/0x10
[   11.584796]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.584816]  ? calculate_sigpending+0x7b/0xa0
[   11.584839]  ? __pfx_kthread+0x10/0x10
[   11.584858]  ret_from_fork+0x116/0x1d0
[   11.584875]  ? __pfx_kthread+0x10/0x10
[   11.584894]  ret_from_fork_asm+0x1a/0x30
[   11.584923]  </TASK>
[   11.584933] 
[   11.592848] Allocated by task 175:
[   11.593007]  kasan_save_stack+0x45/0x70
[   11.593163]  kasan_save_track+0x18/0x40
[   11.593347]  kasan_save_alloc_info+0x3b/0x50
[   11.593559]  __kasan_krealloc+0x190/0x1f0
[   11.593760]  krealloc_noprof+0xf3/0x340
[   11.593996]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.594934]  krealloc_less_oob+0x1c/0x30
[   11.595167]  kunit_try_run_case+0x1a5/0x480
[   11.595478]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.595717]  kthread+0x337/0x6f0
[   11.595871]  ret_from_fork+0x116/0x1d0
[   11.596034]  ret_from_fork_asm+0x1a/0x30
[   11.596190] 
[   11.596276] The buggy address belongs to the object at ffff888100351400
[   11.596276]  which belongs to the cache kmalloc-256 of size 256
[   11.596639] The buggy address is located 33 bytes to the right of
[   11.596639]  allocated 201-byte region [ffff888100351400, ffff8881003514c9)
[   11.597263] 
[   11.597360] The buggy address belongs to the physical page:
[   11.597622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.598318] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.598706] flags: 0x200000000000040(head|node=0|zone=2)
[   11.598958] page_type: f5(slab)
[   11.599109] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.599510] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.599769] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.599999] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.600306] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.600645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.601002] page dumped because: kasan: bad access detected
[   11.601424] 
[   11.601521] Memory state around the buggy address:
[   11.601681]  ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.601894]  ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.602108] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.602331]                                                           ^
[   11.602728]  ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.603052]  ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.603404] ==================================================================
[   11.736319] ==================================================================
[   11.736655] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.736947] Write of size 1 at addr ffff888102a460ea by task kunit_try_catch/179
[   11.737176] 
[   11.737385] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.737431] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.737442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.737463] Call Trace:
[   11.737486]  <TASK>
[   11.737506]  dump_stack_lvl+0x73/0xb0
[   11.737538]  print_report+0xd1/0x650
[   11.737563]  ? __virt_addr_valid+0x1db/0x2d0
[   11.737587]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.737611]  ? kasan_addr_to_slab+0x11/0xa0
[   11.737681]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.737719]  kasan_report+0x141/0x180
[   11.737754]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.737811]  __asan_report_store1_noabort+0x1b/0x30
[   11.737832]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.737894]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.737930]  ? finish_task_switch.isra.0+0x153/0x700
[   11.737991]  ? __switch_to+0x47/0xf50
[   11.738018]  ? __schedule+0x10cc/0x2b60
[   11.738041]  ? __pfx_read_tsc+0x10/0x10
[   11.738077]  krealloc_large_less_oob+0x1c/0x30
[   11.738100]  kunit_try_run_case+0x1a5/0x480
[   11.738126]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.738148]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.738172]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.738195]  ? __kthread_parkme+0x82/0x180
[   11.738244]  ? preempt_count_sub+0x50/0x80
[   11.738268]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.738292]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.738315]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.738338]  kthread+0x337/0x6f0
[   11.738359]  ? trace_preempt_on+0x20/0xc0
[   11.738383]  ? __pfx_kthread+0x10/0x10
[   11.738405]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.738426]  ? calculate_sigpending+0x7b/0xa0
[   11.738451]  ? __pfx_kthread+0x10/0x10
[   11.738473]  ret_from_fork+0x116/0x1d0
[   11.738492]  ? __pfx_kthread+0x10/0x10
[   11.738513]  ret_from_fork_asm+0x1a/0x30
[   11.738544]  </TASK>
[   11.738557] 
[   11.747095] The buggy address belongs to the physical page:
[   11.747481] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44
[   11.747744] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.748252] flags: 0x200000000000040(head|node=0|zone=2)
[   11.748632] page_type: f8(unknown)
[   11.748899] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.749337] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.749744] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.750034] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.750434] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff
[   11.751794] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.753348] page dumped because: kasan: bad access detected
[   11.753784] 
[   11.753888] Memory state around the buggy address:
[   11.754066]  ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.754795]  ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.755119] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.755791]                                                           ^
[   11.756612]  ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.757098]  ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.757711] ==================================================================
[   11.539591] ==================================================================
[   11.539934] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.540325] Write of size 1 at addr ffff8881003514d0 by task kunit_try_catch/175
[   11.540551] 
[   11.540644] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.540690] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.540701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.540723] Call Trace:
[   11.540736]  <TASK>
[   11.540756]  dump_stack_lvl+0x73/0xb0
[   11.540795]  print_report+0xd1/0x650
[   11.540817]  ? __virt_addr_valid+0x1db/0x2d0
[   11.540839]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.540861]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.540881]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.540904]  kasan_report+0x141/0x180
[   11.540924]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.540951]  __asan_report_store1_noabort+0x1b/0x30
[   11.540969]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.540994]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.541016]  ? finish_task_switch.isra.0+0x153/0x700
[   11.541037]  ? __switch_to+0x47/0xf50
[   11.541061]  ? __schedule+0x10cc/0x2b60
[   11.541082]  ? __pfx_read_tsc+0x10/0x10
[   11.541105]  krealloc_less_oob+0x1c/0x30
[   11.541125]  kunit_try_run_case+0x1a5/0x480
[   11.541148]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.541169]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.541191]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.541213]  ? __kthread_parkme+0x82/0x180
[   11.541245]  ? preempt_count_sub+0x50/0x80
[   11.541266]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.541287]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.541308]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.541349]  kthread+0x337/0x6f0
[   11.541368]  ? trace_preempt_on+0x20/0xc0
[   11.541391]  ? __pfx_kthread+0x10/0x10
[   11.541410]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.541430]  ? calculate_sigpending+0x7b/0xa0
[   11.541452]  ? __pfx_kthread+0x10/0x10
[   11.541472]  ret_from_fork+0x116/0x1d0
[   11.541489]  ? __pfx_kthread+0x10/0x10
[   11.541508]  ret_from_fork_asm+0x1a/0x30
[   11.541537]  </TASK>
[   11.541549] 
[   11.549277] Allocated by task 175:
[   11.549509]  kasan_save_stack+0x45/0x70
[   11.549728]  kasan_save_track+0x18/0x40
[   11.549919]  kasan_save_alloc_info+0x3b/0x50
[   11.550094]  __kasan_krealloc+0x190/0x1f0
[   11.550290]  krealloc_noprof+0xf3/0x340
[   11.550460]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.550621]  krealloc_less_oob+0x1c/0x30
[   11.550758]  kunit_try_run_case+0x1a5/0x480
[   11.551029]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.551293]  kthread+0x337/0x6f0
[   11.551464]  ret_from_fork+0x116/0x1d0
[   11.551663]  ret_from_fork_asm+0x1a/0x30
[   11.552289] 
[   11.552375] The buggy address belongs to the object at ffff888100351400
[   11.552375]  which belongs to the cache kmalloc-256 of size 256
[   11.552904] The buggy address is located 7 bytes to the right of
[   11.552904]  allocated 201-byte region [ffff888100351400, ffff8881003514c9)
[   11.553509] 
[   11.553602] The buggy address belongs to the physical page:
[   11.553827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.554173] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.554546] flags: 0x200000000000040(head|node=0|zone=2)
[   11.554750] page_type: f5(slab)
[   11.554923] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.555186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.555429] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.555659] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.555943] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.556505] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.556851] page dumped because: kasan: bad access detected
[   11.557103] 
[   11.557196] Memory state around the buggy address:
[   11.557953]  ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.558273]  ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.558596] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.558908]                                                  ^
[   11.559124]  ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.559644]  ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.559930] ==================================================================
[   11.507410] ==================================================================
[   11.508135] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.509157] Write of size 1 at addr ffff8881003514c9 by task kunit_try_catch/175
[   11.510059] 
[   11.510171] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.510235] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.510247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.510270] Call Trace:
[   11.510285]  <TASK>
[   11.510305]  dump_stack_lvl+0x73/0xb0
[   11.510345]  print_report+0xd1/0x650
[   11.510369]  ? __virt_addr_valid+0x1db/0x2d0
[   11.510393]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.510416]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.510437]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.510460]  kasan_report+0x141/0x180
[   11.510481]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.510508]  __asan_report_store1_noabort+0x1b/0x30
[   11.510527]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.510552]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.510575]  ? finish_task_switch.isra.0+0x153/0x700
[   11.510598]  ? __switch_to+0x47/0xf50
[   11.510623]  ? __schedule+0x10cc/0x2b60
[   11.510644]  ? __pfx_read_tsc+0x10/0x10
[   11.510668]  krealloc_less_oob+0x1c/0x30
[   11.510688]  kunit_try_run_case+0x1a5/0x480
[   11.510713]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.510734]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.510757]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.510779]  ? __kthread_parkme+0x82/0x180
[   11.510799]  ? preempt_count_sub+0x50/0x80
[   11.510820]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.510845]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.510869]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.510893]  kthread+0x337/0x6f0
[   11.510912]  ? trace_preempt_on+0x20/0xc0
[   11.510935]  ? __pfx_kthread+0x10/0x10
[   11.510955]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.510975]  ? calculate_sigpending+0x7b/0xa0
[   11.510999]  ? __pfx_kthread+0x10/0x10
[   11.511020]  ret_from_fork+0x116/0x1d0
[   11.511037]  ? __pfx_kthread+0x10/0x10
[   11.511056]  ret_from_fork_asm+0x1a/0x30
[   11.511086]  </TASK>
[   11.511097] 
[   11.525746] Allocated by task 175:
[   11.526342]  kasan_save_stack+0x45/0x70
[   11.527041]  kasan_save_track+0x18/0x40
[   11.527538]  kasan_save_alloc_info+0x3b/0x50
[   11.528442]  __kasan_krealloc+0x190/0x1f0
[   11.528852]  krealloc_noprof+0xf3/0x340
[   11.529027]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.529337]  krealloc_less_oob+0x1c/0x30
[   11.529582]  kunit_try_run_case+0x1a5/0x480
[   11.529766]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.529963]  kthread+0x337/0x6f0
[   11.530136]  ret_from_fork+0x116/0x1d0
[   11.530349]  ret_from_fork_asm+0x1a/0x30
[   11.530592] 
[   11.530675] The buggy address belongs to the object at ffff888100351400
[   11.530675]  which belongs to the cache kmalloc-256 of size 256
[   11.531172] The buggy address is located 0 bytes to the right of
[   11.531172]  allocated 201-byte region [ffff888100351400, ffff8881003514c9)
[   11.532008] 
[   11.532114] The buggy address belongs to the physical page:
[   11.532522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.532875] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.533199] flags: 0x200000000000040(head|node=0|zone=2)
[   11.533416] page_type: f5(slab)
[   11.533763] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.534068] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.534526] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.534847] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.535187] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.535578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.535857] page dumped because: kasan: bad access detected
[   11.536114] 
[   11.536207] Memory state around the buggy address:
[   11.536433]  ffff888100351380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.536740]  ffff888100351400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.537042] >ffff888100351480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.537279]                                               ^
[   11.537556]  ffff888100351500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.538335]  ffff888100351580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.538862] ==================================================================
[   11.674134] ==================================================================
[   11.675294] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.676888] Write of size 1 at addr ffff888102a460c9 by task kunit_try_catch/179
[   11.677139] 
[   11.677268] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.677321] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.677333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.677412] Call Trace:
[   11.677430]  <TASK>
[   11.677505]  dump_stack_lvl+0x73/0xb0
[   11.677551]  print_report+0xd1/0x650
[   11.677813]  ? __virt_addr_valid+0x1db/0x2d0
[   11.677844]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.677922]  ? kasan_addr_to_slab+0x11/0xa0
[   11.677946]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.677971]  kasan_report+0x141/0x180
[   11.678051]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.678080]  __asan_report_store1_noabort+0x1b/0x30
[   11.678396]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.678430]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.678455]  ? finish_task_switch.isra.0+0x153/0x700
[   11.678481]  ? __switch_to+0x47/0xf50
[   11.678510]  ? __schedule+0x10cc/0x2b60
[   11.678535]  ? __pfx_read_tsc+0x10/0x10
[   11.678561]  krealloc_large_less_oob+0x1c/0x30
[   11.678584]  kunit_try_run_case+0x1a5/0x480
[   11.678613]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.678639]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.678664]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.678687]  ? __kthread_parkme+0x82/0x180
[   11.678709]  ? preempt_count_sub+0x50/0x80
[   11.678732]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.678756]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.678779]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.678802]  kthread+0x337/0x6f0
[   11.678822]  ? trace_preempt_on+0x20/0xc0
[   11.678846]  ? __pfx_kthread+0x10/0x10
[   11.678867]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.678888]  ? calculate_sigpending+0x7b/0xa0
[   11.678914]  ? __pfx_kthread+0x10/0x10
[   11.678935]  ret_from_fork+0x116/0x1d0
[   11.678954]  ? __pfx_kthread+0x10/0x10
[   11.678975]  ret_from_fork_asm+0x1a/0x30
[   11.679008]  </TASK>
[   11.679022] 
[   11.689664] The buggy address belongs to the physical page:
[   11.689942] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44
[   11.690790] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.691585] flags: 0x200000000000040(head|node=0|zone=2)
[   11.692092] page_type: f8(unknown)
[   11.692502] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.692893] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.693609] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.694080] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.694905] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff
[   11.695422] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.695902] page dumped because: kasan: bad access detected
[   11.696138] 
[   11.696492] Memory state around the buggy address:
[   11.696808]  ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.697424]  ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.698100] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.698706]                                               ^
[   11.699181]  ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.699671]  ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.699979] ==================================================================
[   11.759000] ==================================================================
[   11.759602] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.759955] Write of size 1 at addr ffff888102a460eb by task kunit_try_catch/179
[   11.761200] 
[   11.761544] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.761686] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.761700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.761722] Call Trace:
[   11.761747]  <TASK>
[   11.761770]  dump_stack_lvl+0x73/0xb0
[   11.761813]  print_report+0xd1/0x650
[   11.761839]  ? __virt_addr_valid+0x1db/0x2d0
[   11.761863]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.761889]  ? kasan_addr_to_slab+0x11/0xa0
[   11.761909]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.761934]  kasan_report+0x141/0x180
[   11.761956]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.761984]  __asan_report_store1_noabort+0x1b/0x30
[   11.762005]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.762031]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.762055]  ? finish_task_switch.isra.0+0x153/0x700
[   11.762078]  ? __switch_to+0x47/0xf50
[   11.762104]  ? __schedule+0x10cc/0x2b60
[   11.762127]  ? __pfx_read_tsc+0x10/0x10
[   11.762152]  krealloc_large_less_oob+0x1c/0x30
[   11.762175]  kunit_try_run_case+0x1a5/0x480
[   11.762251]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.762290]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.762315]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.762338]  ? __kthread_parkme+0x82/0x180
[   11.762359]  ? preempt_count_sub+0x50/0x80
[   11.762383]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.762407]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.762430]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.762453]  kthread+0x337/0x6f0
[   11.762473]  ? trace_preempt_on+0x20/0xc0
[   11.762499]  ? __pfx_kthread+0x10/0x10
[   11.762523]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.762546]  ? calculate_sigpending+0x7b/0xa0
[   11.762571]  ? __pfx_kthread+0x10/0x10
[   11.762592]  ret_from_fork+0x116/0x1d0
[   11.762612]  ? __pfx_kthread+0x10/0x10
[   11.762633]  ret_from_fork_asm+0x1a/0x30
[   11.762666]  </TASK>
[   11.762679] 
[   11.775333] The buggy address belongs to the physical page:
[   11.775882] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44
[   11.776144] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.778033] flags: 0x200000000000040(head|node=0|zone=2)
[   11.778273] page_type: f8(unknown)
[   11.778409] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.778643] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.778874] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.779107] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.779788] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff
[   11.781077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.782474] page dumped because: kasan: bad access detected
[   11.783097] 
[   11.783378] Memory state around the buggy address:
[   11.784009]  ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.784845]  ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.785664] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.786178]                                                           ^
[   11.787305]  ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.787954]  ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.788172] ==================================================================
[   11.700961] ==================================================================
[   11.701831] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.702431] Write of size 1 at addr ffff888102a460d0 by task kunit_try_catch/179
[   11.702967] 
[   11.703092] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.703141] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.703152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.703176] Call Trace:
[   11.703202]  <TASK>
[   11.703237]  dump_stack_lvl+0x73/0xb0
[   11.703276]  print_report+0xd1/0x650
[   11.703302]  ? __virt_addr_valid+0x1db/0x2d0
[   11.703326]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.703350]  ? kasan_addr_to_slab+0x11/0xa0
[   11.703371]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.703395]  kasan_report+0x141/0x180
[   11.703418]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.703446]  __asan_report_store1_noabort+0x1b/0x30
[   11.703467]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.703493]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.703517]  ? finish_task_switch.isra.0+0x153/0x700
[   11.703540]  ? __switch_to+0x47/0xf50
[   11.703606]  ? __schedule+0x10cc/0x2b60
[   11.703631]  ? __pfx_read_tsc+0x10/0x10
[   11.703656]  krealloc_large_less_oob+0x1c/0x30
[   11.703692]  kunit_try_run_case+0x1a5/0x480
[   11.703717]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.703739]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.703765]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.703788]  ? __kthread_parkme+0x82/0x180
[   11.703810]  ? preempt_count_sub+0x50/0x80
[   11.703833]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.703856]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.703879]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.703902]  kthread+0x337/0x6f0
[   11.703922]  ? trace_preempt_on+0x20/0xc0
[   11.703946]  ? __pfx_kthread+0x10/0x10
[   11.703967]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.703988]  ? calculate_sigpending+0x7b/0xa0
[   11.704013]  ? __pfx_kthread+0x10/0x10
[   11.704035]  ret_from_fork+0x116/0x1d0
[   11.704053]  ? __pfx_kthread+0x10/0x10
[   11.704074]  ret_from_fork_asm+0x1a/0x30
[   11.704106]  </TASK>
[   11.704118] 
[   11.712315] The buggy address belongs to the physical page:
[   11.712709] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a44
[   11.713125] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.713635] flags: 0x200000000000040(head|node=0|zone=2)
[   11.713913] page_type: f8(unknown)
[   11.714048] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.714292] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.714573] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.715284] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.715635] head: 0200000000000002 ffffea00040a9101 00000000ffffffff 00000000ffffffff
[   11.715995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.716233] page dumped because: kasan: bad access detected
[   11.716742] 
[   11.716896] Memory state around the buggy address:
[   11.717062]  ffff888102a45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.717338]  ffff888102a46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.717678] >ffff888102a46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.717981]                                                  ^
[   11.718382]  ffff888102a46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.718604]  ffff888102a46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.718815] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zQkNKJfliwcbbkUxqMJyl1w7ld

job_id

TEST:linaro@lkft#2zQkSQgslXQ0Ma2lkWOt6lQxZV2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zQkSQgslXQ0Ma2lkWOt6lQxZV2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/bzImage
sha256sum	5c9564af88356106f181c7ebae8640f61710877fc0d04924c2c06faa7f0185e5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zQkPZBQpMWyxFPjG3Xmdvcpb45/modules.tar.xz
sha256sum	61c61d46d81ee697a25111ed181eb7917f8709c9a7ef58842accb53e5ed282f2

durations

tests

boot	0
kunit	245.23

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit