lkft/linux-mainline-master - v6.16-rc4-308-ga79a588fc176 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 5, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   18.863585] ==================================================================
[   18.863688] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.863869] Write of size 1 at addr fff00000c78520da by task kunit_try_catch/163
[   18.863988] 
[   18.864065] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.864231] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.864291] Hardware name: linux,dummy-virt (DT)
[   18.864374] Call trace:
[   18.864423]  show_stack+0x20/0x38 (C)
[   18.864527]  dump_stack_lvl+0x8c/0xd0
[   18.864630]  print_report+0x118/0x608
[   18.864726]  kasan_report+0xdc/0x128
[   18.864826]  __asan_report_store1_noabort+0x20/0x30
[   18.864932]  krealloc_less_oob_helper+0xa80/0xc50
[   18.865037]  krealloc_large_less_oob+0x20/0x38
[   18.865135]  kunit_try_run_case+0x170/0x3f0
[   18.865238]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.865351]  kthread+0x328/0x630
[   18.865459]  ret_from_fork+0x10/0x20
[   18.865559] 
[   18.865601] The buggy address belongs to the physical page:
[   18.865666] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   18.865776] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.865873] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.865978] page_type: f8(unknown)
[   18.867815] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.868058] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.868253] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.868435] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.868949] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   18.869386] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.869533] page dumped because: kasan: bad access detected
[   18.869606] 
[   18.869656] Memory state around the buggy address:
[   18.869790]  fff00000c7851f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.869942]  fff00000c7852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.870036] >fff00000c7852080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.870115]                                                     ^
[   18.870180]  fff00000c7852100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.870262]  fff00000c7852180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.870337] ==================================================================
[   18.877659] ==================================================================
[   18.877788] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.877909] Write of size 1 at addr fff00000c78520eb by task kunit_try_catch/163
[   18.878056] 
[   18.878116] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.878259] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.878309] Hardware name: linux,dummy-virt (DT)
[   18.878388] Call trace:
[   18.878431]  show_stack+0x20/0x38 (C)
[   18.878775]  dump_stack_lvl+0x8c/0xd0
[   18.878903]  print_report+0x118/0x608
[   18.879000]  kasan_report+0xdc/0x128
[   18.879112]  __asan_report_store1_noabort+0x20/0x30
[   18.879281]  krealloc_less_oob_helper+0xa58/0xc50
[   18.879411]  krealloc_large_less_oob+0x20/0x38
[   18.879511]  kunit_try_run_case+0x170/0x3f0
[   18.879619]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.879784]  kthread+0x328/0x630
[   18.879875]  ret_from_fork+0x10/0x20
[   18.879968] 
[   18.880009] The buggy address belongs to the physical page:
[   18.880480] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   18.880648] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.880789] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.880943] page_type: f8(unknown)
[   18.881056] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.881166] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.881307] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.881426] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.881524] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   18.882088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.882265] page dumped because: kasan: bad access detected
[   18.882380] 
[   18.882504] Memory state around the buggy address:
[   18.882610]  fff00000c7851f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.882707]  fff00000c7852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.882827] >fff00000c7852080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.882898]                                                           ^
[   18.882978]  fff00000c7852100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.883292]  fff00000c7852180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.883389] ==================================================================
[   18.764366] ==================================================================
[   18.766037] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.766191] Write of size 1 at addr fff00000c091f8da by task kunit_try_catch/159
[   18.766286] 
[   18.766343] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.766528] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.766586] Hardware name: linux,dummy-virt (DT)
[   18.766651] Call trace:
[   18.766992]  show_stack+0x20/0x38 (C)
[   18.767339]  dump_stack_lvl+0x8c/0xd0
[   18.767471]  print_report+0x118/0x608
[   18.767573]  kasan_report+0xdc/0x128
[   18.767669]  __asan_report_store1_noabort+0x20/0x30
[   18.767782]  krealloc_less_oob_helper+0xa80/0xc50
[   18.768534]  krealloc_less_oob+0x20/0x38
[   18.768980]  kunit_try_run_case+0x170/0x3f0
[   18.769525]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.769661]  kthread+0x328/0x630
[   18.769765]  ret_from_fork+0x10/0x20
[   18.769869] 
[   18.769909] Allocated by task 159:
[   18.769965]  kasan_save_stack+0x3c/0x68
[   18.770047]  kasan_save_track+0x20/0x40
[   18.770584]  kasan_save_alloc_info+0x40/0x58
[   18.771060]  __kasan_krealloc+0x118/0x178
[   18.771205]  krealloc_noprof+0x128/0x360
[   18.771331]  krealloc_less_oob_helper+0x168/0xc50
[   18.771443]  krealloc_less_oob+0x20/0x38
[   18.771585]  kunit_try_run_case+0x170/0x3f0
[   18.771710]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.771989]  kthread+0x328/0x630
[   18.772282]  ret_from_fork+0x10/0x20
[   18.772398] 
[   18.772489] The buggy address belongs to the object at fff00000c091f800
[   18.772489]  which belongs to the cache kmalloc-256 of size 256
[   18.772807] The buggy address is located 17 bytes to the right of
[   18.772807]  allocated 201-byte region [fff00000c091f800, fff00000c091f8c9)
[   18.773347] 
[   18.773432] The buggy address belongs to the physical page:
[   18.773506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10091e
[   18.773624] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.773720] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.774477] page_type: f5(slab)
[   18.774659] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.774820] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.774972] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.775086] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.775411] head: 0bfffe0000000001 ffffc1ffc3024781 00000000ffffffff 00000000ffffffff
[   18.775504] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.775586] page dumped because: kasan: bad access detected
[   18.775649] 
[   18.775686] Memory state around the buggy address:
[   18.776311]  fff00000c091f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.776489]  fff00000c091f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.776580] >fff00000c091f880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.776673]                                                     ^
[   18.777133]  fff00000c091f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.777241]  fff00000c091f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.777322] ==================================================================
[   18.795253] ==================================================================
[   18.795386] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.795513] Write of size 1 at addr fff00000c091f8eb by task kunit_try_catch/159
[   18.795625] 
[   18.795693] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.795879] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.795941] Hardware name: linux,dummy-virt (DT)
[   18.796009] Call trace:
[   18.796064]  show_stack+0x20/0x38 (C)
[   18.796168]  dump_stack_lvl+0x8c/0xd0
[   18.796264]  print_report+0x118/0x608
[   18.796702]  kasan_report+0xdc/0x128
[   18.796852]  __asan_report_store1_noabort+0x20/0x30
[   18.796962]  krealloc_less_oob_helper+0xa58/0xc50
[   18.797074]  krealloc_less_oob+0x20/0x38
[   18.797166]  kunit_try_run_case+0x170/0x3f0
[   18.797435]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.797579]  kthread+0x328/0x630
[   18.797635]  ret_from_fork+0x10/0x20
[   18.797685] 
[   18.797705] Allocated by task 159:
[   18.797734]  kasan_save_stack+0x3c/0x68
[   18.797779]  kasan_save_track+0x20/0x40
[   18.797816]  kasan_save_alloc_info+0x40/0x58
[   18.797854]  __kasan_krealloc+0x118/0x178
[   18.797891]  krealloc_noprof+0x128/0x360
[   18.797927]  krealloc_less_oob_helper+0x168/0xc50
[   18.797965]  krealloc_less_oob+0x20/0x38
[   18.798092]  kunit_try_run_case+0x170/0x3f0
[   18.798219]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.798476]  kthread+0x328/0x630
[   18.798593]  ret_from_fork+0x10/0x20
[   18.798960] 
[   18.799003] The buggy address belongs to the object at fff00000c091f800
[   18.799003]  which belongs to the cache kmalloc-256 of size 256
[   18.799119] The buggy address is located 34 bytes to the right of
[   18.799119]  allocated 201-byte region [fff00000c091f800, fff00000c091f8c9)
[   18.799335] 
[   18.799475] The buggy address belongs to the physical page:
[   18.799843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10091e
[   18.800121] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.800335] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.800457] page_type: f5(slab)
[   18.800978] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.801086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.801939] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.802293] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.802404] head: 0bfffe0000000001 ffffc1ffc3024781 00000000ffffffff 00000000ffffffff
[   18.802510] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.803590] page dumped because: kasan: bad access detected
[   18.803931] 
[   18.804020] Memory state around the buggy address:
[   18.804089]  fff00000c091f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.804536]  fff00000c091f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.805125] >fff00000c091f880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.805545]                                                           ^
[   18.805656]  fff00000c091f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.805861]  fff00000c091f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.806458] ==================================================================
[   18.858401] ==================================================================
[   18.858529] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.858640] Write of size 1 at addr fff00000c78520d0 by task kunit_try_catch/163
[   18.858741] 
[   18.858807] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.859007] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.859057] Hardware name: linux,dummy-virt (DT)
[   18.859124] Call trace:
[   18.859167]  show_stack+0x20/0x38 (C)
[   18.859270]  dump_stack_lvl+0x8c/0xd0
[   18.859390]  print_report+0x118/0x608
[   18.859496]  kasan_report+0xdc/0x128
[   18.859596]  __asan_report_store1_noabort+0x20/0x30
[   18.859700]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.859808]  krealloc_large_less_oob+0x20/0x38
[   18.859925]  kunit_try_run_case+0x170/0x3f0
[   18.860031]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.860146]  kthread+0x328/0x630
[   18.860240]  ret_from_fork+0x10/0x20
[   18.860347] 
[   18.860407] The buggy address belongs to the physical page:
[   18.860476] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   18.860590] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.860690] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.860798] page_type: f8(unknown)
[   18.860880] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.860987] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.861093] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.861195] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.861300] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   18.861413] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.861497] page dumped because: kasan: bad access detected
[   18.861561] 
[   18.861602] Memory state around the buggy address:
[   18.861660]  fff00000c7851f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.861738]  fff00000c7852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.861827] >fff00000c7852080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.861912]                                                  ^
[   18.861982]  fff00000c7852100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.862131]  fff00000c7852180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.862207] ==================================================================
[   18.852508] ==================================================================
[   18.852633] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.852736] Write of size 1 at addr fff00000c78520c9 by task kunit_try_catch/163
[   18.852840] 
[   18.852905] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.853075] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.853132] Hardware name: linux,dummy-virt (DT)
[   18.853199] Call trace:
[   18.853247]  show_stack+0x20/0x38 (C)
[   18.853367]  dump_stack_lvl+0x8c/0xd0
[   18.853478]  print_report+0x118/0x608
[   18.853581]  kasan_report+0xdc/0x128
[   18.853681]  __asan_report_store1_noabort+0x20/0x30
[   18.853799]  krealloc_less_oob_helper+0xa48/0xc50
[   18.853958]  krealloc_large_less_oob+0x20/0x38
[   18.854106]  kunit_try_run_case+0x170/0x3f0
[   18.854209]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.854329]  kthread+0x328/0x630
[   18.854568]  ret_from_fork+0x10/0x20
[   18.854708] 
[   18.854754] The buggy address belongs to the physical page:
[   18.854819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   18.854912] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.855000] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.855131] page_type: f8(unknown)
[   18.855220] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.855337] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.855520] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.855643] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.855825] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   18.855972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.856105] page dumped because: kasan: bad access detected
[   18.856178] 
[   18.856217] Memory state around the buggy address:
[   18.856307]  fff00000c7851f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.856458]  fff00000c7852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.856590] >fff00000c7852080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.856708]                                               ^
[   18.856797]  fff00000c7852100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.856909]  fff00000c7852180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.857028] ==================================================================
[   18.781300] ==================================================================
[   18.781435] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.782169] Write of size 1 at addr fff00000c091f8ea by task kunit_try_catch/159
[   18.782305] 
[   18.782386] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.782986] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.783059] Hardware name: linux,dummy-virt (DT)
[   18.783167] Call trace:
[   18.783215]  show_stack+0x20/0x38 (C)
[   18.783753]  dump_stack_lvl+0x8c/0xd0
[   18.783958]  print_report+0x118/0x608
[   18.784062]  kasan_report+0xdc/0x128
[   18.784178]  __asan_report_store1_noabort+0x20/0x30
[   18.784287]  krealloc_less_oob_helper+0xae4/0xc50
[   18.784411]  krealloc_less_oob+0x20/0x38
[   18.784547]  kunit_try_run_case+0x170/0x3f0
[   18.784691]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.784809]  kthread+0x328/0x630
[   18.784911]  ret_from_fork+0x10/0x20
[   18.785025] 
[   18.785069] Allocated by task 159:
[   18.785134]  kasan_save_stack+0x3c/0x68
[   18.785227]  kasan_save_track+0x20/0x40
[   18.785311]  kasan_save_alloc_info+0x40/0x58
[   18.785423]  __kasan_krealloc+0x118/0x178
[   18.785508]  krealloc_noprof+0x128/0x360
[   18.785588]  krealloc_less_oob_helper+0x168/0xc50
[   18.785672]  krealloc_less_oob+0x20/0x38
[   18.785750]  kunit_try_run_case+0x170/0x3f0
[   18.785830]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.785922]  kthread+0x328/0x630
[   18.785992]  ret_from_fork+0x10/0x20
[   18.787101] 
[   18.787159] The buggy address belongs to the object at fff00000c091f800
[   18.787159]  which belongs to the cache kmalloc-256 of size 256
[   18.787582] The buggy address is located 33 bytes to the right of
[   18.787582]  allocated 201-byte region [fff00000c091f800, fff00000c091f8c9)
[   18.787744] 
[   18.787791] The buggy address belongs to the physical page:
[   18.787862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10091e
[   18.787979] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.788588] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.788896] page_type: f5(slab)
[   18.789184] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.789647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.790394] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.790553] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.790670] head: 0bfffe0000000001 ffffc1ffc3024781 00000000ffffffff 00000000ffffffff
[   18.790778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.791021] page dumped because: kasan: bad access detected
[   18.791085] 
[   18.791118] Memory state around the buggy address:
[   18.791509]  fff00000c091f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.791626]  fff00000c091f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.791723] >fff00000c091f880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.791833]                                                           ^
[   18.792002]  fff00000c091f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.792118]  fff00000c091f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.792558] ==================================================================
[   18.753870] ==================================================================
[   18.753977] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.754339] Write of size 1 at addr fff00000c091f8d0 by task kunit_try_catch/159
[   18.754588] 
[   18.754859] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.755056] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.755107] Hardware name: linux,dummy-virt (DT)
[   18.755168] Call trace:
[   18.755210]  show_stack+0x20/0x38 (C)
[   18.755469]  dump_stack_lvl+0x8c/0xd0
[   18.755697]  print_report+0x118/0x608
[   18.755878]  kasan_report+0xdc/0x128
[   18.756001]  __asan_report_store1_noabort+0x20/0x30
[   18.756108]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.756208]  krealloc_less_oob+0x20/0x38
[   18.756310]  kunit_try_run_case+0x170/0x3f0
[   18.756430]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.756546]  kthread+0x328/0x630
[   18.756640]  ret_from_fork+0x10/0x20
[   18.756742] 
[   18.756782] Allocated by task 159:
[   18.756842]  kasan_save_stack+0x3c/0x68
[   18.756927]  kasan_save_track+0x20/0x40
[   18.757006]  kasan_save_alloc_info+0x40/0x58
[   18.757095]  __kasan_krealloc+0x118/0x178
[   18.757612]  krealloc_noprof+0x128/0x360
[   18.757888]  krealloc_less_oob_helper+0x168/0xc50
[   18.758145]  krealloc_less_oob+0x20/0x38
[   18.758253]  kunit_try_run_case+0x170/0x3f0
[   18.758451]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.758585]  kthread+0x328/0x630
[   18.758663]  ret_from_fork+0x10/0x20
[   18.758887] 
[   18.758951] The buggy address belongs to the object at fff00000c091f800
[   18.758951]  which belongs to the cache kmalloc-256 of size 256
[   18.759338] The buggy address is located 7 bytes to the right of
[   18.759338]  allocated 201-byte region [fff00000c091f800, fff00000c091f8c9)
[   18.759862] 
[   18.759897] The buggy address belongs to the physical page:
[   18.759932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10091e
[   18.759989] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.760033] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.760085] page_type: f5(slab)
[   18.760124] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.760173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.760219] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.760265] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.760311] head: 0bfffe0000000001 ffffc1ffc3024781 00000000ffffffff 00000000ffffffff
[   18.760378] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.760453] page dumped because: kasan: bad access detected
[   18.760509] 
[   18.760539] Memory state around the buggy address:
[   18.760597]  fff00000c091f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.760676]  fff00000c091f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.760763] >fff00000c091f880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.760890]                                                  ^
[   18.760982]  fff00000c091f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.761092]  fff00000c091f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.761179] ==================================================================
[   18.741654] ==================================================================
[   18.742034] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.742241] Write of size 1 at addr fff00000c091f8c9 by task kunit_try_catch/159
[   18.742517] 
[   18.742649] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.743048] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.743231] Hardware name: linux,dummy-virt (DT)
[   18.743489] Call trace:
[   18.743536]  show_stack+0x20/0x38 (C)
[   18.743825]  dump_stack_lvl+0x8c/0xd0
[   18.744047]  print_report+0x118/0x608
[   18.744317]  kasan_report+0xdc/0x128
[   18.744448]  __asan_report_store1_noabort+0x20/0x30
[   18.744572]  krealloc_less_oob_helper+0xa48/0xc50
[   18.744664]  krealloc_less_oob+0x20/0x38
[   18.744895]  kunit_try_run_case+0x170/0x3f0
[   18.745243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.745402]  kthread+0x328/0x630
[   18.745500]  ret_from_fork+0x10/0x20
[   18.745814] 
[   18.745860] Allocated by task 159:
[   18.745928]  kasan_save_stack+0x3c/0x68
[   18.746184]  kasan_save_track+0x20/0x40
[   18.746263]  kasan_save_alloc_info+0x40/0x58
[   18.746427]  __kasan_krealloc+0x118/0x178
[   18.746654]  krealloc_noprof+0x128/0x360
[   18.746757]  krealloc_less_oob_helper+0x168/0xc50
[   18.746981]  krealloc_less_oob+0x20/0x38
[   18.747188]  kunit_try_run_case+0x170/0x3f0
[   18.747331]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.747605]  kthread+0x328/0x630
[   18.747688]  ret_from_fork+0x10/0x20
[   18.747819] 
[   18.747866] The buggy address belongs to the object at fff00000c091f800
[   18.747866]  which belongs to the cache kmalloc-256 of size 256
[   18.748029] The buggy address is located 0 bytes to the right of
[   18.748029]  allocated 201-byte region [fff00000c091f800, fff00000c091f8c9)
[   18.748314] 
[   18.748430] The buggy address belongs to the physical page:
[   18.748551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10091e
[   18.748698] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.748793] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.748907] page_type: f5(slab)
[   18.748989] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.749099] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.749519] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.749844] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.750054] head: 0bfffe0000000001 ffffc1ffc3024781 00000000ffffffff 00000000ffffffff
[   18.750175] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.750495] page dumped because: kasan: bad access detected
[   18.750621] 
[   18.750674] Memory state around the buggy address:
[   18.750925]  fff00000c091f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.751022]  fff00000c091f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.751128] >fff00000c091f880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.751205]                                               ^
[   18.751448]  fff00000c091f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.751676]  fff00000c091f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.751815] ==================================================================
[   18.871503] ==================================================================
[   18.871608] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.871714] Write of size 1 at addr fff00000c78520ea by task kunit_try_catch/163
[   18.871810] 
[   18.871867] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.872260] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.872342] Hardware name: linux,dummy-virt (DT)
[   18.872428] Call trace:
[   18.872484]  show_stack+0x20/0x38 (C)
[   18.872592]  dump_stack_lvl+0x8c/0xd0
[   18.872694]  print_report+0x118/0x608
[   18.872792]  kasan_report+0xdc/0x128
[   18.872921]  __asan_report_store1_noabort+0x20/0x30
[   18.873029]  krealloc_less_oob_helper+0xae4/0xc50
[   18.873158]  krealloc_large_less_oob+0x20/0x38
[   18.873261]  kunit_try_run_case+0x170/0x3f0
[   18.873365]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.873768]  kthread+0x328/0x630
[   18.873887]  ret_from_fork+0x10/0x20
[   18.874048] 
[   18.874118] The buggy address belongs to the physical page:
[   18.874194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   18.874311] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.874422] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.874555] page_type: f8(unknown)
[   18.874650] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.874767] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.874925] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.875016] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.875099] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   18.875559] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.875654] page dumped because: kasan: bad access detected
[   18.875723] 
[   18.875763] Memory state around the buggy address:
[   18.875832]  fff00000c7851f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.875927]  fff00000c7852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.876019] >fff00000c7852080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.876101]                                                           ^
[   18.876224]  fff00000c7852100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.876347]  fff00000c7852180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.876452] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9lY7pmzTyF5GZT87TbkuZzBC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9lY7pmzTyF5GZT87TbkuZzBC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/Image.gz
sha256sum	d911e61984c5ccbd01c648abc160f807c2efba8f94f7c18dc8b8d0a36d529c56

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9hogJzZK0l4np92KxK0io2I6/modules.tar.xz
sha256sum	229f6c9e52037b561fbd9dc9141868d0d6dc0d1d276f92a71b0be16dd31c079a

durations

tests

boot	0
kunit	261.61

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   13.254362] ==================================================================
[   13.254789] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   13.255328] Write of size 1 at addr ffff8881003416da by task kunit_try_catch/175
[   13.256122] 
[   13.256422] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.256574] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.256591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.256618] Call Trace:
[   13.256634]  <TASK>
[   13.256676]  dump_stack_lvl+0x73/0xb0
[   13.256715]  print_report+0xd1/0x650
[   13.256742]  ? __virt_addr_valid+0x1db/0x2d0
[   13.256771]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.256798]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.256823]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.256850]  kasan_report+0x141/0x180
[   13.256876]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.256909]  __asan_report_store1_noabort+0x1b/0x30
[   13.256932]  krealloc_less_oob_helper+0xec6/0x11d0
[   13.256962]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.256989]  ? irqentry_exit+0x2a/0x60
[   13.257015]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.257048]  ? __pfx_krealloc_less_oob+0x10/0x10
[   13.257078]  krealloc_less_oob+0x1c/0x30
[   13.257102]  kunit_try_run_case+0x1a5/0x480
[   13.257132]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.257157]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.257185]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.257211]  ? __kthread_parkme+0x82/0x180
[   13.257235]  ? preempt_count_sub+0x50/0x80
[   13.257265]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.257291]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.257317]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.257343]  kthread+0x337/0x6f0
[   13.257365]  ? trace_preempt_on+0x20/0xc0
[   13.257393]  ? __pfx_kthread+0x10/0x10
[   13.257416]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.257441]  ? calculate_sigpending+0x7b/0xa0
[   13.257469]  ? __pfx_kthread+0x10/0x10
[   13.257494]  ret_from_fork+0x116/0x1d0
[   13.257517]  ? __pfx_kthread+0x10/0x10
[   13.257541]  ret_from_fork_asm+0x1a/0x30
[   13.257578]  </TASK>
[   13.257591] 
[   13.267639] Allocated by task 175:
[   13.267818]  kasan_save_stack+0x45/0x70
[   13.267992]  kasan_save_track+0x18/0x40
[   13.268213]  kasan_save_alloc_info+0x3b/0x50
[   13.268963]  __kasan_krealloc+0x190/0x1f0
[   13.269147]  krealloc_noprof+0xf3/0x340
[   13.269380]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.269691]  krealloc_less_oob+0x1c/0x30
[   13.269987]  kunit_try_run_case+0x1a5/0x480
[   13.270242]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.270569]  kthread+0x337/0x6f0
[   13.270823]  ret_from_fork+0x116/0x1d0
[   13.271014]  ret_from_fork_asm+0x1a/0x30
[   13.271232] 
[   13.271425] The buggy address belongs to the object at ffff888100341600
[   13.271425]  which belongs to the cache kmalloc-256 of size 256
[   13.272323] The buggy address is located 17 bytes to the right of
[   13.272323]  allocated 201-byte region [ffff888100341600, ffff8881003416c9)
[   13.273055] 
[   13.273183] The buggy address belongs to the physical page:
[   13.273581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.274239] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.274600] flags: 0x200000000000040(head|node=0|zone=2)
[   13.274933] page_type: f5(slab)
[   13.275236] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.275606] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.276271] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.276749] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.277195] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.277556] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.278082] page dumped because: kasan: bad access detected
[   13.278396] 
[   13.278516] Memory state around the buggy address:
[   13.278737]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.278987]  ffff888100341600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.279374] >ffff888100341680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.279769]                                                     ^
[   13.279991]  ffff888100341700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.280561]  ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.281052] ==================================================================
[   13.415821] ==================================================================
[   13.416533] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   13.417337] Write of size 1 at addr ffff8881026f20d0 by task kunit_try_catch/179
[   13.417919] 
[   13.418323] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.418507] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.418526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.418552] Call Trace:
[   13.418569]  <TASK>
[   13.418591]  dump_stack_lvl+0x73/0xb0
[   13.418630]  print_report+0xd1/0x650
[   13.418673]  ? __virt_addr_valid+0x1db/0x2d0
[   13.418701]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.418729]  ? kasan_addr_to_slab+0x11/0xa0
[   13.418752]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.418789]  kasan_report+0x141/0x180
[   13.418824]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.418858]  __asan_report_store1_noabort+0x1b/0x30
[   13.418882]  krealloc_less_oob_helper+0xe23/0x11d0
[   13.418911]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.418940]  ? __schedule+0x207f/0x2b60
[   13.418964]  ? schedule+0x7c/0x2e0
[   13.418986]  ? trace_hardirqs_on+0x37/0xe0
[   13.419014]  ? __schedule+0x207f/0x2b60
[   13.419038]  ? __pfx_read_tsc+0x10/0x10
[   13.419066]  krealloc_large_less_oob+0x1c/0x30
[   13.419092]  kunit_try_run_case+0x1a5/0x480
[   13.419121]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.419146]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.419172]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.419198]  ? __kthread_parkme+0x82/0x180
[   13.419222]  ? preempt_count_sub+0x50/0x80
[   13.419250]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.419277]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.419303]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.419329]  kthread+0x337/0x6f0
[   13.419351]  ? trace_preempt_on+0x20/0xc0
[   13.419376]  ? __pfx_kthread+0x10/0x10
[   13.419401]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.419425]  ? calculate_sigpending+0x7b/0xa0
[   13.419453]  ? __pfx_kthread+0x10/0x10
[   13.419477]  ret_from_fork+0x116/0x1d0
[   13.419498]  ? __pfx_kthread+0x10/0x10
[   13.419522]  ret_from_fork_asm+0x1a/0x30
[   13.419559]  </TASK>
[   13.419573] 
[   13.433248] The buggy address belongs to the physical page:
[   13.433600] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0
[   13.434529] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.435052] flags: 0x200000000000040(head|node=0|zone=2)
[   13.435347] page_type: f8(unknown)
[   13.435556] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.436044] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.436821] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.437176] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.437590] head: 0200000000000002 ffffea000409bc01 00000000ffffffff 00000000ffffffff
[   13.438298] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.438697] page dumped because: kasan: bad access detected
[   13.438968] 
[   13.439126] Memory state around the buggy address:
[   13.439452]  ffff8881026f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.439980]  ffff8881026f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.440354] >ffff8881026f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.440734]                                                  ^
[   13.440993]  ffff8881026f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.441410]  ffff8881026f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.441831] ==================================================================
[   13.465869] ==================================================================
[   13.466339] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   13.466753] Write of size 1 at addr ffff8881026f20ea by task kunit_try_catch/179
[   13.467091] 
[   13.467201] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.467253] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.467267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.467293] Call Trace:
[   13.467314]  <TASK>
[   13.467335]  dump_stack_lvl+0x73/0xb0
[   13.467367]  print_report+0xd1/0x650
[   13.467393]  ? __virt_addr_valid+0x1db/0x2d0
[   13.467421]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.467505]  ? kasan_addr_to_slab+0x11/0xa0
[   13.467545]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.467573]  kasan_report+0x141/0x180
[   13.467599]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.467633]  __asan_report_store1_noabort+0x1b/0x30
[   13.467667]  krealloc_less_oob_helper+0xe90/0x11d0
[   13.467697]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.467726]  ? __schedule+0x207f/0x2b60
[   13.467750]  ? schedule+0x7c/0x2e0
[   13.467772]  ? trace_hardirqs_on+0x37/0xe0
[   13.467838]  ? __schedule+0x207f/0x2b60
[   13.467863]  ? __pfx_read_tsc+0x10/0x10
[   13.467905]  krealloc_large_less_oob+0x1c/0x30
[   13.467932]  kunit_try_run_case+0x1a5/0x480
[   13.467974]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.468001]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.468028]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.468055]  ? __kthread_parkme+0x82/0x180
[   13.468089]  ? preempt_count_sub+0x50/0x80
[   13.468118]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.468145]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.468183]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.468210]  kthread+0x337/0x6f0
[   13.468232]  ? trace_preempt_on+0x20/0xc0
[   13.468257]  ? __pfx_kthread+0x10/0x10
[   13.468281]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.468305]  ? calculate_sigpending+0x7b/0xa0
[   13.468333]  ? __pfx_kthread+0x10/0x10
[   13.468358]  ret_from_fork+0x116/0x1d0
[   13.468380]  ? __pfx_kthread+0x10/0x10
[   13.468404]  ret_from_fork_asm+0x1a/0x30
[   13.468441]  </TASK>
[   13.468454] 
[   13.478553] The buggy address belongs to the physical page:
[   13.478879] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0
[   13.479337] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.479721] flags: 0x200000000000040(head|node=0|zone=2)
[   13.479976] page_type: f8(unknown)
[   13.480207] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.480867] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.481389] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.481780] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.482323] head: 0200000000000002 ffffea000409bc01 00000000ffffffff 00000000ffffffff
[   13.482735] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.483248] page dumped because: kasan: bad access detected
[   13.483562] 
[   13.483661] Memory state around the buggy address:
[   13.483851]  ffff8881026f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.484260]  ffff8881026f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.484643] >ffff8881026f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.485029]                                                           ^
[   13.485355]  ffff8881026f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.486012]  ffff8881026f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.486482] ==================================================================
[   13.183347] ==================================================================
[   13.183941] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   13.184248] Write of size 1 at addr ffff8881003416c9 by task kunit_try_catch/175
[   13.184518] 
[   13.184627] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.185159] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.185179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.185206] Call Trace:
[   13.185221]  <TASK>
[   13.185254]  dump_stack_lvl+0x73/0xb0
[   13.185292]  print_report+0xd1/0x650
[   13.185318]  ? __virt_addr_valid+0x1db/0x2d0
[   13.185346]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.185373]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.185399]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.185427]  kasan_report+0x141/0x180
[   13.185452]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.185486]  __asan_report_store1_noabort+0x1b/0x30
[   13.185510]  krealloc_less_oob_helper+0xd70/0x11d0
[   13.185540]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.185566]  ? irqentry_exit+0x2a/0x60
[   13.185591]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.185625]  ? __pfx_krealloc_less_oob+0x10/0x10
[   13.185665]  krealloc_less_oob+0x1c/0x30
[   13.185690]  kunit_try_run_case+0x1a5/0x480
[   13.185719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.185744]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.185813]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.185839]  ? __kthread_parkme+0x82/0x180
[   13.185863]  ? preempt_count_sub+0x50/0x80
[   13.185892]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.185919]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.185945]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.185971]  kthread+0x337/0x6f0
[   13.185993]  ? trace_preempt_on+0x20/0xc0
[   13.186021]  ? __pfx_kthread+0x10/0x10
[   13.186044]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.186068]  ? calculate_sigpending+0x7b/0xa0
[   13.186096]  ? __pfx_kthread+0x10/0x10
[   13.186120]  ret_from_fork+0x116/0x1d0
[   13.186142]  ? __pfx_kthread+0x10/0x10
[   13.186166]  ret_from_fork_asm+0x1a/0x30
[   13.186202]  </TASK>
[   13.186214] 
[   13.200097] Allocated by task 175:
[   13.200331]  kasan_save_stack+0x45/0x70
[   13.200580]  kasan_save_track+0x18/0x40
[   13.200929]  kasan_save_alloc_info+0x3b/0x50
[   13.201132]  __kasan_krealloc+0x190/0x1f0
[   13.201293]  krealloc_noprof+0xf3/0x340
[   13.201511]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.201878]  krealloc_less_oob+0x1c/0x30
[   13.202147]  kunit_try_run_case+0x1a5/0x480
[   13.202412]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.202741]  kthread+0x337/0x6f0
[   13.202940]  ret_from_fork+0x116/0x1d0
[   13.203236]  ret_from_fork_asm+0x1a/0x30
[   13.203419] 
[   13.203504] The buggy address belongs to the object at ffff888100341600
[   13.203504]  which belongs to the cache kmalloc-256 of size 256
[   13.204402] The buggy address is located 0 bytes to the right of
[   13.204402]  allocated 201-byte region [ffff888100341600, ffff8881003416c9)
[   13.205515] 
[   13.206160] The buggy address belongs to the physical page:
[   13.206456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.207311] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.207679] flags: 0x200000000000040(head|node=0|zone=2)
[   13.208185] page_type: f5(slab)
[   13.208607] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.209246] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.209800] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.210458] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.211152] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.211511] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.212227] page dumped because: kasan: bad access detected
[   13.212507] 
[   13.212630] Memory state around the buggy address:
[   13.213303]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.213861]  ffff888100341600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.214240] >ffff888100341680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.214994]                                               ^
[   13.215316]  ffff888100341700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.215793]  ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.216256] ==================================================================
[   13.442496] ==================================================================
[   13.442992] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   13.443722] Write of size 1 at addr ffff8881026f20da by task kunit_try_catch/179
[   13.444148] 
[   13.444271] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.444437] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.444454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.444480] Call Trace:
[   13.444502]  <TASK>
[   13.444523]  dump_stack_lvl+0x73/0xb0
[   13.444559]  print_report+0xd1/0x650
[   13.444586]  ? __virt_addr_valid+0x1db/0x2d0
[   13.444614]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.444662]  ? kasan_addr_to_slab+0x11/0xa0
[   13.444686]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.444713]  kasan_report+0x141/0x180
[   13.444752]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   13.444854]  __asan_report_store1_noabort+0x1b/0x30
[   13.444883]  krealloc_less_oob_helper+0xec6/0x11d0
[   13.444913]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.444941]  ? __schedule+0x207f/0x2b60
[   13.444978]  ? schedule+0x7c/0x2e0
[   13.445001]  ? trace_hardirqs_on+0x37/0xe0
[   13.445043]  ? __schedule+0x207f/0x2b60
[   13.445068]  ? __pfx_read_tsc+0x10/0x10
[   13.445097]  krealloc_large_less_oob+0x1c/0x30
[   13.445125]  kunit_try_run_case+0x1a5/0x480
[   13.445154]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.445179]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.445207]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.445233]  ? __kthread_parkme+0x82/0x180
[   13.445257]  ? preempt_count_sub+0x50/0x80
[   13.445297]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.445324]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.445363]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.445389]  kthread+0x337/0x6f0
[   13.445412]  ? trace_preempt_on+0x20/0xc0
[   13.445437]  ? __pfx_kthread+0x10/0x10
[   13.445460]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.445484]  ? calculate_sigpending+0x7b/0xa0
[   13.445512]  ? __pfx_kthread+0x10/0x10
[   13.445537]  ret_from_fork+0x116/0x1d0
[   13.445558]  ? __pfx_kthread+0x10/0x10
[   13.445582]  ret_from_fork_asm+0x1a/0x30
[   13.445618]  </TASK>
[   13.445631] 
[   13.455729] The buggy address belongs to the physical page:
[   13.456106] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0
[   13.456510] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.457279] flags: 0x200000000000040(head|node=0|zone=2)
[   13.458076] page_type: f8(unknown)
[   13.458744] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.459401] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.460262] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.460550] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.460883] head: 0200000000000002 ffffea000409bc01 00000000ffffffff 00000000ffffffff
[   13.461271] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.461885] page dumped because: kasan: bad access detected
[   13.462185] 
[   13.462325] Memory state around the buggy address:
[   13.462565]  ffff8881026f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.463254]  ffff8881026f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.463661] >ffff8881026f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.464014]                                                     ^
[   13.464518]  ffff8881026f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.465036]  ffff8881026f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.465391] ==================================================================
[   13.306999] ==================================================================
[   13.307419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   13.309172] Write of size 1 at addr ffff8881003416eb by task kunit_try_catch/175
[   13.309481] 
[   13.309623] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.309694] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.309709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.309735] Call Trace:
[   13.309757]  <TASK>
[   13.309813]  dump_stack_lvl+0x73/0xb0
[   13.309852]  print_report+0xd1/0x650
[   13.309878]  ? __virt_addr_valid+0x1db/0x2d0
[   13.309905]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.309933]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.309958]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.309986]  kasan_report+0x141/0x180
[   13.310012]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.310045]  __asan_report_store1_noabort+0x1b/0x30
[   13.310069]  krealloc_less_oob_helper+0xd47/0x11d0
[   13.310100]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.310127]  ? irqentry_exit+0x2a/0x60
[   13.310152]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.310186]  ? __pfx_krealloc_less_oob+0x10/0x10
[   13.310216]  krealloc_less_oob+0x1c/0x30
[   13.310241]  kunit_try_run_case+0x1a5/0x480
[   13.310270]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.310296]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.310323]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.310349]  ? __kthread_parkme+0x82/0x180
[   13.310373]  ? preempt_count_sub+0x50/0x80
[   13.310401]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.310435]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.310461]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.310487]  kthread+0x337/0x6f0
[   13.310510]  ? trace_preempt_on+0x20/0xc0
[   13.310538]  ? __pfx_kthread+0x10/0x10
[   13.310562]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.310586]  ? calculate_sigpending+0x7b/0xa0
[   13.310614]  ? __pfx_kthread+0x10/0x10
[   13.310639]  ret_from_fork+0x116/0x1d0
[   13.310674]  ? __pfx_kthread+0x10/0x10
[   13.310698]  ret_from_fork_asm+0x1a/0x30
[   13.310735]  </TASK>
[   13.310749] 
[   13.320591] Allocated by task 175:
[   13.320791]  kasan_save_stack+0x45/0x70
[   13.321040]  kasan_save_track+0x18/0x40
[   13.321668]  kasan_save_alloc_info+0x3b/0x50
[   13.322015]  __kasan_krealloc+0x190/0x1f0
[   13.322189]  krealloc_noprof+0xf3/0x340
[   13.322388]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.322683]  krealloc_less_oob+0x1c/0x30
[   13.322942]  kunit_try_run_case+0x1a5/0x480
[   13.323149]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.323359]  kthread+0x337/0x6f0
[   13.323563]  ret_from_fork+0x116/0x1d0
[   13.323950]  ret_from_fork_asm+0x1a/0x30
[   13.324196] 
[   13.324284] The buggy address belongs to the object at ffff888100341600
[   13.324284]  which belongs to the cache kmalloc-256 of size 256
[   13.325106] The buggy address is located 34 bytes to the right of
[   13.325106]  allocated 201-byte region [ffff888100341600, ffff8881003416c9)
[   13.325638] 
[   13.325773] The buggy address belongs to the physical page:
[   13.326145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.326556] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.327113] flags: 0x200000000000040(head|node=0|zone=2)
[   13.327444] page_type: f5(slab)
[   13.327619] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.328106] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.328482] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.328905] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.329521] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.329866] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.330389] page dumped because: kasan: bad access detected
[   13.330637] 
[   13.330766] Memory state around the buggy address:
[   13.331113]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.331379]  ffff888100341600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.331725] >ffff888100341680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.332118]                                                           ^
[   13.332555]  ffff888100341700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.332831]  ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.333318] ==================================================================
[   13.281536] ==================================================================
[   13.282158] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   13.282576] Write of size 1 at addr ffff8881003416ea by task kunit_try_catch/175
[   13.283100] 
[   13.283224] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.283276] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.283290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.283315] Call Trace:
[   13.283337]  <TASK>
[   13.283360]  dump_stack_lvl+0x73/0xb0
[   13.283392]  print_report+0xd1/0x650
[   13.283417]  ? __virt_addr_valid+0x1db/0x2d0
[   13.283444]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.283471]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.283497]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.283524]  kasan_report+0x141/0x180
[   13.283550]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   13.283583]  __asan_report_store1_noabort+0x1b/0x30
[   13.283606]  krealloc_less_oob_helper+0xe90/0x11d0
[   13.283636]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.283676]  ? irqentry_exit+0x2a/0x60
[   13.283701]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.283735]  ? __pfx_krealloc_less_oob+0x10/0x10
[   13.283765]  krealloc_less_oob+0x1c/0x30
[   13.283790]  kunit_try_run_case+0x1a5/0x480
[   13.283818]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.283843]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.283870]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.283896]  ? __kthread_parkme+0x82/0x180
[   13.283920]  ? preempt_count_sub+0x50/0x80
[   13.283948]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.283975]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.284002]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.284028]  kthread+0x337/0x6f0
[   13.284051]  ? trace_preempt_on+0x20/0xc0
[   13.284078]  ? __pfx_kthread+0x10/0x10
[   13.284102]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.284126]  ? calculate_sigpending+0x7b/0xa0
[   13.284154]  ? __pfx_kthread+0x10/0x10
[   13.284178]  ret_from_fork+0x116/0x1d0
[   13.284200]  ? __pfx_kthread+0x10/0x10
[   13.284224]  ret_from_fork_asm+0x1a/0x30
[   13.284259]  </TASK>
[   13.284271] 
[   13.293476] Allocated by task 175:
[   13.293736]  kasan_save_stack+0x45/0x70
[   13.294143]  kasan_save_track+0x18/0x40
[   13.294316]  kasan_save_alloc_info+0x3b/0x50
[   13.294495]  __kasan_krealloc+0x190/0x1f0
[   13.294723]  krealloc_noprof+0xf3/0x340
[   13.295208]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.295493]  krealloc_less_oob+0x1c/0x30
[   13.295747]  kunit_try_run_case+0x1a5/0x480
[   13.296383]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.296626]  kthread+0x337/0x6f0
[   13.296835]  ret_from_fork+0x116/0x1d0
[   13.297061]  ret_from_fork_asm+0x1a/0x30
[   13.297285] 
[   13.297396] The buggy address belongs to the object at ffff888100341600
[   13.297396]  which belongs to the cache kmalloc-256 of size 256
[   13.298074] The buggy address is located 33 bytes to the right of
[   13.298074]  allocated 201-byte region [ffff888100341600, ffff8881003416c9)
[   13.298639] 
[   13.298769] The buggy address belongs to the physical page:
[   13.298971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.299253] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.299521] flags: 0x200000000000040(head|node=0|zone=2)
[   13.300191] page_type: f5(slab)
[   13.300410] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.300901] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.301179] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.301446] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.301854] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.302262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.302681] page dumped because: kasan: bad access detected
[   13.303273] 
[   13.303394] Memory state around the buggy address:
[   13.303618]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.304198]  ffff888100341600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.304543] >ffff888100341680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.304953]                                                           ^
[   13.305256]  ffff888100341700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.305608]  ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.306350] ==================================================================
[   13.384160] ==================================================================
[   13.384741] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   13.385255] Write of size 1 at addr ffff8881026f20c9 by task kunit_try_catch/179
[   13.385603] 
[   13.385764] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.385819] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.385833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.385859] Call Trace:
[   13.385874]  <TASK>
[   13.385896]  dump_stack_lvl+0x73/0xb0
[   13.385931]  print_report+0xd1/0x650
[   13.385958]  ? __virt_addr_valid+0x1db/0x2d0
[   13.385986]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.386014]  ? kasan_addr_to_slab+0x11/0xa0
[   13.386037]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.386066]  kasan_report+0x141/0x180
[   13.386092]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   13.386125]  __asan_report_store1_noabort+0x1b/0x30
[   13.386149]  krealloc_less_oob_helper+0xd70/0x11d0
[   13.386179]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.386207]  ? __schedule+0x207f/0x2b60
[   13.386232]  ? schedule+0x7c/0x2e0
[   13.386255]  ? trace_hardirqs_on+0x37/0xe0
[   13.386284]  ? __schedule+0x207f/0x2b60
[   13.386309]  ? __pfx_read_tsc+0x10/0x10
[   13.386338]  krealloc_large_less_oob+0x1c/0x30
[   13.386364]  kunit_try_run_case+0x1a5/0x480
[   13.386395]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.386425]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.386454]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.386481]  ? __kthread_parkme+0x82/0x180
[   13.386506]  ? preempt_count_sub+0x50/0x80
[   13.386535]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.386561]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.386588]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.386614]  kthread+0x337/0x6f0
[   13.386636]  ? trace_preempt_on+0x20/0xc0
[   13.386722]  ? __pfx_kthread+0x10/0x10
[   13.386748]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.386773]  ? calculate_sigpending+0x7b/0xa0
[   13.386838]  ? __pfx_kthread+0x10/0x10
[   13.386864]  ret_from_fork+0x116/0x1d0
[   13.386887]  ? __pfx_kthread+0x10/0x10
[   13.386911]  ret_from_fork_asm+0x1a/0x30
[   13.386949]  </TASK>
[   13.386962] 
[   13.401049] The buggy address belongs to the physical page:
[   13.401401] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0
[   13.401925] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.402409] flags: 0x200000000000040(head|node=0|zone=2)
[   13.405251] page_type: f8(unknown)
[   13.406208] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.407406] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.407721] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.408675] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.409182] head: 0200000000000002 ffffea000409bc01 00000000ffffffff 00000000ffffffff
[   13.409577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.410082] page dumped because: kasan: bad access detected
[   13.410359] 
[   13.410481] Memory state around the buggy address:
[   13.410794]  ffff8881026f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.411482]  ffff8881026f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.412538] >ffff8881026f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.413140]                                               ^
[   13.413558]  ffff8881026f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.414194]  ffff8881026f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.414726] ==================================================================
[   13.487059] ==================================================================
[   13.487457] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   13.487915] Write of size 1 at addr ffff8881026f20eb by task kunit_try_catch/179
[   13.488304] 
[   13.488495] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.488576] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.488591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.488627] Call Trace:
[   13.488656]  <TASK>
[   13.488676]  dump_stack_lvl+0x73/0xb0
[   13.488709]  print_report+0xd1/0x650
[   13.488735]  ? __virt_addr_valid+0x1db/0x2d0
[   13.488761]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.488824]  ? kasan_addr_to_slab+0x11/0xa0
[   13.488850]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.488877]  kasan_report+0x141/0x180
[   13.488903]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   13.488948]  __asan_report_store1_noabort+0x1b/0x30
[   13.488972]  krealloc_less_oob_helper+0xd47/0x11d0
[   13.489015]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.489043]  ? __schedule+0x207f/0x2b60
[   13.489067]  ? schedule+0x7c/0x2e0
[   13.489090]  ? trace_hardirqs_on+0x37/0xe0
[   13.489118]  ? __schedule+0x207f/0x2b60
[   13.489153]  ? __pfx_read_tsc+0x10/0x10
[   13.489182]  krealloc_large_less_oob+0x1c/0x30
[   13.489222]  kunit_try_run_case+0x1a5/0x480
[   13.489251]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.489277]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.489304]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.489330]  ? __kthread_parkme+0x82/0x180
[   13.489354]  ? preempt_count_sub+0x50/0x80
[   13.489382]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.489409]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.489436]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.489464]  kthread+0x337/0x6f0
[   13.489488]  ? trace_preempt_on+0x20/0xc0
[   13.489523]  ? __pfx_kthread+0x10/0x10
[   13.489547]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.489570]  ? calculate_sigpending+0x7b/0xa0
[   13.489610]  ? __pfx_kthread+0x10/0x10
[   13.489635]  ret_from_fork+0x116/0x1d0
[   13.489665]  ? __pfx_kthread+0x10/0x10
[   13.489688]  ret_from_fork_asm+0x1a/0x30
[   13.489724]  </TASK>
[   13.489738] 
[   13.500153] The buggy address belongs to the physical page:
[   13.500416] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0
[   13.500741] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.501147] flags: 0x200000000000040(head|node=0|zone=2)
[   13.501457] page_type: f8(unknown)
[   13.502106] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.502536] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.502832] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   13.503133] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   13.503779] head: 0200000000000002 ffffea000409bc01 00000000ffffffff 00000000ffffffff
[   13.504216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   13.504598] page dumped because: kasan: bad access detected
[   13.505031] 
[   13.505148] Memory state around the buggy address:
[   13.505477]  ffff8881026f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.506121]  ffff8881026f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.506519] >ffff8881026f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   13.507002]                                                           ^
[   13.507358]  ffff8881026f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.507760]  ffff8881026f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   13.508069] ==================================================================
[   13.217036] ==================================================================
[   13.217383] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   13.218334] Write of size 1 at addr ffff8881003416d0 by task kunit_try_catch/175
[   13.219173] 
[   13.219368] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   13.219426] Tainted: [B]=BAD_PAGE, [N]=TEST
[   13.219465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   13.219490] Call Trace:
[   13.219513]  <TASK>
[   13.219555]  dump_stack_lvl+0x73/0xb0
[   13.219592]  print_report+0xd1/0x650
[   13.219617]  ? __virt_addr_valid+0x1db/0x2d0
[   13.219645]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.219688]  ? kasan_complete_mode_report_info+0x2a/0x200
[   13.219714]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.219741]  kasan_report+0x141/0x180
[   13.219767]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   13.219813]  __asan_report_store1_noabort+0x1b/0x30
[   13.219837]  krealloc_less_oob_helper+0xe23/0x11d0
[   13.219867]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   13.219894]  ? irqentry_exit+0x2a/0x60
[   13.219919]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   13.219953]  ? __pfx_krealloc_less_oob+0x10/0x10
[   13.219983]  krealloc_less_oob+0x1c/0x30
[   13.220008]  kunit_try_run_case+0x1a5/0x480
[   13.220036]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.220062]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   13.220089]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   13.220116]  ? __kthread_parkme+0x82/0x180
[   13.220140]  ? preempt_count_sub+0x50/0x80
[   13.220168]  ? __pfx_kunit_try_run_case+0x10/0x10
[   13.220195]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.220221]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   13.220248]  kthread+0x337/0x6f0
[   13.220273]  ? trace_preempt_on+0x20/0xc0
[   13.220300]  ? __pfx_kthread+0x10/0x10
[   13.220325]  ? _raw_spin_unlock_irq+0x47/0x80
[   13.220349]  ? calculate_sigpending+0x7b/0xa0
[   13.220377]  ? __pfx_kthread+0x10/0x10
[   13.220401]  ret_from_fork+0x116/0x1d0
[   13.220424]  ? __pfx_kthread+0x10/0x10
[   13.220448]  ret_from_fork_asm+0x1a/0x30
[   13.220484]  </TASK>
[   13.220497] 
[   13.232667] Allocated by task 175:
[   13.233628]  kasan_save_stack+0x45/0x70
[   13.233891]  kasan_save_track+0x18/0x40
[   13.234061]  kasan_save_alloc_info+0x3b/0x50
[   13.234520]  __kasan_krealloc+0x190/0x1f0
[   13.234761]  krealloc_noprof+0xf3/0x340
[   13.234975]  krealloc_less_oob_helper+0x1aa/0x11d0
[   13.235242]  krealloc_less_oob+0x1c/0x30
[   13.235463]  kunit_try_run_case+0x1a5/0x480
[   13.236420]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   13.237147]  kthread+0x337/0x6f0
[   13.237526]  ret_from_fork+0x116/0x1d0
[   13.238127]  ret_from_fork_asm+0x1a/0x30
[   13.238365] 
[   13.238482] The buggy address belongs to the object at ffff888100341600
[   13.238482]  which belongs to the cache kmalloc-256 of size 256
[   13.239591] The buggy address is located 7 bytes to the right of
[   13.239591]  allocated 201-byte region [ffff888100341600, ffff8881003416c9)
[   13.241386] 
[   13.241702] The buggy address belongs to the physical page:
[   13.242441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340
[   13.243135] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   13.243532] flags: 0x200000000000040(head|node=0|zone=2)
[   13.244218] page_type: f5(slab)
[   13.244424] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.245039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.245431] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   13.246066] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   13.246470] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff
[   13.246833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   13.247507] page dumped because: kasan: bad access detected
[   13.248027] 
[   13.248123] Memory state around the buggy address:
[   13.248418]  ffff888100341580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.249675]  ffff888100341600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.250221] >ffff888100341680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   13.250573]                                                  ^
[   13.251177]  ffff888100341700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.251714]  ffff888100341780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   13.252223] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zS9g9ybN1UbXPQnJisKcpL9TTV

job_id

TEST:linaro@lkft#2zS9mkQQgPe0x67T169Rj4E3EKb

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zS9mkQQgPe0x67T169Rj4E3EKb

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/bzImage
sha256sum	e6462f167ba39a4560973d29e3ca2b81ea2e7cac79fe6da863e3a5afb12c21c7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zS9jSOTND7crL7YLA83v1rCNWe/modules.tar.xz
sha256sum	f0ef2394c8d178534891fc564988b24b7b350755baf7b1a12ef32113ab0e4297

durations

tests

boot	0
kunit	252.82

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit