lkft/linux-mainline-master - v6.16-rc4-324-g1f988d0788f5 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 6, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   17.953785] ==================================================================
[   17.953839] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.953886] Write of size 1 at addr fff00000c78420c9 by task kunit_try_catch/162
[   17.953933] 
[   17.953989] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.954066] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.954091] Hardware name: linux,dummy-virt (DT)
[   17.954126] Call trace:
[   17.954147]  show_stack+0x20/0x38 (C)
[   17.954487]  dump_stack_lvl+0x8c/0xd0
[   17.955042]  print_report+0x118/0x608
[   17.955155]  kasan_report+0xdc/0x128
[   17.955369]  __asan_report_store1_noabort+0x20/0x30
[   17.955515]  krealloc_less_oob_helper+0xa48/0xc50
[   17.955648]  krealloc_large_less_oob+0x20/0x38
[   17.955804]  kunit_try_run_case+0x170/0x3f0
[   17.955868]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.956039]  kthread+0x328/0x630
[   17.956085]  ret_from_fork+0x10/0x20
[   17.956327] 
[   17.956445] The buggy address belongs to the physical page:
[   17.956498] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   17.956801] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.956904] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.957099] page_type: f8(unknown)
[   17.957329] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.957392] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.957669] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.957794] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.957912] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   17.958088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.958239] page dumped because: kasan: bad access detected
[   17.958359] 
[   17.958500] Memory state around the buggy address:
[   17.958560]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.958608]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.958870] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.958987]                                               ^
[   17.959078]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.959238]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.959325] ==================================================================
[   17.966154] ==================================================================
[   17.966207] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.966254] Write of size 1 at addr fff00000c78420da by task kunit_try_catch/162
[   17.966301] 
[   17.966589] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.966758] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.966868] Hardware name: linux,dummy-virt (DT)
[   17.966917] Call trace:
[   17.966966]  show_stack+0x20/0x38 (C)
[   17.967033]  dump_stack_lvl+0x8c/0xd0
[   17.967166]  print_report+0x118/0x608
[   17.967242]  kasan_report+0xdc/0x128
[   17.967287]  __asan_report_store1_noabort+0x20/0x30
[   17.967333]  krealloc_less_oob_helper+0xa80/0xc50
[   17.967380]  krealloc_large_less_oob+0x20/0x38
[   17.967484]  kunit_try_run_case+0x170/0x3f0
[   17.967531]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.967582]  kthread+0x328/0x630
[   17.967622]  ret_from_fork+0x10/0x20
[   17.967667] 
[   17.967686] The buggy address belongs to the physical page:
[   17.967715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   17.967767] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.967811] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.967868] page_type: f8(unknown)
[   17.967905] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.967961] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.968017] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.968063] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.968110] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   17.968156] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.968203] page dumped because: kasan: bad access detected
[   17.968634] 
[   17.968657] Memory state around the buggy address:
[   17.968688]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.968730]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.968966] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.969113]                                                     ^
[   17.969160]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.969279]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.969322] ==================================================================
[   17.928597] ==================================================================
[   17.928724] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.928962] Write of size 1 at addr fff00000c0b97ceb by task kunit_try_catch/158
[   17.929010] 
[   17.929575] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.929676] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.929702] Hardware name: linux,dummy-virt (DT)
[   17.929792] Call trace:
[   17.929814]  show_stack+0x20/0x38 (C)
[   17.929863]  dump_stack_lvl+0x8c/0xd0
[   17.929908]  print_report+0x118/0x608
[   17.929960]  kasan_report+0xdc/0x128
[   17.930004]  __asan_report_store1_noabort+0x20/0x30
[   17.930051]  krealloc_less_oob_helper+0xa58/0xc50
[   17.930101]  krealloc_less_oob+0x20/0x38
[   17.930146]  kunit_try_run_case+0x170/0x3f0
[   17.930200]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.930376]  kthread+0x328/0x630
[   17.930602]  ret_from_fork+0x10/0x20
[   17.930821] 
[   17.930841] Allocated by task 158:
[   17.930868]  kasan_save_stack+0x3c/0x68
[   17.930908]  kasan_save_track+0x20/0x40
[   17.930964]  kasan_save_alloc_info+0x40/0x58
[   17.931012]  __kasan_krealloc+0x118/0x178
[   17.931049]  krealloc_noprof+0x128/0x360
[   17.931084]  krealloc_less_oob_helper+0x168/0xc50
[   17.931122]  krealloc_less_oob+0x20/0x38
[   17.931159]  kunit_try_run_case+0x170/0x3f0
[   17.931206]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.931247]  kthread+0x328/0x630
[   17.931279]  ret_from_fork+0x10/0x20
[   17.931314] 
[   17.931332] The buggy address belongs to the object at fff00000c0b97c00
[   17.931332]  which belongs to the cache kmalloc-256 of size 256
[   17.931386] The buggy address is located 34 bytes to the right of
[   17.931386]  allocated 201-byte region [fff00000c0b97c00, fff00000c0b97cc9)
[   17.931447] 
[   17.931476] The buggy address belongs to the physical page:
[   17.931505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   17.931578] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.931638] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.931695] page_type: f5(slab)
[   17.931732] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.931785] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.931842] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.931898] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.931944] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   17.931990] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.932028] page dumped because: kasan: bad access detected
[   17.932066] 
[   17.932084] Memory state around the buggy address:
[   17.932113]  fff00000c0b97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.932154]  fff00000c0b97c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.932212] >fff00000c0b97c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.933024]                                                           ^
[   17.933104]  fff00000c0b97d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.933155]  fff00000c0b97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.933271] ==================================================================
[   17.960529] ==================================================================
[   17.960595] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.960696] Write of size 1 at addr fff00000c78420d0 by task kunit_try_catch/162
[   17.960773] 
[   17.960821] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.960905] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.960930] Hardware name: linux,dummy-virt (DT)
[   17.961143] Call trace:
[   17.961283]  show_stack+0x20/0x38 (C)
[   17.961338]  dump_stack_lvl+0x8c/0xd0
[   17.961401]  print_report+0x118/0x608
[   17.961447]  kasan_report+0xdc/0x128
[   17.961612]  __asan_report_store1_noabort+0x20/0x30
[   17.961696]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.961744]  krealloc_large_less_oob+0x20/0x38
[   17.961818]  kunit_try_run_case+0x170/0x3f0
[   17.961987]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.962159]  kthread+0x328/0x630
[   17.962239]  ret_from_fork+0x10/0x20
[   17.962426] 
[   17.962516] The buggy address belongs to the physical page:
[   17.962729] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   17.962786] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.962839] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.962888] page_type: f8(unknown)
[   17.962992] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.963113] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.963289] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.963376] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.963490] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   17.963588] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.963702] page dumped because: kasan: bad access detected
[   17.963790] 
[   17.963833] Memory state around the buggy address:
[   17.963864]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.964079]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.964136] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.964203]                                                  ^
[   17.964271]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.964424]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.964560] ==================================================================
[   17.969391] ==================================================================
[   17.969432] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.969702] Write of size 1 at addr fff00000c78420ea by task kunit_try_catch/162
[   17.969791] 
[   17.969873] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.970007] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.970135] Hardware name: linux,dummy-virt (DT)
[   17.970301] Call trace:
[   17.970433]  show_stack+0x20/0x38 (C)
[   17.970521]  dump_stack_lvl+0x8c/0xd0
[   17.970701]  print_report+0x118/0x608
[   17.970748]  kasan_report+0xdc/0x128
[   17.970793]  __asan_report_store1_noabort+0x20/0x30
[   17.970898]  krealloc_less_oob_helper+0xae4/0xc50
[   17.971069]  krealloc_large_less_oob+0x20/0x38
[   17.971244]  kunit_try_run_case+0x170/0x3f0
[   17.971332]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.971427]  kthread+0x328/0x630
[   17.971604]  ret_from_fork+0x10/0x20
[   17.971757] 
[   17.971777] The buggy address belongs to the physical page:
[   17.971807] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   17.972133] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.972267] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.972424] page_type: f8(unknown)
[   17.972553] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.972642] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.972843] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.972908] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.973282] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   17.973377] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.973488] page dumped because: kasan: bad access detected
[   17.973519] 
[   17.973537] Memory state around the buggy address:
[   17.973567]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.973608]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.973648] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.973683]                                                           ^
[   17.973722]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.973763]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.973798] ==================================================================
[   17.974819] ==================================================================
[   17.974885] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   17.975134] Write of size 1 at addr fff00000c78420eb by task kunit_try_catch/162
[   17.975222] 
[   17.975349] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.975565] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.975611] Hardware name: linux,dummy-virt (DT)
[   17.975670] Call trace:
[   17.975709]  show_stack+0x20/0x38 (C)
[   17.975815]  dump_stack_lvl+0x8c/0xd0
[   17.975862]  print_report+0x118/0x608
[   17.975907]  kasan_report+0xdc/0x128
[   17.975950]  __asan_report_store1_noabort+0x20/0x30
[   17.976002]  krealloc_less_oob_helper+0xa58/0xc50
[   17.976334]  krealloc_large_less_oob+0x20/0x38
[   17.976467]  kunit_try_run_case+0x170/0x3f0
[   17.976517]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.976568]  kthread+0x328/0x630
[   17.976609]  ret_from_fork+0x10/0x20
[   17.976666] 
[   17.976686] The buggy address belongs to the physical page:
[   17.976715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107840
[   17.976765] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.976810] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.976864] page_type: f8(unknown)
[   17.976902] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.976960] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.977009] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   17.977055] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.977110] head: 0bfffe0000000002 ffffc1ffc31e1001 00000000ffffffff 00000000ffffffff
[   17.977167] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.977215] page dumped because: kasan: bad access detected
[   17.977249] 
[   17.977267] Memory state around the buggy address:
[   17.977305]  fff00000c7841f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.977347]  fff00000c7842000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.977395] >fff00000c7842080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.977432]                                                           ^
[   17.977468]  fff00000c7842100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.977826]  fff00000c7842180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.977907] ==================================================================
[   17.915402] ==================================================================
[   17.915479] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   17.915545] Write of size 1 at addr fff00000c0b97cda by task kunit_try_catch/158
[   17.915643] 
[   17.915713] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.915792] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.915818] Hardware name: linux,dummy-virt (DT)
[   17.916022] Call trace:
[   17.916068]  show_stack+0x20/0x38 (C)
[   17.916176]  dump_stack_lvl+0x8c/0xd0
[   17.916243]  print_report+0x118/0x608
[   17.916382]  kasan_report+0xdc/0x128
[   17.916474]  __asan_report_store1_noabort+0x20/0x30
[   17.916560]  krealloc_less_oob_helper+0xa80/0xc50
[   17.916616]  krealloc_less_oob+0x20/0x38
[   17.916963]  kunit_try_run_case+0x170/0x3f0
[   17.917048]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.917102]  kthread+0x328/0x630
[   17.917154]  ret_from_fork+0x10/0x20
[   17.917365] 
[   17.917514] Allocated by task 158:
[   17.917594]  kasan_save_stack+0x3c/0x68
[   17.917770]  kasan_save_track+0x20/0x40
[   17.917819]  kasan_save_alloc_info+0x40/0x58
[   17.917867]  __kasan_krealloc+0x118/0x178
[   17.917911]  krealloc_noprof+0x128/0x360
[   17.918185]  krealloc_less_oob_helper+0x168/0xc50
[   17.918376]  krealloc_less_oob+0x20/0x38
[   17.918599]  kunit_try_run_case+0x170/0x3f0
[   17.918742]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.918866]  kthread+0x328/0x630
[   17.919018]  ret_from_fork+0x10/0x20
[   17.919063] 
[   17.919144] The buggy address belongs to the object at fff00000c0b97c00
[   17.919144]  which belongs to the cache kmalloc-256 of size 256
[   17.919323] The buggy address is located 17 bytes to the right of
[   17.919323]  allocated 201-byte region [fff00000c0b97c00, fff00000c0b97cc9)
[   17.919414] 
[   17.919434] The buggy address belongs to the physical page:
[   17.919472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   17.919539] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.919583] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.919633] page_type: f5(slab)
[   17.919687] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.919745] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.919803] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.919849] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.919896] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   17.919942] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.919979] page dumped because: kasan: bad access detected
[   17.920023] 
[   17.920042] Memory state around the buggy address:
[   17.920072]  fff00000c0b97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.920112]  fff00000c0b97c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.920160] >fff00000c0b97c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.920223]                                                     ^
[   17.920274]  fff00000c0b97d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.920334]  fff00000c0b97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.920379] ==================================================================
[   17.907217] ==================================================================
[   17.907489] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   17.907535] Write of size 1 at addr fff00000c0b97cd0 by task kunit_try_catch/158
[   17.907840] 
[   17.907873] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.908416] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.908456] Hardware name: linux,dummy-virt (DT)
[   17.908488] Call trace:
[   17.908508]  show_stack+0x20/0x38 (C)
[   17.908557]  dump_stack_lvl+0x8c/0xd0
[   17.908624]  print_report+0x118/0x608
[   17.908681]  kasan_report+0xdc/0x128
[   17.908727]  __asan_report_store1_noabort+0x20/0x30
[   17.908773]  krealloc_less_oob_helper+0xb9c/0xc50
[   17.908819]  krealloc_less_oob+0x20/0x38
[   17.908862]  kunit_try_run_case+0x170/0x3f0
[   17.908907]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.909036]  kthread+0x328/0x630
[   17.909081]  ret_from_fork+0x10/0x20
[   17.909127] 
[   17.909145] Allocated by task 158:
[   17.909172]  kasan_save_stack+0x3c/0x68
[   17.909436]  kasan_save_track+0x20/0x40
[   17.909588]  kasan_save_alloc_info+0x40/0x58
[   17.909907]  __kasan_krealloc+0x118/0x178
[   17.909955]  krealloc_noprof+0x128/0x360
[   17.910102]  krealloc_less_oob_helper+0x168/0xc50
[   17.910257]  krealloc_less_oob+0x20/0x38
[   17.910365]  kunit_try_run_case+0x170/0x3f0
[   17.910441]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.910547]  kthread+0x328/0x630
[   17.910869]  ret_from_fork+0x10/0x20
[   17.910977] 
[   17.911097] The buggy address belongs to the object at fff00000c0b97c00
[   17.911097]  which belongs to the cache kmalloc-256 of size 256
[   17.911156] The buggy address is located 7 bytes to the right of
[   17.911156]  allocated 201-byte region [fff00000c0b97c00, fff00000c0b97cc9)
[   17.911530] 
[   17.911578] The buggy address belongs to the physical page:
[   17.911616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   17.911702] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.911748] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.912113] page_type: f5(slab)
[   17.912322] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.912394] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.912464] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.912712] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.912837] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   17.913099] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.913228] page dumped because: kasan: bad access detected
[   17.913288] 
[   17.913352] Memory state around the buggy address:
[   17.913501]  fff00000c0b97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.913715]  fff00000c0b97c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.914078] >fff00000c0b97c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.914160]                                                  ^
[   17.914311]  fff00000c0b97d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.914377]  fff00000c0b97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.914515] ==================================================================
[   17.902713] ==================================================================
[   17.902773] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   17.902824] Write of size 1 at addr fff00000c0b97cc9 by task kunit_try_catch/158
[   17.902872] 
[   17.902903] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.902979] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.903004] Hardware name: linux,dummy-virt (DT)
[   17.903033] Call trace:
[   17.903054]  show_stack+0x20/0x38 (C)
[   17.903129]  dump_stack_lvl+0x8c/0xd0
[   17.903175]  print_report+0x118/0x608
[   17.903240]  kasan_report+0xdc/0x128
[   17.903284]  __asan_report_store1_noabort+0x20/0x30
[   17.903330]  krealloc_less_oob_helper+0xa48/0xc50
[   17.903386]  krealloc_less_oob+0x20/0x38
[   17.903430]  kunit_try_run_case+0x170/0x3f0
[   17.903484]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.903535]  kthread+0x328/0x630
[   17.903576]  ret_from_fork+0x10/0x20
[   17.903631] 
[   17.903649] Allocated by task 158:
[   17.903682]  kasan_save_stack+0x3c/0x68
[   17.903721]  kasan_save_track+0x20/0x40
[   17.903757]  kasan_save_alloc_info+0x40/0x58
[   17.903801]  __kasan_krealloc+0x118/0x178
[   17.903838]  krealloc_noprof+0x128/0x360
[   17.903873]  krealloc_less_oob_helper+0x168/0xc50
[   17.903917]  krealloc_less_oob+0x20/0x38
[   17.903952]  kunit_try_run_case+0x170/0x3f0
[   17.903995]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.904036]  kthread+0x328/0x630
[   17.904067]  ret_from_fork+0x10/0x20
[   17.904102] 
[   17.904120] The buggy address belongs to the object at fff00000c0b97c00
[   17.904120]  which belongs to the cache kmalloc-256 of size 256
[   17.904173] The buggy address is located 0 bytes to the right of
[   17.904173]  allocated 201-byte region [fff00000c0b97c00, fff00000c0b97cc9)
[   17.904518] 
[   17.904546] The buggy address belongs to the physical page:
[   17.904610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   17.904669] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.904714] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.904810] page_type: f5(slab)
[   17.905137] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.905205] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.905254] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.905336] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.905586] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   17.905676] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.905805] page dumped because: kasan: bad access detected
[   17.905837] 
[   17.905855] Memory state around the buggy address:
[   17.905958]  fff00000c0b97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.906098]  fff00000c0b97c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.906157] >fff00000c0b97c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.906405]                                               ^
[   17.906453]  fff00000c0b97d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.906495]  fff00000c0b97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.906532] ==================================================================
[   17.920959] ==================================================================
[   17.921023] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   17.921081] Write of size 1 at addr fff00000c0b97cea by task kunit_try_catch/158
[   17.921179] 
[   17.921266] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   17.921346] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.921407] Hardware name: linux,dummy-virt (DT)
[   17.921540] Call trace:
[   17.921898]  show_stack+0x20/0x38 (C)
[   17.921952]  dump_stack_lvl+0x8c/0xd0
[   17.921997]  print_report+0x118/0x608
[   17.922159]  kasan_report+0xdc/0x128
[   17.922342]  __asan_report_store1_noabort+0x20/0x30
[   17.922458]  krealloc_less_oob_helper+0xae4/0xc50
[   17.922631]  krealloc_less_oob+0x20/0x38
[   17.922725]  kunit_try_run_case+0x170/0x3f0
[   17.922938]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.923000]  kthread+0x328/0x630
[   17.923040]  ret_from_fork+0x10/0x20
[   17.923114] 
[   17.923132] Allocated by task 158:
[   17.923159]  kasan_save_stack+0x3c/0x68
[   17.923424]  kasan_save_track+0x20/0x40
[   17.923572]  kasan_save_alloc_info+0x40/0x58
[   17.923669]  __kasan_krealloc+0x118/0x178
[   17.923859]  krealloc_noprof+0x128/0x360
[   17.923927]  krealloc_less_oob_helper+0x168/0xc50
[   17.924216]  krealloc_less_oob+0x20/0x38
[   17.924377]  kunit_try_run_case+0x170/0x3f0
[   17.924581]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.924678]  kthread+0x328/0x630
[   17.924811]  ret_from_fork+0x10/0x20
[   17.924868] 
[   17.924929] The buggy address belongs to the object at fff00000c0b97c00
[   17.924929]  which belongs to the cache kmalloc-256 of size 256
[   17.925188] The buggy address is located 33 bytes to the right of
[   17.925188]  allocated 201-byte region [fff00000c0b97c00, fff00000c0b97cc9)
[   17.925457] 
[   17.925515] The buggy address belongs to the physical page:
[   17.925696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b96
[   17.925867] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.925945] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.926016] page_type: f5(slab)
[   17.926053] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.926317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.926485] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   17.926561] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.926707] head: 0bfffe0000000001 ffffc1ffc302e581 00000000ffffffff 00000000ffffffff
[   17.926820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.926940] page dumped because: kasan: bad access detected
[   17.927020] 
[   17.927083] Memory state around the buggy address:
[   17.927202]  fff00000c0b97b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.927247]  fff00000c0b97c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.927320] >fff00000c0b97c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.927530]                                                           ^
[   17.927745]  fff00000c0b97d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.927838]  fff00000c0b97d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.928000] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zUyns4bBvJgsOeHTwSzB14BtXy

job_id

TEST:linaro@lkft#2zUyssrHyt2jcP8yPQqYdfR4u49

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zUyssrHyt2jcP8yPQqYdfR4u49

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUypMiNO3jFX9e8gXLicpOScyJ/Image.gz
sha256sum	20138ff04fbdb8b45f1eeb9004b1d0cf48a53b032c3e8f76779495b2c7e2954a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUypMiNO3jFX9e8gXLicpOScyJ/modules.tar.xz
sha256sum	ae84c0452ffc57473194b7ff1a0410047a3c87f102f4efa2c73a07bec335e1f4

durations

tests

boot	0
kunit	172.71

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.325843] ==================================================================
[   11.326509] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.327146] Write of size 1 at addr ffff8881003502ea by task kunit_try_catch/175
[   11.327741] 
[   11.327991] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.328034] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.328046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.328066] Call Trace:
[   11.328084]  <TASK>
[   11.328102]  dump_stack_lvl+0x73/0xb0
[   11.328130]  print_report+0xd1/0x650
[   11.328153]  ? __virt_addr_valid+0x1db/0x2d0
[   11.328175]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.328197]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.328218]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.328241]  kasan_report+0x141/0x180
[   11.328263]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.328302]  __asan_report_store1_noabort+0x1b/0x30
[   11.328322]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.328347]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.328381]  ? finish_task_switch.isra.0+0x153/0x700
[   11.328403]  ? __switch_to+0x47/0xf50
[   11.328428]  ? __schedule+0x10cc/0x2b60
[   11.328449]  ? __pfx_read_tsc+0x10/0x10
[   11.328479]  krealloc_less_oob+0x1c/0x30
[   11.328500]  kunit_try_run_case+0x1a5/0x480
[   11.328523]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.328545]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.328567]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.328589]  ? __kthread_parkme+0x82/0x180
[   11.328609]  ? preempt_count_sub+0x50/0x80
[   11.328631]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.328654]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.328676]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.328698]  kthread+0x337/0x6f0
[   11.328717]  ? trace_preempt_on+0x20/0xc0
[   11.328740]  ? __pfx_kthread+0x10/0x10
[   11.328760]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.328780]  ? calculate_sigpending+0x7b/0xa0
[   11.328803]  ? __pfx_kthread+0x10/0x10
[   11.328824]  ret_from_fork+0x116/0x1d0
[   11.328841]  ? __pfx_kthread+0x10/0x10
[   11.328861]  ret_from_fork_asm+0x1a/0x30
[   11.328890]  </TASK>
[   11.328901] 
[   11.343122] Allocated by task 175:
[   11.343370]  kasan_save_stack+0x45/0x70
[   11.343810]  kasan_save_track+0x18/0x40
[   11.344012]  kasan_save_alloc_info+0x3b/0x50
[   11.344232]  __kasan_krealloc+0x190/0x1f0
[   11.344640]  krealloc_noprof+0xf3/0x340
[   11.345105]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.345588]  krealloc_less_oob+0x1c/0x30
[   11.346029]  kunit_try_run_case+0x1a5/0x480
[   11.346193]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.346368]  kthread+0x337/0x6f0
[   11.346694]  ret_from_fork+0x116/0x1d0
[   11.346833]  ret_from_fork_asm+0x1a/0x30
[   11.347018] 
[   11.347210] The buggy address belongs to the object at ffff888100350200
[   11.347210]  which belongs to the cache kmalloc-256 of size 256
[   11.348400] The buggy address is located 33 bytes to the right of
[   11.348400]  allocated 201-byte region [ffff888100350200, ffff8881003502c9)
[   11.349646] 
[   11.349721] The buggy address belongs to the physical page:
[   11.349907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.350546] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.350968] flags: 0x200000000000040(head|node=0|zone=2)
[   11.351354] page_type: f5(slab)
[   11.351662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.352502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.353234] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.353803] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.354399] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.354667] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.355354] page dumped because: kasan: bad access detected
[   11.355758] 
[   11.355835] Memory state around the buggy address:
[   11.356079]  ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.356788]  ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.357402] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.358147]                                                           ^
[   11.358606]  ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.359186]  ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.359978] ==================================================================
[   11.448829] ==================================================================
[   11.449370] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.449706] Write of size 1 at addr ffff888102b720c9 by task kunit_try_catch/179
[   11.450015] 
[   11.450123] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.450167] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.450179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.450200] Call Trace:
[   11.450213]  <TASK>
[   11.450230]  dump_stack_lvl+0x73/0xb0
[   11.450258]  print_report+0xd1/0x650
[   11.450280]  ? __virt_addr_valid+0x1db/0x2d0
[   11.450302]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.450325]  ? kasan_addr_to_slab+0x11/0xa0
[   11.450344]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.450368]  kasan_report+0x141/0x180
[   11.450389]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.450416]  __asan_report_store1_noabort+0x1b/0x30
[   11.450436]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.450460]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.450483]  ? finish_task_switch.isra.0+0x153/0x700
[   11.450505]  ? __switch_to+0x47/0xf50
[   11.450529]  ? __schedule+0x10cc/0x2b60
[   11.450551]  ? __pfx_read_tsc+0x10/0x10
[   11.450573]  krealloc_large_less_oob+0x1c/0x30
[   11.450595]  kunit_try_run_case+0x1a5/0x480
[   11.450620]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.450641]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.450663]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.450684]  ? __kthread_parkme+0x82/0x180
[   11.450705]  ? preempt_count_sub+0x50/0x80
[   11.450726]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.450748]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.450770]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.450791]  kthread+0x337/0x6f0
[   11.450811]  ? trace_preempt_on+0x20/0xc0
[   11.450833]  ? __pfx_kthread+0x10/0x10
[   11.450853]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.450873]  ? calculate_sigpending+0x7b/0xa0
[   11.450897]  ? __pfx_kthread+0x10/0x10
[   11.450917]  ret_from_fork+0x116/0x1d0
[   11.450966]  ? __pfx_kthread+0x10/0x10
[   11.450986]  ret_from_fork_asm+0x1a/0x30
[   11.451016]  </TASK>
[   11.451027] 
[   11.462924] The buggy address belongs to the physical page:
[   11.463228] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70
[   11.463732] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.464236] flags: 0x200000000000040(head|node=0|zone=2)
[   11.464621] page_type: f8(unknown)
[   11.464793] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.465336] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.465808] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.466300] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.466547] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff
[   11.466780] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.467025] page dumped because: kasan: bad access detected
[   11.467252] 
[   11.467349] Memory state around the buggy address:
[   11.467596]  ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.467871]  ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.468193] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.468455]                                               ^
[   11.468707]  ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.468999]  ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.469328] ==================================================================
[   11.513518] ==================================================================
[   11.513868] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.514643] Write of size 1 at addr ffff888102b720ea by task kunit_try_catch/179
[   11.514915] 
[   11.515040] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.515092] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.515108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.515127] Call Trace:
[   11.515154]  <TASK>
[   11.515170]  dump_stack_lvl+0x73/0xb0
[   11.515207]  print_report+0xd1/0x650
[   11.515228]  ? __virt_addr_valid+0x1db/0x2d0
[   11.515249]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.515282]  ? kasan_addr_to_slab+0x11/0xa0
[   11.515302]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.515325]  kasan_report+0x141/0x180
[   11.515347]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.515374]  __asan_report_store1_noabort+0x1b/0x30
[   11.515394]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.515420]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.515443]  ? finish_task_switch.isra.0+0x153/0x700
[   11.515464]  ? __switch_to+0x47/0xf50
[   11.515498]  ? __schedule+0x10cc/0x2b60
[   11.515520]  ? __pfx_read_tsc+0x10/0x10
[   11.515544]  krealloc_large_less_oob+0x1c/0x30
[   11.515577]  kunit_try_run_case+0x1a5/0x480
[   11.515600]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.515623]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.515655]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.515677]  ? __kthread_parkme+0x82/0x180
[   11.515697]  ? preempt_count_sub+0x50/0x80
[   11.515719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.515752]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.515774]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.515796]  kthread+0x337/0x6f0
[   11.515824]  ? trace_preempt_on+0x20/0xc0
[   11.515846]  ? __pfx_kthread+0x10/0x10
[   11.515866]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.515896]  ? calculate_sigpending+0x7b/0xa0
[   11.515920]  ? __pfx_kthread+0x10/0x10
[   11.515948]  ret_from_fork+0x116/0x1d0
[   11.515966]  ? __pfx_kthread+0x10/0x10
[   11.515986]  ret_from_fork_asm+0x1a/0x30
[   11.516016]  </TASK>
[   11.516027] 
[   11.523913] The buggy address belongs to the physical page:
[   11.524212] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70
[   11.524623] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.524923] flags: 0x200000000000040(head|node=0|zone=2)
[   11.525250] page_type: f8(unknown)
[   11.525392] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.525745] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.526019] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.526451] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.526806] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff
[   11.527244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.527594] page dumped because: kasan: bad access detected
[   11.527836] 
[   11.527944] Memory state around the buggy address:
[   11.528199]  ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.528500]  ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.528793] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.529142]                                                           ^
[   11.529408]  ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.529646]  ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.529856] ==================================================================
[   11.360642] ==================================================================
[   11.360883] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.361600] Write of size 1 at addr ffff8881003502eb by task kunit_try_catch/175
[   11.362381] 
[   11.362558] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.362601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.362612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.362633] Call Trace:
[   11.362651]  <TASK>
[   11.362669]  dump_stack_lvl+0x73/0xb0
[   11.362697]  print_report+0xd1/0x650
[   11.362719]  ? __virt_addr_valid+0x1db/0x2d0
[   11.362741]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.362763]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.362785]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.362808]  kasan_report+0x141/0x180
[   11.362829]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.362856]  __asan_report_store1_noabort+0x1b/0x30
[   11.362876]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.362911]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.362951]  ? finish_task_switch.isra.0+0x153/0x700
[   11.362973]  ? __switch_to+0x47/0xf50
[   11.363007]  ? __schedule+0x10cc/0x2b60
[   11.363028]  ? __pfx_read_tsc+0x10/0x10
[   11.363051]  krealloc_less_oob+0x1c/0x30
[   11.363082]  kunit_try_run_case+0x1a5/0x480
[   11.363111]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.363133]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.363155]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.363178]  ? __kthread_parkme+0x82/0x180
[   11.363198]  ? preempt_count_sub+0x50/0x80
[   11.363220]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.363244]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.363267]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.363289]  kthread+0x337/0x6f0
[   11.363308]  ? trace_preempt_on+0x20/0xc0
[   11.363331]  ? __pfx_kthread+0x10/0x10
[   11.363351]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.363371]  ? calculate_sigpending+0x7b/0xa0
[   11.363394]  ? __pfx_kthread+0x10/0x10
[   11.363418]  ret_from_fork+0x116/0x1d0
[   11.363439]  ? __pfx_kthread+0x10/0x10
[   11.363472]  ret_from_fork_asm+0x1a/0x30
[   11.363504]  </TASK>
[   11.363515] 
[   11.376379] Allocated by task 175:
[   11.376768]  kasan_save_stack+0x45/0x70
[   11.377162]  kasan_save_track+0x18/0x40
[   11.377561]  kasan_save_alloc_info+0x3b/0x50
[   11.377945]  __kasan_krealloc+0x190/0x1f0
[   11.378344]  krealloc_noprof+0xf3/0x340
[   11.378967]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.379523]  krealloc_less_oob+0x1c/0x30
[   11.379770]  kunit_try_run_case+0x1a5/0x480
[   11.379920]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.380192]  kthread+0x337/0x6f0
[   11.380491]  ret_from_fork+0x116/0x1d0
[   11.380915]  ret_from_fork_asm+0x1a/0x30
[   11.381338] 
[   11.381505] The buggy address belongs to the object at ffff888100350200
[   11.381505]  which belongs to the cache kmalloc-256 of size 256
[   11.382365] The buggy address is located 34 bytes to the right of
[   11.382365]  allocated 201-byte region [ffff888100350200, ffff8881003502c9)
[   11.383593] 
[   11.383794] The buggy address belongs to the physical page:
[   11.384353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.384937] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.385277] flags: 0x200000000000040(head|node=0|zone=2)
[   11.385778] page_type: f5(slab)
[   11.386099] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.386909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.387607] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.388319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.388813] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.389563] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.389961] page dumped because: kasan: bad access detected
[   11.390267] 
[   11.390422] Memory state around the buggy address:
[   11.391049]  ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.391760]  ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.392019] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.392429]                                                           ^
[   11.393033]  ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.393749]  ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.394373] ==================================================================
[   11.470137] ==================================================================
[   11.470887] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.471228] Write of size 1 at addr ffff888102b720d0 by task kunit_try_catch/179
[   11.471671] 
[   11.471844] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.471885] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.471897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.471918] Call Trace:
[   11.471942]  <TASK>
[   11.471958]  dump_stack_lvl+0x73/0xb0
[   11.471985]  print_report+0xd1/0x650
[   11.472007]  ? __virt_addr_valid+0x1db/0x2d0
[   11.472030]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.472052]  ? kasan_addr_to_slab+0x11/0xa0
[   11.472072]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.472096]  kasan_report+0x141/0x180
[   11.472118]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.472145]  __asan_report_store1_noabort+0x1b/0x30
[   11.472165]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.472193]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.472218]  ? finish_task_switch.isra.0+0x153/0x700
[   11.472240]  ? __switch_to+0x47/0xf50
[   11.472264]  ? __schedule+0x10cc/0x2b60
[   11.472285]  ? __pfx_read_tsc+0x10/0x10
[   11.472309]  krealloc_large_less_oob+0x1c/0x30
[   11.472331]  kunit_try_run_case+0x1a5/0x480
[   11.472354]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.472376]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.472398]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.472420]  ? __kthread_parkme+0x82/0x180
[   11.472440]  ? preempt_count_sub+0x50/0x80
[   11.472462]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.472484]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.472506]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.472528]  kthread+0x337/0x6f0
[   11.472546]  ? trace_preempt_on+0x20/0xc0
[   11.472569]  ? __pfx_kthread+0x10/0x10
[   11.472589]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.472609]  ? calculate_sigpending+0x7b/0xa0
[   11.472702]  ? __pfx_kthread+0x10/0x10
[   11.472726]  ret_from_fork+0x116/0x1d0
[   11.472744]  ? __pfx_kthread+0x10/0x10
[   11.472765]  ret_from_fork_asm+0x1a/0x30
[   11.472795]  </TASK>
[   11.472806] 
[   11.485817] The buggy address belongs to the physical page:
[   11.486735] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70
[   11.487296] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.487526] flags: 0x200000000000040(head|node=0|zone=2)
[   11.487704] page_type: f8(unknown)
[   11.487830] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.489217] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.489798] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.490651] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.491365] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff
[   11.491689] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.492023] page dumped because: kasan: bad access detected
[   11.492694] 
[   11.492778] Memory state around the buggy address:
[   11.493207]  ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.493612]  ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.494039] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.494492]                                                  ^
[   11.494851]  ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.495272]  ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.495576] ==================================================================
[   11.290471] ==================================================================
[   11.291133] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.291725] Write of size 1 at addr ffff8881003502da by task kunit_try_catch/175
[   11.292403] 
[   11.292646] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.292689] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.292701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.292724] Call Trace:
[   11.292742]  <TASK>
[   11.292759]  dump_stack_lvl+0x73/0xb0
[   11.292789]  print_report+0xd1/0x650
[   11.292811]  ? __virt_addr_valid+0x1db/0x2d0
[   11.292833]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.292855]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.292876]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.292899]  kasan_report+0x141/0x180
[   11.292948]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.292976]  __asan_report_store1_noabort+0x1b/0x30
[   11.292996]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.293020]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.293043]  ? finish_task_switch.isra.0+0x153/0x700
[   11.293064]  ? __switch_to+0x47/0xf50
[   11.293099]  ? __schedule+0x10cc/0x2b60
[   11.293120]  ? __pfx_read_tsc+0x10/0x10
[   11.293144]  krealloc_less_oob+0x1c/0x30
[   11.293165]  kunit_try_run_case+0x1a5/0x480
[   11.293187]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.293208]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.293230]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.293252]  ? __kthread_parkme+0x82/0x180
[   11.293272]  ? preempt_count_sub+0x50/0x80
[   11.293294]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.293316]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.293339]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.293360]  kthread+0x337/0x6f0
[   11.293379]  ? trace_preempt_on+0x20/0xc0
[   11.293402]  ? __pfx_kthread+0x10/0x10
[   11.293422]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.293442]  ? calculate_sigpending+0x7b/0xa0
[   11.293479]  ? __pfx_kthread+0x10/0x10
[   11.293500]  ret_from_fork+0x116/0x1d0
[   11.293518]  ? __pfx_kthread+0x10/0x10
[   11.293537]  ret_from_fork_asm+0x1a/0x30
[   11.293567]  </TASK>
[   11.293579] 
[   11.308015] Allocated by task 175:
[   11.308258]  kasan_save_stack+0x45/0x70
[   11.308605]  kasan_save_track+0x18/0x40
[   11.309021]  kasan_save_alloc_info+0x3b/0x50
[   11.309473]  __kasan_krealloc+0x190/0x1f0
[   11.309864]  krealloc_noprof+0xf3/0x340
[   11.310009]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.310184]  krealloc_less_oob+0x1c/0x30
[   11.310580]  kunit_try_run_case+0x1a5/0x480
[   11.310988]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.311362]  kthread+0x337/0x6f0
[   11.311484]  ret_from_fork+0x116/0x1d0
[   11.311881]  ret_from_fork_asm+0x1a/0x30
[   11.312297] 
[   11.312460] The buggy address belongs to the object at ffff888100350200
[   11.312460]  which belongs to the cache kmalloc-256 of size 256
[   11.313460] The buggy address is located 17 bytes to the right of
[   11.313460]  allocated 201-byte region [ffff888100350200, ffff8881003502c9)
[   11.314548] 
[   11.314708] The buggy address belongs to the physical page:
[   11.315282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.315706] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.316172] flags: 0x200000000000040(head|node=0|zone=2)
[   11.316369] page_type: f5(slab)
[   11.316491] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.316733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.317486] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.318396] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.319252] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.320173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.320918] page dumped because: kasan: bad access detected
[   11.321502] 
[   11.321685] Memory state around the buggy address:
[   11.322020]  ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.322722]  ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.323131] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.323369]                                                     ^
[   11.324035]  ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.324686]  ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.324909] ==================================================================
[   11.222901] ==================================================================
[   11.223580] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.223904] Write of size 1 at addr ffff8881003502c9 by task kunit_try_catch/175
[   11.224138] 
[   11.224231] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.224276] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.224289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.224310] Call Trace:
[   11.224322]  <TASK>
[   11.224340]  dump_stack_lvl+0x73/0xb0
[   11.224367]  print_report+0xd1/0x650
[   11.224390]  ? __virt_addr_valid+0x1db/0x2d0
[   11.224413]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.224436]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.224458]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.224482]  kasan_report+0x141/0x180
[   11.224504]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.224532]  __asan_report_store1_noabort+0x1b/0x30
[   11.224552]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.224578]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.224602]  ? finish_task_switch.isra.0+0x153/0x700
[   11.224624]  ? __switch_to+0x47/0xf50
[   11.224650]  ? __schedule+0x10cc/0x2b60
[   11.224672]  ? __pfx_read_tsc+0x10/0x10
[   11.224721]  krealloc_less_oob+0x1c/0x30
[   11.224743]  kunit_try_run_case+0x1a5/0x480
[   11.224767]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.224790]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.224813]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.224836]  ? __kthread_parkme+0x82/0x180
[   11.224857]  ? preempt_count_sub+0x50/0x80
[   11.224880]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.224903]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.224926]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.224962]  kthread+0x337/0x6f0
[   11.224982]  ? trace_preempt_on+0x20/0xc0
[   11.225005]  ? __pfx_kthread+0x10/0x10
[   11.225026]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.225047]  ? calculate_sigpending+0x7b/0xa0
[   11.225072]  ? __pfx_kthread+0x10/0x10
[   11.225093]  ret_from_fork+0x116/0x1d0
[   11.225938]  ? __pfx_kthread+0x10/0x10
[   11.225966]  ret_from_fork_asm+0x1a/0x30
[   11.225998]  </TASK>
[   11.226011] 
[   11.239741] Allocated by task 175:
[   11.240157]  kasan_save_stack+0x45/0x70
[   11.240460]  kasan_save_track+0x18/0x40
[   11.240813]  kasan_save_alloc_info+0x3b/0x50
[   11.241191]  __kasan_krealloc+0x190/0x1f0
[   11.241522]  krealloc_noprof+0xf3/0x340
[   11.241804]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.242130]  krealloc_less_oob+0x1c/0x30
[   11.242334]  kunit_try_run_case+0x1a5/0x480
[   11.242764]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.243041]  kthread+0x337/0x6f0
[   11.243185]  ret_from_fork+0x116/0x1d0
[   11.243367]  ret_from_fork_asm+0x1a/0x30
[   11.243574] 
[   11.243657] The buggy address belongs to the object at ffff888100350200
[   11.243657]  which belongs to the cache kmalloc-256 of size 256
[   11.244734] The buggy address is located 0 bytes to the right of
[   11.244734]  allocated 201-byte region [ffff888100350200, ffff8881003502c9)
[   11.245567] 
[   11.245669] The buggy address belongs to the physical page:
[   11.246100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.246697] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.247033] flags: 0x200000000000040(head|node=0|zone=2)
[   11.247429] page_type: f5(slab)
[   11.247801] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.248584] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.248893] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.249389] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.249899] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.250637] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.250996] page dumped because: kasan: bad access detected
[   11.251362] 
[   11.251634] Memory state around the buggy address:
[   11.252165]  ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.252815]  ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.253335] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.253921]                                               ^
[   11.254390]  ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.254863]  ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.255439] ==================================================================
[   11.531035] ==================================================================
[   11.531426] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.531839] Write of size 1 at addr ffff888102b720eb by task kunit_try_catch/179
[   11.532381] 
[   11.532481] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.532533] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.532546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.532566] Call Trace:
[   11.532593]  <TASK>
[   11.532609]  dump_stack_lvl+0x73/0xb0
[   11.532636]  print_report+0xd1/0x650
[   11.532658]  ? __virt_addr_valid+0x1db/0x2d0
[   11.532680]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.532705]  ? kasan_addr_to_slab+0x11/0xa0
[   11.532727]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.532753]  kasan_report+0x141/0x180
[   11.532774]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.532801]  __asan_report_store1_noabort+0x1b/0x30
[   11.532830]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.532855]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.532879]  ? finish_task_switch.isra.0+0x153/0x700
[   11.532910]  ? __switch_to+0x47/0xf50
[   11.532943]  ? __schedule+0x10cc/0x2b60
[   11.532964]  ? __pfx_read_tsc+0x10/0x10
[   11.532987]  krealloc_large_less_oob+0x1c/0x30
[   11.533009]  kunit_try_run_case+0x1a5/0x480
[   11.533033]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.533054]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.533077]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.533099]  ? __kthread_parkme+0x82/0x180
[   11.533118]  ? preempt_count_sub+0x50/0x80
[   11.533142]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.533165]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.533187]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.533209]  kthread+0x337/0x6f0
[   11.533229]  ? trace_preempt_on+0x20/0xc0
[   11.533251]  ? __pfx_kthread+0x10/0x10
[   11.533271]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.533291]  ? calculate_sigpending+0x7b/0xa0
[   11.533313]  ? __pfx_kthread+0x10/0x10
[   11.533334]  ret_from_fork+0x116/0x1d0
[   11.533351]  ? __pfx_kthread+0x10/0x10
[   11.533371]  ret_from_fork_asm+0x1a/0x30
[   11.533400]  </TASK>
[   11.533410] 
[   11.541288] The buggy address belongs to the physical page:
[   11.541690] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70
[   11.541988] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.542299] flags: 0x200000000000040(head|node=0|zone=2)
[   11.542576] page_type: f8(unknown)
[   11.542874] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.543260] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.543591] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.543822] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.544207] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff
[   11.544581] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.544950] page dumped because: kasan: bad access detected
[   11.545274] 
[   11.545368] Memory state around the buggy address:
[   11.545587]  ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.545887]  ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.546247] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.546547]                                                           ^
[   11.546787]  ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.547077]  ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.547396] ==================================================================
[   11.496138] ==================================================================
[   11.497188] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.497452] Write of size 1 at addr ffff888102b720da by task kunit_try_catch/179
[   11.497680] 
[   11.497772] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.497816] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.497828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.497849] Call Trace:
[   11.497867]  <TASK>
[   11.497884]  dump_stack_lvl+0x73/0xb0
[   11.497911]  print_report+0xd1/0x650
[   11.497944]  ? __virt_addr_valid+0x1db/0x2d0
[   11.498215]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.498244]  ? kasan_addr_to_slab+0x11/0xa0
[   11.498288]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.498313]  kasan_report+0x141/0x180
[   11.498512]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.498542]  __asan_report_store1_noabort+0x1b/0x30
[   11.498576]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.498602]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.498625]  ? finish_task_switch.isra.0+0x153/0x700
[   11.498646]  ? __switch_to+0x47/0xf50
[   11.498671]  ? __schedule+0x10cc/0x2b60
[   11.498693]  ? __pfx_read_tsc+0x10/0x10
[   11.498717]  krealloc_large_less_oob+0x1c/0x30
[   11.498739]  kunit_try_run_case+0x1a5/0x480
[   11.498765]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.498787]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.498809]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.498831]  ? __kthread_parkme+0x82/0x180
[   11.498851]  ? preempt_count_sub+0x50/0x80
[   11.498873]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.498895]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.498917]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.498951]  kthread+0x337/0x6f0
[   11.498971]  ? trace_preempt_on+0x20/0xc0
[   11.498996]  ? __pfx_kthread+0x10/0x10
[   11.499016]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.499036]  ? calculate_sigpending+0x7b/0xa0
[   11.499067]  ? __pfx_kthread+0x10/0x10
[   11.499088]  ret_from_fork+0x116/0x1d0
[   11.499111]  ? __pfx_kthread+0x10/0x10
[   11.499130]  ret_from_fork_asm+0x1a/0x30
[   11.499161]  </TASK>
[   11.499173] 
[   11.507032] The buggy address belongs to the physical page:
[   11.507326] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b70
[   11.507742] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.508070] flags: 0x200000000000040(head|node=0|zone=2)
[   11.508327] page_type: f8(unknown)
[   11.508536] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.508835] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.509244] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.509606] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.509916] head: 0200000000000002 ffffea00040adc01 00000000ffffffff 00000000ffffffff
[   11.510299] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.510633] page dumped because: kasan: bad access detected
[   11.510869] 
[   11.510976] Memory state around the buggy address:
[   11.511215]  ffff888102b71f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.511521]  ffff888102b72000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.511832] >ffff888102b72080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.512125]                                                     ^
[   11.512408]  ffff888102b72100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.512683]  ffff888102b72180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.512894] ==================================================================
[   11.257034] ==================================================================
[   11.257367] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.257841] Write of size 1 at addr ffff8881003502d0 by task kunit_try_catch/175
[   11.258508] 
[   11.258818] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.258866] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.258879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.258900] Call Trace:
[   11.258913]  <TASK>
[   11.259055]  dump_stack_lvl+0x73/0xb0
[   11.259094]  print_report+0xd1/0x650
[   11.259122]  ? __virt_addr_valid+0x1db/0x2d0
[   11.259145]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.259167]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.259189]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.259212]  kasan_report+0x141/0x180
[   11.259235]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.259262]  __asan_report_store1_noabort+0x1b/0x30
[   11.259282]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.259307]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.259330]  ? finish_task_switch.isra.0+0x153/0x700
[   11.259351]  ? __switch_to+0x47/0xf50
[   11.259377]  ? __schedule+0x10cc/0x2b60
[   11.259399]  ? __pfx_read_tsc+0x10/0x10
[   11.259422]  krealloc_less_oob+0x1c/0x30
[   11.259443]  kunit_try_run_case+0x1a5/0x480
[   11.259478]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.259500]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.259522]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.259544]  ? __kthread_parkme+0x82/0x180
[   11.259564]  ? preempt_count_sub+0x50/0x80
[   11.259586]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.259610]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.259631]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.259653]  kthread+0x337/0x6f0
[   11.259672]  ? trace_preempt_on+0x20/0xc0
[   11.259695]  ? __pfx_kthread+0x10/0x10
[   11.259716]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.259736]  ? calculate_sigpending+0x7b/0xa0
[   11.259759]  ? __pfx_kthread+0x10/0x10
[   11.259779]  ret_from_fork+0x116/0x1d0
[   11.259797]  ? __pfx_kthread+0x10/0x10
[   11.259816]  ret_from_fork_asm+0x1a/0x30
[   11.259846]  </TASK>
[   11.259857] 
[   11.272458] Allocated by task 175:
[   11.272794]  kasan_save_stack+0x45/0x70
[   11.273134]  kasan_save_track+0x18/0x40
[   11.273343]  kasan_save_alloc_info+0x3b/0x50
[   11.273769]  __kasan_krealloc+0x190/0x1f0
[   11.274115]  krealloc_noprof+0xf3/0x340
[   11.274343]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.274829]  krealloc_less_oob+0x1c/0x30
[   11.275189]  kunit_try_run_case+0x1a5/0x480
[   11.275485]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.275909]  kthread+0x337/0x6f0
[   11.276202]  ret_from_fork+0x116/0x1d0
[   11.276409]  ret_from_fork_asm+0x1a/0x30
[   11.276615] 
[   11.277168] The buggy address belongs to the object at ffff888100350200
[   11.277168]  which belongs to the cache kmalloc-256 of size 256
[   11.278077] The buggy address is located 7 bytes to the right of
[   11.278077]  allocated 201-byte region [ffff888100350200, ffff8881003502c9)
[   11.278826] 
[   11.278911] The buggy address belongs to the physical page:
[   11.279210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.280114] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.280996] flags: 0x200000000000040(head|node=0|zone=2)
[   11.281557] page_type: f5(slab)
[   11.281850] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.282530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.282785] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.283528] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.284294] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.284874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.285238] page dumped because: kasan: bad access detected
[   11.285764] 
[   11.285982] Memory state around the buggy address:
[   11.286525]  ffff888100350180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.287173]  ffff888100350200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.287524] >ffff888100350280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.288274]                                                  ^
[   11.288725]  ffff888100350300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.288977]  ffff888100350380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.289638] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zUyns4bBvJgsOeHTwSzB14BtXy

job_id

TEST:linaro@lkft#2zUyu2HzOIhrWdigGxE1n02NgIH

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zUyu2HzOIhrWdigGxE1n02NgIH

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUyqpSVEGJuU14lZjYbktxi5ks/bzImage
sha256sum	eb3a236ffe04c7b8cec8d887ec6c90f532d889cb3e6061e4be63b00dbfbee3e8

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zUyqpSVEGJuU14lZjYbktxi5ks/modules.tar.xz
sha256sum	5901b75e8ac24e9b96c3260a67030d9eb9e0418b66a6907ac121941a493d3a5e

durations

tests

boot	0
kunit	227.24

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit