lkft/linux-mainline-master - v6.16-rc4-49-gb4911fb0b060 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 2, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   18.032672] ==================================================================
[   18.032778] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.032858] Write of size 1 at addr fff00000c17aa6c9 by task kunit_try_catch/158
[   18.033120] 
[   18.033229] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.033355] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.033399] Hardware name: linux,dummy-virt (DT)
[   18.033429] Call trace:
[   18.033450]  show_stack+0x20/0x38 (C)
[   18.033499]  dump_stack_lvl+0x8c/0xd0
[   18.033545]  print_report+0x118/0x608
[   18.033600]  kasan_report+0xdc/0x128
[   18.033671]  __asan_report_store1_noabort+0x20/0x30
[   18.033855]  krealloc_less_oob_helper+0xa48/0xc50
[   18.033976]  krealloc_less_oob+0x20/0x38
[   18.034101]  kunit_try_run_case+0x170/0x3f0
[   18.034193]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.034293]  kthread+0x328/0x630
[   18.034391]  ret_from_fork+0x10/0x20
[   18.034527] 
[   18.034625] Allocated by task 158:
[   18.034727]  kasan_save_stack+0x3c/0x68
[   18.034767]  kasan_save_track+0x20/0x40
[   18.034864]  kasan_save_alloc_info+0x40/0x58
[   18.035036]  __kasan_krealloc+0x118/0x178
[   18.035153]  krealloc_noprof+0x128/0x360
[   18.035238]  krealloc_less_oob_helper+0x168/0xc50
[   18.035318]  krealloc_less_oob+0x20/0x38
[   18.035366]  kunit_try_run_case+0x170/0x3f0
[   18.035485]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.035650]  kthread+0x328/0x630
[   18.035752]  ret_from_fork+0x10/0x20
[   18.035819] 
[   18.035940] The buggy address belongs to the object at fff00000c17aa600
[   18.035940]  which belongs to the cache kmalloc-256 of size 256
[   18.036015] The buggy address is located 0 bytes to the right of
[   18.036015]  allocated 201-byte region [fff00000c17aa600, fff00000c17aa6c9)
[   18.036075] 
[   18.036094] The buggy address belongs to the physical page:
[   18.036124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017aa
[   18.036174] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.036334] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.036434] page_type: f5(slab)
[   18.037007] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.037109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.038169] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.038236] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.038284] head: 0bfffe0000000001 ffffc1ffc305ea81 00000000ffffffff 00000000ffffffff
[   18.038330] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.038368] page dumped because: kasan: bad access detected
[   18.038397] 
[   18.038414] Memory state around the buggy address:
[   18.038448]  fff00000c17aa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.038489]  fff00000c17aa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.038529] >fff00000c17aa680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.038565]                                               ^
[   18.038610]  fff00000c17aa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.038655]  fff00000c17aa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.038693] ==================================================================
[   18.044318] ==================================================================
[   18.044363] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.044428] Write of size 1 at addr fff00000c17aa6da by task kunit_try_catch/158
[   18.044482] 
[   18.044529] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.044620] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.044646] Hardware name: linux,dummy-virt (DT)
[   18.044676] Call trace:
[   18.044729]  show_stack+0x20/0x38 (C)
[   18.044991]  dump_stack_lvl+0x8c/0xd0
[   18.045102]  print_report+0x118/0x608
[   18.045170]  kasan_report+0xdc/0x128
[   18.045250]  __asan_report_store1_noabort+0x20/0x30
[   18.045376]  krealloc_less_oob_helper+0xa80/0xc50
[   18.045445]  krealloc_less_oob+0x20/0x38
[   18.045489]  kunit_try_run_case+0x170/0x3f0
[   18.045712]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.045769]  kthread+0x328/0x630
[   18.045857]  ret_from_fork+0x10/0x20
[   18.045959] 
[   18.045977] Allocated by task 158:
[   18.046046]  kasan_save_stack+0x3c/0x68
[   18.046132]  kasan_save_track+0x20/0x40
[   18.046243]  kasan_save_alloc_info+0x40/0x58
[   18.046310]  __kasan_krealloc+0x118/0x178
[   18.046347]  krealloc_noprof+0x128/0x360
[   18.046383]  krealloc_less_oob_helper+0x168/0xc50
[   18.046420]  krealloc_less_oob+0x20/0x38
[   18.046455]  kunit_try_run_case+0x170/0x3f0
[   18.046490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.046531]  kthread+0x328/0x630
[   18.046685]  ret_from_fork+0x10/0x20
[   18.046735] 
[   18.046753] The buggy address belongs to the object at fff00000c17aa600
[   18.046753]  which belongs to the cache kmalloc-256 of size 256
[   18.046854] The buggy address is located 17 bytes to the right of
[   18.046854]  allocated 201-byte region [fff00000c17aa600, fff00000c17aa6c9)
[   18.047009] 
[   18.047056] The buggy address belongs to the physical page:
[   18.047102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017aa
[   18.047169] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.047254] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.047302] page_type: f5(slab)
[   18.047337] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.047384] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.047566] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.047665] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.047733] head: 0bfffe0000000001 ffffc1ffc305ea81 00000000ffffffff 00000000ffffffff
[   18.047831] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.047923] page dumped because: kasan: bad access detected
[   18.048003] 
[   18.048091] Memory state around the buggy address:
[   18.048150]  fff00000c17aa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.048209]  fff00000c17aa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.048251] >fff00000c17aa680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.048287]                                                     ^
[   18.048321]  fff00000c17aa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.048360]  fff00000c17aa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.048396] ==================================================================
[   18.093791] ==================================================================
[   18.094257] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.094315] Write of size 1 at addr fff00000c65a20eb by task kunit_try_catch/162
[   18.094395] 
[   18.094452] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.094530] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.094557] Hardware name: linux,dummy-virt (DT)
[   18.094614] Call trace:
[   18.094653]  show_stack+0x20/0x38 (C)
[   18.094718]  dump_stack_lvl+0x8c/0xd0
[   18.094783]  print_report+0x118/0x608
[   18.094836]  kasan_report+0xdc/0x128
[   18.094950]  __asan_report_store1_noabort+0x20/0x30
[   18.095023]  krealloc_less_oob_helper+0xa58/0xc50
[   18.095072]  krealloc_large_less_oob+0x20/0x38
[   18.095130]  kunit_try_run_case+0x170/0x3f0
[   18.095276]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.095338]  kthread+0x328/0x630
[   18.095379]  ret_from_fork+0x10/0x20
[   18.095445] 
[   18.095464] The buggy address belongs to the physical page:
[   18.095527] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   18.095595] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.095781] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.095848] page_type: f8(unknown)
[   18.095885] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.095932] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.095979] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.096025] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.096072] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   18.096119] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.096156] page dumped because: kasan: bad access detected
[   18.096191] 
[   18.096277] Memory state around the buggy address:
[   18.096417]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.096492]  fff00000c65a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.096595] >fff00000c65a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.096630]                                                           ^
[   18.096666]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.096749]  fff00000c65a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.097050] ==================================================================
[   18.084289] ==================================================================
[   18.084505] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.084567] Write of size 1 at addr fff00000c65a20da by task kunit_try_catch/162
[   18.084676] 
[   18.084705] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.084816] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.084900] Hardware name: linux,dummy-virt (DT)
[   18.085045] Call trace:
[   18.085099]  show_stack+0x20/0x38 (C)
[   18.085264]  dump_stack_lvl+0x8c/0xd0
[   18.085350]  print_report+0x118/0x608
[   18.085395]  kasan_report+0xdc/0x128
[   18.085439]  __asan_report_store1_noabort+0x20/0x30
[   18.085507]  krealloc_less_oob_helper+0xa80/0xc50
[   18.085590]  krealloc_large_less_oob+0x20/0x38
[   18.085745]  kunit_try_run_case+0x170/0x3f0
[   18.085798]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.085860]  kthread+0x328/0x630
[   18.085900]  ret_from_fork+0x10/0x20
[   18.085955] 
[   18.085975] The buggy address belongs to the physical page:
[   18.086009] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   18.086064] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.086108] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.086160] page_type: f8(unknown)
[   18.086205] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.086261] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.086308] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.086354] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.086401] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   18.086447] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.086496] page dumped because: kasan: bad access detected
[   18.086524] 
[   18.086541] Memory state around the buggy address:
[   18.086773]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.087031]  fff00000c65a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.087148] >fff00000c65a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.087185]                                                     ^
[   18.087269]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.087347]  fff00000c65a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.087383] ==================================================================
[   18.049528] ==================================================================
[   18.049586] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.049632] Write of size 1 at addr fff00000c17aa6ea by task kunit_try_catch/158
[   18.049680] 
[   18.049707] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.049783] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.049808] Hardware name: linux,dummy-virt (DT)
[   18.049837] Call trace:
[   18.049857]  show_stack+0x20/0x38 (C)
[   18.049902]  dump_stack_lvl+0x8c/0xd0
[   18.049947]  print_report+0x118/0x608
[   18.049991]  kasan_report+0xdc/0x128
[   18.050035]  __asan_report_store1_noabort+0x20/0x30
[   18.050081]  krealloc_less_oob_helper+0xae4/0xc50
[   18.050128]  krealloc_less_oob+0x20/0x38
[   18.050172]  kunit_try_run_case+0x170/0x3f0
[   18.050217]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.050269]  kthread+0x328/0x630
[   18.050313]  ret_from_fork+0x10/0x20
[   18.050360] 
[   18.050377] Allocated by task 158:
[   18.050403]  kasan_save_stack+0x3c/0x68
[   18.050442]  kasan_save_track+0x20/0x40
[   18.050477]  kasan_save_alloc_info+0x40/0x58
[   18.050514]  __kasan_krealloc+0x118/0x178
[   18.050550]  krealloc_noprof+0x128/0x360
[   18.050595]  krealloc_less_oob_helper+0x168/0xc50
[   18.050632]  krealloc_less_oob+0x20/0x38
[   18.050666]  kunit_try_run_case+0x170/0x3f0
[   18.050701]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.050742]  kthread+0x328/0x630
[   18.050772]  ret_from_fork+0x10/0x20
[   18.050806] 
[   18.050824] The buggy address belongs to the object at fff00000c17aa600
[   18.050824]  which belongs to the cache kmalloc-256 of size 256
[   18.050885] The buggy address is located 33 bytes to the right of
[   18.050885]  allocated 201-byte region [fff00000c17aa600, fff00000c17aa6c9)
[   18.050946] 
[   18.050964] The buggy address belongs to the physical page:
[   18.050993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017aa
[   18.051041] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.051086] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.051133] page_type: f5(slab)
[   18.051168] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.051216] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.051264] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.051310] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.051357] head: 0bfffe0000000001 ffffc1ffc305ea81 00000000ffffffff 00000000ffffffff
[   18.051403] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.051440] page dumped because: kasan: bad access detected
[   18.051469] 
[   18.051486] Memory state around the buggy address:
[   18.051514]  fff00000c17aa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.051554]  fff00000c17aa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.051668] >fff00000c17aa680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.051712]                                                           ^
[   18.053052]  fff00000c17aa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.053104]  fff00000c17aa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.053142] ==================================================================
[   18.088001] ==================================================================
[   18.088043] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.088087] Write of size 1 at addr fff00000c65a20ea by task kunit_try_catch/162
[   18.088212] 
[   18.088257] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.088336] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.088437] Hardware name: linux,dummy-virt (DT)
[   18.088470] Call trace:
[   18.088490]  show_stack+0x20/0x38 (C)
[   18.088552]  dump_stack_lvl+0x8c/0xd0
[   18.088608]  print_report+0x118/0x608
[   18.088653]  kasan_report+0xdc/0x128
[   18.088696]  __asan_report_store1_noabort+0x20/0x30
[   18.088750]  krealloc_less_oob_helper+0xae4/0xc50
[   18.088809]  krealloc_large_less_oob+0x20/0x38
[   18.088970]  kunit_try_run_case+0x170/0x3f0
[   18.089077]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.089151]  kthread+0x328/0x630
[   18.089267]  ret_from_fork+0x10/0x20
[   18.089332] 
[   18.089350] The buggy address belongs to the physical page:
[   18.089744] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   18.089855] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.090027] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.090174] page_type: f8(unknown)
[   18.090229] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.090333] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.090432] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.090598] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.090667] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   18.090713] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.090789] page dumped because: kasan: bad access detected
[   18.091265] 
[   18.091418] Memory state around the buggy address:
[   18.091513]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.091674]  fff00000c65a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.091718] >fff00000c65a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.091803]                                                           ^
[   18.091876]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.091915]  fff00000c65a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.092249] ==================================================================
[   18.075049] ==================================================================
[   18.075109] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.075185] Write of size 1 at addr fff00000c65a20c9 by task kunit_try_catch/162
[   18.075235] 
[   18.075266] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.075345] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.075420] Hardware name: linux,dummy-virt (DT)
[   18.075525] Call trace:
[   18.075550]  show_stack+0x20/0x38 (C)
[   18.075683]  dump_stack_lvl+0x8c/0xd0
[   18.075741]  print_report+0x118/0x608
[   18.075787]  kasan_report+0xdc/0x128
[   18.075838]  __asan_report_store1_noabort+0x20/0x30
[   18.075902]  krealloc_less_oob_helper+0xa48/0xc50
[   18.075990]  krealloc_large_less_oob+0x20/0x38
[   18.076036]  kunit_try_run_case+0x170/0x3f0
[   18.076082]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.076152]  kthread+0x328/0x630
[   18.076242]  ret_from_fork+0x10/0x20
[   18.076318] 
[   18.076366] The buggy address belongs to the physical page:
[   18.076412] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   18.076500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.076565] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.076626] page_type: f8(unknown)
[   18.076683] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.077037] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.077137] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.077307] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.077410] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   18.077531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.077638] page dumped because: kasan: bad access detected
[   18.077746] 
[   18.077819] Memory state around the buggy address:
[   18.077886]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.077952]  fff00000c65a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.078165] >fff00000c65a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.078204]                                               ^
[   18.078244]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.078284]  fff00000c65a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.078494] ==================================================================
[   18.039926] ==================================================================
[   18.039975] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.040042] Write of size 1 at addr fff00000c17aa6d0 by task kunit_try_catch/158
[   18.040097] 
[   18.040133] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.040210] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.040235] Hardware name: linux,dummy-virt (DT)
[   18.040270] Call trace:
[   18.040291]  show_stack+0x20/0x38 (C)
[   18.040346]  dump_stack_lvl+0x8c/0xd0
[   18.040392]  print_report+0x118/0x608
[   18.040444]  kasan_report+0xdc/0x128
[   18.040488]  __asan_report_store1_noabort+0x20/0x30
[   18.040536]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.040594]  krealloc_less_oob+0x20/0x38
[   18.040638]  kunit_try_run_case+0x170/0x3f0
[   18.040684]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.040734]  kthread+0x328/0x630
[   18.040775]  ret_from_fork+0x10/0x20
[   18.040820] 
[   18.040844] Allocated by task 158:
[   18.041411]  kasan_save_stack+0x3c/0x68
[   18.041486]  kasan_save_track+0x20/0x40
[   18.041523]  kasan_save_alloc_info+0x40/0x58
[   18.041561]  __kasan_krealloc+0x118/0x178
[   18.041607]  krealloc_noprof+0x128/0x360
[   18.041655]  krealloc_less_oob_helper+0x168/0xc50
[   18.041693]  krealloc_less_oob+0x20/0x38
[   18.041728]  kunit_try_run_case+0x170/0x3f0
[   18.041895]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.041983]  kthread+0x328/0x630
[   18.042095]  ret_from_fork+0x10/0x20
[   18.042184] 
[   18.042214] The buggy address belongs to the object at fff00000c17aa600
[   18.042214]  which belongs to the cache kmalloc-256 of size 256
[   18.042317] The buggy address is located 7 bytes to the right of
[   18.042317]  allocated 201-byte region [fff00000c17aa600, fff00000c17aa6c9)
[   18.042430] 
[   18.042496] The buggy address belongs to the physical page:
[   18.042526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017aa
[   18.042587] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.042631] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.042680] page_type: f5(slab)
[   18.042726] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.042896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.043020] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.043092] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.043139] head: 0bfffe0000000001 ffffc1ffc305ea81 00000000ffffffff 00000000ffffffff
[   18.043185] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.043223] page dumped because: kasan: bad access detected
[   18.043252] 
[   18.043269] Memory state around the buggy address:
[   18.043299]  fff00000c17aa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.043431]  fff00000c17aa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.043490] >fff00000c17aa680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.043607]                                                  ^
[   18.043711]  fff00000c17aa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.043818]  fff00000c17aa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.043866] ==================================================================
[   18.079382] ==================================================================
[   18.079428] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.079500] Write of size 1 at addr fff00000c65a20d0 by task kunit_try_catch/162
[   18.079547] 
[   18.079606] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.079684] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.079833] Hardware name: linux,dummy-virt (DT)
[   18.079897] Call trace:
[   18.080204]  show_stack+0x20/0x38 (C)
[   18.080267]  dump_stack_lvl+0x8c/0xd0
[   18.080312]  print_report+0x118/0x608
[   18.080375]  kasan_report+0xdc/0x128
[   18.080467]  __asan_report_store1_noabort+0x20/0x30
[   18.080542]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.080629]  krealloc_large_less_oob+0x20/0x38
[   18.080701]  kunit_try_run_case+0x170/0x3f0
[   18.080806]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.080877]  kthread+0x328/0x630
[   18.080919]  ret_from_fork+0x10/0x20
[   18.080965] 
[   18.080984] The buggy address belongs to the physical page:
[   18.081192] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065a0
[   18.081338] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.081410] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.081463] page_type: f8(unknown)
[   18.081508] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.081556] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.081615] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   18.081661] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   18.081762] head: 0bfffe0000000002 ffffc1ffc3196801 00000000ffffffff 00000000ffffffff
[   18.082013] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   18.082237] page dumped because: kasan: bad access detected
[   18.082327] 
[   18.082394] Memory state around the buggy address:
[   18.082542]  fff00000c65a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.082626]  fff00000c65a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.082721] >fff00000c65a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   18.082783]                                                  ^
[   18.082818]  fff00000c65a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.082885]  fff00000c65a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   18.083088] ==================================================================
[   18.053322] ==================================================================
[   18.053362] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   18.053405] Write of size 1 at addr fff00000c17aa6eb by task kunit_try_catch/158
[   18.053451] 
[   18.053477] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.053553] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.053610] Hardware name: linux,dummy-virt (DT)
[   18.053651] Call trace:
[   18.053690]  show_stack+0x20/0x38 (C)
[   18.053736]  dump_stack_lvl+0x8c/0xd0
[   18.053781]  print_report+0x118/0x608
[   18.053826]  kasan_report+0xdc/0x128
[   18.053870]  __asan_report_store1_noabort+0x20/0x30
[   18.053917]  krealloc_less_oob_helper+0xa58/0xc50
[   18.053964]  krealloc_less_oob+0x20/0x38
[   18.054008]  kunit_try_run_case+0x170/0x3f0
[   18.054064]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.054116]  kthread+0x328/0x630
[   18.054159]  ret_from_fork+0x10/0x20
[   18.054207] 
[   18.054229] Allocated by task 158:
[   18.054256]  kasan_save_stack+0x3c/0x68
[   18.054303]  kasan_save_track+0x20/0x40
[   18.054339]  kasan_save_alloc_info+0x40/0x58
[   18.054377]  __kasan_krealloc+0x118/0x178
[   18.054413]  krealloc_noprof+0x128/0x360
[   18.054449]  krealloc_less_oob_helper+0x168/0xc50
[   18.054486]  krealloc_less_oob+0x20/0x38
[   18.054520]  kunit_try_run_case+0x170/0x3f0
[   18.054556]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.054606]  kthread+0x328/0x630
[   18.054637]  ret_from_fork+0x10/0x20
[   18.054689] 
[   18.054707] The buggy address belongs to the object at fff00000c17aa600
[   18.054707]  which belongs to the cache kmalloc-256 of size 256
[   18.054762] The buggy address is located 34 bytes to the right of
[   18.054762]  allocated 201-byte region [fff00000c17aa600, fff00000c17aa6c9)
[   18.054822] 
[   18.054844] The buggy address belongs to the physical page:
[   18.054881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017aa
[   18.054944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.054995] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.055043] page_type: f5(slab)
[   18.055078] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.055135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.055191] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.055238] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.055285] head: 0bfffe0000000001 ffffc1ffc305ea81 00000000ffffffff 00000000ffffffff
[   18.055331] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.055368] page dumped because: kasan: bad access detected
[   18.055397] 
[   18.055420] Memory state around the buggy address:
[   18.055462]  fff00000c17aa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.055511]  fff00000c17aa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.055552] >fff00000c17aa680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.055596]                                                           ^
[   18.055632]  fff00000c17aa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.055672]  fff00000c17aa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.055708] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zL5tkJx538LuS4CC9waWjZdK7d

job_id

TEST:linaro@lkft#2zL5ylmx7RUmOXetsb6wmQNCL9F

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zL5ylmx7RUmOXetsb6wmQNCL9F

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5vHipoBPqphspWb9Jr5L3zfM/Image.gz
sha256sum	46de3631a51390d3b1ef1f4d0f673673bc6fcd4a3090b598579b0620c3b1dd78

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5vHipoBPqphspWb9Jr5L3zfM/modules.tar.xz
sha256sum	d74cbfeb470e49b375c874ea6ef4751c3c1b7037bd9d5ae91e3faaa6801aa5c4

durations

tests

boot	0
kunit	180.17

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.070059] ==================================================================
[   11.070678] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.071732] Write of size 1 at addr ffff8881003508c9 by task kunit_try_catch/177
[   11.072505] 
[   11.072697] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.072746] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.072757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.072779] Call Trace:
[   11.072794]  <TASK>
[   11.072811]  dump_stack_lvl+0x73/0xb0
[   11.072841]  print_report+0xd1/0x650
[   11.072865]  ? __virt_addr_valid+0x1db/0x2d0
[   11.072888]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.072912]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.072934]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.072957]  kasan_report+0x141/0x180
[   11.072977]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.073004]  __asan_report_store1_noabort+0x1b/0x30
[   11.073024]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.073050]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.073072]  ? irqentry_exit+0x2a/0x60
[   11.073093]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.073120]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.073144]  krealloc_less_oob+0x1c/0x30
[   11.073164]  kunit_try_run_case+0x1a5/0x480
[   11.073188]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.073209]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.073231]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.073252]  ? __kthread_parkme+0x82/0x180
[   11.073273]  ? preempt_count_sub+0x50/0x80
[   11.073296]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.073318]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.073338]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.073360]  kthread+0x337/0x6f0
[   11.073388]  ? trace_preempt_on+0x20/0xc0
[   11.073411]  ? __pfx_kthread+0x10/0x10
[   11.073431]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.073450]  ? calculate_sigpending+0x7b/0xa0
[   11.073472]  ? __pfx_kthread+0x10/0x10
[   11.073492]  ret_from_fork+0x116/0x1d0
[   11.073511]  ? __pfx_kthread+0x10/0x10
[   11.073530]  ret_from_fork_asm+0x1a/0x30
[   11.073559]  </TASK>
[   11.073604] 
[   11.088004] Allocated by task 177:
[   11.088413]  kasan_save_stack+0x45/0x70
[   11.088740]  kasan_save_track+0x18/0x40
[   11.089147]  kasan_save_alloc_info+0x3b/0x50
[   11.089302]  __kasan_krealloc+0x190/0x1f0
[   11.089455]  krealloc_noprof+0xf3/0x340
[   11.089611]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.090310]  krealloc_less_oob+0x1c/0x30
[   11.090726]  kunit_try_run_case+0x1a5/0x480
[   11.091277]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.091889]  kthread+0x337/0x6f0
[   11.092304]  ret_from_fork+0x116/0x1d0
[   11.092738]  ret_from_fork_asm+0x1a/0x30
[   11.093197] 
[   11.093498] The buggy address belongs to the object at ffff888100350800
[   11.093498]  which belongs to the cache kmalloc-256 of size 256
[   11.094193] The buggy address is located 0 bytes to the right of
[   11.094193]  allocated 201-byte region [ffff888100350800, ffff8881003508c9)
[   11.094576] 
[   11.094671] The buggy address belongs to the physical page:
[   11.094969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.095284] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.095581] flags: 0x200000000000040(head|node=0|zone=2)
[   11.096192] page_type: f5(slab)
[   11.096322] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.096832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.097295] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.097701] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.098226] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.098554] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.099108] page dumped because: kasan: bad access detected
[   11.099427] 
[   11.099507] Memory state around the buggy address:
[   11.099713]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.100285]  ffff888100350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.100561] >ffff888100350880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.101112]                                               ^
[   11.101426]  ffff888100350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.101850]  ffff888100350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.102175] ==================================================================
[   11.151760] ==================================================================
[   11.152081] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.152617] Write of size 1 at addr ffff8881003508ea by task kunit_try_catch/177
[   11.153070] 
[   11.153167] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.153206] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.153217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.153235] Call Trace:
[   11.153249]  <TASK>
[   11.153264]  dump_stack_lvl+0x73/0xb0
[   11.153291]  print_report+0xd1/0x650
[   11.153313]  ? __virt_addr_valid+0x1db/0x2d0
[   11.153334]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.153356]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.153390]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.153413]  kasan_report+0x141/0x180
[   11.153433]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.153460]  __asan_report_store1_noabort+0x1b/0x30
[   11.153479]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.153504]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.153525]  ? irqentry_exit+0x2a/0x60
[   11.153545]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.153571]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.153595]  krealloc_less_oob+0x1c/0x30
[   11.153616]  kunit_try_run_case+0x1a5/0x480
[   11.153639]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.153659]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.153681]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.153702]  ? __kthread_parkme+0x82/0x180
[   11.153721]  ? preempt_count_sub+0x50/0x80
[   11.153744]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.153766]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.153787]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.153808]  kthread+0x337/0x6f0
[   11.153826]  ? trace_preempt_on+0x20/0xc0
[   11.153848]  ? __pfx_kthread+0x10/0x10
[   11.153868]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.153887]  ? calculate_sigpending+0x7b/0xa0
[   11.153910]  ? __pfx_kthread+0x10/0x10
[   11.153930]  ret_from_fork+0x116/0x1d0
[   11.153947]  ? __pfx_kthread+0x10/0x10
[   11.153966]  ret_from_fork_asm+0x1a/0x30
[   11.153994]  </TASK>
[   11.154005] 
[   11.161793] Allocated by task 177:
[   11.161987]  kasan_save_stack+0x45/0x70
[   11.162187]  kasan_save_track+0x18/0x40
[   11.162326]  kasan_save_alloc_info+0x3b/0x50
[   11.162537]  __kasan_krealloc+0x190/0x1f0
[   11.162786]  krealloc_noprof+0xf3/0x340
[   11.162919]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.163165]  krealloc_less_oob+0x1c/0x30
[   11.163346]  kunit_try_run_case+0x1a5/0x480
[   11.163498]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.163757]  kthread+0x337/0x6f0
[   11.164087]  ret_from_fork+0x116/0x1d0
[   11.164242]  ret_from_fork_asm+0x1a/0x30
[   11.164393] 
[   11.164465] The buggy address belongs to the object at ffff888100350800
[   11.164465]  which belongs to the cache kmalloc-256 of size 256
[   11.164863] The buggy address is located 33 bytes to the right of
[   11.164863]  allocated 201-byte region [ffff888100350800, ffff8881003508c9)
[   11.165412] 
[   11.165508] The buggy address belongs to the physical page:
[   11.165707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.165945] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.166251] flags: 0x200000000000040(head|node=0|zone=2)
[   11.166524] page_type: f5(slab)
[   11.166724] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.167157] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.167909] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.168242] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.168512] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.168785] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.169120] page dumped because: kasan: bad access detected
[   11.169361] 
[   11.169438] Memory state around the buggy address:
[   11.169590]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.170004]  ffff888100350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.170418] >ffff888100350880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.170834]                                                           ^
[   11.171093]  ffff888100350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.171324]  ffff888100350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.171826] ==================================================================
[   11.130761] ==================================================================
[   11.131050] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.131593] Write of size 1 at addr ffff8881003508da by task kunit_try_catch/177
[   11.132313] 
[   11.132449] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.132491] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.132503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.132522] Call Trace:
[   11.132534]  <TASK>
[   11.132550]  dump_stack_lvl+0x73/0xb0
[   11.132579]  print_report+0xd1/0x650
[   11.132601]  ? __virt_addr_valid+0x1db/0x2d0
[   11.132623]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.132645]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.132666]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.132688]  kasan_report+0x141/0x180
[   11.132709]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.132735]  __asan_report_store1_noabort+0x1b/0x30
[   11.132755]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.132779]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.132800]  ? irqentry_exit+0x2a/0x60
[   11.132820]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.132847]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.132871]  krealloc_less_oob+0x1c/0x30
[   11.132891]  kunit_try_run_case+0x1a5/0x480
[   11.132914]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.132935]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.132956]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.132977]  ? __kthread_parkme+0x82/0x180
[   11.132997]  ? preempt_count_sub+0x50/0x80
[   11.133019]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.133041]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.133062]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.133084]  kthread+0x337/0x6f0
[   11.133102]  ? trace_preempt_on+0x20/0xc0
[   11.133123]  ? __pfx_kthread+0x10/0x10
[   11.133143]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.133162]  ? calculate_sigpending+0x7b/0xa0
[   11.133184]  ? __pfx_kthread+0x10/0x10
[   11.133204]  ret_from_fork+0x116/0x1d0
[   11.133222]  ? __pfx_kthread+0x10/0x10
[   11.133241]  ret_from_fork_asm+0x1a/0x30
[   11.133270]  </TASK>
[   11.133280] 
[   11.140775] Allocated by task 177:
[   11.140952]  kasan_save_stack+0x45/0x70
[   11.141233]  kasan_save_track+0x18/0x40
[   11.141387]  kasan_save_alloc_info+0x3b/0x50
[   11.141533]  __kasan_krealloc+0x190/0x1f0
[   11.141669]  krealloc_noprof+0xf3/0x340
[   11.142064]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.142313]  krealloc_less_oob+0x1c/0x30
[   11.142525]  kunit_try_run_case+0x1a5/0x480
[   11.142731]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.142990]  kthread+0x337/0x6f0
[   11.143163]  ret_from_fork+0x116/0x1d0
[   11.143429]  ret_from_fork_asm+0x1a/0x30
[   11.143604] 
[   11.143748] The buggy address belongs to the object at ffff888100350800
[   11.143748]  which belongs to the cache kmalloc-256 of size 256
[   11.144331] The buggy address is located 17 bytes to the right of
[   11.144331]  allocated 201-byte region [ffff888100350800, ffff8881003508c9)
[   11.144788] 
[   11.144861] The buggy address belongs to the physical page:
[   11.145034] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.145508] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.145830] flags: 0x200000000000040(head|node=0|zone=2)
[   11.146005] page_type: f5(slab)
[   11.146124] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.146352] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.147172] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.147546] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.147912] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.148210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.148640] page dumped because: kasan: bad access detected
[   11.149000] 
[   11.149093] Memory state around the buggy address:
[   11.149250]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.149546]  ffff888100350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.149867] >ffff888100350880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.150180]                                                     ^
[   11.150368]  ffff888100350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.150904]  ffff888100350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.151247] ==================================================================
[   11.257035] ==================================================================
[   11.257292] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.257686] Write of size 1 at addr ffff8881029ce0d0 by task kunit_try_catch/181
[   11.258141] 
[   11.258269] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.258312] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.258323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.258343] Call Trace:
[   11.258360]  <TASK>
[   11.258388]  dump_stack_lvl+0x73/0xb0
[   11.258418]  print_report+0xd1/0x650
[   11.258441]  ? __virt_addr_valid+0x1db/0x2d0
[   11.258463]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.258486]  ? kasan_addr_to_slab+0x11/0xa0
[   11.258507]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.258530]  kasan_report+0x141/0x180
[   11.258552]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.258579]  __asan_report_store1_noabort+0x1b/0x30
[   11.258600]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.258668]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.258696]  ? __kasan_check_write+0x18/0x20
[   11.258714]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.258736]  ? irqentry_exit+0x2a/0x60
[   11.258756]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.258778]  ? trace_hardirqs_on+0x37/0xe0
[   11.258801]  ? __pfx_read_tsc+0x10/0x10
[   11.258824]  krealloc_large_less_oob+0x1c/0x30
[   11.258847]  kunit_try_run_case+0x1a5/0x480
[   11.258870]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.258892]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.258913]  ? __kthread_parkme+0x82/0x180
[   11.258933]  ? preempt_count_sub+0x50/0x80
[   11.258955]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.258977]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.258998]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.259020]  kthread+0x337/0x6f0
[   11.259038]  ? trace_preempt_on+0x20/0xc0
[   11.259058]  ? __pfx_kthread+0x10/0x10
[   11.259079]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.259098]  ? calculate_sigpending+0x7b/0xa0
[   11.259120]  ? __pfx_kthread+0x10/0x10
[   11.259141]  ret_from_fork+0x116/0x1d0
[   11.259157]  ? __pfx_kthread+0x10/0x10
[   11.259177]  ret_from_fork_asm+0x1a/0x30
[   11.259208]  </TASK>
[   11.259219] 
[   11.267722] The buggy address belongs to the physical page:
[   11.267974] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc
[   11.268217] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.268713] flags: 0x200000000000040(head|node=0|zone=2)
[   11.268970] page_type: f8(unknown)
[   11.269098] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.269418] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.270035] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.270316] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.270563] head: 0200000000000002 ffffea00040a7301 00000000ffffffff 00000000ffffffff
[   11.270925] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.271275] page dumped because: kasan: bad access detected
[   11.271638] 
[   11.271718] Memory state around the buggy address:
[   11.271968]  ffff8881029cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.272185]  ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.272412] >ffff8881029ce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.272732]                                                  ^
[   11.272998]  ffff8881029ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.273272]  ffff8881029ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.273883] ==================================================================
[   11.306827] ==================================================================
[   11.307145] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.307400] Write of size 1 at addr ffff8881029ce0eb by task kunit_try_catch/181
[   11.307621] 
[   11.307731] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.307772] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.307783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.307801] Call Trace:
[   11.307817]  <TASK>
[   11.307833]  dump_stack_lvl+0x73/0xb0
[   11.307859]  print_report+0xd1/0x650
[   11.307882]  ? __virt_addr_valid+0x1db/0x2d0
[   11.307903]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.307927]  ? kasan_addr_to_slab+0x11/0xa0
[   11.308004]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.308032]  kasan_report+0x141/0x180
[   11.308053]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.308081]  __asan_report_store1_noabort+0x1b/0x30
[   11.308102]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.308127]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.308152]  ? __kasan_check_write+0x18/0x20
[   11.308171]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.308193]  ? irqentry_exit+0x2a/0x60
[   11.308213]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.308235]  ? trace_hardirqs_on+0x37/0xe0
[   11.308257]  ? __pfx_read_tsc+0x10/0x10
[   11.308280]  krealloc_large_less_oob+0x1c/0x30
[   11.308303]  kunit_try_run_case+0x1a5/0x480
[   11.308326]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.308348]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.308369]  ? __kthread_parkme+0x82/0x180
[   11.308400]  ? preempt_count_sub+0x50/0x80
[   11.308422]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.308445]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.308466]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.308487]  kthread+0x337/0x6f0
[   11.308506]  ? trace_preempt_on+0x20/0xc0
[   11.308527]  ? __pfx_kthread+0x10/0x10
[   11.308546]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.308565]  ? calculate_sigpending+0x7b/0xa0
[   11.308616]  ? __pfx_kthread+0x10/0x10
[   11.308637]  ret_from_fork+0x116/0x1d0
[   11.308655]  ? __pfx_kthread+0x10/0x10
[   11.308674]  ret_from_fork_asm+0x1a/0x30
[   11.308703]  </TASK>
[   11.308714] 
[   11.318849] The buggy address belongs to the physical page:
[   11.319081] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc
[   11.320026] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.320425] flags: 0x200000000000040(head|node=0|zone=2)
[   11.320921] page_type: f8(unknown)
[   11.321084] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.321467] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.321885] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.322254] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.322621] head: 0200000000000002 ffffea00040a7301 00000000ffffffff 00000000ffffffff
[   11.322980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.323317] page dumped because: kasan: bad access detected
[   11.323641] 
[   11.323741] Memory state around the buggy address:
[   11.323973]  ffff8881029cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.324280]  ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.324702] >ffff8881029ce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.325045]                                                           ^
[   11.325320]  ffff8881029ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.325853]  ffff8881029ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.326189] ==================================================================
[   11.172279] ==================================================================
[   11.172599] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.173007] Write of size 1 at addr ffff8881003508eb by task kunit_try_catch/177
[   11.173231] 
[   11.173329] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.173370] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.173393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.173412] Call Trace:
[   11.173429]  <TASK>
[   11.173445]  dump_stack_lvl+0x73/0xb0
[   11.173472]  print_report+0xd1/0x650
[   11.173494]  ? __virt_addr_valid+0x1db/0x2d0
[   11.173515]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.173537]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.173558]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.173581]  kasan_report+0x141/0x180
[   11.173602]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.173628]  __asan_report_store1_noabort+0x1b/0x30
[   11.173648]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.173672]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.173694]  ? irqentry_exit+0x2a/0x60
[   11.173713]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.173740]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.173764]  krealloc_less_oob+0x1c/0x30
[   11.173784]  kunit_try_run_case+0x1a5/0x480
[   11.173808]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.173886]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.173912]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.173933]  ? __kthread_parkme+0x82/0x180
[   11.173952]  ? preempt_count_sub+0x50/0x80
[   11.173974]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.173997]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.174018]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.174040]  kthread+0x337/0x6f0
[   11.174058]  ? trace_preempt_on+0x20/0xc0
[   11.174080]  ? __pfx_kthread+0x10/0x10
[   11.174099]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.174119]  ? calculate_sigpending+0x7b/0xa0
[   11.174141]  ? __pfx_kthread+0x10/0x10
[   11.174161]  ret_from_fork+0x116/0x1d0
[   11.174179]  ? __pfx_kthread+0x10/0x10
[   11.174198]  ret_from_fork_asm+0x1a/0x30
[   11.174227]  </TASK>
[   11.174238] 
[   11.182004] Allocated by task 177:
[   11.182138]  kasan_save_stack+0x45/0x70
[   11.182388]  kasan_save_track+0x18/0x40
[   11.182577]  kasan_save_alloc_info+0x3b/0x50
[   11.182782]  __kasan_krealloc+0x190/0x1f0
[   11.182976]  krealloc_noprof+0xf3/0x340
[   11.183368]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.183547]  krealloc_less_oob+0x1c/0x30
[   11.183749]  kunit_try_run_case+0x1a5/0x480
[   11.183933]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.184105]  kthread+0x337/0x6f0
[   11.184273]  ret_from_fork+0x116/0x1d0
[   11.184470]  ret_from_fork_asm+0x1a/0x30
[   11.184673] 
[   11.184782] The buggy address belongs to the object at ffff888100350800
[   11.184782]  which belongs to the cache kmalloc-256 of size 256
[   11.185253] The buggy address is located 34 bytes to the right of
[   11.185253]  allocated 201-byte region [ffff888100350800, ffff8881003508c9)
[   11.185749] 
[   11.185854] The buggy address belongs to the physical page:
[   11.186076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.186408] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.186712] flags: 0x200000000000040(head|node=0|zone=2)
[   11.187020] page_type: f5(slab)
[   11.187170] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.187481] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.187835] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.188120] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.188436] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.188727] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.189053] page dumped because: kasan: bad access detected
[   11.189519] 
[   11.189653] Memory state around the buggy address:
[   11.189895]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.190183]  ffff888100350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.190499] >ffff888100350880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.190921]                                                           ^
[   11.191186]  ffff888100350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.191484]  ffff888100350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.191775] ==================================================================
[   11.290308] ==================================================================
[   11.290649] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.291002] Write of size 1 at addr ffff8881029ce0ea by task kunit_try_catch/181
[   11.291232] 
[   11.291316] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.291355] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.291366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.291396] Call Trace:
[   11.291411]  <TASK>
[   11.291427]  dump_stack_lvl+0x73/0xb0
[   11.291454]  print_report+0xd1/0x650
[   11.291477]  ? __virt_addr_valid+0x1db/0x2d0
[   11.291499]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.291522]  ? kasan_addr_to_slab+0x11/0xa0
[   11.291541]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.291565]  kasan_report+0x141/0x180
[   11.291624]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.291653]  __asan_report_store1_noabort+0x1b/0x30
[   11.291673]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.291703]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.291728]  ? __kasan_check_write+0x18/0x20
[   11.291746]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.291779]  ? irqentry_exit+0x2a/0x60
[   11.291799]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.291821]  ? trace_hardirqs_on+0x37/0xe0
[   11.291845]  ? __pfx_read_tsc+0x10/0x10
[   11.291868]  krealloc_large_less_oob+0x1c/0x30
[   11.291891]  kunit_try_run_case+0x1a5/0x480
[   11.291914]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.291936]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.291958]  ? __kthread_parkme+0x82/0x180
[   11.291977]  ? preempt_count_sub+0x50/0x80
[   11.291999]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.292021]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.292042]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.292064]  kthread+0x337/0x6f0
[   11.292082]  ? trace_preempt_on+0x20/0xc0
[   11.292102]  ? __pfx_kthread+0x10/0x10
[   11.292121]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.292141]  ? calculate_sigpending+0x7b/0xa0
[   11.292163]  ? __pfx_kthread+0x10/0x10
[   11.292183]  ret_from_fork+0x116/0x1d0
[   11.292200]  ? __pfx_kthread+0x10/0x10
[   11.292219]  ret_from_fork_asm+0x1a/0x30
[   11.292249]  </TASK>
[   11.292259] 
[   11.300431] The buggy address belongs to the physical page:
[   11.300700] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc
[   11.301149] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.301389] flags: 0x200000000000040(head|node=0|zone=2)
[   11.301566] page_type: f8(unknown)
[   11.301693] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.301966] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.302311] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.302662] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.303005] head: 0200000000000002 ffffea00040a7301 00000000ffffffff 00000000ffffffff
[   11.303349] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.303831] page dumped because: kasan: bad access detected
[   11.304319] 
[   11.304421] Memory state around the buggy address:
[   11.304723]  ffff8881029cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.305077]  ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.305292] >ffff8881029ce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.305585]                                                           ^
[   11.305885]  ffff8881029ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.306143]  ffff8881029ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.306411] ==================================================================
[   11.102777] ==================================================================
[   11.103052] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.103337] Write of size 1 at addr ffff8881003508d0 by task kunit_try_catch/177
[   11.104218] 
[   11.104405] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.104449] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.104461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.104481] Call Trace:
[   11.104498]  <TASK>
[   11.104515]  dump_stack_lvl+0x73/0xb0
[   11.104543]  print_report+0xd1/0x650
[   11.104566]  ? __virt_addr_valid+0x1db/0x2d0
[   11.104586]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.104608]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.104783]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.104809]  kasan_report+0x141/0x180
[   11.104831]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.104857]  __asan_report_store1_noabort+0x1b/0x30
[   11.104877]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.104901]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.104922]  ? irqentry_exit+0x2a/0x60
[   11.104943]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.104969]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.104996]  krealloc_less_oob+0x1c/0x30
[   11.105033]  kunit_try_run_case+0x1a5/0x480
[   11.105057]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.105077]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.105099]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.105120]  ? __kthread_parkme+0x82/0x180
[   11.105140]  ? preempt_count_sub+0x50/0x80
[   11.105163]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.105185]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.105206]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.105227]  kthread+0x337/0x6f0
[   11.105245]  ? trace_preempt_on+0x20/0xc0
[   11.105268]  ? __pfx_kthread+0x10/0x10
[   11.105287]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.105307]  ? calculate_sigpending+0x7b/0xa0
[   11.105329]  ? __pfx_kthread+0x10/0x10
[   11.105350]  ret_from_fork+0x116/0x1d0
[   11.105368]  ? __pfx_kthread+0x10/0x10
[   11.105398]  ret_from_fork_asm+0x1a/0x30
[   11.105427]  </TASK>
[   11.105437] 
[   11.115181] Allocated by task 177:
[   11.115346]  kasan_save_stack+0x45/0x70
[   11.115547]  kasan_save_track+0x18/0x40
[   11.115709]  kasan_save_alloc_info+0x3b/0x50
[   11.116320]  __kasan_krealloc+0x190/0x1f0
[   11.116627]  krealloc_noprof+0xf3/0x340
[   11.117075]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.117242]  krealloc_less_oob+0x1c/0x30
[   11.117393]  kunit_try_run_case+0x1a5/0x480
[   11.117538]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.118202]  kthread+0x337/0x6f0
[   11.118363]  ret_from_fork+0x116/0x1d0
[   11.118508]  ret_from_fork_asm+0x1a/0x30
[   11.118645] 
[   11.118716] The buggy address belongs to the object at ffff888100350800
[   11.118716]  which belongs to the cache kmalloc-256 of size 256
[   11.120158] The buggy address is located 7 bytes to the right of
[   11.120158]  allocated 201-byte region [ffff888100350800, ffff8881003508c9)
[   11.121725] 
[   11.122026] The buggy address belongs to the physical page:
[   11.122502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   11.123080] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.123896] flags: 0x200000000000040(head|node=0|zone=2)
[   11.124485] page_type: f5(slab)
[   11.124617] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.125404] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.125968] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.126202] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.126463] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   11.127138] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.127447] page dumped because: kasan: bad access detected
[   11.127708] 
[   11.127846] Memory state around the buggy address:
[   11.128042]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.128343]  ffff888100350800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.128828] >ffff888100350880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.129117]                                                  ^
[   11.129354]  ffff888100350900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.129647]  ffff888100350980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.129965] ==================================================================
[   11.237261] ==================================================================
[   11.238073] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.238790] Write of size 1 at addr ffff8881029ce0c9 by task kunit_try_catch/181
[   11.239165] 
[   11.239285] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.239330] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.239341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.239361] Call Trace:
[   11.239385]  <TASK>
[   11.239403]  dump_stack_lvl+0x73/0xb0
[   11.239433]  print_report+0xd1/0x650
[   11.239456]  ? __virt_addr_valid+0x1db/0x2d0
[   11.239479]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.239503]  ? kasan_addr_to_slab+0x11/0xa0
[   11.239523]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.239546]  kasan_report+0x141/0x180
[   11.239567]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.239595]  __asan_report_store1_noabort+0x1b/0x30
[   11.239615]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.239640]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.239665]  ? __kasan_check_write+0x18/0x20
[   11.239684]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.239711]  ? irqentry_exit+0x2a/0x60
[   11.239731]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.239754]  ? trace_hardirqs_on+0x37/0xe0
[   11.239779]  ? __pfx_read_tsc+0x10/0x10
[   11.239802]  krealloc_large_less_oob+0x1c/0x30
[   11.239825]  kunit_try_run_case+0x1a5/0x480
[   11.239850]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.239873]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.239894]  ? __kthread_parkme+0x82/0x180
[   11.239914]  ? preempt_count_sub+0x50/0x80
[   11.239937]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.239959]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.239980]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.240002]  kthread+0x337/0x6f0
[   11.240020]  ? trace_preempt_on+0x20/0xc0
[   11.240040]  ? __pfx_kthread+0x10/0x10
[   11.240060]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.240080]  ? calculate_sigpending+0x7b/0xa0
[   11.240104]  ? __pfx_kthread+0x10/0x10
[   11.240124]  ret_from_fork+0x116/0x1d0
[   11.240141]  ? __pfx_kthread+0x10/0x10
[   11.240160]  ret_from_fork_asm+0x1a/0x30
[   11.240190]  </TASK>
[   11.240201] 
[   11.248404] The buggy address belongs to the physical page:
[   11.248592] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc
[   11.248917] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.249271] flags: 0x200000000000040(head|node=0|zone=2)
[   11.249541] page_type: f8(unknown)
[   11.249721] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.250208] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.250450] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.250835] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.251187] head: 0200000000000002 ffffea00040a7301 00000000ffffffff 00000000ffffffff
[   11.251426] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.251962] page dumped because: kasan: bad access detected
[   11.252227] 
[   11.252320] Memory state around the buggy address:
[   11.252511]  ffff8881029cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.253556]  ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.254230] >ffff8881029ce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.254554]                                               ^
[   11.255287]  ffff8881029ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.255645]  ffff8881029ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.256159] ==================================================================
[   11.274180] ==================================================================
[   11.274451] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.275108] Write of size 1 at addr ffff8881029ce0da by task kunit_try_catch/181
[   11.275443] 
[   11.275559] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.275601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.275612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.275631] Call Trace:
[   11.275648]  <TASK>
[   11.275665]  dump_stack_lvl+0x73/0xb0
[   11.275697]  print_report+0xd1/0x650
[   11.275721]  ? __virt_addr_valid+0x1db/0x2d0
[   11.275743]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.275766]  ? kasan_addr_to_slab+0x11/0xa0
[   11.275786]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.275809]  kasan_report+0x141/0x180
[   11.275830]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.275858]  __asan_report_store1_noabort+0x1b/0x30
[   11.275879]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.275904]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.275929]  ? __kasan_check_write+0x18/0x20
[   11.275948]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.275970]  ? irqentry_exit+0x2a/0x60
[   11.275991]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.276012]  ? trace_hardirqs_on+0x37/0xe0
[   11.276035]  ? __pfx_read_tsc+0x10/0x10
[   11.276058]  krealloc_large_less_oob+0x1c/0x30
[   11.276081]  kunit_try_run_case+0x1a5/0x480
[   11.276104]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.276127]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.276148]  ? __kthread_parkme+0x82/0x180
[   11.276168]  ? preempt_count_sub+0x50/0x80
[   11.276191]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.276213]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.276234]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.276255]  kthread+0x337/0x6f0
[   11.276274]  ? trace_preempt_on+0x20/0xc0
[   11.276294]  ? __pfx_kthread+0x10/0x10
[   11.276313]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.276332]  ? calculate_sigpending+0x7b/0xa0
[   11.276355]  ? __pfx_kthread+0x10/0x10
[   11.276385]  ret_from_fork+0x116/0x1d0
[   11.276402]  ? __pfx_kthread+0x10/0x10
[   11.276422]  ret_from_fork_asm+0x1a/0x30
[   11.276451]  </TASK>
[   11.276462] 
[   11.284068] The buggy address belongs to the physical page:
[   11.284315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cc
[   11.284650] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.284899] flags: 0x200000000000040(head|node=0|zone=2)
[   11.285075] page_type: f8(unknown)
[   11.285336] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.285686] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.286026] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.286401] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.286696] head: 0200000000000002 ffffea00040a7301 00000000ffffffff 00000000ffffffff
[   11.287045] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.287334] page dumped because: kasan: bad access detected
[   11.287589] 
[   11.287663] Memory state around the buggy address:
[   11.287822]  ffff8881029cdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.288035]  ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.288246] >ffff8881029ce080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.288606]                                                     ^
[   11.288944]  ffff8881029ce100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.289259]  ffff8881029ce180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.289581] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zL5tkJx538LuS4CC9waWjZdK7d

job_id

TEST:linaro@lkft#2zL5zlszAixv4ecBxA6y5NBqJN9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zL5zlszAixv4ecBxA6y5NBqJN9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5wq7HD1gQUpnzhQ3oVfhXshA/bzImage
sha256sum	3bbeae719ec4e3d054aa4f7182084297f368dd78ad89b802ac2716a533024f9e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zL5wq7HD1gQUpnzhQ3oVfhXshA/modules.tar.xz
sha256sum	72afdabe9ed24c806af37874c7f2185119042be8fabeecff4d0a7e1fd5ed0d93

durations

tests

boot	0
kunit	218.60

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit