lkft/linux-mainline-master - v6.16-rc5-193-g40f92e79b0aa - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 11, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.559447] ==================================================================
[   16.559705] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.559830] Write of size 1 at addr fff00000c65220d0 by task kunit_try_catch/163
[   16.559896] 
[   16.560027] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.560115] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.560157] Hardware name: linux,dummy-virt (DT)
[   16.560411] Call trace:
[   16.560438]  show_stack+0x20/0x38 (C)
[   16.560865]  dump_stack_lvl+0x8c/0xd0
[   16.560989]  print_report+0x118/0x608
[   16.561093]  kasan_report+0xdc/0x128
[   16.561142]  __asan_report_store1_noabort+0x20/0x30
[   16.561197]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.561245]  krealloc_large_less_oob+0x20/0x38
[   16.561303]  kunit_try_run_case+0x170/0x3f0
[   16.561349]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.561401]  kthread+0x328/0x630
[   16.561442]  ret_from_fork+0x10/0x20
[   16.561487] 
[   16.561506] The buggy address belongs to the physical page:
[   16.561543] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106520
[   16.561594] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.561648] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.561697] page_type: f8(unknown)
[   16.561734] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.561782] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.561830] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.561897] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.561953] head: 0bfffe0000000002 ffffc1ffc3194801 00000000ffffffff 00000000ffffffff
[   16.562001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.562047] page dumped because: kasan: bad access detected
[   16.562086] 
[   16.562103] Memory state around the buggy address:
[   16.562133]  fff00000c6521f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.562174]  fff00000c6522000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.562218] >fff00000c6522080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.562265]                                                  ^
[   16.562300]  fff00000c6522100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.562341]  fff00000c6522180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.562385] ==================================================================
[   16.496993] ==================================================================
[   16.497346] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.497408] Write of size 1 at addr fff00000c4408eea by task kunit_try_catch/159
[   16.497524] 
[   16.497557] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.497810] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.497863] Hardware name: linux,dummy-virt (DT)
[   16.498129] Call trace:
[   16.498392]  show_stack+0x20/0x38 (C)
[   16.498591]  dump_stack_lvl+0x8c/0xd0
[   16.498672]  print_report+0x118/0x608
[   16.498824]  kasan_report+0xdc/0x128
[   16.498969]  __asan_report_store1_noabort+0x20/0x30
[   16.499124]  krealloc_less_oob_helper+0xae4/0xc50
[   16.499505]  krealloc_less_oob+0x20/0x38
[   16.499954]  kunit_try_run_case+0x170/0x3f0
[   16.500346]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.500569]  kthread+0x328/0x630
[   16.500805]  ret_from_fork+0x10/0x20
[   16.500951] 
[   16.500991] Allocated by task 159:
[   16.501018]  kasan_save_stack+0x3c/0x68
[   16.501236]  kasan_save_track+0x20/0x40
[   16.501288]  kasan_save_alloc_info+0x40/0x58
[   16.501432]  __kasan_krealloc+0x118/0x178
[   16.501541]  krealloc_noprof+0x128/0x360
[   16.501602]  krealloc_less_oob_helper+0x168/0xc50
[   16.501655]  krealloc_less_oob+0x20/0x38
[   16.501690]  kunit_try_run_case+0x170/0x3f0
[   16.501727]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.501769]  kthread+0x328/0x630
[   16.501823]  ret_from_fork+0x10/0x20
[   16.501870] 
[   16.501888] The buggy address belongs to the object at fff00000c4408e00
[   16.501888]  which belongs to the cache kmalloc-256 of size 256
[   16.501944] The buggy address is located 33 bytes to the right of
[   16.501944]  allocated 201-byte region [fff00000c4408e00, fff00000c4408ec9)
[   16.502025] 
[   16.502045] The buggy address belongs to the physical page:
[   16.502083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104408
[   16.502149] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.502201] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.502262] page_type: f5(slab)
[   16.502309] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.502357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.502407] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.502455] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.502502] head: 0bfffe0000000001 ffffc1ffc3110201 00000000ffffffff 00000000ffffffff
[   16.502559] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.502604] page dumped because: kasan: bad access detected
[   16.502640] 
[   16.502657] Memory state around the buggy address:
[   16.502688]  fff00000c4408d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.503019]  fff00000c4408e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.503417] >fff00000c4408e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.503460]                                                           ^
[   16.503498]  fff00000c4408f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.503714]  fff00000c4408f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.503781] ==================================================================
[   16.562436] ==================================================================
[   16.562470] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.562512] Write of size 1 at addr fff00000c65220da by task kunit_try_catch/163
[   16.562558] 
[   16.562585] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.562660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.562694] Hardware name: linux,dummy-virt (DT)
[   16.563596] Call trace:
[   16.563637]  show_stack+0x20/0x38 (C)
[   16.563720]  dump_stack_lvl+0x8c/0xd0
[   16.563832]  print_report+0x118/0x608
[   16.564090]  kasan_report+0xdc/0x128
[   16.564145]  __asan_report_store1_noabort+0x20/0x30
[   16.564862]  krealloc_less_oob_helper+0xa80/0xc50
[   16.565151]  krealloc_large_less_oob+0x20/0x38
[   16.565298]  kunit_try_run_case+0x170/0x3f0
[   16.565509]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.565766]  kthread+0x328/0x630
[   16.565832]  ret_from_fork+0x10/0x20
[   16.566316] 
[   16.566429] The buggy address belongs to the physical page:
[   16.566719] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106520
[   16.566876] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.567061] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.567204] page_type: f8(unknown)
[   16.567250] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.567299] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.567538] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.567732] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.568026] head: 0bfffe0000000002 ffffc1ffc3194801 00000000ffffffff 00000000ffffffff
[   16.568217] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.568387] page dumped because: kasan: bad access detected
[   16.568443] 
[   16.568461] Memory state around the buggy address:
[   16.568663]  fff00000c6521f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.569133]  fff00000c6522000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.569189] >fff00000c6522080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.569759]                                                     ^
[   16.569949]  fff00000c6522100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.570090]  fff00000c6522180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.570206] ==================================================================
[   16.571257] ==================================================================
[   16.571306] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.571485] Write of size 1 at addr fff00000c65220ea by task kunit_try_catch/163
[   16.571601] 
[   16.571777] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.571949] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.571978] Hardware name: linux,dummy-virt (DT)
[   16.572046] Call trace:
[   16.572094]  show_stack+0x20/0x38 (C)
[   16.572245]  dump_stack_lvl+0x8c/0xd0
[   16.572294]  print_report+0x118/0x608
[   16.572359]  kasan_report+0xdc/0x128
[   16.572810]  __asan_report_store1_noabort+0x20/0x30
[   16.573006]  krealloc_less_oob_helper+0xae4/0xc50
[   16.573409]  krealloc_large_less_oob+0x20/0x38
[   16.573518]  kunit_try_run_case+0x170/0x3f0
[   16.573642]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.573725]  kthread+0x328/0x630
[   16.573933]  ret_from_fork+0x10/0x20
[   16.574137] 
[   16.574404] The buggy address belongs to the physical page:
[   16.574438] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106520
[   16.574507] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.574697] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.575044] page_type: f8(unknown)
[   16.575219] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.575308] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.575606] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.575857] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.576485] head: 0bfffe0000000002 ffffc1ffc3194801 00000000ffffffff 00000000ffffffff
[   16.576838] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.577074] page dumped because: kasan: bad access detected
[   16.577387] 
[   16.577541] Memory state around the buggy address:
[   16.577652]  fff00000c6521f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.577900]  fff00000c6522000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.578165] >fff00000c6522080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.578371]                                                           ^
[   16.578626]  fff00000c6522100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.578698]  fff00000c6522180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.578905] ==================================================================
[   16.470083] ==================================================================
[   16.470308] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.470386] Write of size 1 at addr fff00000c4408ec9 by task kunit_try_catch/159
[   16.470530] 
[   16.470611] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.470692] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.470762] Hardware name: linux,dummy-virt (DT)
[   16.470820] Call trace:
[   16.470852]  show_stack+0x20/0x38 (C)
[   16.471048]  dump_stack_lvl+0x8c/0xd0
[   16.471099]  print_report+0x118/0x608
[   16.471144]  kasan_report+0xdc/0x128
[   16.471277]  __asan_report_store1_noabort+0x20/0x30
[   16.471442]  krealloc_less_oob_helper+0xa48/0xc50
[   16.471715]  krealloc_less_oob+0x20/0x38
[   16.471877]  kunit_try_run_case+0x170/0x3f0
[   16.472128]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.472409]  kthread+0x328/0x630
[   16.472660]  ret_from_fork+0x10/0x20
[   16.473037] 
[   16.473282] Allocated by task 159:
[   16.473634]  kasan_save_stack+0x3c/0x68
[   16.473676]  kasan_save_track+0x20/0x40
[   16.474108]  kasan_save_alloc_info+0x40/0x58
[   16.474264]  __kasan_krealloc+0x118/0x178
[   16.474489]  krealloc_noprof+0x128/0x360
[   16.474765]  krealloc_less_oob_helper+0x168/0xc50
[   16.474812]  krealloc_less_oob+0x20/0x38
[   16.474890]  kunit_try_run_case+0x170/0x3f0
[   16.475157]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.475374]  kthread+0x328/0x630
[   16.475608]  ret_from_fork+0x10/0x20
[   16.475657] 
[   16.475676] The buggy address belongs to the object at fff00000c4408e00
[   16.475676]  which belongs to the cache kmalloc-256 of size 256
[   16.475865] The buggy address is located 0 bytes to the right of
[   16.475865]  allocated 201-byte region [fff00000c4408e00, fff00000c4408ec9)
[   16.476178] 
[   16.476242] The buggy address belongs to the physical page:
[   16.476367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104408
[   16.476645] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.476769] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.476819] page_type: f5(slab)
[   16.476971] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.477350] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.477508] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.477583] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.477642] head: 0bfffe0000000001 ffffc1ffc3110201 00000000ffffffff 00000000ffffffff
[   16.477689] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.477757] page dumped because: kasan: bad access detected
[   16.477787] 
[   16.477804] Memory state around the buggy address:
[   16.477862]  fff00000c4408d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.477908]  fff00000c4408e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.477964] >fff00000c4408e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.478021]                                               ^
[   16.478054]  fff00000c4408f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.478095]  fff00000c4408f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.478132] ==================================================================
[   16.480653] ==================================================================
[   16.480701] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.480764] Write of size 1 at addr fff00000c4408ed0 by task kunit_try_catch/159
[   16.480851] 
[   16.480883] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.480960] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.481022] Hardware name: linux,dummy-virt (DT)
[   16.481086] Call trace:
[   16.481135]  show_stack+0x20/0x38 (C)
[   16.481220]  dump_stack_lvl+0x8c/0xd0
[   16.481267]  print_report+0x118/0x608
[   16.481312]  kasan_report+0xdc/0x128
[   16.481356]  __asan_report_store1_noabort+0x20/0x30
[   16.481406]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.481453]  krealloc_less_oob+0x20/0x38
[   16.481496]  kunit_try_run_case+0x170/0x3f0
[   16.481678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.481769]  kthread+0x328/0x630
[   16.481838]  ret_from_fork+0x10/0x20
[   16.481968] 
[   16.481986] Allocated by task 159:
[   16.482012]  kasan_save_stack+0x3c/0x68
[   16.482125]  kasan_save_track+0x20/0x40
[   16.482162]  kasan_save_alloc_info+0x40/0x58
[   16.482211]  __kasan_krealloc+0x118/0x178
[   16.482247]  krealloc_noprof+0x128/0x360
[   16.482282]  krealloc_less_oob_helper+0x168/0xc50
[   16.482319]  krealloc_less_oob+0x20/0x38
[   16.482354]  kunit_try_run_case+0x170/0x3f0
[   16.482458]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.482576]  kthread+0x328/0x630
[   16.482608]  ret_from_fork+0x10/0x20
[   16.482641] 
[   16.482792] The buggy address belongs to the object at fff00000c4408e00
[   16.482792]  which belongs to the cache kmalloc-256 of size 256
[   16.483177] The buggy address is located 7 bytes to the right of
[   16.483177]  allocated 201-byte region [fff00000c4408e00, fff00000c4408ec9)
[   16.483296] 
[   16.483424] The buggy address belongs to the physical page:
[   16.483516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104408
[   16.483662] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.483778] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.483876] page_type: f5(slab)
[   16.483912] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.483969] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.484261] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.484427] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.484564] head: 0bfffe0000000001 ffffc1ffc3110201 00000000ffffffff 00000000ffffffff
[   16.484744] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.484908] page dumped because: kasan: bad access detected
[   16.485017] 
[   16.485083] Memory state around the buggy address:
[   16.485230]  fff00000c4408d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.485272]  fff00000c4408e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.485346] >fff00000c4408e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.485498]                                                  ^
[   16.485778]  fff00000c4408f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.485833]  fff00000c4408f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.485940] ==================================================================
[   16.579854] ==================================================================
[   16.579900] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.579947] Write of size 1 at addr fff00000c65220eb by task kunit_try_catch/163
[   16.580433] 
[   16.580668] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.580871] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.580939] Hardware name: linux,dummy-virt (DT)
[   16.580989] Call trace:
[   16.581076]  show_stack+0x20/0x38 (C)
[   16.581190]  dump_stack_lvl+0x8c/0xd0
[   16.581286]  print_report+0x118/0x608
[   16.581333]  kasan_report+0xdc/0x128
[   16.581697]  __asan_report_store1_noabort+0x20/0x30
[   16.581763]  krealloc_less_oob_helper+0xa58/0xc50
[   16.581829]  krealloc_large_less_oob+0x20/0x38
[   16.581891]  kunit_try_run_case+0x170/0x3f0
[   16.581937]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.581987]  kthread+0x328/0x630
[   16.582027]  ret_from_fork+0x10/0x20
[   16.582072] 
[   16.582091] The buggy address belongs to the physical page:
[   16.582120] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106520
[   16.582171] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.582216] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.582266] page_type: f8(unknown)
[   16.582303] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.582351] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.582398] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.582444] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.582490] head: 0bfffe0000000002 ffffc1ffc3194801 00000000ffffffff 00000000ffffffff
[   16.582536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.582573] page dumped because: kasan: bad access detected
[   16.582602] 
[   16.582619] Memory state around the buggy address:
[   16.582648]  fff00000c6521f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.582688]  fff00000c6522000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.582727] >fff00000c6522080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.582763]                                                           ^
[   16.582799]  fff00000c6522100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.582847]  fff00000c6522180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.582883] ==================================================================
[   16.549983] ==================================================================
[   16.550038] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.550090] Write of size 1 at addr fff00000c65220c9 by task kunit_try_catch/163
[   16.550280] 
[   16.550324] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.550405] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.550430] Hardware name: linux,dummy-virt (DT)
[   16.550460] Call trace:
[   16.550685]  show_stack+0x20/0x38 (C)
[   16.550862]  dump_stack_lvl+0x8c/0xd0
[   16.550910]  print_report+0x118/0x608
[   16.551201]  kasan_report+0xdc/0x128
[   16.551533]  __asan_report_store1_noabort+0x20/0x30
[   16.551757]  krealloc_less_oob_helper+0xa48/0xc50
[   16.552045]  krealloc_large_less_oob+0x20/0x38
[   16.552280]  kunit_try_run_case+0x170/0x3f0
[   16.552438]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.552586]  kthread+0x328/0x630
[   16.552674]  ret_from_fork+0x10/0x20
[   16.552962] 
[   16.553176] The buggy address belongs to the physical page:
[   16.553425] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106520
[   16.553542] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.553595] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.553804] page_type: f8(unknown)
[   16.554052] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.554166] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.554294] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.554486] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.554949] head: 0bfffe0000000002 ffffc1ffc3194801 00000000ffffffff 00000000ffffffff
[   16.555011] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.555536] page dumped because: kasan: bad access detected
[   16.555643] 
[   16.555718] Memory state around the buggy address:
[   16.555950]  fff00000c6521f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.556024]  fff00000c6522000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.556437] >fff00000c6522080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.556647]                                               ^
[   16.556697]  fff00000c6522100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.556901]  fff00000c6522180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.557251] ==================================================================
[   16.487760] ==================================================================
[   16.487808] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.487869] Write of size 1 at addr fff00000c4408eda by task kunit_try_catch/159
[   16.487927] 
[   16.487956] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.488035] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.488060] Hardware name: linux,dummy-virt (DT)
[   16.488091] Call trace:
[   16.488111]  show_stack+0x20/0x38 (C)
[   16.488374]  dump_stack_lvl+0x8c/0xd0
[   16.488809]  print_report+0x118/0x608
[   16.488883]  kasan_report+0xdc/0x128
[   16.488928]  __asan_report_store1_noabort+0x20/0x30
[   16.489058]  krealloc_less_oob_helper+0xa80/0xc50
[   16.489112]  krealloc_less_oob+0x20/0x38
[   16.489157]  kunit_try_run_case+0x170/0x3f0
[   16.489202]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.489590]  kthread+0x328/0x630
[   16.489684]  ret_from_fork+0x10/0x20
[   16.489876] 
[   16.489906] Allocated by task 159:
[   16.490079]  kasan_save_stack+0x3c/0x68
[   16.490135]  kasan_save_track+0x20/0x40
[   16.490276]  kasan_save_alloc_info+0x40/0x58
[   16.490314]  __kasan_krealloc+0x118/0x178
[   16.490351]  krealloc_noprof+0x128/0x360
[   16.490387]  krealloc_less_oob_helper+0x168/0xc50
[   16.490424]  krealloc_less_oob+0x20/0x38
[   16.490708]  kunit_try_run_case+0x170/0x3f0
[   16.491020]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.491067]  kthread+0x328/0x630
[   16.491099]  ret_from_fork+0x10/0x20
[   16.491133] 
[   16.491444] The buggy address belongs to the object at fff00000c4408e00
[   16.491444]  which belongs to the cache kmalloc-256 of size 256
[   16.491720] The buggy address is located 17 bytes to the right of
[   16.491720]  allocated 201-byte region [fff00000c4408e00, fff00000c4408ec9)
[   16.491867] 
[   16.491916] The buggy address belongs to the physical page:
[   16.491996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104408
[   16.492104] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.492250] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.492486] page_type: f5(slab)
[   16.492788] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.493272] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.493484] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.493551] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.493899] head: 0bfffe0000000001 ffffc1ffc3110201 00000000ffffffff 00000000ffffffff
[   16.494039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.494363] page dumped because: kasan: bad access detected
[   16.494542] 
[   16.494808] Memory state around the buggy address:
[   16.494909]  fff00000c4408d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.494956]  fff00000c4408e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.495004] >fff00000c4408e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.495202]                                                     ^
[   16.495513]  fff00000c4408f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.495569]  fff00000c4408f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.495884] ==================================================================
[   16.504773] ==================================================================
[   16.504818] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.505193] Write of size 1 at addr fff00000c4408eeb by task kunit_try_catch/159
[   16.505485] 
[   16.505523] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.505739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.505767] Hardware name: linux,dummy-virt (DT)
[   16.505953] Call trace:
[   16.506029]  show_stack+0x20/0x38 (C)
[   16.506085]  dump_stack_lvl+0x8c/0xd0
[   16.506177]  print_report+0x118/0x608
[   16.506431]  kasan_report+0xdc/0x128
[   16.506647]  __asan_report_store1_noabort+0x20/0x30
[   16.506724]  krealloc_less_oob_helper+0xa58/0xc50
[   16.506888]  krealloc_less_oob+0x20/0x38
[   16.507160]  kunit_try_run_case+0x170/0x3f0
[   16.507270]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.507538]  kthread+0x328/0x630
[   16.507726]  ret_from_fork+0x10/0x20
[   16.507776] 
[   16.507801] Allocated by task 159:
[   16.507828]  kasan_save_stack+0x3c/0x68
[   16.507999]  kasan_save_track+0x20/0x40
[   16.508044]  kasan_save_alloc_info+0x40/0x58
[   16.508249]  __kasan_krealloc+0x118/0x178
[   16.508295]  krealloc_noprof+0x128/0x360
[   16.508591]  krealloc_less_oob_helper+0x168/0xc50
[   16.508803]  krealloc_less_oob+0x20/0x38
[   16.508905]  kunit_try_run_case+0x170/0x3f0
[   16.509005]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.509049]  kthread+0x328/0x630
[   16.509452]  ret_from_fork+0x10/0x20
[   16.509561] 
[   16.509640] The buggy address belongs to the object at fff00000c4408e00
[   16.509640]  which belongs to the cache kmalloc-256 of size 256
[   16.509804] The buggy address is located 34 bytes to the right of
[   16.509804]  allocated 201-byte region [fff00000c4408e00, fff00000c4408ec9)
[   16.510005] 
[   16.510028] The buggy address belongs to the physical page:
[   16.510123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104408
[   16.510308] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.510584] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.510811] page_type: f5(slab)
[   16.510887] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.511055] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.511120] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.511335] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.511475] head: 0bfffe0000000001 ffffc1ffc3110201 00000000ffffffff 00000000ffffffff
[   16.511525] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.511614] page dumped because: kasan: bad access detected
[   16.511809] 
[   16.512008] Memory state around the buggy address:
[   16.512148]  fff00000c4408d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.512341]  fff00000c4408e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.512430] >fff00000c4408e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.512480]                                                           ^
[   16.512736]  fff00000c4408f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.512896]  fff00000c4408f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.513037] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW7UZxPiH1T464u20hwJIzMWq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW7UZxPiH1T464u20hwJIzMWq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/Image.gz
sha256sum	73455ba8c867cc31230938836185eba847c55da4ba6373a74526940ec423a2fc

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW3wj806saKni9EMQhcTGaoE0/modules.tar.xz
sha256sum	b3a38b7dc2158aa4df654dd76a8d8d3385fffbddc38ddea05f97ea9d33ec2580

durations

tests

boot	0
kunit	180.70

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.054991] ==================================================================
[   12.055422] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.055671] Write of size 1 at addr ffff8881003300c9 by task kunit_try_catch/175
[   12.055902] 
[   12.055995] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.056036] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.056046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.056066] Call Trace:
[   12.056078]  <TASK>
[   12.056092]  dump_stack_lvl+0x73/0xb0
[   12.056119]  print_report+0xd1/0x650
[   12.056141]  ? __virt_addr_valid+0x1db/0x2d0
[   12.056163]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.056187]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.056209]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.056234]  kasan_report+0x141/0x180
[   12.056256]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.056285]  __asan_report_store1_noabort+0x1b/0x30
[   12.056312]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.056338]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.056365]  ? finish_task_switch.isra.0+0x153/0x700
[   12.056388]  ? __switch_to+0x47/0xf50
[   12.056413]  ? __schedule+0x10cc/0x2b60
[   12.056434]  ? __pfx_read_tsc+0x10/0x10
[   12.056458]  krealloc_less_oob+0x1c/0x30
[   12.056480]  kunit_try_run_case+0x1a5/0x480
[   12.056503]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.056525]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.056549]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.056572]  ? __kthread_parkme+0x82/0x180
[   12.056591]  ? preempt_count_sub+0x50/0x80
[   12.056614]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.056637]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.056661]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.056685]  kthread+0x337/0x6f0
[   12.056703]  ? trace_preempt_on+0x20/0xc0
[   12.056727]  ? __pfx_kthread+0x10/0x10
[   12.056746]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.056767]  ? calculate_sigpending+0x7b/0xa0
[   12.056791]  ? __pfx_kthread+0x10/0x10
[   12.056812]  ret_from_fork+0x116/0x1d0
[   12.056829]  ? __pfx_kthread+0x10/0x10
[   12.056849]  ret_from_fork_asm+0x1a/0x30
[   12.056880]  </TASK>
[   12.056889] 
[   12.079692] Allocated by task 175:
[   12.079843]  kasan_save_stack+0x45/0x70
[   12.080012]  kasan_save_track+0x18/0x40
[   12.080149]  kasan_save_alloc_info+0x3b/0x50
[   12.080299]  __kasan_krealloc+0x190/0x1f0
[   12.080438]  krealloc_noprof+0xf3/0x340
[   12.080571]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.080732]  krealloc_less_oob+0x1c/0x30
[   12.080870]  kunit_try_run_case+0x1a5/0x480
[   12.081894]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.082703]  kthread+0x337/0x6f0
[   12.083372]  ret_from_fork+0x116/0x1d0
[   12.084025]  ret_from_fork_asm+0x1a/0x30
[   12.084862] 
[   12.085157] The buggy address belongs to the object at ffff888100330000
[   12.085157]  which belongs to the cache kmalloc-256 of size 256
[   12.086940] The buggy address is located 0 bytes to the right of
[   12.086940]  allocated 201-byte region [ffff888100330000, ffff8881003300c9)
[   12.087579] 
[   12.087657] The buggy address belongs to the physical page:
[   12.087993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100330
[   12.088743] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.089450] flags: 0x200000000000040(head|node=0|zone=2)
[   12.090108] page_type: f5(slab)
[   12.090267] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.090498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.090732] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.091464] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.092315] head: 0200000000000001 ffffea000400cc01 00000000ffffffff 00000000ffffffff
[   12.093005] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.093685] page dumped because: kasan: bad access detected
[   12.094108] 
[   12.094190] Memory state around the buggy address:
[   12.094346]  ffff88810032ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.094571]  ffff888100330000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.094815] >ffff888100330080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.095103]                                               ^
[   12.095305]  ffff888100330100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.095599]  ffff888100330180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.095955] ==================================================================
[   12.249747] ==================================================================
[   12.249998] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.250407] Write of size 1 at addr ffff888102a3e0d0 by task kunit_try_catch/179
[   12.250756] 
[   12.250865] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.250905] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.250915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.250946] Call Trace:
[   12.250960]  <TASK>
[   12.250974]  dump_stack_lvl+0x73/0xb0
[   12.251002]  print_report+0xd1/0x650
[   12.251023]  ? __virt_addr_valid+0x1db/0x2d0
[   12.251045]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.251069]  ? kasan_addr_to_slab+0x11/0xa0
[   12.251089]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.251113]  kasan_report+0x141/0x180
[   12.251134]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.251163]  __asan_report_store1_noabort+0x1b/0x30
[   12.251188]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.251213]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.251238]  ? finish_task_switch.isra.0+0x153/0x700
[   12.251260]  ? __switch_to+0x47/0xf50
[   12.251284]  ? __schedule+0x10cc/0x2b60
[   12.251306]  ? __pfx_read_tsc+0x10/0x10
[   12.251329]  krealloc_large_less_oob+0x1c/0x30
[   12.251352]  kunit_try_run_case+0x1a5/0x480
[   12.251376]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.251398]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.251421]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.251444]  ? __kthread_parkme+0x82/0x180
[   12.251464]  ? preempt_count_sub+0x50/0x80
[   12.251487]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.251511]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.251534]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.251559]  kthread+0x337/0x6f0
[   12.251577]  ? trace_preempt_on+0x20/0xc0
[   12.251599]  ? __pfx_kthread+0x10/0x10
[   12.251619]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.251640]  ? calculate_sigpending+0x7b/0xa0
[   12.251663]  ? __pfx_kthread+0x10/0x10
[   12.251684]  ret_from_fork+0x116/0x1d0
[   12.251702]  ? __pfx_kthread+0x10/0x10
[   12.251721]  ret_from_fork_asm+0x1a/0x30
[   12.251753]  </TASK>
[   12.251763] 
[   12.259529] The buggy address belongs to the physical page:
[   12.259716] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.260056] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.260399] flags: 0x200000000000040(head|node=0|zone=2)
[   12.260644] page_type: f8(unknown)
[   12.260817] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.261814] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.262107] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.262358] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.262601] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.262832] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.264215] page dumped because: kasan: bad access detected
[   12.264906] 
[   12.265491] Memory state around the buggy address:
[   12.266233]  ffff888102a3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.267314]  ffff888102a3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.267996] >ffff888102a3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.268854]                                                  ^
[   12.269061]  ffff888102a3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.269277]  ffff888102a3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.269490] ==================================================================
[   12.150244] ==================================================================
[   12.150595] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.150945] Write of size 1 at addr ffff8881003300ea by task kunit_try_catch/175
[   12.151327] 
[   12.151426] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.151467] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.151478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.151497] Call Trace:
[   12.151512]  <TASK>
[   12.151528]  dump_stack_lvl+0x73/0xb0
[   12.151555]  print_report+0xd1/0x650
[   12.151575]  ? __virt_addr_valid+0x1db/0x2d0
[   12.151598]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.151621]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.151643]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.151667]  kasan_report+0x141/0x180
[   12.151688]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.151717]  __asan_report_store1_noabort+0x1b/0x30
[   12.151741]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.151767]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.151811]  ? finish_task_switch.isra.0+0x153/0x700
[   12.151833]  ? __switch_to+0x47/0xf50
[   12.151857]  ? __schedule+0x10cc/0x2b60
[   12.151878]  ? __pfx_read_tsc+0x10/0x10
[   12.151901]  krealloc_less_oob+0x1c/0x30
[   12.151930]  kunit_try_run_case+0x1a5/0x480
[   12.151954]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.151976]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.152062]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.152090]  ? __kthread_parkme+0x82/0x180
[   12.152109]  ? preempt_count_sub+0x50/0x80
[   12.152132]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.152156]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.152180]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.152204]  kthread+0x337/0x6f0
[   12.152222]  ? trace_preempt_on+0x20/0xc0
[   12.152245]  ? __pfx_kthread+0x10/0x10
[   12.152265]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.152286]  ? calculate_sigpending+0x7b/0xa0
[   12.152309]  ? __pfx_kthread+0x10/0x10
[   12.152330]  ret_from_fork+0x116/0x1d0
[   12.152348]  ? __pfx_kthread+0x10/0x10
[   12.152368]  ret_from_fork_asm+0x1a/0x30
[   12.152399]  </TASK>
[   12.152408] 
[   12.160160] Allocated by task 175:
[   12.160336]  kasan_save_stack+0x45/0x70
[   12.160519]  kasan_save_track+0x18/0x40
[   12.160698]  kasan_save_alloc_info+0x3b/0x50
[   12.160888]  __kasan_krealloc+0x190/0x1f0
[   12.161249]  krealloc_noprof+0xf3/0x340
[   12.161433]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.161656]  krealloc_less_oob+0x1c/0x30
[   12.161827]  kunit_try_run_case+0x1a5/0x480
[   12.162147]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.162346]  kthread+0x337/0x6f0
[   12.162466]  ret_from_fork+0x116/0x1d0
[   12.162601]  ret_from_fork_asm+0x1a/0x30
[   12.162739] 
[   12.162832] The buggy address belongs to the object at ffff888100330000
[   12.162832]  which belongs to the cache kmalloc-256 of size 256
[   12.163453] The buggy address is located 33 bytes to the right of
[   12.163453]  allocated 201-byte region [ffff888100330000, ffff8881003300c9)
[   12.164109] 
[   12.164206] The buggy address belongs to the physical page:
[   12.164463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100330
[   12.164807] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.165263] flags: 0x200000000000040(head|node=0|zone=2)
[   12.165521] page_type: f5(slab)
[   12.165682] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.165983] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.166306] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.166566] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.166941] head: 0200000000000001 ffffea000400cc01 00000000ffffffff 00000000ffffffff
[   12.167377] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.167726] page dumped because: kasan: bad access detected
[   12.168787] 
[   12.168933] Memory state around the buggy address:
[   12.169488]  ffff88810032ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.169768]  ffff888100330000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.170354] >ffff888100330080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.170626]                                                           ^
[   12.171172]  ffff888100330100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.171477]  ffff888100330180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.171769] ==================================================================
[   12.232822] ==================================================================
[   12.233454] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.233769] Write of size 1 at addr ffff888102a3e0c9 by task kunit_try_catch/179
[   12.234092] 
[   12.234249] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.234291] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.234301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.234320] Call Trace:
[   12.234331]  <TASK>
[   12.234345]  dump_stack_lvl+0x73/0xb0
[   12.234373]  print_report+0xd1/0x650
[   12.234394]  ? __virt_addr_valid+0x1db/0x2d0
[   12.234416]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.234440]  ? kasan_addr_to_slab+0x11/0xa0
[   12.234460]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.234484]  kasan_report+0x141/0x180
[   12.234510]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.234542]  __asan_report_store1_noabort+0x1b/0x30
[   12.234567]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.234593]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.234619]  ? finish_task_switch.isra.0+0x153/0x700
[   12.234642]  ? __switch_to+0x47/0xf50
[   12.234666]  ? __schedule+0x10cc/0x2b60
[   12.234688]  ? __pfx_read_tsc+0x10/0x10
[   12.234711]  krealloc_large_less_oob+0x1c/0x30
[   12.234734]  kunit_try_run_case+0x1a5/0x480
[   12.234758]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.234781]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.234818]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.234842]  ? __kthread_parkme+0x82/0x180
[   12.234861]  ? preempt_count_sub+0x50/0x80
[   12.234884]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.234908]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.234942]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.234966]  kthread+0x337/0x6f0
[   12.234984]  ? trace_preempt_on+0x20/0xc0
[   12.235007]  ? __pfx_kthread+0x10/0x10
[   12.235027]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.235049]  ? calculate_sigpending+0x7b/0xa0
[   12.235072]  ? __pfx_kthread+0x10/0x10
[   12.235094]  ret_from_fork+0x116/0x1d0
[   12.235111]  ? __pfx_kthread+0x10/0x10
[   12.235131]  ret_from_fork_asm+0x1a/0x30
[   12.235163]  </TASK>
[   12.235172] 
[   12.243124] The buggy address belongs to the physical page:
[   12.243306] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.243663] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.244090] flags: 0x200000000000040(head|node=0|zone=2)
[   12.244294] page_type: f8(unknown)
[   12.244466] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.244712] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.245191] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.245499] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.245798] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.246242] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.246471] page dumped because: kasan: bad access detected
[   12.246837] 
[   12.246946] Memory state around the buggy address:
[   12.247169]  ffff888102a3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.247556]  ffff888102a3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.247773] >ffff888102a3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.247996]                                               ^
[   12.248210]  ffff888102a3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.249017]  ffff888102a3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.249449] ==================================================================
[   12.096847] ==================================================================
[   12.097270] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.097989] Write of size 1 at addr ffff8881003300d0 by task kunit_try_catch/175
[   12.098546] 
[   12.098662] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.098706] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.098717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.098736] Call Trace:
[   12.098753]  <TASK>
[   12.098769]  dump_stack_lvl+0x73/0xb0
[   12.098800]  print_report+0xd1/0x650
[   12.098821]  ? __virt_addr_valid+0x1db/0x2d0
[   12.098844]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.098892]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.098915]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.098949]  kasan_report+0x141/0x180
[   12.098970]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.098999]  __asan_report_store1_noabort+0x1b/0x30
[   12.099090]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.099120]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.099144]  ? finish_task_switch.isra.0+0x153/0x700
[   12.099167]  ? __switch_to+0x47/0xf50
[   12.099191]  ? __schedule+0x10cc/0x2b60
[   12.099213]  ? __pfx_read_tsc+0x10/0x10
[   12.099236]  krealloc_less_oob+0x1c/0x30
[   12.099257]  kunit_try_run_case+0x1a5/0x480
[   12.099306]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.099328]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.099352]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.099375]  ? __kthread_parkme+0x82/0x180
[   12.099396]  ? preempt_count_sub+0x50/0x80
[   12.099418]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.099442]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.099484]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.099509]  kthread+0x337/0x6f0
[   12.099527]  ? trace_preempt_on+0x20/0xc0
[   12.099549]  ? __pfx_kthread+0x10/0x10
[   12.099569]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.099590]  ? calculate_sigpending+0x7b/0xa0
[   12.099613]  ? __pfx_kthread+0x10/0x10
[   12.099634]  ret_from_fork+0x116/0x1d0
[   12.099652]  ? __pfx_kthread+0x10/0x10
[   12.099672]  ret_from_fork_asm+0x1a/0x30
[   12.099703]  </TASK>
[   12.099713] 
[   12.107780] Allocated by task 175:
[   12.107910]  kasan_save_stack+0x45/0x70
[   12.108121]  kasan_save_track+0x18/0x40
[   12.108460]  kasan_save_alloc_info+0x3b/0x50
[   12.108703]  __kasan_krealloc+0x190/0x1f0
[   12.108903]  krealloc_noprof+0xf3/0x340
[   12.109055]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.109376]  krealloc_less_oob+0x1c/0x30
[   12.109704]  kunit_try_run_case+0x1a5/0x480
[   12.110219]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.110428]  kthread+0x337/0x6f0
[   12.110592]  ret_from_fork+0x116/0x1d0
[   12.110819]  ret_from_fork_asm+0x1a/0x30
[   12.111028] 
[   12.111102] The buggy address belongs to the object at ffff888100330000
[   12.111102]  which belongs to the cache kmalloc-256 of size 256
[   12.111567] The buggy address is located 7 bytes to the right of
[   12.111567]  allocated 201-byte region [ffff888100330000, ffff8881003300c9)
[   12.112405] 
[   12.112526] The buggy address belongs to the physical page:
[   12.112724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100330
[   12.113178] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.113441] flags: 0x200000000000040(head|node=0|zone=2)
[   12.113669] page_type: f5(slab)
[   12.113833] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.114239] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.114739] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.115163] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.115534] head: 0200000000000001 ffffea000400cc01 00000000ffffffff 00000000ffffffff
[   12.115820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.116290] page dumped because: kasan: bad access detected
[   12.116518] 
[   12.116586] Memory state around the buggy address:
[   12.116823]  ffff88810032ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.117289]  ffff888100330000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.117575] >ffff888100330080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.117951]                                                  ^
[   12.118411]  ffff888100330100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.118707]  ffff888100330180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.119186] ==================================================================
[   12.172576] ==================================================================
[   12.172833] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.173473] Write of size 1 at addr ffff8881003300eb by task kunit_try_catch/175
[   12.173772] 
[   12.173862] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.173901] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.173912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.173941] Call Trace:
[   12.173955]  <TASK>
[   12.173969]  dump_stack_lvl+0x73/0xb0
[   12.173997]  print_report+0xd1/0x650
[   12.174017]  ? __virt_addr_valid+0x1db/0x2d0
[   12.174040]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.174063]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.174086]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.174115]  kasan_report+0x141/0x180
[   12.174136]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.174165]  __asan_report_store1_noabort+0x1b/0x30
[   12.174189]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.174215]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.174240]  ? finish_task_switch.isra.0+0x153/0x700
[   12.174262]  ? __switch_to+0x47/0xf50
[   12.174287]  ? __schedule+0x10cc/0x2b60
[   12.174308]  ? __pfx_read_tsc+0x10/0x10
[   12.174331]  krealloc_less_oob+0x1c/0x30
[   12.174352]  kunit_try_run_case+0x1a5/0x480
[   12.174375]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.174397]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.174420]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.174444]  ? __kthread_parkme+0x82/0x180
[   12.174463]  ? preempt_count_sub+0x50/0x80
[   12.174486]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.174515]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.174539]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.174564]  kthread+0x337/0x6f0
[   12.174582]  ? trace_preempt_on+0x20/0xc0
[   12.174604]  ? __pfx_kthread+0x10/0x10
[   12.174624]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.174645]  ? calculate_sigpending+0x7b/0xa0
[   12.174668]  ? __pfx_kthread+0x10/0x10
[   12.174689]  ret_from_fork+0x116/0x1d0
[   12.174706]  ? __pfx_kthread+0x10/0x10
[   12.174726]  ret_from_fork_asm+0x1a/0x30
[   12.174757]  </TASK>
[   12.174766] 
[   12.182786] Allocated by task 175:
[   12.182934]  kasan_save_stack+0x45/0x70
[   12.183082]  kasan_save_track+0x18/0x40
[   12.183509]  kasan_save_alloc_info+0x3b/0x50
[   12.183726]  __kasan_krealloc+0x190/0x1f0
[   12.183948]  krealloc_noprof+0xf3/0x340
[   12.184233]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.184440]  krealloc_less_oob+0x1c/0x30
[   12.184579]  kunit_try_run_case+0x1a5/0x480
[   12.184722]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.184958]  kthread+0x337/0x6f0
[   12.185132]  ret_from_fork+0x116/0x1d0
[   12.185324]  ret_from_fork_asm+0x1a/0x30
[   12.185522] 
[   12.185842] The buggy address belongs to the object at ffff888100330000
[   12.185842]  which belongs to the cache kmalloc-256 of size 256
[   12.186404] The buggy address is located 34 bytes to the right of
[   12.186404]  allocated 201-byte region [ffff888100330000, ffff8881003300c9)
[   12.186808] 
[   12.186983] The buggy address belongs to the physical page:
[   12.187373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100330
[   12.187906] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.188293] flags: 0x200000000000040(head|node=0|zone=2)
[   12.188470] page_type: f5(slab)
[   12.188596] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.188935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.189270] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.189809] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.190209] head: 0200000000000001 ffffea000400cc01 00000000ffffffff 00000000ffffffff
[   12.190533] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.190759] page dumped because: kasan: bad access detected
[   12.190963] 
[   12.191058] Memory state around the buggy address:
[   12.191278]  ffff88810032ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.191719]  ffff888100330000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.192019] >ffff888100330080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.192362]                                                           ^
[   12.192606]  ffff888100330100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.192928]  ffff888100330180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.193157] ==================================================================
[   12.269789] ==================================================================
[   12.270652] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.271518] Write of size 1 at addr ffff888102a3e0da by task kunit_try_catch/179
[   12.272946] 
[   12.273310] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.273356] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.273367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.273386] Call Trace:
[   12.273401]  <TASK>
[   12.273424]  dump_stack_lvl+0x73/0xb0
[   12.273454]  print_report+0xd1/0x650
[   12.273683]  ? __virt_addr_valid+0x1db/0x2d0
[   12.273707]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.273731]  ? kasan_addr_to_slab+0x11/0xa0
[   12.273762]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.273786]  kasan_report+0x141/0x180
[   12.273807]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.273836]  __asan_report_store1_noabort+0x1b/0x30
[   12.273860]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.273886]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.273911]  ? finish_task_switch.isra.0+0x153/0x700
[   12.273944]  ? __switch_to+0x47/0xf50
[   12.273968]  ? __schedule+0x10cc/0x2b60
[   12.273990]  ? __pfx_read_tsc+0x10/0x10
[   12.274013]  krealloc_large_less_oob+0x1c/0x30
[   12.274036]  kunit_try_run_case+0x1a5/0x480
[   12.274060]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.274082]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.274105]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.274128]  ? __kthread_parkme+0x82/0x180
[   12.274148]  ? preempt_count_sub+0x50/0x80
[   12.274170]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.274194]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.274218]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.274242]  kthread+0x337/0x6f0
[   12.274261]  ? trace_preempt_on+0x20/0xc0
[   12.274284]  ? __pfx_kthread+0x10/0x10
[   12.274304]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.274325]  ? calculate_sigpending+0x7b/0xa0
[   12.274348]  ? __pfx_kthread+0x10/0x10
[   12.274369]  ret_from_fork+0x116/0x1d0
[   12.274386]  ? __pfx_kthread+0x10/0x10
[   12.274406]  ret_from_fork_asm+0x1a/0x30
[   12.274438]  </TASK>
[   12.274447] 
[   12.287181] The buggy address belongs to the physical page:
[   12.287431] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.287954] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.288529] flags: 0x200000000000040(head|node=0|zone=2)
[   12.288949] page_type: f8(unknown)
[   12.289147] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.289659] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.290426] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.290750] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.291314] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.291783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.292237] page dumped because: kasan: bad access detected
[   12.292458] 
[   12.292554] Memory state around the buggy address:
[   12.293145]  ffff888102a3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.293447]  ffff888102a3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.293988] >ffff888102a3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.294593]                                                     ^
[   12.294979]  ffff888102a3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.295518]  ffff888102a3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.296153] ==================================================================
[   12.120998] ==================================================================
[   12.121433] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.121679] Write of size 1 at addr ffff8881003300da by task kunit_try_catch/175
[   12.122367] 
[   12.122731] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.122773] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.122784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.122803] Call Trace:
[   12.122814]  <TASK>
[   12.122828]  dump_stack_lvl+0x73/0xb0
[   12.122872]  print_report+0xd1/0x650
[   12.122902]  ? __virt_addr_valid+0x1db/0x2d0
[   12.122938]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.122961]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.122983]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.123007]  kasan_report+0x141/0x180
[   12.123030]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.123059]  __asan_report_store1_noabort+0x1b/0x30
[   12.123084]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.123110]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.123134]  ? finish_task_switch.isra.0+0x153/0x700
[   12.123155]  ? __switch_to+0x47/0xf50
[   12.123180]  ? __schedule+0x10cc/0x2b60
[   12.123202]  ? __pfx_read_tsc+0x10/0x10
[   12.123225]  krealloc_less_oob+0x1c/0x30
[   12.123246]  kunit_try_run_case+0x1a5/0x480
[   12.123269]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.123291]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.123313]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.123336]  ? __kthread_parkme+0x82/0x180
[   12.123355]  ? preempt_count_sub+0x50/0x80
[   12.123378]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.123402]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.123426]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.123450]  kthread+0x337/0x6f0
[   12.123468]  ? trace_preempt_on+0x20/0xc0
[   12.123490]  ? __pfx_kthread+0x10/0x10
[   12.123510]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.123531]  ? calculate_sigpending+0x7b/0xa0
[   12.123556]  ? __pfx_kthread+0x10/0x10
[   12.123580]  ret_from_fork+0x116/0x1d0
[   12.123597]  ? __pfx_kthread+0x10/0x10
[   12.123617]  ret_from_fork_asm+0x1a/0x30
[   12.123648]  </TASK>
[   12.123657] 
[   12.138342] Allocated by task 175:
[   12.138534]  kasan_save_stack+0x45/0x70
[   12.139130]  kasan_save_track+0x18/0x40
[   12.139495]  kasan_save_alloc_info+0x3b/0x50
[   12.139710]  __kasan_krealloc+0x190/0x1f0
[   12.140004]  krealloc_noprof+0xf3/0x340
[   12.140205]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.140561]  krealloc_less_oob+0x1c/0x30
[   12.140789]  kunit_try_run_case+0x1a5/0x480
[   12.141238]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.141548]  kthread+0x337/0x6f0
[   12.141716]  ret_from_fork+0x116/0x1d0
[   12.141905]  ret_from_fork_asm+0x1a/0x30
[   12.142089] 
[   12.142185] The buggy address belongs to the object at ffff888100330000
[   12.142185]  which belongs to the cache kmalloc-256 of size 256
[   12.142705] The buggy address is located 17 bytes to the right of
[   12.142705]  allocated 201-byte region [ffff888100330000, ffff8881003300c9)
[   12.143387] 
[   12.143488] The buggy address belongs to the physical page:
[   12.143714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100330
[   12.143980] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.144388] flags: 0x200000000000040(head|node=0|zone=2)
[   12.144647] page_type: f5(slab)
[   12.144844] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.145365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.145673] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.145995] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.146436] head: 0200000000000001 ffffea000400cc01 00000000ffffffff 00000000ffffffff
[   12.146749] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.147181] page dumped because: kasan: bad access detected
[   12.147397] 
[   12.147491] Memory state around the buggy address:
[   12.147663]  ffff88810032ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.148086]  ffff888100330000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.148352] >ffff888100330080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.148666]                                                     ^
[   12.148908]  ffff888100330100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.149420]  ffff888100330180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.149694] ==================================================================
[   12.296598] ==================================================================
[   12.297232] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.297776] Write of size 1 at addr ffff888102a3e0ea by task kunit_try_catch/179
[   12.298287] 
[   12.298616] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.298662] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.298674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.298693] Call Trace:
[   12.298705]  <TASK>
[   12.298717]  dump_stack_lvl+0x73/0xb0
[   12.298746]  print_report+0xd1/0x650
[   12.298769]  ? __virt_addr_valid+0x1db/0x2d0
[   12.298791]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.298815]  ? kasan_addr_to_slab+0x11/0xa0
[   12.298836]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.298860]  kasan_report+0x141/0x180
[   12.298882]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.298912]  __asan_report_store1_noabort+0x1b/0x30
[   12.298949]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.298975]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.298999]  ? finish_task_switch.isra.0+0x153/0x700
[   12.299160]  ? __switch_to+0x47/0xf50
[   12.299186]  ? __schedule+0x10cc/0x2b60
[   12.299208]  ? __pfx_read_tsc+0x10/0x10
[   12.299232]  krealloc_large_less_oob+0x1c/0x30
[   12.299255]  kunit_try_run_case+0x1a5/0x480
[   12.299278]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.299301]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.299324]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.299348]  ? __kthread_parkme+0x82/0x180
[   12.299367]  ? preempt_count_sub+0x50/0x80
[   12.299390]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.299414]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.299437]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.299462]  kthread+0x337/0x6f0
[   12.299480]  ? trace_preempt_on+0x20/0xc0
[   12.299502]  ? __pfx_kthread+0x10/0x10
[   12.299522]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.299543]  ? calculate_sigpending+0x7b/0xa0
[   12.299566]  ? __pfx_kthread+0x10/0x10
[   12.299587]  ret_from_fork+0x116/0x1d0
[   12.299605]  ? __pfx_kthread+0x10/0x10
[   12.299625]  ret_from_fork_asm+0x1a/0x30
[   12.299656]  </TASK>
[   12.299666] 
[   12.308559] The buggy address belongs to the physical page:
[   12.308785] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.309084] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.309315] flags: 0x200000000000040(head|node=0|zone=2)
[   12.309561] page_type: f8(unknown)
[   12.309764] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.310333] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.310636] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.310866] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.311226] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.311570] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.311844] page dumped because: kasan: bad access detected
[   12.312194] 
[   12.312291] Memory state around the buggy address:
[   12.312503]  ffff888102a3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.312716]  ffff888102a3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.313051] >ffff888102a3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.313372]                                                           ^
[   12.313728]  ffff888102a3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.314054]  ffff888102a3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.314358] ==================================================================
[   12.314659] ==================================================================
[   12.315117] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.315525] Write of size 1 at addr ffff888102a3e0eb by task kunit_try_catch/179
[   12.316041] 
[   12.316227] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.316269] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.316279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.316297] Call Trace:
[   12.316311]  <TASK>
[   12.316325]  dump_stack_lvl+0x73/0xb0
[   12.316353]  print_report+0xd1/0x650
[   12.316374]  ? __virt_addr_valid+0x1db/0x2d0
[   12.316397]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.316422]  ? kasan_addr_to_slab+0x11/0xa0
[   12.316442]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.316466]  kasan_report+0x141/0x180
[   12.316487]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.316516]  __asan_report_store1_noabort+0x1b/0x30
[   12.316540]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.316566]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.316590]  ? finish_task_switch.isra.0+0x153/0x700
[   12.316612]  ? __switch_to+0x47/0xf50
[   12.316636]  ? __schedule+0x10cc/0x2b60
[   12.316657]  ? __pfx_read_tsc+0x10/0x10
[   12.316680]  krealloc_large_less_oob+0x1c/0x30
[   12.316703]  kunit_try_run_case+0x1a5/0x480
[   12.316727]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.316749]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.316771]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.316794]  ? __kthread_parkme+0x82/0x180
[   12.316814]  ? preempt_count_sub+0x50/0x80
[   12.316836]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.316860]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.316884]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.316908]  kthread+0x337/0x6f0
[   12.316939]  ? trace_preempt_on+0x20/0xc0
[   12.316975]  ? __pfx_kthread+0x10/0x10
[   12.316995]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.317016]  ? calculate_sigpending+0x7b/0xa0
[   12.317040]  ? __pfx_kthread+0x10/0x10
[   12.317060]  ret_from_fork+0x116/0x1d0
[   12.317078]  ? __pfx_kthread+0x10/0x10
[   12.317109]  ret_from_fork_asm+0x1a/0x30
[   12.317141]  </TASK>
[   12.317150] 
[   12.325226] The buggy address belongs to the physical page:
[   12.325458] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a3c
[   12.325789] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.326907] flags: 0x200000000000040(head|node=0|zone=2)
[   12.327512] page_type: f8(unknown)
[   12.327666] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.328180] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.328519] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.328973] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.329300] head: 0200000000000002 ffffea00040a8f01 00000000ffffffff 00000000ffffffff
[   12.329640] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.330128] page dumped because: kasan: bad access detected
[   12.330463] 
[   12.330567] Memory state around the buggy address:
[   12.330771]  ffff888102a3df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.331272]  ffff888102a3e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.331574] >ffff888102a3e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.332019]                                                           ^
[   12.332306]  ffff888102a3e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.332709]  ffff888102a3e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.333215] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zkW2ND3P9jnCEoicJVrQGQQHjY

job_id

TEST:linaro@lkft#2zkW8T0rf8x1xNcZqJ5ltfUVkWA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zkW8T0rf8x1xNcZqJ5ltfUVkWA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/bzImage
sha256sum	7f21af14d55a2a6c00657897b5a61581bc03fb7498328917a2f2ae35737ec23d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zkW5SdH8zGtoVoimUJeXjK1iDY/modules.tar.xz
sha256sum	390422b5b27780b5bdc518a6075ef4179367a706b7d88bc8e5416986229d72fd

durations

tests

boot	0
kunit	209.86

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit