lkft/linux-mainline-master - v6.16-rc5-224-g379f604cc3dc - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 12, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.259693] ==================================================================
[   19.260040] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.260709] Write of size 1 at addr fff00000c79060ea by task kunit_try_catch/163
[   19.260848] 
[   19.260937] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.261199] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.261290] Hardware name: linux,dummy-virt (DT)
[   19.261641] Call trace:
[   19.261933]  show_stack+0x20/0x38 (C)
[   19.262138]  dump_stack_lvl+0x8c/0xd0
[   19.262277]  print_report+0x118/0x608
[   19.262445]  kasan_report+0xdc/0x128
[   19.262628]  __asan_report_store1_noabort+0x20/0x30
[   19.262784]  krealloc_less_oob_helper+0xae4/0xc50
[   19.263206]  krealloc_large_less_oob+0x20/0x38
[   19.263361]  kunit_try_run_case+0x170/0x3f0
[   19.263662]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.263885]  kthread+0x328/0x630
[   19.264376]  ret_from_fork+0x10/0x20
[   19.264578] 
[   19.264645] The buggy address belongs to the physical page:
[   19.264736] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107904
[   19.264964] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.265152] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.265541] page_type: f8(unknown)
[   19.265811] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.265966] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.266189] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.266380] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.266575] head: 0bfffe0000000002 ffffc1ffc31e4101 00000000ffffffff 00000000ffffffff
[   19.267121] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.267301] page dumped because: kasan: bad access detected
[   19.267407] 
[   19.267462] Memory state around the buggy address:
[   19.267623]  fff00000c7905f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.267758]  fff00000c7906000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.268111] >fff00000c7906080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.268502]                                                           ^
[   19.268662]  fff00000c7906100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.268816]  fff00000c7906180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.268931] ==================================================================
[   19.219640] ==================================================================
[   19.219788] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.219951] Write of size 1 at addr fff00000c79060c9 by task kunit_try_catch/163
[   19.220072] 
[   19.220160] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.220358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.220420] Hardware name: linux,dummy-virt (DT)
[   19.220493] Call trace:
[   19.220545]  show_stack+0x20/0x38 (C)
[   19.220664]  dump_stack_lvl+0x8c/0xd0
[   19.220773]  print_report+0x118/0x608
[   19.221161]  kasan_report+0xdc/0x128
[   19.221294]  __asan_report_store1_noabort+0x20/0x30
[   19.221421]  krealloc_less_oob_helper+0xa48/0xc50
[   19.221681]  krealloc_large_less_oob+0x20/0x38
[   19.221844]  kunit_try_run_case+0x170/0x3f0
[   19.221958]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.222060]  kthread+0x328/0x630
[   19.222416]  ret_from_fork+0x10/0x20
[   19.222570] 
[   19.222631] The buggy address belongs to the physical page:
[   19.222715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107904
[   19.222862] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.223058] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.223441] page_type: f8(unknown)
[   19.223549] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.224004] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.224218] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.224548] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.224723] head: 0bfffe0000000002 ffffc1ffc31e4101 00000000ffffffff 00000000ffffffff
[   19.224910] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.225102] page dumped because: kasan: bad access detected
[   19.225204] 
[   19.225252] Memory state around the buggy address:
[   19.225320]  fff00000c7905f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.225410]  fff00000c7906000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.225495] >fff00000c7906080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.225574]                                               ^
[   19.225659]  fff00000c7906100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.225763]  fff00000c7906180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.226203] ==================================================================
[   19.242715] ==================================================================
[   19.244291] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.244883] Write of size 1 at addr fff00000c79060da by task kunit_try_catch/163
[   19.245482] 
[   19.245978] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.246779] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.246867] Hardware name: linux,dummy-virt (DT)
[   19.247483] Call trace:
[   19.247547]  show_stack+0x20/0x38 (C)
[   19.247740]  dump_stack_lvl+0x8c/0xd0
[   19.248405]  print_report+0x118/0x608
[   19.249006]  kasan_report+0xdc/0x128
[   19.249186]  __asan_report_store1_noabort+0x20/0x30
[   19.249566]  krealloc_less_oob_helper+0xa80/0xc50
[   19.249969]  krealloc_large_less_oob+0x20/0x38
[   19.250115]  kunit_try_run_case+0x170/0x3f0
[   19.251014]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.251240]  kthread+0x328/0x630
[   19.251815]  ret_from_fork+0x10/0x20
[   19.252331] 
[   19.252505] The buggy address belongs to the physical page:
[   19.252711] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107904
[   19.252942] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.253056] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.253190] page_type: f8(unknown)
[   19.253951] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.254214] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.254479] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.254833] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.255350] head: 0bfffe0000000002 ffffc1ffc31e4101 00000000ffffffff 00000000ffffffff
[   19.255664] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.256109] page dumped because: kasan: bad access detected
[   19.256335] 
[   19.256452] Memory state around the buggy address:
[   19.256540]  fff00000c7905f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.256723]  fff00000c7906000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.256858] >fff00000c7906080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.257298]                                                     ^
[   19.257472]  fff00000c7906100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.257640]  fff00000c7906180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.257793] ==================================================================
[   19.227875] ==================================================================
[   19.228015] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.228185] Write of size 1 at addr fff00000c79060d0 by task kunit_try_catch/163
[   19.228344] 
[   19.228426] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.229158] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.229244] Hardware name: linux,dummy-virt (DT)
[   19.229314] Call trace:
[   19.229367]  show_stack+0x20/0x38 (C)
[   19.229490]  dump_stack_lvl+0x8c/0xd0
[   19.230245]  print_report+0x118/0x608
[   19.230482]  kasan_report+0xdc/0x128
[   19.230610]  __asan_report_store1_noabort+0x20/0x30
[   19.230723]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.230845]  krealloc_large_less_oob+0x20/0x38
[   19.231663]  kunit_try_run_case+0x170/0x3f0
[   19.232457]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.232765]  kthread+0x328/0x630
[   19.232990]  ret_from_fork+0x10/0x20
[   19.233188] 
[   19.233306] The buggy address belongs to the physical page:
[   19.233751] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107904
[   19.234360] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.234558] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.234703] page_type: f8(unknown)
[   19.234804] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.234999] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.235812] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.236098] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.236625] head: 0bfffe0000000002 ffffc1ffc31e4101 00000000ffffffff 00000000ffffffff
[   19.236876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.237106] page dumped because: kasan: bad access detected
[   19.237177] 
[   19.237219] Memory state around the buggy address:
[   19.237289]  fff00000c7905f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.237369]  fff00000c7906000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.237458] >fff00000c7906080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.237544]                                                  ^
[   19.238675]  fff00000c7906100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.239269]  fff00000c7906180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.239882] ==================================================================
[   19.146790] ==================================================================
[   19.146917] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.147395] Write of size 1 at addr fff00000c440aaea by task kunit_try_catch/159
[   19.147587] 
[   19.147676] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.147884] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.147943] Hardware name: linux,dummy-virt (DT)
[   19.148008] Call trace:
[   19.148059]  show_stack+0x20/0x38 (C)
[   19.148167]  dump_stack_lvl+0x8c/0xd0
[   19.148268]  print_report+0x118/0x608
[   19.148369]  kasan_report+0xdc/0x128
[   19.148468]  __asan_report_store1_noabort+0x20/0x30
[   19.148581]  krealloc_less_oob_helper+0xae4/0xc50
[   19.148693]  krealloc_less_oob+0x20/0x38
[   19.150426]  kunit_try_run_case+0x170/0x3f0
[   19.150757]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.151576]  kthread+0x328/0x630
[   19.151850]  ret_from_fork+0x10/0x20
[   19.152087] 
[   19.152191] Allocated by task 159:
[   19.152277]  kasan_save_stack+0x3c/0x68
[   19.152377]  kasan_save_track+0x20/0x40
[   19.152768]  kasan_save_alloc_info+0x40/0x58
[   19.153168]  __kasan_krealloc+0x118/0x178
[   19.153518]  krealloc_noprof+0x128/0x360
[   19.153597]  krealloc_less_oob_helper+0x168/0xc50
[   19.153971]  krealloc_less_oob+0x20/0x38
[   19.154333]  kunit_try_run_case+0x170/0x3f0
[   19.154421]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.155294]  kthread+0x328/0x630
[   19.155718]  ret_from_fork+0x10/0x20
[   19.155909] 
[   19.155965] The buggy address belongs to the object at fff00000c440aa00
[   19.155965]  which belongs to the cache kmalloc-256 of size 256
[   19.156109] The buggy address is located 33 bytes to the right of
[   19.156109]  allocated 201-byte region [fff00000c440aa00, fff00000c440aac9)
[   19.156398] 
[   19.156464] The buggy address belongs to the physical page:
[   19.156868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10440a
[   19.157476] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.158216] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.158486] page_type: f5(slab)
[   19.158606] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.158768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.158899] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.159010] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.159120] head: 0bfffe0000000001 ffffc1ffc3110281 00000000ffffffff 00000000ffffffff
[   19.159228] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.159318] page dumped because: kasan: bad access detected
[   19.160699] 
[   19.161057] Memory state around the buggy address:
[   19.161285]  fff00000c440a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.161853]  fff00000c440aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.162710] >fff00000c440aa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.162811]                                                           ^
[   19.163273]  fff00000c440ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.163900]  fff00000c440ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.164245] ==================================================================
[   19.166639] ==================================================================
[   19.166707] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.166783] Write of size 1 at addr fff00000c440aaeb by task kunit_try_catch/159
[   19.166927] 
[   19.167033] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.167272] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.167354] Hardware name: linux,dummy-virt (DT)
[   19.167438] Call trace:
[   19.167491]  show_stack+0x20/0x38 (C)
[   19.167801]  dump_stack_lvl+0x8c/0xd0
[   19.168244]  print_report+0x118/0x608
[   19.168357]  kasan_report+0xdc/0x128
[   19.168456]  __asan_report_store1_noabort+0x20/0x30
[   19.168568]  krealloc_less_oob_helper+0xa58/0xc50
[   19.168680]  krealloc_less_oob+0x20/0x38
[   19.168844]  kunit_try_run_case+0x170/0x3f0
[   19.168952]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.169064]  kthread+0x328/0x630
[   19.169193]  ret_from_fork+0x10/0x20
[   19.169289] 
[   19.169329] Allocated by task 159:
[   19.169684]  kasan_save_stack+0x3c/0x68
[   19.169791]  kasan_save_track+0x20/0x40
[   19.169894]  kasan_save_alloc_info+0x40/0x58
[   19.169967]  __kasan_krealloc+0x118/0x178
[   19.170031]  krealloc_noprof+0x128/0x360
[   19.170127]  krealloc_less_oob_helper+0x168/0xc50
[   19.170219]  krealloc_less_oob+0x20/0x38
[   19.170295]  kunit_try_run_case+0x170/0x3f0
[   19.170374]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.170634]  kthread+0x328/0x630
[   19.170719]  ret_from_fork+0x10/0x20
[   19.170813] 
[   19.170881] The buggy address belongs to the object at fff00000c440aa00
[   19.170881]  which belongs to the cache kmalloc-256 of size 256
[   19.171051] The buggy address is located 34 bytes to the right of
[   19.171051]  allocated 201-byte region [fff00000c440aa00, fff00000c440aac9)
[   19.171274] 
[   19.171345] The buggy address belongs to the physical page:
[   19.171459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10440a
[   19.171586] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.171698] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.171876] page_type: f5(slab)
[   19.171964] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.172479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.172643] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.172806] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.172932] head: 0bfffe0000000001 ffffc1ffc3110281 00000000ffffffff 00000000ffffffff
[   19.173074] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.173175] page dumped because: kasan: bad access detected
[   19.173258] 
[   19.173320] Memory state around the buggy address:
[   19.173421]  fff00000c440a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.173541]  fff00000c440aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.173688] >fff00000c440aa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.173785]                                                           ^
[   19.173896]  fff00000c440ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.174001]  fff00000c440ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.174101] ==================================================================
[   19.111143] ==================================================================
[   19.111475] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.111615] Write of size 1 at addr fff00000c440aad0 by task kunit_try_catch/159
[   19.111733] 
[   19.111808] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.112014] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.112084] Hardware name: linux,dummy-virt (DT)
[   19.112156] Call trace:
[   19.112204]  show_stack+0x20/0x38 (C)
[   19.112440]  dump_stack_lvl+0x8c/0xd0
[   19.112779]  print_report+0x118/0x608
[   19.112906]  kasan_report+0xdc/0x128
[   19.113007]  __asan_report_store1_noabort+0x20/0x30
[   19.113209]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.113576]  krealloc_less_oob+0x20/0x38
[   19.113687]  kunit_try_run_case+0x170/0x3f0
[   19.113792]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.113910]  kthread+0x328/0x630
[   19.114013]  ret_from_fork+0x10/0x20
[   19.114119] 
[   19.114156] Allocated by task 159:
[   19.114214]  kasan_save_stack+0x3c/0x68
[   19.114297]  kasan_save_track+0x20/0x40
[   19.114383]  kasan_save_alloc_info+0x40/0x58
[   19.114722]  __kasan_krealloc+0x118/0x178
[   19.114848]  krealloc_noprof+0x128/0x360
[   19.114947]  krealloc_less_oob_helper+0x168/0xc50
[   19.115034]  krealloc_less_oob+0x20/0x38
[   19.115112]  kunit_try_run_case+0x170/0x3f0
[   19.115505]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.115653]  kthread+0x328/0x630
[   19.115732]  ret_from_fork+0x10/0x20
[   19.115839] 
[   19.115910] The buggy address belongs to the object at fff00000c440aa00
[   19.115910]  which belongs to the cache kmalloc-256 of size 256
[   19.116036] The buggy address is located 7 bytes to the right of
[   19.116036]  allocated 201-byte region [fff00000c440aa00, fff00000c440aac9)
[   19.116430] 
[   19.116490] The buggy address belongs to the physical page:
[   19.116580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10440a
[   19.116711] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.116832] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.116949] page_type: f5(slab)
[   19.117160] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.117298] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.117433] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.117657] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.117885] head: 0bfffe0000000001 ffffc1ffc3110281 00000000ffffffff 00000000ffffffff
[   19.118174] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.118509] page dumped because: kasan: bad access detected
[   19.118652] 
[   19.118755] Memory state around the buggy address:
[   19.118861]  fff00000c440a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.119020]  fff00000c440aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.119335] >fff00000c440aa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.119441]                                                  ^
[   19.119530]  fff00000c440ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.119725]  fff00000c440ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.120274] ==================================================================
[   19.095558] ==================================================================
[   19.095693] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.096654] Write of size 1 at addr fff00000c440aac9 by task kunit_try_catch/159
[   19.096871] 
[   19.097027] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.097319] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.097497] Hardware name: linux,dummy-virt (DT)
[   19.097569] Call trace:
[   19.097615]  show_stack+0x20/0x38 (C)
[   19.098306]  dump_stack_lvl+0x8c/0xd0
[   19.098746]  print_report+0x118/0x608
[   19.098913]  kasan_report+0xdc/0x128
[   19.099029]  __asan_report_store1_noabort+0x20/0x30
[   19.099145]  krealloc_less_oob_helper+0xa48/0xc50
[   19.099264]  krealloc_less_oob+0x20/0x38
[   19.099372]  kunit_try_run_case+0x170/0x3f0
[   19.099484]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.100459]  kthread+0x328/0x630
[   19.100660]  ret_from_fork+0x10/0x20
[   19.100867] 
[   19.100909] Allocated by task 159:
[   19.101431]  kasan_save_stack+0x3c/0x68
[   19.101975]  kasan_save_track+0x20/0x40
[   19.102192]  kasan_save_alloc_info+0x40/0x58
[   19.102391]  __kasan_krealloc+0x118/0x178
[   19.102498]  krealloc_noprof+0x128/0x360
[   19.102658]  krealloc_less_oob_helper+0x168/0xc50
[   19.102760]  krealloc_less_oob+0x20/0x38
[   19.102869]  kunit_try_run_case+0x170/0x3f0
[   19.102959]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.103483]  kthread+0x328/0x630
[   19.103642]  ret_from_fork+0x10/0x20
[   19.103729] 
[   19.103781] The buggy address belongs to the object at fff00000c440aa00
[   19.103781]  which belongs to the cache kmalloc-256 of size 256
[   19.103923] The buggy address is located 0 bytes to the right of
[   19.103923]  allocated 201-byte region [fff00000c440aa00, fff00000c440aac9)
[   19.104084] 
[   19.104137] The buggy address belongs to the physical page:
[   19.104212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10440a
[   19.104348] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.104467] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.104602] page_type: f5(slab)
[   19.104698] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.104830] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.104954] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.105071] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.106172] head: 0bfffe0000000001 ffffc1ffc3110281 00000000ffffffff 00000000ffffffff
[   19.107576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.108223] page dumped because: kasan: bad access detected
[   19.108312] 
[   19.108362] Memory state around the buggy address:
[   19.108438]  fff00000c440a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.108544]  fff00000c440aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.108648] >fff00000c440aa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.109125]                                               ^
[   19.109579]  fff00000c440ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.109698]  fff00000c440ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.109855] ==================================================================
[   19.123375] ==================================================================
[   19.123486] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.123597] Write of size 1 at addr fff00000c440aada by task kunit_try_catch/159
[   19.123712] 
[   19.123788] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.123998] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.124061] Hardware name: linux,dummy-virt (DT)
[   19.124132] Call trace:
[   19.124181]  show_stack+0x20/0x38 (C)
[   19.124294]  dump_stack_lvl+0x8c/0xd0
[   19.125572]  print_report+0x118/0x608
[   19.127152]  kasan_report+0xdc/0x128
[   19.127675]  __asan_report_store1_noabort+0x20/0x30
[   19.128142]  krealloc_less_oob_helper+0xa80/0xc50
[   19.128556]  krealloc_less_oob+0x20/0x38
[   19.129021]  kunit_try_run_case+0x170/0x3f0
[   19.129520]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.129744]  kthread+0x328/0x630
[   19.130218]  ret_from_fork+0x10/0x20
[   19.130603] 
[   19.130649] Allocated by task 159:
[   19.131115]  kasan_save_stack+0x3c/0x68
[   19.131650]  kasan_save_track+0x20/0x40
[   19.132130]  kasan_save_alloc_info+0x40/0x58
[   19.132302]  __kasan_krealloc+0x118/0x178
[   19.132386]  krealloc_noprof+0x128/0x360
[   19.132744]  krealloc_less_oob_helper+0x168/0xc50
[   19.133367]  krealloc_less_oob+0x20/0x38
[   19.133756]  kunit_try_run_case+0x170/0x3f0
[   19.133892]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.133997]  kthread+0x328/0x630
[   19.134073]  ret_from_fork+0x10/0x20
[   19.134508] 
[   19.134753] The buggy address belongs to the object at fff00000c440aa00
[   19.134753]  which belongs to the cache kmalloc-256 of size 256
[   19.134889] The buggy address is located 17 bytes to the right of
[   19.134889]  allocated 201-byte region [fff00000c440aa00, fff00000c440aac9)
[   19.135708] 
[   19.135903] The buggy address belongs to the physical page:
[   19.136143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10440a
[   19.136274] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.136376] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.136503] page_type: f5(slab)
[   19.136593] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.136711] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.137709] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.138026] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.138310] head: 0bfffe0000000001 ffffc1ffc3110281 00000000ffffffff 00000000ffffffff
[   19.138596] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.139164] page dumped because: kasan: bad access detected
[   19.139413] 
[   19.139759] Memory state around the buggy address:
[   19.139962]  fff00000c440a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.140281]  fff00000c440aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.140685] >fff00000c440aa80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.140783]                                                     ^
[   19.141088]  fff00000c440ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.141426]  fff00000c440ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.141785] ==================================================================
[   19.270861] ==================================================================
[   19.271472] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.272075] Write of size 1 at addr fff00000c79060eb by task kunit_try_catch/163
[   19.272200] 
[   19.272287] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.272481] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.272546] Hardware name: linux,dummy-virt (DT)
[   19.272621] Call trace:
[   19.272674]  show_stack+0x20/0x38 (C)
[   19.272792]  dump_stack_lvl+0x8c/0xd0
[   19.273159]  print_report+0x118/0x608
[   19.273314]  kasan_report+0xdc/0x128
[   19.273411]  __asan_report_store1_noabort+0x20/0x30
[   19.274300]  krealloc_less_oob_helper+0xa58/0xc50
[   19.274455]  krealloc_large_less_oob+0x20/0x38
[   19.274810]  kunit_try_run_case+0x170/0x3f0
[   19.275036]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.275181]  kthread+0x328/0x630
[   19.275285]  ret_from_fork+0x10/0x20
[   19.275666] 
[   19.276015] The buggy address belongs to the physical page:
[   19.276144] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107904
[   19.276327] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.276630] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.276989] page_type: f8(unknown)
[   19.277108] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.277686] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.277842] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.278806] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.279016] head: 0bfffe0000000002 ffffc1ffc31e4101 00000000ffffffff 00000000ffffffff
[   19.279696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.279791] page dumped because: kasan: bad access detected
[   19.279893] 
[   19.279939] Memory state around the buggy address:
[   19.280228]  fff00000c7905f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.280392]  fff00000c7906000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.280739] >fff00000c7906080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.280849]                                                           ^
[   19.280946]  fff00000c7906100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.281285]  fff00000c7906180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.282227] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlverRb5fPdptEkZ6zMvlyzm1I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlverRb5fPdptEkZ6zMvlyzm1I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/Image.gz
sha256sum	c9e48236e89d2de4ae2e1bd084878fc8548c676082f395c1121631c860b60412

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvbiPPzjbfulszSj1CbdZDBg5/modules.tar.xz
sha256sum	e24d92e515f54e515d26355283c0915768fc78096b724afb30cb660de602c681

durations

tests

boot	0
kunit	290.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.572759] ==================================================================
[   12.573087] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.573442] Write of size 1 at addr ffff888102bba0eb by task kunit_try_catch/180
[   12.573775] 
[   12.573862] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.573902] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.573912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.573931] Call Trace:
[   12.573945]  <TASK>
[   12.573959]  dump_stack_lvl+0x73/0xb0
[   12.573984]  print_report+0xd1/0x650
[   12.574005]  ? __virt_addr_valid+0x1db/0x2d0
[   12.574027]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.574050]  ? kasan_addr_to_slab+0x11/0xa0
[   12.574071]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.574094]  kasan_report+0x141/0x180
[   12.574116]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.574144]  __asan_report_store1_noabort+0x1b/0x30
[   12.574169]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.574195]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.574219]  ? finish_task_switch.isra.0+0x153/0x700
[   12.574241]  ? __switch_to+0x47/0xf50
[   12.574265]  ? __schedule+0x10cc/0x2b60
[   12.574286]  ? __pfx_read_tsc+0x10/0x10
[   12.574309]  krealloc_large_less_oob+0x1c/0x30
[   12.574332]  kunit_try_run_case+0x1a5/0x480
[   12.574356]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574384]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.574407]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.574430]  ? __kthread_parkme+0x82/0x180
[   12.574450]  ? preempt_count_sub+0x50/0x80
[   12.574473]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.574497]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.574520]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.574545]  kthread+0x337/0x6f0
[   12.574563]  ? trace_preempt_on+0x20/0xc0
[   12.574586]  ? __pfx_kthread+0x10/0x10
[   12.574607]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.574628]  ? calculate_sigpending+0x7b/0xa0
[   12.574651]  ? __pfx_kthread+0x10/0x10
[   12.574672]  ret_from_fork+0x116/0x1d0
[   12.574690]  ? __pfx_kthread+0x10/0x10
[   12.574710]  ret_from_fork_asm+0x1a/0x30
[   12.574741]  </TASK>
[   12.574760] 
[   12.582599] The buggy address belongs to the physical page:
[   12.582985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8
[   12.583360] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.583841] flags: 0x200000000000040(head|node=0|zone=2)
[   12.584063] page_type: f8(unknown)
[   12.584222] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.584452] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.584698] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.585066] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.585874] head: 0200000000000002 ffffea00040aee01 00000000ffffffff 00000000ffffffff
[   12.586238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.586520] page dumped because: kasan: bad access detected
[   12.586714] 
[   12.586835] Memory state around the buggy address:
[   12.587216]  ffff888102bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.587461]  ffff888102bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.587690] >ffff888102bba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.588020]                                                           ^
[   12.588422]  ffff888102bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.588847]  ffff888102bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.589146] ==================================================================
[   12.361020] ==================================================================
[   12.361346] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.361615] Write of size 1 at addr ffff888100a290da by task kunit_try_catch/176
[   12.362040] 
[   12.362169] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.362214] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.362226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.362243] Call Trace:
[   12.362258]  <TASK>
[   12.362275]  dump_stack_lvl+0x73/0xb0
[   12.362325]  print_report+0xd1/0x650
[   12.362347]  ? __virt_addr_valid+0x1db/0x2d0
[   12.362375]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.362399]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.362422]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.362447]  kasan_report+0x141/0x180
[   12.362486]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.362515]  __asan_report_store1_noabort+0x1b/0x30
[   12.362540]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.362583]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.362608]  ? finish_task_switch.isra.0+0x153/0x700
[   12.362630]  ? __switch_to+0x47/0xf50
[   12.362714]  ? __schedule+0x10cc/0x2b60
[   12.362739]  ? __pfx_read_tsc+0x10/0x10
[   12.362774]  krealloc_less_oob+0x1c/0x30
[   12.362795]  kunit_try_run_case+0x1a5/0x480
[   12.362819]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.362841]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.362866]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.362889]  ? __kthread_parkme+0x82/0x180
[   12.362931]  ? preempt_count_sub+0x50/0x80
[   12.362954]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.362978]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.363017]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.363056]  kthread+0x337/0x6f0
[   12.363075]  ? trace_preempt_on+0x20/0xc0
[   12.363097]  ? __pfx_kthread+0x10/0x10
[   12.363118]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.363139]  ? calculate_sigpending+0x7b/0xa0
[   12.363163]  ? __pfx_kthread+0x10/0x10
[   12.363184]  ret_from_fork+0x116/0x1d0
[   12.363202]  ? __pfx_kthread+0x10/0x10
[   12.363221]  ret_from_fork_asm+0x1a/0x30
[   12.363251]  </TASK>
[   12.363261] 
[   12.371180] Allocated by task 176:
[   12.371305]  kasan_save_stack+0x45/0x70
[   12.371448]  kasan_save_track+0x18/0x40
[   12.371578]  kasan_save_alloc_info+0x3b/0x50
[   12.371876]  __kasan_krealloc+0x190/0x1f0
[   12.372107]  krealloc_noprof+0xf3/0x340
[   12.372320]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.372578]  krealloc_less_oob+0x1c/0x30
[   12.372786]  kunit_try_run_case+0x1a5/0x480
[   12.373098]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.373711]  kthread+0x337/0x6f0
[   12.373917]  ret_from_fork+0x116/0x1d0
[   12.374106]  ret_from_fork_asm+0x1a/0x30
[   12.374239] 
[   12.374307] The buggy address belongs to the object at ffff888100a29000
[   12.374307]  which belongs to the cache kmalloc-256 of size 256
[   12.374971] The buggy address is located 17 bytes to the right of
[   12.374971]  allocated 201-byte region [ffff888100a29000, ffff888100a290c9)
[   12.376006] 
[   12.376136] The buggy address belongs to the physical page:
[   12.376409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a28
[   12.376759] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.377093] flags: 0x200000000000040(head|node=0|zone=2)
[   12.377337] page_type: f5(slab)
[   12.377474] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.377695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.377925] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.378290] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.378762] head: 0200000000000001 ffffea0004028a01 00000000ffffffff 00000000ffffffff
[   12.379364] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.379764] page dumped because: kasan: bad access detected
[   12.379986] 
[   12.380054] Memory state around the buggy address:
[   12.380203]  ffff888100a28f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.380483]  ffff888100a29000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.381077] >ffff888100a29080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.381350]                                                     ^
[   12.381606]  ffff888100a29100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.381991]  ffff888100a29180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.382280] ==================================================================
[   12.511385] ==================================================================
[   12.511617] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.511906] Write of size 1 at addr ffff888102bba0d0 by task kunit_try_catch/180
[   12.512238] 
[   12.512352] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.512393] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.512405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.512423] Call Trace:
[   12.512435]  <TASK>
[   12.512450]  dump_stack_lvl+0x73/0xb0
[   12.512477]  print_report+0xd1/0x650
[   12.512501]  ? __virt_addr_valid+0x1db/0x2d0
[   12.512524]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.512548]  ? kasan_addr_to_slab+0x11/0xa0
[   12.512569]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.512593]  kasan_report+0x141/0x180
[   12.512615]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.512719]  __asan_report_store1_noabort+0x1b/0x30
[   12.512758]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.512785]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.512810]  ? finish_task_switch.isra.0+0x153/0x700
[   12.512834]  ? __switch_to+0x47/0xf50
[   12.512859]  ? __schedule+0x10cc/0x2b60
[   12.512882]  ? __pfx_read_tsc+0x10/0x10
[   12.512906]  krealloc_large_less_oob+0x1c/0x30
[   12.512929]  kunit_try_run_case+0x1a5/0x480
[   12.512955]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.512978]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.513002]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.513025]  ? __kthread_parkme+0x82/0x180
[   12.513045]  ? preempt_count_sub+0x50/0x80
[   12.513069]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.513093]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.513117]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.513142]  kthread+0x337/0x6f0
[   12.513160]  ? trace_preempt_on+0x20/0xc0
[   12.513183]  ? __pfx_kthread+0x10/0x10
[   12.513204]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.513226]  ? calculate_sigpending+0x7b/0xa0
[   12.513250]  ? __pfx_kthread+0x10/0x10
[   12.513271]  ret_from_fork+0x116/0x1d0
[   12.513290]  ? __pfx_kthread+0x10/0x10
[   12.513310]  ret_from_fork_asm+0x1a/0x30
[   12.513339]  </TASK>
[   12.513350] 
[   12.520883] The buggy address belongs to the physical page:
[   12.521143] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8
[   12.521494] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.522028] flags: 0x200000000000040(head|node=0|zone=2)
[   12.522245] page_type: f8(unknown)
[   12.522430] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.522830] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.523134] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.523443] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.523779] head: 0200000000000002 ffffea00040aee01 00000000ffffffff 00000000ffffffff
[   12.524131] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.524469] page dumped because: kasan: bad access detected
[   12.524702] 
[   12.524798] Memory state around the buggy address:
[   12.525018]  ffff888102bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.525338]  ffff888102bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.525727] >ffff888102bba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.525952]                                                  ^
[   12.526131]  ffff888102bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.526456]  ffff888102bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.526997] ==================================================================
[   12.552531] ==================================================================
[   12.553022] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.553662] Write of size 1 at addr ffff888102bba0ea by task kunit_try_catch/180
[   12.554446] 
[   12.554617] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.554657] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.554668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.554687] Call Trace:
[   12.554720]  <TASK>
[   12.554735]  dump_stack_lvl+0x73/0xb0
[   12.554772]  print_report+0xd1/0x650
[   12.554795]  ? __virt_addr_valid+0x1db/0x2d0
[   12.554818]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.554842]  ? kasan_addr_to_slab+0x11/0xa0
[   12.554862]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.554887]  kasan_report+0x141/0x180
[   12.554909]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.554938]  __asan_report_store1_noabort+0x1b/0x30
[   12.554964]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.554989]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.555014]  ? finish_task_switch.isra.0+0x153/0x700
[   12.555037]  ? __switch_to+0x47/0xf50
[   12.555062]  ? __schedule+0x10cc/0x2b60
[   12.555083]  ? __pfx_read_tsc+0x10/0x10
[   12.555106]  krealloc_large_less_oob+0x1c/0x30
[   12.555130]  kunit_try_run_case+0x1a5/0x480
[   12.555154]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.555177]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.555202]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.555229]  ? __kthread_parkme+0x82/0x180
[   12.555251]  ? preempt_count_sub+0x50/0x80
[   12.555275]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.555299]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.555323]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.555348]  kthread+0x337/0x6f0
[   12.555367]  ? trace_preempt_on+0x20/0xc0
[   12.555391]  ? __pfx_kthread+0x10/0x10
[   12.555411]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.555433]  ? calculate_sigpending+0x7b/0xa0
[   12.555456]  ? __pfx_kthread+0x10/0x10
[   12.555479]  ret_from_fork+0x116/0x1d0
[   12.555497]  ? __pfx_kthread+0x10/0x10
[   12.555517]  ret_from_fork_asm+0x1a/0x30
[   12.555547]  </TASK>
[   12.555557] 
[   12.565770] The buggy address belongs to the physical page:
[   12.565956] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8
[   12.566522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.567183] flags: 0x200000000000040(head|node=0|zone=2)
[   12.567417] page_type: f8(unknown)
[   12.567543] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.568152] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.568407] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.568637] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.568978] head: 0200000000000002 ffffea00040aee01 00000000ffffffff 00000000ffffffff
[   12.569322] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.569866] page dumped because: kasan: bad access detected
[   12.570072] 
[   12.570171] Memory state around the buggy address:
[   12.570350]  ffff888102bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.570596]  ffff888102bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.571275] >ffff888102bba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.571539]                                                           ^
[   12.571736]  ffff888102bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.572038]  ffff888102bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.572395] ==================================================================
[   12.382984] ==================================================================
[   12.383327] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.383688] Write of size 1 at addr ffff888100a290ea by task kunit_try_catch/176
[   12.384048] 
[   12.384150] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.384214] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.384225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.384262] Call Trace:
[   12.384278]  <TASK>
[   12.384293]  dump_stack_lvl+0x73/0xb0
[   12.384323]  print_report+0xd1/0x650
[   12.384361]  ? __virt_addr_valid+0x1db/0x2d0
[   12.384384]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.384408]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.384431]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.384455]  kasan_report+0x141/0x180
[   12.384476]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.384505]  __asan_report_store1_noabort+0x1b/0x30
[   12.384530]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.384572]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.384597]  ? finish_task_switch.isra.0+0x153/0x700
[   12.384620]  ? __switch_to+0x47/0xf50
[   12.384722]  ? __schedule+0x10cc/0x2b60
[   12.384757]  ? __pfx_read_tsc+0x10/0x10
[   12.384781]  krealloc_less_oob+0x1c/0x30
[   12.384802]  kunit_try_run_case+0x1a5/0x480
[   12.384845]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.384868]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.384906]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.384943]  ? __kthread_parkme+0x82/0x180
[   12.384963]  ? preempt_count_sub+0x50/0x80
[   12.384986]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.385009]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.385033]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.385058]  kthread+0x337/0x6f0
[   12.385078]  ? trace_preempt_on+0x20/0xc0
[   12.385101]  ? __pfx_kthread+0x10/0x10
[   12.385121]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.385142]  ? calculate_sigpending+0x7b/0xa0
[   12.385166]  ? __pfx_kthread+0x10/0x10
[   12.385187]  ret_from_fork+0x116/0x1d0
[   12.385205]  ? __pfx_kthread+0x10/0x10
[   12.385225]  ret_from_fork_asm+0x1a/0x30
[   12.385255]  </TASK>
[   12.385265] 
[   12.393605] Allocated by task 176:
[   12.393895]  kasan_save_stack+0x45/0x70
[   12.394135]  kasan_save_track+0x18/0x40
[   12.394369]  kasan_save_alloc_info+0x3b/0x50
[   12.394574]  __kasan_krealloc+0x190/0x1f0
[   12.394780]  krealloc_noprof+0xf3/0x340
[   12.394968]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.395192]  krealloc_less_oob+0x1c/0x30
[   12.395618]  kunit_try_run_case+0x1a5/0x480
[   12.395957]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.396257]  kthread+0x337/0x6f0
[   12.396459]  ret_from_fork+0x116/0x1d0
[   12.396643]  ret_from_fork_asm+0x1a/0x30
[   12.396849] 
[   12.396942] The buggy address belongs to the object at ffff888100a29000
[   12.396942]  which belongs to the cache kmalloc-256 of size 256
[   12.397483] The buggy address is located 33 bytes to the right of
[   12.397483]  allocated 201-byte region [ffff888100a29000, ffff888100a290c9)
[   12.397854] 
[   12.397923] The buggy address belongs to the physical page:
[   12.398144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a28
[   12.398537] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.399167] flags: 0x200000000000040(head|node=0|zone=2)
[   12.399549] page_type: f5(slab)
[   12.399719] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.400239] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.400463] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.401049] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.401620] head: 0200000000000001 ffffea0004028a01 00000000ffffffff 00000000ffffffff
[   12.402000] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.402216] page dumped because: kasan: bad access detected
[   12.402386] 
[   12.402561] Memory state around the buggy address:
[   12.402900]  ffff888100a28f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.403209]  ffff888100a29000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.403732] >ffff888100a29080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.404118]                                                           ^
[   12.404351]  ffff888100a29100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.404711]  ffff888100a29180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.405153] ==================================================================
[   12.480389] ==================================================================
[   12.481160] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.481426] Write of size 1 at addr ffff888102bba0c9 by task kunit_try_catch/180
[   12.481648] 
[   12.481735] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.481802] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.481812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.481832] Call Trace:
[   12.481845]  <TASK>
[   12.481859]  dump_stack_lvl+0x73/0xb0
[   12.481886]  print_report+0xd1/0x650
[   12.481908]  ? __virt_addr_valid+0x1db/0x2d0
[   12.481930]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.481954]  ? kasan_addr_to_slab+0x11/0xa0
[   12.481974]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.481998]  kasan_report+0x141/0x180
[   12.482020]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.482048]  __asan_report_store1_noabort+0x1b/0x30
[   12.482151]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.482181]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.482208]  ? finish_task_switch.isra.0+0x153/0x700
[   12.482231]  ? __switch_to+0x47/0xf50
[   12.482255]  ? __schedule+0x10cc/0x2b60
[   12.482276]  ? __pfx_read_tsc+0x10/0x10
[   12.482300]  krealloc_large_less_oob+0x1c/0x30
[   12.482324]  kunit_try_run_case+0x1a5/0x480
[   12.482347]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.482382]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.482405]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.482674]  ? __kthread_parkme+0x82/0x180
[   12.482779]  ? preempt_count_sub+0x50/0x80
[   12.482804]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.482829]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.482854]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.482879]  kthread+0x337/0x6f0
[   12.482898]  ? trace_preempt_on+0x20/0xc0
[   12.482922]  ? __pfx_kthread+0x10/0x10
[   12.482943]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.482964]  ? calculate_sigpending+0x7b/0xa0
[   12.482988]  ? __pfx_kthread+0x10/0x10
[   12.483009]  ret_from_fork+0x116/0x1d0
[   12.483027]  ? __pfx_kthread+0x10/0x10
[   12.483047]  ret_from_fork_asm+0x1a/0x30
[   12.483077]  </TASK>
[   12.483088] 
[   12.499352] The buggy address belongs to the physical page:
[   12.499815] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8
[   12.500311] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.500548] flags: 0x200000000000040(head|node=0|zone=2)
[   12.500811] page_type: f8(unknown)
[   12.501431] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.502487] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.503516] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.504556] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.505394] head: 0200000000000002 ffffea00040aee01 00000000ffffffff 00000000ffffffff
[   12.505629] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.506547] page dumped because: kasan: bad access detected
[   12.507062] 
[   12.507338] Memory state around the buggy address:
[   12.508026]  ffff888102bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.508541]  ffff888102bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.509254] >ffff888102bba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.510055]                                               ^
[   12.510533]  ffff888102bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.510773]  ffff888102bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.510991] ==================================================================
[   12.527780] ==================================================================
[   12.528143] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.528439] Write of size 1 at addr ffff888102bba0da by task kunit_try_catch/180
[   12.528743] 
[   12.529036] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.529077] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.529088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.529105] Call Trace:
[   12.529116]  <TASK>
[   12.529129]  dump_stack_lvl+0x73/0xb0
[   12.529156]  print_report+0xd1/0x650
[   12.529179]  ? __virt_addr_valid+0x1db/0x2d0
[   12.529201]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.529225]  ? kasan_addr_to_slab+0x11/0xa0
[   12.529245]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.529269]  kasan_report+0x141/0x180
[   12.529291]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.529319]  __asan_report_store1_noabort+0x1b/0x30
[   12.529344]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.529370]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.529396]  ? finish_task_switch.isra.0+0x153/0x700
[   12.529418]  ? __switch_to+0x47/0xf50
[   12.529442]  ? __schedule+0x10cc/0x2b60
[   12.529463]  ? __pfx_read_tsc+0x10/0x10
[   12.529487]  krealloc_large_less_oob+0x1c/0x30
[   12.529509]  kunit_try_run_case+0x1a5/0x480
[   12.529534]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.529557]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.529579]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.529603]  ? __kthread_parkme+0x82/0x180
[   12.529623]  ? preempt_count_sub+0x50/0x80
[   12.529722]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.529758]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.529783]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.529809]  kthread+0x337/0x6f0
[   12.529828]  ? trace_preempt_on+0x20/0xc0
[   12.529850]  ? __pfx_kthread+0x10/0x10
[   12.529870]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.529892]  ? calculate_sigpending+0x7b/0xa0
[   12.529916]  ? __pfx_kthread+0x10/0x10
[   12.529938]  ret_from_fork+0x116/0x1d0
[   12.529958]  ? __pfx_kthread+0x10/0x10
[   12.529982]  ret_from_fork_asm+0x1a/0x30
[   12.530014]  </TASK>
[   12.530023] 
[   12.541875] The buggy address belongs to the physical page:
[   12.542364] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb8
[   12.543311] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.544008] flags: 0x200000000000040(head|node=0|zone=2)
[   12.544589] page_type: f8(unknown)
[   12.544866] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.545497] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.545834] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.546063] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.546292] head: 0200000000000002 ffffea00040aee01 00000000ffffffff 00000000ffffffff
[   12.546527] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.547062] page dumped because: kasan: bad access detected
[   12.547626] 
[   12.547791] Memory state around the buggy address:
[   12.548259]  ffff888102bb9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.549032]  ffff888102bba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.549637] >ffff888102bba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.550436]                                                     ^
[   12.551084]  ffff888102bba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.551860]  ffff888102bba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.552243] ==================================================================
[   12.405603] ==================================================================
[   12.406028] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.406373] Write of size 1 at addr ffff888100a290eb by task kunit_try_catch/176
[   12.406599] 
[   12.406857] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.406902] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.406912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.407031] Call Trace:
[   12.407049]  <TASK>
[   12.407064]  dump_stack_lvl+0x73/0xb0
[   12.407092]  print_report+0xd1/0x650
[   12.407114]  ? __virt_addr_valid+0x1db/0x2d0
[   12.407136]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.407160]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.407182]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.407206]  kasan_report+0x141/0x180
[   12.407228]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.407286]  __asan_report_store1_noabort+0x1b/0x30
[   12.407312]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.407338]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.407363]  ? finish_task_switch.isra.0+0x153/0x700
[   12.407385]  ? __switch_to+0x47/0xf50
[   12.407408]  ? __schedule+0x10cc/0x2b60
[   12.407430]  ? __pfx_read_tsc+0x10/0x10
[   12.407454]  krealloc_less_oob+0x1c/0x30
[   12.407475]  kunit_try_run_case+0x1a5/0x480
[   12.407498]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.407521]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.407544]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.407586]  ? __kthread_parkme+0x82/0x180
[   12.407605]  ? preempt_count_sub+0x50/0x80
[   12.407628]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.407666]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.407691]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.407715]  kthread+0x337/0x6f0
[   12.407734]  ? trace_preempt_on+0x20/0xc0
[   12.407767]  ? __pfx_kthread+0x10/0x10
[   12.407861]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.407888]  ? calculate_sigpending+0x7b/0xa0
[   12.407912]  ? __pfx_kthread+0x10/0x10
[   12.407934]  ret_from_fork+0x116/0x1d0
[   12.407952]  ? __pfx_kthread+0x10/0x10
[   12.407972]  ret_from_fork_asm+0x1a/0x30
[   12.408021]  </TASK>
[   12.408031] 
[   12.416417] Allocated by task 176:
[   12.416622]  kasan_save_stack+0x45/0x70
[   12.416918]  kasan_save_track+0x18/0x40
[   12.417106]  kasan_save_alloc_info+0x3b/0x50
[   12.417360]  __kasan_krealloc+0x190/0x1f0
[   12.417559]  krealloc_noprof+0xf3/0x340
[   12.417840]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.418002]  krealloc_less_oob+0x1c/0x30
[   12.418195]  kunit_try_run_case+0x1a5/0x480
[   12.418434]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.418870]  kthread+0x337/0x6f0
[   12.419020]  ret_from_fork+0x116/0x1d0
[   12.419148]  ret_from_fork_asm+0x1a/0x30
[   12.419344] 
[   12.419439] The buggy address belongs to the object at ffff888100a29000
[   12.419439]  which belongs to the cache kmalloc-256 of size 256
[   12.420282] The buggy address is located 34 bytes to the right of
[   12.420282]  allocated 201-byte region [ffff888100a29000, ffff888100a290c9)
[   12.420896] 
[   12.420993] The buggy address belongs to the physical page:
[   12.421273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a28
[   12.421541] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.421768] flags: 0x200000000000040(head|node=0|zone=2)
[   12.421936] page_type: f5(slab)
[   12.422102] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.422562] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.423240] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.423528] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.424015] head: 0200000000000001 ffffea0004028a01 00000000ffffffff 00000000ffffffff
[   12.424526] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.425036] page dumped because: kasan: bad access detected
[   12.425222] 
[   12.425289] Memory state around the buggy address:
[   12.425447]  ffff888100a28f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.425958]  ffff888100a29000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.426293] >ffff888100a29080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.426635]                                                           ^
[   12.426858]  ffff888100a29100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.427153]  ffff888100a29180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.427573] ==================================================================
[   12.299296] ==================================================================
[   12.300611] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.301534] Write of size 1 at addr ffff888100a290c9 by task kunit_try_catch/176
[   12.302800] 
[   12.303120] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.303168] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.303179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.303199] Call Trace:
[   12.303211]  <TASK>
[   12.303226]  dump_stack_lvl+0x73/0xb0
[   12.303257]  print_report+0xd1/0x650
[   12.303279]  ? __virt_addr_valid+0x1db/0x2d0
[   12.303302]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.303325]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.303348]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.303372]  kasan_report+0x141/0x180
[   12.303393]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.303421]  __asan_report_store1_noabort+0x1b/0x30
[   12.303446]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.303472]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.303498]  ? finish_task_switch.isra.0+0x153/0x700
[   12.303521]  ? __switch_to+0x47/0xf50
[   12.303548]  ? __schedule+0x10cc/0x2b60
[   12.303573]  ? __pfx_read_tsc+0x10/0x10
[   12.303597]  krealloc_less_oob+0x1c/0x30
[   12.303620]  kunit_try_run_case+0x1a5/0x480
[   12.303761]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.303792]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.303819]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.303843]  ? __kthread_parkme+0x82/0x180
[   12.303863]  ? preempt_count_sub+0x50/0x80
[   12.303886]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.303943]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.303968]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.303993]  kthread+0x337/0x6f0
[   12.304012]  ? trace_preempt_on+0x20/0xc0
[   12.304035]  ? __pfx_kthread+0x10/0x10
[   12.304055]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.304077]  ? calculate_sigpending+0x7b/0xa0
[   12.304100]  ? __pfx_kthread+0x10/0x10
[   12.304121]  ret_from_fork+0x116/0x1d0
[   12.304139]  ? __pfx_kthread+0x10/0x10
[   12.304158]  ret_from_fork_asm+0x1a/0x30
[   12.304188]  </TASK>
[   12.304199] 
[   12.317695] Allocated by task 176:
[   12.318030]  kasan_save_stack+0x45/0x70
[   12.318417]  kasan_save_track+0x18/0x40
[   12.318960]  kasan_save_alloc_info+0x3b/0x50
[   12.319376]  __kasan_krealloc+0x190/0x1f0
[   12.319824]  krealloc_noprof+0xf3/0x340
[   12.320265]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.320710]  krealloc_less_oob+0x1c/0x30
[   12.321266]  kunit_try_run_case+0x1a5/0x480
[   12.321706]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.322048]  kthread+0x337/0x6f0
[   12.322175]  ret_from_fork+0x116/0x1d0
[   12.322307]  ret_from_fork_asm+0x1a/0x30
[   12.322451] 
[   12.322522] The buggy address belongs to the object at ffff888100a29000
[   12.322522]  which belongs to the cache kmalloc-256 of size 256
[   12.323461] The buggy address is located 0 bytes to the right of
[   12.323461]  allocated 201-byte region [ffff888100a29000, ffff888100a290c9)
[   12.324719] 
[   12.324928] The buggy address belongs to the physical page:
[   12.325421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a28
[   12.326235] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.327042] flags: 0x200000000000040(head|node=0|zone=2)
[   12.327229] page_type: f5(slab)
[   12.327351] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.327579] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.328173] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.329088] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.330030] head: 0200000000000001 ffffea0004028a01 00000000ffffffff 00000000ffffffff
[   12.331045] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.331821] page dumped because: kasan: bad access detected
[   12.332257] 
[   12.332329] Memory state around the buggy address:
[   12.332491]  ffff888100a28f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.332739]  ffff888100a29000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.333550] >ffff888100a29080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.334331]                                               ^
[   12.335001]  ffff888100a29100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.335611]  ffff888100a29180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.336045] ==================================================================
[   12.336979] ==================================================================
[   12.337795] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.338489] Write of size 1 at addr ffff888100a290d0 by task kunit_try_catch/176
[   12.339292] 
[   12.339488] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.339531] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.339541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.339561] Call Trace:
[   12.339574]  <TASK>
[   12.339589]  dump_stack_lvl+0x73/0xb0
[   12.339618]  print_report+0xd1/0x650
[   12.339640]  ? __virt_addr_valid+0x1db/0x2d0
[   12.339684]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.339708]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.339731]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.339766]  kasan_report+0x141/0x180
[   12.339787]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.339816]  __asan_report_store1_noabort+0x1b/0x30
[   12.339840]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.339866]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.339891]  ? finish_task_switch.isra.0+0x153/0x700
[   12.339914]  ? __switch_to+0x47/0xf50
[   12.339938]  ? __schedule+0x10cc/0x2b60
[   12.339959]  ? __pfx_read_tsc+0x10/0x10
[   12.339982]  krealloc_less_oob+0x1c/0x30
[   12.340004]  kunit_try_run_case+0x1a5/0x480
[   12.340027]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.340049]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.340073]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.340096]  ? __kthread_parkme+0x82/0x180
[   12.340116]  ? preempt_count_sub+0x50/0x80
[   12.340138]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.340162]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.340186]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.340211]  kthread+0x337/0x6f0
[   12.340229]  ? trace_preempt_on+0x20/0xc0
[   12.340252]  ? __pfx_kthread+0x10/0x10
[   12.340272]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.340293]  ? calculate_sigpending+0x7b/0xa0
[   12.340317]  ? __pfx_kthread+0x10/0x10
[   12.340337]  ret_from_fork+0x116/0x1d0
[   12.340355]  ? __pfx_kthread+0x10/0x10
[   12.340375]  ret_from_fork_asm+0x1a/0x30
[   12.340405]  </TASK>
[   12.340415] 
[   12.349587] Allocated by task 176:
[   12.349879]  kasan_save_stack+0x45/0x70
[   12.350069]  kasan_save_track+0x18/0x40
[   12.350216]  kasan_save_alloc_info+0x3b/0x50
[   12.350456]  __kasan_krealloc+0x190/0x1f0
[   12.350720]  krealloc_noprof+0xf3/0x340
[   12.350912]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.351243]  krealloc_less_oob+0x1c/0x30
[   12.351430]  kunit_try_run_case+0x1a5/0x480
[   12.351792]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.352043]  kthread+0x337/0x6f0
[   12.352233]  ret_from_fork+0x116/0x1d0
[   12.352388]  ret_from_fork_asm+0x1a/0x30
[   12.352574] 
[   12.352801] The buggy address belongs to the object at ffff888100a29000
[   12.352801]  which belongs to the cache kmalloc-256 of size 256
[   12.353304] The buggy address is located 7 bytes to the right of
[   12.353304]  allocated 201-byte region [ffff888100a29000, ffff888100a290c9)
[   12.353840] 
[   12.353995] The buggy address belongs to the physical page:
[   12.354248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a28
[   12.354634] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.355016] flags: 0x200000000000040(head|node=0|zone=2)
[   12.355361] page_type: f5(slab)
[   12.355555] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.355900] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.356118] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.356338] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.356993] head: 0200000000000001 ffffea0004028a01 00000000ffffffff 00000000ffffffff
[   12.357371] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.357873] page dumped because: kasan: bad access detected
[   12.358154] 
[   12.358248] Memory state around the buggy address:
[   12.358408]  ffff888100a28f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.358702]  ffff888100a29000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.359062] >ffff888100a29080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.359374]                                                  ^
[   12.359637]  ffff888100a29100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.359984]  ffff888100a29180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.360308] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zlvaLrZSqyxKLgkP1ikhX5yASN

job_id

TEST:linaro@lkft#2zlvfyTmTyminRKXkr1Gwqf6AqT

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zlvfyTmTyminRKXkr1Gwqf6AqT

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/bzImage
sha256sum	f2525a42db3db7704392b60a0a7b6300b86c21d1b4e3f0c9a4ee165428e9e2ac

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zlvdC7xMQ1AuKzcmJ9sl7lyJZU/modules.tar.xz
sha256sum	3e7e7b5cd868a19ceea397cd34a8ca08bcda09aac07bf76e95a38de35372b59a

durations

tests

boot	0
kunit	211.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit