lkft/linux-mainline-master - v6.16-rc5-266-g3f31a806a62e - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 12, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.653027] ==================================================================
[   16.653229] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.653315] Write of size 1 at addr fff00000c665e0d0 by task kunit_try_catch/162
[   16.653426] 
[   16.653457] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.653536] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.653562] Hardware name: linux,dummy-virt (DT)
[   16.653598] Call trace:
[   16.653618]  show_stack+0x20/0x38 (C)
[   16.653794]  dump_stack_lvl+0x8c/0xd0
[   16.653855]  print_report+0x118/0x5d0
[   16.653900]  kasan_report+0xdc/0x128
[   16.653955]  __asan_report_store1_noabort+0x20/0x30
[   16.654043]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.654130]  krealloc_large_less_oob+0x20/0x38
[   16.654209]  kunit_try_run_case+0x170/0x3f0
[   16.654256]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.654307]  kthread+0x328/0x630
[   16.654370]  ret_from_fork+0x10/0x20
[   16.654418] 
[   16.654443] The buggy address belongs to the physical page:
[   16.654473] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10665c
[   16.654525] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.654582] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.654633] page_type: f8(unknown)
[   16.654670] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.654729] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.654779] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.654827] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.654885] head: 0bfffe0000000002 ffffc1ffc3199701 00000000ffffffff 00000000ffffffff
[   16.654939] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.654979] page dumped because: kasan: bad access detected
[   16.655014] 
[   16.655031] Memory state around the buggy address:
[   16.655066]  fff00000c665df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.655108]  fff00000c665e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.655154] >fff00000c665e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.655482]                                                  ^
[   16.655525]  fff00000c665e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.655734]  fff00000c665e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.655908] ==================================================================
[   16.603143] ==================================================================
[   16.603352] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.603449] Write of size 1 at addr fff00000c47862da by task kunit_try_catch/158
[   16.603604] 
[   16.603662] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.603809] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.603837] Hardware name: linux,dummy-virt (DT)
[   16.603875] Call trace:
[   16.603895]  show_stack+0x20/0x38 (C)
[   16.604079]  dump_stack_lvl+0x8c/0xd0
[   16.604162]  print_report+0x118/0x5d0
[   16.604224]  kasan_report+0xdc/0x128
[   16.604286]  __asan_report_store1_noabort+0x20/0x30
[   16.604456]  krealloc_less_oob_helper+0xa80/0xc50
[   16.604556]  krealloc_less_oob+0x20/0x38
[   16.604698]  kunit_try_run_case+0x170/0x3f0
[   16.604829]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.605012]  kthread+0x328/0x630
[   16.605085]  ret_from_fork+0x10/0x20
[   16.605518] 
[   16.605597] Allocated by task 158:
[   16.605719]  kasan_save_stack+0x3c/0x68
[   16.605822]  kasan_save_track+0x20/0x40
[   16.605957]  kasan_save_alloc_info+0x40/0x58
[   16.606008]  __kasan_krealloc+0x118/0x178
[   16.606045]  krealloc_noprof+0x128/0x360
[   16.606090]  krealloc_less_oob_helper+0x168/0xc50
[   16.606140]  krealloc_less_oob+0x20/0x38
[   16.606236]  kunit_try_run_case+0x170/0x3f0
[   16.606291]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.606343]  kthread+0x328/0x630
[   16.606374]  ret_from_fork+0x10/0x20
[   16.606418] 
[   16.606437] The buggy address belongs to the object at fff00000c4786200
[   16.606437]  which belongs to the cache kmalloc-256 of size 256
[   16.606503] The buggy address is located 17 bytes to the right of
[   16.606503]  allocated 201-byte region [fff00000c4786200, fff00000c47862c9)
[   16.606568] 
[   16.606586] The buggy address belongs to the physical page:
[   16.606617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104786
[   16.606669] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.606724] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.606773] page_type: f5(slab)
[   16.606810] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.606858] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.606917] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.606964] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.607022] head: 0bfffe0000000001 ffffc1ffc311e181 00000000ffffffff 00000000ffffffff
[   16.607076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.607116] page dumped because: kasan: bad access detected
[   16.607155] 
[   16.607182] Memory state around the buggy address:
[   16.607427]  fff00000c4786180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.607540]  fff00000c4786200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.607763] >fff00000c4786280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.607838]                                                     ^
[   16.608338]  fff00000c4786300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.608734]  fff00000c4786380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.608869] ==================================================================
[   16.646397] ==================================================================
[   16.646453] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.646503] Write of size 1 at addr fff00000c665e0c9 by task kunit_try_catch/162
[   16.646733] 
[   16.646785] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.646874] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.646911] Hardware name: linux,dummy-virt (DT)
[   16.646993] Call trace:
[   16.647031]  show_stack+0x20/0x38 (C)
[   16.647082]  dump_stack_lvl+0x8c/0xd0
[   16.647127]  print_report+0x118/0x5d0
[   16.647250]  kasan_report+0xdc/0x128
[   16.647318]  __asan_report_store1_noabort+0x20/0x30
[   16.647486]  krealloc_less_oob_helper+0xa48/0xc50
[   16.647568]  krealloc_large_less_oob+0x20/0x38
[   16.647616]  kunit_try_run_case+0x170/0x3f0
[   16.647689]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.647888]  kthread+0x328/0x630
[   16.648060]  ret_from_fork+0x10/0x20
[   16.648131] 
[   16.648151] The buggy address belongs to the physical page:
[   16.648193] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10665c
[   16.648626] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.648752] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.648919] page_type: f8(unknown)
[   16.648982] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.649150] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.649254] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.649470] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.649564] head: 0bfffe0000000002 ffffc1ffc3199701 00000000ffffffff 00000000ffffffff
[   16.649620] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.649686] page dumped because: kasan: bad access detected
[   16.649796] 
[   16.649865] Memory state around the buggy address:
[   16.649946]  fff00000c665df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.650050]  fff00000c665e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.650092] >fff00000c665e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.650129]                                               ^
[   16.650196]  fff00000c665e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.650238]  fff00000c665e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.650276] ==================================================================
[   16.616674] ==================================================================
[   16.616727] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.616784] Write of size 1 at addr fff00000c47862eb by task kunit_try_catch/158
[   16.616941] 
[   16.617002] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.617148] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.617327] Hardware name: linux,dummy-virt (DT)
[   16.617375] Call trace:
[   16.617486]  show_stack+0x20/0x38 (C)
[   16.617540]  dump_stack_lvl+0x8c/0xd0
[   16.617584]  print_report+0x118/0x5d0
[   16.617717]  kasan_report+0xdc/0x128
[   16.617781]  __asan_report_store1_noabort+0x20/0x30
[   16.617831]  krealloc_less_oob_helper+0xa58/0xc50
[   16.618042]  krealloc_less_oob+0x20/0x38
[   16.618109]  kunit_try_run_case+0x170/0x3f0
[   16.618196]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.618250]  kthread+0x328/0x630
[   16.618299]  ret_from_fork+0x10/0x20
[   16.618391] 
[   16.618410] Allocated by task 158:
[   16.618437]  kasan_save_stack+0x3c/0x68
[   16.618506]  kasan_save_track+0x20/0x40
[   16.618605]  kasan_save_alloc_info+0x40/0x58
[   16.618648]  __kasan_krealloc+0x118/0x178
[   16.618712]  krealloc_noprof+0x128/0x360
[   16.618756]  krealloc_less_oob_helper+0x168/0xc50
[   16.618924]  krealloc_less_oob+0x20/0x38
[   16.618976]  kunit_try_run_case+0x170/0x3f0
[   16.619037]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.619218]  kthread+0x328/0x630
[   16.619309]  ret_from_fork+0x10/0x20
[   16.619390] 
[   16.619630] The buggy address belongs to the object at fff00000c4786200
[   16.619630]  which belongs to the cache kmalloc-256 of size 256
[   16.619699] The buggy address is located 34 bytes to the right of
[   16.619699]  allocated 201-byte region [fff00000c4786200, fff00000c47862c9)
[   16.619784] 
[   16.619802] The buggy address belongs to the physical page:
[   16.619832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104786
[   16.619883] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.619931] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.619981] page_type: f5(slab)
[   16.620017] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.620377] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.620467] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.620663] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.620741] head: 0bfffe0000000001 ffffc1ffc311e181 00000000ffffffff 00000000ffffffff
[   16.620826] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.620974] page dumped because: kasan: bad access detected
[   16.621005] 
[   16.621250] Memory state around the buggy address:
[   16.621332]  fff00000c4786180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.621477]  fff00000c4786200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.621556] >fff00000c4786280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.621634]                                                           ^
[   16.621683]  fff00000c4786300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.621734]  fff00000c4786380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.621776] ==================================================================
[   16.657374] ==================================================================
[   16.657558] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.657616] Write of size 1 at addr fff00000c665e0da by task kunit_try_catch/162
[   16.657748] 
[   16.657782] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.657862] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.658066] Hardware name: linux,dummy-virt (DT)
[   16.658196] Call trace:
[   16.658222]  show_stack+0x20/0x38 (C)
[   16.658342]  dump_stack_lvl+0x8c/0xd0
[   16.658408]  print_report+0x118/0x5d0
[   16.658454]  kasan_report+0xdc/0x128
[   16.658623]  __asan_report_store1_noabort+0x20/0x30
[   16.658690]  krealloc_less_oob_helper+0xa80/0xc50
[   16.658738]  krealloc_large_less_oob+0x20/0x38
[   16.658794]  kunit_try_run_case+0x170/0x3f0
[   16.658840]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.658929]  kthread+0x328/0x630
[   16.658974]  ret_from_fork+0x10/0x20
[   16.659029] 
[   16.659049] The buggy address belongs to the physical page:
[   16.659292] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10665c
[   16.659389] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.659447] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.659577] page_type: f8(unknown)
[   16.659652] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.659847] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.659903] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.660054] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.660234] head: 0bfffe0000000002 ffffc1ffc3199701 00000000ffffffff 00000000ffffffff
[   16.660318] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.660416] page dumped because: kasan: bad access detected
[   16.660494] 
[   16.660547] Memory state around the buggy address:
[   16.660579]  fff00000c665df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.660818]  fff00000c665e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.660922] >fff00000c665e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.661009]                                                     ^
[   16.661094]  fff00000c665e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.661211]  fff00000c665e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.661271] ==================================================================
[   16.595347] ==================================================================
[   16.595431] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.595604] Write of size 1 at addr fff00000c47862d0 by task kunit_try_catch/158
[   16.595713] 
[   16.595834] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.595967] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.595993] Hardware name: linux,dummy-virt (DT)
[   16.596023] Call trace:
[   16.596044]  show_stack+0x20/0x38 (C)
[   16.596292]  dump_stack_lvl+0x8c/0xd0
[   16.596341]  print_report+0x118/0x5d0
[   16.596421]  kasan_report+0xdc/0x128
[   16.596588]  __asan_report_store1_noabort+0x20/0x30
[   16.596759]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.596847]  krealloc_less_oob+0x20/0x38
[   16.596962]  kunit_try_run_case+0x170/0x3f0
[   16.597071]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.597220]  kthread+0x328/0x630
[   16.597265]  ret_from_fork+0x10/0x20
[   16.597505] 
[   16.597543] Allocated by task 158:
[   16.597720]  kasan_save_stack+0x3c/0x68
[   16.597801]  kasan_save_track+0x20/0x40
[   16.597969]  kasan_save_alloc_info+0x40/0x58
[   16.598230]  __kasan_krealloc+0x118/0x178
[   16.598469]  krealloc_noprof+0x128/0x360
[   16.598513]  krealloc_less_oob_helper+0x168/0xc50
[   16.598589]  krealloc_less_oob+0x20/0x38
[   16.598780]  kunit_try_run_case+0x170/0x3f0
[   16.598861]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.599023]  kthread+0x328/0x630
[   16.599162]  ret_from_fork+0x10/0x20
[   16.599212] 
[   16.599365] The buggy address belongs to the object at fff00000c4786200
[   16.599365]  which belongs to the cache kmalloc-256 of size 256
[   16.599427] The buggy address is located 7 bytes to the right of
[   16.599427]  allocated 201-byte region [fff00000c4786200, fff00000c47862c9)
[   16.599501] 
[   16.599520] The buggy address belongs to the physical page:
[   16.599557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104786
[   16.599614] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.599667] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.599717] page_type: f5(slab)
[   16.600141] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.600241] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.600426] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.600600] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.600689] head: 0bfffe0000000001 ffffc1ffc311e181 00000000ffffffff 00000000ffffffff
[   16.600837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.600902] page dumped because: kasan: bad access detected
[   16.600933] 
[   16.600990] Memory state around the buggy address:
[   16.601208]  fff00000c4786180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.601256]  fff00000c4786200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.601313] >fff00000c4786280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.601369]                                                  ^
[   16.601481]  fff00000c4786300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.601538]  fff00000c4786380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.601636] ==================================================================
[   16.586704] ==================================================================
[   16.586761] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.586869] Write of size 1 at addr fff00000c47862c9 by task kunit_try_catch/158
[   16.586942] 
[   16.586981] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.587067] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.587094] Hardware name: linux,dummy-virt (DT)
[   16.587123] Call trace:
[   16.587145]  show_stack+0x20/0x38 (C)
[   16.587213]  dump_stack_lvl+0x8c/0xd0
[   16.587287]  print_report+0x118/0x5d0
[   16.587335]  kasan_report+0xdc/0x128
[   16.587380]  __asan_report_store1_noabort+0x20/0x30
[   16.587430]  krealloc_less_oob_helper+0xa48/0xc50
[   16.587479]  krealloc_less_oob+0x20/0x38
[   16.588011]  kunit_try_run_case+0x170/0x3f0
[   16.588475]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.588589]  kthread+0x328/0x630
[   16.589016]  ret_from_fork+0x10/0x20
[   16.589252] 
[   16.589560] Allocated by task 158:
[   16.589714]  kasan_save_stack+0x3c/0x68
[   16.589781]  kasan_save_track+0x20/0x40
[   16.589955]  kasan_save_alloc_info+0x40/0x58
[   16.590095]  __kasan_krealloc+0x118/0x178
[   16.590407]  krealloc_noprof+0x128/0x360
[   16.590558]  krealloc_less_oob_helper+0x168/0xc50
[   16.590710]  krealloc_less_oob+0x20/0x38
[   16.590807]  kunit_try_run_case+0x170/0x3f0
[   16.590930]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.590977]  kthread+0x328/0x630
[   16.591038]  ret_from_fork+0x10/0x20
[   16.591457] 
[   16.591506] The buggy address belongs to the object at fff00000c4786200
[   16.591506]  which belongs to the cache kmalloc-256 of size 256
[   16.591661] The buggy address is located 0 bytes to the right of
[   16.591661]  allocated 201-byte region [fff00000c4786200, fff00000c47862c9)
[   16.591809] 
[   16.591858] The buggy address belongs to the physical page:
[   16.591931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104786
[   16.592017] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.592137] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.592201] page_type: f5(slab)
[   16.592440] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.592531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.592726] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.592892] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.593042] head: 0bfffe0000000001 ffffc1ffc311e181 00000000ffffffff 00000000ffffffff
[   16.593168] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.593321] page dumped because: kasan: bad access detected
[   16.593365] 
[   16.593383] Memory state around the buggy address:
[   16.593414]  fff00000c4786180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.593623]  fff00000c4786200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.593852] >fff00000c4786280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.594065]                                               ^
[   16.594164]  fff00000c4786300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.594290]  fff00000c4786380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.594329] ==================================================================
[   16.661955] ==================================================================
[   16.662004] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.662050] Write of size 1 at addr fff00000c665e0ea by task kunit_try_catch/162
[   16.662348] 
[   16.662384] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.662538] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.662582] Hardware name: linux,dummy-virt (DT)
[   16.662658] Call trace:
[   16.662694]  show_stack+0x20/0x38 (C)
[   16.662760]  dump_stack_lvl+0x8c/0xd0
[   16.662805]  print_report+0x118/0x5d0
[   16.662979]  kasan_report+0xdc/0x128
[   16.663053]  __asan_report_store1_noabort+0x20/0x30
[   16.663112]  krealloc_less_oob_helper+0xae4/0xc50
[   16.663192]  krealloc_large_less_oob+0x20/0x38
[   16.663374]  kunit_try_run_case+0x170/0x3f0
[   16.663422]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.663635]  kthread+0x328/0x630
[   16.663681]  ret_from_fork+0x10/0x20
[   16.663770] 
[   16.663806] The buggy address belongs to the physical page:
[   16.663896] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10665c
[   16.663969] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.664080] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.664288] page_type: f8(unknown)
[   16.664354] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.664406] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.664469] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.664539] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.664589] head: 0bfffe0000000002 ffffc1ffc3199701 00000000ffffffff 00000000ffffffff
[   16.664647] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.664686] page dumped because: kasan: bad access detected
[   16.664716] 
[   16.664733] Memory state around the buggy address:
[   16.664772]  fff00000c665df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.664814]  fff00000c665e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.664861] >fff00000c665e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.664907]                                                           ^
[   16.664946]  fff00000c665e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.664987]  fff00000c665e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.665042] ==================================================================
[   16.665679] ==================================================================
[   16.665811] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.665869] Write of size 1 at addr fff00000c665e0eb by task kunit_try_catch/162
[   16.665966] 
[   16.666052] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.666166] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.666234] Hardware name: linux,dummy-virt (DT)
[   16.666282] Call trace:
[   16.666343]  show_stack+0x20/0x38 (C)
[   16.666411]  dump_stack_lvl+0x8c/0xd0
[   16.666456]  print_report+0x118/0x5d0
[   16.666627]  kasan_report+0xdc/0x128
[   16.666698]  __asan_report_store1_noabort+0x20/0x30
[   16.666767]  krealloc_less_oob_helper+0xa58/0xc50
[   16.666815]  krealloc_large_less_oob+0x20/0x38
[   16.666928]  kunit_try_run_case+0x170/0x3f0
[   16.667102]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.667198]  kthread+0x328/0x630
[   16.667333]  ret_from_fork+0x10/0x20
[   16.667419] 
[   16.667511] The buggy address belongs to the physical page:
[   16.667546] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10665c
[   16.667620] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.667800] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.667998] page_type: f8(unknown)
[   16.668100] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.668257] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.668321] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.668520] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.668578] head: 0bfffe0000000002 ffffc1ffc3199701 00000000ffffffff 00000000ffffffff
[   16.668675] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.668774] page dumped because: kasan: bad access detected
[   16.668911] 
[   16.669041] Memory state around the buggy address:
[   16.669130]  fff00000c665df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.669196]  fff00000c665e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.669344] >fff00000c665e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.669454]                                                           ^
[   16.669495]  fff00000c665e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.669548]  fff00000c665e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.669878] ==================================================================
[   16.609256] ==================================================================
[   16.609479] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.609538] Write of size 1 at addr fff00000c47862ea by task kunit_try_catch/158
[   16.609720] 
[   16.609758] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.609860] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.609917] Hardware name: linux,dummy-virt (DT)
[   16.609981] Call trace:
[   16.610020]  show_stack+0x20/0x38 (C)
[   16.610122]  dump_stack_lvl+0x8c/0xd0
[   16.610183]  print_report+0x118/0x5d0
[   16.610228]  kasan_report+0xdc/0x128
[   16.610330]  __asan_report_store1_noabort+0x20/0x30
[   16.610384]  krealloc_less_oob_helper+0xae4/0xc50
[   16.610432]  krealloc_less_oob+0x20/0x38
[   16.610476]  kunit_try_run_case+0x170/0x3f0
[   16.610549]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.610627]  kthread+0x328/0x630
[   16.610786]  ret_from_fork+0x10/0x20
[   16.610862] 
[   16.610880] Allocated by task 158:
[   16.611024]  kasan_save_stack+0x3c/0x68
[   16.611095]  kasan_save_track+0x20/0x40
[   16.611133]  kasan_save_alloc_info+0x40/0x58
[   16.611200]  __kasan_krealloc+0x118/0x178
[   16.611389]  krealloc_noprof+0x128/0x360
[   16.611550]  krealloc_less_oob_helper+0x168/0xc50
[   16.611624]  krealloc_less_oob+0x20/0x38
[   16.611734]  kunit_try_run_case+0x170/0x3f0
[   16.611874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.611926]  kthread+0x328/0x630
[   16.611976]  ret_from_fork+0x10/0x20
[   16.612141] 
[   16.612240] The buggy address belongs to the object at fff00000c4786200
[   16.612240]  which belongs to the cache kmalloc-256 of size 256
[   16.612412] The buggy address is located 33 bytes to the right of
[   16.612412]  allocated 201-byte region [fff00000c4786200, fff00000c47862c9)
[   16.612486] 
[   16.612505] The buggy address belongs to the physical page:
[   16.612693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104786
[   16.612751] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.612873] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.612954] page_type: f5(slab)
[   16.612991] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.613205] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.613259] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.613332] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.613450] head: 0bfffe0000000001 ffffc1ffc311e181 00000000ffffffff 00000000ffffffff
[   16.613567] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.613743] page dumped because: kasan: bad access detected
[   16.613777] 
[   16.613837] Memory state around the buggy address:
[   16.614007]  fff00000c4786180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.614097]  fff00000c4786200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.614235] >fff00000c4786280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.614273]                                                           ^
[   16.614626]  fff00000c4786300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.614716]  fff00000c4786380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.614967] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2znL9QWSKh9jtM3vTXwXjWrQIyK

job_id

TEST:linaro@lkft#2znLDVLP3ZXG8pfhY1jEbNie9dN

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2znLDVLP3ZXG8pfhY1jEbNie9dN

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLAbhqx7JKeEJepxMHIK2e3q3/Image.gz
sha256sum	2076283a81f0cbb0cb655b0b1a6f1f543a528d6518b44450c43376cd43cb9fb5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLAbhqx7JKeEJepxMHIK2e3q3/modules.tar.xz
sha256sum	8e0ad1fd79bc59f15b066f7e6b46d18cbb8a16a6dd13f47c309f97c71ffc31d7

durations

tests

boot	0
kunit	172.04

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.770091] ==================================================================
[   12.770514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.770781] Write of size 1 at addr ffff88810272e0c9 by task kunit_try_catch/179
[   12.771020] 
[   12.771115] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.771161] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.771173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.771194] Call Trace:
[   12.771207]  <TASK>
[   12.771533]  dump_stack_lvl+0x73/0xb0
[   12.771577]  print_report+0xd1/0x610
[   12.771602]  ? __virt_addr_valid+0x1db/0x2d0
[   12.771628]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.771654]  ? kasan_addr_to_slab+0x11/0xa0
[   12.771675]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.771700]  kasan_report+0x141/0x180
[   12.771722]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.771751]  __asan_report_store1_noabort+0x1b/0x30
[   12.771816]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.771843]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.771869]  ? finish_task_switch.isra.0+0x153/0x700
[   12.771894]  ? __switch_to+0x47/0xf50
[   12.771921]  ? __schedule+0x10cc/0x2b60
[   12.771945]  ? __pfx_read_tsc+0x10/0x10
[   12.771970]  krealloc_large_less_oob+0x1c/0x30
[   12.772120]  kunit_try_run_case+0x1a5/0x480
[   12.772149]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.772173]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.772199]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.772223]  ? __kthread_parkme+0x82/0x180
[   12.772245]  ? preempt_count_sub+0x50/0x80
[   12.772280]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.772305]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.772330]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.772356]  kthread+0x337/0x6f0
[   12.772375]  ? trace_preempt_on+0x20/0xc0
[   12.772400]  ? __pfx_kthread+0x10/0x10
[   12.772421]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.772443]  ? calculate_sigpending+0x7b/0xa0
[   12.772469]  ? __pfx_kthread+0x10/0x10
[   12.772490]  ret_from_fork+0x116/0x1d0
[   12.772509]  ? __pfx_kthread+0x10/0x10
[   12.772529]  ret_from_fork_asm+0x1a/0x30
[   12.772561]  </TASK>
[   12.772572] 
[   12.784681] The buggy address belongs to the physical page:
[   12.784875] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10272c
[   12.785471] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.787340] flags: 0x200000000000040(head|node=0|zone=2)
[   12.787538] page_type: f8(unknown)
[   12.787672] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.787955] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.788526] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.789406] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.789691] head: 0200000000000002 ffffea000409cb01 00000000ffffffff 00000000ffffffff
[   12.789920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.790683] page dumped because: kasan: bad access detected
[   12.791332] 
[   12.791547] Memory state around the buggy address:
[   12.792049]  ffff88810272df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.792872]  ffff88810272e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.793478] >ffff88810272e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.793692]                                               ^
[   12.793866]  ffff88810272e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.794091]  ffff88810272e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.794787] ==================================================================
[   12.669583] ==================================================================
[   12.669920] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.670512] Write of size 1 at addr ffff888100a2e0ea by task kunit_try_catch/175
[   12.670751] 
[   12.670843] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.670888] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.670899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.670920] Call Trace:
[   12.670938]  <TASK>
[   12.670954]  dump_stack_lvl+0x73/0xb0
[   12.670984]  print_report+0xd1/0x610
[   12.671006]  ? __virt_addr_valid+0x1db/0x2d0
[   12.671029]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.671053]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.671076]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.671101]  kasan_report+0x141/0x180
[   12.671122]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.671151]  __asan_report_store1_noabort+0x1b/0x30
[   12.671176]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.671202]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.671227]  ? finish_task_switch.isra.0+0x153/0x700
[   12.671250]  ? __switch_to+0x47/0xf50
[   12.671288]  ? __schedule+0x10cc/0x2b60
[   12.671310]  ? __pfx_read_tsc+0x10/0x10
[   12.671334]  krealloc_less_oob+0x1c/0x30
[   12.671355]  kunit_try_run_case+0x1a5/0x480
[   12.671379]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.671402]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.671426]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.671450]  ? __kthread_parkme+0x82/0x180
[   12.671470]  ? preempt_count_sub+0x50/0x80
[   12.671493]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.671607]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.671638]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.671663]  kthread+0x337/0x6f0
[   12.671683]  ? trace_preempt_on+0x20/0xc0
[   12.671708]  ? __pfx_kthread+0x10/0x10
[   12.671728]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.671750]  ? calculate_sigpending+0x7b/0xa0
[   12.671774]  ? __pfx_kthread+0x10/0x10
[   12.671795]  ret_from_fork+0x116/0x1d0
[   12.671814]  ? __pfx_kthread+0x10/0x10
[   12.671834]  ret_from_fork_asm+0x1a/0x30
[   12.671864]  </TASK>
[   12.671875] 
[   12.681253] Allocated by task 175:
[   12.681409]  kasan_save_stack+0x45/0x70
[   12.681604]  kasan_save_track+0x18/0x40
[   12.681797]  kasan_save_alloc_info+0x3b/0x50
[   12.682013]  __kasan_krealloc+0x190/0x1f0
[   12.682213]  krealloc_noprof+0xf3/0x340
[   12.682396]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.682581]  krealloc_less_oob+0x1c/0x30
[   12.682735]  kunit_try_run_case+0x1a5/0x480
[   12.682944]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.683215]  kthread+0x337/0x6f0
[   12.684203]  ret_from_fork+0x116/0x1d0
[   12.685304]  ret_from_fork_asm+0x1a/0x30
[   12.686327] 
[   12.686886] The buggy address belongs to the object at ffff888100a2e000
[   12.686886]  which belongs to the cache kmalloc-256 of size 256
[   12.688291] The buggy address is located 33 bytes to the right of
[   12.688291]  allocated 201-byte region [ffff888100a2e000, ffff888100a2e0c9)
[   12.689477] 
[   12.689908] The buggy address belongs to the physical page:
[   12.690803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2e
[   12.691350] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.691674] flags: 0x200000000000040(head|node=0|zone=2)
[   12.691924] page_type: f5(slab)
[   12.692081] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.692410] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.692714] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.693012] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.693381] head: 0200000000000001 ffffea0004028b81 00000000ffffffff 00000000ffffffff
[   12.693740] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.694293] page dumped because: kasan: bad access detected
[   12.694478] 
[   12.694572] Memory state around the buggy address:
[   12.694805]  ffff888100a2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.695189]  ffff888100a2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.695504] >ffff888100a2e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.695751]                                                           ^
[   12.696106]  ffff888100a2e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.696403]  ffff888100a2e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.696690] ==================================================================
[   12.589514] ==================================================================
[   12.591519] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.592769] Write of size 1 at addr ffff888100a2e0c9 by task kunit_try_catch/175
[   12.593739] 
[   12.593936] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.593986] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.593998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.594020] Call Trace:
[   12.595058]  <TASK>
[   12.595084]  dump_stack_lvl+0x73/0xb0
[   12.595121]  print_report+0xd1/0x610
[   12.595145]  ? __virt_addr_valid+0x1db/0x2d0
[   12.595170]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.595194]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.595217]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.595241]  kasan_report+0x141/0x180
[   12.595275]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.595303]  __asan_report_store1_noabort+0x1b/0x30
[   12.595330]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.595356]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.595381]  ? finish_task_switch.isra.0+0x153/0x700
[   12.595405]  ? __switch_to+0x47/0xf50
[   12.595431]  ? __schedule+0x10cc/0x2b60
[   12.595453]  ? __pfx_read_tsc+0x10/0x10
[   12.595477]  krealloc_less_oob+0x1c/0x30
[   12.595498]  kunit_try_run_case+0x1a5/0x480
[   12.595524]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.595546]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.595571]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.595594]  ? __kthread_parkme+0x82/0x180
[   12.595615]  ? preempt_count_sub+0x50/0x80
[   12.595638]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.595662]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.595686]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.595711]  kthread+0x337/0x6f0
[   12.595729]  ? trace_preempt_on+0x20/0xc0
[   12.595754]  ? __pfx_kthread+0x10/0x10
[   12.595774]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.595796]  ? calculate_sigpending+0x7b/0xa0
[   12.595820]  ? __pfx_kthread+0x10/0x10
[   12.595841]  ret_from_fork+0x116/0x1d0
[   12.595859]  ? __pfx_kthread+0x10/0x10
[   12.595879]  ret_from_fork_asm+0x1a/0x30
[   12.595910]  </TASK>
[   12.595920] 
[   12.607948] Allocated by task 175:
[   12.608337]  kasan_save_stack+0x45/0x70
[   12.608686]  kasan_save_track+0x18/0x40
[   12.608920]  kasan_save_alloc_info+0x3b/0x50
[   12.609145]  __kasan_krealloc+0x190/0x1f0
[   12.609307]  krealloc_noprof+0xf3/0x340
[   12.609446]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.609610]  krealloc_less_oob+0x1c/0x30
[   12.609749]  kunit_try_run_case+0x1a5/0x480
[   12.609895]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.610487]  kthread+0x337/0x6f0
[   12.610636]  ret_from_fork+0x116/0x1d0
[   12.610805]  ret_from_fork_asm+0x1a/0x30
[   12.611227] 
[   12.611457] The buggy address belongs to the object at ffff888100a2e000
[   12.611457]  which belongs to the cache kmalloc-256 of size 256
[   12.611973] The buggy address is located 0 bytes to the right of
[   12.611973]  allocated 201-byte region [ffff888100a2e000, ffff888100a2e0c9)
[   12.613172] 
[   12.613251] The buggy address belongs to the physical page:
[   12.613452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2e
[   12.613702] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.613931] flags: 0x200000000000040(head|node=0|zone=2)
[   12.614110] page_type: f5(slab)
[   12.614623] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.615372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.615618] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.615857] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.616579] head: 0200000000000001 ffffea0004028b81 00000000ffffffff 00000000ffffffff
[   12.618253] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.618929] page dumped because: kasan: bad access detected
[   12.619408] 
[   12.619484] Memory state around the buggy address:
[   12.619638]  ffff888100a2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.620056]  ffff888100a2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.620313] >ffff888100a2e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.620521]                                               ^
[   12.620692]  ffff888100a2e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.621732]  ffff888100a2e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.622208] ==================================================================
[   12.795537] ==================================================================
[   12.795789] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.796044] Write of size 1 at addr ffff88810272e0d0 by task kunit_try_catch/179
[   12.797726] 
[   12.798063] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.798321] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.798334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.798355] Call Trace:
[   12.798367]  <TASK>
[   12.798385]  dump_stack_lvl+0x73/0xb0
[   12.798419]  print_report+0xd1/0x610
[   12.798442]  ? __virt_addr_valid+0x1db/0x2d0
[   12.798467]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.798492]  ? kasan_addr_to_slab+0x11/0xa0
[   12.798512]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.798537]  kasan_report+0x141/0x180
[   12.798559]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.798588]  __asan_report_store1_noabort+0x1b/0x30
[   12.798614]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.798640]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.798666]  ? finish_task_switch.isra.0+0x153/0x700
[   12.798689]  ? __switch_to+0x47/0xf50
[   12.798723]  ? __schedule+0x10cc/0x2b60
[   12.798747]  ? __pfx_read_tsc+0x10/0x10
[   12.798771]  krealloc_large_less_oob+0x1c/0x30
[   12.798795]  kunit_try_run_case+0x1a5/0x480
[   12.798820]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.798844]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.798868]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.798892]  ? __kthread_parkme+0x82/0x180
[   12.798913]  ? preempt_count_sub+0x50/0x80
[   12.798936]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.798961]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.799118]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.799147]  kthread+0x337/0x6f0
[   12.799181]  ? trace_preempt_on+0x20/0xc0
[   12.799206]  ? __pfx_kthread+0x10/0x10
[   12.799226]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.799291]  ? calculate_sigpending+0x7b/0xa0
[   12.799316]  ? __pfx_kthread+0x10/0x10
[   12.799338]  ret_from_fork+0x116/0x1d0
[   12.799358]  ? __pfx_kthread+0x10/0x10
[   12.799379]  ret_from_fork_asm+0x1a/0x30
[   12.799410]  </TASK>
[   12.799421] 
[   12.815628] The buggy address belongs to the physical page:
[   12.816194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10272c
[   12.817308] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.818103] flags: 0x200000000000040(head|node=0|zone=2)
[   12.818766] page_type: f8(unknown)
[   12.819258] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.820100] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.820843] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.821688] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.822614] head: 0200000000000002 ffffea000409cb01 00000000ffffffff 00000000ffffffff
[   12.822912] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.823824] page dumped because: kasan: bad access detected
[   12.824483] 
[   12.824679] Memory state around the buggy address:
[   12.825203]  ffff88810272df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.825765]  ffff88810272e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.826000] >ffff88810272e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.826705]                                                  ^
[   12.827541]  ffff88810272e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.828334]  ffff88810272e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.828640] ==================================================================
[   12.697227] ==================================================================
[   12.697586] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.697873] Write of size 1 at addr ffff888100a2e0eb by task kunit_try_catch/175
[   12.698439] 
[   12.698553] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.698599] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.698610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.698630] Call Trace:
[   12.698649]  <TASK>
[   12.698665]  dump_stack_lvl+0x73/0xb0
[   12.698695]  print_report+0xd1/0x610
[   12.698721]  ? __virt_addr_valid+0x1db/0x2d0
[   12.698745]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.698770]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.698792]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.698817]  kasan_report+0x141/0x180
[   12.698838]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.698867]  __asan_report_store1_noabort+0x1b/0x30
[   12.698892]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.698918]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.698943]  ? finish_task_switch.isra.0+0x153/0x700
[   12.699048]  ? __switch_to+0x47/0xf50
[   12.699078]  ? __schedule+0x10cc/0x2b60
[   12.699100]  ? __pfx_read_tsc+0x10/0x10
[   12.699124]  krealloc_less_oob+0x1c/0x30
[   12.699146]  kunit_try_run_case+0x1a5/0x480
[   12.699171]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.699194]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.699218]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.699241]  ? __kthread_parkme+0x82/0x180
[   12.699273]  ? preempt_count_sub+0x50/0x80
[   12.699296]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.699320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.699344]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.699369]  kthread+0x337/0x6f0
[   12.699389]  ? trace_preempt_on+0x20/0xc0
[   12.699412]  ? __pfx_kthread+0x10/0x10
[   12.699432]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.699454]  ? calculate_sigpending+0x7b/0xa0
[   12.699478]  ? __pfx_kthread+0x10/0x10
[   12.699499]  ret_from_fork+0x116/0x1d0
[   12.699517]  ? __pfx_kthread+0x10/0x10
[   12.699539]  ret_from_fork_asm+0x1a/0x30
[   12.699570]  </TASK>
[   12.699580] 
[   12.707334] Allocated by task 175:
[   12.707474]  kasan_save_stack+0x45/0x70
[   12.707679]  kasan_save_track+0x18/0x40
[   12.707869]  kasan_save_alloc_info+0x3b/0x50
[   12.708157]  __kasan_krealloc+0x190/0x1f0
[   12.708372]  krealloc_noprof+0xf3/0x340
[   12.708565]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.708758]  krealloc_less_oob+0x1c/0x30
[   12.708902]  kunit_try_run_case+0x1a5/0x480
[   12.709186]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.709459]  kthread+0x337/0x6f0
[   12.709632]  ret_from_fork+0x116/0x1d0
[   12.709816]  ret_from_fork_asm+0x1a/0x30
[   12.709957] 
[   12.710221] The buggy address belongs to the object at ffff888100a2e000
[   12.710221]  which belongs to the cache kmalloc-256 of size 256
[   12.710786] The buggy address is located 34 bytes to the right of
[   12.710786]  allocated 201-byte region [ffff888100a2e000, ffff888100a2e0c9)
[   12.711332] 
[   12.711408] The buggy address belongs to the physical page:
[   12.711644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2e
[   12.712089] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.712445] flags: 0x200000000000040(head|node=0|zone=2)
[   12.712699] page_type: f5(slab)
[   12.712863] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.713240] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.713558] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.713873] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.714406] head: 0200000000000001 ffffea0004028b81 00000000ffffffff 00000000ffffffff
[   12.714646] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.715071] page dumped because: kasan: bad access detected
[   12.715334] 
[   12.715426] Memory state around the buggy address:
[   12.715585]  ffff888100a2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.715835]  ffff888100a2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.716235] >ffff888100a2e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.716572]                                                           ^
[   12.716836]  ffff888100a2e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.717185]  ffff888100a2e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.717482] ==================================================================
[   12.854141] ==================================================================
[   12.854501] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.854853] Write of size 1 at addr ffff88810272e0ea by task kunit_try_catch/179
[   12.855293] 
[   12.855393] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.855437] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.855449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.855480] Call Trace:
[   12.855500]  <TASK>
[   12.855519]  dump_stack_lvl+0x73/0xb0
[   12.855562]  print_report+0xd1/0x610
[   12.855586]  ? __virt_addr_valid+0x1db/0x2d0
[   12.855610]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.855635]  ? kasan_addr_to_slab+0x11/0xa0
[   12.855657]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.855683]  kasan_report+0x141/0x180
[   12.855705]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.855734]  __asan_report_store1_noabort+0x1b/0x30
[   12.855769]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.855796]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.855822]  ? finish_task_switch.isra.0+0x153/0x700
[   12.855857]  ? __switch_to+0x47/0xf50
[   12.855883]  ? __schedule+0x10cc/0x2b60
[   12.855906]  ? __pfx_read_tsc+0x10/0x10
[   12.855931]  krealloc_large_less_oob+0x1c/0x30
[   12.855954]  kunit_try_run_case+0x1a5/0x480
[   12.855990]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.856014]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.856038]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.856062]  ? __kthread_parkme+0x82/0x180
[   12.856084]  ? preempt_count_sub+0x50/0x80
[   12.856107]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.856201]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.856237]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.856273]  kthread+0x337/0x6f0
[   12.856293]  ? trace_preempt_on+0x20/0xc0
[   12.856318]  ? __pfx_kthread+0x10/0x10
[   12.856338]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.856360]  ? calculate_sigpending+0x7b/0xa0
[   12.856386]  ? __pfx_kthread+0x10/0x10
[   12.856407]  ret_from_fork+0x116/0x1d0
[   12.856426]  ? __pfx_kthread+0x10/0x10
[   12.856447]  ret_from_fork_asm+0x1a/0x30
[   12.856478]  </TASK>
[   12.856488] 
[   12.865436] The buggy address belongs to the physical page:
[   12.865710] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10272c
[   12.866098] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.866626] flags: 0x200000000000040(head|node=0|zone=2)
[   12.866907] page_type: f8(unknown)
[   12.867193] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.867515] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.867846] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.868371] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.868610] head: 0200000000000002 ffffea000409cb01 00000000ffffffff 00000000ffffffff
[   12.869007] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.869353] page dumped because: kasan: bad access detected
[   12.869539] 
[   12.869608] Memory state around the buggy address:
[   12.870135]  ffff88810272df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.870627]  ffff88810272e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.870938] >ffff88810272e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.871334]                                                           ^
[   12.871582]  ffff88810272e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.871915]  ffff88810272e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.872468] ==================================================================
[   12.648909] ==================================================================
[   12.649503] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.649832] Write of size 1 at addr ffff888100a2e0da by task kunit_try_catch/175
[   12.650127] 
[   12.650372] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.650418] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.650431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.650452] Call Trace:
[   12.650471]  <TASK>
[   12.650487]  dump_stack_lvl+0x73/0xb0
[   12.650517]  print_report+0xd1/0x610
[   12.650539]  ? __virt_addr_valid+0x1db/0x2d0
[   12.650562]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.650586]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.650609]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.650633]  kasan_report+0x141/0x180
[   12.650655]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.650683]  __asan_report_store1_noabort+0x1b/0x30
[   12.650716]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.650742]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.650767]  ? finish_task_switch.isra.0+0x153/0x700
[   12.650791]  ? __switch_to+0x47/0xf50
[   12.650816]  ? __schedule+0x10cc/0x2b60
[   12.650838]  ? __pfx_read_tsc+0x10/0x10
[   12.650862]  krealloc_less_oob+0x1c/0x30
[   12.650883]  kunit_try_run_case+0x1a5/0x480
[   12.650908]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.650931]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.650955]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.650978]  ? __kthread_parkme+0x82/0x180
[   12.650999]  ? preempt_count_sub+0x50/0x80
[   12.651021]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.651045]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.651070]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.651095]  kthread+0x337/0x6f0
[   12.651114]  ? trace_preempt_on+0x20/0xc0
[   12.651138]  ? __pfx_kthread+0x10/0x10
[   12.651219]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.651242]  ? calculate_sigpending+0x7b/0xa0
[   12.651280]  ? __pfx_kthread+0x10/0x10
[   12.651302]  ret_from_fork+0x116/0x1d0
[   12.651321]  ? __pfx_kthread+0x10/0x10
[   12.651341]  ret_from_fork_asm+0x1a/0x30
[   12.651381]  </TASK>
[   12.651391] 
[   12.659058] Allocated by task 175:
[   12.659244]  kasan_save_stack+0x45/0x70
[   12.659644]  kasan_save_track+0x18/0x40
[   12.659807]  kasan_save_alloc_info+0x3b/0x50
[   12.660086]  __kasan_krealloc+0x190/0x1f0
[   12.660275]  krealloc_noprof+0xf3/0x340
[   12.660450]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.660671]  krealloc_less_oob+0x1c/0x30
[   12.660843]  kunit_try_run_case+0x1a5/0x480
[   12.661101]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.661334]  kthread+0x337/0x6f0
[   12.661490]  ret_from_fork+0x116/0x1d0
[   12.661674]  ret_from_fork_asm+0x1a/0x30
[   12.661846] 
[   12.661931] The buggy address belongs to the object at ffff888100a2e000
[   12.661931]  which belongs to the cache kmalloc-256 of size 256
[   12.662443] The buggy address is located 17 bytes to the right of
[   12.662443]  allocated 201-byte region [ffff888100a2e000, ffff888100a2e0c9)
[   12.662901] 
[   12.662972] The buggy address belongs to the physical page:
[   12.663146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2e
[   12.663474] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.663818] flags: 0x200000000000040(head|node=0|zone=2)
[   12.664075] page_type: f5(slab)
[   12.664246] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.664806] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.665133] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.665524] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.665846] head: 0200000000000001 ffffea0004028b81 00000000ffffffff 00000000ffffffff
[   12.666246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.666492] page dumped because: kasan: bad access detected
[   12.666665] 
[   12.666740] Memory state around the buggy address:
[   12.666896]  ffff888100a2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.667190]  ffff888100a2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.667527] >ffff888100a2e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.667847]                                                     ^
[   12.668124]  ffff888100a2e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.668452]  ffff888100a2e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.668956] ==================================================================
[   12.623233] ==================================================================
[   12.624304] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.625063] Write of size 1 at addr ffff888100a2e0d0 by task kunit_try_catch/175
[   12.625617] 
[   12.625737] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.625784] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.625797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.625818] Call Trace:
[   12.625836]  <TASK>
[   12.625854]  dump_stack_lvl+0x73/0xb0
[   12.625884]  print_report+0xd1/0x610
[   12.625907]  ? __virt_addr_valid+0x1db/0x2d0
[   12.625931]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.625955]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.625978]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.626373]  kasan_report+0x141/0x180
[   12.626398]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.626428]  __asan_report_store1_noabort+0x1b/0x30
[   12.626454]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.626481]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.626548]  ? finish_task_switch.isra.0+0x153/0x700
[   12.626573]  ? __switch_to+0x47/0xf50
[   12.626598]  ? __schedule+0x10cc/0x2b60
[   12.626621]  ? __pfx_read_tsc+0x10/0x10
[   12.626645]  krealloc_less_oob+0x1c/0x30
[   12.626666]  kunit_try_run_case+0x1a5/0x480
[   12.626691]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.626721]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.626746]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.626770]  ? __kthread_parkme+0x82/0x180
[   12.626790]  ? preempt_count_sub+0x50/0x80
[   12.626813]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.626837]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.626861]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.626886]  kthread+0x337/0x6f0
[   12.626905]  ? trace_preempt_on+0x20/0xc0
[   12.626929]  ? __pfx_kthread+0x10/0x10
[   12.626950]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.626971]  ? calculate_sigpending+0x7b/0xa0
[   12.627012]  ? __pfx_kthread+0x10/0x10
[   12.627049]  ret_from_fork+0x116/0x1d0
[   12.627067]  ? __pfx_kthread+0x10/0x10
[   12.627087]  ret_from_fork_asm+0x1a/0x30
[   12.627118]  </TASK>
[   12.627128] 
[   12.637501] Allocated by task 175:
[   12.637680]  kasan_save_stack+0x45/0x70
[   12.637875]  kasan_save_track+0x18/0x40
[   12.638177]  kasan_save_alloc_info+0x3b/0x50
[   12.638390]  __kasan_krealloc+0x190/0x1f0
[   12.638571]  krealloc_noprof+0xf3/0x340
[   12.638758]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.639135]  krealloc_less_oob+0x1c/0x30
[   12.639353]  kunit_try_run_case+0x1a5/0x480
[   12.639549]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.639784]  kthread+0x337/0x6f0
[   12.639939]  ret_from_fork+0x116/0x1d0
[   12.640177]  ret_from_fork_asm+0x1a/0x30
[   12.640379] 
[   12.640471] The buggy address belongs to the object at ffff888100a2e000
[   12.640471]  which belongs to the cache kmalloc-256 of size 256
[   12.640962] The buggy address is located 7 bytes to the right of
[   12.640962]  allocated 201-byte region [ffff888100a2e000, ffff888100a2e0c9)
[   12.642475] 
[   12.642558] The buggy address belongs to the physical page:
[   12.642740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2e
[   12.643198] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.643564] flags: 0x200000000000040(head|node=0|zone=2)
[   12.643777] page_type: f5(slab)
[   12.643948] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.644340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.644635] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.644950] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.645407] head: 0200000000000001 ffffea0004028b81 00000000ffffffff 00000000ffffffff
[   12.645711] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.645978] page dumped because: kasan: bad access detected
[   12.646360] 
[   12.646453] Memory state around the buggy address:
[   12.646643]  ffff888100a2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.646880]  ffff888100a2e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.647253] >ffff888100a2e080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.647563]                                                  ^
[   12.647775]  ffff888100a2e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.648062]  ffff888100a2e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.648358] ==================================================================
[   12.872823] ==================================================================
[   12.873289] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.873635] Write of size 1 at addr ffff88810272e0eb by task kunit_try_catch/179
[   12.873864] 
[   12.873955] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.874198] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.874214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.874235] Call Trace:
[   12.874255]  <TASK>
[   12.874282]  dump_stack_lvl+0x73/0xb0
[   12.874317]  print_report+0xd1/0x610
[   12.874342]  ? __virt_addr_valid+0x1db/0x2d0
[   12.874366]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.874391]  ? kasan_addr_to_slab+0x11/0xa0
[   12.874411]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.874436]  kasan_report+0x141/0x180
[   12.874458]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.874487]  __asan_report_store1_noabort+0x1b/0x30
[   12.874513]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.874540]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.874565]  ? finish_task_switch.isra.0+0x153/0x700
[   12.874589]  ? __switch_to+0x47/0xf50
[   12.874615]  ? __schedule+0x10cc/0x2b60
[   12.874637]  ? __pfx_read_tsc+0x10/0x10
[   12.874662]  krealloc_large_less_oob+0x1c/0x30
[   12.874685]  kunit_try_run_case+0x1a5/0x480
[   12.874716]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.874740]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.874765]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.874789]  ? __kthread_parkme+0x82/0x180
[   12.874810]  ? preempt_count_sub+0x50/0x80
[   12.874833]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.874858]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.874883]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.874909]  kthread+0x337/0x6f0
[   12.874927]  ? trace_preempt_on+0x20/0xc0
[   12.874952]  ? __pfx_kthread+0x10/0x10
[   12.874972]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.875063]  ? calculate_sigpending+0x7b/0xa0
[   12.875089]  ? __pfx_kthread+0x10/0x10
[   12.875110]  ret_from_fork+0x116/0x1d0
[   12.875130]  ? __pfx_kthread+0x10/0x10
[   12.875151]  ret_from_fork_asm+0x1a/0x30
[   12.875193]  </TASK>
[   12.875204] 
[   12.884607] The buggy address belongs to the physical page:
[   12.884810] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10272c
[   12.886010] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.887483] flags: 0x200000000000040(head|node=0|zone=2)
[   12.887754] page_type: f8(unknown)
[   12.887920] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.888228] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.888528] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.888837] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.889108] head: 0200000000000002 ffffea000409cb01 00000000ffffffff 00000000ffffffff
[   12.889693] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.889995] page dumped because: kasan: bad access detected
[   12.890247] 
[   12.890365] Memory state around the buggy address:
[   12.890596]  ffff88810272df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.891395]  ffff88810272e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.891729] >ffff88810272e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.892324]                                                           ^
[   12.892607]  ffff88810272e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.892987]  ffff88810272e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.893374] ==================================================================
[   12.828952] ==================================================================
[   12.829696] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.830429] Write of size 1 at addr ffff88810272e0da by task kunit_try_catch/179
[   12.831480] 
[   12.831693] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.831739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.831762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.831784] Call Trace:
[   12.831803]  <TASK>
[   12.831832]  dump_stack_lvl+0x73/0xb0
[   12.831865]  print_report+0xd1/0x610
[   12.831889]  ? __virt_addr_valid+0x1db/0x2d0
[   12.831913]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.831938]  ? kasan_addr_to_slab+0x11/0xa0
[   12.831959]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.832066]  kasan_report+0x141/0x180
[   12.832093]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.832123]  __asan_report_store1_noabort+0x1b/0x30
[   12.832149]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.832177]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.832203]  ? finish_task_switch.isra.0+0x153/0x700
[   12.832227]  ? __switch_to+0x47/0xf50
[   12.832253]  ? __schedule+0x10cc/0x2b60
[   12.832288]  ? __pfx_read_tsc+0x10/0x10
[   12.832313]  krealloc_large_less_oob+0x1c/0x30
[   12.832339]  kunit_try_run_case+0x1a5/0x480
[   12.832367]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.832392]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.832418]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.832442]  ? __kthread_parkme+0x82/0x180
[   12.832464]  ? preempt_count_sub+0x50/0x80
[   12.832487]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.832511]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.832537]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.832563]  kthread+0x337/0x6f0
[   12.832583]  ? trace_preempt_on+0x20/0xc0
[   12.832608]  ? __pfx_kthread+0x10/0x10
[   12.832629]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.832651]  ? calculate_sigpending+0x7b/0xa0
[   12.832675]  ? __pfx_kthread+0x10/0x10
[   12.832697]  ret_from_fork+0x116/0x1d0
[   12.832716]  ? __pfx_kthread+0x10/0x10
[   12.832737]  ret_from_fork_asm+0x1a/0x30
[   12.832768]  </TASK>
[   12.832778] 
[   12.845547] The buggy address belongs to the physical page:
[   12.845745] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10272c
[   12.846011] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.846922] flags: 0x200000000000040(head|node=0|zone=2)
[   12.847507] page_type: f8(unknown)
[   12.847856] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.848631] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.849393] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.850372] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.850616] head: 0200000000000002 ffffea000409cb01 00000000ffffffff 00000000ffffffff
[   12.850864] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.851143] page dumped because: kasan: bad access detected
[   12.851486] 
[   12.851580] Memory state around the buggy address:
[   12.851755]  ffff88810272df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.852060]  ffff88810272e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.852314] >ffff88810272e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.852615]                                                     ^
[   12.852884]  ffff88810272e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.853181]  ffff88810272e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.853597] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2znL9QWSKh9jtM3vTXwXjWrQIyK

job_id

TEST:linaro@lkft#2znLEOh778NdzqxXvclxM6kz90I

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2znLEOh778NdzqxXvclxM6kz90I

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLBZJ8DrV0sDu6ze15nNjIKDA/bzImage
sha256sum	2a1fe3c86694600225737fe879edc46b86f5b64f276401d78943c1237bad361e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2znLBZJ8DrV0sDu6ze15nNjIKDA/modules.tar.xz
sha256sum	446d0d0ad74df0e03d659bdb36c8438b61b4b4a20a71ccdbc36ae4991603fc00

durations

tests

boot	0
kunit	245.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit