lkft/linux-mainline-master - v6.16-rc5-38-g733923397fd9 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 8, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.286550] ==================================================================
[   19.286601] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.286689] Write of size 1 at addr fff00000c64c60eb by task kunit_try_catch/162
[   19.286750] 
[   19.286779] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.286856] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.286881] Hardware name: linux,dummy-virt (DT)
[   19.286919] Call trace:
[   19.286939]  show_stack+0x20/0x38 (C)
[   19.286987]  dump_stack_lvl+0x8c/0xd0
[   19.287032]  print_report+0x118/0x608
[   19.287085]  kasan_report+0xdc/0x128
[   19.287131]  __asan_report_store1_noabort+0x20/0x30
[   19.287193]  krealloc_less_oob_helper+0xa58/0xc50
[   19.287248]  krealloc_large_less_oob+0x20/0x38
[   19.287295]  kunit_try_run_case+0x170/0x3f0
[   19.287341]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.287397]  kthread+0x328/0x630
[   19.287438]  ret_from_fork+0x10/0x20
[   19.287483] 
[   19.288142] The buggy address belongs to the physical page:
[   19.288196] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c4
[   19.288252] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.288536] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.288793] page_type: f8(unknown)
[   19.288868] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.288944] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.289116] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.289367] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.289547] head: 0bfffe0000000002 ffffc1ffc3193101 00000000ffffffff 00000000ffffffff
[   19.289650] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.289859] page dumped because: kasan: bad access detected
[   19.289977] 
[   19.290020] Memory state around the buggy address:
[   19.290051]  fff00000c64c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.290263]  fff00000c64c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.290384] >fff00000c64c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.290503]                                                           ^
[   19.290659]  fff00000c64c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.290895]  fff00000c64c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.291248] ==================================================================
[   19.196771] ==================================================================
[   19.196817] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.196864] Write of size 1 at addr fff00000c454ced0 by task kunit_try_catch/158
[   19.196912] 
[   19.196970] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.197388] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.197725] Hardware name: linux,dummy-virt (DT)
[   19.197768] Call trace:
[   19.197828]  show_stack+0x20/0x38 (C)
[   19.197896]  dump_stack_lvl+0x8c/0xd0
[   19.198000]  print_report+0x118/0x608
[   19.198088]  kasan_report+0xdc/0x128
[   19.198182]  __asan_report_store1_noabort+0x20/0x30
[   19.198234]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.198486]  krealloc_less_oob+0x20/0x38
[   19.198546]  kunit_try_run_case+0x170/0x3f0
[   19.198635]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.198688]  kthread+0x328/0x630
[   19.198731]  ret_from_fork+0x10/0x20
[   19.199175] 
[   19.199213] Allocated by task 158:
[   19.199250]  kasan_save_stack+0x3c/0x68
[   19.199301]  kasan_save_track+0x20/0x40
[   19.199348]  kasan_save_alloc_info+0x40/0x58
[   19.199424]  __kasan_krealloc+0x118/0x178
[   19.199501]  krealloc_noprof+0x128/0x360
[   19.199569]  krealloc_less_oob_helper+0x168/0xc50
[   19.199607]  krealloc_less_oob+0x20/0x38
[   19.199642]  kunit_try_run_case+0x170/0x3f0
[   19.199922]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.200019]  kthread+0x328/0x630
[   19.200587]  ret_from_fork+0x10/0x20
[   19.200683] 
[   19.200775] The buggy address belongs to the object at fff00000c454ce00
[   19.200775]  which belongs to the cache kmalloc-256 of size 256
[   19.200912] The buggy address is located 7 bytes to the right of
[   19.200912]  allocated 201-byte region [fff00000c454ce00, fff00000c454cec9)
[   19.201045] 
[   19.201063] The buggy address belongs to the physical page:
[   19.201093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c
[   19.201433] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.201493] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.201790] page_type: f5(slab)
[   19.201944] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.202043] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.202183] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.202314] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.202427] head: 0bfffe0000000001 ffffc1ffc3115301 00000000ffffffff 00000000ffffffff
[   19.202540] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.202678] page dumped because: kasan: bad access detected
[   19.202755] 
[   19.202837] Memory state around the buggy address:
[   19.202901]  fff00000c454cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.202982]  fff00000c454ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.203348] >fff00000c454ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.203438]                                                  ^
[   19.203591]  fff00000c454cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.203654]  fff00000c454cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.203692] ==================================================================
[   19.190466] ==================================================================
[   19.190520] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.190570] Write of size 1 at addr fff00000c454cec9 by task kunit_try_catch/158
[   19.190618] 
[   19.190651] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.190728] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.190755] Hardware name: linux,dummy-virt (DT)
[   19.190785] Call trace:
[   19.190806]  show_stack+0x20/0x38 (C)
[   19.190853]  dump_stack_lvl+0x8c/0xd0
[   19.190903]  print_report+0x118/0x608
[   19.190948]  kasan_report+0xdc/0x128
[   19.191014]  __asan_report_store1_noabort+0x20/0x30
[   19.191065]  krealloc_less_oob_helper+0xa48/0xc50
[   19.191121]  krealloc_less_oob+0x20/0x38
[   19.191177]  kunit_try_run_case+0x170/0x3f0
[   19.191224]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.191275]  kthread+0x328/0x630
[   19.191380]  ret_from_fork+0x10/0x20
[   19.191972] 
[   19.192027] Allocated by task 158:
[   19.192055]  kasan_save_stack+0x3c/0x68
[   19.192138]  kasan_save_track+0x20/0x40
[   19.192209]  kasan_save_alloc_info+0x40/0x58
[   19.192305]  __kasan_krealloc+0x118/0x178
[   19.192373]  krealloc_noprof+0x128/0x360
[   19.192479]  krealloc_less_oob_helper+0x168/0xc50
[   19.192529]  krealloc_less_oob+0x20/0x38
[   19.192565]  kunit_try_run_case+0x170/0x3f0
[   19.192601]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.192642]  kthread+0x328/0x630
[   19.192881]  ret_from_fork+0x10/0x20
[   19.192924] 
[   19.193022] The buggy address belongs to the object at fff00000c454ce00
[   19.193022]  which belongs to the cache kmalloc-256 of size 256
[   19.193230] The buggy address is located 0 bytes to the right of
[   19.193230]  allocated 201-byte region [fff00000c454ce00, fff00000c454cec9)
[   19.193402] 
[   19.193462] The buggy address belongs to the physical page:
[   19.193578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c
[   19.193668] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.193770] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.193886] page_type: f5(slab)
[   19.193944] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.194037] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.194087] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.194493] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.194637] head: 0bfffe0000000001 ffffc1ffc3115301 00000000ffffffff 00000000ffffffff
[   19.194755] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.194864] page dumped because: kasan: bad access detected
[   19.194958] 
[   19.195075] Memory state around the buggy address:
[   19.195273]  fff00000c454cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.195343]  fff00000c454ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.195385] >fff00000c454ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.195421]                                               ^
[   19.195454]  fff00000c454cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.195672]  fff00000c454cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.195753] ==================================================================
[   19.274949] ==================================================================
[   19.274995] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.275243] Write of size 1 at addr fff00000c64c60ea by task kunit_try_catch/162
[   19.275304] 
[   19.275335] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.275880] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.275918] Hardware name: linux,dummy-virt (DT)
[   19.276369] Call trace:
[   19.276942]  show_stack+0x20/0x38 (C)
[   19.277014]  dump_stack_lvl+0x8c/0xd0
[   19.277446]  print_report+0x118/0x608
[   19.277573]  kasan_report+0xdc/0x128
[   19.277743]  __asan_report_store1_noabort+0x20/0x30
[   19.278026]  krealloc_less_oob_helper+0xae4/0xc50
[   19.278373]  krealloc_large_less_oob+0x20/0x38
[   19.278650]  kunit_try_run_case+0x170/0x3f0
[   19.278807]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.279030]  kthread+0x328/0x630
[   19.279376]  ret_from_fork+0x10/0x20
[   19.279679] 
[   19.279754] The buggy address belongs to the physical page:
[   19.279868] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c4
[   19.280035] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.280152] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.280304] page_type: f8(unknown)
[   19.280374] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.280644] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.280743] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.280928] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.281027] head: 0bfffe0000000002 ffffc1ffc3193101 00000000ffffffff 00000000ffffffff
[   19.281244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.281479] page dumped because: kasan: bad access detected
[   19.281675] 
[   19.281799] Memory state around the buggy address:
[   19.281972]  fff00000c64c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.282026]  fff00000c64c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.282067] >fff00000c64c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.282104]                                                           ^
[   19.282143]  fff00000c64c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.282512]  fff00000c64c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.282904] ==================================================================
[   19.262151] ==================================================================
[   19.262253] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.262313] Write of size 1 at addr fff00000c64c60d0 by task kunit_try_catch/162
[   19.262637] 
[   19.262781] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.262869] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.262899] Hardware name: linux,dummy-virt (DT)
[   19.262928] Call trace:
[   19.263094]  show_stack+0x20/0x38 (C)
[   19.263218]  dump_stack_lvl+0x8c/0xd0
[   19.263271]  print_report+0x118/0x608
[   19.263317]  kasan_report+0xdc/0x128
[   19.263401]  __asan_report_store1_noabort+0x20/0x30
[   19.263453]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.263501]  krealloc_large_less_oob+0x20/0x38
[   19.264003]  kunit_try_run_case+0x170/0x3f0
[   19.264226]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.264424]  kthread+0x328/0x630
[   19.264473]  ret_from_fork+0x10/0x20
[   19.264520] 
[   19.264692] The buggy address belongs to the physical page:
[   19.264836] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c4
[   19.265055] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.265150] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.265325] page_type: f8(unknown)
[   19.265411] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.265854] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.265934] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.266081] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.266238] head: 0bfffe0000000002 ffffc1ffc3193101 00000000ffffffff 00000000ffffffff
[   19.266345] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.266765] page dumped because: kasan: bad access detected
[   19.266826] 
[   19.266906] Memory state around the buggy address:
[   19.267057]  fff00000c64c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.267240]  fff00000c64c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.267425] >fff00000c64c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.267468]                                                  ^
[   19.267895]  fff00000c64c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.268068]  fff00000c64c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.268197] ==================================================================
[   19.211469] ==================================================================
[   19.211512] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.212122] Write of size 1 at addr fff00000c454ceea by task kunit_try_catch/158
[   19.212231] 
[   19.212383] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.212499] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.212525] Hardware name: linux,dummy-virt (DT)
[   19.212554] Call trace:
[   19.212574]  show_stack+0x20/0x38 (C)
[   19.212787]  dump_stack_lvl+0x8c/0xd0
[   19.212952]  print_report+0x118/0x608
[   19.213113]  kasan_report+0xdc/0x128
[   19.213258]  __asan_report_store1_noabort+0x20/0x30
[   19.213343]  krealloc_less_oob_helper+0xae4/0xc50
[   19.213392]  krealloc_less_oob+0x20/0x38
[   19.213636]  kunit_try_run_case+0x170/0x3f0
[   19.213806]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.213902]  kthread+0x328/0x630
[   19.213964]  ret_from_fork+0x10/0x20
[   19.214044] 
[   19.214062] Allocated by task 158:
[   19.214089]  kasan_save_stack+0x3c/0x68
[   19.214139]  kasan_save_track+0x20/0x40
[   19.214189]  kasan_save_alloc_info+0x40/0x58
[   19.214228]  __kasan_krealloc+0x118/0x178
[   19.214391]  krealloc_noprof+0x128/0x360
[   19.214534]  krealloc_less_oob_helper+0x168/0xc50
[   19.214578]  krealloc_less_oob+0x20/0x38
[   19.214625]  kunit_try_run_case+0x170/0x3f0
[   19.214739]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.214782]  kthread+0x328/0x630
[   19.214814]  ret_from_fork+0x10/0x20
[   19.215044] 
[   19.215143] The buggy address belongs to the object at fff00000c454ce00
[   19.215143]  which belongs to the cache kmalloc-256 of size 256
[   19.215330] The buggy address is located 33 bytes to the right of
[   19.215330]  allocated 201-byte region [fff00000c454ce00, fff00000c454cec9)
[   19.215551] 
[   19.215608] The buggy address belongs to the physical page:
[   19.215723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c
[   19.215827] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.215888] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.215937] page_type: f5(slab)
[   19.216405] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.216499] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.216647] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.216737] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.216820] head: 0bfffe0000000001 ffffc1ffc3115301 00000000ffffffff 00000000ffffffff
[   19.216998] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.217215] page dumped because: kasan: bad access detected
[   19.217344] 
[   19.217462] Memory state around the buggy address:
[   19.217557]  fff00000c454cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.217601]  fff00000c454ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.218049] >fff00000c454ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.218238]                                                           ^
[   19.218345]  fff00000c454cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.218478]  fff00000c454cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.218528] ==================================================================
[   19.268865] ==================================================================
[   19.268912] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.269293] Write of size 1 at addr fff00000c64c60da by task kunit_try_catch/162
[   19.269385] 
[   19.269417] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.269891] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.270027] Hardware name: linux,dummy-virt (DT)
[   19.270065] Call trace:
[   19.270172]  show_stack+0x20/0x38 (C)
[   19.270229]  dump_stack_lvl+0x8c/0xd0
[   19.270275]  print_report+0x118/0x608
[   19.270327]  kasan_report+0xdc/0x128
[   19.270372]  __asan_report_store1_noabort+0x20/0x30
[   19.270422]  krealloc_less_oob_helper+0xa80/0xc50
[   19.270469]  krealloc_large_less_oob+0x20/0x38
[   19.270515]  kunit_try_run_case+0x170/0x3f0
[   19.270608]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.270661]  kthread+0x328/0x630
[   19.270701]  ret_from_fork+0x10/0x20
[   19.270747] 
[   19.270766] The buggy address belongs to the physical page:
[   19.270805] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c4
[   19.270868] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.270918] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.270967] page_type: f8(unknown)
[   19.271004] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.271061] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.271110] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.271512] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.271579] head: 0bfffe0000000002 ffffc1ffc3193101 00000000ffffffff 00000000ffffffff
[   19.271941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.271994] page dumped because: kasan: bad access detected
[   19.272298] 
[   19.272450] Memory state around the buggy address:
[   19.272697]  fff00000c64c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.272975]  fff00000c64c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.273130] >fff00000c64c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.273340]                                                     ^
[   19.273418]  fff00000c64c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.273552]  fff00000c64c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.273612] ==================================================================
[   19.219695] ==================================================================
[   19.219798] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.219860] Write of size 1 at addr fff00000c454ceeb by task kunit_try_catch/158
[   19.220146] 
[   19.220333] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.220427] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.220750] Hardware name: linux,dummy-virt (DT)
[   19.220874] Call trace:
[   19.220984]  show_stack+0x20/0x38 (C)
[   19.221081]  dump_stack_lvl+0x8c/0xd0
[   19.221256]  print_report+0x118/0x608
[   19.221347]  kasan_report+0xdc/0x128
[   19.221456]  __asan_report_store1_noabort+0x20/0x30
[   19.221541]  krealloc_less_oob_helper+0xa58/0xc50
[   19.221769]  krealloc_less_oob+0x20/0x38
[   19.221965]  kunit_try_run_case+0x170/0x3f0
[   19.222095]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.222265]  kthread+0x328/0x630
[   19.222341]  ret_from_fork+0x10/0x20
[   19.222388] 
[   19.222572] Allocated by task 158:
[   19.222698]  kasan_save_stack+0x3c/0x68
[   19.222822]  kasan_save_track+0x20/0x40
[   19.222984]  kasan_save_alloc_info+0x40/0x58
[   19.223104]  __kasan_krealloc+0x118/0x178
[   19.223181]  krealloc_noprof+0x128/0x360
[   19.223217]  krealloc_less_oob_helper+0x168/0xc50
[   19.223264]  krealloc_less_oob+0x20/0x38
[   19.223308]  kunit_try_run_case+0x170/0x3f0
[   19.223344]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.223386]  kthread+0x328/0x630
[   19.223444]  ret_from_fork+0x10/0x20
[   19.223485] 
[   19.223505] The buggy address belongs to the object at fff00000c454ce00
[   19.223505]  which belongs to the cache kmalloc-256 of size 256
[   19.223561] The buggy address is located 34 bytes to the right of
[   19.223561]  allocated 201-byte region [fff00000c454ce00, fff00000c454cec9)
[   19.223712] 
[   19.223822] The buggy address belongs to the physical page:
[   19.223887] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c
[   19.223940] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.223985] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.224034] page_type: f5(slab)
[   19.224071] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.224121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.224365] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.224519] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.224602] head: 0bfffe0000000001 ffffc1ffc3115301 00000000ffffffff 00000000ffffffff
[   19.224977] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.225129] page dumped because: kasan: bad access detected
[   19.225321] 
[   19.225392] Memory state around the buggy address:
[   19.225453]  fff00000c454cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.225495]  fff00000c454ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.225854] >fff00000c454ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.225994]                                                           ^
[   19.226110]  fff00000c454cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.226230]  fff00000c454cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.226329] ==================================================================
[   19.206791] ==================================================================
[   19.206842] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.206991] Write of size 1 at addr fff00000c454ceda by task kunit_try_catch/158
[   19.207043] 
[   19.207262] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.207379] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.207405] Hardware name: linux,dummy-virt (DT)
[   19.207436] Call trace:
[   19.207457]  show_stack+0x20/0x38 (C)
[   19.207581]  dump_stack_lvl+0x8c/0xd0
[   19.207641]  print_report+0x118/0x608
[   19.207711]  kasan_report+0xdc/0x128
[   19.207983]  __asan_report_store1_noabort+0x20/0x30
[   19.208101]  krealloc_less_oob_helper+0xa80/0xc50
[   19.208274]  krealloc_less_oob+0x20/0x38
[   19.208351]  kunit_try_run_case+0x170/0x3f0
[   19.208400]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.208549]  kthread+0x328/0x630
[   19.208591]  ret_from_fork+0x10/0x20
[   19.208887] 
[   19.208937] Allocated by task 158:
[   19.209087]  kasan_save_stack+0x3c/0x68
[   19.209230]  kasan_save_track+0x20/0x40
[   19.209354]  kasan_save_alloc_info+0x40/0x58
[   19.209396]  __kasan_krealloc+0x118/0x178
[   19.209651]  krealloc_noprof+0x128/0x360
[   19.209800]  krealloc_less_oob_helper+0x168/0xc50
[   19.209881]  krealloc_less_oob+0x20/0x38
[   19.209939]  kunit_try_run_case+0x170/0x3f0
[   19.209975]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.210017]  kthread+0x328/0x630
[   19.210057]  ret_from_fork+0x10/0x20
[   19.210102] 
[   19.210120] The buggy address belongs to the object at fff00000c454ce00
[   19.210120]  which belongs to the cache kmalloc-256 of size 256
[   19.210197] The buggy address is located 17 bytes to the right of
[   19.210197]  allocated 201-byte region [fff00000c454ce00, fff00000c454cec9)
[   19.210261] 
[   19.210289] The buggy address belongs to the physical page:
[   19.210326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c
[   19.210380] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.210428] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.210484] page_type: f5(slab)
[   19.210522] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.210579] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.210628] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.210685] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.210733] head: 0bfffe0000000001 ffffc1ffc3115301 00000000ffffffff 00000000ffffffff
[   19.210802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.210841] page dumped because: kasan: bad access detected
[   19.210870] 
[   19.210899] Memory state around the buggy address:
[   19.210929]  fff00000c454cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.210970]  fff00000c454ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.211011] >fff00000c454ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.211056]                                                     ^
[   19.211092]  fff00000c454cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.211165]  fff00000c454cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.211201] ==================================================================
[   19.254228] ==================================================================
[   19.254283] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.254529] Write of size 1 at addr fff00000c64c60c9 by task kunit_try_catch/162
[   19.254917] 
[   19.255021] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.255109] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.255291] Hardware name: linux,dummy-virt (DT)
[   19.255345] Call trace:
[   19.255406]  show_stack+0x20/0x38 (C)
[   19.255579]  dump_stack_lvl+0x8c/0xd0
[   19.255628]  print_report+0x118/0x608
[   19.256073]  kasan_report+0xdc/0x128
[   19.256203]  __asan_report_store1_noabort+0x20/0x30
[   19.256410]  krealloc_less_oob_helper+0xa48/0xc50
[   19.256617]  krealloc_large_less_oob+0x20/0x38
[   19.256710]  kunit_try_run_case+0x170/0x3f0
[   19.256858]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.256971]  kthread+0x328/0x630
[   19.257133]  ret_from_fork+0x10/0x20
[   19.257438] 
[   19.257501] The buggy address belongs to the physical page:
[   19.257669] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c4
[   19.257803] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.257986] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.258038] page_type: f8(unknown)
[   19.258272] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.258582] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.258804] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.259091] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.259313] head: 0bfffe0000000002 ffffc1ffc3193101 00000000ffffffff 00000000ffffffff
[   19.259470] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.259609] page dumped because: kasan: bad access detected
[   19.259902] 
[   19.259976] Memory state around the buggy address:
[   19.260008]  fff00000c64c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.260056]  fff00000c64c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.260098] >fff00000c64c6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.260373]                                               ^
[   19.260485]  fff00000c64c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.260656]  fff00000c64c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.260814] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zc2fAgxa2SvAeue0jkCQWn7vUV

job_id

TEST:linaro@lkft#2zc2kP8qq1eGtg0vZPMgeaFOibs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zc2kP8qq1eGtg0vZPMgeaFOibs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2gsJeEJv3OObdyYWW7vaSUjE/Image.gz
sha256sum	4295dd3f8a9104f192ab48fe03e9799ce1a72a725e4e680194f6f3244902a569

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2gsJeEJv3OObdyYWW7vaSUjE/modules.tar.xz
sha256sum	798a67f8b1be586b3f0cd90eea157ad905fdc7ec29b6c056fb912c6626a9d1b6

durations

tests

boot	0
kunit	171.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.398182] ==================================================================
[   12.398473] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.399000] Write of size 1 at addr ffff8881029760eb by task kunit_try_catch/180
[   12.399679] 
[   12.399797] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.399838] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.399849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.399868] Call Trace:
[   12.399882]  <TASK>
[   12.399896]  dump_stack_lvl+0x73/0xb0
[   12.399924]  print_report+0xd1/0x650
[   12.400271]  ? __virt_addr_valid+0x1db/0x2d0
[   12.400298]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.400322]  ? kasan_addr_to_slab+0x11/0xa0
[   12.400342]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.400367]  kasan_report+0x141/0x180
[   12.400388]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.400417]  __asan_report_store1_noabort+0x1b/0x30
[   12.400442]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.400468]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.400492]  ? finish_task_switch.isra.0+0x153/0x700
[   12.400647]  ? __switch_to+0x47/0xf50
[   12.400672]  ? __schedule+0x10cc/0x2b60
[   12.400693]  ? __pfx_read_tsc+0x10/0x10
[   12.400717]  krealloc_large_less_oob+0x1c/0x30
[   12.400740]  kunit_try_run_case+0x1a5/0x480
[   12.400764]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.400786]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.400808]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.400831]  ? __kthread_parkme+0x82/0x180
[   12.400851]  ? preempt_count_sub+0x50/0x80
[   12.400873]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.400897]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.400954]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.400997]  kthread+0x337/0x6f0
[   12.401018]  ? trace_preempt_on+0x20/0xc0
[   12.401043]  ? __pfx_kthread+0x10/0x10
[   12.401064]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.401086]  ? calculate_sigpending+0x7b/0xa0
[   12.401110]  ? __pfx_kthread+0x10/0x10
[   12.401131]  ret_from_fork+0x116/0x1d0
[   12.401149]  ? __pfx_kthread+0x10/0x10
[   12.401169]  ret_from_fork_asm+0x1a/0x30
[   12.401200]  </TASK>
[   12.401210] 
[   12.414322] The buggy address belongs to the physical page:
[   12.414541] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102974
[   12.415326] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.416056] flags: 0x200000000000040(head|node=0|zone=2)
[   12.416565] page_type: f8(unknown)
[   12.416815] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.417464] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.418007] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.418622] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.418856] head: 0200000000000002 ffffea00040a5d01 00000000ffffffff 00000000ffffffff
[   12.419358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.420065] page dumped because: kasan: bad access detected
[   12.420467] 
[   12.420703] Memory state around the buggy address:
[   12.421089]  ffff888102975f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.421415]  ffff888102976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.422212] >ffff888102976080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.422671]                                                           ^
[   12.422871]  ffff888102976100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.423084]  ffff888102976180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.423315] ==================================================================
[   12.375524] ==================================================================
[   12.375771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.376993] Write of size 1 at addr ffff8881029760ea by task kunit_try_catch/180
[   12.377317] 
[   12.377429] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.377554] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.377566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.377585] Call Trace:
[   12.377679]  <TASK>
[   12.377696]  dump_stack_lvl+0x73/0xb0
[   12.377732]  print_report+0xd1/0x650
[   12.377754]  ? __virt_addr_valid+0x1db/0x2d0
[   12.377776]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.377801]  ? kasan_addr_to_slab+0x11/0xa0
[   12.377821]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.377845]  kasan_report+0x141/0x180
[   12.377866]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.377895]  __asan_report_store1_noabort+0x1b/0x30
[   12.377979]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.378008]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.378033]  ? finish_task_switch.isra.0+0x153/0x700
[   12.378055]  ? __switch_to+0x47/0xf50
[   12.378080]  ? __schedule+0x10cc/0x2b60
[   12.378101]  ? __pfx_read_tsc+0x10/0x10
[   12.378125]  krealloc_large_less_oob+0x1c/0x30
[   12.378148]  kunit_try_run_case+0x1a5/0x480
[   12.378172]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.378194]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.378257]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.378281]  ? __kthread_parkme+0x82/0x180
[   12.378301]  ? preempt_count_sub+0x50/0x80
[   12.378324]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.378347]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.378371]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.378396]  kthread+0x337/0x6f0
[   12.378414]  ? trace_preempt_on+0x20/0xc0
[   12.378437]  ? __pfx_kthread+0x10/0x10
[   12.378457]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.378477]  ? calculate_sigpending+0x7b/0xa0
[   12.378500]  ? __pfx_kthread+0x10/0x10
[   12.378521]  ret_from_fork+0x116/0x1d0
[   12.378539]  ? __pfx_kthread+0x10/0x10
[   12.378558]  ret_from_fork_asm+0x1a/0x30
[   12.378589]  </TASK>
[   12.378609] 
[   12.389452] The buggy address belongs to the physical page:
[   12.389851] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102974
[   12.390303] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.390792] flags: 0x200000000000040(head|node=0|zone=2)
[   12.391075] page_type: f8(unknown)
[   12.391377] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.391742] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.392223] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.392851] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.393321] head: 0200000000000002 ffffea00040a5d01 00000000ffffffff 00000000ffffffff
[   12.393806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.394288] page dumped because: kasan: bad access detected
[   12.394586] 
[   12.394696] Memory state around the buggy address:
[   12.394861]  ffff888102975f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.395465]  ffff888102976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.395817] >ffff888102976080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.396464]                                                           ^
[   12.396810]  ffff888102976100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.397265]  ffff888102976180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.397547] ==================================================================
[   12.182582] ==================================================================
[   12.182838] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.183178] Write of size 1 at addr ffff8881003454da by task kunit_try_catch/176
[   12.183514] 
[   12.183725] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.183785] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.183797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.183816] Call Trace:
[   12.183830]  <TASK>
[   12.183855]  dump_stack_lvl+0x73/0xb0
[   12.183884]  print_report+0xd1/0x650
[   12.183965]  ? __virt_addr_valid+0x1db/0x2d0
[   12.184008]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.184033]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.184056]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.184091]  kasan_report+0x141/0x180
[   12.184113]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.184142]  __asan_report_store1_noabort+0x1b/0x30
[   12.184178]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.184205]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.184256]  ? finish_task_switch.isra.0+0x153/0x700
[   12.184292]  ? __switch_to+0x47/0xf50
[   12.184329]  ? __schedule+0x10cc/0x2b60
[   12.184364]  ? __pfx_read_tsc+0x10/0x10
[   12.184388]  krealloc_less_oob+0x1c/0x30
[   12.184421]  kunit_try_run_case+0x1a5/0x480
[   12.184445]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.184467]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.184508]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.184532]  ? __kthread_parkme+0x82/0x180
[   12.184552]  ? preempt_count_sub+0x50/0x80
[   12.184575]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.184610]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.184634]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.184659]  kthread+0x337/0x6f0
[   12.184677]  ? trace_preempt_on+0x20/0xc0
[   12.184700]  ? __pfx_kthread+0x10/0x10
[   12.184721]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.184742]  ? calculate_sigpending+0x7b/0xa0
[   12.184765]  ? __pfx_kthread+0x10/0x10
[   12.184786]  ret_from_fork+0x116/0x1d0
[   12.184804]  ? __pfx_kthread+0x10/0x10
[   12.184824]  ret_from_fork_asm+0x1a/0x30
[   12.184855]  </TASK>
[   12.184864] 
[   12.196544] Allocated by task 176:
[   12.197394]  kasan_save_stack+0x45/0x70
[   12.197740]  kasan_save_track+0x18/0x40
[   12.198257]  kasan_save_alloc_info+0x3b/0x50
[   12.198635]  __kasan_krealloc+0x190/0x1f0
[   12.199024]  krealloc_noprof+0xf3/0x340
[   12.199415]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.199682]  krealloc_less_oob+0x1c/0x30
[   12.199887]  kunit_try_run_case+0x1a5/0x480
[   12.200339]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.200737]  kthread+0x337/0x6f0
[   12.201167]  ret_from_fork+0x116/0x1d0
[   12.201505]  ret_from_fork_asm+0x1a/0x30
[   12.201870] 
[   12.201980] The buggy address belongs to the object at ffff888100345400
[   12.201980]  which belongs to the cache kmalloc-256 of size 256
[   12.202461] The buggy address is located 17 bytes to the right of
[   12.202461]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   12.203620] 
[   12.203729] The buggy address belongs to the physical page:
[   12.204298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   12.204809] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.205336] flags: 0x200000000000040(head|node=0|zone=2)
[   12.205773] page_type: f5(slab)
[   12.206174] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.206654] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.207323] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.207801] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.208333] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   12.208849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.209268] page dumped because: kasan: bad access detected
[   12.209520] 
[   12.209649] Memory state around the buggy address:
[   12.209849]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.210235]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.210576] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.211088]                                                     ^
[   12.211376]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.211723]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.212118] ==================================================================
[   12.157022] ==================================================================
[   12.157414] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.157764] Write of size 1 at addr ffff8881003454d0 by task kunit_try_catch/176
[   12.158279] 
[   12.158373] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.158412] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.158469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.158510] Call Trace:
[   12.158521]  <TASK>
[   12.158576]  dump_stack_lvl+0x73/0xb0
[   12.158662]  print_report+0xd1/0x650
[   12.158683]  ? __virt_addr_valid+0x1db/0x2d0
[   12.158717]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.158741]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.158764]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.158788]  kasan_report+0x141/0x180
[   12.158809]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.158838]  __asan_report_store1_noabort+0x1b/0x30
[   12.158863]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.158889]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.158913]  ? finish_task_switch.isra.0+0x153/0x700
[   12.159149]  ? __switch_to+0x47/0xf50
[   12.159177]  ? __schedule+0x10cc/0x2b60
[   12.159199]  ? __pfx_read_tsc+0x10/0x10
[   12.159223]  krealloc_less_oob+0x1c/0x30
[   12.159245]  kunit_try_run_case+0x1a5/0x480
[   12.159268]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.159291]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.159314]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.159337]  ? __kthread_parkme+0x82/0x180
[   12.159357]  ? preempt_count_sub+0x50/0x80
[   12.159379]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.159404]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.159427]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.159452]  kthread+0x337/0x6f0
[   12.159470]  ? trace_preempt_on+0x20/0xc0
[   12.159493]  ? __pfx_kthread+0x10/0x10
[   12.159526]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.159547]  ? calculate_sigpending+0x7b/0xa0
[   12.159571]  ? __pfx_kthread+0x10/0x10
[   12.159592]  ret_from_fork+0x116/0x1d0
[   12.159622]  ? __pfx_kthread+0x10/0x10
[   12.159642]  ret_from_fork_asm+0x1a/0x30
[   12.159673]  </TASK>
[   12.159683] 
[   12.169541] Allocated by task 176:
[   12.169710]  kasan_save_stack+0x45/0x70
[   12.169868]  kasan_save_track+0x18/0x40
[   12.170401]  kasan_save_alloc_info+0x3b/0x50
[   12.170701]  __kasan_krealloc+0x190/0x1f0
[   12.170874]  krealloc_noprof+0xf3/0x340
[   12.171157]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.171531]  krealloc_less_oob+0x1c/0x30
[   12.171824]  kunit_try_run_case+0x1a5/0x480
[   12.172280]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.172572]  kthread+0x337/0x6f0
[   12.172796]  ret_from_fork+0x116/0x1d0
[   12.172988]  ret_from_fork_asm+0x1a/0x30
[   12.173245] 
[   12.173418] The buggy address belongs to the object at ffff888100345400
[   12.173418]  which belongs to the cache kmalloc-256 of size 256
[   12.173912] The buggy address is located 7 bytes to the right of
[   12.173912]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   12.174440] 
[   12.174808] The buggy address belongs to the physical page:
[   12.175050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   12.175550] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.176025] flags: 0x200000000000040(head|node=0|zone=2)
[   12.176228] page_type: f5(slab)
[   12.176445] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.176807] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.177286] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.177670] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.178134] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   12.178631] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.179094] page dumped because: kasan: bad access detected
[   12.179302] 
[   12.179426] Memory state around the buggy address:
[   12.179726]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.180083]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.180473] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.180765]                                                  ^
[   12.181179]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.181549]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.181847] ==================================================================
[   12.329311] ==================================================================
[   12.330147] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.330560] Write of size 1 at addr ffff8881029760d0 by task kunit_try_catch/180
[   12.331254] 
[   12.331684] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.331732] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.331745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.331766] Call Trace:
[   12.331777]  <TASK>
[   12.331792]  dump_stack_lvl+0x73/0xb0
[   12.331824]  print_report+0xd1/0x650
[   12.331847]  ? __virt_addr_valid+0x1db/0x2d0
[   12.331870]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.331894]  ? kasan_addr_to_slab+0x11/0xa0
[   12.331915]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.331954]  kasan_report+0x141/0x180
[   12.331975]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.332003]  __asan_report_store1_noabort+0x1b/0x30
[   12.332029]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.332055]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.332079]  ? finish_task_switch.isra.0+0x153/0x700
[   12.332102]  ? __switch_to+0x47/0xf50
[   12.332127]  ? __schedule+0x10cc/0x2b60
[   12.332148]  ? __pfx_read_tsc+0x10/0x10
[   12.332172]  krealloc_large_less_oob+0x1c/0x30
[   12.332194]  kunit_try_run_case+0x1a5/0x480
[   12.332219]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.332241]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.332264]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.332287]  ? __kthread_parkme+0x82/0x180
[   12.332307]  ? preempt_count_sub+0x50/0x80
[   12.332329]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.332353]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.332379]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.332404]  kthread+0x337/0x6f0
[   12.332422]  ? trace_preempt_on+0x20/0xc0
[   12.332445]  ? __pfx_kthread+0x10/0x10
[   12.332465]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.332486]  ? calculate_sigpending+0x7b/0xa0
[   12.332578]  ? __pfx_kthread+0x10/0x10
[   12.332613]  ret_from_fork+0x116/0x1d0
[   12.332631]  ? __pfx_kthread+0x10/0x10
[   12.332651]  ret_from_fork_asm+0x1a/0x30
[   12.332683]  </TASK>
[   12.332693] 
[   12.344678] The buggy address belongs to the physical page:
[   12.345211] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102974
[   12.345553] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.346202] flags: 0x200000000000040(head|node=0|zone=2)
[   12.346453] page_type: f8(unknown)
[   12.346669] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.347007] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.347339] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.347994] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.348478] head: 0200000000000002 ffffea00040a5d01 00000000ffffffff 00000000ffffffff
[   12.348892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.349322] page dumped because: kasan: bad access detected
[   12.349564] 
[   12.349782] Memory state around the buggy address:
[   12.350225]  ffff888102975f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.350700]  ffff888102976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.351070] >ffff888102976080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.351497]                                                  ^
[   12.351809]  ffff888102976100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.352318]  ffff888102976180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.352699] ==================================================================
[   12.353233] ==================================================================
[   12.353549] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.353855] Write of size 1 at addr ffff8881029760da by task kunit_try_catch/180
[   12.354661] 
[   12.354942] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.354987] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.354999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.355181] Call Trace:
[   12.355201]  <TASK>
[   12.355219]  dump_stack_lvl+0x73/0xb0
[   12.355251]  print_report+0xd1/0x650
[   12.355274]  ? __virt_addr_valid+0x1db/0x2d0
[   12.355296]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.355319]  ? kasan_addr_to_slab+0x11/0xa0
[   12.355339]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.355363]  kasan_report+0x141/0x180
[   12.355384]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.355413]  __asan_report_store1_noabort+0x1b/0x30
[   12.355438]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.355463]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.355487]  ? finish_task_switch.isra.0+0x153/0x700
[   12.355510]  ? __switch_to+0x47/0xf50
[   12.355535]  ? __schedule+0x10cc/0x2b60
[   12.355556]  ? __pfx_read_tsc+0x10/0x10
[   12.355581]  krealloc_large_less_oob+0x1c/0x30
[   12.355617]  kunit_try_run_case+0x1a5/0x480
[   12.355641]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.355664]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.355687]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.355710]  ? __kthread_parkme+0x82/0x180
[   12.355730]  ? preempt_count_sub+0x50/0x80
[   12.355753]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.355777]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.355803]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.355828]  kthread+0x337/0x6f0
[   12.355846]  ? trace_preempt_on+0x20/0xc0
[   12.355870]  ? __pfx_kthread+0x10/0x10
[   12.355890]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.355910]  ? calculate_sigpending+0x7b/0xa0
[   12.355979]  ? __pfx_kthread+0x10/0x10
[   12.356001]  ret_from_fork+0x116/0x1d0
[   12.356019]  ? __pfx_kthread+0x10/0x10
[   12.356039]  ret_from_fork_asm+0x1a/0x30
[   12.356070]  </TASK>
[   12.356079] 
[   12.366911] The buggy address belongs to the physical page:
[   12.367281] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102974
[   12.367734] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.368333] flags: 0x200000000000040(head|node=0|zone=2)
[   12.368550] page_type: f8(unknown)
[   12.368752] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.369060] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.369383] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.370247] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.370723] head: 0200000000000002 ffffea00040a5d01 00000000ffffffff 00000000ffffffff
[   12.371195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.371488] page dumped because: kasan: bad access detected
[   12.371907] 
[   12.372272] Memory state around the buggy address:
[   12.372479]  ffff888102975f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.372917]  ffff888102976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.373394] >ffff888102976080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.373752]                                                     ^
[   12.374180]  ffff888102976100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.374548]  ffff888102976180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.374942] ==================================================================
[   12.304522] ==================================================================
[   12.305306] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.305877] Write of size 1 at addr ffff8881029760c9 by task kunit_try_catch/180
[   12.306329] 
[   12.306450] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.306492] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.306542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.306562] Call Trace:
[   12.306574]  <TASK>
[   12.306589]  dump_stack_lvl+0x73/0xb0
[   12.306632]  print_report+0xd1/0x650
[   12.306654]  ? __virt_addr_valid+0x1db/0x2d0
[   12.306676]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.306699]  ? kasan_addr_to_slab+0x11/0xa0
[   12.306719]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.306743]  kasan_report+0x141/0x180
[   12.306764]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.306793]  __asan_report_store1_noabort+0x1b/0x30
[   12.306818]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.306844]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.306868]  ? finish_task_switch.isra.0+0x153/0x700
[   12.306891]  ? __switch_to+0x47/0xf50
[   12.306915]  ? __schedule+0x10cc/0x2b60
[   12.306936]  ? __pfx_read_tsc+0x10/0x10
[   12.306959]  krealloc_large_less_oob+0x1c/0x30
[   12.306982]  kunit_try_run_case+0x1a5/0x480
[   12.307005]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.307027]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.307050]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.307073]  ? __kthread_parkme+0x82/0x180
[   12.307093]  ? preempt_count_sub+0x50/0x80
[   12.307116]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.307139]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.307163]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.307188]  kthread+0x337/0x6f0
[   12.307206]  ? trace_preempt_on+0x20/0xc0
[   12.307229]  ? __pfx_kthread+0x10/0x10
[   12.307248]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.307269]  ? calculate_sigpending+0x7b/0xa0
[   12.307293]  ? __pfx_kthread+0x10/0x10
[   12.307545]  ret_from_fork+0x116/0x1d0
[   12.307564]  ? __pfx_kthread+0x10/0x10
[   12.307584]  ret_from_fork_asm+0x1a/0x30
[   12.307626]  </TASK>
[   12.307636] 
[   12.319613] The buggy address belongs to the physical page:
[   12.319881] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102974
[   12.320428] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.320995] flags: 0x200000000000040(head|node=0|zone=2)
[   12.321353] page_type: f8(unknown)
[   12.321685] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.322195] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.322527] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.322872] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.323430] head: 0200000000000002 ffffea00040a5d01 00000000ffffffff 00000000ffffffff
[   12.324019] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.324333] page dumped because: kasan: bad access detected
[   12.324785] 
[   12.324903] Memory state around the buggy address:
[   12.325359]  ffff888102975f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.325893]  ffff888102976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.326235] >ffff888102976080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.326762]                                               ^
[   12.327181]  ffff888102976100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.327538]  ffff888102976180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.327852] ==================================================================
[   12.212634] ==================================================================
[   12.213026] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.213409] Write of size 1 at addr ffff8881003454ea by task kunit_try_catch/176
[   12.213771] 
[   12.213881] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.213983] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.213996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.214015] Call Trace:
[   12.214031]  <TASK>
[   12.214046]  dump_stack_lvl+0x73/0xb0
[   12.214075]  print_report+0xd1/0x650
[   12.214109]  ? __virt_addr_valid+0x1db/0x2d0
[   12.214131]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.214155]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.214190]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.214214]  kasan_report+0x141/0x180
[   12.214235]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.214273]  __asan_report_store1_noabort+0x1b/0x30
[   12.214297]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.214335]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.214359]  ? finish_task_switch.isra.0+0x153/0x700
[   12.214381]  ? __switch_to+0x47/0xf50
[   12.214406]  ? __schedule+0x10cc/0x2b60
[   12.214427]  ? __pfx_read_tsc+0x10/0x10
[   12.214451]  krealloc_less_oob+0x1c/0x30
[   12.214472]  kunit_try_run_case+0x1a5/0x480
[   12.214513]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.214542]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.214566]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.214589]  ? __kthread_parkme+0x82/0x180
[   12.214625]  ? preempt_count_sub+0x50/0x80
[   12.214648]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.214672]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.214696]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.214729]  kthread+0x337/0x6f0
[   12.214747]  ? trace_preempt_on+0x20/0xc0
[   12.214770]  ? __pfx_kthread+0x10/0x10
[   12.214801]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.214822]  ? calculate_sigpending+0x7b/0xa0
[   12.214845]  ? __pfx_kthread+0x10/0x10
[   12.214866]  ret_from_fork+0x116/0x1d0
[   12.214884]  ? __pfx_kthread+0x10/0x10
[   12.214904]  ret_from_fork_asm+0x1a/0x30
[   12.215110]  </TASK>
[   12.215120] 
[   12.223262] Allocated by task 176:
[   12.223452]  kasan_save_stack+0x45/0x70
[   12.223718]  kasan_save_track+0x18/0x40
[   12.224013]  kasan_save_alloc_info+0x3b/0x50
[   12.224261]  __kasan_krealloc+0x190/0x1f0
[   12.224464]  krealloc_noprof+0xf3/0x340
[   12.224683]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.224903]  krealloc_less_oob+0x1c/0x30
[   12.225164]  kunit_try_run_case+0x1a5/0x480
[   12.225389]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.225566]  kthread+0x337/0x6f0
[   12.225726]  ret_from_fork+0x116/0x1d0
[   12.225981]  ret_from_fork_asm+0x1a/0x30
[   12.226185] 
[   12.226278] The buggy address belongs to the object at ffff888100345400
[   12.226278]  which belongs to the cache kmalloc-256 of size 256
[   12.226776] The buggy address is located 33 bytes to the right of
[   12.226776]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   12.227479] 
[   12.227632] The buggy address belongs to the physical page:
[   12.227888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   12.228337] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.228659] flags: 0x200000000000040(head|node=0|zone=2)
[   12.229005] page_type: f5(slab)
[   12.229172] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.229515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.229856] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.230257] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.230625] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   12.231196] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.231567] page dumped because: kasan: bad access detected
[   12.231818] 
[   12.231887] Memory state around the buggy address:
[   12.232206]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.232535]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.232838] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.233084]                                                           ^
[   12.233440]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.233802]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.234160] ==================================================================
[   12.234726] ==================================================================
[   12.235359] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.235748] Write of size 1 at addr ffff8881003454eb by task kunit_try_catch/176
[   12.236048] 
[   12.236218] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.236266] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.236277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.236297] Call Trace:
[   12.236317]  <TASK>
[   12.236337]  dump_stack_lvl+0x73/0xb0
[   12.236369]  print_report+0xd1/0x650
[   12.236392]  ? __virt_addr_valid+0x1db/0x2d0
[   12.236415]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.236439]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.236463]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.236513]  kasan_report+0x141/0x180
[   12.236535]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.236564]  __asan_report_store1_noabort+0x1b/0x30
[   12.236609]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.236635]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.236660]  ? finish_task_switch.isra.0+0x153/0x700
[   12.236683]  ? __switch_to+0x47/0xf50
[   12.236709]  ? __schedule+0x10cc/0x2b60
[   12.236731]  ? __pfx_read_tsc+0x10/0x10
[   12.236756]  krealloc_less_oob+0x1c/0x30
[   12.236777]  kunit_try_run_case+0x1a5/0x480
[   12.236802]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.236825]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.236849]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.236872]  ? __kthread_parkme+0x82/0x180
[   12.236893]  ? preempt_count_sub+0x50/0x80
[   12.236977]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.237017]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.237042]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.237066]  kthread+0x337/0x6f0
[   12.237085]  ? trace_preempt_on+0x20/0xc0
[   12.237109]  ? __pfx_kthread+0x10/0x10
[   12.237130]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.237152]  ? calculate_sigpending+0x7b/0xa0
[   12.237176]  ? __pfx_kthread+0x10/0x10
[   12.237197]  ret_from_fork+0x116/0x1d0
[   12.237215]  ? __pfx_kthread+0x10/0x10
[   12.237235]  ret_from_fork_asm+0x1a/0x30
[   12.237266]  </TASK>
[   12.237276] 
[   12.245154] Allocated by task 176:
[   12.245335]  kasan_save_stack+0x45/0x70
[   12.245584]  kasan_save_track+0x18/0x40
[   12.245820]  kasan_save_alloc_info+0x3b/0x50
[   12.246107]  __kasan_krealloc+0x190/0x1f0
[   12.246268]  krealloc_noprof+0xf3/0x340
[   12.246476]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.246713]  krealloc_less_oob+0x1c/0x30
[   12.247007]  kunit_try_run_case+0x1a5/0x480
[   12.247196]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.247457]  kthread+0x337/0x6f0
[   12.247673]  ret_from_fork+0x116/0x1d0
[   12.247835]  ret_from_fork_asm+0x1a/0x30
[   12.248206] 
[   12.248331] The buggy address belongs to the object at ffff888100345400
[   12.248331]  which belongs to the cache kmalloc-256 of size 256
[   12.248859] The buggy address is located 34 bytes to the right of
[   12.248859]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   12.249384] 
[   12.249460] The buggy address belongs to the physical page:
[   12.249751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   12.250191] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.250507] flags: 0x200000000000040(head|node=0|zone=2)
[   12.250725] page_type: f5(slab)
[   12.250892] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.251321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.251647] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.252004] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.252518] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   12.252881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.253265] page dumped because: kasan: bad access detected
[   12.253527] 
[   12.253634] Memory state around the buggy address:
[   12.253845]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.254216]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.254552] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.254781]                                                           ^
[   12.255102]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.255423]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.255710] ==================================================================
[   12.130405] ==================================================================
[   12.131226] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.131610] Write of size 1 at addr ffff8881003454c9 by task kunit_try_catch/176
[   12.132023] 
[   12.132125] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.132268] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.132280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.132300] Call Trace:
[   12.132312]  <TASK>
[   12.132341]  dump_stack_lvl+0x73/0xb0
[   12.132374]  print_report+0xd1/0x650
[   12.132397]  ? __virt_addr_valid+0x1db/0x2d0
[   12.132420]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.132475]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.132498]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.132558]  kasan_report+0x141/0x180
[   12.132579]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.132625]  __asan_report_store1_noabort+0x1b/0x30
[   12.132651]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.132677]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.132701]  ? finish_task_switch.isra.0+0x153/0x700
[   12.132724]  ? __switch_to+0x47/0xf50
[   12.132751]  ? __schedule+0x10cc/0x2b60
[   12.132773]  ? __pfx_read_tsc+0x10/0x10
[   12.132797]  krealloc_less_oob+0x1c/0x30
[   12.132818]  kunit_try_run_case+0x1a5/0x480
[   12.132843]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.132865]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.132889]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.132913]  ? __kthread_parkme+0x82/0x180
[   12.132994]  ? preempt_count_sub+0x50/0x80
[   12.133018]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.133042]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.133067]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.133092]  kthread+0x337/0x6f0
[   12.133110]  ? trace_preempt_on+0x20/0xc0
[   12.133135]  ? __pfx_kthread+0x10/0x10
[   12.133156]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.133177]  ? calculate_sigpending+0x7b/0xa0
[   12.133201]  ? __pfx_kthread+0x10/0x10
[   12.133222]  ret_from_fork+0x116/0x1d0
[   12.133241]  ? __pfx_kthread+0x10/0x10
[   12.133260]  ret_from_fork_asm+0x1a/0x30
[   12.133292]  </TASK>
[   12.133302] 
[   12.142691] Allocated by task 176:
[   12.142925]  kasan_save_stack+0x45/0x70
[   12.143356]  kasan_save_track+0x18/0x40
[   12.143497]  kasan_save_alloc_info+0x3b/0x50
[   12.143770]  __kasan_krealloc+0x190/0x1f0
[   12.143966]  krealloc_noprof+0xf3/0x340
[   12.144393]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.144834]  krealloc_less_oob+0x1c/0x30
[   12.145185]  kunit_try_run_case+0x1a5/0x480
[   12.145340]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.145722]  kthread+0x337/0x6f0
[   12.146050]  ret_from_fork+0x116/0x1d0
[   12.146222]  ret_from_fork_asm+0x1a/0x30
[   12.146388] 
[   12.146488] The buggy address belongs to the object at ffff888100345400
[   12.146488]  which belongs to the cache kmalloc-256 of size 256
[   12.147654] The buggy address is located 0 bytes to the right of
[   12.147654]  allocated 201-byte region [ffff888100345400, ffff8881003454c9)
[   12.148278] 
[   12.148512] The buggy address belongs to the physical page:
[   12.148869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100344
[   12.149505] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.149972] flags: 0x200000000000040(head|node=0|zone=2)
[   12.150222] page_type: f5(slab)
[   12.150488] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.150841] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.151327] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.151771] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.152273] head: 0200000000000001 ffffea000400d101 00000000ffffffff 00000000ffffffff
[   12.152595] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.152940] page dumped because: kasan: bad access detected
[   12.153524] 
[   12.153674] Memory state around the buggy address:
[   12.153913]  ffff888100345380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.154381]  ffff888100345400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.154778] >ffff888100345480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.155231]                                               ^
[   12.155522]  ffff888100345500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.155822]  ffff888100345580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.156185] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zc2fAgxa2SvAeue0jkCQWn7vUV

job_id

TEST:linaro@lkft#2zc2lcTBxJmBkRbP0LsmwuesywD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zc2lcTBxJmBkRbP0LsmwuesywD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2iJmK5AZxQbPUBI8eOknzMTx/bzImage
sha256sum	0d11f4c26ab10e31dc6843de35281b4bf95f794a4482d9f9237ddfa45c7c3f59

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2iJmK5AZxQbPUBI8eOknzMTx/modules.tar.xz
sha256sum	a7139be3f3122145b6b24141429c87c9bb7bea3073266108fb33100dce65d51a

durations

tests

boot	0
kunit	218.66

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit