lkft/linux-mainline-master - v6.16-rc5-53-g8c2e52ebbe88 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 9, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.567611] ==================================================================
[   16.567662] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.567730] Write of size 1 at addr fff00000c461ceea by task kunit_try_catch/158
[   16.567787] 
[   16.567821] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.567900] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.567934] Hardware name: linux,dummy-virt (DT)
[   16.567965] Call trace:
[   16.567987]  show_stack+0x20/0x38 (C)
[   16.568043]  dump_stack_lvl+0x8c/0xd0
[   16.568105]  print_report+0x118/0x608
[   16.568165]  kasan_report+0xdc/0x128
[   16.568209]  __asan_report_store1_noabort+0x20/0x30
[   16.568259]  krealloc_less_oob_helper+0xae4/0xc50
[   16.568306]  krealloc_less_oob+0x20/0x38
[   16.568350]  kunit_try_run_case+0x170/0x3f0
[   16.568396]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.568446]  kthread+0x328/0x630
[   16.568487]  ret_from_fork+0x10/0x20
[   16.568534] 
[   16.568560] Allocated by task 158:
[   16.568587]  kasan_save_stack+0x3c/0x68
[   16.568627]  kasan_save_track+0x20/0x40
[   16.568663]  kasan_save_alloc_info+0x40/0x58
[   16.568701]  __kasan_krealloc+0x118/0x178
[   16.568737]  krealloc_noprof+0x128/0x360
[   16.568772]  krealloc_less_oob_helper+0x168/0xc50
[   16.568809]  krealloc_less_oob+0x20/0x38
[   16.568844]  kunit_try_run_case+0x170/0x3f0
[   16.568880]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.568920]  kthread+0x328/0x630
[   16.568951]  ret_from_fork+0x10/0x20
[   16.568984] 
[   16.569002] The buggy address belongs to the object at fff00000c461ce00
[   16.569002]  which belongs to the cache kmalloc-256 of size 256
[   16.569055] The buggy address is located 33 bytes to the right of
[   16.569055]  allocated 201-byte region [fff00000c461ce00, fff00000c461cec9)
[   16.569476] 
[   16.569509] The buggy address belongs to the physical page:
[   16.569550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10461c
[   16.569807] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.570081] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.570598] page_type: f5(slab)
[   16.570770] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.570855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.570998] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.571212] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.571349] head: 0bfffe0000000001 ffffc1ffc3118701 00000000ffffffff 00000000ffffffff
[   16.571715] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.571784] page dumped because: kasan: bad access detected
[   16.571948] 
[   16.572037] Memory state around the buggy address:
[   16.572311]  fff00000c461cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.572395]  fff00000c461ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.572436] >fff00000c461ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.572479]                                                           ^
[   16.572517]  fff00000c461cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.572796]  fff00000c461cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.573080] ==================================================================
[   16.630827] ==================================================================
[   16.631206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.631461] Write of size 1 at addr fff00000c77220ea by task kunit_try_catch/162
[   16.631524] 
[   16.631721] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.631816] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.631964] Hardware name: linux,dummy-virt (DT)
[   16.632043] Call trace:
[   16.632145]  show_stack+0x20/0x38 (C)
[   16.632227]  dump_stack_lvl+0x8c/0xd0
[   16.632370]  print_report+0x118/0x608
[   16.632419]  kasan_report+0xdc/0x128
[   16.632463]  __asan_report_store1_noabort+0x20/0x30
[   16.632776]  krealloc_less_oob_helper+0xae4/0xc50
[   16.632907]  krealloc_large_less_oob+0x20/0x38
[   16.633032]  kunit_try_run_case+0x170/0x3f0
[   16.633220]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.633390]  kthread+0x328/0x630
[   16.633847]  ret_from_fork+0x10/0x20
[   16.633934] 
[   16.633963] The buggy address belongs to the physical page:
[   16.633995] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107720
[   16.634047] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.634093] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.634154] page_type: f8(unknown)
[   16.634202] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.634260] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.634317] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.634366] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.634413] head: 0bfffe0000000002 ffffc1ffc31dc801 00000000ffffffff 00000000ffffffff
[   16.634469] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.634507] page dumped because: kasan: bad access detected
[   16.634546] 
[   16.634563] Memory state around the buggy address:
[   16.634592]  fff00000c7721f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.634633]  fff00000c7722000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.634673] >fff00000c7722080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.634721]                                                           ^
[   16.634757]  fff00000c7722100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.634798]  fff00000c7722180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.634849] ==================================================================
[   16.538510] ==================================================================
[   16.538659] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.538755] Write of size 1 at addr fff00000c461cec9 by task kunit_try_catch/158
[   16.539085] 
[   16.539361] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.539450] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.539524] Hardware name: linux,dummy-virt (DT)
[   16.539571] Call trace:
[   16.539600]  show_stack+0x20/0x38 (C)
[   16.539693]  dump_stack_lvl+0x8c/0xd0
[   16.539978]  print_report+0x118/0x608
[   16.540195]  kasan_report+0xdc/0x128
[   16.540341]  __asan_report_store1_noabort+0x20/0x30
[   16.540525]  krealloc_less_oob_helper+0xa48/0xc50
[   16.540684]  krealloc_less_oob+0x20/0x38
[   16.540773]  kunit_try_run_case+0x170/0x3f0
[   16.540841]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.541110]  kthread+0x328/0x630
[   16.541356]  ret_from_fork+0x10/0x20
[   16.541466] 
[   16.541530] Allocated by task 158:
[   16.541666]  kasan_save_stack+0x3c/0x68
[   16.541743]  kasan_save_track+0x20/0x40
[   16.542158]  kasan_save_alloc_info+0x40/0x58
[   16.542242]  __kasan_krealloc+0x118/0x178
[   16.542397]  krealloc_noprof+0x128/0x360
[   16.542468]  krealloc_less_oob_helper+0x168/0xc50
[   16.542521]  krealloc_less_oob+0x20/0x38
[   16.542559]  kunit_try_run_case+0x170/0x3f0
[   16.542596]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.542638]  kthread+0x328/0x630
[   16.542670]  ret_from_fork+0x10/0x20
[   16.542759] 
[   16.542780] The buggy address belongs to the object at fff00000c461ce00
[   16.542780]  which belongs to the cache kmalloc-256 of size 256
[   16.542863] The buggy address is located 0 bytes to the right of
[   16.542863]  allocated 201-byte region [fff00000c461ce00, fff00000c461cec9)
[   16.542926] 
[   16.542947] The buggy address belongs to the physical page:
[   16.542985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10461c
[   16.543041] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.543104] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.543190] page_type: f5(slab)
[   16.543248] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.543305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.543353] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.543409] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.543457] head: 0bfffe0000000001 ffffc1ffc3118701 00000000ffffffff 00000000ffffffff
[   16.543512] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.543550] page dumped because: kasan: bad access detected
[   16.543588] 
[   16.543621] Memory state around the buggy address:
[   16.543653]  fff00000c461cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.544234]  fff00000c461ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.544294] >fff00000c461ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.544538]                                               ^
[   16.545274]  fff00000c461cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.545413]  fff00000c461cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.545475] ==================================================================
[   16.610237] ==================================================================
[   16.610299] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.610352] Write of size 1 at addr fff00000c77220c9 by task kunit_try_catch/162
[   16.610626] 
[   16.610670] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.610751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.610863] Hardware name: linux,dummy-virt (DT)
[   16.610909] Call trace:
[   16.610931]  show_stack+0x20/0x38 (C)
[   16.610997]  dump_stack_lvl+0x8c/0xd0
[   16.611195]  print_report+0x118/0x608
[   16.611257]  kasan_report+0xdc/0x128
[   16.611471]  __asan_report_store1_noabort+0x20/0x30
[   16.611624]  krealloc_less_oob_helper+0xa48/0xc50
[   16.611676]  krealloc_large_less_oob+0x20/0x38
[   16.611741]  kunit_try_run_case+0x170/0x3f0
[   16.611885]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.611937]  kthread+0x328/0x630
[   16.612308]  ret_from_fork+0x10/0x20
[   16.612463] 
[   16.612487] The buggy address belongs to the physical page:
[   16.612751] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107720
[   16.612910] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.613038] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.613272] page_type: f8(unknown)
[   16.613381] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.613829] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.613969] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.614042] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.614241] head: 0bfffe0000000002 ffffc1ffc31dc801 00000000ffffffff 00000000ffffffff
[   16.614597] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.614781] page dumped because: kasan: bad access detected
[   16.614898] 
[   16.615001] Memory state around the buggy address:
[   16.615201]  fff00000c7721f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.615852]  fff00000c7722000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.615917] >fff00000c7722080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.615955]                                               ^
[   16.616147]  fff00000c7722100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.616512]  fff00000c7722180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.616565] ==================================================================
[   16.622688] ==================================================================
[   16.622734] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.623381] Write of size 1 at addr fff00000c77220da by task kunit_try_catch/162
[   16.623596] 
[   16.623640] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.624148] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.624208] Hardware name: linux,dummy-virt (DT)
[   16.624238] Call trace:
[   16.624466]  show_stack+0x20/0x38 (C)
[   16.624670]  dump_stack_lvl+0x8c/0xd0
[   16.624826]  print_report+0x118/0x608
[   16.624941]  kasan_report+0xdc/0x128
[   16.625303]  __asan_report_store1_noabort+0x20/0x30
[   16.625406]  krealloc_less_oob_helper+0xa80/0xc50
[   16.625490]  krealloc_large_less_oob+0x20/0x38
[   16.625653]  kunit_try_run_case+0x170/0x3f0
[   16.625740]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.625964]  kthread+0x328/0x630
[   16.626152]  ret_from_fork+0x10/0x20
[   16.626499] 
[   16.626559] The buggy address belongs to the physical page:
[   16.626600] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107720
[   16.626652] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.626937] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.627459] page_type: f8(unknown)
[   16.627637] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.627689] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.627752] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.627805] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.627852] head: 0bfffe0000000002 ffffc1ffc31dc801 00000000ffffffff 00000000ffffffff
[   16.628162] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.628278] page dumped because: kasan: bad access detected
[   16.628417] 
[   16.628480] Memory state around the buggy address:
[   16.628632]  fff00000c7721f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.628866]  fff00000c7722000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.628933] >fff00000c7722080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.629469]                                                     ^
[   16.629664]  fff00000c7722100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.629751]  fff00000c7722180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.629876] ==================================================================
[   16.618422] ==================================================================
[   16.618475] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.618527] Write of size 1 at addr fff00000c77220d0 by task kunit_try_catch/162
[   16.618862] 
[   16.619175] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.619290] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.619329] Hardware name: linux,dummy-virt (DT)
[   16.619534] Call trace:
[   16.619567]  show_stack+0x20/0x38 (C)
[   16.619639]  dump_stack_lvl+0x8c/0xd0
[   16.619691]  print_report+0x118/0x608
[   16.620043]  kasan_report+0xdc/0x128
[   16.620221]  __asan_report_store1_noabort+0x20/0x30
[   16.620367]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.620420]  krealloc_large_less_oob+0x20/0x38
[   16.620492]  kunit_try_run_case+0x170/0x3f0
[   16.620665]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.620725]  kthread+0x328/0x630
[   16.620767]  ret_from_fork+0x10/0x20
[   16.620837] 
[   16.620858] The buggy address belongs to the physical page:
[   16.620888] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107720
[   16.620965] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.621010] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.621062] page_type: f8(unknown)
[   16.621110] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.621170] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.621234] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.621291] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.621337] head: 0bfffe0000000002 ffffc1ffc31dc801 00000000ffffffff 00000000ffffffff
[   16.621392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.621449] page dumped because: kasan: bad access detected
[   16.621486] 
[   16.621503] Memory state around the buggy address:
[   16.621538]  fff00000c7721f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.621579]  fff00000c7722000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.621620] >fff00000c7722080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.621655]                                                  ^
[   16.621691]  fff00000c7722100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.621746]  fff00000c7722180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.621790] ==================================================================
[   16.547695] ==================================================================
[   16.547805] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.547898] Write of size 1 at addr fff00000c461ced0 by task kunit_try_catch/158
[   16.547957] 
[   16.547997] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.548483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.548560] Hardware name: linux,dummy-virt (DT)
[   16.548592] Call trace:
[   16.548621]  show_stack+0x20/0x38 (C)
[   16.549062]  dump_stack_lvl+0x8c/0xd0
[   16.549303]  print_report+0x118/0x608
[   16.549494]  kasan_report+0xdc/0x128
[   16.549592]  __asan_report_store1_noabort+0x20/0x30
[   16.549953]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.550066]  krealloc_less_oob+0x20/0x38
[   16.550355]  kunit_try_run_case+0x170/0x3f0
[   16.550571]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.550637]  kthread+0x328/0x630
[   16.550788]  ret_from_fork+0x10/0x20
[   16.551036] 
[   16.551150] Allocated by task 158:
[   16.551180]  kasan_save_stack+0x3c/0x68
[   16.551590]  kasan_save_track+0x20/0x40
[   16.551678]  kasan_save_alloc_info+0x40/0x58
[   16.551829]  __kasan_krealloc+0x118/0x178
[   16.552104]  krealloc_noprof+0x128/0x360
[   16.552177]  krealloc_less_oob_helper+0x168/0xc50
[   16.552292]  krealloc_less_oob+0x20/0x38
[   16.552389]  kunit_try_run_case+0x170/0x3f0
[   16.552710]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.552847]  kthread+0x328/0x630
[   16.552954]  ret_from_fork+0x10/0x20
[   16.553080] 
[   16.553182] The buggy address belongs to the object at fff00000c461ce00
[   16.553182]  which belongs to the cache kmalloc-256 of size 256
[   16.553561] The buggy address is located 7 bytes to the right of
[   16.553561]  allocated 201-byte region [fff00000c461ce00, fff00000c461cec9)
[   16.553684] 
[   16.553806] The buggy address belongs to the physical page:
[   16.553864] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10461c
[   16.554277] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.554370] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.554543] page_type: f5(slab)
[   16.554602] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.554971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.555059] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.555405] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.555513] head: 0bfffe0000000001 ffffc1ffc3118701 00000000ffffffff 00000000ffffffff
[   16.555611] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.555652] page dumped because: kasan: bad access detected
[   16.555826] 
[   16.555885] Memory state around the buggy address:
[   16.555918]  fff00000c461cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.556086]  fff00000c461ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.556376] >fff00000c461ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.556502]                                                  ^
[   16.556542]  fff00000c461cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.556811]  fff00000c461cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.556920] ==================================================================
[   16.635062] ==================================================================
[   16.635111] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.635167] Write of size 1 at addr fff00000c77220eb by task kunit_try_catch/162
[   16.635214] 
[   16.635485] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.635847] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.635907] Hardware name: linux,dummy-virt (DT)
[   16.636033] Call trace:
[   16.636272]  show_stack+0x20/0x38 (C)
[   16.636559]  dump_stack_lvl+0x8c/0xd0
[   16.636795]  print_report+0x118/0x608
[   16.636936]  kasan_report+0xdc/0x128
[   16.637306]  __asan_report_store1_noabort+0x20/0x30
[   16.637741]  krealloc_less_oob_helper+0xa58/0xc50
[   16.637825]  krealloc_large_less_oob+0x20/0x38
[   16.637984]  kunit_try_run_case+0x170/0x3f0
[   16.638043]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.639221]  kthread+0x328/0x630
[   16.639300]  ret_from_fork+0x10/0x20
[   16.639739] 
[   16.639828] The buggy address belongs to the physical page:
[   16.639859] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107720
[   16.639916] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.640156] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.640336] page_type: f8(unknown)
[   16.640435] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.640484] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.640623] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.640691] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.640834] head: 0bfffe0000000002 ffffc1ffc31dc801 00000000ffffffff 00000000ffffffff
[   16.640924] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.641159] page dumped because: kasan: bad access detected
[   16.641383] 
[   16.641431] Memory state around the buggy address:
[   16.641487]  fff00000c7721f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.641534]  fff00000c7722000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.641806] >fff00000c7722080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.642005]                                                           ^
[   16.642081]  fff00000c7722100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.642145]  fff00000c7722180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.642292] ==================================================================
[   16.557919] ==================================================================
[   16.558310] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.558373] Write of size 1 at addr fff00000c461ceda by task kunit_try_catch/158
[   16.558563] 
[   16.558674] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.558878] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.558905] Hardware name: linux,dummy-virt (DT)
[   16.558937] Call trace:
[   16.558959]  show_stack+0x20/0x38 (C)
[   16.559017]  dump_stack_lvl+0x8c/0xd0
[   16.559064]  print_report+0x118/0x608
[   16.559110]  kasan_report+0xdc/0x128
[   16.559166]  __asan_report_store1_noabort+0x20/0x30
[   16.559216]  krealloc_less_oob_helper+0xa80/0xc50
[   16.559263]  krealloc_less_oob+0x20/0x38
[   16.559307]  kunit_try_run_case+0x170/0x3f0
[   16.559352]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.559402]  kthread+0x328/0x630
[   16.559443]  ret_from_fork+0x10/0x20
[   16.559489] 
[   16.559506] Allocated by task 158:
[   16.559533]  kasan_save_stack+0x3c/0x68
[   16.559571]  kasan_save_track+0x20/0x40
[   16.559782]  kasan_save_alloc_info+0x40/0x58
[   16.560093]  __kasan_krealloc+0x118/0x178
[   16.560316]  krealloc_noprof+0x128/0x360
[   16.560365]  krealloc_less_oob_helper+0x168/0xc50
[   16.560715]  krealloc_less_oob+0x20/0x38
[   16.560870]  kunit_try_run_case+0x170/0x3f0
[   16.561258]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.561389]  kthread+0x328/0x630
[   16.561884]  ret_from_fork+0x10/0x20
[   16.562242] 
[   16.562300] The buggy address belongs to the object at fff00000c461ce00
[   16.562300]  which belongs to the cache kmalloc-256 of size 256
[   16.562463] The buggy address is located 17 bytes to the right of
[   16.562463]  allocated 201-byte region [fff00000c461ce00, fff00000c461cec9)
[   16.562588] 
[   16.562750] The buggy address belongs to the physical page:
[   16.562944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10461c
[   16.563054] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.563163] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.563281] page_type: f5(slab)
[   16.563634] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.563722] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.563855] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.563973] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.564165] head: 0bfffe0000000001 ffffc1ffc3118701 00000000ffffffff 00000000ffffffff
[   16.564395] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.564659] page dumped because: kasan: bad access detected
[   16.564742] 
[   16.564860] Memory state around the buggy address:
[   16.564967]  fff00000c461cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.565027]  fff00000c461ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.565199] >fff00000c461ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.565412]                                                     ^
[   16.565456]  fff00000c461cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.565910]  fff00000c461cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.566033] ==================================================================
[   16.574592] ==================================================================
[   16.574791] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.574864] Write of size 1 at addr fff00000c461ceeb by task kunit_try_catch/158
[   16.574958] 
[   16.575103] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.575200] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.575253] Hardware name: linux,dummy-virt (DT)
[   16.575403] Call trace:
[   16.575460]  show_stack+0x20/0x38 (C)
[   16.575615]  dump_stack_lvl+0x8c/0xd0
[   16.575673]  print_report+0x118/0x608
[   16.575850]  kasan_report+0xdc/0x128
[   16.575964]  __asan_report_store1_noabort+0x20/0x30
[   16.576146]  krealloc_less_oob_helper+0xa58/0xc50
[   16.576378]  krealloc_less_oob+0x20/0x38
[   16.576602]  kunit_try_run_case+0x170/0x3f0
[   16.576673]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.576875]  kthread+0x328/0x630
[   16.577032]  ret_from_fork+0x10/0x20
[   16.577324] 
[   16.577345] Allocated by task 158:
[   16.577373]  kasan_save_stack+0x3c/0x68
[   16.577451]  kasan_save_track+0x20/0x40
[   16.577964]  kasan_save_alloc_info+0x40/0x58
[   16.578055]  __kasan_krealloc+0x118/0x178
[   16.578227]  krealloc_noprof+0x128/0x360
[   16.578723]  krealloc_less_oob_helper+0x168/0xc50
[   16.578834]  krealloc_less_oob+0x20/0x38
[   16.578930]  kunit_try_run_case+0x170/0x3f0
[   16.578969]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.579196]  kthread+0x328/0x630
[   16.579755]  ret_from_fork+0x10/0x20
[   16.579815] 
[   16.579977] The buggy address belongs to the object at fff00000c461ce00
[   16.579977]  which belongs to the cache kmalloc-256 of size 256
[   16.580050] The buggy address is located 34 bytes to the right of
[   16.580050]  allocated 201-byte region [fff00000c461ce00, fff00000c461cec9)
[   16.580349] 
[   16.580570] The buggy address belongs to the physical page:
[   16.580712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10461c
[   16.580866] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.580972] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.581066] page_type: f5(slab)
[   16.581105] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.581323] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.581377] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.581757] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.581890] head: 0bfffe0000000001 ffffc1ffc3118701 00000000ffffffff 00000000ffffffff
[   16.582006] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.582128] page dumped because: kasan: bad access detected
[   16.582259] 
[   16.582339] Memory state around the buggy address:
[   16.582427]  fff00000c461cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.582552]  fff00000c461ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.582593] >fff00000c461ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.582965]                                                           ^
[   16.583099]  fff00000c461cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.583204]  fff00000c461cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.583274] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zerdbOsDmJGhDOOfcn5MGLINr4

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zerdbOsDmJGhDOOfcn5MGLINr4

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/Image.gz
sha256sum	89f9acb15fbf6e84801bacbda6894745389368cc1918c11b82840929e5945e84

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zeraWtQXXUq7AGlGnaJOh4wfW1/modules.tar.xz
sha256sum	5b8f2c09ed37ecf5f0d0ccdea1b4979c0eea6c192632c1613f6c12550875e5c5

durations

tests

boot	0
kunit	180.51

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.467956] ==================================================================
[   12.468257] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.469327] Write of size 1 at addr ffff888102a320eb by task kunit_try_catch/179
[   12.469677] 
[   12.469793] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.469992] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.470005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.470037] Call Trace:
[   12.470050]  <TASK>
[   12.470075]  dump_stack_lvl+0x73/0xb0
[   12.470104]  print_report+0xd1/0x650
[   12.470125]  ? __virt_addr_valid+0x1db/0x2d0
[   12.470147]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.470171]  ? kasan_addr_to_slab+0x11/0xa0
[   12.470191]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.470215]  kasan_report+0x141/0x180
[   12.470236]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.470265]  __asan_report_store1_noabort+0x1b/0x30
[   12.470289]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.470315]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.470340]  ? finish_task_switch.isra.0+0x153/0x700
[   12.470362]  ? __switch_to+0x47/0xf50
[   12.470386]  ? __schedule+0x10cc/0x2b60
[   12.470408]  ? __pfx_read_tsc+0x10/0x10
[   12.470432]  krealloc_large_less_oob+0x1c/0x30
[   12.470455]  kunit_try_run_case+0x1a5/0x480
[   12.470479]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.470501]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.470524]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.470547]  ? __kthread_parkme+0x82/0x180
[   12.470567]  ? preempt_count_sub+0x50/0x80
[   12.470589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.470613]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.470637]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.470661]  kthread+0x337/0x6f0
[   12.470679]  ? trace_preempt_on+0x20/0xc0
[   12.470716]  ? __pfx_kthread+0x10/0x10
[   12.470736]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.470757]  ? calculate_sigpending+0x7b/0xa0
[   12.470780]  ? __pfx_kthread+0x10/0x10
[   12.470802]  ret_from_fork+0x116/0x1d0
[   12.470820]  ? __pfx_kthread+0x10/0x10
[   12.470841]  ret_from_fork_asm+0x1a/0x30
[   12.470871]  </TASK>
[   12.470880] 
[   12.481672] The buggy address belongs to the physical page:
[   12.482021] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30
[   12.482610] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.483048] flags: 0x200000000000040(head|node=0|zone=2)
[   12.483292] page_type: f8(unknown)
[   12.483459] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.483798] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.484444] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.484779] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.485313] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff
[   12.486080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.486587] page dumped because: kasan: bad access detected
[   12.486960] 
[   12.487055] Memory state around the buggy address:
[   12.487636]  ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.487969]  ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.488435] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.488896]                                                           ^
[   12.489342]  ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.489650]  ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.489967] ==================================================================
[   12.402648] ==================================================================
[   12.402969] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.403527] Write of size 1 at addr ffff888102a320d0 by task kunit_try_catch/179
[   12.403891] 
[   12.403999] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.404098] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.404110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.404129] Call Trace:
[   12.404140]  <TASK>
[   12.404153]  dump_stack_lvl+0x73/0xb0
[   12.404182]  print_report+0xd1/0x650
[   12.404203]  ? __virt_addr_valid+0x1db/0x2d0
[   12.404226]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.404250]  ? kasan_addr_to_slab+0x11/0xa0
[   12.404270]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.404294]  kasan_report+0x141/0x180
[   12.404321]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.404349]  __asan_report_store1_noabort+0x1b/0x30
[   12.404374]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.404424]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.404450]  ? finish_task_switch.isra.0+0x153/0x700
[   12.404472]  ? __switch_to+0x47/0xf50
[   12.404512]  ? __schedule+0x10cc/0x2b60
[   12.404534]  ? __pfx_read_tsc+0x10/0x10
[   12.404571]  krealloc_large_less_oob+0x1c/0x30
[   12.404594]  kunit_try_run_case+0x1a5/0x480
[   12.404631]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.404653]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.404689]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.404735]  ? __kthread_parkme+0x82/0x180
[   12.404755]  ? preempt_count_sub+0x50/0x80
[   12.404778]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.404815]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.404851]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.404889]  kthread+0x337/0x6f0
[   12.404908]  ? trace_preempt_on+0x20/0xc0
[   12.404932]  ? __pfx_kthread+0x10/0x10
[   12.404952]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.404973]  ? calculate_sigpending+0x7b/0xa0
[   12.404995]  ? __pfx_kthread+0x10/0x10
[   12.405016]  ret_from_fork+0x116/0x1d0
[   12.405052]  ? __pfx_kthread+0x10/0x10
[   12.405072]  ret_from_fork_asm+0x1a/0x30
[   12.405102]  </TASK>
[   12.405111] 
[   12.413363] The buggy address belongs to the physical page:
[   12.413620] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30
[   12.413970] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.414195] flags: 0x200000000000040(head|node=0|zone=2)
[   12.414596] page_type: f8(unknown)
[   12.414786] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.415547] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.416462] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.416876] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.417465] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff
[   12.417960] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.418307] page dumped because: kasan: bad access detected
[   12.418685] 
[   12.418774] Memory state around the buggy address:
[   12.418930]  ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.419838]  ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.420749] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.421630]                                                  ^
[   12.422310]  ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.422692]  ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.422922] ==================================================================
[   12.311162] ==================================================================
[   12.311478] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.311843] Write of size 1 at addr ffff888100aa1aeb by task kunit_try_catch/175
[   12.312152] 
[   12.312253] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.312291] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.312302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.312325] Call Trace:
[   12.312338]  <TASK>
[   12.312353]  dump_stack_lvl+0x73/0xb0
[   12.312379]  print_report+0xd1/0x650
[   12.312400]  ? __virt_addr_valid+0x1db/0x2d0
[   12.312421]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.312445]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.312467]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.312492]  kasan_report+0x141/0x180
[   12.312513]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.312541]  __asan_report_store1_noabort+0x1b/0x30
[   12.312566]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.312591]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.312615]  ? finish_task_switch.isra.0+0x153/0x700
[   12.312638]  ? __switch_to+0x47/0xf50
[   12.312662]  ? __schedule+0x10cc/0x2b60
[   12.312683]  ? __pfx_read_tsc+0x10/0x10
[   12.312717]  krealloc_less_oob+0x1c/0x30
[   12.312738]  kunit_try_run_case+0x1a5/0x480
[   12.312761]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.312783]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.312806]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.312829]  ? __kthread_parkme+0x82/0x180
[   12.312850]  ? preempt_count_sub+0x50/0x80
[   12.312873]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.312896]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.312920]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.312944]  kthread+0x337/0x6f0
[   12.312962]  ? trace_preempt_on+0x20/0xc0
[   12.312985]  ? __pfx_kthread+0x10/0x10
[   12.313005]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.313310]  ? calculate_sigpending+0x7b/0xa0
[   12.313346]  ? __pfx_kthread+0x10/0x10
[   12.313368]  ret_from_fork+0x116/0x1d0
[   12.313387]  ? __pfx_kthread+0x10/0x10
[   12.313407]  ret_from_fork_asm+0x1a/0x30
[   12.313438]  </TASK>
[   12.313447] 
[   12.321228] Allocated by task 175:
[   12.321430]  kasan_save_stack+0x45/0x70
[   12.321637]  kasan_save_track+0x18/0x40
[   12.321812]  kasan_save_alloc_info+0x3b/0x50
[   12.322100]  __kasan_krealloc+0x190/0x1f0
[   12.322258]  krealloc_noprof+0xf3/0x340
[   12.322392]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.322597]  krealloc_less_oob+0x1c/0x30
[   12.322804]  kunit_try_run_case+0x1a5/0x480
[   12.323191]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.323423]  kthread+0x337/0x6f0
[   12.323593]  ret_from_fork+0x116/0x1d0
[   12.323818]  ret_from_fork_asm+0x1a/0x30
[   12.324151] 
[   12.324272] The buggy address belongs to the object at ffff888100aa1a00
[   12.324272]  which belongs to the cache kmalloc-256 of size 256
[   12.324769] The buggy address is located 34 bytes to the right of
[   12.324769]  allocated 201-byte region [ffff888100aa1a00, ffff888100aa1ac9)
[   12.325384] 
[   12.325458] The buggy address belongs to the physical page:
[   12.325630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   12.325982] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.326303] flags: 0x200000000000040(head|node=0|zone=2)
[   12.327754] page_type: f5(slab)
[   12.327907] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.328131] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.328363] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.328587] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.328824] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   12.329944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.330601] page dumped because: kasan: bad access detected
[   12.331786] 
[   12.332106] Memory state around the buggy address:
[   12.332985]  ffff888100aa1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.334011]  ffff888100aa1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.334289] >ffff888100aa1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.334507]                                                           ^
[   12.334718]  ffff888100aa1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.334931]  ffff888100aa1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.335977] ==================================================================
[   12.423223] ==================================================================
[   12.423612] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.424019] Write of size 1 at addr ffff888102a320da by task kunit_try_catch/179
[   12.424293] 
[   12.424382] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.424422] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.424432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.424450] Call Trace:
[   12.424463]  <TASK>
[   12.424476]  dump_stack_lvl+0x73/0xb0
[   12.424504]  print_report+0xd1/0x650
[   12.424526]  ? __virt_addr_valid+0x1db/0x2d0
[   12.424548]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.424572]  ? kasan_addr_to_slab+0x11/0xa0
[   12.424846]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.424889]  kasan_report+0x141/0x180
[   12.424913]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.424941]  __asan_report_store1_noabort+0x1b/0x30
[   12.424966]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.424992]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.425016]  ? finish_task_switch.isra.0+0x153/0x700
[   12.425323]  ? __switch_to+0x47/0xf50
[   12.425349]  ? __schedule+0x10cc/0x2b60
[   12.425370]  ? __pfx_read_tsc+0x10/0x10
[   12.425393]  krealloc_large_less_oob+0x1c/0x30
[   12.425417]  kunit_try_run_case+0x1a5/0x480
[   12.425440]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.425463]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.425485]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.425510]  ? __kthread_parkme+0x82/0x180
[   12.425529]  ? preempt_count_sub+0x50/0x80
[   12.425552]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.425576]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.425599]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.425624]  kthread+0x337/0x6f0
[   12.425642]  ? trace_preempt_on+0x20/0xc0
[   12.425665]  ? __pfx_kthread+0x10/0x10
[   12.425685]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.425719]  ? calculate_sigpending+0x7b/0xa0
[   12.425742]  ? __pfx_kthread+0x10/0x10
[   12.425762]  ret_from_fork+0x116/0x1d0
[   12.425780]  ? __pfx_kthread+0x10/0x10
[   12.425800]  ret_from_fork_asm+0x1a/0x30
[   12.425830]  </TASK>
[   12.425839] 
[   12.437088] The buggy address belongs to the physical page:
[   12.437360] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30
[   12.437699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.438295] flags: 0x200000000000040(head|node=0|zone=2)
[   12.438626] page_type: f8(unknown)
[   12.438894] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.439490] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.439908] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.440386] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.440741] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff
[   12.441060] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.441400] page dumped because: kasan: bad access detected
[   12.441645] 
[   12.441749] Memory state around the buggy address:
[   12.442211]  ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.442506]  ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.442921] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.443455]                                                     ^
[   12.443826]  ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.444257]  ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.444692] ==================================================================
[   12.289654] ==================================================================
[   12.289988] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.290481] Write of size 1 at addr ffff888100aa1aea by task kunit_try_catch/175
[   12.290772] 
[   12.290857] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.290895] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.290906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.290925] Call Trace:
[   12.290936]  <TASK>
[   12.290949]  dump_stack_lvl+0x73/0xb0
[   12.290974]  print_report+0xd1/0x650
[   12.290995]  ? __virt_addr_valid+0x1db/0x2d0
[   12.291101]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.291127]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.291152]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.291176]  kasan_report+0x141/0x180
[   12.291198]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.291226]  __asan_report_store1_noabort+0x1b/0x30
[   12.291251]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.291276]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.291301]  ? finish_task_switch.isra.0+0x153/0x700
[   12.291323]  ? __switch_to+0x47/0xf50
[   12.291347]  ? __schedule+0x10cc/0x2b60
[   12.291368]  ? __pfx_read_tsc+0x10/0x10
[   12.291391]  krealloc_less_oob+0x1c/0x30
[   12.291412]  kunit_try_run_case+0x1a5/0x480
[   12.291436]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.291458]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.291481]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.291506]  ? __kthread_parkme+0x82/0x180
[   12.291525]  ? preempt_count_sub+0x50/0x80
[   12.291549]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.291574]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.291599]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.291624]  kthread+0x337/0x6f0
[   12.291642]  ? trace_preempt_on+0x20/0xc0
[   12.291667]  ? __pfx_kthread+0x10/0x10
[   12.291687]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.291719]  ? calculate_sigpending+0x7b/0xa0
[   12.291745]  ? __pfx_kthread+0x10/0x10
[   12.291767]  ret_from_fork+0x116/0x1d0
[   12.291786]  ? __pfx_kthread+0x10/0x10
[   12.291807]  ret_from_fork_asm+0x1a/0x30
[   12.291838]  </TASK>
[   12.291848] 
[   12.299946] Allocated by task 175:
[   12.300302]  kasan_save_stack+0x45/0x70
[   12.300496]  kasan_save_track+0x18/0x40
[   12.300663]  kasan_save_alloc_info+0x3b/0x50
[   12.300884]  __kasan_krealloc+0x190/0x1f0
[   12.301089]  krealloc_noprof+0xf3/0x340
[   12.301254]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.301463]  krealloc_less_oob+0x1c/0x30
[   12.301602]  kunit_try_run_case+0x1a5/0x480
[   12.301813]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.302079]  kthread+0x337/0x6f0
[   12.302248]  ret_from_fork+0x116/0x1d0
[   12.302392]  ret_from_fork_asm+0x1a/0x30
[   12.302563] 
[   12.302655] The buggy address belongs to the object at ffff888100aa1a00
[   12.302655]  which belongs to the cache kmalloc-256 of size 256
[   12.303285] The buggy address is located 33 bytes to the right of
[   12.303285]  allocated 201-byte region [ffff888100aa1a00, ffff888100aa1ac9)
[   12.303781] 
[   12.303880] The buggy address belongs to the physical page:
[   12.304179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   12.304476] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.304712] flags: 0x200000000000040(head|node=0|zone=2)
[   12.304885] page_type: f5(slab)
[   12.305002] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.305417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.305767] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.306298] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.306644] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   12.306923] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.307234] page dumped because: kasan: bad access detected
[   12.307491] 
[   12.307584] Memory state around the buggy address:
[   12.307816]  ffff888100aa1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.308207]  ffff888100aa1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.308521] >ffff888100aa1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.308794]                                                           ^
[   12.309111]  ffff888100aa1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.309402]  ffff888100aa1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.309679] ==================================================================
[   12.445369] ==================================================================
[   12.445674] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.446036] Write of size 1 at addr ffff888102a320ea by task kunit_try_catch/179
[   12.446920] 
[   12.447034] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.447075] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.447086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.447104] Call Trace:
[   12.447208]  <TASK>
[   12.447227]  dump_stack_lvl+0x73/0xb0
[   12.447257]  print_report+0xd1/0x650
[   12.447359]  ? __virt_addr_valid+0x1db/0x2d0
[   12.447385]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.447409]  ? kasan_addr_to_slab+0x11/0xa0
[   12.447429]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.447454]  kasan_report+0x141/0x180
[   12.447475]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.447504]  __asan_report_store1_noabort+0x1b/0x30
[   12.447529]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.447554]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.447579]  ? finish_task_switch.isra.0+0x153/0x700
[   12.447601]  ? __switch_to+0x47/0xf50
[   12.447624]  ? __schedule+0x10cc/0x2b60
[   12.447646]  ? __pfx_read_tsc+0x10/0x10
[   12.447669]  krealloc_large_less_oob+0x1c/0x30
[   12.447692]  kunit_try_run_case+0x1a5/0x480
[   12.447727]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.447749]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.447772]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.447795]  ? __kthread_parkme+0x82/0x180
[   12.447816]  ? preempt_count_sub+0x50/0x80
[   12.447839]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.447863]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.447886]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.447911]  kthread+0x337/0x6f0
[   12.447929]  ? trace_preempt_on+0x20/0xc0
[   12.447952]  ? __pfx_kthread+0x10/0x10
[   12.447971]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.447992]  ? calculate_sigpending+0x7b/0xa0
[   12.448015]  ? __pfx_kthread+0x10/0x10
[   12.448062]  ret_from_fork+0x116/0x1d0
[   12.448090]  ? __pfx_kthread+0x10/0x10
[   12.448110]  ret_from_fork_asm+0x1a/0x30
[   12.448140]  </TASK>
[   12.448150] 
[   12.459364] The buggy address belongs to the physical page:
[   12.459630] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30
[   12.459961] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.460722] flags: 0x200000000000040(head|node=0|zone=2)
[   12.461077] page_type: f8(unknown)
[   12.461438] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.461802] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.462361] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.462835] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.463316] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff
[   12.463788] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.464236] page dumped because: kasan: bad access detected
[   12.464486] 
[   12.464570] Memory state around the buggy address:
[   12.464814]  ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.465479]  ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.465786] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.466417]                                                           ^
[   12.466843]  ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.467256]  ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.467574] ==================================================================
[   12.228764] ==================================================================
[   12.229228] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.229549] Write of size 1 at addr ffff888100aa1ac9 by task kunit_try_catch/175
[   12.229843] 
[   12.229952] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.229994] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.230004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.230024] Call Trace:
[   12.230035]  <TASK>
[   12.230052]  dump_stack_lvl+0x73/0xb0
[   12.230079]  print_report+0xd1/0x650
[   12.230100]  ? __virt_addr_valid+0x1db/0x2d0
[   12.230121]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.230144]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.230165]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.230188]  kasan_report+0x141/0x180
[   12.230208]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.230235]  __asan_report_store1_noabort+0x1b/0x30
[   12.230258]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.230283]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.230306]  ? finish_task_switch.isra.0+0x153/0x700
[   12.230328]  ? __switch_to+0x47/0xf50
[   12.230352]  ? __schedule+0x10cc/0x2b60
[   12.230373]  ? __pfx_read_tsc+0x10/0x10
[   12.230396]  krealloc_less_oob+0x1c/0x30
[   12.230416]  kunit_try_run_case+0x1a5/0x480
[   12.230439]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.230460]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.230483]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.230504]  ? __kthread_parkme+0x82/0x180
[   12.230524]  ? preempt_count_sub+0x50/0x80
[   12.230545]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.230568]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.230589]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.230612]  kthread+0x337/0x6f0
[   12.230629]  ? trace_preempt_on+0x20/0xc0
[   12.230652]  ? __pfx_kthread+0x10/0x10
[   12.230671]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.230691]  ? calculate_sigpending+0x7b/0xa0
[   12.230750]  ? __pfx_kthread+0x10/0x10
[   12.230792]  ret_from_fork+0x116/0x1d0
[   12.230810]  ? __pfx_kthread+0x10/0x10
[   12.230859]  ret_from_fork_asm+0x1a/0x30
[   12.230890]  </TASK>
[   12.230899] 
[   12.238269] Allocated by task 175:
[   12.238450]  kasan_save_stack+0x45/0x70
[   12.238657]  kasan_save_track+0x18/0x40
[   12.238853]  kasan_save_alloc_info+0x3b/0x50
[   12.239114]  __kasan_krealloc+0x190/0x1f0
[   12.239288]  krealloc_noprof+0xf3/0x340
[   12.239461]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.239685]  krealloc_less_oob+0x1c/0x30
[   12.239833]  kunit_try_run_case+0x1a5/0x480
[   12.239978]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.240282]  kthread+0x337/0x6f0
[   12.240458]  ret_from_fork+0x116/0x1d0
[   12.240647]  ret_from_fork_asm+0x1a/0x30
[   12.240849] 
[   12.240928] The buggy address belongs to the object at ffff888100aa1a00
[   12.240928]  which belongs to the cache kmalloc-256 of size 256
[   12.241531] The buggy address is located 0 bytes to the right of
[   12.241531]  allocated 201-byte region [ffff888100aa1a00, ffff888100aa1ac9)
[   12.241916] 
[   12.242091] The buggy address belongs to the physical page:
[   12.242350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   12.242716] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.243135] flags: 0x200000000000040(head|node=0|zone=2)
[   12.243392] page_type: f5(slab)
[   12.243564] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.243923] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.244288] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.244526] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.244795] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   12.245208] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.245547] page dumped because: kasan: bad access detected
[   12.245808] 
[   12.245901] Memory state around the buggy address:
[   12.246261]  ffff888100aa1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.246510]  ffff888100aa1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.246846] >ffff888100aa1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.247174]                                               ^
[   12.247435]  ffff888100aa1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.247762]  ffff888100aa1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.248115] ==================================================================
[   12.269465] ==================================================================
[   12.269818] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.270364] Write of size 1 at addr ffff888100aa1ada by task kunit_try_catch/175
[   12.270666] 
[   12.270793] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.270832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.270843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.270862] Call Trace:
[   12.270875]  <TASK>
[   12.270889]  dump_stack_lvl+0x73/0xb0
[   12.270917]  print_report+0xd1/0x650
[   12.270939]  ? __virt_addr_valid+0x1db/0x2d0
[   12.270960]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.270983]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.271006]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.271110]  kasan_report+0x141/0x180
[   12.271132]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.271161]  __asan_report_store1_noabort+0x1b/0x30
[   12.271186]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.271212]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.271236]  ? finish_task_switch.isra.0+0x153/0x700
[   12.271258]  ? __switch_to+0x47/0xf50
[   12.271282]  ? __schedule+0x10cc/0x2b60
[   12.271303]  ? __pfx_read_tsc+0x10/0x10
[   12.271326]  krealloc_less_oob+0x1c/0x30
[   12.271349]  kunit_try_run_case+0x1a5/0x480
[   12.271372]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.271395]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.271418]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.271441]  ? __kthread_parkme+0x82/0x180
[   12.271460]  ? preempt_count_sub+0x50/0x80
[   12.271483]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.271507]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.271530]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.271555]  kthread+0x337/0x6f0
[   12.271573]  ? trace_preempt_on+0x20/0xc0
[   12.271596]  ? __pfx_kthread+0x10/0x10
[   12.271616]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.271637]  ? calculate_sigpending+0x7b/0xa0
[   12.271660]  ? __pfx_kthread+0x10/0x10
[   12.271681]  ret_from_fork+0x116/0x1d0
[   12.271698]  ? __pfx_kthread+0x10/0x10
[   12.271729]  ret_from_fork_asm+0x1a/0x30
[   12.271760]  </TASK>
[   12.271770] 
[   12.279331] Allocated by task 175:
[   12.279460]  kasan_save_stack+0x45/0x70
[   12.279604]  kasan_save_track+0x18/0x40
[   12.279755]  kasan_save_alloc_info+0x3b/0x50
[   12.279967]  __kasan_krealloc+0x190/0x1f0
[   12.280406]  krealloc_noprof+0xf3/0x340
[   12.280613]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.280857]  krealloc_less_oob+0x1c/0x30
[   12.281123]  kunit_try_run_case+0x1a5/0x480
[   12.281274]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.281450]  kthread+0x337/0x6f0
[   12.281613]  ret_from_fork+0x116/0x1d0
[   12.281810]  ret_from_fork_asm+0x1a/0x30
[   12.282006] 
[   12.282175] The buggy address belongs to the object at ffff888100aa1a00
[   12.282175]  which belongs to the cache kmalloc-256 of size 256
[   12.282686] The buggy address is located 17 bytes to the right of
[   12.282686]  allocated 201-byte region [ffff888100aa1a00, ffff888100aa1ac9)
[   12.283247] 
[   12.283320] The buggy address belongs to the physical page:
[   12.283491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   12.283856] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.284277] flags: 0x200000000000040(head|node=0|zone=2)
[   12.284517] page_type: f5(slab)
[   12.284688] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.284939] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.285412] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.285769] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.286196] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   12.286536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.286874] page dumped because: kasan: bad access detected
[   12.287117] 
[   12.287188] Memory state around the buggy address:
[   12.287342]  ffff888100aa1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.287661]  ffff888100aa1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.287998] >ffff888100aa1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.288387]                                                     ^
[   12.288617]  ffff888100aa1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.288915]  ffff888100aa1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.289262] ==================================================================
[   12.249194] ==================================================================
[   12.249481] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.249741] Write of size 1 at addr ffff888100aa1ad0 by task kunit_try_catch/175
[   12.250071] 
[   12.250180] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.250219] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.250229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.250248] Call Trace:
[   12.250259]  <TASK>
[   12.250272]  dump_stack_lvl+0x73/0xb0
[   12.250297]  print_report+0xd1/0x650
[   12.250317]  ? __virt_addr_valid+0x1db/0x2d0
[   12.250338]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.250360]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.250381]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.250403]  kasan_report+0x141/0x180
[   12.250424]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.250451]  __asan_report_store1_noabort+0x1b/0x30
[   12.250474]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.250498]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.250521]  ? finish_task_switch.isra.0+0x153/0x700
[   12.250541]  ? __switch_to+0x47/0xf50
[   12.250565]  ? __schedule+0x10cc/0x2b60
[   12.250586]  ? __pfx_read_tsc+0x10/0x10
[   12.250608]  krealloc_less_oob+0x1c/0x30
[   12.250628]  kunit_try_run_case+0x1a5/0x480
[   12.250650]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.250671]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.250692]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.250853]  ? __kthread_parkme+0x82/0x180
[   12.250877]  ? preempt_count_sub+0x50/0x80
[   12.250899]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.250923]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.250948]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.250972]  kthread+0x337/0x6f0
[   12.250990]  ? trace_preempt_on+0x20/0xc0
[   12.251340]  ? __pfx_kthread+0x10/0x10
[   12.251368]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.251390]  ? calculate_sigpending+0x7b/0xa0
[   12.251413]  ? __pfx_kthread+0x10/0x10
[   12.251434]  ret_from_fork+0x116/0x1d0
[   12.251452]  ? __pfx_kthread+0x10/0x10
[   12.251472]  ret_from_fork_asm+0x1a/0x30
[   12.251502]  </TASK>
[   12.251511] 
[   12.259071] Allocated by task 175:
[   12.259246]  kasan_save_stack+0x45/0x70
[   12.259457]  kasan_save_track+0x18/0x40
[   12.259655]  kasan_save_alloc_info+0x3b/0x50
[   12.259877]  __kasan_krealloc+0x190/0x1f0
[   12.260267]  krealloc_noprof+0xf3/0x340
[   12.260474]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.260671]  krealloc_less_oob+0x1c/0x30
[   12.260871]  kunit_try_run_case+0x1a5/0x480
[   12.261155]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.261377]  kthread+0x337/0x6f0
[   12.261539]  ret_from_fork+0x116/0x1d0
[   12.261725]  ret_from_fork_asm+0x1a/0x30
[   12.261906] 
[   12.262005] The buggy address belongs to the object at ffff888100aa1a00
[   12.262005]  which belongs to the cache kmalloc-256 of size 256
[   12.262544] The buggy address is located 7 bytes to the right of
[   12.262544]  allocated 201-byte region [ffff888100aa1a00, ffff888100aa1ac9)
[   12.263076] 
[   12.263183] The buggy address belongs to the physical page:
[   12.263437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0
[   12.263783] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.264153] flags: 0x200000000000040(head|node=0|zone=2)
[   12.264388] page_type: f5(slab)
[   12.264530] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.264775] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.265006] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.265546] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.265898] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff
[   12.266321] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.266658] page dumped because: kasan: bad access detected
[   12.266918] 
[   12.267072] Memory state around the buggy address:
[   12.267278]  ffff888100aa1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.267557]  ffff888100aa1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.267856] >ffff888100aa1a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.268203]                                                  ^
[   12.268447]  ffff888100aa1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.268681]  ffff888100aa1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.268902] ==================================================================
[   12.384802] ==================================================================
[   12.385347] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.386070] Write of size 1 at addr ffff888102a320c9 by task kunit_try_catch/179
[   12.386581] 
[   12.386714] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.386758] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.386769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.386790] Call Trace:
[   12.386801]  <TASK>
[   12.386818]  dump_stack_lvl+0x73/0xb0
[   12.386850]  print_report+0xd1/0x650
[   12.386873]  ? __virt_addr_valid+0x1db/0x2d0
[   12.386896]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.386920]  ? kasan_addr_to_slab+0x11/0xa0
[   12.386941]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.386965]  kasan_report+0x141/0x180
[   12.386986]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.387015]  __asan_report_store1_noabort+0x1b/0x30
[   12.387040]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.387066]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.387103]  ? finish_task_switch.isra.0+0x153/0x700
[   12.387128]  ? __switch_to+0x47/0xf50
[   12.387154]  ? __schedule+0x10cc/0x2b60
[   12.387175]  ? __pfx_read_tsc+0x10/0x10
[   12.387200]  krealloc_large_less_oob+0x1c/0x30
[   12.387223]  kunit_try_run_case+0x1a5/0x480
[   12.387248]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.387270]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.387294]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.387317]  ? __kthread_parkme+0x82/0x180
[   12.387338]  ? preempt_count_sub+0x50/0x80
[   12.387360]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.387384]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.387408]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.387433]  kthread+0x337/0x6f0
[   12.387452]  ? trace_preempt_on+0x20/0xc0
[   12.387475]  ? __pfx_kthread+0x10/0x10
[   12.387495]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.387516]  ? calculate_sigpending+0x7b/0xa0
[   12.387540]  ? __pfx_kthread+0x10/0x10
[   12.387561]  ret_from_fork+0x116/0x1d0
[   12.387579]  ? __pfx_kthread+0x10/0x10
[   12.387599]  ret_from_fork_asm+0x1a/0x30
[   12.387630]  </TASK>
[   12.387639] 
[   12.395576] The buggy address belongs to the physical page:
[   12.395864] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30
[   12.396247] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.396582] flags: 0x200000000000040(head|node=0|zone=2)
[   12.396816] page_type: f8(unknown)
[   12.396992] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.397406] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.397763] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.398234] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.398764] head: 0200000000000002 ffffea00040a8c01 00000000ffffffff 00000000ffffffff
[   12.399132] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.399459] page dumped because: kasan: bad access detected
[   12.399715] 
[   12.399804] Memory state around the buggy address:
[   12.399953]  ffff888102a31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.400161]  ffff888102a32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.400555] >ffff888102a32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.400905]                                               ^
[   12.401282]  ffff888102a32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.401687]  ffff888102a32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.402014] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zerZPZczpDOYcefs6dALqh6Fpn

job_id

TEST:linaro@lkft#2zereWNnRLZAeOdMUNpobIiLjyq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zereWNnRLZAeOdMUNpobIiLjyq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/bzImage
sha256sum	268854fffad98cae17f08a82775371eb2820b0ac8cc4163845be9ad2651ac2eb

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zerbWFzcqSAFp8nphuQhLi402X/modules.tar.xz
sha256sum	3fdcd4639617aa7b9c8fff27fe84557c223c48cd8b5930857481938554180465

durations

tests

boot	0
kunit	211.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit