lkft/linux-mainline-master - v6.16-rc6-121-g6832a9317eee - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 17, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   16.515758] ==================================================================
[   16.515843] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.515925] Write of size 1 at addr fff00000c78a60c9 by task kunit_try_catch/162
[   16.515973] 
[   16.516004] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.516081] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.516115] Hardware name: linux,dummy-virt (DT)
[   16.516153] Call trace:
[   16.516182]  show_stack+0x20/0x38 (C)
[   16.516231]  dump_stack_lvl+0x8c/0xd0
[   16.516277]  print_report+0x118/0x5d0
[   16.516323]  kasan_report+0xdc/0x128
[   16.516368]  __asan_report_store1_noabort+0x20/0x30
[   16.516418]  krealloc_less_oob_helper+0xa48/0xc50
[   16.516465]  krealloc_large_less_oob+0x20/0x38
[   16.516511]  kunit_try_run_case+0x170/0x3f0
[   16.516558]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.516609]  kthread+0x328/0x630
[   16.516649]  ret_from_fork+0x10/0x20
[   16.516695] 
[   16.516725] The buggy address belongs to the physical page:
[   16.516756] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a4
[   16.516807] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.516858] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.517632] page_type: f8(unknown)
[   16.517721] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.517843] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.517957] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.518043] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.518149] head: 0bfffe0000000002 ffffc1ffc31e2901 00000000ffffffff 00000000ffffffff
[   16.518216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.518311] page dumped because: kasan: bad access detected
[   16.518369] 
[   16.518386] Memory state around the buggy address:
[   16.518417]  fff00000c78a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.518457]  fff00000c78a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.518497] >fff00000c78a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.518532]                                               ^
[   16.518565]  fff00000c78a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.518604]  fff00000c78a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.518640] ==================================================================
[   16.471046] ==================================================================
[   16.471166] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.471230] Write of size 1 at addr fff00000c0b980d0 by task kunit_try_catch/158
[   16.471277] 
[   16.471307] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.471389] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.471414] Hardware name: linux,dummy-virt (DT)
[   16.471443] Call trace:
[   16.471625]  show_stack+0x20/0x38 (C)
[   16.471755]  dump_stack_lvl+0x8c/0xd0
[   16.471811]  print_report+0x118/0x5d0
[   16.471956]  kasan_report+0xdc/0x128
[   16.472006]  __asan_report_store1_noabort+0x20/0x30
[   16.472061]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.472268]  krealloc_less_oob+0x20/0x38
[   16.472444]  kunit_try_run_case+0x170/0x3f0
[   16.472522]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.472580]  kthread+0x328/0x630
[   16.472620]  ret_from_fork+0x10/0x20
[   16.472687] 
[   16.472729] Allocated by task 158:
[   16.472757]  kasan_save_stack+0x3c/0x68
[   16.472798]  kasan_save_track+0x20/0x40
[   16.472834]  kasan_save_alloc_info+0x40/0x58
[   16.472884]  __kasan_krealloc+0x118/0x178
[   16.472930]  krealloc_noprof+0x128/0x360
[   16.472975]  krealloc_less_oob_helper+0x168/0xc50
[   16.473013]  krealloc_less_oob+0x20/0x38
[   16.473056]  kunit_try_run_case+0x170/0x3f0
[   16.473100]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.473141]  kthread+0x328/0x630
[   16.473178]  ret_from_fork+0x10/0x20
[   16.473229] 
[   16.473247] The buggy address belongs to the object at fff00000c0b98000
[   16.473247]  which belongs to the cache kmalloc-256 of size 256
[   16.473316] The buggy address is located 7 bytes to the right of
[   16.473316]  allocated 201-byte region [fff00000c0b98000, fff00000c0b980c9)
[   16.473376] 
[   16.473396] The buggy address belongs to the physical page:
[   16.473432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b98
[   16.473491] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.473550] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.473604] page_type: f5(slab)
[   16.473659] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.473707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.473764] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.473810] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.473857] head: 0bfffe0000000001 ffffc1ffc302e601 00000000ffffffff 00000000ffffffff
[   16.474290] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.474566] page dumped because: kasan: bad access detected
[   16.474656] 
[   16.474724] Memory state around the buggy address:
[   16.474756]  fff00000c0b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.474969]  fff00000c0b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.475171] >fff00000c0b98080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.475333]                                                  ^
[   16.475423]  fff00000c0b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.475574]  fff00000c0b98180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.475627] ==================================================================
[   16.526662] ==================================================================
[   16.526833] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.526934] Write of size 1 at addr fff00000c78a60ea by task kunit_try_catch/162
[   16.527022] 
[   16.527048] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.527120] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.527203] Hardware name: linux,dummy-virt (DT)
[   16.527278] Call trace:
[   16.527327]  show_stack+0x20/0x38 (C)
[   16.527375]  dump_stack_lvl+0x8c/0xd0
[   16.527420]  print_report+0x118/0x5d0
[   16.527464]  kasan_report+0xdc/0x128
[   16.527507]  __asan_report_store1_noabort+0x20/0x30
[   16.527556]  krealloc_less_oob_helper+0xae4/0xc50
[   16.527602]  krealloc_large_less_oob+0x20/0x38
[   16.527666]  kunit_try_run_case+0x170/0x3f0
[   16.527714]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.527771]  kthread+0x328/0x630
[   16.527811]  ret_from_fork+0x10/0x20
[   16.527856] 
[   16.527885] The buggy address belongs to the physical page:
[   16.527923] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a4
[   16.527974] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.528078] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.528209] page_type: f8(unknown)
[   16.528350] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.528476] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.528526] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.528572] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.528619] head: 0bfffe0000000002 ffffc1ffc31e2901 00000000ffffffff 00000000ffffffff
[   16.528674] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.528714] page dumped because: kasan: bad access detected
[   16.528743] 
[   16.528760] Memory state around the buggy address:
[   16.528789]  fff00000c78a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.528829]  fff00000c78a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.528898] >fff00000c78a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.528934]                                                           ^
[   16.528997]  fff00000c78a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.529076]  fff00000c78a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.529184] ==================================================================
[   16.529717] ==================================================================
[   16.529786] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.529831] Write of size 1 at addr fff00000c78a60eb by task kunit_try_catch/162
[   16.529890] 
[   16.529919] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.529993] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.530018] Hardware name: linux,dummy-virt (DT)
[   16.530046] Call trace:
[   16.530065]  show_stack+0x20/0x38 (C)
[   16.530110]  dump_stack_lvl+0x8c/0xd0
[   16.530168]  print_report+0x118/0x5d0
[   16.530219]  kasan_report+0xdc/0x128
[   16.530263]  __asan_report_store1_noabort+0x20/0x30
[   16.530312]  krealloc_less_oob_helper+0xa58/0xc50
[   16.530358]  krealloc_large_less_oob+0x20/0x38
[   16.530404]  kunit_try_run_case+0x170/0x3f0
[   16.530448]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.530536]  kthread+0x328/0x630
[   16.530604]  ret_from_fork+0x10/0x20
[   16.530650] 
[   16.530668] The buggy address belongs to the physical page:
[   16.530697] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a4
[   16.530747] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.530791] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.530837] page_type: f8(unknown)
[   16.530882] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.530979] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.531030] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.531077] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.531164] head: 0bfffe0000000002 ffffc1ffc31e2901 00000000ffffffff 00000000ffffffff
[   16.531259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.531306] page dumped because: kasan: bad access detected
[   16.531335] 
[   16.531369] Memory state around the buggy address:
[   16.531427]  fff00000c78a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.531474]  fff00000c78a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.531535] >fff00000c78a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.531571]                                                           ^
[   16.531606]  fff00000c78a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.531645]  fff00000c78a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.531754] ==================================================================
[   16.523952] ==================================================================
[   16.523998] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.524095] Write of size 1 at addr fff00000c78a60da by task kunit_try_catch/162
[   16.524180] 
[   16.524236] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.524338] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.524364] Hardware name: linux,dummy-virt (DT)
[   16.524416] Call trace:
[   16.524455]  show_stack+0x20/0x38 (C)
[   16.524540]  dump_stack_lvl+0x8c/0xd0
[   16.524588]  print_report+0x118/0x5d0
[   16.524633]  kasan_report+0xdc/0x128
[   16.524677]  __asan_report_store1_noabort+0x20/0x30
[   16.524726]  krealloc_less_oob_helper+0xa80/0xc50
[   16.524772]  krealloc_large_less_oob+0x20/0x38
[   16.524817]  kunit_try_run_case+0x170/0x3f0
[   16.524874]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.524925]  kthread+0x328/0x630
[   16.524964]  ret_from_fork+0x10/0x20
[   16.525036] 
[   16.525083] The buggy address belongs to the physical page:
[   16.525141] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a4
[   16.525197] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.525300] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.525396] page_type: f8(unknown)
[   16.525442] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.525491] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.525790] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.525837] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.525894] head: 0bfffe0000000002 ffffc1ffc31e2901 00000000ffffffff 00000000ffffffff
[   16.525970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.526017] page dumped because: kasan: bad access detected
[   16.526125] 
[   16.526144] Memory state around the buggy address:
[   16.526174]  fff00000c78a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.526271]  fff00000c78a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.526339] >fff00000c78a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.526377]                                                     ^
[   16.526412]  fff00000c78a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.526479]  fff00000c78a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.526516] ==================================================================
[   16.519562] ==================================================================
[   16.519609] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.519657] Write of size 1 at addr fff00000c78a60d0 by task kunit_try_catch/162
[   16.519704] 
[   16.519733] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.519908] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.520088] Hardware name: linux,dummy-virt (DT)
[   16.520136] Call trace:
[   16.520194]  show_stack+0x20/0x38 (C)
[   16.520241]  dump_stack_lvl+0x8c/0xd0
[   16.520286]  print_report+0x118/0x5d0
[   16.520331]  kasan_report+0xdc/0x128
[   16.520375]  __asan_report_store1_noabort+0x20/0x30
[   16.520424]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.520470]  krealloc_large_less_oob+0x20/0x38
[   16.520516]  kunit_try_run_case+0x170/0x3f0
[   16.520591]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.520641]  kthread+0x328/0x630
[   16.520682]  ret_from_fork+0x10/0x20
[   16.520800] 
[   16.520905] The buggy address belongs to the physical page:
[   16.520960] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a4
[   16.521288] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.521367] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.521490] page_type: f8(unknown)
[   16.521576] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.521634] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.521760] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.521807] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.522160] head: 0bfffe0000000002 ffffc1ffc31e2901 00000000ffffffff 00000000ffffffff
[   16.522314] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.522470] page dumped because: kasan: bad access detected
[   16.522582] 
[   16.522637] Memory state around the buggy address:
[   16.522666]  fff00000c78a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.522971]  fff00000c78a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.523018] >fff00000c78a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.523125]                                                  ^
[   16.523224]  fff00000c78a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.523336]  fff00000c78a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.523422] ==================================================================
[   16.461593] ==================================================================
[   16.461659] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.461718] Write of size 1 at addr fff00000c0b980c9 by task kunit_try_catch/158
[   16.461766] 
[   16.461799] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.461891] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.462126] Hardware name: linux,dummy-virt (DT)
[   16.462900] Call trace:
[   16.462942]  show_stack+0x20/0x38 (C)
[   16.462996]  dump_stack_lvl+0x8c/0xd0
[   16.463044]  print_report+0x118/0x5d0
[   16.463173]  kasan_report+0xdc/0x128
[   16.463230]  __asan_report_store1_noabort+0x20/0x30
[   16.463280]  krealloc_less_oob_helper+0xa48/0xc50
[   16.463824]  krealloc_less_oob+0x20/0x38
[   16.463880]  kunit_try_run_case+0x170/0x3f0
[   16.464234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.464398]  kthread+0x328/0x630
[   16.464488]  ret_from_fork+0x10/0x20
[   16.464666] 
[   16.464752] Allocated by task 158:
[   16.464939]  kasan_save_stack+0x3c/0x68
[   16.465011]  kasan_save_track+0x20/0x40
[   16.465048]  kasan_save_alloc_info+0x40/0x58
[   16.465448]  __kasan_krealloc+0x118/0x178
[   16.465575]  krealloc_noprof+0x128/0x360
[   16.465986]  krealloc_less_oob_helper+0x168/0xc50
[   16.466117]  krealloc_less_oob+0x20/0x38
[   16.466217]  kunit_try_run_case+0x170/0x3f0
[   16.466326]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.466370]  kthread+0x328/0x630
[   16.466657]  ret_from_fork+0x10/0x20
[   16.466776] 
[   16.466855] The buggy address belongs to the object at fff00000c0b98000
[   16.466855]  which belongs to the cache kmalloc-256 of size 256
[   16.467057] The buggy address is located 0 bytes to the right of
[   16.467057]  allocated 201-byte region [fff00000c0b98000, fff00000c0b980c9)
[   16.467212] 
[   16.467354] The buggy address belongs to the physical page:
[   16.467411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b98
[   16.467466] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.467538] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.467850] page_type: f5(slab)
[   16.467907] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.467956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.468038] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.468115] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.468223] head: 0bfffe0000000001 ffffc1ffc302e601 00000000ffffffff 00000000ffffffff
[   16.468342] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.468440] page dumped because: kasan: bad access detected
[   16.468563] 
[   16.468712] Memory state around the buggy address:
[   16.468890]  fff00000c0b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.469061]  fff00000c0b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.469199] >fff00000c0b98080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.469412]                                               ^
[   16.469600]  fff00000c0b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.469776]  fff00000c0b98180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.469887] ==================================================================
[   16.492372] ==================================================================
[   16.492434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.492488] Write of size 1 at addr fff00000c0b980eb by task kunit_try_catch/158
[   16.492731] 
[   16.492782] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.492941] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.492999] Hardware name: linux,dummy-virt (DT)
[   16.493031] Call trace:
[   16.493052]  show_stack+0x20/0x38 (C)
[   16.493146]  dump_stack_lvl+0x8c/0xd0
[   16.493193]  print_report+0x118/0x5d0
[   16.493238]  kasan_report+0xdc/0x128
[   16.493282]  __asan_report_store1_noabort+0x20/0x30
[   16.493331]  krealloc_less_oob_helper+0xa58/0xc50
[   16.493377]  krealloc_less_oob+0x20/0x38
[   16.493421]  kunit_try_run_case+0x170/0x3f0
[   16.493466]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.493527]  kthread+0x328/0x630
[   16.493568]  ret_from_fork+0x10/0x20
[   16.493615] 
[   16.493642] Allocated by task 158:
[   16.493684]  kasan_save_stack+0x3c/0x68
[   16.493729]  kasan_save_track+0x20/0x40
[   16.493765]  kasan_save_alloc_info+0x40/0x58
[   16.493803]  __kasan_krealloc+0x118/0x178
[   16.493840]  krealloc_noprof+0x128/0x360
[   16.493886]  krealloc_less_oob_helper+0x168/0xc50
[   16.493923]  krealloc_less_oob+0x20/0x38
[   16.493957]  kunit_try_run_case+0x170/0x3f0
[   16.493993]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.494178]  kthread+0x328/0x630
[   16.494282]  ret_from_fork+0x10/0x20
[   16.494318] 
[   16.494346] The buggy address belongs to the object at fff00000c0b98000
[   16.494346]  which belongs to the cache kmalloc-256 of size 256
[   16.494400] The buggy address is located 34 bytes to the right of
[   16.494400]  allocated 201-byte region [fff00000c0b98000, fff00000c0b980c9)
[   16.494461] 
[   16.494706] The buggy address belongs to the physical page:
[   16.494793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b98
[   16.494899] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.494991] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.495056] page_type: f5(slab)
[   16.495093] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.495178] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.495397] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.495603] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.495658] head: 0bfffe0000000001 ffffc1ffc302e601 00000000ffffffff 00000000ffffffff
[   16.495721] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.495761] page dumped because: kasan: bad access detected
[   16.495965] 
[   16.496089] Memory state around the buggy address:
[   16.496197]  fff00000c0b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.496428]  fff00000c0b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.496496] >fff00000c0b98080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.498883]                                                           ^
[   16.498933]  fff00000c0b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.498976]  fff00000c0b98180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.499013] ==================================================================
[   16.483517] ==================================================================
[   16.483578] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.483635] Write of size 1 at addr fff00000c0b980ea by task kunit_try_catch/158
[   16.483786] 
[   16.483949] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.484101] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.484240] Hardware name: linux,dummy-virt (DT)
[   16.484386] Call trace:
[   16.484527]  show_stack+0x20/0x38 (C)
[   16.484726]  dump_stack_lvl+0x8c/0xd0
[   16.484822]  print_report+0x118/0x5d0
[   16.484880]  kasan_report+0xdc/0x128
[   16.485150]  __asan_report_store1_noabort+0x20/0x30
[   16.485313]  krealloc_less_oob_helper+0xae4/0xc50
[   16.485458]  krealloc_less_oob+0x20/0x38
[   16.485504]  kunit_try_run_case+0x170/0x3f0
[   16.485690]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.485840]  kthread+0x328/0x630
[   16.485895]  ret_from_fork+0x10/0x20
[   16.486225] 
[   16.486324] Allocated by task 158:
[   16.486365]  kasan_save_stack+0x3c/0x68
[   16.486421]  kasan_save_track+0x20/0x40
[   16.486466]  kasan_save_alloc_info+0x40/0x58
[   16.486547]  __kasan_krealloc+0x118/0x178
[   16.486587]  krealloc_noprof+0x128/0x360
[   16.486624]  krealloc_less_oob_helper+0x168/0xc50
[   16.486672]  krealloc_less_oob+0x20/0x38
[   16.486708]  kunit_try_run_case+0x170/0x3f0
[   16.486744]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.486786]  kthread+0x328/0x630
[   16.486817]  ret_from_fork+0x10/0x20
[   16.486850] 
[   16.487249] The buggy address belongs to the object at fff00000c0b98000
[   16.487249]  which belongs to the cache kmalloc-256 of size 256
[   16.487346] The buggy address is located 33 bytes to the right of
[   16.487346]  allocated 201-byte region [fff00000c0b98000, fff00000c0b980c9)
[   16.487591] 
[   16.487681] The buggy address belongs to the physical page:
[   16.487917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b98
[   16.488164] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.488316] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.488520] page_type: f5(slab)
[   16.488576] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.488728] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.488975] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.489200] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.489286] head: 0bfffe0000000001 ffffc1ffc302e601 00000000ffffffff 00000000ffffffff
[   16.489405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.489598] page dumped because: kasan: bad access detected
[   16.489755] 
[   16.489826] Memory state around the buggy address:
[   16.489994]  fff00000c0b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.490070]  fff00000c0b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.490194] >fff00000c0b98080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.490252]                                                           ^
[   16.490289]  fff00000c0b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.490584]  fff00000c0b98180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.490742] ==================================================================
[   16.476620] ==================================================================
[   16.476707] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.476852] Write of size 1 at addr fff00000c0b980da by task kunit_try_catch/158
[   16.476915] 
[   16.477015] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.477289] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.477377] Hardware name: linux,dummy-virt (DT)
[   16.477410] Call trace:
[   16.477431]  show_stack+0x20/0x38 (C)
[   16.477499]  dump_stack_lvl+0x8c/0xd0
[   16.477554]  print_report+0x118/0x5d0
[   16.477598]  kasan_report+0xdc/0x128
[   16.477642]  __asan_report_store1_noabort+0x20/0x30
[   16.477851]  krealloc_less_oob_helper+0xa80/0xc50
[   16.477990]  krealloc_less_oob+0x20/0x38
[   16.478040]  kunit_try_run_case+0x170/0x3f0
[   16.478129]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.478354]  kthread+0x328/0x630
[   16.478480]  ret_from_fork+0x10/0x20
[   16.478558] 
[   16.478649] Allocated by task 158:
[   16.478679]  kasan_save_stack+0x3c/0x68
[   16.478721]  kasan_save_track+0x20/0x40
[   16.478757]  kasan_save_alloc_info+0x40/0x58
[   16.478939]  __kasan_krealloc+0x118/0x178
[   16.479084]  krealloc_noprof+0x128/0x360
[   16.479144]  krealloc_less_oob_helper+0x168/0xc50
[   16.479262]  krealloc_less_oob+0x20/0x38
[   16.479309]  kunit_try_run_case+0x170/0x3f0
[   16.479346]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.479405]  kthread+0x328/0x630
[   16.479544]  ret_from_fork+0x10/0x20
[   16.479774] 
[   16.479826] The buggy address belongs to the object at fff00000c0b98000
[   16.479826]  which belongs to the cache kmalloc-256 of size 256
[   16.479952] The buggy address is located 17 bytes to the right of
[   16.479952]  allocated 201-byte region [fff00000c0b98000, fff00000c0b980c9)
[   16.480042] 
[   16.480062] The buggy address belongs to the physical page:
[   16.480092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b98
[   16.480144] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.480346] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.480562] page_type: f5(slab)
[   16.480647] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.480794] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.480845] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   16.481115] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.481262] head: 0bfffe0000000001 ffffc1ffc302e601 00000000ffffffff 00000000ffffffff
[   16.481438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.481585] page dumped because: kasan: bad access detected
[   16.481653] 
[   16.481671] Memory state around the buggy address:
[   16.481702]  fff00000c0b97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.482005]  fff00000c0b98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.482073] >fff00000c0b98080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.482162]                                                     ^
[   16.482391]  fff00000c0b98100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.482474]  fff00000c0b98180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.482510] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T6gpYLeLGmQWpD00AWQfumjV

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T6gpYLeLGmQWpD00AWQfumjV

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/Image.gz
sha256sum	1e8a96425b394266b80f5a87f3e4c17a0920d75b386a58c4ea821fbec08b62cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T39wHoz6bxp2ayFJ1MYtxW4T/modules.tar.xz
sha256sum	2d1b6550fa3f9a7bcd72ff05007bba0c70779bc2a8f1888e75b7d4efc5d9e554

durations

tests

boot	0
kunit	176.79

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.893932] ==================================================================
[   11.894405] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.894788] Write of size 1 at addr ffff8881003520c9 by task kunit_try_catch/175
[   11.895231] 
[   11.895355] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.895404] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.895415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.895437] Call Trace:
[   11.895448]  <TASK>
[   11.895466]  dump_stack_lvl+0x73/0xb0
[   11.895496]  print_report+0xd1/0x610
[   11.895518]  ? __virt_addr_valid+0x1db/0x2d0
[   11.895542]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.895565]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.895587]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.895610]  kasan_report+0x141/0x180
[   11.895632]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.895661]  __asan_report_store1_noabort+0x1b/0x30
[   11.895685]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.895710]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.895734]  ? finish_task_switch.isra.0+0x153/0x700
[   11.895756]  ? __switch_to+0x47/0xf50
[   11.895782]  ? __schedule+0x10cc/0x2b60
[   11.895805]  ? __pfx_read_tsc+0x10/0x10
[   11.895829]  krealloc_less_oob+0x1c/0x30
[   11.895850]  kunit_try_run_case+0x1a5/0x480
[   11.895875]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.895896]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.895920]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.895943]  ? __kthread_parkme+0x82/0x180
[   11.895964]  ? preempt_count_sub+0x50/0x80
[   11.895987]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.896010]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.896033]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.896067]  kthread+0x337/0x6f0
[   11.896100]  ? trace_preempt_on+0x20/0xc0
[   11.896123]  ? __pfx_kthread+0x10/0x10
[   11.896143]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.896164]  ? calculate_sigpending+0x7b/0xa0
[   11.896189]  ? __pfx_kthread+0x10/0x10
[   11.896212]  ret_from_fork+0x116/0x1d0
[   11.896230]  ? __pfx_kthread+0x10/0x10
[   11.896250]  ret_from_fork_asm+0x1a/0x30
[   11.896282]  </TASK>
[   11.896293] 
[   11.906535] Allocated by task 175:
[   11.907116]  kasan_save_stack+0x45/0x70
[   11.907345]  kasan_save_track+0x18/0x40
[   11.907529]  kasan_save_alloc_info+0x3b/0x50
[   11.907935]  __kasan_krealloc+0x190/0x1f0
[   11.908386]  krealloc_noprof+0xf3/0x340
[   11.908719]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.909228]  krealloc_less_oob+0x1c/0x30
[   11.909531]  kunit_try_run_case+0x1a5/0x480
[   11.909885]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.910257]  kthread+0x337/0x6f0
[   11.910424]  ret_from_fork+0x116/0x1d0
[   11.910786]  ret_from_fork_asm+0x1a/0x30
[   11.911250] 
[   11.911364] The buggy address belongs to the object at ffff888100352000
[   11.911364]  which belongs to the cache kmalloc-256 of size 256
[   11.912317] The buggy address is located 0 bytes to the right of
[   11.912317]  allocated 201-byte region [ffff888100352000, ffff8881003520c9)
[   11.913355] 
[   11.913450] The buggy address belongs to the physical page:
[   11.914092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   11.914551] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.915262] flags: 0x200000000000040(head|node=0|zone=2)
[   11.915584] page_type: f5(slab)
[   11.915904] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.916170] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.916473] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.917320] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.917985] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   11.918472] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.919152] page dumped because: kasan: bad access detected
[   11.919629] 
[   11.919744] Memory state around the buggy address:
[   11.920260]  ffff888100351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.920883]  ffff888100352000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.921218] >ffff888100352080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.921505]                                               ^
[   11.922182]  ffff888100352100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.922656]  ffff888100352180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.923350] ==================================================================
[   11.945687] ==================================================================
[   11.945935] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.946334] Write of size 1 at addr ffff8881003520da by task kunit_try_catch/175
[   11.946853] 
[   11.947059] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.947102] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.947113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.947134] Call Trace:
[   11.947151]  <TASK>
[   11.947168]  dump_stack_lvl+0x73/0xb0
[   11.947196]  print_report+0xd1/0x610
[   11.947218]  ? __virt_addr_valid+0x1db/0x2d0
[   11.947240]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.947263]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.947284]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.947308]  kasan_report+0x141/0x180
[   11.947329]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.947358]  __asan_report_store1_noabort+0x1b/0x30
[   11.947382]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.947407]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.947430]  ? finish_task_switch.isra.0+0x153/0x700
[   11.947452]  ? __switch_to+0x47/0xf50
[   11.947479]  ? __schedule+0x10cc/0x2b60
[   11.947502]  ? __pfx_read_tsc+0x10/0x10
[   11.947526]  krealloc_less_oob+0x1c/0x30
[   11.947547]  kunit_try_run_case+0x1a5/0x480
[   11.947571]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.947596]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.947621]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.947644]  ? __kthread_parkme+0x82/0x180
[   11.947664]  ? preempt_count_sub+0x50/0x80
[   11.947687]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.947709]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.947732]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.947755]  kthread+0x337/0x6f0
[   11.947773]  ? trace_preempt_on+0x20/0xc0
[   11.947796]  ? __pfx_kthread+0x10/0x10
[   11.947815]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.947835]  ? calculate_sigpending+0x7b/0xa0
[   11.947859]  ? __pfx_kthread+0x10/0x10
[   11.947879]  ret_from_fork+0x116/0x1d0
[   11.947896]  ? __pfx_kthread+0x10/0x10
[   11.947916]  ret_from_fork_asm+0x1a/0x30
[   11.947948]  </TASK>
[   11.947957] 
[   11.955803] Allocated by task 175:
[   11.956164]  kasan_save_stack+0x45/0x70
[   11.956368]  kasan_save_track+0x18/0x40
[   11.956547]  kasan_save_alloc_info+0x3b/0x50
[   11.956700]  __kasan_krealloc+0x190/0x1f0
[   11.956835]  krealloc_noprof+0xf3/0x340
[   11.956965]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.957133]  krealloc_less_oob+0x1c/0x30
[   11.957267]  kunit_try_run_case+0x1a5/0x480
[   11.957408]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.957576]  kthread+0x337/0x6f0
[   11.957691]  ret_from_fork+0x116/0x1d0
[   11.957996]  ret_from_fork_asm+0x1a/0x30
[   11.958294] 
[   11.958385] The buggy address belongs to the object at ffff888100352000
[   11.958385]  which belongs to the cache kmalloc-256 of size 256
[   11.959187] The buggy address is located 17 bytes to the right of
[   11.959187]  allocated 201-byte region [ffff888100352000, ffff8881003520c9)
[   11.959556] 
[   11.959631] The buggy address belongs to the physical page:
[   11.959802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   11.960036] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.960265] flags: 0x200000000000040(head|node=0|zone=2)
[   11.960606] page_type: f5(slab)
[   11.960871] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.961240] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.961626] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.962067] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.962623] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   11.963132] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.963432] page dumped because: kasan: bad access detected
[   11.963625] 
[   11.963694] Memory state around the buggy address:
[   11.963876]  ffff888100351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.964225]  ffff888100352000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.964496] >ffff888100352080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.964956]                                                     ^
[   11.965252]  ffff888100352100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.965460]  ffff888100352180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.965665] ==================================================================
[   12.098448] ==================================================================
[   12.100014] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.101082] Write of size 1 at addr ffff888102b320d0 by task kunit_try_catch/179
[   12.101406] 
[   12.101518] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.101562] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.101572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.101593] Call Trace:
[   12.101611]  <TASK>
[   12.101627]  dump_stack_lvl+0x73/0xb0
[   12.101656]  print_report+0xd1/0x610
[   12.101678]  ? __virt_addr_valid+0x1db/0x2d0
[   12.101701]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.101724]  ? kasan_addr_to_slab+0x11/0xa0
[   12.101744]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.101767]  kasan_report+0x141/0x180
[   12.101788]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.101817]  __asan_report_store1_noabort+0x1b/0x30
[   12.101841]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.101867]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.101890]  ? finish_task_switch.isra.0+0x153/0x700
[   12.101912]  ? __switch_to+0x47/0xf50
[   12.101939]  ? __schedule+0x10cc/0x2b60
[   12.101963]  ? __pfx_read_tsc+0x10/0x10
[   12.101986]  krealloc_large_less_oob+0x1c/0x30
[   12.102008]  kunit_try_run_case+0x1a5/0x480
[   12.102032]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.102064]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.102088]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.102110]  ? __kthread_parkme+0x82/0x180
[   12.102130]  ? preempt_count_sub+0x50/0x80
[   12.102153]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.102176]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.102200]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.102226]  kthread+0x337/0x6f0
[   12.102244]  ? trace_preempt_on+0x20/0xc0
[   12.102268]  ? __pfx_kthread+0x10/0x10
[   12.102288]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.102309]  ? calculate_sigpending+0x7b/0xa0
[   12.102332]  ? __pfx_kthread+0x10/0x10
[   12.102352]  ret_from_fork+0x116/0x1d0
[   12.102370]  ? __pfx_kthread+0x10/0x10
[   12.102389]  ret_from_fork_asm+0x1a/0x30
[   12.102421]  </TASK>
[   12.102431] 
[   12.117130] The buggy address belongs to the physical page:
[   12.117448] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30
[   12.117841] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.118186] flags: 0x200000000000040(head|node=0|zone=2)
[   12.118475] page_type: f8(unknown)
[   12.118624] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.118986] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.119326] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.119705] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.119991] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff
[   12.120319] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.120683] page dumped because: kasan: bad access detected
[   12.120934] 
[   12.121017] Memory state around the buggy address:
[   12.121277]  ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.121515]  ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.121851] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.122116]                                                  ^
[   12.122389]  ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.122672]  ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.123022] ==================================================================
[   11.985935] ==================================================================
[   11.986521] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.986875] Write of size 1 at addr ffff8881003520eb by task kunit_try_catch/175
[   11.988167] 
[   11.988328] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.988376] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.988387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.988409] Call Trace:
[   11.988428]  <TASK>
[   11.988448]  dump_stack_lvl+0x73/0xb0
[   11.988479]  print_report+0xd1/0x610
[   11.988501]  ? __virt_addr_valid+0x1db/0x2d0
[   11.988523]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.988547]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.988569]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.988593]  kasan_report+0x141/0x180
[   11.988614]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.988643]  __asan_report_store1_noabort+0x1b/0x30
[   11.988667]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.988693]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.988717]  ? finish_task_switch.isra.0+0x153/0x700
[   11.988740]  ? __switch_to+0x47/0xf50
[   11.988766]  ? __schedule+0x10cc/0x2b60
[   11.988789]  ? __pfx_read_tsc+0x10/0x10
[   11.988813]  krealloc_less_oob+0x1c/0x30
[   11.988835]  kunit_try_run_case+0x1a5/0x480
[   11.988860]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.988883]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.988907]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.988929]  ? __kthread_parkme+0x82/0x180
[   11.988949]  ? preempt_count_sub+0x50/0x80
[   11.988973]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.988996]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.989019]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.989042]  kthread+0x337/0x6f0
[   11.989072]  ? trace_preempt_on+0x20/0xc0
[   11.989095]  ? __pfx_kthread+0x10/0x10
[   11.989115]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.989136]  ? calculate_sigpending+0x7b/0xa0
[   11.989160]  ? __pfx_kthread+0x10/0x10
[   11.989185]  ret_from_fork+0x116/0x1d0
[   11.989207]  ? __pfx_kthread+0x10/0x10
[   11.989230]  ret_from_fork_asm+0x1a/0x30
[   11.989284]  </TASK>
[   11.989294] 
[   11.997605] Allocated by task 175:
[   11.997737]  kasan_save_stack+0x45/0x70
[   11.997906]  kasan_save_track+0x18/0x40
[   11.998476]  kasan_save_alloc_info+0x3b/0x50
[   11.999101]  __kasan_krealloc+0x190/0x1f0
[   11.999316]  krealloc_noprof+0xf3/0x340
[   11.999512]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.000073]  krealloc_less_oob+0x1c/0x30
[   12.000460]  kunit_try_run_case+0x1a5/0x480
[   12.000697]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.001236]  kthread+0x337/0x6f0
[   12.001411]  ret_from_fork+0x116/0x1d0
[   12.001655]  ret_from_fork_asm+0x1a/0x30
[   12.001975] 
[   12.002089] The buggy address belongs to the object at ffff888100352000
[   12.002089]  which belongs to the cache kmalloc-256 of size 256
[   12.002529] The buggy address is located 34 bytes to the right of
[   12.002529]  allocated 201-byte region [ffff888100352000, ffff8881003520c9)
[   12.004146] 
[   12.004320] The buggy address belongs to the physical page:
[   12.004697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   12.005152] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.005547] flags: 0x200000000000040(head|node=0|zone=2)
[   12.005901] page_type: f5(slab)
[   12.006088] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.006371] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.006712] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.007044] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.007393] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   12.008024] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.008426] page dumped because: kasan: bad access detected
[   12.008616] 
[   12.008724] Memory state around the buggy address:
[   12.009024]  ffff888100351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.009315]  ffff888100352000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.009611] >ffff888100352080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.009937]                                                           ^
[   12.010221]  ffff888100352100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.010665]  ffff888100352180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.010940] ==================================================================
[   11.924593] ==================================================================
[   11.924899] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.925245] Write of size 1 at addr ffff8881003520d0 by task kunit_try_catch/175
[   11.925600] 
[   11.925692] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.925738] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.925749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.925771] Call Trace:
[   11.925784]  <TASK>
[   11.925802]  dump_stack_lvl+0x73/0xb0
[   11.925830]  print_report+0xd1/0x610
[   11.925851]  ? __virt_addr_valid+0x1db/0x2d0
[   11.925874]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.925897]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.925920]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.925944]  kasan_report+0x141/0x180
[   11.925966]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.925995]  __asan_report_store1_noabort+0x1b/0x30
[   11.926020]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.926045]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.926079]  ? finish_task_switch.isra.0+0x153/0x700
[   11.926102]  ? __switch_to+0x47/0xf50
[   11.926128]  ? __schedule+0x10cc/0x2b60
[   11.926150]  ? __pfx_read_tsc+0x10/0x10
[   11.926174]  krealloc_less_oob+0x1c/0x30
[   11.926194]  kunit_try_run_case+0x1a5/0x480
[   11.926222]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.926243]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.926280]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.926309]  ? __kthread_parkme+0x82/0x180
[   11.926329]  ? preempt_count_sub+0x50/0x80
[   11.926352]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.926375]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.926398]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.926421]  kthread+0x337/0x6f0
[   11.926439]  ? trace_preempt_on+0x20/0xc0
[   11.926462]  ? __pfx_kthread+0x10/0x10
[   11.926482]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.926502]  ? calculate_sigpending+0x7b/0xa0
[   11.926526]  ? __pfx_kthread+0x10/0x10
[   11.926546]  ret_from_fork+0x116/0x1d0
[   11.926563]  ? __pfx_kthread+0x10/0x10
[   11.926583]  ret_from_fork_asm+0x1a/0x30
[   11.926626]  </TASK>
[   11.926635] 
[   11.934726] Allocated by task 175:
[   11.934857]  kasan_save_stack+0x45/0x70
[   11.935001]  kasan_save_track+0x18/0x40
[   11.935196]  kasan_save_alloc_info+0x3b/0x50
[   11.935567]  __kasan_krealloc+0x190/0x1f0
[   11.935768]  krealloc_noprof+0xf3/0x340
[   11.935959]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.936319]  krealloc_less_oob+0x1c/0x30
[   11.936503]  kunit_try_run_case+0x1a5/0x480
[   11.936735]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.937147]  kthread+0x337/0x6f0
[   11.937307]  ret_from_fork+0x116/0x1d0
[   11.937490]  ret_from_fork_asm+0x1a/0x30
[   11.937677] 
[   11.937747] The buggy address belongs to the object at ffff888100352000
[   11.937747]  which belongs to the cache kmalloc-256 of size 256
[   11.938115] The buggy address is located 7 bytes to the right of
[   11.938115]  allocated 201-byte region [ffff888100352000, ffff8881003520c9)
[   11.938646] 
[   11.938717] The buggy address belongs to the physical page:
[   11.938892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   11.939314] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.939902] flags: 0x200000000000040(head|node=0|zone=2)
[   11.940195] page_type: f5(slab)
[   11.940484] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.940786] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.941189] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.941462] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.941694] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   11.941925] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.942402] page dumped because: kasan: bad access detected
[   11.942823] 
[   11.942918] Memory state around the buggy address:
[   11.943149]  ffff888100351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.943469]  ffff888100352000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.943872] >ffff888100352080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.944184]                                                  ^
[   11.944433]  ffff888100352100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.944752]  ffff888100352180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.945152] ==================================================================
[   12.075644] ==================================================================
[   12.076744] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.077007] Write of size 1 at addr ffff888102b320c9 by task kunit_try_catch/179
[   12.077243] 
[   12.077337] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.077383] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.077394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.077416] Call Trace:
[   12.077429]  <TASK>
[   12.077447]  dump_stack_lvl+0x73/0xb0
[   12.077476]  print_report+0xd1/0x610
[   12.077499]  ? __virt_addr_valid+0x1db/0x2d0
[   12.077522]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.077545]  ? kasan_addr_to_slab+0x11/0xa0
[   12.077565]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.077588]  kasan_report+0x141/0x180
[   12.077610]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.077639]  __asan_report_store1_noabort+0x1b/0x30
[   12.077663]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.077689]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.077712]  ? finish_task_switch.isra.0+0x153/0x700
[   12.077735]  ? __switch_to+0x47/0xf50
[   12.077761]  ? __schedule+0x10cc/0x2b60
[   12.077784]  ? __pfx_read_tsc+0x10/0x10
[   12.077808]  krealloc_large_less_oob+0x1c/0x30
[   12.077830]  kunit_try_run_case+0x1a5/0x480
[   12.077855]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.077877]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.077901]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.077924]  ? __kthread_parkme+0x82/0x180
[   12.077944]  ? preempt_count_sub+0x50/0x80
[   12.077967]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.077989]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.078012]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.078035]  kthread+0x337/0x6f0
[   12.078064]  ? trace_preempt_on+0x20/0xc0
[   12.078088]  ? __pfx_kthread+0x10/0x10
[   12.078107]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.078128]  ? calculate_sigpending+0x7b/0xa0
[   12.078152]  ? __pfx_kthread+0x10/0x10
[   12.078172]  ret_from_fork+0x116/0x1d0
[   12.078190]  ? __pfx_kthread+0x10/0x10
[   12.078209]  ret_from_fork_asm+0x1a/0x30
[   12.078247]  </TASK>
[   12.078256] 
[   12.088357] The buggy address belongs to the physical page:
[   12.088868] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30
[   12.089346] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.089780] flags: 0x200000000000040(head|node=0|zone=2)
[   12.090204] page_type: f8(unknown)
[   12.090503] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.090969] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.091300] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.091841] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.092300] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff
[   12.092815] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.093353] page dumped because: kasan: bad access detected
[   12.093878] 
[   12.093976] Memory state around the buggy address:
[   12.094204]  ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.094506]  ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.095487] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.096224]                                               ^
[   12.097085]  ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.097557]  ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.097853] ==================================================================
[   12.124008] ==================================================================
[   12.124526] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.125193] Write of size 1 at addr ffff888102b320da by task kunit_try_catch/179
[   12.125520] 
[   12.125644] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.125687] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.125698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.125729] Call Trace:
[   12.125741]  <TASK>
[   12.125758]  dump_stack_lvl+0x73/0xb0
[   12.125800]  print_report+0xd1/0x610
[   12.125822]  ? __virt_addr_valid+0x1db/0x2d0
[   12.125845]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.125868]  ? kasan_addr_to_slab+0x11/0xa0
[   12.125888]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.125920]  kasan_report+0x141/0x180
[   12.125941]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.125980]  __asan_report_store1_noabort+0x1b/0x30
[   12.126004]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.126030]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.126063]  ? finish_task_switch.isra.0+0x153/0x700
[   12.126086]  ? __switch_to+0x47/0xf50
[   12.126112]  ? __schedule+0x10cc/0x2b60
[   12.126135]  ? __pfx_read_tsc+0x10/0x10
[   12.126159]  krealloc_large_less_oob+0x1c/0x30
[   12.126181]  kunit_try_run_case+0x1a5/0x480
[   12.126206]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.126241]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.126265]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.126288]  ? __kthread_parkme+0x82/0x180
[   12.126318]  ? preempt_count_sub+0x50/0x80
[   12.126341]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.126364]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.126387]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.126410]  kthread+0x337/0x6f0
[   12.126428]  ? trace_preempt_on+0x20/0xc0
[   12.126451]  ? __pfx_kthread+0x10/0x10
[   12.126470]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.126493]  ? calculate_sigpending+0x7b/0xa0
[   12.126516]  ? __pfx_kthread+0x10/0x10
[   12.126537]  ret_from_fork+0x116/0x1d0
[   12.126554]  ? __pfx_kthread+0x10/0x10
[   12.126573]  ret_from_fork_asm+0x1a/0x30
[   12.126619]  </TASK>
[   12.126629] 
[   12.134444] The buggy address belongs to the physical page:
[   12.134637] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30
[   12.134945] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.135446] flags: 0x200000000000040(head|node=0|zone=2)
[   12.135680] page_type: f8(unknown)
[   12.135841] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.136081] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.136423] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.137026] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.137348] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff
[   12.137705] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.138025] page dumped because: kasan: bad access detected
[   12.138271] 
[   12.138375] Memory state around the buggy address:
[   12.138595]  ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.138897]  ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.139209] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.139463]                                                     ^
[   12.139650]  ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.139887]  ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.140230] ==================================================================
[   12.157623] ==================================================================
[   12.158268] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.159110] Write of size 1 at addr ffff888102b320eb by task kunit_try_catch/179
[   12.159417] 
[   12.159562] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.159606] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.159617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.159638] Call Trace:
[   12.159656]  <TASK>
[   12.159674]  dump_stack_lvl+0x73/0xb0
[   12.159705]  print_report+0xd1/0x610
[   12.159729]  ? __virt_addr_valid+0x1db/0x2d0
[   12.159762]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.159785]  ? kasan_addr_to_slab+0x11/0xa0
[   12.159805]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.159839]  kasan_report+0x141/0x180
[   12.159860]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.159889]  __asan_report_store1_noabort+0x1b/0x30
[   12.159922]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.159948]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.159982]  ? finish_task_switch.isra.0+0x153/0x700
[   12.160005]  ? __switch_to+0x47/0xf50
[   12.160031]  ? __schedule+0x10cc/0x2b60
[   12.160064]  ? __pfx_read_tsc+0x10/0x10
[   12.160087]  krealloc_large_less_oob+0x1c/0x30
[   12.160118]  kunit_try_run_case+0x1a5/0x480
[   12.160143]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.160178]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.160203]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.160226]  ? __kthread_parkme+0x82/0x180
[   12.160245]  ? preempt_count_sub+0x50/0x80
[   12.160278]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.160301]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.160324]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.160359]  kthread+0x337/0x6f0
[   12.160377]  ? trace_preempt_on+0x20/0xc0
[   12.160400]  ? __pfx_kthread+0x10/0x10
[   12.160419]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.160440]  ? calculate_sigpending+0x7b/0xa0
[   12.160463]  ? __pfx_kthread+0x10/0x10
[   12.160484]  ret_from_fork+0x116/0x1d0
[   12.160501]  ? __pfx_kthread+0x10/0x10
[   12.160520]  ret_from_fork_asm+0x1a/0x30
[   12.160553]  </TASK>
[   12.160563] 
[   12.168255] The buggy address belongs to the physical page:
[   12.168504] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30
[   12.168837] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.169076] flags: 0x200000000000040(head|node=0|zone=2)
[   12.169323] page_type: f8(unknown)
[   12.169524] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.169862] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.170194] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.170429] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.171133] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff
[   12.171468] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.171734] page dumped because: kasan: bad access detected
[   12.171906] 
[   12.171975] Memory state around the buggy address:
[   12.172254]  ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.172567]  ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.173042] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.173388]                                                           ^
[   12.173599]  ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.173919]  ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.174277] ==================================================================
[   12.140735] ==================================================================
[   12.141352] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.141859] Write of size 1 at addr ffff888102b320ea by task kunit_try_catch/179
[   12.142097] 
[   12.142184] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.142227] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.142238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.142258] Call Trace:
[   12.142273]  <TASK>
[   12.142289]  dump_stack_lvl+0x73/0xb0
[   12.142317]  print_report+0xd1/0x610
[   12.142338]  ? __virt_addr_valid+0x1db/0x2d0
[   12.142360]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.142383]  ? kasan_addr_to_slab+0x11/0xa0
[   12.142403]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.142426]  kasan_report+0x141/0x180
[   12.142459]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.142487]  __asan_report_store1_noabort+0x1b/0x30
[   12.142523]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.142548]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.142572]  ? finish_task_switch.isra.0+0x153/0x700
[   12.142604]  ? __switch_to+0x47/0xf50
[   12.142631]  ? __schedule+0x10cc/0x2b60
[   12.142653]  ? __pfx_read_tsc+0x10/0x10
[   12.142677]  krealloc_large_less_oob+0x1c/0x30
[   12.142699]  kunit_try_run_case+0x1a5/0x480
[   12.142723]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.142754]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.142778]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.142800]  ? __kthread_parkme+0x82/0x180
[   12.142829]  ? preempt_count_sub+0x50/0x80
[   12.142852]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.142875]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.142898]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.142921]  kthread+0x337/0x6f0
[   12.142948]  ? trace_preempt_on+0x20/0xc0
[   12.142970]  ? __pfx_kthread+0x10/0x10
[   12.142990]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.143022]  ? calculate_sigpending+0x7b/0xa0
[   12.143045]  ? __pfx_kthread+0x10/0x10
[   12.143076]  ret_from_fork+0x116/0x1d0
[   12.143093]  ? __pfx_kthread+0x10/0x10
[   12.143121]  ret_from_fork_asm+0x1a/0x30
[   12.143153]  </TASK>
[   12.143162] 
[   12.150862] The buggy address belongs to the physical page:
[   12.151142] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b30
[   12.151423] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.151835] flags: 0x200000000000040(head|node=0|zone=2)
[   12.152104] page_type: f8(unknown)
[   12.152315] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.152639] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.152959] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.153273] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.153621] head: 0200000000000002 ffffea00040acc01 00000000ffffffff 00000000ffffffff
[   12.153958] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.154293] page dumped because: kasan: bad access detected
[   12.154530] 
[   12.154654] Memory state around the buggy address:
[   12.154873]  ffff888102b31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.155183]  ffff888102b32000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.155400] >ffff888102b32080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.155614]                                                           ^
[   12.155870]  ffff888102b32100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.156215]  ffff888102b32180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.156533] ==================================================================
[   11.966350] ==================================================================
[   11.966823] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.967188] Write of size 1 at addr ffff8881003520ea by task kunit_try_catch/175
[   11.967515] 
[   11.967619] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.967660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.967670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.967692] Call Trace:
[   11.967708]  <TASK>
[   11.967726]  dump_stack_lvl+0x73/0xb0
[   11.967755]  print_report+0xd1/0x610
[   11.967777]  ? __virt_addr_valid+0x1db/0x2d0
[   11.967799]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.967841]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.967863]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.967887]  kasan_report+0x141/0x180
[   11.967908]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.967937]  __asan_report_store1_noabort+0x1b/0x30
[   11.967961]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.967986]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.968010]  ? finish_task_switch.isra.0+0x153/0x700
[   11.968033]  ? __switch_to+0x47/0xf50
[   11.968069]  ? __schedule+0x10cc/0x2b60
[   11.968091]  ? __pfx_read_tsc+0x10/0x10
[   11.968115]  krealloc_less_oob+0x1c/0x30
[   11.968136]  kunit_try_run_case+0x1a5/0x480
[   11.968159]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.968180]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.968204]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.968226]  ? __kthread_parkme+0x82/0x180
[   11.968246]  ? preempt_count_sub+0x50/0x80
[   11.968268]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.968291]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.968314]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.968337]  kthread+0x337/0x6f0
[   11.968355]  ? trace_preempt_on+0x20/0xc0
[   11.968378]  ? __pfx_kthread+0x10/0x10
[   11.968397]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.968418]  ? calculate_sigpending+0x7b/0xa0
[   11.968442]  ? __pfx_kthread+0x10/0x10
[   11.968462]  ret_from_fork+0x116/0x1d0
[   11.968480]  ? __pfx_kthread+0x10/0x10
[   11.968499]  ret_from_fork_asm+0x1a/0x30
[   11.968532]  </TASK>
[   11.968541] 
[   11.975726] Allocated by task 175:
[   11.975856]  kasan_save_stack+0x45/0x70
[   11.976209]  kasan_save_track+0x18/0x40
[   11.976562]  kasan_save_alloc_info+0x3b/0x50
[   11.976774]  __kasan_krealloc+0x190/0x1f0
[   11.976968]  krealloc_noprof+0xf3/0x340
[   11.977141]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.977301]  krealloc_less_oob+0x1c/0x30
[   11.977438]  kunit_try_run_case+0x1a5/0x480
[   11.977764]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.978033]  kthread+0x337/0x6f0
[   11.978210]  ret_from_fork+0x116/0x1d0
[   11.978377]  ret_from_fork_asm+0x1a/0x30
[   11.978516] 
[   11.978627] The buggy address belongs to the object at ffff888100352000
[   11.978627]  which belongs to the cache kmalloc-256 of size 256
[   11.979304] The buggy address is located 33 bytes to the right of
[   11.979304]  allocated 201-byte region [ffff888100352000, ffff8881003520c9)
[   11.979808] 
[   11.979902] The buggy address belongs to the physical page:
[   11.980172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100352
[   11.980578] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.980936] flags: 0x200000000000040(head|node=0|zone=2)
[   11.981225] page_type: f5(slab)
[   11.981349] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.981579] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.981921] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.982381] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.982610] head: 0200000000000001 ffffea000400d481 00000000ffffffff 00000000ffffffff
[   11.982840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.983389] page dumped because: kasan: bad access detected
[   11.983882] 
[   11.984008] Memory state around the buggy address:
[   11.984227]  ffff888100351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.984444]  ffff888100352000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.984659] >ffff888100352080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.984870]                                                           ^
[   11.985080]  ffff888100352100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.985293]  ffff888100352180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.985506] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

301T1hhn39ydHFy5rptQHsDW0S9

job_id

TEST:linaro@lkft#301T7xoEYOckNLikE6jjEAHHRA9

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/301T7xoEYOckNLikE6jjEAHHRA9

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/bzImage
sha256sum	d878b5e59deae208baa4e6d482e984445ae0ec4af3b5020650447f9d4a2c4b26

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/301T4likwvozYziJtzNCf8nqDOS/modules.tar.xz
sha256sum	291fe06cceb324f9770dcb63da3c986fce8e7a389aa66d36243b066e98ed6839

durations

tests

boot	0
kunit	276.12

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit