lkft/linux-mainline-master - v6.16-rc6-2-g155a3c003e55 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 15, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.314871] ==================================================================
[   15.314920] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.314968] Write of size 1 at addr fff00000c175f0d0 by task kunit_try_catch/159
[   15.315017] 
[   15.315045] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.315122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.315147] Hardware name: linux,dummy-virt (DT)
[   15.315214] Call trace:
[   15.315328]  show_stack+0x20/0x38 (C)
[   15.315539]  dump_stack_lvl+0x8c/0xd0
[   15.315611]  print_report+0x118/0x5d0
[   15.315836]  kasan_report+0xdc/0x128
[   15.316002]  __asan_report_store1_noabort+0x20/0x30
[   15.316114]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.316472]  krealloc_less_oob+0x20/0x38
[   15.317112]  kunit_try_run_case+0x170/0x3f0
[   15.317408]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.317462]  kthread+0x328/0x630
[   15.317503]  ret_from_fork+0x10/0x20
[   15.317549] 
[   15.317566] Allocated by task 159:
[   15.317594]  kasan_save_stack+0x3c/0x68
[   15.317634]  kasan_save_track+0x20/0x40
[   15.318439]  kasan_save_alloc_info+0x40/0x58
[   15.318614]  __kasan_krealloc+0x118/0x178
[   15.318743]  krealloc_noprof+0x128/0x360
[   15.319554]  krealloc_less_oob_helper+0x168/0xc50
[   15.319600]  krealloc_less_oob+0x20/0x38
[   15.319635]  kunit_try_run_case+0x170/0x3f0
[   15.319682]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.319724]  kthread+0x328/0x630
[   15.320015]  ret_from_fork+0x10/0x20
[   15.320365] 
[   15.320442] The buggy address belongs to the object at fff00000c175f000
[   15.320442]  which belongs to the cache kmalloc-256 of size 256
[   15.320518] The buggy address is located 7 bytes to the right of
[   15.320518]  allocated 201-byte region [fff00000c175f000, fff00000c175f0c9)
[   15.320707] 
[   15.320726] The buggy address belongs to the physical page:
[   15.320762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175e
[   15.320989] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.321040] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.321138] page_type: f5(slab)
[   15.321224] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.321274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.321325] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.321382] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.321430] head: 0bfffe0000000001 ffffc1ffc305d781 00000000ffffffff 00000000ffffffff
[   15.321477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.321545] page dumped because: kasan: bad access detected
[   15.321603] 
[   15.321689] Memory state around the buggy address:
[   15.321770]  fff00000c175ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.321831]  fff00000c175f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.321872] >fff00000c175f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.322091]                                                  ^
[   15.322141]  fff00000c175f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.322218]  fff00000c175f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.322287] ==================================================================
[   15.418888] ==================================================================
[   15.418945] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.418995] Write of size 1 at addr fff00000c783e0eb by task kunit_try_catch/163
[   15.419043] 
[   15.419074] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.419153] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.419192] Hardware name: linux,dummy-virt (DT)
[   15.419222] Call trace:
[   15.419484]  show_stack+0x20/0x38 (C)
[   15.419547]  dump_stack_lvl+0x8c/0xd0
[   15.420126]  print_report+0x118/0x5d0
[   15.420395]  kasan_report+0xdc/0x128
[   15.420445]  __asan_report_store1_noabort+0x20/0x30
[   15.420500]  krealloc_less_oob_helper+0xa58/0xc50
[   15.420547]  krealloc_large_less_oob+0x20/0x38
[   15.420593]  kunit_try_run_case+0x170/0x3f0
[   15.420638]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.421240]  kthread+0x328/0x630
[   15.421614]  ret_from_fork+0x10/0x20
[   15.421666] 
[   15.421685] The buggy address belongs to the physical page:
[   15.421723] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10783c
[   15.421901] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.422040] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.422089] page_type: f8(unknown)
[   15.422127] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.422576] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.422647] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.423172] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.423384] head: 0bfffe0000000002 ffffc1ffc31e0f01 00000000ffffffff 00000000ffffffff
[   15.423434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.423475] page dumped because: kasan: bad access detected
[   15.423911] 
[   15.423934] Memory state around the buggy address:
[   15.423966]  fff00000c783df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.424009]  fff00000c783e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.424115] >fff00000c783e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.424204]                                                           ^
[   15.424265]  fff00000c783e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.424306]  fff00000c783e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.424342] ==================================================================
[   15.328021] ==================================================================
[   15.328088] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.328147] Write of size 1 at addr fff00000c175f0ea by task kunit_try_catch/159
[   15.328229] 
[   15.328258] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.328336] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.328361] Hardware name: linux,dummy-virt (DT)
[   15.328389] Call trace:
[   15.328409]  show_stack+0x20/0x38 (C)
[   15.328458]  dump_stack_lvl+0x8c/0xd0
[   15.328505]  print_report+0x118/0x5d0
[   15.328548]  kasan_report+0xdc/0x128
[   15.328593]  __asan_report_store1_noabort+0x20/0x30
[   15.328642]  krealloc_less_oob_helper+0xae4/0xc50
[   15.328689]  krealloc_less_oob+0x20/0x38
[   15.328743]  kunit_try_run_case+0x170/0x3f0
[   15.328789]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.328888]  kthread+0x328/0x630
[   15.328942]  ret_from_fork+0x10/0x20
[   15.328988] 
[   15.329005] Allocated by task 159:
[   15.329243]  kasan_save_stack+0x3c/0x68
[   15.329283]  kasan_save_track+0x20/0x40
[   15.329327]  kasan_save_alloc_info+0x40/0x58
[   15.329365]  __kasan_krealloc+0x118/0x178
[   15.329412]  krealloc_noprof+0x128/0x360
[   15.329449]  krealloc_less_oob_helper+0x168/0xc50
[   15.329486]  krealloc_less_oob+0x20/0x38
[   15.329560]  kunit_try_run_case+0x170/0x3f0
[   15.329664]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.329753]  kthread+0x328/0x630
[   15.329901]  ret_from_fork+0x10/0x20
[   15.330025] 
[   15.330043] The buggy address belongs to the object at fff00000c175f000
[   15.330043]  which belongs to the cache kmalloc-256 of size 256
[   15.330127] The buggy address is located 33 bytes to the right of
[   15.330127]  allocated 201-byte region [fff00000c175f000, fff00000c175f0c9)
[   15.330515] 
[   15.330568] The buggy address belongs to the physical page:
[   15.330705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175e
[   15.330768] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.330814] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.330866] page_type: f5(slab)
[   15.330904] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.331602] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.331696] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.332025] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.332267] head: 0bfffe0000000001 ffffc1ffc305d781 00000000ffffffff 00000000ffffffff
[   15.332316] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.332356] page dumped because: kasan: bad access detected
[   15.332387] 
[   15.332404] Memory state around the buggy address:
[   15.332446]  fff00000c175ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.332492]  fff00000c175f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.332860] >fff00000c175f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.332900]                                                           ^
[   15.333123]  fff00000c175f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.333216]  fff00000c175f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.333254] ==================================================================
[   15.372734] ==================================================================
[   15.375471] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.375552] Write of size 1 at addr fff00000c783e0c9 by task kunit_try_catch/163
[   15.375605] 
[   15.375644] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.375726] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.375752] Hardware name: linux,dummy-virt (DT)
[   15.375783] Call trace:
[   15.375805]  show_stack+0x20/0x38 (C)
[   15.375854]  dump_stack_lvl+0x8c/0xd0
[   15.375902]  print_report+0x118/0x5d0
[   15.375947]  kasan_report+0xdc/0x128
[   15.375991]  __asan_report_store1_noabort+0x20/0x30
[   15.376044]  krealloc_less_oob_helper+0xa48/0xc50
[   15.376091]  krealloc_large_less_oob+0x20/0x38
[   15.376138]  kunit_try_run_case+0x170/0x3f0
[   15.376198]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.376250]  kthread+0x328/0x630
[   15.376292]  ret_from_fork+0x10/0x20
[   15.376339] 
[   15.376359] The buggy address belongs to the physical page:
[   15.376392] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10783c
[   15.376447] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.376500] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.376555] page_type: f8(unknown)
[   15.376596] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.376646] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.376694] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.376741] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.376789] head: 0bfffe0000000002 ffffc1ffc31e0f01 00000000ffffffff 00000000ffffffff
[   15.376837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.376877] page dumped because: kasan: bad access detected
[   15.376907] 
[   15.376923] Memory state around the buggy address:
[   15.376954]  fff00000c783df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.377033]  fff00000c783e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.377074] >fff00000c783e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.379897]                                               ^
[   15.379946]  fff00000c783e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.380283]  fff00000c783e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.380325] ==================================================================
[   15.323174] ==================================================================
[   15.323234] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.323449] Write of size 1 at addr fff00000c175f0da by task kunit_try_catch/159
[   15.323549] 
[   15.323582] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.323661] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.323693] Hardware name: linux,dummy-virt (DT)
[   15.323850] Call trace:
[   15.323877]  show_stack+0x20/0x38 (C)
[   15.323931]  dump_stack_lvl+0x8c/0xd0
[   15.324022]  print_report+0x118/0x5d0
[   15.324072]  kasan_report+0xdc/0x128
[   15.324230]  __asan_report_store1_noabort+0x20/0x30
[   15.324389]  krealloc_less_oob_helper+0xa80/0xc50
[   15.324487]  krealloc_less_oob+0x20/0x38
[   15.324532]  kunit_try_run_case+0x170/0x3f0
[   15.324577]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.324628]  kthread+0x328/0x630
[   15.324667]  ret_from_fork+0x10/0x20
[   15.324713] 
[   15.324736] Allocated by task 159:
[   15.324871]  kasan_save_stack+0x3c/0x68
[   15.324932]  kasan_save_track+0x20/0x40
[   15.324979]  kasan_save_alloc_info+0x40/0x58
[   15.325017]  __kasan_krealloc+0x118/0x178
[   15.325053]  krealloc_noprof+0x128/0x360
[   15.325144]  krealloc_less_oob_helper+0x168/0xc50
[   15.325261]  krealloc_less_oob+0x20/0x38
[   15.325308]  kunit_try_run_case+0x170/0x3f0
[   15.325343]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.325384]  kthread+0x328/0x630
[   15.325415]  ret_from_fork+0x10/0x20
[   15.325448] 
[   15.325466] The buggy address belongs to the object at fff00000c175f000
[   15.325466]  which belongs to the cache kmalloc-256 of size 256
[   15.325523] The buggy address is located 17 bytes to the right of
[   15.325523]  allocated 201-byte region [fff00000c175f000, fff00000c175f0c9)
[   15.325615] 
[   15.325642] The buggy address belongs to the physical page:
[   15.325779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175e
[   15.325928] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.326043] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.326121] page_type: f5(slab)
[   15.326157] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.326215] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.326430] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.326485] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.326584] head: 0bfffe0000000001 ffffc1ffc305d781 00000000ffffffff 00000000ffffffff
[   15.326756] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.326893] page dumped because: kasan: bad access detected
[   15.326965] 
[   15.326982] Memory state around the buggy address:
[   15.327051]  fff00000c175ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.327093]  fff00000c175f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.327146] >fff00000c175f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.327337]                                                     ^
[   15.327382]  fff00000c175f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.327528]  fff00000c175f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.327574] ==================================================================
[   15.410212] ==================================================================
[   15.410259] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.410575] Write of size 1 at addr fff00000c783e0ea by task kunit_try_catch/163
[   15.410639] 
[   15.411328] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.411475] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.411500] Hardware name: linux,dummy-virt (DT)
[   15.411530] Call trace:
[   15.411550]  show_stack+0x20/0x38 (C)
[   15.411599]  dump_stack_lvl+0x8c/0xd0
[   15.411646]  print_report+0x118/0x5d0
[   15.411690]  kasan_report+0xdc/0x128
[   15.411734]  __asan_report_store1_noabort+0x20/0x30
[   15.412573]  krealloc_less_oob_helper+0xae4/0xc50
[   15.412658]  krealloc_large_less_oob+0x20/0x38
[   15.412888]  kunit_try_run_case+0x170/0x3f0
[   15.413261]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.413356]  kthread+0x328/0x630
[   15.413422]  ret_from_fork+0x10/0x20
[   15.413542] 
[   15.413843] The buggy address belongs to the physical page:
[   15.413991] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10783c
[   15.414053] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.414230] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.414599] page_type: f8(unknown)
[   15.414735] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.414883] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.415070] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.415150] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.415574] head: 0bfffe0000000002 ffffc1ffc31e0f01 00000000ffffffff 00000000ffffffff
[   15.415802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.415843] page dumped because: kasan: bad access detected
[   15.415873] 
[   15.416247] Memory state around the buggy address:
[   15.416403]  fff00000c783df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.416736]  fff00000c783e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.416833] >fff00000c783e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.416900]                                                           ^
[   15.417412]  fff00000c783e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.417468]  fff00000c783e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.417509] ==================================================================
[   15.390464] ==================================================================
[   15.390705] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.390816] Write of size 1 at addr fff00000c783e0d0 by task kunit_try_catch/163
[   15.390866] 
[   15.390901] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.390982] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.391546] Hardware name: linux,dummy-virt (DT)
[   15.391819] Call trace:
[   15.391927]  show_stack+0x20/0x38 (C)
[   15.391983]  dump_stack_lvl+0x8c/0xd0
[   15.392392]  print_report+0x118/0x5d0
[   15.392631]  kasan_report+0xdc/0x128
[   15.392768]  __asan_report_store1_noabort+0x20/0x30
[   15.393094]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.393343]  krealloc_large_less_oob+0x20/0x38
[   15.393401]  kunit_try_run_case+0x170/0x3f0
[   15.393537]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.393768]  kthread+0x328/0x630
[   15.393824]  ret_from_fork+0x10/0x20
[   15.393972] 
[   15.393995] The buggy address belongs to the physical page:
[   15.394028] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10783c
[   15.394367] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.394569] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.394651] page_type: f8(unknown)
[   15.394945] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.395107] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.395258] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.395525] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.395767] head: 0bfffe0000000002 ffffc1ffc31e0f01 00000000ffffffff 00000000ffffffff
[   15.395852] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.396108] page dumped because: kasan: bad access detected
[   15.396340] 
[   15.396358] Memory state around the buggy address:
[   15.396389]  fff00000c783df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.396720]  fff00000c783e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.397078] >fff00000c783e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.397284]                                                  ^
[   15.397375]  fff00000c783e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.397674]  fff00000c783e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.397893] ==================================================================
[   15.307559] ==================================================================
[   15.307627] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.308047] Write of size 1 at addr fff00000c175f0c9 by task kunit_try_catch/159
[   15.308216] 
[   15.308359] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.308675] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.308879] Hardware name: linux,dummy-virt (DT)
[   15.309227] Call trace:
[   15.309306]  show_stack+0x20/0x38 (C)
[   15.309359]  dump_stack_lvl+0x8c/0xd0
[   15.309406]  print_report+0x118/0x5d0
[   15.309452]  kasan_report+0xdc/0x128
[   15.309540]  __asan_report_store1_noabort+0x20/0x30
[   15.309693]  krealloc_less_oob_helper+0xa48/0xc50
[   15.309859]  krealloc_less_oob+0x20/0x38
[   15.309904]  kunit_try_run_case+0x170/0x3f0
[   15.309953]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.310027]  kthread+0x328/0x630
[   15.310082]  ret_from_fork+0x10/0x20
[   15.310367] 
[   15.310494] Allocated by task 159:
[   15.310544]  kasan_save_stack+0x3c/0x68
[   15.310587]  kasan_save_track+0x20/0x40
[   15.310622]  kasan_save_alloc_info+0x40/0x58
[   15.310795]  __kasan_krealloc+0x118/0x178
[   15.311057]  krealloc_noprof+0x128/0x360
[   15.311172]  krealloc_less_oob_helper+0x168/0xc50
[   15.311278]  krealloc_less_oob+0x20/0x38
[   15.311315]  kunit_try_run_case+0x170/0x3f0
[   15.311358]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.311411]  kthread+0x328/0x630
[   15.311461]  ret_from_fork+0x10/0x20
[   15.311495] 
[   15.311572] The buggy address belongs to the object at fff00000c175f000
[   15.311572]  which belongs to the cache kmalloc-256 of size 256
[   15.311629] The buggy address is located 0 bytes to the right of
[   15.311629]  allocated 201-byte region [fff00000c175f000, fff00000c175f0c9)
[   15.311834] 
[   15.311977] The buggy address belongs to the physical page:
[   15.312044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175e
[   15.312177] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.312245] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.312361] page_type: f5(slab)
[   15.312405] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.312458] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.312507] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.312780] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.312829] head: 0bfffe0000000001 ffffc1ffc305d781 00000000ffffffff 00000000ffffffff
[   15.312880] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.312920] page dumped because: kasan: bad access detected
[   15.312951] 
[   15.313113] Memory state around the buggy address:
[   15.313173]  fff00000c175ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.313226]  fff00000c175f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.313268] >fff00000c175f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.313304]                                               ^
[   15.313338]  fff00000c175f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.313743]  fff00000c175f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.313911] ==================================================================
[   15.399234] ==================================================================
[   15.399286] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.399333] Write of size 1 at addr fff00000c783e0da by task kunit_try_catch/163
[   15.399382] 
[   15.399412] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.399490] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.401019] Hardware name: linux,dummy-virt (DT)
[   15.401064] Call trace:
[   15.401698]  show_stack+0x20/0x38 (C)
[   15.401888]  dump_stack_lvl+0x8c/0xd0
[   15.401979]  print_report+0x118/0x5d0
[   15.402026]  kasan_report+0xdc/0x128
[   15.402128]  __asan_report_store1_noabort+0x20/0x30
[   15.402576]  krealloc_less_oob_helper+0xa80/0xc50
[   15.402931]  krealloc_large_less_oob+0x20/0x38
[   15.403363]  kunit_try_run_case+0x170/0x3f0
[   15.403423]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.404243]  kthread+0x328/0x630
[   15.404828]  ret_from_fork+0x10/0x20
[   15.405060] 
[   15.405250] The buggy address belongs to the physical page:
[   15.405284] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10783c
[   15.405344] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.405391] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.405441] page_type: f8(unknown)
[   15.405478] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.406292] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.406360] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.406415] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.406928] head: 0bfffe0000000002 ffffc1ffc31e0f01 00000000ffffffff 00000000ffffffff
[   15.407223] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.407264] page dumped because: kasan: bad access detected
[   15.407295] 
[   15.407312] Memory state around the buggy address:
[   15.407725]  fff00000c783df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.407772]  fff00000c783e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.407995] >fff00000c783e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.408247]                                                     ^
[   15.408422]  fff00000c783e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.408686]  fff00000c783e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.408879] ==================================================================
[   15.334674] ==================================================================
[   15.334731] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.334788] Write of size 1 at addr fff00000c175f0eb by task kunit_try_catch/159
[   15.334836] 
[   15.334872] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.335211] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.335245] Hardware name: linux,dummy-virt (DT)
[   15.335276] Call trace:
[   15.335298]  show_stack+0x20/0x38 (C)
[   15.335348]  dump_stack_lvl+0x8c/0xd0
[   15.335931]  print_report+0x118/0x5d0
[   15.336438]  kasan_report+0xdc/0x128
[   15.336561]  __asan_report_store1_noabort+0x20/0x30
[   15.336613]  krealloc_less_oob_helper+0xa58/0xc50
[   15.336941]  krealloc_less_oob+0x20/0x38
[   15.337028]  kunit_try_run_case+0x170/0x3f0
[   15.337141]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.337221]  kthread+0x328/0x630
[   15.337263]  ret_from_fork+0x10/0x20
[   15.337347] 
[   15.337365] Allocated by task 159:
[   15.337395]  kasan_save_stack+0x3c/0x68
[   15.337436]  kasan_save_track+0x20/0x40
[   15.337885]  kasan_save_alloc_info+0x40/0x58
[   15.337986]  __kasan_krealloc+0x118/0x178
[   15.338063]  krealloc_noprof+0x128/0x360
[   15.338100]  krealloc_less_oob_helper+0x168/0xc50
[   15.338138]  krealloc_less_oob+0x20/0x38
[   15.338172]  kunit_try_run_case+0x170/0x3f0
[   15.338348]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.338392]  kthread+0x328/0x630
[   15.338674]  ret_from_fork+0x10/0x20
[   15.338745] 
[   15.338807] The buggy address belongs to the object at fff00000c175f000
[   15.338807]  which belongs to the cache kmalloc-256 of size 256
[   15.338911] The buggy address is located 34 bytes to the right of
[   15.338911]  allocated 201-byte region [fff00000c175f000, fff00000c175f0c9)
[   15.339063] 
[   15.339082] The buggy address belongs to the physical page:
[   15.339113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175e
[   15.339229] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.339459] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.339618] page_type: f5(slab)
[   15.339655] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.339705] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.339753] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.339873] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.340103] head: 0bfffe0000000001 ffffc1ffc305d781 00000000ffffffff 00000000ffffffff
[   15.340223] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.340262] page dumped because: kasan: bad access detected
[   15.340292] 
[   15.340309] Memory state around the buggy address:
[   15.340338]  fff00000c175ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.340379]  fff00000c175f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.340651] >fff00000c175f080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.341070]                                                           ^
[   15.341236]  fff00000c175f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.341298]  fff00000c175f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.341336] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP10Uvq3v7pNP5Dz5FpJPvIM7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP10Uvq3v7pNP5Dz5FpJPvIM7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/Image.gz
sha256sum	5a0d130704720f4526a2744fe4c07d1dc11e96f7c77a2725cbb1e7b19399a7ae

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOxtZFXyhvCJVWMjiE0F9YK7w/modules.tar.xz
sha256sum	5545751b55566af933425aa17face5fb1f95b6bef7d17212e64661e6fa4f872f

durations

tests

boot	0
kunit	176.64

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.254155] ==================================================================
[   12.254539] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.254877] Write of size 1 at addr ffff8881003506ea by task kunit_try_catch/175
[   12.255154] 
[   12.255260] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.255301] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.255312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.255331] Call Trace:
[   12.255346]  <TASK>
[   12.255363]  dump_stack_lvl+0x73/0xb0
[   12.255389]  print_report+0xd1/0x610
[   12.255411]  ? __virt_addr_valid+0x1db/0x2d0
[   12.255435]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.255460]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.255483]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.255508]  kasan_report+0x141/0x180
[   12.255530]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.255559]  __asan_report_store1_noabort+0x1b/0x30
[   12.255586]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.255613]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.255639]  ? finish_task_switch.isra.0+0x153/0x700
[   12.255662]  ? __switch_to+0x47/0xf50
[   12.255687]  ? __schedule+0x10cc/0x2b60
[   12.255709]  ? __pfx_read_tsc+0x10/0x10
[   12.255732]  krealloc_less_oob+0x1c/0x30
[   12.255776]  kunit_try_run_case+0x1a5/0x480
[   12.255801]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.255825]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.255848]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.255872]  ? __kthread_parkme+0x82/0x180
[   12.255893]  ? preempt_count_sub+0x50/0x80
[   12.255916]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.255942]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.255968]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.255994]  kthread+0x337/0x6f0
[   12.256013]  ? trace_preempt_on+0x20/0xc0
[   12.256036]  ? __pfx_kthread+0x10/0x10
[   12.256056]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.256079]  ? calculate_sigpending+0x7b/0xa0
[   12.256102]  ? __pfx_kthread+0x10/0x10
[   12.256124]  ret_from_fork+0x116/0x1d0
[   12.256142]  ? __pfx_kthread+0x10/0x10
[   12.256163]  ret_from_fork_asm+0x1a/0x30
[   12.256194]  </TASK>
[   12.256203] 
[   12.263931] Allocated by task 175:
[   12.264139]  kasan_save_stack+0x45/0x70
[   12.264402]  kasan_save_track+0x18/0x40
[   12.264595]  kasan_save_alloc_info+0x3b/0x50
[   12.264816]  __kasan_krealloc+0x190/0x1f0
[   12.265002]  krealloc_noprof+0xf3/0x340
[   12.265138]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.265350]  krealloc_less_oob+0x1c/0x30
[   12.265728]  kunit_try_run_case+0x1a5/0x480
[   12.265957]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.266208]  kthread+0x337/0x6f0
[   12.266330]  ret_from_fork+0x116/0x1d0
[   12.266687]  ret_from_fork_asm+0x1a/0x30
[   12.266936] 
[   12.267035] The buggy address belongs to the object at ffff888100350600
[   12.267035]  which belongs to the cache kmalloc-256 of size 256
[   12.267676] The buggy address is located 33 bytes to the right of
[   12.267676]  allocated 201-byte region [ffff888100350600, ffff8881003506c9)
[   12.268073] 
[   12.268144] The buggy address belongs to the physical page:
[   12.268463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   12.268825] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.269407] flags: 0x200000000000040(head|node=0|zone=2)
[   12.269629] page_type: f5(slab)
[   12.269749] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.270101] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.270601] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.270913] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.271148] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   12.271484] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.272004] page dumped because: kasan: bad access detected
[   12.272181] 
[   12.272251] Memory state around the buggy address:
[   12.272542]  ffff888100350580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.272896]  ffff888100350600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.273317] >ffff888100350680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.273552]                                                           ^
[   12.273779]  ffff888100350700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.274181]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.274575] ==================================================================
[   12.407419] ==================================================================
[   12.407771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.408087] Write of size 1 at addr ffff8881026ba0ea by task kunit_try_catch/179
[   12.408639] 
[   12.408743] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.408793] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.408804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.408823] Call Trace:
[   12.408835]  <TASK>
[   12.408849]  dump_stack_lvl+0x73/0xb0
[   12.408879]  print_report+0xd1/0x610
[   12.408901]  ? __virt_addr_valid+0x1db/0x2d0
[   12.408925]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.408950]  ? kasan_addr_to_slab+0x11/0xa0
[   12.408971]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.408996]  kasan_report+0x141/0x180
[   12.409019]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.409048]  __asan_report_store1_noabort+0x1b/0x30
[   12.409074]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.409101]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.409127]  ? finish_task_switch.isra.0+0x153/0x700
[   12.409149]  ? __switch_to+0x47/0xf50
[   12.409174]  ? __schedule+0x10cc/0x2b60
[   12.409195]  ? __pfx_read_tsc+0x10/0x10
[   12.409219]  krealloc_large_less_oob+0x1c/0x30
[   12.409242]  kunit_try_run_case+0x1a5/0x480
[   12.409267]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.409290]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.409392]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.409421]  ? __kthread_parkme+0x82/0x180
[   12.409441]  ? preempt_count_sub+0x50/0x80
[   12.409464]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.409503]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.409528]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.409554]  kthread+0x337/0x6f0
[   12.409574]  ? trace_preempt_on+0x20/0xc0
[   12.409596]  ? __pfx_kthread+0x10/0x10
[   12.409617]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.409639]  ? calculate_sigpending+0x7b/0xa0
[   12.409663]  ? __pfx_kthread+0x10/0x10
[   12.409684]  ret_from_fork+0x116/0x1d0
[   12.409703]  ? __pfx_kthread+0x10/0x10
[   12.409723]  ret_from_fork_asm+0x1a/0x30
[   12.409762]  </TASK>
[   12.409772] 
[   12.417587] The buggy address belongs to the physical page:
[   12.417811] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b8
[   12.418174] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.418562] flags: 0x200000000000040(head|node=0|zone=2)
[   12.418816] page_type: f8(unknown)
[   12.418996] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.419287] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.419567] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.419915] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.420144] head: 0200000000000002 ffffea000409ae01 00000000ffffffff 00000000ffffffff
[   12.420404] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.420788] page dumped because: kasan: bad access detected
[   12.421490] 
[   12.421596] Memory state around the buggy address:
[   12.421831]  ffff8881026b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.422125]  ffff8881026ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.422489] >ffff8881026ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.422790]                                                           ^
[   12.422995]  ffff8881026ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.423290]  ffff8881026ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.423699] ==================================================================
[   12.424062] ==================================================================
[   12.424290] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.424871] Write of size 1 at addr ffff8881026ba0eb by task kunit_try_catch/179
[   12.425205] 
[   12.425302] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.425417] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.425428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.425448] Call Trace:
[   12.425462]  <TASK>
[   12.425495]  dump_stack_lvl+0x73/0xb0
[   12.425523]  print_report+0xd1/0x610
[   12.425545]  ? __virt_addr_valid+0x1db/0x2d0
[   12.425568]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.425593]  ? kasan_addr_to_slab+0x11/0xa0
[   12.425613]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.425638]  kasan_report+0x141/0x180
[   12.425660]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.425690]  __asan_report_store1_noabort+0x1b/0x30
[   12.425715]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.425742]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.425777]  ? finish_task_switch.isra.0+0x153/0x700
[   12.425800]  ? __switch_to+0x47/0xf50
[   12.425824]  ? __schedule+0x10cc/0x2b60
[   12.425846]  ? __pfx_read_tsc+0x10/0x10
[   12.425869]  krealloc_large_less_oob+0x1c/0x30
[   12.425894]  kunit_try_run_case+0x1a5/0x480
[   12.425919]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.425942]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.425965]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.425989]  ? __kthread_parkme+0x82/0x180
[   12.426009]  ? preempt_count_sub+0x50/0x80
[   12.426032]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.426057]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.426081]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.426106]  kthread+0x337/0x6f0
[   12.426125]  ? trace_preempt_on+0x20/0xc0
[   12.426148]  ? __pfx_kthread+0x10/0x10
[   12.426168]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.426190]  ? calculate_sigpending+0x7b/0xa0
[   12.426214]  ? __pfx_kthread+0x10/0x10
[   12.426235]  ret_from_fork+0x116/0x1d0
[   12.426254]  ? __pfx_kthread+0x10/0x10
[   12.426274]  ret_from_fork_asm+0x1a/0x30
[   12.426304]  </TASK>
[   12.426376] 
[   12.434054] The buggy address belongs to the physical page:
[   12.434238] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b8
[   12.434679] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.435030] flags: 0x200000000000040(head|node=0|zone=2)
[   12.435271] page_type: f8(unknown)
[   12.435538] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.435851] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.436135] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.436637] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.436966] head: 0200000000000002 ffffea000409ae01 00000000ffffffff 00000000ffffffff
[   12.437272] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.437677] page dumped because: kasan: bad access detected
[   12.437887] 
[   12.437958] Memory state around the buggy address:
[   12.438116]  ffff8881026b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.438432]  ffff8881026ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.438779] >ffff8881026ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.439092]                                                           ^
[   12.439446]  ffff8881026ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.439766]  ffff8881026ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.439998] ==================================================================
[   12.209716] ==================================================================
[   12.210022] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.210301] Write of size 1 at addr ffff8881003506d0 by task kunit_try_catch/175
[   12.210660] 
[   12.210768] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.210811] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.210821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.210840] Call Trace:
[   12.210854]  <TASK>
[   12.210866]  dump_stack_lvl+0x73/0xb0
[   12.210893]  print_report+0xd1/0x610
[   12.210913]  ? __virt_addr_valid+0x1db/0x2d0
[   12.210934]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.210957]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.211206]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.211234]  kasan_report+0x141/0x180
[   12.211257]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.211287]  __asan_report_store1_noabort+0x1b/0x30
[   12.211312]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.211404]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.211432]  ? finish_task_switch.isra.0+0x153/0x700
[   12.211457]  ? __switch_to+0x47/0xf50
[   12.211481]  ? __schedule+0x10cc/0x2b60
[   12.211503]  ? __pfx_read_tsc+0x10/0x10
[   12.211527]  krealloc_less_oob+0x1c/0x30
[   12.211549]  kunit_try_run_case+0x1a5/0x480
[   12.211573]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.211596]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.211620]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.211644]  ? __kthread_parkme+0x82/0x180
[   12.211664]  ? preempt_count_sub+0x50/0x80
[   12.211687]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.211712]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.211737]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.211777]  kthread+0x337/0x6f0
[   12.211797]  ? trace_preempt_on+0x20/0xc0
[   12.211820]  ? __pfx_kthread+0x10/0x10
[   12.211840]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.211862]  ? calculate_sigpending+0x7b/0xa0
[   12.211886]  ? __pfx_kthread+0x10/0x10
[   12.211907]  ret_from_fork+0x116/0x1d0
[   12.211927]  ? __pfx_kthread+0x10/0x10
[   12.211948]  ret_from_fork_asm+0x1a/0x30
[   12.211978]  </TASK>
[   12.211988] 
[   12.219996] Allocated by task 175:
[   12.220143]  kasan_save_stack+0x45/0x70
[   12.220293]  kasan_save_track+0x18/0x40
[   12.220485]  kasan_save_alloc_info+0x3b/0x50
[   12.220865]  __kasan_krealloc+0x190/0x1f0
[   12.221042]  krealloc_noprof+0xf3/0x340
[   12.221224]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.221419]  krealloc_less_oob+0x1c/0x30
[   12.221902]  kunit_try_run_case+0x1a5/0x480
[   12.222115]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.222293]  kthread+0x337/0x6f0
[   12.222419]  ret_from_fork+0x116/0x1d0
[   12.222565]  ret_from_fork_asm+0x1a/0x30
[   12.222778] 
[   12.222874] The buggy address belongs to the object at ffff888100350600
[   12.222874]  which belongs to the cache kmalloc-256 of size 256
[   12.223501] The buggy address is located 7 bytes to the right of
[   12.223501]  allocated 201-byte region [ffff888100350600, ffff8881003506c9)
[   12.224351] 
[   12.224489] The buggy address belongs to the physical page:
[   12.224764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   12.225104] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.225330] flags: 0x200000000000040(head|node=0|zone=2)
[   12.225840] page_type: f5(slab)
[   12.226183] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.226537] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.226837] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.227072] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.227452] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   12.227818] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.228162] page dumped because: kasan: bad access detected
[   12.228383] 
[   12.228541] Memory state around the buggy address:
[   12.228766]  ffff888100350580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.229002]  ffff888100350600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.229280] >ffff888100350680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.229617]                                                  ^
[   12.231455]  ffff888100350700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.231794]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.232071] ==================================================================
[   12.347972] ==================================================================
[   12.349308] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.350062] Write of size 1 at addr ffff8881026ba0c9 by task kunit_try_catch/179
[   12.350791] 
[   12.350984] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.351029] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.351041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.351062] Call Trace:
[   12.351072]  <TASK>
[   12.351087]  dump_stack_lvl+0x73/0xb0
[   12.351117]  print_report+0xd1/0x610
[   12.351139]  ? __virt_addr_valid+0x1db/0x2d0
[   12.351187]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.351212]  ? kasan_addr_to_slab+0x11/0xa0
[   12.351233]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.351257]  kasan_report+0x141/0x180
[   12.351279]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.351466]  __asan_report_store1_noabort+0x1b/0x30
[   12.351507]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.351535]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.351561]  ? finish_task_switch.isra.0+0x153/0x700
[   12.351585]  ? __switch_to+0x47/0xf50
[   12.351610]  ? __schedule+0x10cc/0x2b60
[   12.351632]  ? __pfx_read_tsc+0x10/0x10
[   12.351656]  krealloc_large_less_oob+0x1c/0x30
[   12.351680]  kunit_try_run_case+0x1a5/0x480
[   12.351705]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.351729]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.351765]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.351790]  ? __kthread_parkme+0x82/0x180
[   12.351811]  ? preempt_count_sub+0x50/0x80
[   12.351834]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.351858]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.351883]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.351908]  kthread+0x337/0x6f0
[   12.351927]  ? trace_preempt_on+0x20/0xc0
[   12.351951]  ? __pfx_kthread+0x10/0x10
[   12.351971]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.351993]  ? calculate_sigpending+0x7b/0xa0
[   12.352018]  ? __pfx_kthread+0x10/0x10
[   12.352039]  ret_from_fork+0x116/0x1d0
[   12.352057]  ? __pfx_kthread+0x10/0x10
[   12.352078]  ret_from_fork_asm+0x1a/0x30
[   12.352108]  </TASK>
[   12.352118] 
[   12.365457] The buggy address belongs to the physical page:
[   12.366074] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b8
[   12.366690] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.366934] flags: 0x200000000000040(head|node=0|zone=2)
[   12.367111] page_type: f8(unknown)
[   12.367237] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.368009] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.368798] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.369521] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.370244] head: 0200000000000002 ffffea000409ae01 00000000ffffffff 00000000ffffffff
[   12.371007] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.371748] page dumped because: kasan: bad access detected
[   12.372068] 
[   12.372141] Memory state around the buggy address:
[   12.372300]  ffff8881026b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.372525]  ffff8881026ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.372742] >ffff8881026ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.373025]                                               ^
[   12.373241]  ffff8881026ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.373498]  ffff8881026ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.373800] ==================================================================
[   12.185824] ==================================================================
[   12.186262] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.186773] Write of size 1 at addr ffff8881003506c9 by task kunit_try_catch/175
[   12.187091] 
[   12.187186] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.187231] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.187242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.187262] Call Trace:
[   12.187274]  <TASK>
[   12.187289]  dump_stack_lvl+0x73/0xb0
[   12.187319]  print_report+0xd1/0x610
[   12.187561]  ? __virt_addr_valid+0x1db/0x2d0
[   12.187586]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.187611]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.187634]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.187659]  kasan_report+0x141/0x180
[   12.187681]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.187711]  __asan_report_store1_noabort+0x1b/0x30
[   12.187736]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.187778]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.187804]  ? finish_task_switch.isra.0+0x153/0x700
[   12.187827]  ? __switch_to+0x47/0xf50
[   12.187853]  ? __schedule+0x10cc/0x2b60
[   12.187875]  ? __pfx_read_tsc+0x10/0x10
[   12.187899]  krealloc_less_oob+0x1c/0x30
[   12.187920]  kunit_try_run_case+0x1a5/0x480
[   12.187946]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.187969]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.187993]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.188017]  ? __kthread_parkme+0x82/0x180
[   12.188038]  ? preempt_count_sub+0x50/0x80
[   12.188061]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.188086]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.188111]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.188136]  kthread+0x337/0x6f0
[   12.188157]  ? trace_preempt_on+0x20/0xc0
[   12.188181]  ? __pfx_kthread+0x10/0x10
[   12.188201]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.188223]  ? calculate_sigpending+0x7b/0xa0
[   12.188247]  ? __pfx_kthread+0x10/0x10
[   12.188268]  ret_from_fork+0x116/0x1d0
[   12.188286]  ? __pfx_kthread+0x10/0x10
[   12.188307]  ret_from_fork_asm+0x1a/0x30
[   12.188387]  </TASK>
[   12.188398] 
[   12.196366] Allocated by task 175:
[   12.196501]  kasan_save_stack+0x45/0x70
[   12.196645]  kasan_save_track+0x18/0x40
[   12.196846]  kasan_save_alloc_info+0x3b/0x50
[   12.197057]  __kasan_krealloc+0x190/0x1f0
[   12.197256]  krealloc_noprof+0xf3/0x340
[   12.197586]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.197775]  krealloc_less_oob+0x1c/0x30
[   12.197916]  kunit_try_run_case+0x1a5/0x480
[   12.198063]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.198311]  kthread+0x337/0x6f0
[   12.198707]  ret_from_fork+0x116/0x1d0
[   12.198926]  ret_from_fork_asm+0x1a/0x30
[   12.199130] 
[   12.199223] The buggy address belongs to the object at ffff888100350600
[   12.199223]  which belongs to the cache kmalloc-256 of size 256
[   12.199932] The buggy address is located 0 bytes to the right of
[   12.199932]  allocated 201-byte region [ffff888100350600, ffff8881003506c9)
[   12.200567] 
[   12.200648] The buggy address belongs to the physical page:
[   12.200872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   12.201116] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.201351] flags: 0x200000000000040(head|node=0|zone=2)
[   12.201604] page_type: f5(slab)
[   12.201932] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.202330] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.202867] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.203205] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.204250] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   12.204742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.205003] page dumped because: kasan: bad access detected
[   12.205236] 
[   12.205622] Memory state around the buggy address:
[   12.205959]  ffff888100350580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.206497]  ffff888100350600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.207177] >ffff888100350680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.207707]                                               ^
[   12.207979]  ffff888100350700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.208279]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.208877] ==================================================================
[   12.374240] ==================================================================
[   12.374574] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.374899] Write of size 1 at addr ffff8881026ba0d0 by task kunit_try_catch/179
[   12.375200] 
[   12.375290] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.375329] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.375340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.375361] Call Trace:
[   12.375374]  <TASK>
[   12.375387]  dump_stack_lvl+0x73/0xb0
[   12.375416]  print_report+0xd1/0x610
[   12.375713]  ? __virt_addr_valid+0x1db/0x2d0
[   12.375737]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.375776]  ? kasan_addr_to_slab+0x11/0xa0
[   12.375798]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.375822]  kasan_report+0x141/0x180
[   12.375844]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.375874]  __asan_report_store1_noabort+0x1b/0x30
[   12.375899]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.375926]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.375951]  ? finish_task_switch.isra.0+0x153/0x700
[   12.375974]  ? __switch_to+0x47/0xf50
[   12.375999]  ? __schedule+0x10cc/0x2b60
[   12.376020]  ? __pfx_read_tsc+0x10/0x10
[   12.376044]  krealloc_large_less_oob+0x1c/0x30
[   12.376068]  kunit_try_run_case+0x1a5/0x480
[   12.376092]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.376115]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.376139]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.376163]  ? __kthread_parkme+0x82/0x180
[   12.376183]  ? preempt_count_sub+0x50/0x80
[   12.376207]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.376231]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.376256]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.376281]  kthread+0x337/0x6f0
[   12.376300]  ? trace_preempt_on+0x20/0xc0
[   12.376395]  ? __pfx_kthread+0x10/0x10
[   12.376417]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.376464]  ? calculate_sigpending+0x7b/0xa0
[   12.376488]  ? __pfx_kthread+0x10/0x10
[   12.376509]  ret_from_fork+0x116/0x1d0
[   12.376528]  ? __pfx_kthread+0x10/0x10
[   12.376549]  ret_from_fork_asm+0x1a/0x30
[   12.376579]  </TASK>
[   12.376589] 
[   12.384047] The buggy address belongs to the physical page:
[   12.384287] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b8
[   12.384641] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.385147] flags: 0x200000000000040(head|node=0|zone=2)
[   12.385490] page_type: f8(unknown)
[   12.385676] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.385991] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.386296] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.386650] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.386951] head: 0200000000000002 ffffea000409ae01 00000000ffffffff 00000000ffffffff
[   12.387293] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.387719] page dumped because: kasan: bad access detected
[   12.387905] 
[   12.388000] Memory state around the buggy address:
[   12.388228]  ffff8881026b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.388752]  ffff8881026ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.389019] >ffff8881026ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.389306]                                                  ^
[   12.389675]  ffff8881026ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.389989]  ffff8881026ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.390281] ==================================================================
[   12.232564] ==================================================================
[   12.232896] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.233201] Write of size 1 at addr ffff8881003506da by task kunit_try_catch/175
[   12.233656] 
[   12.233769] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.233812] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.233823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.233842] Call Trace:
[   12.233855]  <TASK>
[   12.233868]  dump_stack_lvl+0x73/0xb0
[   12.233897]  print_report+0xd1/0x610
[   12.233919]  ? __virt_addr_valid+0x1db/0x2d0
[   12.233941]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.233966]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.233990]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.234015]  kasan_report+0x141/0x180
[   12.234038]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.234133]  __asan_report_store1_noabort+0x1b/0x30
[   12.234161]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.234187]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.234213]  ? finish_task_switch.isra.0+0x153/0x700
[   12.234236]  ? __switch_to+0x47/0xf50
[   12.234261]  ? __schedule+0x10cc/0x2b60
[   12.234283]  ? __pfx_read_tsc+0x10/0x10
[   12.234308]  krealloc_less_oob+0x1c/0x30
[   12.234364]  kunit_try_run_case+0x1a5/0x480
[   12.234398]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.234421]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.234453]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.234478]  ? __kthread_parkme+0x82/0x180
[   12.234499]  ? preempt_count_sub+0x50/0x80
[   12.234524]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.234549]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.234574]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.234600]  kthread+0x337/0x6f0
[   12.234619]  ? trace_preempt_on+0x20/0xc0
[   12.234642]  ? __pfx_kthread+0x10/0x10
[   12.234663]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.234684]  ? calculate_sigpending+0x7b/0xa0
[   12.234709]  ? __pfx_kthread+0x10/0x10
[   12.234731]  ret_from_fork+0x116/0x1d0
[   12.234749]  ? __pfx_kthread+0x10/0x10
[   12.234780]  ret_from_fork_asm+0x1a/0x30
[   12.234811]  </TASK>
[   12.234821] 
[   12.242819] Allocated by task 175:
[   12.242970]  kasan_save_stack+0x45/0x70
[   12.243165]  kasan_save_track+0x18/0x40
[   12.243303]  kasan_save_alloc_info+0x3b/0x50
[   12.243452]  __kasan_krealloc+0x190/0x1f0
[   12.243652]  krealloc_noprof+0xf3/0x340
[   12.243858]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.244343]  krealloc_less_oob+0x1c/0x30
[   12.244496]  kunit_try_run_case+0x1a5/0x480
[   12.244783]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.245050]  kthread+0x337/0x6f0
[   12.245222]  ret_from_fork+0x116/0x1d0
[   12.245467]  ret_from_fork_asm+0x1a/0x30
[   12.245639] 
[   12.245713] The buggy address belongs to the object at ffff888100350600
[   12.245713]  which belongs to the cache kmalloc-256 of size 256
[   12.246237] The buggy address is located 17 bytes to the right of
[   12.246237]  allocated 201-byte region [ffff888100350600, ffff8881003506c9)
[   12.246621] 
[   12.246692] The buggy address belongs to the physical page:
[   12.247064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   12.247706] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.247955] flags: 0x200000000000040(head|node=0|zone=2)
[   12.248132] page_type: f5(slab)
[   12.248254] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.248977] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.249373] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.249987] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.250336] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   12.250745] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.251015] page dumped because: kasan: bad access detected
[   12.251273] 
[   12.251568] Memory state around the buggy address:
[   12.251777]  ffff888100350580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.252062]  ffff888100350600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.252312] >ffff888100350680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.252775]                                                     ^
[   12.253042]  ffff888100350700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.253380]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.253690] ==================================================================
[   12.390779] ==================================================================
[   12.391116] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.391535] Write of size 1 at addr ffff8881026ba0da by task kunit_try_catch/179
[   12.391845] 
[   12.391948] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.391989] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.392000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.392019] Call Trace:
[   12.392034]  <TASK>
[   12.392048]  dump_stack_lvl+0x73/0xb0
[   12.392076]  print_report+0xd1/0x610
[   12.392098]  ? __virt_addr_valid+0x1db/0x2d0
[   12.392119]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.392144]  ? kasan_addr_to_slab+0x11/0xa0
[   12.392165]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.392190]  kasan_report+0x141/0x180
[   12.392212]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.392241]  __asan_report_store1_noabort+0x1b/0x30
[   12.392267]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.392293]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.392496]  ? finish_task_switch.isra.0+0x153/0x700
[   12.392525]  ? __switch_to+0x47/0xf50
[   12.392551]  ? __schedule+0x10cc/0x2b60
[   12.392595]  ? __pfx_read_tsc+0x10/0x10
[   12.392621]  krealloc_large_less_oob+0x1c/0x30
[   12.392645]  kunit_try_run_case+0x1a5/0x480
[   12.392670]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.392693]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.392717]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.392741]  ? __kthread_parkme+0x82/0x180
[   12.392772]  ? preempt_count_sub+0x50/0x80
[   12.392796]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.392820]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.392845]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.392870]  kthread+0x337/0x6f0
[   12.392890]  ? trace_preempt_on+0x20/0xc0
[   12.392913]  ? __pfx_kthread+0x10/0x10
[   12.392933]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.392955]  ? calculate_sigpending+0x7b/0xa0
[   12.392979]  ? __pfx_kthread+0x10/0x10
[   12.393000]  ret_from_fork+0x116/0x1d0
[   12.393018]  ? __pfx_kthread+0x10/0x10
[   12.393039]  ret_from_fork_asm+0x1a/0x30
[   12.393069]  </TASK>
[   12.393079] 
[   12.400954] The buggy address belongs to the physical page:
[   12.401165] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b8
[   12.401538] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.401885] flags: 0x200000000000040(head|node=0|zone=2)
[   12.402134] page_type: f8(unknown)
[   12.402287] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.402646] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.403006] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.403424] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.403790] head: 0200000000000002 ffffea000409ae01 00000000ffffffff 00000000ffffffff
[   12.404022] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.404555] page dumped because: kasan: bad access detected
[   12.404815] 
[   12.404915] Memory state around the buggy address:
[   12.405102]  ffff8881026b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.405400]  ffff8881026ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.405768] >ffff8881026ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.406092]                                                     ^
[   12.406446]  ffff8881026ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.406703]  ffff8881026ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.406984] ==================================================================
[   12.275127] ==================================================================
[   12.275664] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.275989] Write of size 1 at addr ffff8881003506eb by task kunit_try_catch/175
[   12.276296] 
[   12.276522] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.276565] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.276576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.276595] Call Trace:
[   12.276607]  <TASK>
[   12.276620]  dump_stack_lvl+0x73/0xb0
[   12.276648]  print_report+0xd1/0x610
[   12.276670]  ? __virt_addr_valid+0x1db/0x2d0
[   12.276693]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.276717]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.276741]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.276779]  kasan_report+0x141/0x180
[   12.276801]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.276830]  __asan_report_store1_noabort+0x1b/0x30
[   12.276856]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.276883]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.276908]  ? finish_task_switch.isra.0+0x153/0x700
[   12.276932]  ? __switch_to+0x47/0xf50
[   12.276956]  ? __schedule+0x10cc/0x2b60
[   12.276978]  ? __pfx_read_tsc+0x10/0x10
[   12.277001]  krealloc_less_oob+0x1c/0x30
[   12.277023]  kunit_try_run_case+0x1a5/0x480
[   12.277047]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.277071]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.277094]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.277118]  ? __kthread_parkme+0x82/0x180
[   12.277139]  ? preempt_count_sub+0x50/0x80
[   12.277162]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.277187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.277212]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.277237]  kthread+0x337/0x6f0
[   12.277256]  ? trace_preempt_on+0x20/0xc0
[   12.277280]  ? __pfx_kthread+0x10/0x10
[   12.277300]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.277322]  ? calculate_sigpending+0x7b/0xa0
[   12.277346]  ? __pfx_kthread+0x10/0x10
[   12.277367]  ret_from_fork+0x116/0x1d0
[   12.277386]  ? __pfx_kthread+0x10/0x10
[   12.277406]  ret_from_fork_asm+0x1a/0x30
[   12.277437]  </TASK>
[   12.277446] 
[   12.285106] Allocated by task 175:
[   12.285241]  kasan_save_stack+0x45/0x70
[   12.285396]  kasan_save_track+0x18/0x40
[   12.285959]  kasan_save_alloc_info+0x3b/0x50
[   12.286189]  __kasan_krealloc+0x190/0x1f0
[   12.286496]  krealloc_noprof+0xf3/0x340
[   12.286682]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.286892]  krealloc_less_oob+0x1c/0x30
[   12.287090]  kunit_try_run_case+0x1a5/0x480
[   12.287273]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.287560]  kthread+0x337/0x6f0
[   12.287684]  ret_from_fork+0x116/0x1d0
[   12.287828]  ret_from_fork_asm+0x1a/0x30
[   12.287967] 
[   12.288039] The buggy address belongs to the object at ffff888100350600
[   12.288039]  which belongs to the cache kmalloc-256 of size 256
[   12.288637] The buggy address is located 34 bytes to the right of
[   12.288637]  allocated 201-byte region [ffff888100350600, ffff8881003506c9)
[   12.290960] 
[   12.291169] The buggy address belongs to the physical page:
[   12.292028] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100350
[   12.292305] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.292534] flags: 0x200000000000040(head|node=0|zone=2)
[   12.292709] page_type: f5(slab)
[   12.292966] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.293205] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.293607] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.295272] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.296028] head: 0200000000000001 ffffea000400d401 00000000ffffffff 00000000ffffffff
[   12.296273] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.296510] page dumped because: kasan: bad access detected
[   12.296683] 
[   12.296765] Memory state around the buggy address:
[   12.296956]  ffff888100350580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.298348]  ffff888100350600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.298783] >ffff888100350680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.298995]                                                           ^
[   12.299188]  ffff888100350700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.299804]  ffff888100350780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.300023] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zuOwkuCiYkSkampQuRIEzFXhfO

job_id

TEST:linaro@lkft#2zuP26Tk5EJZ1G6GaUB8xY8QPvA

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zuP26Tk5EJZ1G6GaUB8xY8QPvA

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/bzImage
sha256sum	7f84fda91605b0af54dfe2d5c5260bb6187dbc13cda660557c6c08afdfffa70b

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zuOyo8XTXj4HRa7uCKW5DyMaoP/modules.tar.xz
sha256sum	de8e55555874efdb420c4953f6a34916082341d76415460497e1eaea92137ba8

durations

tests

boot	0
kunit	205.20

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit