lkft/linux-mainline-master - v6.16-rc6-237-gc7de79e662b8 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 18, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.228779] ==================================================================
[   15.228966] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.229126] Write of size 1 at addr fff00000c17356da by task kunit_try_catch/158
[   15.229355] 
[   15.229487] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.229587] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.229615] Hardware name: linux,dummy-virt (DT)
[   15.229646] Call trace:
[   15.229668]  show_stack+0x20/0x38 (C)
[   15.229720]  dump_stack_lvl+0x8c/0xd0
[   15.229839]  print_report+0x118/0x5d0
[   15.229896]  kasan_report+0xdc/0x128
[   15.229943]  __asan_report_store1_noabort+0x20/0x30
[   15.229995]  krealloc_less_oob_helper+0xa80/0xc50
[   15.230044]  krealloc_less_oob+0x20/0x38
[   15.230091]  kunit_try_run_case+0x170/0x3f0
[   15.230157]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.230218]  kthread+0x328/0x630
[   15.230260]  ret_from_fork+0x10/0x20
[   15.230341] 
[   15.230373] Allocated by task 158:
[   15.230401]  kasan_save_stack+0x3c/0x68
[   15.230457]  kasan_save_track+0x20/0x40
[   15.230495]  kasan_save_alloc_info+0x40/0x58
[   15.230541]  __kasan_krealloc+0x118/0x178
[   15.230578]  krealloc_noprof+0x128/0x360
[   15.230629]  krealloc_less_oob_helper+0x168/0xc50
[   15.230668]  krealloc_less_oob+0x20/0x38
[   15.230705]  kunit_try_run_case+0x170/0x3f0
[   15.230751]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.230793]  kthread+0x328/0x630
[   15.230843]  ret_from_fork+0x10/0x20
[   15.230878] 
[   15.230898] The buggy address belongs to the object at fff00000c1735600
[   15.230898]  which belongs to the cache kmalloc-256 of size 256
[   15.230955] The buggy address is located 17 bytes to the right of
[   15.230955]  allocated 201-byte region [fff00000c1735600, fff00000c17356c9)
[   15.231019] 
[   15.231039] The buggy address belongs to the physical page:
[   15.231076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101734
[   15.231154] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.231201] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.231250] page_type: f5(slab)
[   15.231300] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.231799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.232243] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.232335] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.232410] head: 0bfffe0000000001 ffffc1ffc305cd01 00000000ffffffff 00000000ffffffff
[   15.232482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.232544] page dumped because: kasan: bad access detected
[   15.232799] 
[   15.232933] Memory state around the buggy address:
[   15.233065]  fff00000c1735580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.233473]  fff00000c1735600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.233728] >fff00000c1735680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.233845]                                                     ^
[   15.233905]  fff00000c1735700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.234064]  fff00000c1735780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.234370] ==================================================================
[   15.245953] ==================================================================
[   15.246096] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.246390] Write of size 1 at addr fff00000c17356eb by task kunit_try_catch/158
[   15.246454] 
[   15.246531] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.246618] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.246645] Hardware name: linux,dummy-virt (DT)
[   15.246840] Call trace:
[   15.247130]  show_stack+0x20/0x38 (C)
[   15.247300]  dump_stack_lvl+0x8c/0xd0
[   15.247365]  print_report+0x118/0x5d0
[   15.247418]  kasan_report+0xdc/0x128
[   15.247515]  __asan_report_store1_noabort+0x20/0x30
[   15.247587]  krealloc_less_oob_helper+0xa58/0xc50
[   15.247637]  krealloc_less_oob+0x20/0x38
[   15.247710]  kunit_try_run_case+0x170/0x3f0
[   15.247926]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.248196]  kthread+0x328/0x630
[   15.248282]  ret_from_fork+0x10/0x20
[   15.248406] 
[   15.248443] Allocated by task 158:
[   15.248510]  kasan_save_stack+0x3c/0x68
[   15.248552]  kasan_save_track+0x20/0x40
[   15.249049]  kasan_save_alloc_info+0x40/0x58
[   15.249112]  __kasan_krealloc+0x118/0x178
[   15.249177]  krealloc_noprof+0x128/0x360
[   15.249235]  krealloc_less_oob_helper+0x168/0xc50
[   15.249308]  krealloc_less_oob+0x20/0x38
[   15.249486]  kunit_try_run_case+0x170/0x3f0
[   15.249526]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.249746]  kthread+0x328/0x630
[   15.249970]  ret_from_fork+0x10/0x20
[   15.250039] 
[   15.250099] The buggy address belongs to the object at fff00000c1735600
[   15.250099]  which belongs to the cache kmalloc-256 of size 256
[   15.250538] The buggy address is located 34 bytes to the right of
[   15.250538]  allocated 201-byte region [fff00000c1735600, fff00000c17356c9)
[   15.250864] 
[   15.250924] The buggy address belongs to the physical page:
[   15.251000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101734
[   15.251077] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.251921] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.252024] page_type: f5(slab)
[   15.252074] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.252182] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.252355] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.252448] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.252498] head: 0bfffe0000000001 ffffc1ffc305cd01 00000000ffffffff 00000000ffffffff
[   15.252950] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.253028] page dumped because: kasan: bad access detected
[   15.253060] 
[   15.253079] Memory state around the buggy address:
[   15.253121]  fff00000c1735580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.253164]  fff00000c1735600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.253205] >fff00000c1735680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.253241]                                                           ^
[   15.253280]  fff00000c1735700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.253430]  fff00000c1735780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.253664] ==================================================================
[   15.286741] ==================================================================
[   15.286795] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.286846] Write of size 1 at addr fff00000c77560c9 by task kunit_try_catch/162
[   15.287041] 
[   15.287227] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.287460] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.287643] Hardware name: linux,dummy-virt (DT)
[   15.287706] Call trace:
[   15.287738]  show_stack+0x20/0x38 (C)
[   15.287859]  dump_stack_lvl+0x8c/0xd0
[   15.287947]  print_report+0x118/0x5d0
[   15.288166]  kasan_report+0xdc/0x128
[   15.288232]  __asan_report_store1_noabort+0x20/0x30
[   15.288555]  krealloc_less_oob_helper+0xa48/0xc50
[   15.288730]  krealloc_large_less_oob+0x20/0x38
[   15.288928]  kunit_try_run_case+0x170/0x3f0
[   15.289125]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.289193]  kthread+0x328/0x630
[   15.289309]  ret_from_fork+0x10/0x20
[   15.289683] 
[   15.289736] The buggy address belongs to the physical page:
[   15.289769] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.289825] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.290272] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.290345] page_type: f8(unknown)
[   15.290728] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.290825] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.290950] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.290999] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.291318] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.291438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.291545] page dumped because: kasan: bad access detected
[   15.291870] 
[   15.291914] Memory state around the buggy address:
[   15.292013]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.292116]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.292274] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.292505]                                               ^
[   15.292565]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.292679]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.292748] ==================================================================
[   15.217324] ==================================================================
[   15.217646] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.217755] Write of size 1 at addr fff00000c17356d0 by task kunit_try_catch/158
[   15.217863] 
[   15.218160] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.218460] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.218749] Hardware name: linux,dummy-virt (DT)
[   15.218883] Call trace:
[   15.218987]  show_stack+0x20/0x38 (C)
[   15.219070]  dump_stack_lvl+0x8c/0xd0
[   15.219153]  print_report+0x118/0x5d0
[   15.219508]  kasan_report+0xdc/0x128
[   15.219677]  __asan_report_store1_noabort+0x20/0x30
[   15.219737]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.219906]  krealloc_less_oob+0x20/0x38
[   15.220013]  kunit_try_run_case+0x170/0x3f0
[   15.220069]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.220136]  kthread+0x328/0x630
[   15.220194]  ret_from_fork+0x10/0x20
[   15.220255] 
[   15.220275] Allocated by task 158:
[   15.220304]  kasan_save_stack+0x3c/0x68
[   15.220365]  kasan_save_track+0x20/0x40
[   15.220687]  kasan_save_alloc_info+0x40/0x58
[   15.220873]  __kasan_krealloc+0x118/0x178
[   15.220953]  krealloc_noprof+0x128/0x360
[   15.221325]  krealloc_less_oob_helper+0x168/0xc50
[   15.221473]  krealloc_less_oob+0x20/0x38
[   15.221831]  kunit_try_run_case+0x170/0x3f0
[   15.221882]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.222203]  kthread+0x328/0x630
[   15.222362]  ret_from_fork+0x10/0x20
[   15.222432] 
[   15.222459] The buggy address belongs to the object at fff00000c1735600
[   15.222459]  which belongs to the cache kmalloc-256 of size 256
[   15.222911] The buggy address is located 7 bytes to the right of
[   15.222911]  allocated 201-byte region [fff00000c1735600, fff00000c17356c9)
[   15.223119] 
[   15.223398] The buggy address belongs to the physical page:
[   15.223758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101734
[   15.223883] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.224019] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.224107] page_type: f5(slab)
[   15.224463] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.224646] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.224772] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.224822] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.225278] head: 0bfffe0000000001 ffffc1ffc305cd01 00000000ffffffff 00000000ffffffff
[   15.225418] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.225481] page dumped because: kasan: bad access detected
[   15.225513] 
[   15.225547] Memory state around the buggy address:
[   15.225702]  fff00000c1735580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.225899]  fff00000c1735600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.225969] >fff00000c1735680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.226077]                                                  ^
[   15.226163]  fff00000c1735700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.226205]  fff00000c1735780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.226678] ==================================================================
[   15.204816] ==================================================================
[   15.205274] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.205501] Write of size 1 at addr fff00000c17356c9 by task kunit_try_catch/158
[   15.205630] 
[   15.205786] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.205928] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.205955] Hardware name: linux,dummy-virt (DT)
[   15.206005] Call trace:
[   15.206035]  show_stack+0x20/0x38 (C)
[   15.206236]  dump_stack_lvl+0x8c/0xd0
[   15.206432]  print_report+0x118/0x5d0
[   15.206623]  kasan_report+0xdc/0x128
[   15.206793]  __asan_report_store1_noabort+0x20/0x30
[   15.206869]  krealloc_less_oob_helper+0xa48/0xc50
[   15.206925]  krealloc_less_oob+0x20/0x38
[   15.207020]  kunit_try_run_case+0x170/0x3f0
[   15.207072]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.207133]  kthread+0x328/0x630
[   15.207175]  ret_from_fork+0x10/0x20
[   15.207229] 
[   15.207249] Allocated by task 158:
[   15.207283]  kasan_save_stack+0x3c/0x68
[   15.207339]  kasan_save_track+0x20/0x40
[   15.207625]  kasan_save_alloc_info+0x40/0x58
[   15.208019]  __kasan_krealloc+0x118/0x178
[   15.208089]  krealloc_noprof+0x128/0x360
[   15.208266]  krealloc_less_oob_helper+0x168/0xc50
[   15.208647]  krealloc_less_oob+0x20/0x38
[   15.208808]  kunit_try_run_case+0x170/0x3f0
[   15.208934]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.209110]  kthread+0x328/0x630
[   15.209145]  ret_from_fork+0x10/0x20
[   15.209309] 
[   15.209384] The buggy address belongs to the object at fff00000c1735600
[   15.209384]  which belongs to the cache kmalloc-256 of size 256
[   15.209629] The buggy address is located 0 bytes to the right of
[   15.209629]  allocated 201-byte region [fff00000c1735600, fff00000c17356c9)
[   15.210063] 
[   15.210090] The buggy address belongs to the physical page:
[   15.210338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101734
[   15.210494] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.210666] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.210818] page_type: f5(slab)
[   15.210906] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.210981] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.211286] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.211441] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.211566] head: 0bfffe0000000001 ffffc1ffc305cd01 00000000ffffffff 00000000ffffffff
[   15.211747] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.211846] page dumped because: kasan: bad access detected
[   15.212035] 
[   15.212114] Memory state around the buggy address:
[   15.212214]  fff00000c1735580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.212371]  fff00000c1735600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.212549] >fff00000c1735680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.212656]                                               ^
[   15.212775]  fff00000c1735700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.212983]  fff00000c1735780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.213176] ==================================================================
[   15.296813] ==================================================================
[   15.296848] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.296893] Write of size 1 at addr fff00000c77560da by task kunit_try_catch/162
[   15.296948] 
[   15.296975] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.297052] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.297078] Hardware name: linux,dummy-virt (DT)
[   15.297108] Call trace:
[   15.297141]  show_stack+0x20/0x38 (C)
[   15.297197]  dump_stack_lvl+0x8c/0xd0
[   15.297248]  print_report+0x118/0x5d0
[   15.297294]  kasan_report+0xdc/0x128
[   15.297639]  __asan_report_store1_noabort+0x20/0x30
[   15.297932]  krealloc_less_oob_helper+0xa80/0xc50
[   15.297994]  krealloc_large_less_oob+0x20/0x38
[   15.298471]  kunit_try_run_case+0x170/0x3f0
[   15.298954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.299296]  kthread+0x328/0x630
[   15.299555]  ret_from_fork+0x10/0x20
[   15.299763] 
[   15.299896] The buggy address belongs to the physical page:
[   15.300070] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.300468] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.300524] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.300700] page_type: f8(unknown)
[   15.300964] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.301027] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.301150] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.301238] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.301324] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.301661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.301784] page dumped because: kasan: bad access detected
[   15.301859] 
[   15.301901] Memory state around the buggy address:
[   15.302036]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.302102]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.302166] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.302324]                                                     ^
[   15.302574]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.302659]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.302791] ==================================================================
[   15.293669] ==================================================================
[   15.293716] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.293763] Write of size 1 at addr fff00000c77560d0 by task kunit_try_catch/162
[   15.293811] 
[   15.293841] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.293919] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.293944] Hardware name: linux,dummy-virt (DT)
[   15.293974] Call trace:
[   15.293995]  show_stack+0x20/0x38 (C)
[   15.294041]  dump_stack_lvl+0x8c/0xd0
[   15.294086]  print_report+0x118/0x5d0
[   15.294131]  kasan_report+0xdc/0x128
[   15.294175]  __asan_report_store1_noabort+0x20/0x30
[   15.294225]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.294272]  krealloc_large_less_oob+0x20/0x38
[   15.294318]  kunit_try_run_case+0x170/0x3f0
[   15.294383]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.294765]  kthread+0x328/0x630
[   15.294864]  ret_from_fork+0x10/0x20
[   15.295310] 
[   15.295369] The buggy address belongs to the physical page:
[   15.295584] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.295665] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.295713] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.295893] page_type: f8(unknown)
[   15.295942] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.296094] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.296156] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.296261] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.296318] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.296380] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.296419] page dumped because: kasan: bad access detected
[   15.296450] 
[   15.296468] Memory state around the buggy address:
[   15.296498]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.296540]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.296581] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.296617]                                                  ^
[   15.296673]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.296717]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.296755] ==================================================================
[   15.310848] ==================================================================
[   15.310896] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.310943] Write of size 1 at addr fff00000c77560eb by task kunit_try_catch/162
[   15.310992] 
[   15.311033] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.311122] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.311149] Hardware name: linux,dummy-virt (DT)
[   15.311184] Call trace:
[   15.311207]  show_stack+0x20/0x38 (C)
[   15.311255]  dump_stack_lvl+0x8c/0xd0
[   15.311300]  print_report+0x118/0x5d0
[   15.311364]  kasan_report+0xdc/0x128
[   15.311410]  __asan_report_store1_noabort+0x20/0x30
[   15.311461]  krealloc_less_oob_helper+0xa58/0xc50
[   15.311519]  krealloc_large_less_oob+0x20/0x38
[   15.311567]  kunit_try_run_case+0x170/0x3f0
[   15.311619]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.311680]  kthread+0x328/0x630
[   15.311722]  ret_from_fork+0x10/0x20
[   15.311769] 
[   15.311788] The buggy address belongs to the physical page:
[   15.311827] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.311886] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.311940] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.311988] page_type: f8(unknown)
[   15.312026] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.312076] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.312124] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.312171] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.312219] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.312272] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.312319] page dumped because: kasan: bad access detected
[   15.312731] 
[   15.312760] Memory state around the buggy address:
[   15.312794]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.312993]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.313045] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.313082]                                                           ^
[   15.313365]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.313465]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.313507] ==================================================================
[   15.304170] ==================================================================
[   15.304599] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.304708] Write of size 1 at addr fff00000c77560ea by task kunit_try_catch/162
[   15.304762] 
[   15.304796] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.305038] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.305237] Hardware name: linux,dummy-virt (DT)
[   15.305280] Call trace:
[   15.305382]  show_stack+0x20/0x38 (C)
[   15.305468]  dump_stack_lvl+0x8c/0xd0
[   15.305579]  print_report+0x118/0x5d0
[   15.305725]  kasan_report+0xdc/0x128
[   15.305869]  __asan_report_store1_noabort+0x20/0x30
[   15.306027]  krealloc_less_oob_helper+0xae4/0xc50
[   15.306241]  krealloc_large_less_oob+0x20/0x38
[   15.306403]  kunit_try_run_case+0x170/0x3f0
[   15.306511]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.306637]  kthread+0x328/0x630
[   15.306733]  ret_from_fork+0x10/0x20
[   15.306914] 
[   15.306935] The buggy address belongs to the physical page:
[   15.306985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.307228] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.307514] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.307628] page_type: f8(unknown)
[   15.307794] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.307847] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.307930] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.308118] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.308619] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.308736] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.308856] page dumped because: kasan: bad access detected
[   15.309035] 
[   15.309146] Memory state around the buggy address:
[   15.309362]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.309638]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.309770] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.309847]                                                           ^
[   15.309934]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.310038]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.310127] ==================================================================
[   15.235595] ==================================================================
[   15.235704] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.235758] Write of size 1 at addr fff00000c17356ea by task kunit_try_catch/158
[   15.235806] 
[   15.236136] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.236426] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.236567] Hardware name: linux,dummy-virt (DT)
[   15.236665] Call trace:
[   15.236693]  show_stack+0x20/0x38 (C)
[   15.236748]  dump_stack_lvl+0x8c/0xd0
[   15.236963]  print_report+0x118/0x5d0
[   15.237142]  kasan_report+0xdc/0x128
[   15.237258]  __asan_report_store1_noabort+0x20/0x30
[   15.237401]  krealloc_less_oob_helper+0xae4/0xc50
[   15.237566]  krealloc_less_oob+0x20/0x38
[   15.237687]  kunit_try_run_case+0x170/0x3f0
[   15.237737]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.238118]  kthread+0x328/0x630
[   15.238240]  ret_from_fork+0x10/0x20
[   15.238379] 
[   15.238440] Allocated by task 158:
[   15.238518]  kasan_save_stack+0x3c/0x68
[   15.238873]  kasan_save_track+0x20/0x40
[   15.238948]  kasan_save_alloc_info+0x40/0x58
[   15.239011]  __kasan_krealloc+0x118/0x178
[   15.239189]  krealloc_noprof+0x128/0x360
[   15.239418]  krealloc_less_oob_helper+0x168/0xc50
[   15.239523]  krealloc_less_oob+0x20/0x38
[   15.239662]  kunit_try_run_case+0x170/0x3f0
[   15.239779]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.239897]  kthread+0x328/0x630
[   15.240009]  ret_from_fork+0x10/0x20
[   15.240064] 
[   15.240084] The buggy address belongs to the object at fff00000c1735600
[   15.240084]  which belongs to the cache kmalloc-256 of size 256
[   15.240481] The buggy address is located 33 bytes to the right of
[   15.240481]  allocated 201-byte region [fff00000c1735600, fff00000c17356c9)
[   15.240637] 
[   15.240717] The buggy address belongs to the physical page:
[   15.240841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101734
[   15.240944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.241038] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.241379] page_type: f5(slab)
[   15.241471] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.241598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.241715] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.242165] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.242247] head: 0bfffe0000000001 ffffc1ffc305cd01 00000000ffffffff 00000000ffffffff
[   15.242481] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.242574] page dumped because: kasan: bad access detected
[   15.242763] 
[   15.242807] Memory state around the buggy address:
[   15.243180]  fff00000c1735580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.243396]  fff00000c1735600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.243468] >fff00000c1735680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.243640]                                                           ^
[   15.243717]  fff00000c1735700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.243825]  fff00000c1735780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.244108] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

304I74qE3r0xJScpa5F21DtNBKi

job_id

TEST:linaro@lkft#304IAoS8ehJbrsRCCdrQhkPrtZI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/304IAoS8ehJbrsRCCdrQhkPrtZI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I87Uo6xzzZ3NSNcslasZfSRN/Image.gz
sha256sum	2327c644062cfbec906717af44c5e27e8b69bcddd820709922f2265ba777660d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I87Uo6xzzZ3NSNcslasZfSRN/modules.tar.xz
sha256sum	eeb00a0e627a7c6809728a0593d4dbfc62943b3f4d5fd935f13ba3f570db6496

durations

tests

boot	0
kunit	171.20

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.033902] ==================================================================
[   12.034392] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.035138] Write of size 1 at addr ffff888102a3a0da by task kunit_try_catch/181
[   12.036233] 
[   12.036523] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.036569] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.036580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.036812] Call Trace:
[   12.036832]  <TASK>
[   12.036848]  dump_stack_lvl+0x73/0xb0
[   12.036916]  print_report+0xd1/0x610
[   12.036944]  ? __virt_addr_valid+0x1db/0x2d0
[   12.036965]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.036999]  ? kasan_addr_to_slab+0x11/0xa0
[   12.037019]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.037043]  kasan_report+0x141/0x180
[   12.037212]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.037242]  __asan_report_store1_noabort+0x1b/0x30
[   12.037266]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.037318]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.037341]  ? finish_task_switch.isra.0+0x153/0x700
[   12.037364]  ? __switch_to+0x47/0xf50
[   12.037387]  ? __schedule+0x10cc/0x2b60
[   12.037408]  ? __pfx_read_tsc+0x10/0x10
[   12.037430]  krealloc_large_less_oob+0x1c/0x30
[   12.037453]  kunit_try_run_case+0x1a5/0x480
[   12.037476]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.037497]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.037519]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.037542]  ? __kthread_parkme+0x82/0x180
[   12.037560]  ? preempt_count_sub+0x50/0x80
[   12.037582]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.037605]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.037628]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.037654]  kthread+0x337/0x6f0
[   12.037672]  ? trace_preempt_on+0x20/0xc0
[   12.037694]  ? __pfx_kthread+0x10/0x10
[   12.037713]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.037733]  ? calculate_sigpending+0x7b/0xa0
[   12.037756]  ? __pfx_kthread+0x10/0x10
[   12.037776]  ret_from_fork+0x116/0x1d0
[   12.037793]  ? __pfx_kthread+0x10/0x10
[   12.037812]  ret_from_fork_asm+0x1a/0x30
[   12.037842]  </TASK>
[   12.037851] 
[   12.053423] The buggy address belongs to the physical page:
[   12.053994] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   12.054659] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.055384] flags: 0x200000000000040(head|node=0|zone=2)
[   12.055921] page_type: f8(unknown)
[   12.056203] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.056632] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.056866] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.057230] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.058164] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   12.058970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.059565] page dumped because: kasan: bad access detected
[   12.059742] 
[   12.059812] Memory state around the buggy address:
[   12.059967]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.060541]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.061474] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.062119]                                                     ^
[   12.062762]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.063490]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.063778] ==================================================================
[   12.064119] ==================================================================
[   12.064412] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.064704] Write of size 1 at addr ffff888102a3a0ea by task kunit_try_catch/181
[   12.064985] 
[   12.065077] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.065116] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.065127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.065145] Call Trace:
[   12.065159]  <TASK>
[   12.065172]  dump_stack_lvl+0x73/0xb0
[   12.065197]  print_report+0xd1/0x610
[   12.065217]  ? __virt_addr_valid+0x1db/0x2d0
[   12.065238]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.065260]  ? kasan_addr_to_slab+0x11/0xa0
[   12.065303]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.065326]  kasan_report+0x141/0x180
[   12.065346]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.065373]  __asan_report_store1_noabort+0x1b/0x30
[   12.065396]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.065420]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.065442]  ? finish_task_switch.isra.0+0x153/0x700
[   12.065463]  ? __switch_to+0x47/0xf50
[   12.065512]  ? __schedule+0x10cc/0x2b60
[   12.065548]  ? __pfx_read_tsc+0x10/0x10
[   12.065571]  krealloc_large_less_oob+0x1c/0x30
[   12.065605]  kunit_try_run_case+0x1a5/0x480
[   12.065628]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.065650]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.065672]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.065695]  ? __kthread_parkme+0x82/0x180
[   12.065717]  ? preempt_count_sub+0x50/0x80
[   12.065738]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.065760]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.065781]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.066034]  kthread+0x337/0x6f0
[   12.066054]  ? trace_preempt_on+0x20/0xc0
[   12.066076]  ? __pfx_kthread+0x10/0x10
[   12.066096]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.066117]  ? calculate_sigpending+0x7b/0xa0
[   12.066139]  ? __pfx_kthread+0x10/0x10
[   12.066160]  ret_from_fork+0x116/0x1d0
[   12.066177]  ? __pfx_kthread+0x10/0x10
[   12.066197]  ret_from_fork_asm+0x1a/0x30
[   12.066226]  </TASK>
[   12.066236] 
[   12.082400] The buggy address belongs to the physical page:
[   12.082702] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   12.083049] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.083383] flags: 0x200000000000040(head|node=0|zone=2)
[   12.083917] page_type: f8(unknown)
[   12.084067] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.084762] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.085252] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.085719] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.086284] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   12.086824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.087355] page dumped because: kasan: bad access detected
[   12.087679] 
[   12.087770] Memory state around the buggy address:
[   12.087958]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.088537]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.088914] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.089320]                                                           ^
[   12.089600]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.090013]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.090438] ==================================================================
[   11.811068] ==================================================================
[   11.811710] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.812254] Write of size 1 at addr ffff888100aae6d0 by task kunit_try_catch/177
[   11.812521] 
[   11.812671] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.812713] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.812723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.812835] Call Trace:
[   11.812857]  <TASK>
[   11.812870]  dump_stack_lvl+0x73/0xb0
[   11.812898]  print_report+0xd1/0x610
[   11.812931]  ? __virt_addr_valid+0x1db/0x2d0
[   11.812953]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.812976]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.812997]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.813134]  kasan_report+0x141/0x180
[   11.813157]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.813185]  __asan_report_store1_noabort+0x1b/0x30
[   11.813281]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.813308]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.813332]  ? finish_task_switch.isra.0+0x153/0x700
[   11.813355]  ? __switch_to+0x47/0xf50
[   11.813379]  ? __schedule+0x10cc/0x2b60
[   11.813400]  ? __pfx_read_tsc+0x10/0x10
[   11.813422]  krealloc_less_oob+0x1c/0x30
[   11.813443]  kunit_try_run_case+0x1a5/0x480
[   11.813532]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.813554]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.813577]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.813599]  ? __kthread_parkme+0x82/0x180
[   11.813619]  ? preempt_count_sub+0x50/0x80
[   11.813641]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.813663]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.813686]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.813709]  kthread+0x337/0x6f0
[   11.813727]  ? trace_preempt_on+0x20/0xc0
[   11.813748]  ? __pfx_kthread+0x10/0x10
[   11.813767]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.813788]  ? calculate_sigpending+0x7b/0xa0
[   11.813810]  ? __pfx_kthread+0x10/0x10
[   11.813830]  ret_from_fork+0x116/0x1d0
[   11.813847]  ? __pfx_kthread+0x10/0x10
[   11.813866]  ret_from_fork_asm+0x1a/0x30
[   11.813896]  </TASK>
[   11.813905] 
[   11.824713] Allocated by task 177:
[   11.825055]  kasan_save_stack+0x45/0x70
[   11.825241]  kasan_save_track+0x18/0x40
[   11.825537]  kasan_save_alloc_info+0x3b/0x50
[   11.825924]  __kasan_krealloc+0x190/0x1f0
[   11.826311]  krealloc_noprof+0xf3/0x340
[   11.826543]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.826908]  krealloc_less_oob+0x1c/0x30
[   11.827217]  kunit_try_run_case+0x1a5/0x480
[   11.827406]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.827680]  kthread+0x337/0x6f0
[   11.827799]  ret_from_fork+0x116/0x1d0
[   11.827994]  ret_from_fork_asm+0x1a/0x30
[   11.828264] 
[   11.828370] The buggy address belongs to the object at ffff888100aae600
[   11.828370]  which belongs to the cache kmalloc-256 of size 256
[   11.829190] The buggy address is located 7 bytes to the right of
[   11.829190]  allocated 201-byte region [ffff888100aae600, ffff888100aae6c9)
[   11.829935] 
[   11.830011] The buggy address belongs to the physical page:
[   11.830332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   11.830842] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.831140] flags: 0x200000000000040(head|node=0|zone=2)
[   11.831525] page_type: f5(slab)
[   11.831673] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.832164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.832457] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.832785] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.833297] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   11.833732] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.834126] page dumped because: kasan: bad access detected
[   11.834412] 
[   11.834573] Memory state around the buggy address:
[   11.834761]  ffff888100aae580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.835242]  ffff888100aae600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.835532] >ffff888100aae680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.835940]                                                  ^
[   11.836421]  ffff888100aae700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.836734]  ffff888100aae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.837034] ==================================================================
[   12.090817] ==================================================================
[   12.091131] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.091456] Write of size 1 at addr ffff888102a3a0eb by task kunit_try_catch/181
[   12.091724] 
[   12.091935] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.091977] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.091988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.092007] Call Trace:
[   12.092022]  <TASK>
[   12.092037]  dump_stack_lvl+0x73/0xb0
[   12.092063]  print_report+0xd1/0x610
[   12.092085]  ? __virt_addr_valid+0x1db/0x2d0
[   12.092106]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.092170]  ? kasan_addr_to_slab+0x11/0xa0
[   12.092190]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.092213]  kasan_report+0x141/0x180
[   12.092234]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.092262]  __asan_report_store1_noabort+0x1b/0x30
[   12.092297]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.092322]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.092346]  ? finish_task_switch.isra.0+0x153/0x700
[   12.092367]  ? __switch_to+0x47/0xf50
[   12.092391]  ? __schedule+0x10cc/0x2b60
[   12.092412]  ? __pfx_read_tsc+0x10/0x10
[   12.092435]  krealloc_large_less_oob+0x1c/0x30
[   12.092457]  kunit_try_run_case+0x1a5/0x480
[   12.092480]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.092502]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.092525]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.092548]  ? __kthread_parkme+0x82/0x180
[   12.092567]  ? preempt_count_sub+0x50/0x80
[   12.092589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.092611]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.092634]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.092657]  kthread+0x337/0x6f0
[   12.092675]  ? trace_preempt_on+0x20/0xc0
[   12.092697]  ? __pfx_kthread+0x10/0x10
[   12.092716]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.092736]  ? calculate_sigpending+0x7b/0xa0
[   12.092759]  ? __pfx_kthread+0x10/0x10
[   12.092779]  ret_from_fork+0x116/0x1d0
[   12.092799]  ? __pfx_kthread+0x10/0x10
[   12.092818]  ret_from_fork_asm+0x1a/0x30
[   12.092847]  </TASK>
[   12.092856] 
[   12.100909] The buggy address belongs to the physical page:
[   12.101288] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   12.101674] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.101939] flags: 0x200000000000040(head|node=0|zone=2)
[   12.102116] page_type: f8(unknown)
[   12.102583] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.103242] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.103716] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.104057] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.104379] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   12.104698] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.105055] page dumped because: kasan: bad access detected
[   12.105288] 
[   12.105381] Memory state around the buggy address:
[   12.105646]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.105892]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.106108] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.106332]                                                           ^
[   12.106585]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.106923]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.107233] ==================================================================
[   12.004794] ==================================================================
[   12.005321] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.006443] Write of size 1 at addr ffff888102a3a0d0 by task kunit_try_catch/181
[   12.006867] 
[   12.006955] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.006997] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.007009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.007028] Call Trace:
[   12.007039]  <TASK>
[   12.007053]  dump_stack_lvl+0x73/0xb0
[   12.007080]  print_report+0xd1/0x610
[   12.007102]  ? __virt_addr_valid+0x1db/0x2d0
[   12.007123]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.007146]  ? kasan_addr_to_slab+0x11/0xa0
[   12.007165]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.007189]  kasan_report+0x141/0x180
[   12.007209]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.007237]  __asan_report_store1_noabort+0x1b/0x30
[   12.007261]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.007405]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.007433]  ? finish_task_switch.isra.0+0x153/0x700
[   12.007467]  ? __switch_to+0x47/0xf50
[   12.007492]  ? __schedule+0x10cc/0x2b60
[   12.007513]  ? __pfx_read_tsc+0x10/0x10
[   12.007536]  krealloc_large_less_oob+0x1c/0x30
[   12.007559]  kunit_try_run_case+0x1a5/0x480
[   12.007583]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.007604]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.007627]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.007649]  ? __kthread_parkme+0x82/0x180
[   12.007669]  ? preempt_count_sub+0x50/0x80
[   12.007692]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.007715]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.007738]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.007761]  kthread+0x337/0x6f0
[   12.007779]  ? trace_preempt_on+0x20/0xc0
[   12.007800]  ? __pfx_kthread+0x10/0x10
[   12.007819]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.007840]  ? calculate_sigpending+0x7b/0xa0
[   12.007863]  ? __pfx_kthread+0x10/0x10
[   12.007883]  ret_from_fork+0x116/0x1d0
[   12.007901]  ? __pfx_kthread+0x10/0x10
[   12.007920]  ret_from_fork_asm+0x1a/0x30
[   12.007950]  </TASK>
[   12.007959] 
[   12.022583] The buggy address belongs to the physical page:
[   12.023215] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   12.023705] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.023938] flags: 0x200000000000040(head|node=0|zone=2)
[   12.024437] page_type: f8(unknown)
[   12.024770] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.025634] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.026390] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.026837] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.027637] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   12.028239] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.028712] page dumped because: kasan: bad access detected
[   12.028887] 
[   12.028963] Memory state around the buggy address:
[   12.029502]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.030219]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.030914] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.031432]                                                  ^
[   12.031836]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.032605]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.033068] ==================================================================
[   11.969926] ==================================================================
[   11.970441] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.970700] Write of size 1 at addr ffff888102a3a0c9 by task kunit_try_catch/181
[   11.970927] 
[   11.971014] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.971056] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.971067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.971088] Call Trace:
[   11.971099]  <TASK>
[   11.971114]  dump_stack_lvl+0x73/0xb0
[   11.971142]  print_report+0xd1/0x610
[   11.971163]  ? __virt_addr_valid+0x1db/0x2d0
[   11.971186]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.971209]  ? kasan_addr_to_slab+0x11/0xa0
[   11.971229]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.971252]  kasan_report+0x141/0x180
[   11.971283]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.971311]  __asan_report_store1_noabort+0x1b/0x30
[   11.971335]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.971360]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.971383]  ? finish_task_switch.isra.0+0x153/0x700
[   11.971406]  ? __switch_to+0x47/0xf50
[   11.971431]  ? __schedule+0x10cc/0x2b60
[   11.971452]  ? __pfx_read_tsc+0x10/0x10
[   11.971475]  krealloc_large_less_oob+0x1c/0x30
[   11.971497]  kunit_try_run_case+0x1a5/0x480
[   11.971522]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.971543]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.971566]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.971588]  ? __kthread_parkme+0x82/0x180
[   11.971608]  ? preempt_count_sub+0x50/0x80
[   11.971630]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.971652]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.971675]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.971698]  kthread+0x337/0x6f0
[   11.971716]  ? trace_preempt_on+0x20/0xc0
[   11.971740]  ? __pfx_kthread+0x10/0x10
[   11.971760]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.971781]  ? calculate_sigpending+0x7b/0xa0
[   11.971804]  ? __pfx_kthread+0x10/0x10
[   11.971824]  ret_from_fork+0x116/0x1d0
[   11.971842]  ? __pfx_kthread+0x10/0x10
[   11.971861]  ret_from_fork_asm+0x1a/0x30
[   11.971891]  </TASK>
[   11.971900] 
[   11.992530] The buggy address belongs to the physical page:
[   11.992728] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.992983] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.993987] flags: 0x200000000000040(head|node=0|zone=2)
[   11.994793] page_type: f8(unknown)
[   11.995313] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.995951] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.996779] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.997526] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.997772] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.998018] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.999109] page dumped because: kasan: bad access detected
[   11.999794] 
[   12.000088] Memory state around the buggy address:
[   12.000623]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.001006]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.001596] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.001816]                                               ^
[   12.001992]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.002899]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.003755] ==================================================================
[   11.780822] ==================================================================
[   11.781329] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.782449] Write of size 1 at addr ffff888100aae6c9 by task kunit_try_catch/177
[   11.782831] 
[   11.783302] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.783418] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.783444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.783465] Call Trace:
[   11.783477]  <TASK>
[   11.783492]  dump_stack_lvl+0x73/0xb0
[   11.783521]  print_report+0xd1/0x610
[   11.783543]  ? __virt_addr_valid+0x1db/0x2d0
[   11.783565]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.783588]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.783610]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.783633]  kasan_report+0x141/0x180
[   11.783654]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.783681]  __asan_report_store1_noabort+0x1b/0x30
[   11.783706]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.783732]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.783755]  ? finish_task_switch.isra.0+0x153/0x700
[   11.783777]  ? __switch_to+0x47/0xf50
[   11.783802]  ? __schedule+0x10cc/0x2b60
[   11.783823]  ? __pfx_read_tsc+0x10/0x10
[   11.783846]  krealloc_less_oob+0x1c/0x30
[   11.783866]  kunit_try_run_case+0x1a5/0x480
[   11.783890]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.783911]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.783934]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.783956]  ? __kthread_parkme+0x82/0x180
[   11.783975]  ? preempt_count_sub+0x50/0x80
[   11.783997]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.784035]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.784058]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.784083]  kthread+0x337/0x6f0
[   11.784101]  ? trace_preempt_on+0x20/0xc0
[   11.784123]  ? __pfx_kthread+0x10/0x10
[   11.784142]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.784162]  ? calculate_sigpending+0x7b/0xa0
[   11.784185]  ? __pfx_kthread+0x10/0x10
[   11.784205]  ret_from_fork+0x116/0x1d0
[   11.784223]  ? __pfx_kthread+0x10/0x10
[   11.784242]  ret_from_fork_asm+0x1a/0x30
[   11.784281]  </TASK>
[   11.784291] 
[   11.796555] Allocated by task 177:
[   11.796958]  kasan_save_stack+0x45/0x70
[   11.797314]  kasan_save_track+0x18/0x40
[   11.797563]  kasan_save_alloc_info+0x3b/0x50
[   11.797904]  __kasan_krealloc+0x190/0x1f0
[   11.798232]  krealloc_noprof+0xf3/0x340
[   11.798425]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.798811]  krealloc_less_oob+0x1c/0x30
[   11.799139]  kunit_try_run_case+0x1a5/0x480
[   11.799336]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.799753]  kthread+0x337/0x6f0
[   11.799907]  ret_from_fork+0x116/0x1d0
[   11.800259]  ret_from_fork_asm+0x1a/0x30
[   11.800444] 
[   11.800608] The buggy address belongs to the object at ffff888100aae600
[   11.800608]  which belongs to the cache kmalloc-256 of size 256
[   11.801877] The buggy address is located 0 bytes to the right of
[   11.801877]  allocated 201-byte region [ffff888100aae600, ffff888100aae6c9)
[   11.802952] 
[   11.803029] The buggy address belongs to the physical page:
[   11.803200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   11.803464] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.803880] flags: 0x200000000000040(head|node=0|zone=2)
[   11.804431] page_type: f5(slab)
[   11.804576] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.804908] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.805245] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.805782] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.806302] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   11.806666] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.807162] page dumped because: kasan: bad access detected
[   11.807570] 
[   11.807669] Memory state around the buggy address:
[   11.807866]  ffff888100aae580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.808413]  ffff888100aae600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.808734] >ffff888100aae680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.809287]                                               ^
[   11.809525]  ffff888100aae700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.809845]  ffff888100aae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.810310] ==================================================================
[   11.891783] ==================================================================
[   11.892080] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.892334] Write of size 1 at addr ffff888100aae6eb by task kunit_try_catch/177
[   11.892736] 
[   11.893083] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.893126] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.893137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.893155] Call Trace:
[   11.893169]  <TASK>
[   11.893182]  dump_stack_lvl+0x73/0xb0
[   11.893208]  print_report+0xd1/0x610
[   11.893228]  ? __virt_addr_valid+0x1db/0x2d0
[   11.893261]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.893294]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.893316]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.893339]  kasan_report+0x141/0x180
[   11.893360]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.893426]  __asan_report_store1_noabort+0x1b/0x30
[   11.893481]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.893506]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.893530]  ? finish_task_switch.isra.0+0x153/0x700
[   11.893551]  ? __switch_to+0x47/0xf50
[   11.893575]  ? __schedule+0x10cc/0x2b60
[   11.893595]  ? __pfx_read_tsc+0x10/0x10
[   11.893618]  krealloc_less_oob+0x1c/0x30
[   11.893639]  kunit_try_run_case+0x1a5/0x480
[   11.893661]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.893682]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.893704]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.893726]  ? __kthread_parkme+0x82/0x180
[   11.893746]  ? preempt_count_sub+0x50/0x80
[   11.893767]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.893790]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.893813]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.893835]  kthread+0x337/0x6f0
[   11.893853]  ? trace_preempt_on+0x20/0xc0
[   11.893874]  ? __pfx_kthread+0x10/0x10
[   11.893893]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.893914]  ? calculate_sigpending+0x7b/0xa0
[   11.893936]  ? __pfx_kthread+0x10/0x10
[   11.893956]  ret_from_fork+0x116/0x1d0
[   11.893974]  ? __pfx_kthread+0x10/0x10
[   11.893993]  ret_from_fork_asm+0x1a/0x30
[   11.894059]  </TASK>
[   11.894069] 
[   11.906793] Allocated by task 177:
[   11.906932]  kasan_save_stack+0x45/0x70
[   11.907077]  kasan_save_track+0x18/0x40
[   11.907211]  kasan_save_alloc_info+0x3b/0x50
[   11.907913]  __kasan_krealloc+0x190/0x1f0
[   11.908264]  krealloc_noprof+0xf3/0x340
[   11.908851]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.909416]  krealloc_less_oob+0x1c/0x30
[   11.909834]  kunit_try_run_case+0x1a5/0x480
[   11.910330]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.910896]  kthread+0x337/0x6f0
[   11.911332]  ret_from_fork+0x116/0x1d0
[   11.911737]  ret_from_fork_asm+0x1a/0x30
[   11.912128] 
[   11.912392] The buggy address belongs to the object at ffff888100aae600
[   11.912392]  which belongs to the cache kmalloc-256 of size 256
[   11.913689] The buggy address is located 34 bytes to the right of
[   11.913689]  allocated 201-byte region [ffff888100aae600, ffff888100aae6c9)
[   11.914984] 
[   11.915066] The buggy address belongs to the physical page:
[   11.915241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   11.915494] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.915721] flags: 0x200000000000040(head|node=0|zone=2)
[   11.915894] page_type: f5(slab)
[   11.916012] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.916242] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.916483] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.916715] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.916958] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   11.917190] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.917675] page dumped because: kasan: bad access detected
[   11.918285] 
[   11.918388] Memory state around the buggy address:
[   11.918635]  ffff888100aae580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.918870]  ffff888100aae600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.919085] >ffff888100aae680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.919406]                                                           ^
[   11.919723]  ffff888100aae700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.920371]  ffff888100aae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.920696] ==================================================================
[   11.864369] ==================================================================
[   11.864782] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.865241] Write of size 1 at addr ffff888100aae6ea by task kunit_try_catch/177
[   11.865797] 
[   11.865907] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.865948] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.865959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.865978] Call Trace:
[   11.865993]  <TASK>
[   11.866007]  dump_stack_lvl+0x73/0xb0
[   11.866033]  print_report+0xd1/0x610
[   11.866205]  ? __virt_addr_valid+0x1db/0x2d0
[   11.866229]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.866252]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.866287]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.866310]  kasan_report+0x141/0x180
[   11.866331]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.866359]  __asan_report_store1_noabort+0x1b/0x30
[   11.866383]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.866408]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.866431]  ? finish_task_switch.isra.0+0x153/0x700
[   11.866467]  ? __switch_to+0x47/0xf50
[   11.866491]  ? __schedule+0x10cc/0x2b60
[   11.866512]  ? __pfx_read_tsc+0x10/0x10
[   11.866534]  krealloc_less_oob+0x1c/0x30
[   11.866555]  kunit_try_run_case+0x1a5/0x480
[   11.866577]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.866599]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.866621]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.866643]  ? __kthread_parkme+0x82/0x180
[   11.866661]  ? preempt_count_sub+0x50/0x80
[   11.866683]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.866706]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.866729]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.866753]  kthread+0x337/0x6f0
[   11.866771]  ? trace_preempt_on+0x20/0xc0
[   11.866792]  ? __pfx_kthread+0x10/0x10
[   11.866811]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.866831]  ? calculate_sigpending+0x7b/0xa0
[   11.866854]  ? __pfx_kthread+0x10/0x10
[   11.866874]  ret_from_fork+0x116/0x1d0
[   11.866891]  ? __pfx_kthread+0x10/0x10
[   11.866910]  ret_from_fork_asm+0x1a/0x30
[   11.866939]  </TASK>
[   11.866948] 
[   11.877385] Allocated by task 177:
[   11.877689]  kasan_save_stack+0x45/0x70
[   11.877989]  kasan_save_track+0x18/0x40
[   11.878328]  kasan_save_alloc_info+0x3b/0x50
[   11.878681]  __kasan_krealloc+0x190/0x1f0
[   11.878861]  krealloc_noprof+0xf3/0x340
[   11.879338]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.879607]  krealloc_less_oob+0x1c/0x30
[   11.879787]  kunit_try_run_case+0x1a5/0x480
[   11.879974]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.880461]  kthread+0x337/0x6f0
[   11.880673]  ret_from_fork+0x116/0x1d0
[   11.880990]  ret_from_fork_asm+0x1a/0x30
[   11.881334] 
[   11.881413] The buggy address belongs to the object at ffff888100aae600
[   11.881413]  which belongs to the cache kmalloc-256 of size 256
[   11.881910] The buggy address is located 33 bytes to the right of
[   11.881910]  allocated 201-byte region [ffff888100aae600, ffff888100aae6c9)
[   11.882818] 
[   11.882923] The buggy address belongs to the physical page:
[   11.883451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   11.883781] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.884300] flags: 0x200000000000040(head|node=0|zone=2)
[   11.884533] page_type: f5(slab)
[   11.884843] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.885366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.885836] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.886329] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.886770] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   11.887366] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.887835] page dumped because: kasan: bad access detected
[   11.888020] 
[   11.888118] Memory state around the buggy address:
[   11.888642]  ffff888100aae580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.888904]  ffff888100aae600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.889469] >ffff888100aae680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.889762]                                                           ^
[   11.890085]  ffff888100aae700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.890361]  ffff888100aae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.890674] ==================================================================
[   11.837922] ==================================================================
[   11.838392] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.838856] Write of size 1 at addr ffff888100aae6da by task kunit_try_catch/177
[   11.839353] 
[   11.839443] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.839484] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.839495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.839514] Call Trace:
[   11.839526]  <TASK>
[   11.839540]  dump_stack_lvl+0x73/0xb0
[   11.839569]  print_report+0xd1/0x610
[   11.839662]  ? __virt_addr_valid+0x1db/0x2d0
[   11.839685]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.839708]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.839730]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.839753]  kasan_report+0x141/0x180
[   11.839774]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.839802]  __asan_report_store1_noabort+0x1b/0x30
[   11.839825]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.839850]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.839874]  ? finish_task_switch.isra.0+0x153/0x700
[   11.839895]  ? __switch_to+0x47/0xf50
[   11.839919]  ? __schedule+0x10cc/0x2b60
[   11.839941]  ? __pfx_read_tsc+0x10/0x10
[   11.839964]  krealloc_less_oob+0x1c/0x30
[   11.839985]  kunit_try_run_case+0x1a5/0x480
[   11.840007]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.840174]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.840197]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.840221]  ? __kthread_parkme+0x82/0x180
[   11.840240]  ? preempt_count_sub+0x50/0x80
[   11.840262]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.840299]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.840322]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.840346]  kthread+0x337/0x6f0
[   11.840532]  ? trace_preempt_on+0x20/0xc0
[   11.840555]  ? __pfx_kthread+0x10/0x10
[   11.840575]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.840596]  ? calculate_sigpending+0x7b/0xa0
[   11.840619]  ? __pfx_kthread+0x10/0x10
[   11.840639]  ret_from_fork+0x116/0x1d0
[   11.840657]  ? __pfx_kthread+0x10/0x10
[   11.840677]  ret_from_fork_asm+0x1a/0x30
[   11.840705]  </TASK>
[   11.840714] 
[   11.850838] Allocated by task 177:
[   11.851168]  kasan_save_stack+0x45/0x70
[   11.851436]  kasan_save_track+0x18/0x40
[   11.851577]  kasan_save_alloc_info+0x3b/0x50
[   11.851892]  __kasan_krealloc+0x190/0x1f0
[   11.852197]  krealloc_noprof+0xf3/0x340
[   11.852381]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.852800]  krealloc_less_oob+0x1c/0x30
[   11.853124]  kunit_try_run_case+0x1a5/0x480
[   11.853533]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.853824]  kthread+0x337/0x6f0
[   11.854068]  ret_from_fork+0x116/0x1d0
[   11.854324]  ret_from_fork_asm+0x1a/0x30
[   11.854684] 
[   11.854787] The buggy address belongs to the object at ffff888100aae600
[   11.854787]  which belongs to the cache kmalloc-256 of size 256
[   11.855402] The buggy address is located 17 bytes to the right of
[   11.855402]  allocated 201-byte region [ffff888100aae600, ffff888100aae6c9)
[   11.856036] 
[   11.856138] The buggy address belongs to the physical page:
[   11.856333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aae
[   11.857129] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.857462] flags: 0x200000000000040(head|node=0|zone=2)
[   11.857767] page_type: f5(slab)
[   11.857997] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.858493] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.858815] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.859413] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.859938] head: 0200000000000001 ffffea000402ab81 00000000ffffffff 00000000ffffffff
[   11.860495] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.860809] page dumped because: kasan: bad access detected
[   11.861032] 
[   11.861113] Memory state around the buggy address:
[   11.861559]  ffff888100aae580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.861933]  ffff888100aae600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.862316] >ffff888100aae680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.862676]                                                     ^
[   11.862936]  ffff888100aae700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.863350]  ffff888100aae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.863621] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

304I74qE3r0xJScpa5F21DtNBKi

job_id

TEST:linaro@lkft#304IBtjw5gAFiQFtjheOZVsLnJd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/304IBtjw5gAFiQFtjheOZVsLnJd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I8v4gAXANgVsBFBP9Xgpwo9H/bzImage
sha256sum	74b158d3087b541db14488f1c5db89bcaabd464c1e74c13c892d531ea76b1c6d

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/304I8v4gAXANgVsBFBP9Xgpwo9H/modules.tar.xz
sha256sum	82d2eca680645b0e05a8b7307d7b91914de6f6b8f19a6a17cfb131cfaa8719a0

durations

tests

boot	0
kunit	221.87

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit