lkft/linux-mainline-master - v6.16-rc6-253-g4871b7cb27f4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 19, 2025, 11:11 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.245140] ==================================================================
[   15.245196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.247346] Write of size 1 at addr fff00000c64160da by task kunit_try_catch/163
[   15.247624] 
[   15.247659] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.247736] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.247761] Hardware name: linux,dummy-virt (DT)
[   15.247792] Call trace:
[   15.247813]  show_stack+0x20/0x38 (C)
[   15.247863]  dump_stack_lvl+0x8c/0xd0
[   15.247909]  print_report+0x118/0x5d0
[   15.247954]  kasan_report+0xdc/0x128
[   15.247999]  __asan_report_store1_noabort+0x20/0x30
[   15.248049]  krealloc_less_oob_helper+0xa80/0xc50
[   15.248096]  krealloc_large_less_oob+0x20/0x38
[   15.248143]  kunit_try_run_case+0x170/0x3f0
[   15.248188]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.248239]  kthread+0x328/0x630
[   15.248280]  ret_from_fork+0x10/0x20
[   15.248326] 
[   15.248346] The buggy address belongs to the physical page:
[   15.248376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414
[   15.248427] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.249055] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.249119] page_type: f8(unknown)
[   15.249157] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.249205] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.249282] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.249339] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.249387] head: 0bfffe0000000002 ffffc1ffc3190501 00000000ffffffff 00000000ffffffff
[   15.249433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.249471] page dumped because: kasan: bad access detected
[   15.249501] 
[   15.249518] Memory state around the buggy address:
[   15.249557]  fff00000c6415f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.249599]  fff00000c6416000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.249639] >fff00000c6416080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.249677]                                                     ^
[   15.249759]  fff00000c6416100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.249835]  fff00000c6416180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.249872] ==================================================================
[   15.230559] ==================================================================
[   15.230606] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.230655] Write of size 1 at addr fff00000c64160d0 by task kunit_try_catch/163
[   15.230703] 
[   15.231286] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.231474] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.231501] Hardware name: linux,dummy-virt (DT)
[   15.231542] Call trace:
[   15.231564]  show_stack+0x20/0x38 (C)
[   15.231614]  dump_stack_lvl+0x8c/0xd0
[   15.231659]  print_report+0x118/0x5d0
[   15.231705]  kasan_report+0xdc/0x128
[   15.231750]  __asan_report_store1_noabort+0x20/0x30
[   15.231800]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.231847]  krealloc_large_less_oob+0x20/0x38
[   15.231893]  kunit_try_run_case+0x170/0x3f0
[   15.232604]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.233390]  kthread+0x328/0x630
[   15.234038]  ret_from_fork+0x10/0x20
[   15.234233] 
[   15.234254] The buggy address belongs to the physical page:
[   15.234285] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414
[   15.234335] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.234381] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.234436] page_type: f8(unknown)
[   15.234475] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.234524] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.234585] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.234632] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.234680] head: 0bfffe0000000002 ffffc1ffc3190501 00000000ffffffff 00000000ffffffff
[   15.234726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.236976] page dumped because: kasan: bad access detected
[   15.237231] 
[   15.237744] Memory state around the buggy address:
[   15.238333]  fff00000c6415f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.238827]  fff00000c6416000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.238880] >fff00000c6416080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.238918]                                                  ^
[   15.239426]  fff00000c6416100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.239959]  fff00000c6416180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.240457] ==================================================================
[   15.165921] ==================================================================
[   15.166001] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.166162] Write of size 1 at addr fff00000c175ceea by task kunit_try_catch/159
[   15.166237] 
[   15.166267] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.166352] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.166685] Hardware name: linux,dummy-virt (DT)
[   15.166779] Call trace:
[   15.166850]  show_stack+0x20/0x38 (C)
[   15.166965]  dump_stack_lvl+0x8c/0xd0
[   15.167012]  print_report+0x118/0x5d0
[   15.167092]  kasan_report+0xdc/0x128
[   15.167362]  __asan_report_store1_noabort+0x20/0x30
[   15.167459]  krealloc_less_oob_helper+0xae4/0xc50
[   15.167582]  krealloc_less_oob+0x20/0x38
[   15.167658]  kunit_try_run_case+0x170/0x3f0
[   15.167974]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.168059]  kthread+0x328/0x630
[   15.168155]  ret_from_fork+0x10/0x20
[   15.168316] 
[   15.168338] Allocated by task 159:
[   15.168366]  kasan_save_stack+0x3c/0x68
[   15.168429]  kasan_save_track+0x20/0x40
[   15.168738]  kasan_save_alloc_info+0x40/0x58
[   15.168829]  __kasan_krealloc+0x118/0x178
[   15.168942]  krealloc_noprof+0x128/0x360
[   15.169019]  krealloc_less_oob_helper+0x168/0xc50
[   15.169281]  krealloc_less_oob+0x20/0x38
[   15.169409]  kunit_try_run_case+0x170/0x3f0
[   15.169520]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.169656]  kthread+0x328/0x630
[   15.169871]  ret_from_fork+0x10/0x20
[   15.170012] 
[   15.170074] The buggy address belongs to the object at fff00000c175ce00
[   15.170074]  which belongs to the cache kmalloc-256 of size 256
[   15.170228] The buggy address is located 33 bytes to the right of
[   15.170228]  allocated 201-byte region [fff00000c175ce00, fff00000c175cec9)
[   15.170326] 
[   15.170496] The buggy address belongs to the physical page:
[   15.170555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175c
[   15.170665] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.170722] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.170827] page_type: f5(slab)
[   15.171101] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.171181] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.171377] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.171439] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.171611] head: 0bfffe0000000001 ffffc1ffc305d701 00000000ffffffff 00000000ffffffff
[   15.171709] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.171889] page dumped because: kasan: bad access detected
[   15.171919] 
[   15.171954] Memory state around the buggy address:
[   15.172350]  fff00000c175cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.172489]  fff00000c175ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.172569] >fff00000c175ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.172704]                                                           ^
[   15.172822]  fff00000c175cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.173097]  fff00000c175cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.173233] ==================================================================
[   15.174108] ==================================================================
[   15.174157] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.174205] Write of size 1 at addr fff00000c175ceeb by task kunit_try_catch/159
[   15.174253] 
[   15.174282] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.174359] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.174385] Hardware name: linux,dummy-virt (DT)
[   15.174420] Call trace:
[   15.174442]  show_stack+0x20/0x38 (C)
[   15.174488]  dump_stack_lvl+0x8c/0xd0
[   15.174547]  print_report+0x118/0x5d0
[   15.174592]  kasan_report+0xdc/0x128
[   15.174636]  __asan_report_store1_noabort+0x20/0x30
[   15.174686]  krealloc_less_oob_helper+0xa58/0xc50
[   15.174734]  krealloc_less_oob+0x20/0x38
[   15.174779]  kunit_try_run_case+0x170/0x3f0
[   15.174826]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.174878]  kthread+0x328/0x630
[   15.174919]  ret_from_fork+0x10/0x20
[   15.174965] 
[   15.174982] Allocated by task 159:
[   15.175008]  kasan_save_stack+0x3c/0x68
[   15.175046]  kasan_save_track+0x20/0x40
[   15.175082]  kasan_save_alloc_info+0x40/0x58
[   15.175120]  __kasan_krealloc+0x118/0x178
[   15.175156]  krealloc_noprof+0x128/0x360
[   15.175192]  krealloc_less_oob_helper+0x168/0xc50
[   15.175229]  krealloc_less_oob+0x20/0x38
[   15.175263]  kunit_try_run_case+0x170/0x3f0
[   15.175299]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.175340]  kthread+0x328/0x630
[   15.175372]  ret_from_fork+0x10/0x20
[   15.175407] 
[   15.175425] The buggy address belongs to the object at fff00000c175ce00
[   15.175425]  which belongs to the cache kmalloc-256 of size 256
[   15.175481] The buggy address is located 34 bytes to the right of
[   15.175481]  allocated 201-byte region [fff00000c175ce00, fff00000c175cec9)
[   15.175581] 
[   15.175675] The buggy address belongs to the physical page:
[   15.175770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175c
[   15.175865] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.175949] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.176019] page_type: f5(slab)
[   15.176056] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.176122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.176482] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.176558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.176609] head: 0bfffe0000000001 ffffc1ffc305d701 00000000ffffffff 00000000ffffffff
[   15.176657] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.176697] page dumped because: kasan: bad access detected
[   15.176739] 
[   15.176757] Memory state around the buggy address:
[   15.176836]  fff00000c175cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.176901]  fff00000c175ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.176943] >fff00000c175ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.176989]                                                           ^
[   15.177026]  fff00000c175cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.177067]  fff00000c175cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.177105] ==================================================================
[   15.249995] ==================================================================
[   15.250073] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.250122] Write of size 1 at addr fff00000c64160ea by task kunit_try_catch/163
[   15.250169] 
[   15.250196] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.250273] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.250298] Hardware name: linux,dummy-virt (DT)
[   15.250327] Call trace:
[   15.250348]  show_stack+0x20/0x38 (C)
[   15.250526]  dump_stack_lvl+0x8c/0xd0
[   15.250588]  print_report+0x118/0x5d0
[   15.250714]  kasan_report+0xdc/0x128
[   15.250776]  __asan_report_store1_noabort+0x20/0x30
[   15.250867]  krealloc_less_oob_helper+0xae4/0xc50
[   15.250920]  krealloc_large_less_oob+0x20/0x38
[   15.250969]  kunit_try_run_case+0x170/0x3f0
[   15.251015]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.251066]  kthread+0x328/0x630
[   15.251107]  ret_from_fork+0x10/0x20
[   15.251153] 
[   15.251208] The buggy address belongs to the physical page:
[   15.251241] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414
[   15.251291] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.251347] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.251424] page_type: f8(unknown)
[   15.251461] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.251566] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.251618] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.251668] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.251763] head: 0bfffe0000000002 ffffc1ffc3190501 00000000ffffffff 00000000ffffffff
[   15.251838] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.251877] page dumped because: kasan: bad access detected
[   15.251907] 
[   15.251924] Memory state around the buggy address:
[   15.251954]  fff00000c6415f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.251994]  fff00000c6416000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.252034] >fff00000c6416080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.252070]                                                           ^
[   15.252143]  fff00000c6416100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.252185]  fff00000c6416180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.252220] ==================================================================
[   15.139318] ==================================================================
[   15.139374] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.139429] Write of size 1 at addr fff00000c175cec9 by task kunit_try_catch/159
[   15.142198] 
[   15.142368] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.143042] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.143162] Hardware name: linux,dummy-virt (DT)
[   15.143524] Call trace:
[   15.143983]  show_stack+0x20/0x38 (C)
[   15.144039]  dump_stack_lvl+0x8c/0xd0
[   15.144908]  print_report+0x118/0x5d0
[   15.145442]  kasan_report+0xdc/0x128
[   15.145973]  __asan_report_store1_noabort+0x20/0x30
[   15.146042]  krealloc_less_oob_helper+0xa48/0xc50
[   15.146091]  krealloc_less_oob+0x20/0x38
[   15.146962]  kunit_try_run_case+0x170/0x3f0
[   15.147230]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.147557]  kthread+0x328/0x630
[   15.148208]  ret_from_fork+0x10/0x20
[   15.148397] 
[   15.148815] Allocated by task 159:
[   15.148955]  kasan_save_stack+0x3c/0x68
[   15.149098]  kasan_save_track+0x20/0x40
[   15.149298]  kasan_save_alloc_info+0x40/0x58
[   15.149425]  __kasan_krealloc+0x118/0x178
[   15.149864]  krealloc_noprof+0x128/0x360
[   15.150048]  krealloc_less_oob_helper+0x168/0xc50
[   15.150087]  krealloc_less_oob+0x20/0x38
[   15.150122]  kunit_try_run_case+0x170/0x3f0
[   15.150161]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.150204]  kthread+0x328/0x630
[   15.150236]  ret_from_fork+0x10/0x20
[   15.150271] 
[   15.150292] The buggy address belongs to the object at fff00000c175ce00
[   15.150292]  which belongs to the cache kmalloc-256 of size 256
[   15.150348] The buggy address is located 0 bytes to the right of
[   15.150348]  allocated 201-byte region [fff00000c175ce00, fff00000c175cec9)
[   15.150420] 
[   15.150440] The buggy address belongs to the physical page:
[   15.150471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175c
[   15.150523] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.151722] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.151785] page_type: f5(slab)
[   15.151826] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.151875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.151924] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.151971] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.152018] head: 0bfffe0000000001 ffffc1ffc305d701 00000000ffffffff 00000000ffffffff
[   15.152065] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.152103] page dumped because: kasan: bad access detected
[   15.152133] 
[   15.152151] Memory state around the buggy address:
[   15.152182]  fff00000c175cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.152226]  fff00000c175ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.152268] >fff00000c175ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.152304]                                               ^
[   15.152338]  fff00000c175cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.152379]  fff00000c175cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.152415] ==================================================================
[   15.252304] ==================================================================
[   15.252340] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.252418] Write of size 1 at addr fff00000c64160eb by task kunit_try_catch/163
[   15.252466] 
[   15.252492] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.252595] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.252622] Hardware name: linux,dummy-virt (DT)
[   15.252650] Call trace:
[   15.252691]  show_stack+0x20/0x38 (C)
[   15.252756]  dump_stack_lvl+0x8c/0xd0
[   15.252801]  print_report+0x118/0x5d0
[   15.252846]  kasan_report+0xdc/0x128
[   15.252901]  __asan_report_store1_noabort+0x20/0x30
[   15.252952]  krealloc_less_oob_helper+0xa58/0xc50
[   15.252999]  krealloc_large_less_oob+0x20/0x38
[   15.253044]  kunit_try_run_case+0x170/0x3f0
[   15.253090]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.253142]  kthread+0x328/0x630
[   15.253186]  ret_from_fork+0x10/0x20
[   15.253235] 
[   15.253264] The buggy address belongs to the physical page:
[   15.253303] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414
[   15.253361] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.253407] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.253454] page_type: f8(unknown)
[   15.253496] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.253554] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.253602] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.253802] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.253880] head: 0bfffe0000000002 ffffc1ffc3190501 00000000ffffffff 00000000ffffffff
[   15.253986] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.254024] page dumped because: kasan: bad access detected
[   15.254054] 
[   15.254072] Memory state around the buggy address:
[   15.254134]  fff00000c6415f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.254177]  fff00000c6416000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.254217] >fff00000c6416080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.254253]                                                           ^
[   15.254289]  fff00000c6416100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.254344]  fff00000c6416180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.254381] ==================================================================
[   15.153297] ==================================================================
[   15.153344] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.153391] Write of size 1 at addr fff00000c175ced0 by task kunit_try_catch/159
[   15.153439] 
[   15.153470] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.153564] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.153590] Hardware name: linux,dummy-virt (DT)
[   15.153620] Call trace:
[   15.153641]  show_stack+0x20/0x38 (C)
[   15.153688]  dump_stack_lvl+0x8c/0xd0
[   15.153767]  print_report+0x118/0x5d0
[   15.153813]  kasan_report+0xdc/0x128
[   15.153881]  __asan_report_store1_noabort+0x20/0x30
[   15.153947]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.153995]  krealloc_less_oob+0x20/0x38
[   15.154039]  kunit_try_run_case+0x170/0x3f0
[   15.154085]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.154136]  kthread+0x328/0x630
[   15.154250]  ret_from_fork+0x10/0x20
[   15.154328] 
[   15.154346] Allocated by task 159:
[   15.154372]  kasan_save_stack+0x3c/0x68
[   15.154417]  kasan_save_track+0x20/0x40
[   15.154453]  kasan_save_alloc_info+0x40/0x58
[   15.154515]  __kasan_krealloc+0x118/0x178
[   15.154563]  krealloc_noprof+0x128/0x360
[   15.154599]  krealloc_less_oob_helper+0x168/0xc50
[   15.154637]  krealloc_less_oob+0x20/0x38
[   15.154671]  kunit_try_run_case+0x170/0x3f0
[   15.154707]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.154748]  kthread+0x328/0x630
[   15.154800]  ret_from_fork+0x10/0x20
[   15.154834] 
[   15.154852] The buggy address belongs to the object at fff00000c175ce00
[   15.154852]  which belongs to the cache kmalloc-256 of size 256
[   15.154950] The buggy address is located 7 bytes to the right of
[   15.154950]  allocated 201-byte region [fff00000c175ce00, fff00000c175cec9)
[   15.155046] 
[   15.155143] The buggy address belongs to the physical page:
[   15.155213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175c
[   15.155304] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.155431] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.155524] page_type: f5(slab)
[   15.155632] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.155729] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.155835] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.155952] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.156000] head: 0bfffe0000000001 ffffc1ffc305d701 00000000ffffffff 00000000ffffffff
[   15.156076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.156462] page dumped because: kasan: bad access detected
[   15.156630] 
[   15.156748] Memory state around the buggy address:
[   15.156827]  fff00000c175cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.156990]  fff00000c175ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.157085] >fff00000c175ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.157172]                                                  ^
[   15.157289]  fff00000c175cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.157330]  fff00000c175cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.157376] ==================================================================
[   15.220869] ==================================================================
[   15.220923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.220974] Write of size 1 at addr fff00000c64160c9 by task kunit_try_catch/163
[   15.221022] 
[   15.221054] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.221132] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.221158] Hardware name: linux,dummy-virt (DT)
[   15.221876] Call trace:
[   15.222011]  show_stack+0x20/0x38 (C)
[   15.222201]  dump_stack_lvl+0x8c/0xd0
[   15.222250]  print_report+0x118/0x5d0
[   15.222296]  kasan_report+0xdc/0x128
[   15.222545]  __asan_report_store1_noabort+0x20/0x30
[   15.222712]  krealloc_less_oob_helper+0xa48/0xc50
[   15.222869]  krealloc_large_less_oob+0x20/0x38
[   15.223374]  kunit_try_run_case+0x170/0x3f0
[   15.223503]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.223568]  kthread+0x328/0x630
[   15.224122]  ret_from_fork+0x10/0x20
[   15.224415] 
[   15.224437] The buggy address belongs to the physical page:
[   15.224468] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106414
[   15.225231] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.225295] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.225514] page_type: f8(unknown)
[   15.225879] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.225974] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.226032] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.226079] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.226207] head: 0bfffe0000000002 ffffc1ffc3190501 00000000ffffffff 00000000ffffffff
[   15.226678] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.226880] page dumped because: kasan: bad access detected
[   15.227137] 
[   15.227193] Memory state around the buggy address:
[   15.227246]  fff00000c6415f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.227670]  fff00000c6416000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.227900] >fff00000c6416080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.228015]                                               ^
[   15.228298]  fff00000c6416100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.228730]  fff00000c6416180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.228899] ==================================================================
[   15.158146] ==================================================================
[   15.158216] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.158415] Write of size 1 at addr fff00000c175ceda by task kunit_try_catch/159
[   15.158541] 
[   15.158577] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.158818] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.158910] Hardware name: linux,dummy-virt (DT)
[   15.158944] Call trace:
[   15.158967]  show_stack+0x20/0x38 (C)
[   15.159316]  dump_stack_lvl+0x8c/0xd0
[   15.159472]  print_report+0x118/0x5d0
[   15.159641]  kasan_report+0xdc/0x128
[   15.159773]  __asan_report_store1_noabort+0x20/0x30
[   15.159879]  krealloc_less_oob_helper+0xa80/0xc50
[   15.160028]  krealloc_less_oob+0x20/0x38
[   15.160091]  kunit_try_run_case+0x170/0x3f0
[   15.160370]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.160560]  kthread+0x328/0x630
[   15.160685]  ret_from_fork+0x10/0x20
[   15.161117] 
[   15.161219] Allocated by task 159:
[   15.161254]  kasan_save_stack+0x3c/0x68
[   15.161555]  kasan_save_track+0x20/0x40
[   15.161621]  kasan_save_alloc_info+0x40/0x58
[   15.161669]  __kasan_krealloc+0x118/0x178
[   15.161862]  krealloc_noprof+0x128/0x360
[   15.161941]  krealloc_less_oob_helper+0x168/0xc50
[   15.162068]  krealloc_less_oob+0x20/0x38
[   15.162116]  kunit_try_run_case+0x170/0x3f0
[   15.162289]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.162333]  kthread+0x328/0x630
[   15.162365]  ret_from_fork+0x10/0x20
[   15.162457] 
[   15.162664] The buggy address belongs to the object at fff00000c175ce00
[   15.162664]  which belongs to the cache kmalloc-256 of size 256
[   15.162752] The buggy address is located 17 bytes to the right of
[   15.162752]  allocated 201-byte region [fff00000c175ce00, fff00000c175cec9)
[   15.162993] 
[   15.163123] The buggy address belongs to the physical page:
[   15.163165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10175c
[   15.163226] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.163306] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.163356] page_type: f5(slab)
[   15.163399] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.163467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.163525] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.163592] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.163640] head: 0bfffe0000000001 ffffc1ffc305d701 00000000ffffffff 00000000ffffffff
[   15.163695] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.163736] page dumped because: kasan: bad access detected
[   15.163785] 
[   15.163803] Memory state around the buggy address:
[   15.163833]  fff00000c175cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.163873]  fff00000c175ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.163914] >fff00000c175ce80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.163959]                                                     ^
[   15.163997]  fff00000c175cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.164040]  fff00000c175cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.164077] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hjrHVuMhrP4C74zJJY45Voxp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hjrHVuMhrP4C74zJJY45Voxp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/Image.gz
sha256sum	c169ac4c7e9b0e4bbf64da467768ab89f00b0225b3c522460b0d6d662bcd1ac5

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hgM7kYn7x5I10V6otKIGzrYL/modules.tar.xz
sha256sum	999d2f5e28bad9d0877e65fac807375f30017fd2497321fa0aded245299f46f3

durations

tests

boot	0
kunit	166.76

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   11.979879] ==================================================================
[   11.980294] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.980649] Write of size 1 at addr ffff88810394e0ea by task kunit_try_catch/180
[   11.980956] 
[   11.981096] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.981138] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.981148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.981168] Call Trace:
[   11.981184]  <TASK>
[   11.981198]  dump_stack_lvl+0x73/0xb0
[   11.981224]  print_report+0xd1/0x610
[   11.981247]  ? __virt_addr_valid+0x1db/0x2d0
[   11.981270]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.981293]  ? kasan_addr_to_slab+0x11/0xa0
[   11.981313]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.981336]  kasan_report+0x141/0x180
[   11.981357]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.981385]  __asan_report_store1_noabort+0x1b/0x30
[   11.981409]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.981435]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.981458]  ? irqentry_exit+0x2a/0x60
[   11.981479]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.981517]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   11.981543]  krealloc_large_less_oob+0x1c/0x30
[   11.981565]  kunit_try_run_case+0x1a5/0x480
[   11.981589]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.981610]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.981634]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.981656]  ? __kthread_parkme+0x82/0x180
[   11.981676]  ? preempt_count_sub+0x50/0x80
[   11.981699]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.981724]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.981747]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.981770]  kthread+0x337/0x6f0
[   11.981788]  ? trace_preempt_on+0x20/0xc0
[   11.981810]  ? __pfx_kthread+0x10/0x10
[   11.981829]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.981850]  ? calculate_sigpending+0x7b/0xa0
[   11.981873]  ? __pfx_kthread+0x10/0x10
[   11.981893]  ret_from_fork+0x116/0x1d0
[   11.981912]  ? __pfx_kthread+0x10/0x10
[   11.981931]  ret_from_fork_asm+0x1a/0x30
[   11.981960]  </TASK>
[   11.981970] 
[   11.989808] The buggy address belongs to the physical page:
[   11.990085] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c
[   11.990569] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.990794] flags: 0x200000000000040(head|node=0|zone=2)
[   11.991047] page_type: f8(unknown)
[   11.991220] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.991712] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.992031] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.992352] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.992688] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff
[   11.993108] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.993488] page dumped because: kasan: bad access detected
[   11.993664] 
[   11.993730] Memory state around the buggy address:
[   11.993899]  ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.994562]  ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.994898] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.995392]                                                           ^
[   11.995730]  ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.996045]  ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.996377] ==================================================================
[   11.758894] ==================================================================
[   11.759250] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.759685] Write of size 1 at addr ffff8881003384d0 by task kunit_try_catch/176
[   11.760020] 
[   11.760143] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.760354] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.760371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.760406] Call Trace:
[   11.760425]  <TASK>
[   11.760440]  dump_stack_lvl+0x73/0xb0
[   11.760483]  print_report+0xd1/0x610
[   11.760522]  ? __virt_addr_valid+0x1db/0x2d0
[   11.760544]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.760567]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.760590]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.760613]  kasan_report+0x141/0x180
[   11.760634]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.760662]  __asan_report_store1_noabort+0x1b/0x30
[   11.760686]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.760711]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.760733]  ? irqentry_exit+0x2a/0x60
[   11.760754]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.760782]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.760807]  krealloc_less_oob+0x1c/0x30
[   11.760827]  kunit_try_run_case+0x1a5/0x480
[   11.760850]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.760871]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.760894]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.760917]  ? __kthread_parkme+0x82/0x180
[   11.760937]  ? preempt_count_sub+0x50/0x80
[   11.760960]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.760983]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.761005]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.761028]  kthread+0x337/0x6f0
[   11.761046]  ? trace_preempt_on+0x20/0xc0
[   11.761070]  ? __pfx_kthread+0x10/0x10
[   11.761089]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.761119]  ? calculate_sigpending+0x7b/0xa0
[   11.761143]  ? __pfx_kthread+0x10/0x10
[   11.761465]  ret_from_fork+0x116/0x1d0
[   11.761485]  ? __pfx_kthread+0x10/0x10
[   11.761513]  ret_from_fork_asm+0x1a/0x30
[   11.761543]  </TASK>
[   11.761553] 
[   11.772033] Allocated by task 176:
[   11.772912]  kasan_save_stack+0x45/0x70
[   11.773198]  kasan_save_track+0x18/0x40
[   11.773426]  kasan_save_alloc_info+0x3b/0x50
[   11.773655]  __kasan_krealloc+0x190/0x1f0
[   11.774140]  krealloc_noprof+0xf3/0x340
[   11.774457]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.774690]  krealloc_less_oob+0x1c/0x30
[   11.774878]  kunit_try_run_case+0x1a5/0x480
[   11.775074]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.775664]  kthread+0x337/0x6f0
[   11.775825]  ret_from_fork+0x116/0x1d0
[   11.776541]  ret_from_fork_asm+0x1a/0x30
[   11.776739] 
[   11.776817] The buggy address belongs to the object at ffff888100338400
[   11.776817]  which belongs to the cache kmalloc-256 of size 256
[   11.777506] The buggy address is located 7 bytes to the right of
[   11.777506]  allocated 201-byte region [ffff888100338400, ffff8881003384c9)
[   11.778038] 
[   11.778145] The buggy address belongs to the physical page:
[   11.778810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   11.779074] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.779308] flags: 0x200000000000040(head|node=0|zone=2)
[   11.779506] page_type: f5(slab)
[   11.779681] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.780110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.780437] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.781122] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.781952] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   11.782540] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.783269] page dumped because: kasan: bad access detected
[   11.783604] 
[   11.783677] Memory state around the buggy address:
[   11.783834]  ffff888100338380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.784052]  ffff888100338400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.784274] >ffff888100338480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.784486]                                                  ^
[   11.784676]  ffff888100338500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.784929]  ffff888100338580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.785246] ==================================================================
[   11.916320] ==================================================================
[   11.916836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.917328] Write of size 1 at addr ffff88810394e0c9 by task kunit_try_catch/180
[   11.917653] 
[   11.917751] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.917798] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.917809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.917831] Call Trace:
[   11.917844]  <TASK>
[   11.917863]  dump_stack_lvl+0x73/0xb0
[   11.917894]  print_report+0xd1/0x610
[   11.917917]  ? __virt_addr_valid+0x1db/0x2d0
[   11.917942]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.917965]  ? kasan_addr_to_slab+0x11/0xa0
[   11.917985]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.918009]  kasan_report+0x141/0x180
[   11.918030]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.918057]  __asan_report_store1_noabort+0x1b/0x30
[   11.918081]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.918106]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.918129]  ? irqentry_exit+0x2a/0x60
[   11.918150]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.918284]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   11.918311]  krealloc_large_less_oob+0x1c/0x30
[   11.918348]  kunit_try_run_case+0x1a5/0x480
[   11.918374]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.918396]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.918420]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.918442]  ? __kthread_parkme+0x82/0x180
[   11.918463]  ? preempt_count_sub+0x50/0x80
[   11.918488]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.918519]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.918542]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.918565]  kthread+0x337/0x6f0
[   11.918583]  ? trace_preempt_on+0x20/0xc0
[   11.918606]  ? __pfx_kthread+0x10/0x10
[   11.918626]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.918646]  ? calculate_sigpending+0x7b/0xa0
[   11.918670]  ? __pfx_kthread+0x10/0x10
[   11.918690]  ret_from_fork+0x116/0x1d0
[   11.918710]  ? __pfx_kthread+0x10/0x10
[   11.918729]  ret_from_fork_asm+0x1a/0x30
[   11.918759]  </TASK>
[   11.918769] 
[   11.927996] The buggy address belongs to the physical page:
[   11.928301] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c
[   11.928621] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.929156] flags: 0x200000000000040(head|node=0|zone=2)
[   11.929502] page_type: f8(unknown)
[   11.929636] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.929980] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.930521] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.930874] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.931364] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff
[   11.931655] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.932125] page dumped because: kasan: bad access detected
[   11.932428] 
[   11.932539] Memory state around the buggy address:
[   11.932749]  ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.933341]  ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.933637] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.934129]                                               ^
[   11.934517]  ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.934812]  ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.935349] ==================================================================
[   11.959740] ==================================================================
[   11.960624] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.961030] Write of size 1 at addr ffff88810394e0da by task kunit_try_catch/180
[   11.961987] 
[   11.962190] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.962342] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.962354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.962389] Call Trace:
[   11.962400]  <TASK>
[   11.962415]  dump_stack_lvl+0x73/0xb0
[   11.962446]  print_report+0xd1/0x610
[   11.962467]  ? __virt_addr_valid+0x1db/0x2d0
[   11.962489]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.962523]  ? kasan_addr_to_slab+0x11/0xa0
[   11.962542]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.962566]  kasan_report+0x141/0x180
[   11.962586]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.962614]  __asan_report_store1_noabort+0x1b/0x30
[   11.962637]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.962662]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.962685]  ? irqentry_exit+0x2a/0x60
[   11.962705]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.962733]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   11.962760]  krealloc_large_less_oob+0x1c/0x30
[   11.962782]  kunit_try_run_case+0x1a5/0x480
[   11.962805]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.962827]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.962850]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.962872]  ? __kthread_parkme+0x82/0x180
[   11.962892]  ? preempt_count_sub+0x50/0x80
[   11.962915]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.962938]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.962960]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.962983]  kthread+0x337/0x6f0
[   11.963001]  ? trace_preempt_on+0x20/0xc0
[   11.963023]  ? __pfx_kthread+0x10/0x10
[   11.963080]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.963105]  ? calculate_sigpending+0x7b/0xa0
[   11.963128]  ? __pfx_kthread+0x10/0x10
[   11.963148]  ret_from_fork+0x116/0x1d0
[   11.963167]  ? __pfx_kthread+0x10/0x10
[   11.963187]  ret_from_fork_asm+0x1a/0x30
[   11.963216]  </TASK>
[   11.963226] 
[   11.972487] The buggy address belongs to the physical page:
[   11.972744] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c
[   11.972990] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.973905] flags: 0x200000000000040(head|node=0|zone=2)
[   11.974342] page_type: f8(unknown)
[   11.974474] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.974805] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.975217] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.975607] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.975966] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff
[   11.976454] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.976756] page dumped because: kasan: bad access detected
[   11.976962] 
[   11.977055] Memory state around the buggy address:
[   11.977479]  ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.977758]  ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.978150] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.978480]                                                     ^
[   11.978710]  ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.979019]  ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.979406] ==================================================================
[   11.996826] ==================================================================
[   11.997248] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.997584] Write of size 1 at addr ffff88810394e0eb by task kunit_try_catch/180
[   11.997896] 
[   11.998019] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.998072] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.998229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.998255] Call Trace:
[   11.998272]  <TASK>
[   11.998287]  dump_stack_lvl+0x73/0xb0
[   11.998362]  print_report+0xd1/0x610
[   11.998384]  ? __virt_addr_valid+0x1db/0x2d0
[   11.998408]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.998431]  ? kasan_addr_to_slab+0x11/0xa0
[   11.998450]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.998473]  kasan_report+0x141/0x180
[   11.998504]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.998532]  __asan_report_store1_noabort+0x1b/0x30
[   11.998556]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.998582]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.998605]  ? irqentry_exit+0x2a/0x60
[   11.998625]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.998663]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   11.998689]  krealloc_large_less_oob+0x1c/0x30
[   11.998711]  kunit_try_run_case+0x1a5/0x480
[   11.998747]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.998769]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.998792]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.998814]  ? __kthread_parkme+0x82/0x180
[   11.998833]  ? preempt_count_sub+0x50/0x80
[   11.998857]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.998880]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.998902]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.998925]  kthread+0x337/0x6f0
[   11.998942]  ? trace_preempt_on+0x20/0xc0
[   11.998964]  ? __pfx_kthread+0x10/0x10
[   11.998983]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.999005]  ? calculate_sigpending+0x7b/0xa0
[   11.999029]  ? __pfx_kthread+0x10/0x10
[   11.999059]  ret_from_fork+0x116/0x1d0
[   11.999078]  ? __pfx_kthread+0x10/0x10
[   11.999097]  ret_from_fork_asm+0x1a/0x30
[   11.999127]  </TASK>
[   11.999136] 
[   12.006779] The buggy address belongs to the physical page:
[   12.007550] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c
[   12.007996] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.009011] flags: 0x200000000000040(head|node=0|zone=2)
[   12.009440] page_type: f8(unknown)
[   12.009754] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.010267] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.010711] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.011205] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.011614] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff
[   12.011994] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.012479] page dumped because: kasan: bad access detected
[   12.012723] 
[   12.013008] Memory state around the buggy address:
[   12.013463]  ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.013790]  ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.014432] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.014836]                                                           ^
[   12.015269]  ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.015671]  ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.016121] ==================================================================
[   11.807765] ==================================================================
[   11.808309] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.808682] Write of size 1 at addr ffff8881003384ea by task kunit_try_catch/176
[   11.809132] 
[   11.809219] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.809261] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.809272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.809292] Call Trace:
[   11.809308]  <TASK>
[   11.809322]  dump_stack_lvl+0x73/0xb0
[   11.809349]  print_report+0xd1/0x610
[   11.809370]  ? __virt_addr_valid+0x1db/0x2d0
[   11.809392]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.809415]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.809437]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.809460]  kasan_report+0x141/0x180
[   11.809481]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.809519]  __asan_report_store1_noabort+0x1b/0x30
[   11.809543]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.809568]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.809590]  ? irqentry_exit+0x2a/0x60
[   11.809611]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.809639]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.809664]  krealloc_less_oob+0x1c/0x30
[   11.809685]  kunit_try_run_case+0x1a5/0x480
[   11.809708]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.809730]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.809754]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.809777]  ? __kthread_parkme+0x82/0x180
[   11.809796]  ? preempt_count_sub+0x50/0x80
[   11.809820]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.809843]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.809865]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.809888]  kthread+0x337/0x6f0
[   11.809906]  ? trace_preempt_on+0x20/0xc0
[   11.809928]  ? __pfx_kthread+0x10/0x10
[   11.809947]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.809968]  ? calculate_sigpending+0x7b/0xa0
[   11.809991]  ? __pfx_kthread+0x10/0x10
[   11.810011]  ret_from_fork+0x116/0x1d0
[   11.810029]  ? __pfx_kthread+0x10/0x10
[   11.810048]  ret_from_fork_asm+0x1a/0x30
[   11.810077]  </TASK>
[   11.810087] 
[   11.818064] Allocated by task 176:
[   11.818266]  kasan_save_stack+0x45/0x70
[   11.818440]  kasan_save_track+0x18/0x40
[   11.818639]  kasan_save_alloc_info+0x3b/0x50
[   11.818883]  __kasan_krealloc+0x190/0x1f0
[   11.819105]  krealloc_noprof+0xf3/0x340
[   11.819424]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.819904]  krealloc_less_oob+0x1c/0x30
[   11.820280]  kunit_try_run_case+0x1a5/0x480
[   11.820510]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.820758]  kthread+0x337/0x6f0
[   11.820919]  ret_from_fork+0x116/0x1d0
[   11.821119]  ret_from_fork_asm+0x1a/0x30
[   11.821325] 
[   11.821424] The buggy address belongs to the object at ffff888100338400
[   11.821424]  which belongs to the cache kmalloc-256 of size 256
[   11.821957] The buggy address is located 33 bytes to the right of
[   11.821957]  allocated 201-byte region [ffff888100338400, ffff8881003384c9)
[   11.822487] 
[   11.822566] The buggy address belongs to the physical page:
[   11.822732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   11.822964] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.823539] flags: 0x200000000000040(head|node=0|zone=2)
[   11.823792] page_type: f5(slab)
[   11.823984] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.824414] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.824777] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.825317] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.825556] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   11.825890] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.826313] page dumped because: kasan: bad access detected
[   11.826560] 
[   11.826653] Memory state around the buggy address:
[   11.826868]  ffff888100338380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.827276]  ffff888100338400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.827601] >ffff888100338480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.827937]                                                           ^
[   11.828249]  ffff888100338500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.828581]  ffff888100338580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.828899] ==================================================================
[   11.936414] ==================================================================
[   11.937387] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.937732] Write of size 1 at addr ffff88810394e0d0 by task kunit_try_catch/180
[   11.938024] 
[   11.938328] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.938376] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.938386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.938406] Call Trace:
[   11.938418]  <TASK>
[   11.938434]  dump_stack_lvl+0x73/0xb0
[   11.938463]  print_report+0xd1/0x610
[   11.938484]  ? __virt_addr_valid+0x1db/0x2d0
[   11.938596]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.938632]  ? kasan_addr_to_slab+0x11/0xa0
[   11.938652]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.938707]  kasan_report+0x141/0x180
[   11.938728]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.938767]  __asan_report_store1_noabort+0x1b/0x30
[   11.938791]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.938817]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.938840]  ? irqentry_exit+0x2a/0x60
[   11.938861]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.938889]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   11.938915]  krealloc_large_less_oob+0x1c/0x30
[   11.938937]  kunit_try_run_case+0x1a5/0x480
[   11.938961]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.938982]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.939006]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.939029]  ? __kthread_parkme+0x82/0x180
[   11.939050]  ? preempt_count_sub+0x50/0x80
[   11.939128]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.939152]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.939175]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.939198]  kthread+0x337/0x6f0
[   11.939217]  ? trace_preempt_on+0x20/0xc0
[   11.939238]  ? __pfx_kthread+0x10/0x10
[   11.939258]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.939278]  ? calculate_sigpending+0x7b/0xa0
[   11.939302]  ? __pfx_kthread+0x10/0x10
[   11.939322]  ret_from_fork+0x116/0x1d0
[   11.939341]  ? __pfx_kthread+0x10/0x10
[   11.939360]  ret_from_fork_asm+0x1a/0x30
[   11.939390]  </TASK>
[   11.939399] 
[   11.949057] The buggy address belongs to the physical page:
[   11.949376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394c
[   11.949867] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.950100] flags: 0x200000000000040(head|node=0|zone=2)
[   11.950289] page_type: f8(unknown)
[   11.950422] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.951039] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.951613] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.951845] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.952510] head: 0200000000000002 ffffea00040e5301 00000000ffffffff 00000000ffffffff
[   11.953070] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.953883] page dumped because: kasan: bad access detected
[   11.954631] 
[   11.954787] Memory state around the buggy address:
[   11.955324]  ffff88810394df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.956063]  ffff88810394e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.956617] >ffff88810394e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.956838]                                                  ^
[   11.957019]  ffff88810394e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.957971]  ffff88810394e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.958800] ==================================================================
[   11.785953] ==================================================================
[   11.786332] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.786598] Write of size 1 at addr ffff8881003384da by task kunit_try_catch/176
[   11.786930] 
[   11.787066] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.787126] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.787167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.787188] Call Trace:
[   11.787221]  <TASK>
[   11.787239]  dump_stack_lvl+0x73/0xb0
[   11.787269]  print_report+0xd1/0x610
[   11.787312]  ? __virt_addr_valid+0x1db/0x2d0
[   11.787335]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.787358]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.787379]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.787403]  kasan_report+0x141/0x180
[   11.787423]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.787451]  __asan_report_store1_noabort+0x1b/0x30
[   11.787504]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.787530]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.787566]  ? irqentry_exit+0x2a/0x60
[   11.787587]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.787629]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.787667]  krealloc_less_oob+0x1c/0x30
[   11.787687]  kunit_try_run_case+0x1a5/0x480
[   11.787711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.787746]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.787769]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.787805]  ? __kthread_parkme+0x82/0x180
[   11.787824]  ? preempt_count_sub+0x50/0x80
[   11.787848]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.787871]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.787893]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.787917]  kthread+0x337/0x6f0
[   11.787935]  ? trace_preempt_on+0x20/0xc0
[   11.787957]  ? __pfx_kthread+0x10/0x10
[   11.787976]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.787997]  ? calculate_sigpending+0x7b/0xa0
[   11.788022]  ? __pfx_kthread+0x10/0x10
[   11.788049]  ret_from_fork+0x116/0x1d0
[   11.788067]  ? __pfx_kthread+0x10/0x10
[   11.788087]  ret_from_fork_asm+0x1a/0x30
[   11.788117]  </TASK>
[   11.788127] 
[   11.796464] Allocated by task 176:
[   11.796646]  kasan_save_stack+0x45/0x70
[   11.796844]  kasan_save_track+0x18/0x40
[   11.797049]  kasan_save_alloc_info+0x3b/0x50
[   11.797303]  __kasan_krealloc+0x190/0x1f0
[   11.797504]  krealloc_noprof+0xf3/0x340
[   11.797641]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.797802]  krealloc_less_oob+0x1c/0x30
[   11.797939]  kunit_try_run_case+0x1a5/0x480
[   11.798239]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.798512]  kthread+0x337/0x6f0
[   11.798724]  ret_from_fork+0x116/0x1d0
[   11.798932]  ret_from_fork_asm+0x1a/0x30
[   11.799245] 
[   11.799360] The buggy address belongs to the object at ffff888100338400
[   11.799360]  which belongs to the cache kmalloc-256 of size 256
[   11.799894] The buggy address is located 17 bytes to the right of
[   11.799894]  allocated 201-byte region [ffff888100338400, ffff8881003384c9)
[   11.800609] 
[   11.800744] The buggy address belongs to the physical page:
[   11.801077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   11.801630] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.801918] flags: 0x200000000000040(head|node=0|zone=2)
[   11.802206] page_type: f5(slab)
[   11.802358] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.802783] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.803115] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.803538] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.803825] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   11.804195] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.804570] page dumped because: kasan: bad access detected
[   11.804791] 
[   11.804885] Memory state around the buggy address:
[   11.805115]  ffff888100338380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.805530]  ffff888100338400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.805888] >ffff888100338480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.806253]                                                     ^
[   11.806563]  ffff888100338500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.806886]  ffff888100338580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.807219] ==================================================================
[   11.829538] ==================================================================
[   11.829824] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.830211] Write of size 1 at addr ffff8881003384eb by task kunit_try_catch/176
[   11.830540] 
[   11.830650] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.830711] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.830721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.830740] Call Trace:
[   11.830756]  <TASK>
[   11.830770]  dump_stack_lvl+0x73/0xb0
[   11.830798]  print_report+0xd1/0x610
[   11.830819]  ? __virt_addr_valid+0x1db/0x2d0
[   11.830840]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.830863]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.830885]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.830908]  kasan_report+0x141/0x180
[   11.830929]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.830958]  __asan_report_store1_noabort+0x1b/0x30
[   11.830982]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.831007]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.831052]  ? irqentry_exit+0x2a/0x60
[   11.831074]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.831122]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.831177]  krealloc_less_oob+0x1c/0x30
[   11.831212]  kunit_try_run_case+0x1a5/0x480
[   11.831248]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.831269]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.831306]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.831341]  ? __kthread_parkme+0x82/0x180
[   11.831373]  ? preempt_count_sub+0x50/0x80
[   11.831411]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.831447]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.831483]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.831516]  kthread+0x337/0x6f0
[   11.831548]  ? trace_preempt_on+0x20/0xc0
[   11.831583]  ? __pfx_kthread+0x10/0x10
[   11.831615]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.831636]  ? calculate_sigpending+0x7b/0xa0
[   11.831672]  ? __pfx_kthread+0x10/0x10
[   11.831705]  ret_from_fork+0x116/0x1d0
[   11.831737]  ? __pfx_kthread+0x10/0x10
[   11.831769]  ret_from_fork_asm+0x1a/0x30
[   11.831812]  </TASK>
[   11.831834] 
[   11.843041] Allocated by task 176:
[   11.843289]  kasan_save_stack+0x45/0x70
[   11.843515]  kasan_save_track+0x18/0x40
[   11.843699]  kasan_save_alloc_info+0x3b/0x50
[   11.844053]  __kasan_krealloc+0x190/0x1f0
[   11.844366]  krealloc_noprof+0xf3/0x340
[   11.844695]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.844909]  krealloc_less_oob+0x1c/0x30
[   11.845353]  kunit_try_run_case+0x1a5/0x480
[   11.845588]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.846017]  kthread+0x337/0x6f0
[   11.846304]  ret_from_fork+0x116/0x1d0
[   11.846538]  ret_from_fork_asm+0x1a/0x30
[   11.846715] 
[   11.846807] The buggy address belongs to the object at ffff888100338400
[   11.846807]  which belongs to the cache kmalloc-256 of size 256
[   11.847270] The buggy address is located 34 bytes to the right of
[   11.847270]  allocated 201-byte region [ffff888100338400, ffff8881003384c9)
[   11.848218] 
[   11.848318] The buggy address belongs to the physical page:
[   11.848688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   11.849180] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.849737] flags: 0x200000000000040(head|node=0|zone=2)
[   11.850003] page_type: f5(slab)
[   11.850253] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.850784] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.851142] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.851628] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.851916] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   11.852636] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.853039] page dumped because: kasan: bad access detected
[   11.853248] 
[   11.853368] Memory state around the buggy address:
[   11.853668]  ffff888100338380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.853950]  ffff888100338400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.854507] >ffff888100338480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.854780]                                                           ^
[   11.855192]  ffff888100338500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.855536]  ffff888100338580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.855911] ==================================================================
[   11.727447] ==================================================================
[   11.728860] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.729180] Write of size 1 at addr ffff8881003384c9 by task kunit_try_catch/176
[   11.729409] 
[   11.729509] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.729557] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.729568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.729590] Call Trace:
[   11.729604]  <TASK>
[   11.729621]  dump_stack_lvl+0x73/0xb0
[   11.729650]  print_report+0xd1/0x610
[   11.729672]  ? __virt_addr_valid+0x1db/0x2d0
[   11.729695]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.729718]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.729739]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.729762]  kasan_report+0x141/0x180
[   11.729785]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.729812]  __asan_report_store1_noabort+0x1b/0x30
[   11.729836]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.729861]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.729883]  ? irqentry_exit+0x2a/0x60
[   11.729904]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.729932]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.729957]  krealloc_less_oob+0x1c/0x30
[   11.729977]  kunit_try_run_case+0x1a5/0x480
[   11.730001]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.730022]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.730046]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.730069]  ? __kthread_parkme+0x82/0x180
[   11.730089]  ? preempt_count_sub+0x50/0x80
[   11.730112]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.730134]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.730157]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.730180]  kthread+0x337/0x6f0
[   11.730204]  ? trace_preempt_on+0x20/0xc0
[   11.730226]  ? __pfx_kthread+0x10/0x10
[   11.730246]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.730266]  ? calculate_sigpending+0x7b/0xa0
[   11.730289]  ? __pfx_kthread+0x10/0x10
[   11.730310]  ret_from_fork+0x116/0x1d0
[   11.730328]  ? __pfx_kthread+0x10/0x10
[   11.730347]  ret_from_fork_asm+0x1a/0x30
[   11.730377]  </TASK>
[   11.730387] 
[   11.743325] Allocated by task 176:
[   11.743740]  kasan_save_stack+0x45/0x70
[   11.744193]  kasan_save_track+0x18/0x40
[   11.744641]  kasan_save_alloc_info+0x3b/0x50
[   11.745134]  __kasan_krealloc+0x190/0x1f0
[   11.745593]  krealloc_noprof+0xf3/0x340
[   11.745970]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.746456]  krealloc_less_oob+0x1c/0x30
[   11.746613]  kunit_try_run_case+0x1a5/0x480
[   11.746760]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.746938]  kthread+0x337/0x6f0
[   11.747256]  ret_from_fork+0x116/0x1d0
[   11.747707]  ret_from_fork_asm+0x1a/0x30
[   11.748180] 
[   11.748394] The buggy address belongs to the object at ffff888100338400
[   11.748394]  which belongs to the cache kmalloc-256 of size 256
[   11.749551] The buggy address is located 0 bytes to the right of
[   11.749551]  allocated 201-byte region [ffff888100338400, ffff8881003384c9)
[   11.750748] 
[   11.750826] The buggy address belongs to the physical page:
[   11.751005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100338
[   11.751881] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.752641] flags: 0x200000000000040(head|node=0|zone=2)
[   11.753185] page_type: f5(slab)
[   11.753384] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.753631] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.753864] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.754248] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.754651] head: 0200000000000001 ffffea000400ce01 00000000ffffffff 00000000ffffffff
[   11.754984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.755624] page dumped because: kasan: bad access detected
[   11.755855] 
[   11.755949] Memory state around the buggy address:
[   11.756125]  ffff888100338380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.756682]  ffff888100338400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.756992] >ffff888100338480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.757329]                                               ^
[   11.757658]  ffff888100338500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.757960]  ffff888100338580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.758350] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

305hfA52FugtYY6azxShkfpp9Gg

job_id

TEST:linaro@lkft#305hkxk4umYymvAHR1enE6Lr0J7

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/305hkxk4umYymvAHR1enE6Lr0J7

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/bzImage
sha256sum	4b79c38ff9b1d3fd5b9bc01d29127c64ba58368915842f230bb5db740b0e37c2

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/305hhgky404tq48MM3xCR4i6zld/modules.tar.xz
sha256sum	3ef36255dcc209be48379112d67feb901ccf616788896aa1facf84baa027e63e

durations

tests

boot	0
kunit	219.36

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit