lkft/linux-mainline-master - v6.16-rc6-279-gbf61759db409 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 19, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64

[   15.150049] ==================================================================
[   15.150093] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.150137] Write of size 1 at addr fff00000c60f60eb by task kunit_try_catch/162
[   15.150192] 
[   15.150325] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.150565] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.150659] Hardware name: linux,dummy-virt (DT)
[   15.150700] Call trace:
[   15.150721]  show_stack+0x20/0x38 (C)
[   15.150767]  dump_stack_lvl+0x8c/0xd0
[   15.150812]  print_report+0x118/0x5d0
[   15.150863]  kasan_report+0xdc/0x128
[   15.151073]  __asan_report_store1_noabort+0x20/0x30
[   15.151160]  krealloc_less_oob_helper+0xa58/0xc50
[   15.151383]  krealloc_large_less_oob+0x20/0x38
[   15.151605]  kunit_try_run_case+0x170/0x3f0
[   15.151715]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.151766]  kthread+0x328/0x630
[   15.151806]  ret_from_fork+0x10/0x20
[   15.151852] 
[   15.151871] The buggy address belongs to the physical page:
[   15.151900] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   15.152014] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.152061] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.152122] page_type: f8(unknown)
[   15.152159] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.152206] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.152298] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.152345] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.152393] head: 0bfffe0000000002 ffffc1ffc3183d01 00000000ffffffff 00000000ffffffff
[   15.152440] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.152518] page dumped because: kasan: bad access detected
[   15.152548] 
[   15.152577] Memory state around the buggy address:
[   15.152681]  fff00000c60f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.152735]  fff00000c60f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.152776] >fff00000c60f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.152822]                                                           ^
[   15.152883]  fff00000c60f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.152980]  fff00000c60f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.153039] ==================================================================
[   15.136359] ==================================================================
[   15.136413] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.136464] Write of size 1 at addr fff00000c60f60c9 by task kunit_try_catch/162
[   15.136632] 
[   15.136668] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.136814] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.136853] Hardware name: linux,dummy-virt (DT)
[   15.136882] Call trace:
[   15.136911]  show_stack+0x20/0x38 (C)
[   15.136961]  dump_stack_lvl+0x8c/0xd0
[   15.137006]  print_report+0x118/0x5d0
[   15.137051]  kasan_report+0xdc/0x128
[   15.137095]  __asan_report_store1_noabort+0x20/0x30
[   15.137145]  krealloc_less_oob_helper+0xa48/0xc50
[   15.137192]  krealloc_large_less_oob+0x20/0x38
[   15.137238]  kunit_try_run_case+0x170/0x3f0
[   15.137284]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.137336]  kthread+0x328/0x630
[   15.137377]  ret_from_fork+0x10/0x20
[   15.137423] 
[   15.137443] The buggy address belongs to the physical page:
[   15.137482] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   15.137535] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.137581] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.137637] page_type: f8(unknown)
[   15.137979] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.138222] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.138273] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.138320] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.138367] head: 0bfffe0000000002 ffffc1ffc3183d01 00000000ffffffff 00000000ffffffff
[   15.138420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.138597] page dumped because: kasan: bad access detected
[   15.138967] 
[   15.139092] Memory state around the buggy address:
[   15.139142]  fff00000c60f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.139185]  fff00000c60f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.139281] >fff00000c60f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.139318]                                               ^
[   15.139353]  fff00000c60f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.139491]  fff00000c60f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.139540] ==================================================================
[   15.146554] ==================================================================
[   15.146600] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.146647] Write of size 1 at addr fff00000c60f60ea by task kunit_try_catch/162
[   15.146707] 
[   15.146733] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.146811] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.146836] Hardware name: linux,dummy-virt (DT)
[   15.146875] Call trace:
[   15.146897]  show_stack+0x20/0x38 (C)
[   15.146944]  dump_stack_lvl+0x8c/0xd0
[   15.147100]  print_report+0x118/0x5d0
[   15.147194]  kasan_report+0xdc/0x128
[   15.147246]  __asan_report_store1_noabort+0x20/0x30
[   15.147414]  krealloc_less_oob_helper+0xae4/0xc50
[   15.147470]  krealloc_large_less_oob+0x20/0x38
[   15.147620]  kunit_try_run_case+0x170/0x3f0
[   15.147666]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.147724]  kthread+0x328/0x630
[   15.147784]  ret_from_fork+0x10/0x20
[   15.147875] 
[   15.147894] The buggy address belongs to the physical page:
[   15.147934] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   15.147986] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.148116] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.148327] page_type: f8(unknown)
[   15.148485] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.148534] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.148775] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.148836] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.148883] head: 0bfffe0000000002 ffffc1ffc3183d01 00000000ffffffff 00000000ffffffff
[   15.148930] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.148969] page dumped because: kasan: bad access detected
[   15.149000] 
[   15.149017] Memory state around the buggy address:
[   15.149046]  fff00000c60f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.149120]  fff00000c60f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.149161] >fff00000c60f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.149197]                                                           ^
[   15.149234]  fff00000c60f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.149466]  fff00000c60f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.149518] ==================================================================
[   15.097729] ==================================================================
[   15.098161] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.098228] Write of size 1 at addr fff00000c5c3c8d0 by task kunit_try_catch/158
[   15.098365] 
[   15.098395] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.098623] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.098679] Hardware name: linux,dummy-virt (DT)
[   15.098812] Call trace:
[   15.098851]  show_stack+0x20/0x38 (C)
[   15.098899]  dump_stack_lvl+0x8c/0xd0
[   15.098944]  print_report+0x118/0x5d0
[   15.098995]  kasan_report+0xdc/0x128
[   15.099106]  __asan_report_store1_noabort+0x20/0x30
[   15.099273]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.099321]  krealloc_less_oob+0x20/0x38
[   15.099366]  kunit_try_run_case+0x170/0x3f0
[   15.099411]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.099463]  kthread+0x328/0x630
[   15.099503]  ret_from_fork+0x10/0x20
[   15.099549] 
[   15.099574] Allocated by task 158:
[   15.099699]  kasan_save_stack+0x3c/0x68
[   15.099738]  kasan_save_track+0x20/0x40
[   15.099774]  kasan_save_alloc_info+0x40/0x58
[   15.099811]  __kasan_krealloc+0x118/0x178
[   15.099915]  krealloc_noprof+0x128/0x360
[   15.100006]  krealloc_less_oob_helper+0x168/0xc50
[   15.100045]  krealloc_less_oob+0x20/0x38
[   15.100091]  kunit_try_run_case+0x170/0x3f0
[   15.100126]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.100167]  kthread+0x328/0x630
[   15.100198]  ret_from_fork+0x10/0x20
[   15.100256] 
[   15.100275] The buggy address belongs to the object at fff00000c5c3c800
[   15.100275]  which belongs to the cache kmalloc-256 of size 256
[   15.100374] The buggy address is located 7 bytes to the right of
[   15.100374]  allocated 201-byte region [fff00000c5c3c800, fff00000c5c3c8c9)
[   15.100466] 
[   15.100484] The buggy address belongs to the physical page:
[   15.100576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c3c
[   15.100659] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.100757] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.100812] page_type: f5(slab)
[   15.100848] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.100911] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.100960] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.101008] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.101055] head: 0bfffe0000000001 ffffc1ffc3170f01 00000000ffffffff 00000000ffffffff
[   15.101199] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.101240] page dumped because: kasan: bad access detected
[   15.101282] 
[   15.101299] Memory state around the buggy address:
[   15.101328]  fff00000c5c3c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.101435]  fff00000c5c3c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.101526] >fff00000c5c3c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.101676]                                                  ^
[   15.101729]  fff00000c5c3c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.101808]  fff00000c5c3c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.101892] ==================================================================
[   15.102474] ==================================================================
[   15.102548] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.102594] Write of size 1 at addr fff00000c5c3c8da by task kunit_try_catch/158
[   15.102641] 
[   15.102668] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.102979] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.103059] Hardware name: linux,dummy-virt (DT)
[   15.103142] Call trace:
[   15.103224]  show_stack+0x20/0x38 (C)
[   15.103274]  dump_stack_lvl+0x8c/0xd0
[   15.103325]  print_report+0x118/0x5d0
[   15.103447]  kasan_report+0xdc/0x128
[   15.103534]  __asan_report_store1_noabort+0x20/0x30
[   15.103783]  krealloc_less_oob_helper+0xa80/0xc50
[   15.103883]  krealloc_less_oob+0x20/0x38
[   15.103928]  kunit_try_run_case+0x170/0x3f0
[   15.103973]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.104126]  kthread+0x328/0x630
[   15.104187]  ret_from_fork+0x10/0x20
[   15.104233] 
[   15.104251] Allocated by task 158:
[   15.104295]  kasan_save_stack+0x3c/0x68
[   15.104453]  kasan_save_track+0x20/0x40
[   15.104490]  kasan_save_alloc_info+0x40/0x58
[   15.104528]  __kasan_krealloc+0x118/0x178
[   15.104564]  krealloc_noprof+0x128/0x360
[   15.104600]  krealloc_less_oob_helper+0x168/0xc50
[   15.104647]  krealloc_less_oob+0x20/0x38
[   15.104681]  kunit_try_run_case+0x170/0x3f0
[   15.104726]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.104767]  kthread+0x328/0x630
[   15.104798]  ret_from_fork+0x10/0x20
[   15.105157] 
[   15.105203] The buggy address belongs to the object at fff00000c5c3c800
[   15.105203]  which belongs to the cache kmalloc-256 of size 256
[   15.105259] The buggy address is located 17 bytes to the right of
[   15.105259]  allocated 201-byte region [fff00000c5c3c800, fff00000c5c3c8c9)
[   15.105321] 
[   15.105339] The buggy address belongs to the physical page:
[   15.105378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c3c
[   15.105522] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.105566] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.105621] page_type: f5(slab)
[   15.105706] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.105758] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.105891] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.106005] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.106053] head: 0bfffe0000000001 ffffc1ffc3170f01 00000000ffffffff 00000000ffffffff
[   15.106102] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.106189] page dumped because: kasan: bad access detected
[   15.106222] 
[   15.106240] Memory state around the buggy address:
[   15.106276]  fff00000c5c3c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.106378]  fff00000c5c3c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.106424] >fff00000c5c3c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.106612]                                                     ^
[   15.106649]  fff00000c5c3c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.106751]  fff00000c5c3c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.106795] ==================================================================
[   15.139590] ==================================================================
[   15.139623] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.139733] Write of size 1 at addr fff00000c60f60d0 by task kunit_try_catch/162
[   15.139969] 
[   15.140080] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.140191] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.140217] Hardware name: linux,dummy-virt (DT)
[   15.140246] Call trace:
[   15.140266]  show_stack+0x20/0x38 (C)
[   15.140314]  dump_stack_lvl+0x8c/0xd0
[   15.140368]  print_report+0x118/0x5d0
[   15.140413]  kasan_report+0xdc/0x128
[   15.140456]  __asan_report_store1_noabort+0x20/0x30
[   15.140506]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.140648]  krealloc_large_less_oob+0x20/0x38
[   15.140716]  kunit_try_run_case+0x170/0x3f0
[   15.140762]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.140876]  kthread+0x328/0x630
[   15.140917]  ret_from_fork+0x10/0x20
[   15.140977] 
[   15.140995] The buggy address belongs to the physical page:
[   15.141024] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   15.141073] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.141160] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.141271] page_type: f8(unknown)
[   15.141316] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.141364] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.141426] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.141507] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.141648] head: 0bfffe0000000002 ffffc1ffc3183d01 00000000ffffffff 00000000ffffffff
[   15.141757] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.141824] page dumped because: kasan: bad access detected
[   15.141886] 
[   15.141926] Memory state around the buggy address:
[   15.142038]  fff00000c60f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.142108]  fff00000c60f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.142149] >fff00000c60f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.142245]                                                  ^
[   15.142280]  fff00000c60f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.142322]  fff00000c60f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.142660] ==================================================================
[   15.143163] ==================================================================
[   15.143207] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.143253] Write of size 1 at addr fff00000c60f60da by task kunit_try_catch/162
[   15.143300] 
[   15.143327] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.143403] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.143429] Hardware name: linux,dummy-virt (DT)
[   15.143479] Call trace:
[   15.143585]  show_stack+0x20/0x38 (C)
[   15.143631]  dump_stack_lvl+0x8c/0xd0
[   15.143676]  print_report+0x118/0x5d0
[   15.143732]  kasan_report+0xdc/0x128
[   15.143777]  __asan_report_store1_noabort+0x20/0x30
[   15.144131]  krealloc_less_oob_helper+0xa80/0xc50
[   15.144182]  krealloc_large_less_oob+0x20/0x38
[   15.144228]  kunit_try_run_case+0x170/0x3f0
[   15.144273]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.144324]  kthread+0x328/0x630
[   15.144365]  ret_from_fork+0x10/0x20
[   15.144410] 
[   15.144429] The buggy address belongs to the physical page:
[   15.144458] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4
[   15.144507] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.144551] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.144600] page_type: f8(unknown)
[   15.144636] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.144696] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.144755] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.144802] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.144850] head: 0bfffe0000000002 ffffc1ffc3183d01 00000000ffffffff 00000000ffffffff
[   15.145137] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.145336] page dumped because: kasan: bad access detected
[   15.145467] 
[   15.145485] Memory state around the buggy address:
[   15.145516]  fff00000c60f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.145697]  fff00000c60f6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.145739] >fff00000c60f6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.145776]                                                     ^
[   15.145811]  fff00000c60f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.145853]  fff00000c60f6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.145891] ==================================================================
[   15.107745] ==================================================================
[   15.107931] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.107978] Write of size 1 at addr fff00000c5c3c8ea by task kunit_try_catch/158
[   15.108167] 
[   15.108195] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.108272] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.108297] Hardware name: linux,dummy-virt (DT)
[   15.108326] Call trace:
[   15.108444]  show_stack+0x20/0x38 (C)
[   15.108695]  dump_stack_lvl+0x8c/0xd0
[   15.108741]  print_report+0x118/0x5d0
[   15.108786]  kasan_report+0xdc/0x128
[   15.108830]  __asan_report_store1_noabort+0x20/0x30
[   15.108882]  krealloc_less_oob_helper+0xae4/0xc50
[   15.108974]  krealloc_less_oob+0x20/0x38
[   15.109020]  kunit_try_run_case+0x170/0x3f0
[   15.109067]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.109118]  kthread+0x328/0x630
[   15.109208]  ret_from_fork+0x10/0x20
[   15.109268] 
[   15.109285] Allocated by task 158:
[   15.109356]  kasan_save_stack+0x3c/0x68
[   15.109415]  kasan_save_track+0x20/0x40
[   15.109551]  kasan_save_alloc_info+0x40/0x58
[   15.109616]  __kasan_krealloc+0x118/0x178
[   15.109652]  krealloc_noprof+0x128/0x360
[   15.109702]  krealloc_less_oob_helper+0x168/0xc50
[   15.109740]  krealloc_less_oob+0x20/0x38
[   15.109775]  kunit_try_run_case+0x170/0x3f0
[   15.109810]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.109852]  kthread+0x328/0x630
[   15.109883]  ret_from_fork+0x10/0x20
[   15.109917] 
[   15.109935] The buggy address belongs to the object at fff00000c5c3c800
[   15.109935]  which belongs to the cache kmalloc-256 of size 256
[   15.109988] The buggy address is located 33 bytes to the right of
[   15.109988]  allocated 201-byte region [fff00000c5c3c800, fff00000c5c3c8c9)
[   15.110358] 
[   15.110386] The buggy address belongs to the physical page:
[   15.110534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c3c
[   15.110614] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.110764] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.110942] page_type: f5(slab)
[   15.110985] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.111033] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.111081] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.111138] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.111186] head: 0bfffe0000000001 ffffc1ffc3170f01 00000000ffffffff 00000000ffffffff
[   15.111287] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.111328] page dumped because: kasan: bad access detected
[   15.111487] 
[   15.111504] Memory state around the buggy address:
[   15.111534]  fff00000c5c3c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.111576]  fff00000c5c3c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.111715] >fff00000c5c3c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.111877]                                                           ^
[   15.111926]  fff00000c5c3c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.111968]  fff00000c5c3c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.112005] ==================================================================
[   15.093136] ==================================================================
[   15.093209] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.093262] Write of size 1 at addr fff00000c5c3c8c9 by task kunit_try_catch/158
[   15.093311] 
[   15.093341] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.093419] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.093445] Hardware name: linux,dummy-virt (DT)
[   15.093475] Call trace:
[   15.093498]  show_stack+0x20/0x38 (C)
[   15.093584]  dump_stack_lvl+0x8c/0xd0
[   15.093639]  print_report+0x118/0x5d0
[   15.093694]  kasan_report+0xdc/0x128
[   15.093739]  __asan_report_store1_noabort+0x20/0x30
[   15.093799]  krealloc_less_oob_helper+0xa48/0xc50
[   15.093846]  krealloc_less_oob+0x20/0x38
[   15.093944]  kunit_try_run_case+0x170/0x3f0
[   15.094004]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.094056]  kthread+0x328/0x630
[   15.094124]  ret_from_fork+0x10/0x20
[   15.094173] 
[   15.094242] Allocated by task 158:
[   15.094271]  kasan_save_stack+0x3c/0x68
[   15.094311]  kasan_save_track+0x20/0x40
[   15.094420]  kasan_save_alloc_info+0x40/0x58
[   15.094465]  __kasan_krealloc+0x118/0x178
[   15.094501]  krealloc_noprof+0x128/0x360
[   15.094792]  krealloc_less_oob_helper+0x168/0xc50
[   15.094857]  krealloc_less_oob+0x20/0x38
[   15.094903]  kunit_try_run_case+0x170/0x3f0
[   15.094960]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.095001]  kthread+0x328/0x630
[   15.095032]  ret_from_fork+0x10/0x20
[   15.095075] 
[   15.095123] The buggy address belongs to the object at fff00000c5c3c800
[   15.095123]  which belongs to the cache kmalloc-256 of size 256
[   15.095212] The buggy address is located 0 bytes to the right of
[   15.095212]  allocated 201-byte region [fff00000c5c3c800, fff00000c5c3c8c9)
[   15.095458] 
[   15.095782] The buggy address belongs to the physical page:
[   15.095815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c3c
[   15.095878] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.095944] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.095995] page_type: f5(slab)
[   15.096065] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.096333] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.096389] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.096437] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.096485] head: 0bfffe0000000001 ffffc1ffc3170f01 00000000ffffffff 00000000ffffffff
[   15.096535] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.096583] page dumped because: kasan: bad access detected
[   15.096613] 
[   15.096631] Memory state around the buggy address:
[   15.096660]  fff00000c5c3c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.096823]  fff00000c5c3c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.096871] >fff00000c5c3c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.096908]                                               ^
[   15.096972]  fff00000c5c3c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.097105]  fff00000c5c3c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.097142] ==================================================================
[   15.112549] ==================================================================
[   15.112698] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.112831] Write of size 1 at addr fff00000c5c3c8eb by task kunit_try_catch/158
[   15.112953] 
[   15.112982] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.113060] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.113123] Hardware name: linux,dummy-virt (DT)
[   15.113153] Call trace:
[   15.113174]  show_stack+0x20/0x38 (C)
[   15.113220]  dump_stack_lvl+0x8c/0xd0
[   15.113276]  print_report+0x118/0x5d0
[   15.113322]  kasan_report+0xdc/0x128
[   15.113366]  __asan_report_store1_noabort+0x20/0x30
[   15.113488]  krealloc_less_oob_helper+0xa58/0xc50
[   15.113541]  krealloc_less_oob+0x20/0x38
[   15.113604]  kunit_try_run_case+0x170/0x3f0
[   15.113678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.113738]  kthread+0x328/0x630
[   15.113779]  ret_from_fork+0x10/0x20
[   15.113825] 
[   15.113842] Allocated by task 158:
[   15.113870]  kasan_save_stack+0x3c/0x68
[   15.113908]  kasan_save_track+0x20/0x40
[   15.113943]  kasan_save_alloc_info+0x40/0x58
[   15.113989]  __kasan_krealloc+0x118/0x178
[   15.114166]  krealloc_noprof+0x128/0x360
[   15.114335]  krealloc_less_oob_helper+0x168/0xc50
[   15.114513]  krealloc_less_oob+0x20/0x38
[   15.114548]  kunit_try_run_case+0x170/0x3f0
[   15.114680]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.115075]  kthread+0x328/0x630
[   15.115176]  ret_from_fork+0x10/0x20
[   15.115320] 
[   15.115340] The buggy address belongs to the object at fff00000c5c3c800
[   15.115340]  which belongs to the cache kmalloc-256 of size 256
[   15.115400] The buggy address is located 34 bytes to the right of
[   15.115400]  allocated 201-byte region [fff00000c5c3c800, fff00000c5c3c8c9)
[   15.115512] 
[   15.115530] The buggy address belongs to the physical page:
[   15.115559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c3c
[   15.115628] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.115673] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.115796] page_type: f5(slab)
[   15.115832] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.115901] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.116058] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.116106] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.116153] head: 0bfffe0000000001 ffffc1ffc3170f01 00000000ffffffff 00000000ffffffff
[   15.116234] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.116303] page dumped because: kasan: bad access detected
[   15.116332] 
[   15.116350] Memory state around the buggy address:
[   15.116398]  fff00000c5c3c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.116439]  fff00000c5c3c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.116513] >fff00000c5c3c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.116550]                                                           ^
[   15.116587]  fff00000c5c3c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.116667]  fff00000c5c3c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.116723] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077NNFJrWWkcAy8IID5ILATusq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077NNFJrWWkcAy8IID5ILATusq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/Image.gz
sha256sum	4fb6bfc3e42cafc0ebb4a145f4b0e856366a60f4ad09bf55eaf187601ba57254

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077KHL5N7ukhPBGWT6JKTPmMOH/modules.tar.xz
sha256sum	e970ffe65eabeeb4747aabb09f86153746494bc2902552f8c3f7db6a8fa892c6

durations

tests

boot	0
kunit	180.80

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   11.842210] ==================================================================
[   11.842938] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.843301] Write of size 1 at addr ffff888102a3a0c9 by task kunit_try_catch/179
[   11.843569] 
[   11.843723] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.843921] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.843937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.843981] Call Trace:
[   11.843992]  <TASK>
[   11.844015]  dump_stack_lvl+0x73/0xb0
[   11.844045]  print_report+0xd1/0x610
[   11.844066]  ? __virt_addr_valid+0x1db/0x2d0
[   11.844087]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.844110]  ? kasan_addr_to_slab+0x11/0xa0
[   11.844129]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.844151]  kasan_report+0x141/0x180
[   11.844172]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.844199]  __asan_report_store1_noabort+0x1b/0x30
[   11.844222]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.844246]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.844269]  ? finish_task_switch.isra.0+0x153/0x700
[   11.844289]  ? __switch_to+0x47/0xf50
[   11.844312]  ? __schedule+0x10cc/0x2b60
[   11.844333]  ? __pfx_read_tsc+0x10/0x10
[   11.844356]  krealloc_large_less_oob+0x1c/0x30
[   11.844378]  kunit_try_run_case+0x1a5/0x480
[   11.844586]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.844609]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.844631]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.844653]  ? __kthread_parkme+0x82/0x180
[   11.844673]  ? preempt_count_sub+0x50/0x80
[   11.844695]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.844718]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.844740]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.844762]  kthread+0x337/0x6f0
[   11.844781]  ? trace_preempt_on+0x20/0xc0
[   11.844802]  ? __pfx_kthread+0x10/0x10
[   11.844821]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.844841]  ? calculate_sigpending+0x7b/0xa0
[   11.844865]  ? __pfx_kthread+0x10/0x10
[   11.844885]  ret_from_fork+0x116/0x1d0
[   11.844903]  ? __pfx_kthread+0x10/0x10
[   11.844922]  ret_from_fork_asm+0x1a/0x30
[   11.844951]  </TASK>
[   11.844961] 
[   11.852954] The buggy address belongs to the physical page:
[   11.853205] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.853630] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.853931] flags: 0x200000000000040(head|node=0|zone=2)
[   11.854203] page_type: f8(unknown)
[   11.854380] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.854629] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.854889] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.855240] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.855631] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.855897] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.856238] page dumped because: kasan: bad access detected
[   11.856614] 
[   11.856698] Memory state around the buggy address:
[   11.856853]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.857118]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.857479] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.857908]                                               ^
[   11.858157]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.858373]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.858698] ==================================================================
[   11.876988] ==================================================================
[   11.877745] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.878122] Write of size 1 at addr ffff888102a3a0da by task kunit_try_catch/179
[   11.878491] 
[   11.878621] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.878662] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.878672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.878702] Call Trace:
[   11.878714]  <TASK>
[   11.878727]  dump_stack_lvl+0x73/0xb0
[   11.878753]  print_report+0xd1/0x610
[   11.878774]  ? __virt_addr_valid+0x1db/0x2d0
[   11.878795]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.878817]  ? kasan_addr_to_slab+0x11/0xa0
[   11.878838]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.878860]  kasan_report+0x141/0x180
[   11.878912]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.878940]  __asan_report_store1_noabort+0x1b/0x30
[   11.878974]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.878998]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.879032]  ? finish_task_switch.isra.0+0x153/0x700
[   11.879052]  ? __switch_to+0x47/0xf50
[   11.879076]  ? __schedule+0x10cc/0x2b60
[   11.879097]  ? __pfx_read_tsc+0x10/0x10
[   11.879119]  krealloc_large_less_oob+0x1c/0x30
[   11.879141]  kunit_try_run_case+0x1a5/0x480
[   11.879164]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.879213]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.879236]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.879258]  ? __kthread_parkme+0x82/0x180
[   11.879287]  ? preempt_count_sub+0x50/0x80
[   11.879309]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.879332]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.879353]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.879375]  kthread+0x337/0x6f0
[   11.879393]  ? trace_preempt_on+0x20/0xc0
[   11.879414]  ? __pfx_kthread+0x10/0x10
[   11.879434]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.879455]  ? calculate_sigpending+0x7b/0xa0
[   11.879479]  ? __pfx_kthread+0x10/0x10
[   11.879500]  ret_from_fork+0x116/0x1d0
[   11.879524]  ? __pfx_kthread+0x10/0x10
[   11.879543]  ret_from_fork_asm+0x1a/0x30
[   11.879572]  </TASK>
[   11.879582] 
[   11.887278] The buggy address belongs to the physical page:
[   11.887580] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.888363] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.888738] flags: 0x200000000000040(head|node=0|zone=2)
[   11.888961] page_type: f8(unknown)
[   11.889156] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.890089] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.890543] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.891025] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.891381] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.891974] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.892411] page dumped because: kasan: bad access detected
[   11.892784] 
[   11.892886] Memory state around the buggy address:
[   11.893310]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.893748]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.894080] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.894380]                                                     ^
[   11.894865]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.895278]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.895794] ==================================================================
[   11.771231] ==================================================================
[   11.771481] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.771899] Write of size 1 at addr ffff888100a240eb by task kunit_try_catch/175
[   11.772601] 
[   11.772704] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.772783] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.772795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.772827] Call Trace:
[   11.772852]  <TASK>
[   11.772866]  dump_stack_lvl+0x73/0xb0
[   11.772893]  print_report+0xd1/0x610
[   11.772914]  ? __virt_addr_valid+0x1db/0x2d0
[   11.772934]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.772956]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.772985]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.773018]  kasan_report+0x141/0x180
[   11.773038]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.773066]  __asan_report_store1_noabort+0x1b/0x30
[   11.773089]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.773114]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.773137]  ? finish_task_switch.isra.0+0x153/0x700
[   11.773157]  ? __switch_to+0x47/0xf50
[   11.773180]  ? __schedule+0x10cc/0x2b60
[   11.773203]  ? __pfx_read_tsc+0x10/0x10
[   11.773226]  krealloc_less_oob+0x1c/0x30
[   11.773246]  kunit_try_run_case+0x1a5/0x480
[   11.773269]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.773290]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.773312]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.773333]  ? __kthread_parkme+0x82/0x180
[   11.773352]  ? preempt_count_sub+0x50/0x80
[   11.773453]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.773476]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.773498]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.773520]  kthread+0x337/0x6f0
[   11.773539]  ? trace_preempt_on+0x20/0xc0
[   11.773560]  ? __pfx_kthread+0x10/0x10
[   11.773580]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.773637]  ? calculate_sigpending+0x7b/0xa0
[   11.773662]  ? __pfx_kthread+0x10/0x10
[   11.773682]  ret_from_fork+0x116/0x1d0
[   11.773712]  ? __pfx_kthread+0x10/0x10
[   11.773732]  ret_from_fork_asm+0x1a/0x30
[   11.773761]  </TASK>
[   11.773770] 
[   11.782257] Allocated by task 175:
[   11.782453]  kasan_save_stack+0x45/0x70
[   11.782777]  kasan_save_track+0x18/0x40
[   11.782950]  kasan_save_alloc_info+0x3b/0x50
[   11.783182]  __kasan_krealloc+0x190/0x1f0
[   11.783418]  krealloc_noprof+0xf3/0x340
[   11.783572]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.783949]  krealloc_less_oob+0x1c/0x30
[   11.784184]  kunit_try_run_case+0x1a5/0x480
[   11.784529]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.785071]  kthread+0x337/0x6f0
[   11.785198]  ret_from_fork+0x116/0x1d0
[   11.785370]  ret_from_fork_asm+0x1a/0x30
[   11.785598] 
[   11.785833] The buggy address belongs to the object at ffff888100a24000
[   11.785833]  which belongs to the cache kmalloc-256 of size 256
[   11.786237] The buggy address is located 34 bytes to the right of
[   11.786237]  allocated 201-byte region [ffff888100a24000, ffff888100a240c9)
[   11.787109] 
[   11.787185] The buggy address belongs to the physical page:
[   11.787365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   11.787693] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.787990] flags: 0x200000000000040(head|node=0|zone=2)
[   11.788200] page_type: f5(slab)
[   11.788359] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.788803] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.789213] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.789680] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.790145] head: 0200000000000001 ffffea0004028901 00000000ffffffff 00000000ffffffff
[   11.790566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.790878] page dumped because: kasan: bad access detected
[   11.791135] 
[   11.791213] Memory state around the buggy address:
[   11.791532]  ffff888100a23f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.791763]  ffff888100a24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.792078] >ffff888100a24080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.792547]                                                           ^
[   11.792897]  ffff888100a24100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.793235]  ffff888100a24180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.793456] ==================================================================
[   11.723571] ==================================================================
[   11.723840] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.724197] Write of size 1 at addr ffff888100a240da by task kunit_try_catch/175
[   11.724811] 
[   11.724944] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.725016] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.725027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.725046] Call Trace:
[   11.725058]  <TASK>
[   11.725071]  dump_stack_lvl+0x73/0xb0
[   11.725099]  print_report+0xd1/0x610
[   11.725119]  ? __virt_addr_valid+0x1db/0x2d0
[   11.725141]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.725163]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.725184]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.725206]  kasan_report+0x141/0x180
[   11.725227]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.725254]  __asan_report_store1_noabort+0x1b/0x30
[   11.725277]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.725301]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.725324]  ? finish_task_switch.isra.0+0x153/0x700
[   11.725344]  ? __switch_to+0x47/0xf50
[   11.725441]  ? __schedule+0x10cc/0x2b60
[   11.725468]  ? __pfx_read_tsc+0x10/0x10
[   11.725532]  krealloc_less_oob+0x1c/0x30
[   11.725553]  kunit_try_run_case+0x1a5/0x480
[   11.725588]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.725609]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.725660]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.725682]  ? __kthread_parkme+0x82/0x180
[   11.725703]  ? preempt_count_sub+0x50/0x80
[   11.725736]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.725760]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.725781]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.725803]  kthread+0x337/0x6f0
[   11.725822]  ? trace_preempt_on+0x20/0xc0
[   11.725843]  ? __pfx_kthread+0x10/0x10
[   11.725862]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.725882]  ? calculate_sigpending+0x7b/0xa0
[   11.725907]  ? __pfx_kthread+0x10/0x10
[   11.725927]  ret_from_fork+0x116/0x1d0
[   11.725944]  ? __pfx_kthread+0x10/0x10
[   11.725963]  ret_from_fork_asm+0x1a/0x30
[   11.725993]  </TASK>
[   11.726002] 
[   11.735136] Allocated by task 175:
[   11.735355]  kasan_save_stack+0x45/0x70
[   11.735575]  kasan_save_track+0x18/0x40
[   11.735846]  kasan_save_alloc_info+0x3b/0x50
[   11.736087]  __kasan_krealloc+0x190/0x1f0
[   11.736287]  krealloc_noprof+0xf3/0x340
[   11.736550]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.736949]  krealloc_less_oob+0x1c/0x30
[   11.737197]  kunit_try_run_case+0x1a5/0x480
[   11.737499]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.737752]  kthread+0x337/0x6f0
[   11.738029]  ret_from_fork+0x116/0x1d0
[   11.738166]  ret_from_fork_asm+0x1a/0x30
[   11.738304] 
[   11.738460] The buggy address belongs to the object at ffff888100a24000
[   11.738460]  which belongs to the cache kmalloc-256 of size 256
[   11.739168] The buggy address is located 17 bytes to the right of
[   11.739168]  allocated 201-byte region [ffff888100a24000, ffff888100a240c9)
[   11.740155] 
[   11.740296] The buggy address belongs to the physical page:
[   11.740489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   11.741261] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.741501] flags: 0x200000000000040(head|node=0|zone=2)
[   11.741861] page_type: f5(slab)
[   11.742103] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.742530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.742855] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.743147] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.743683] head: 0200000000000001 ffffea0004028901 00000000ffffffff 00000000ffffffff
[   11.743996] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.744328] page dumped because: kasan: bad access detected
[   11.744722] 
[   11.744822] Memory state around the buggy address:
[   11.745065]  ffff888100a23f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.745452]  ffff888100a24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.745770] >ffff888100a24080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.746068]                                                     ^
[   11.746300]  ffff888100a24100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.746828]  ffff888100a24180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.747118] ==================================================================
[   11.699995] ==================================================================
[   11.700368] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.700609] Write of size 1 at addr ffff888100a240d0 by task kunit_try_catch/175
[   11.701373] 
[   11.701749] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.701807] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.701818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.701838] Call Trace:
[   11.701853]  <TASK>
[   11.701868]  dump_stack_lvl+0x73/0xb0
[   11.701895]  print_report+0xd1/0x610
[   11.701916]  ? __virt_addr_valid+0x1db/0x2d0
[   11.701937]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.701959]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.701980]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.702002]  kasan_report+0x141/0x180
[   11.702034]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.702061]  __asan_report_store1_noabort+0x1b/0x30
[   11.702083]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.702108]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.702131]  ? finish_task_switch.isra.0+0x153/0x700
[   11.702151]  ? __switch_to+0x47/0xf50
[   11.702174]  ? __schedule+0x10cc/0x2b60
[   11.702196]  ? __pfx_read_tsc+0x10/0x10
[   11.702219]  krealloc_less_oob+0x1c/0x30
[   11.702239]  kunit_try_run_case+0x1a5/0x480
[   11.702262]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.702283]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.702305]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.702327]  ? __kthread_parkme+0x82/0x180
[   11.702346]  ? preempt_count_sub+0x50/0x80
[   11.702611]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.702640]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.702677]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.702700]  kthread+0x337/0x6f0
[   11.702718]  ? trace_preempt_on+0x20/0xc0
[   11.702740]  ? __pfx_kthread+0x10/0x10
[   11.702760]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.702780]  ? calculate_sigpending+0x7b/0xa0
[   11.702805]  ? __pfx_kthread+0x10/0x10
[   11.702825]  ret_from_fork+0x116/0x1d0
[   11.702843]  ? __pfx_kthread+0x10/0x10
[   11.702862]  ret_from_fork_asm+0x1a/0x30
[   11.702892]  </TASK>
[   11.702901] 
[   11.711798] Allocated by task 175:
[   11.711927]  kasan_save_stack+0x45/0x70
[   11.712172]  kasan_save_track+0x18/0x40
[   11.712362]  kasan_save_alloc_info+0x3b/0x50
[   11.712628]  __kasan_krealloc+0x190/0x1f0
[   11.712832]  krealloc_noprof+0xf3/0x340
[   11.713051]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.713273]  krealloc_less_oob+0x1c/0x30
[   11.713485]  kunit_try_run_case+0x1a5/0x480
[   11.713693]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.714079]  kthread+0x337/0x6f0
[   11.714253]  ret_from_fork+0x116/0x1d0
[   11.714399]  ret_from_fork_asm+0x1a/0x30
[   11.714628] 
[   11.714778] The buggy address belongs to the object at ffff888100a24000
[   11.714778]  which belongs to the cache kmalloc-256 of size 256
[   11.715452] The buggy address is located 7 bytes to the right of
[   11.715452]  allocated 201-byte region [ffff888100a24000, ffff888100a240c9)
[   11.716080] 
[   11.716153] The buggy address belongs to the physical page:
[   11.716322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   11.716807] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.717177] flags: 0x200000000000040(head|node=0|zone=2)
[   11.717551] page_type: f5(slab)
[   11.717720] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.718039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.718615] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.718948] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.719197] head: 0200000000000001 ffffea0004028901 00000000ffffffff 00000000ffffffff
[   11.719737] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.720172] page dumped because: kasan: bad access detected
[   11.720622] 
[   11.720765] Memory state around the buggy address:
[   11.720947]  ffff888100a23f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.721296]  ffff888100a24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.721689] >ffff888100a24080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.722029]                                                  ^
[   11.722333]  ffff888100a24100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.722714]  ffff888100a24180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.722932] ==================================================================
[   11.747673] ==================================================================
[   11.748018] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.748338] Write of size 1 at addr ffff888100a240ea by task kunit_try_catch/175
[   11.748808] 
[   11.748923] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.748966] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.748981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.749000] Call Trace:
[   11.749027]  <TASK>
[   11.749039]  dump_stack_lvl+0x73/0xb0
[   11.749067]  print_report+0xd1/0x610
[   11.749087]  ? __virt_addr_valid+0x1db/0x2d0
[   11.749108]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.749130]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.749150]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.749173]  kasan_report+0x141/0x180
[   11.749194]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.749221]  __asan_report_store1_noabort+0x1b/0x30
[   11.749245]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.749270]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.749292]  ? finish_task_switch.isra.0+0x153/0x700
[   11.749313]  ? __switch_to+0x47/0xf50
[   11.749337]  ? __schedule+0x10cc/0x2b60
[   11.749357]  ? __pfx_read_tsc+0x10/0x10
[   11.749487]  krealloc_less_oob+0x1c/0x30
[   11.749508]  kunit_try_run_case+0x1a5/0x480
[   11.749531]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.749552]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.749575]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.749596]  ? __kthread_parkme+0x82/0x180
[   11.749615]  ? preempt_count_sub+0x50/0x80
[   11.749637]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.749660]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.749681]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.749703]  kthread+0x337/0x6f0
[   11.749721]  ? trace_preempt_on+0x20/0xc0
[   11.749742]  ? __pfx_kthread+0x10/0x10
[   11.749762]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.749782]  ? calculate_sigpending+0x7b/0xa0
[   11.749805]  ? __pfx_kthread+0x10/0x10
[   11.749826]  ret_from_fork+0x116/0x1d0
[   11.749883]  ? __pfx_kthread+0x10/0x10
[   11.749904]  ret_from_fork_asm+0x1a/0x30
[   11.749933]  </TASK>
[   11.749953] 
[   11.758282] Allocated by task 175:
[   11.758682]  kasan_save_stack+0x45/0x70
[   11.758906]  kasan_save_track+0x18/0x40
[   11.759185]  kasan_save_alloc_info+0x3b/0x50
[   11.759531]  __kasan_krealloc+0x190/0x1f0
[   11.759781]  krealloc_noprof+0xf3/0x340
[   11.759956]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.760198]  krealloc_less_oob+0x1c/0x30
[   11.760347]  kunit_try_run_case+0x1a5/0x480
[   11.760605]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.760957]  kthread+0x337/0x6f0
[   11.761166]  ret_from_fork+0x116/0x1d0
[   11.761301]  ret_from_fork_asm+0x1a/0x30
[   11.761686] 
[   11.761786] The buggy address belongs to the object at ffff888100a24000
[   11.761786]  which belongs to the cache kmalloc-256 of size 256
[   11.762273] The buggy address is located 33 bytes to the right of
[   11.762273]  allocated 201-byte region [ffff888100a24000, ffff888100a240c9)
[   11.763242] 
[   11.763353] The buggy address belongs to the physical page:
[   11.763624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   11.763912] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.764323] flags: 0x200000000000040(head|node=0|zone=2)
[   11.764581] page_type: f5(slab)
[   11.764752] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.765244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.765781] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.766030] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.766322] head: 0200000000000001 ffffea0004028901 00000000ffffffff 00000000ffffffff
[   11.766953] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.767288] page dumped because: kasan: bad access detected
[   11.767871] 
[   11.767950] Memory state around the buggy address:
[   11.768138]  ffff888100a23f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.768537]  ffff888100a24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.769251] >ffff888100a24080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.769660]                                                           ^
[   11.770138]  ffff888100a24100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.770492]  ffff888100a24180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.770774] ==================================================================
[   11.664150] ==================================================================
[   11.665505] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.666753] Write of size 1 at addr ffff888100a240c9 by task kunit_try_catch/175
[   11.667328] 
[   11.667578] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.667704] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.667717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.667738] Call Trace:
[   11.667763]  <TASK>
[   11.667778]  dump_stack_lvl+0x73/0xb0
[   11.667816]  print_report+0xd1/0x610
[   11.667837]  ? __virt_addr_valid+0x1db/0x2d0
[   11.667860]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.667882]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.667903]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.667925]  kasan_report+0x141/0x180
[   11.667945]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.667972]  __asan_report_store1_noabort+0x1b/0x30
[   11.667995]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.668030]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.668052]  ? finish_task_switch.isra.0+0x153/0x700
[   11.668074]  ? __switch_to+0x47/0xf50
[   11.668099]  ? __schedule+0x10cc/0x2b60
[   11.668120]  ? __pfx_read_tsc+0x10/0x10
[   11.668144]  krealloc_less_oob+0x1c/0x30
[   11.668164]  kunit_try_run_case+0x1a5/0x480
[   11.668188]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.668210]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.668232]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.668254]  ? __kthread_parkme+0x82/0x180
[   11.668273]  ? preempt_count_sub+0x50/0x80
[   11.668294]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.668317]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.668338]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.668360]  kthread+0x337/0x6f0
[   11.668411]  ? trace_preempt_on+0x20/0xc0
[   11.668451]  ? __pfx_kthread+0x10/0x10
[   11.668471]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.668491]  ? calculate_sigpending+0x7b/0xa0
[   11.668516]  ? __pfx_kthread+0x10/0x10
[   11.668536]  ret_from_fork+0x116/0x1d0
[   11.668554]  ? __pfx_kthread+0x10/0x10
[   11.668573]  ret_from_fork_asm+0x1a/0x30
[   11.668602]  </TASK>
[   11.668612] 
[   11.683320] Allocated by task 175:
[   11.683685]  kasan_save_stack+0x45/0x70
[   11.684169]  kasan_save_track+0x18/0x40
[   11.684590]  kasan_save_alloc_info+0x3b/0x50
[   11.684843]  __kasan_krealloc+0x190/0x1f0
[   11.685151]  krealloc_noprof+0xf3/0x340
[   11.685593]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.686101]  krealloc_less_oob+0x1c/0x30
[   11.686487]  kunit_try_run_case+0x1a5/0x480
[   11.686813]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.687257]  kthread+0x337/0x6f0
[   11.687543]  ret_from_fork+0x116/0x1d0
[   11.687708]  ret_from_fork_asm+0x1a/0x30
[   11.687958] 
[   11.688148] The buggy address belongs to the object at ffff888100a24000
[   11.688148]  which belongs to the cache kmalloc-256 of size 256
[   11.689360] The buggy address is located 0 bytes to the right of
[   11.689360]  allocated 201-byte region [ffff888100a24000, ffff888100a240c9)
[   11.690261] 
[   11.690339] The buggy address belongs to the physical page:
[   11.690747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a24
[   11.691175] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.691556] flags: 0x200000000000040(head|node=0|zone=2)
[   11.692070] page_type: f5(slab)
[   11.692437] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.693152] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.693607] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.694287] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.695014] head: 0200000000000001 ffffea0004028901 00000000ffffffff 00000000ffffffff
[   11.695335] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.696142] page dumped because: kasan: bad access detected
[   11.696733] 
[   11.696858] Memory state around the buggy address:
[   11.697035]  ffff888100a23f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.697250]  ffff888100a24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.697482] >ffff888100a24080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.698188]                                               ^
[   11.698407]  ffff888100a24100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.698966]  ffff888100a24180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.699338] ==================================================================
[   11.859881] ==================================================================
[   11.860209] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.860612] Write of size 1 at addr ffff888102a3a0d0 by task kunit_try_catch/179
[   11.860948] 
[   11.861102] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.861142] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.861164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.861184] Call Trace:
[   11.861194]  <TASK>
[   11.861207]  dump_stack_lvl+0x73/0xb0
[   11.861234]  print_report+0xd1/0x610
[   11.861255]  ? __virt_addr_valid+0x1db/0x2d0
[   11.861276]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.861298]  ? kasan_addr_to_slab+0x11/0xa0
[   11.861317]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.861339]  kasan_report+0x141/0x180
[   11.861360]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.861387]  __asan_report_store1_noabort+0x1b/0x30
[   11.861410]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.861435]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.861457]  ? finish_task_switch.isra.0+0x153/0x700
[   11.861477]  ? __switch_to+0x47/0xf50
[   11.861500]  ? __schedule+0x10cc/0x2b60
[   11.861555]  ? __pfx_read_tsc+0x10/0x10
[   11.861578]  krealloc_large_less_oob+0x1c/0x30
[   11.861636]  kunit_try_run_case+0x1a5/0x480
[   11.861661]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.861683]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.861715]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.861737]  ? __kthread_parkme+0x82/0x180
[   11.861756]  ? preempt_count_sub+0x50/0x80
[   11.861778]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.861801]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.861822]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.861844]  kthread+0x337/0x6f0
[   11.861892]  ? trace_preempt_on+0x20/0xc0
[   11.861913]  ? __pfx_kthread+0x10/0x10
[   11.861953]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.861974]  ? calculate_sigpending+0x7b/0xa0
[   11.861998]  ? __pfx_kthread+0x10/0x10
[   11.862026]  ret_from_fork+0x116/0x1d0
[   11.862044]  ? __pfx_kthread+0x10/0x10
[   11.862063]  ret_from_fork_asm+0x1a/0x30
[   11.862092]  </TASK>
[   11.862101] 
[   11.870080] The buggy address belongs to the physical page:
[   11.870378] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.871027] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.871281] flags: 0x200000000000040(head|node=0|zone=2)
[   11.871577] page_type: f8(unknown)
[   11.871861] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.872144] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.872566] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.872915] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.873169] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.873649] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.873955] page dumped because: kasan: bad access detected
[   11.874247] 
[   11.874341] Memory state around the buggy address:
[   11.874650]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.874878]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.875220] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.875541]                                                  ^
[   11.875722]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.876127]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.876408] ==================================================================
[   11.918598] ==================================================================
[   11.919657] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.920084] Write of size 1 at addr ffff888102a3a0eb by task kunit_try_catch/179
[   11.920701] 
[   11.920838] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.921052] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.921066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.921085] Call Trace:
[   11.921099]  <TASK>
[   11.921112]  dump_stack_lvl+0x73/0xb0
[   11.921140]  print_report+0xd1/0x610
[   11.921161]  ? __virt_addr_valid+0x1db/0x2d0
[   11.921181]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.921204]  ? kasan_addr_to_slab+0x11/0xa0
[   11.921223]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.921246]  kasan_report+0x141/0x180
[   11.921267]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.921294]  __asan_report_store1_noabort+0x1b/0x30
[   11.921317]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.921341]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.921364]  ? finish_task_switch.isra.0+0x153/0x700
[   11.921384]  ? __switch_to+0x47/0xf50
[   11.921418]  ? __schedule+0x10cc/0x2b60
[   11.921439]  ? __pfx_read_tsc+0x10/0x10
[   11.921463]  krealloc_large_less_oob+0x1c/0x30
[   11.921486]  kunit_try_run_case+0x1a5/0x480
[   11.921509]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.921530]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.921552]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.921574]  ? __kthread_parkme+0x82/0x180
[   11.921593]  ? preempt_count_sub+0x50/0x80
[   11.921615]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.921637]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.921659]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.921681]  kthread+0x337/0x6f0
[   11.921699]  ? trace_preempt_on+0x20/0xc0
[   11.921720]  ? __pfx_kthread+0x10/0x10
[   11.921739]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.921759]  ? calculate_sigpending+0x7b/0xa0
[   11.921783]  ? __pfx_kthread+0x10/0x10
[   11.921804]  ret_from_fork+0x116/0x1d0
[   11.921821]  ? __pfx_kthread+0x10/0x10
[   11.921840]  ret_from_fork_asm+0x1a/0x30
[   11.921869]  </TASK>
[   11.921878] 
[   11.932961] The buggy address belongs to the physical page:
[   11.933262] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.933839] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.934285] flags: 0x200000000000040(head|node=0|zone=2)
[   11.934667] page_type: f8(unknown)
[   11.935016] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.935337] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.935815] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.936172] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.936674] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.937026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.937346] page dumped because: kasan: bad access detected
[   11.937778] 
[   11.937879] Memory state around the buggy address:
[   11.938093]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.938406]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.938714] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.938987]                                                           ^
[   11.939285]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.939696]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.939985] ==================================================================
[   11.896485] ==================================================================
[   11.897271] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.897803] Write of size 1 at addr ffff888102a3a0ea by task kunit_try_catch/179
[   11.898131] 
[   11.898223] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.898263] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.898274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.898293] Call Trace:
[   11.898306]  <TASK>
[   11.898318]  dump_stack_lvl+0x73/0xb0
[   11.898345]  print_report+0xd1/0x610
[   11.898366]  ? __virt_addr_valid+0x1db/0x2d0
[   11.898387]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.898748]  ? kasan_addr_to_slab+0x11/0xa0
[   11.898769]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.898791]  kasan_report+0x141/0x180
[   11.898813]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.898840]  __asan_report_store1_noabort+0x1b/0x30
[   11.898864]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.898890]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.898913]  ? finish_task_switch.isra.0+0x153/0x700
[   11.898935]  ? __switch_to+0x47/0xf50
[   11.898959]  ? __schedule+0x10cc/0x2b60
[   11.898981]  ? __pfx_read_tsc+0x10/0x10
[   11.899015]  krealloc_large_less_oob+0x1c/0x30
[   11.899038]  kunit_try_run_case+0x1a5/0x480
[   11.899061]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.899082]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.899105]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.899127]  ? __kthread_parkme+0x82/0x180
[   11.899146]  ? preempt_count_sub+0x50/0x80
[   11.899167]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.899190]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.899211]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.899233]  kthread+0x337/0x6f0
[   11.899251]  ? trace_preempt_on+0x20/0xc0
[   11.899273]  ? __pfx_kthread+0x10/0x10
[   11.899292]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.899312]  ? calculate_sigpending+0x7b/0xa0
[   11.899336]  ? __pfx_kthread+0x10/0x10
[   11.899356]  ret_from_fork+0x116/0x1d0
[   11.899374]  ? __pfx_kthread+0x10/0x10
[   11.899393]  ret_from_fork_asm+0x1a/0x30
[   11.899422]  </TASK>
[   11.899431] 
[   11.910001] The buggy address belongs to the physical page:
[   11.910302] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a38
[   11.911043] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.911556] flags: 0x200000000000040(head|node=0|zone=2)
[   11.911902] page_type: f8(unknown)
[   11.912090] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.912400] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.913029] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.913486] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.913915] head: 0200000000000002 ffffea00040a8e01 00000000ffffffff 00000000ffffffff
[   11.914373] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.914889] page dumped because: kasan: bad access detected
[   11.915145] 
[   11.915236] Memory state around the buggy address:
[   11.915399]  ffff888102a39f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.915709]  ffff888102a3a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.916031] >ffff888102a3a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.916334]                                                           ^
[   11.917037]  ffff888102a3a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.917450]  ffff888102a3a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.917829] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3077J7vjxaIrCX8QJluH30GcStN

job_id

TEST:linaro@lkft#3077OUKeH4klMzGPpiURQkIkRoq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3077OUKeH4klMzGPpiURQkIkRoq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/bzImage
sha256sum	688f7e44f740c230bc3dd9986a1dcb2217f21e43e087467b257af26e6d1daa91

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3077LSghLJbP9XOf2m9pHR4ulof/modules.tar.xz
sha256sum	42f1ae1d624ca92b080f0b1da8d82c9161e8e8c5828ad9bdb8670b6bf906480e

durations

tests

boot	0
kunit	203.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit