lkft/linux-mainline-master - v6.16-rc6-281-gf4a40a4282f4 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 20, 2025, 11:12 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.305839] ==================================================================
[   15.305888] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.305933] Write of size 1 at addr fff00000c77560eb by task kunit_try_catch/162
[   15.305980] 
[   15.306007] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.306142] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.306168] Hardware name: linux,dummy-virt (DT)
[   15.306216] Call trace:
[   15.306255]  show_stack+0x20/0x38 (C)
[   15.306300]  dump_stack_lvl+0x8c/0xd0
[   15.306360]  print_report+0x118/0x5d0
[   15.306405]  kasan_report+0xdc/0x128
[   15.306483]  __asan_report_store1_noabort+0x20/0x30
[   15.306539]  krealloc_less_oob_helper+0xa58/0xc50
[   15.306604]  krealloc_large_less_oob+0x20/0x38
[   15.306651]  kunit_try_run_case+0x170/0x3f0
[   15.306724]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.306812]  kthread+0x328/0x630
[   15.306867]  ret_from_fork+0x10/0x20
[   15.306913] 
[   15.307075] The buggy address belongs to the physical page:
[   15.307109] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.307158] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.307335] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.307413] page_type: f8(unknown)
[   15.307480] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.307577] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.307679] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.307726] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.307773] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.307819] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.307896] page dumped because: kasan: bad access detected
[   15.307926] 
[   15.308083] Memory state around the buggy address:
[   15.308186]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.308251]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.308313] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.308391]                                                           ^
[   15.308462]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.308535]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.308634] ==================================================================
[   15.289995] ==================================================================
[   15.290049] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.290116] Write of size 1 at addr fff00000c77560c9 by task kunit_try_catch/162
[   15.290208] 
[   15.290293] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.290388] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.290415] Hardware name: linux,dummy-virt (DT)
[   15.290480] Call trace:
[   15.290543]  show_stack+0x20/0x38 (C)
[   15.290591]  dump_stack_lvl+0x8c/0xd0
[   15.290653]  print_report+0x118/0x5d0
[   15.290871]  kasan_report+0xdc/0x128
[   15.291044]  __asan_report_store1_noabort+0x20/0x30
[   15.291097]  krealloc_less_oob_helper+0xa48/0xc50
[   15.291159]  krealloc_large_less_oob+0x20/0x38
[   15.291205]  kunit_try_run_case+0x170/0x3f0
[   15.291250]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.291301]  kthread+0x328/0x630
[   15.291502]  ret_from_fork+0x10/0x20
[   15.291609] 
[   15.291783] The buggy address belongs to the physical page:
[   15.291861] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.291948] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.292039] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.292089] page_type: f8(unknown)
[   15.292253] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.292458] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.292555] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.292613] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.292747] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.292862] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.292959] page dumped because: kasan: bad access detected
[   15.293043] 
[   15.293135] Memory state around the buggy address:
[   15.293223]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.293306]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.293378] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.293414]                                               ^
[   15.293449]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.293555]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.293879] ==================================================================
[   15.294583] ==================================================================
[   15.294626] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.294703] Write of size 1 at addr fff00000c77560d0 by task kunit_try_catch/162
[   15.294753] 
[   15.294906] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.294985] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.295037] Hardware name: linux,dummy-virt (DT)
[   15.295066] Call trace:
[   15.295215]  show_stack+0x20/0x38 (C)
[   15.295283]  dump_stack_lvl+0x8c/0xd0
[   15.295393]  print_report+0x118/0x5d0
[   15.295503]  kasan_report+0xdc/0x128
[   15.295602]  __asan_report_store1_noabort+0x20/0x30
[   15.295780]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.295936]  krealloc_large_less_oob+0x20/0x38
[   15.296042]  kunit_try_run_case+0x170/0x3f0
[   15.296088]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.296162]  kthread+0x328/0x630
[   15.296203]  ret_from_fork+0x10/0x20
[   15.296248] 
[   15.296269] The buggy address belongs to the physical page:
[   15.296298] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.296414] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.296595] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.296700] page_type: f8(unknown)
[   15.296802] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.296899] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.297034] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.297129] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.297177] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.297375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.297491] page dumped because: kasan: bad access detected
[   15.297546] 
[   15.297611] Memory state around the buggy address:
[   15.297684]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.297763]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.297858] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.297899]                                                  ^
[   15.297972]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.298063]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.298165] ==================================================================
[   15.254490] ==================================================================
[   15.254534] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.254579] Write of size 1 at addr fff00000c61446da by task kunit_try_catch/158
[   15.254626] 
[   15.254653] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.254743] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.254768] Hardware name: linux,dummy-virt (DT)
[   15.254815] Call trace:
[   15.254836]  show_stack+0x20/0x38 (C)
[   15.254882]  dump_stack_lvl+0x8c/0xd0
[   15.254926]  print_report+0x118/0x5d0
[   15.254970]  kasan_report+0xdc/0x128
[   15.255043]  __asan_report_store1_noabort+0x20/0x30
[   15.255094]  krealloc_less_oob_helper+0xa80/0xc50
[   15.255140]  krealloc_less_oob+0x20/0x38
[   15.255184]  kunit_try_run_case+0x170/0x3f0
[   15.255229]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.255296]  kthread+0x328/0x630
[   15.255562]  ret_from_fork+0x10/0x20
[   15.255635] 
[   15.255656] Allocated by task 158:
[   15.255696]  kasan_save_stack+0x3c/0x68
[   15.255736]  kasan_save_track+0x20/0x40
[   15.255773]  kasan_save_alloc_info+0x40/0x58
[   15.255810]  __kasan_krealloc+0x118/0x178
[   15.255846]  krealloc_noprof+0x128/0x360
[   15.255881]  krealloc_less_oob_helper+0x168/0xc50
[   15.255919]  krealloc_less_oob+0x20/0x38
[   15.256178]  kunit_try_run_case+0x170/0x3f0
[   15.256256]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.256398]  kthread+0x328/0x630
[   15.256500]  ret_from_fork+0x10/0x20
[   15.256535] 
[   15.256554] The buggy address belongs to the object at fff00000c6144600
[   15.256554]  which belongs to the cache kmalloc-256 of size 256
[   15.256870] The buggy address is located 17 bytes to the right of
[   15.256870]  allocated 201-byte region [fff00000c6144600, fff00000c61446c9)
[   15.256996] 
[   15.257055] The buggy address belongs to the physical page:
[   15.257141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   15.257225] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.257269] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.257538] page_type: f5(slab)
[   15.257636] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.257785] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.257864] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.257948] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.258079] head: 0bfffe0000000001 ffffc1ffc3185101 00000000ffffffff 00000000ffffffff
[   15.258128] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.258392] page dumped because: kasan: bad access detected
[   15.258492] 
[   15.258589] Memory state around the buggy address:
[   15.258722]  fff00000c6144580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.258796]  fff00000c6144600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.258874] >fff00000c6144680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.258910]                                                     ^
[   15.259208]  fff00000c6144700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.259499]  fff00000c6144780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.259643] ==================================================================
[   15.301937] ==================================================================
[   15.301996] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.302043] Write of size 1 at addr fff00000c77560ea by task kunit_try_catch/162
[   15.302089] 
[   15.302116] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.302375] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.302702] Hardware name: linux,dummy-virt (DT)
[   15.302782] Call trace:
[   15.302811]  show_stack+0x20/0x38 (C)
[   15.302861]  dump_stack_lvl+0x8c/0xd0
[   15.302908]  print_report+0x118/0x5d0
[   15.302979]  kasan_report+0xdc/0x128
[   15.303153]  __asan_report_store1_noabort+0x20/0x30
[   15.303337]  krealloc_less_oob_helper+0xae4/0xc50
[   15.303431]  krealloc_large_less_oob+0x20/0x38
[   15.303553]  kunit_try_run_case+0x170/0x3f0
[   15.303624]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.303686]  kthread+0x328/0x630
[   15.303746]  ret_from_fork+0x10/0x20
[   15.304007] 
[   15.304085] The buggy address belongs to the physical page:
[   15.304154] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.304253] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.304356] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.304458] page_type: f8(unknown)
[   15.304566] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.304674] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.304730] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.304821] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.304903] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.304951] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.305007] page dumped because: kasan: bad access detected
[   15.305038] 
[   15.305055] Memory state around the buggy address:
[   15.305084]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.305254]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.305318] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.305365]                                                           ^
[   15.305402]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.305442]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.305480] ==================================================================
[   15.265998] ==================================================================
[   15.266043] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.266105] Write of size 1 at addr fff00000c61446eb by task kunit_try_catch/158
[   15.266154] 
[   15.266186] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.266262] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.266474] Hardware name: linux,dummy-virt (DT)
[   15.266576] Call trace:
[   15.266698]  show_stack+0x20/0x38 (C)
[   15.266747]  dump_stack_lvl+0x8c/0xd0
[   15.266792]  print_report+0x118/0x5d0
[   15.266836]  kasan_report+0xdc/0x128
[   15.266908]  __asan_report_store1_noabort+0x20/0x30
[   15.267064]  krealloc_less_oob_helper+0xa58/0xc50
[   15.267114]  krealloc_less_oob+0x20/0x38
[   15.267294]  kunit_try_run_case+0x170/0x3f0
[   15.267415]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.267485]  kthread+0x328/0x630
[   15.267527]  ret_from_fork+0x10/0x20
[   15.267572] 
[   15.267590] Allocated by task 158:
[   15.267653]  kasan_save_stack+0x3c/0x68
[   15.267784]  kasan_save_track+0x20/0x40
[   15.267895]  kasan_save_alloc_info+0x40/0x58
[   15.267956]  __kasan_krealloc+0x118/0x178
[   15.267992]  krealloc_noprof+0x128/0x360
[   15.268049]  krealloc_less_oob_helper+0x168/0xc50
[   15.268088]  krealloc_less_oob+0x20/0x38
[   15.268122]  kunit_try_run_case+0x170/0x3f0
[   15.268158]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.268199]  kthread+0x328/0x630
[   15.268230]  ret_from_fork+0x10/0x20
[   15.268263] 
[   15.268281] The buggy address belongs to the object at fff00000c6144600
[   15.268281]  which belongs to the cache kmalloc-256 of size 256
[   15.268337] The buggy address is located 34 bytes to the right of
[   15.268337]  allocated 201-byte region [fff00000c6144600, fff00000c61446c9)
[   15.268592] 
[   15.268612] The buggy address belongs to the physical page:
[   15.268642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   15.268721] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.268796] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.268879] page_type: f5(slab)
[   15.268943] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.268992] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.269040] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.269086] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.269133] head: 0bfffe0000000001 ffffc1ffc3185101 00000000ffffffff 00000000ffffffff
[   15.269192] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.269231] page dumped because: kasan: bad access detected
[   15.269275] 
[   15.269294] Memory state around the buggy address:
[   15.269323]  fff00000c6144580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.269365]  fff00000c6144600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.269414] >fff00000c6144680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.269465]                                                           ^
[   15.269502]  fff00000c6144700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.269562]  fff00000c6144780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.269612] ==================================================================
[   15.243089] ==================================================================
[   15.243143] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.243192] Write of size 1 at addr fff00000c61446c9 by task kunit_try_catch/158
[   15.243240] 
[   15.243270] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.243347] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.243373] Hardware name: linux,dummy-virt (DT)
[   15.243428] Call trace:
[   15.243452]  show_stack+0x20/0x38 (C)
[   15.243498]  dump_stack_lvl+0x8c/0xd0
[   15.243542]  print_report+0x118/0x5d0
[   15.243587]  kasan_report+0xdc/0x128
[   15.243631]  __asan_report_store1_noabort+0x20/0x30
[   15.243694]  krealloc_less_oob_helper+0xa48/0xc50
[   15.243980]  krealloc_less_oob+0x20/0x38
[   15.244082]  kunit_try_run_case+0x170/0x3f0
[   15.244159]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.244237]  kthread+0x328/0x630
[   15.244313]  ret_from_fork+0x10/0x20
[   15.244360] 
[   15.244384] Allocated by task 158:
[   15.244411]  kasan_save_stack+0x3c/0x68
[   15.244451]  kasan_save_track+0x20/0x40
[   15.244487]  kasan_save_alloc_info+0x40/0x58
[   15.244525]  __kasan_krealloc+0x118/0x178
[   15.244587]  krealloc_noprof+0x128/0x360
[   15.244626]  krealloc_less_oob_helper+0x168/0xc50
[   15.244674]  krealloc_less_oob+0x20/0x38
[   15.244709]  kunit_try_run_case+0x170/0x3f0
[   15.244971]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.245053]  kthread+0x328/0x630
[   15.245124]  ret_from_fork+0x10/0x20
[   15.245158] 
[   15.245246] The buggy address belongs to the object at fff00000c6144600
[   15.245246]  which belongs to the cache kmalloc-256 of size 256
[   15.245390] The buggy address is located 0 bytes to the right of
[   15.245390]  allocated 201-byte region [fff00000c6144600, fff00000c61446c9)
[   15.245496] 
[   15.245576] The buggy address belongs to the physical page:
[   15.245636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   15.245734] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.245804] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.245952] page_type: f5(slab)
[   15.246027] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.246075] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.246419] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.246555] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.246661] head: 0bfffe0000000001 ffffc1ffc3185101 00000000ffffffff 00000000ffffffff
[   15.246831] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.246871] page dumped because: kasan: bad access detected
[   15.246913] 
[   15.247199] Memory state around the buggy address:
[   15.247288]  fff00000c6144580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.247372]  fff00000c6144600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.247491] >fff00000c6144680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.247583]                                               ^
[   15.247758]  fff00000c6144700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.247827]  fff00000c6144780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.247895] ==================================================================
[   15.298529] ==================================================================
[   15.298631] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.298696] Write of size 1 at addr fff00000c77560da by task kunit_try_catch/162
[   15.298897] 
[   15.298958] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.299184] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.299210] Hardware name: linux,dummy-virt (DT)
[   15.299239] Call trace:
[   15.299259]  show_stack+0x20/0x38 (C)
[   15.299366]  dump_stack_lvl+0x8c/0xd0
[   15.299459]  print_report+0x118/0x5d0
[   15.299553]  kasan_report+0xdc/0x128
[   15.299619]  __asan_report_store1_noabort+0x20/0x30
[   15.299680]  krealloc_less_oob_helper+0xa80/0xc50
[   15.299743]  krealloc_large_less_oob+0x20/0x38
[   15.300070]  kunit_try_run_case+0x170/0x3f0
[   15.300159]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.300220]  kthread+0x328/0x630
[   15.300260]  ret_from_fork+0x10/0x20
[   15.300400] 
[   15.300497] The buggy address belongs to the physical page:
[   15.300559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107754
[   15.300733] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.300811] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.300880] page_type: f8(unknown)
[   15.300916] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.300963] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.301017] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.301073] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.301120] head: 0bfffe0000000002 ffffc1ffc31dd501 00000000ffffffff 00000000ffffffff
[   15.301166] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.301212] page dumped because: kasan: bad access detected
[   15.301246] 
[   15.301264] Memory state around the buggy address:
[   15.301292]  fff00000c7755f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.301332]  fff00000c7756000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.301381] >fff00000c7756080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.301419]                                                     ^
[   15.301460]  fff00000c7756100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.301511]  fff00000c7756180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.301547] ==================================================================
[   15.249135] ==================================================================
[   15.249220] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.249367] Write of size 1 at addr fff00000c61446d0 by task kunit_try_catch/158
[   15.249514] 
[   15.249646] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.249739] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.249767] Hardware name: linux,dummy-virt (DT)
[   15.249878] Call trace:
[   15.250080]  show_stack+0x20/0x38 (C)
[   15.250151]  dump_stack_lvl+0x8c/0xd0
[   15.250197]  print_report+0x118/0x5d0
[   15.250243]  kasan_report+0xdc/0x128
[   15.250315]  __asan_report_store1_noabort+0x20/0x30
[   15.250381]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.250447]  krealloc_less_oob+0x20/0x38
[   15.250514]  kunit_try_run_case+0x170/0x3f0
[   15.250560]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.250628]  kthread+0x328/0x630
[   15.250699]  ret_from_fork+0x10/0x20
[   15.250774] 
[   15.250793] Allocated by task 158:
[   15.250820]  kasan_save_stack+0x3c/0x68
[   15.250890]  kasan_save_track+0x20/0x40
[   15.250927]  kasan_save_alloc_info+0x40/0x58
[   15.250965]  __kasan_krealloc+0x118/0x178
[   15.251030]  krealloc_noprof+0x128/0x360
[   15.251191]  krealloc_less_oob_helper+0x168/0xc50
[   15.251383]  krealloc_less_oob+0x20/0x38
[   15.251424]  kunit_try_run_case+0x170/0x3f0
[   15.251460]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.251502]  kthread+0x328/0x630
[   15.251555]  ret_from_fork+0x10/0x20
[   15.251590] 
[   15.251609] The buggy address belongs to the object at fff00000c6144600
[   15.251609]  which belongs to the cache kmalloc-256 of size 256
[   15.251676] The buggy address is located 7 bytes to the right of
[   15.251676]  allocated 201-byte region [fff00000c6144600, fff00000c61446c9)
[   15.251889] 
[   15.251949] The buggy address belongs to the physical page:
[   15.252093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   15.252219] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.252333] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.252478] page_type: f5(slab)
[   15.252554] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.252645] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.252757] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.252866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.252921] head: 0bfffe0000000001 ffffc1ffc3185101 00000000ffffffff 00000000ffffffff
[   15.252968] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.253247] page dumped because: kasan: bad access detected
[   15.253314] 
[   15.253354] Memory state around the buggy address:
[   15.253446]  fff00000c6144580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.253494]  fff00000c6144600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.253541] >fff00000c6144680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.253631]                                                  ^
[   15.253741]  fff00000c6144700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.253798]  fff00000c6144780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.253834] ==================================================================
[   15.260206] ==================================================================
[   15.260372] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.260442] Write of size 1 at addr fff00000c61446ea by task kunit_try_catch/158
[   15.260508] 
[   15.260565] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.260643] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.260681] Hardware name: linux,dummy-virt (DT)
[   15.260710] Call trace:
[   15.260746]  show_stack+0x20/0x38 (C)
[   15.260793]  dump_stack_lvl+0x8c/0xd0
[   15.260943]  print_report+0x118/0x5d0
[   15.261088]  kasan_report+0xdc/0x128
[   15.261145]  __asan_report_store1_noabort+0x20/0x30
[   15.261232]  krealloc_less_oob_helper+0xae4/0xc50
[   15.261296]  krealloc_less_oob+0x20/0x38
[   15.261340]  kunit_try_run_case+0x170/0x3f0
[   15.261385]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.261436]  kthread+0x328/0x630
[   15.261476]  ret_from_fork+0x10/0x20
[   15.261583] 
[   15.261619] Allocated by task 158:
[   15.263685]  kasan_save_stack+0x3c/0x68
[   15.263734]  kasan_save_track+0x20/0x40
[   15.263771]  kasan_save_alloc_info+0x40/0x58
[   15.263809]  __kasan_krealloc+0x118/0x178
[   15.263845]  krealloc_noprof+0x128/0x360
[   15.263880]  krealloc_less_oob_helper+0x168/0xc50
[   15.263917]  krealloc_less_oob+0x20/0x38
[   15.263952]  kunit_try_run_case+0x170/0x3f0
[   15.263988]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.264029]  kthread+0x328/0x630
[   15.264059]  ret_from_fork+0x10/0x20
[   15.264093] 
[   15.264112] The buggy address belongs to the object at fff00000c6144600
[   15.264112]  which belongs to the cache kmalloc-256 of size 256
[   15.264167] The buggy address is located 33 bytes to the right of
[   15.264167]  allocated 201-byte region [fff00000c6144600, fff00000c61446c9)
[   15.264229] 
[   15.264248] The buggy address belongs to the physical page:
[   15.264279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144
[   15.264328] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.264374] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.264428] page_type: f5(slab)
[   15.264464] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.264512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.264559] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.264605] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.264652] head: 0bfffe0000000001 ffffc1ffc3185101 00000000ffffffff 00000000ffffffff
[   15.264804] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.264846] page dumped because: kasan: bad access detected
[   15.264875] 
[   15.264892] Memory state around the buggy address:
[   15.264921]  fff00000c6144580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.264981]  fff00000c6144600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.265024] >fff00000c6144680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.265060]                                                           ^
[   15.265097]  fff00000c6144700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.265328]  fff00000c6144780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.265441] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308WwJaHQwF9GiJmP1YPiPqA012

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308WwJaHQwF9GiJmP1YPiPqA012

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/Image.gz
sha256sum	4d2e0511bab027133f01b2172d6d8558efd2b45bcadc263c5cacdb0ac44741cd

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WtJwGDQVbmyszY5dfktcsuGy/modules.tar.xz
sha256sum	18d5d5576d3740ea20de31396b726912b8f91395c442996d953fc58d4a74f8e9

durations

tests

boot	0
kunit	197.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

[   12.168532] ==================================================================
[   12.168835] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.169086] Write of size 1 at addr ffff888102b760ea by task kunit_try_catch/179
[   12.169309] 
[   12.169410] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.169449] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.169459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.169526] Call Trace:
[   12.169541]  <TASK>
[   12.169554]  dump_stack_lvl+0x73/0xb0
[   12.169581]  print_report+0xd1/0x610
[   12.169601]  ? __virt_addr_valid+0x1db/0x2d0
[   12.169621]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.169643]  ? kasan_addr_to_slab+0x11/0xa0
[   12.169662]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.169684]  kasan_report+0x141/0x180
[   12.169704]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.169731]  __asan_report_store1_noabort+0x1b/0x30
[   12.169754]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.169778]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.169800]  ? finish_task_switch.isra.0+0x153/0x700
[   12.169820]  ? __switch_to+0x47/0xf50
[   12.169843]  ? __schedule+0x10cc/0x2b60
[   12.169863]  ? __pfx_read_tsc+0x10/0x10
[   12.169886]  krealloc_large_less_oob+0x1c/0x30
[   12.169919]  kunit_try_run_case+0x1a5/0x480
[   12.169942]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.169962]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.169984]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.170006]  ? __kthread_parkme+0x82/0x180
[   12.170026]  ? preempt_count_sub+0x50/0x80
[   12.170049]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.170072]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.170106]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.170129]  kthread+0x337/0x6f0
[   12.170147]  ? trace_preempt_on+0x20/0xc0
[   12.170169]  ? __pfx_kthread+0x10/0x10
[   12.170188]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.170209]  ? calculate_sigpending+0x7b/0xa0
[   12.170231]  ? __pfx_kthread+0x10/0x10
[   12.170251]  ret_from_fork+0x116/0x1d0
[   12.170269]  ? __pfx_kthread+0x10/0x10
[   12.170288]  ret_from_fork_asm+0x1a/0x30
[   12.170317]  </TASK>
[   12.170327] 
[   12.178941] The buggy address belongs to the physical page:
[   12.179218] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b74
[   12.179614] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.179963] flags: 0x200000000000040(head|node=0|zone=2)
[   12.180209] page_type: f8(unknown)
[   12.180431] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.180774] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.181092] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.181465] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.181834] head: 0200000000000002 ffffea00040add01 00000000ffffffff 00000000ffffffff
[   12.182136] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.182645] page dumped because: kasan: bad access detected
[   12.183010] 
[   12.183108] Memory state around the buggy address:
[   12.183268]  ffff888102b75f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.183485]  ffff888102b76000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.183700] >ffff888102b76080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.183919]                                                           ^
[   12.184173]  ffff888102b76100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.184787]  ffff888102b76180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.185109] ==================================================================
[   12.025824] ==================================================================
[   12.026168] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.026698] Write of size 1 at addr ffff888102b916eb by task kunit_try_catch/175
[   12.026973] 
[   12.027060] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.027100] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.027111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.027130] Call Trace:
[   12.027145]  <TASK>
[   12.027159]  dump_stack_lvl+0x73/0xb0
[   12.027185]  print_report+0xd1/0x610
[   12.027205]  ? __virt_addr_valid+0x1db/0x2d0
[   12.027225]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.027247]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.027267]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.027290]  kasan_report+0x141/0x180
[   12.027310]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.027337]  __asan_report_store1_noabort+0x1b/0x30
[   12.027360]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.027384]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.027470]  ? finish_task_switch.isra.0+0x153/0x700
[   12.027490]  ? __switch_to+0x47/0xf50
[   12.027514]  ? __schedule+0x10cc/0x2b60
[   12.027535]  ? __pfx_read_tsc+0x10/0x10
[   12.027557]  krealloc_less_oob+0x1c/0x30
[   12.027577]  kunit_try_run_case+0x1a5/0x480
[   12.027600]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.027621]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.027643]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.027665]  ? __kthread_parkme+0x82/0x180
[   12.027697]  ? preempt_count_sub+0x50/0x80
[   12.027719]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.027741]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.027763]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.027784]  kthread+0x337/0x6f0
[   12.027802]  ? trace_preempt_on+0x20/0xc0
[   12.027823]  ? __pfx_kthread+0x10/0x10
[   12.027842]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.027862]  ? calculate_sigpending+0x7b/0xa0
[   12.027884]  ? __pfx_kthread+0x10/0x10
[   12.027904]  ret_from_fork+0x116/0x1d0
[   12.027933]  ? __pfx_kthread+0x10/0x10
[   12.027952]  ret_from_fork_asm+0x1a/0x30
[   12.027980]  </TASK>
[   12.027989] 
[   12.035584] Allocated by task 175:
[   12.035763]  kasan_save_stack+0x45/0x70
[   12.035971]  kasan_save_track+0x18/0x40
[   12.036337]  kasan_save_alloc_info+0x3b/0x50
[   12.036551]  __kasan_krealloc+0x190/0x1f0
[   12.036758]  krealloc_noprof+0xf3/0x340
[   12.036967]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.037174]  krealloc_less_oob+0x1c/0x30
[   12.037312]  kunit_try_run_case+0x1a5/0x480
[   12.037801]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.038025]  kthread+0x337/0x6f0
[   12.038203]  ret_from_fork+0x116/0x1d0
[   12.038454]  ret_from_fork_asm+0x1a/0x30
[   12.038641] 
[   12.038757] The buggy address belongs to the object at ffff888102b91600
[   12.038757]  which belongs to the cache kmalloc-256 of size 256
[   12.039191] The buggy address is located 34 bytes to the right of
[   12.039191]  allocated 201-byte region [ffff888102b91600, ffff888102b916c9)
[   12.039687] 
[   12.039973] The buggy address belongs to the physical page:
[   12.040424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b90
[   12.040702] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.041052] flags: 0x200000000000040(head|node=0|zone=2)
[   12.041231] page_type: f5(slab)
[   12.041373] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.041767] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.042105] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.042479] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.042714] head: 0200000000000001 ffffea00040ae401 00000000ffffffff 00000000ffffffff
[   12.042972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.043313] page dumped because: kasan: bad access detected
[   12.043584] 
[   12.043675] Memory state around the buggy address:
[   12.044234]  ffff888102b91580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.044728]  ffff888102b91600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.045027] >ffff888102b91680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.045284]                                                           ^
[   12.045600]  ffff888102b91700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.046018]  ffff888102b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.046318] ==================================================================
[   12.151516] ==================================================================
[   12.151816] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.152310] Write of size 1 at addr ffff888102b760da by task kunit_try_catch/179
[   12.152609] 
[   12.152695] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.152736] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.152746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.152765] Call Trace:
[   12.152777]  <TASK>
[   12.152790]  dump_stack_lvl+0x73/0xb0
[   12.152815]  print_report+0xd1/0x610
[   12.152835]  ? __virt_addr_valid+0x1db/0x2d0
[   12.152857]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.152878]  ? kasan_addr_to_slab+0x11/0xa0
[   12.152897]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.152932]  kasan_report+0x141/0x180
[   12.152952]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.152979]  __asan_report_store1_noabort+0x1b/0x30
[   12.153001]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.153025]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.153048]  ? finish_task_switch.isra.0+0x153/0x700
[   12.153068]  ? __switch_to+0x47/0xf50
[   12.153091]  ? __schedule+0x10cc/0x2b60
[   12.153111]  ? __pfx_read_tsc+0x10/0x10
[   12.153134]  krealloc_large_less_oob+0x1c/0x30
[   12.153156]  kunit_try_run_case+0x1a5/0x480
[   12.153179]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.153200]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.153221]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.153243]  ? __kthread_parkme+0x82/0x180
[   12.153261]  ? preempt_count_sub+0x50/0x80
[   12.153282]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.153305]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.153326]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.153348]  kthread+0x337/0x6f0
[   12.153366]  ? trace_preempt_on+0x20/0xc0
[   12.153387]  ? __pfx_kthread+0x10/0x10
[   12.153406]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.153425]  ? calculate_sigpending+0x7b/0xa0
[   12.153447]  ? __pfx_kthread+0x10/0x10
[   12.153467]  ret_from_fork+0x116/0x1d0
[   12.153484]  ? __pfx_kthread+0x10/0x10
[   12.153503]  ret_from_fork_asm+0x1a/0x30
[   12.153532]  </TASK>
[   12.153540] 
[   12.161485] The buggy address belongs to the physical page:
[   12.161737] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b74
[   12.162099] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.162757] flags: 0x200000000000040(head|node=0|zone=2)
[   12.162964] page_type: f8(unknown)
[   12.163097] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.163340] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.163755] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.164069] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.164444] head: 0200000000000002 ffffea00040add01 00000000ffffffff 00000000ffffffff
[   12.164770] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.165061] page dumped because: kasan: bad access detected
[   12.165289] 
[   12.165449] Memory state around the buggy address:
[   12.165657]  ffff888102b75f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.165955]  ffff888102b76000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.166248] >ffff888102b76080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.166640]                                                     ^
[   12.167308]  ffff888102b76100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.167822]  ffff888102b76180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.168108] ==================================================================
[   12.004736] ==================================================================
[   12.005064] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.005499] Write of size 1 at addr ffff888102b916ea by task kunit_try_catch/175
[   12.005782] 
[   12.005893] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.005946] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.005957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.005978] Call Trace:
[   12.005990]  <TASK>
[   12.006003]  dump_stack_lvl+0x73/0xb0
[   12.006029]  print_report+0xd1/0x610
[   12.006050]  ? __virt_addr_valid+0x1db/0x2d0
[   12.006070]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.006093]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.006113]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.006135]  kasan_report+0x141/0x180
[   12.006156]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.006182]  __asan_report_store1_noabort+0x1b/0x30
[   12.006205]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.006229]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.006252]  ? finish_task_switch.isra.0+0x153/0x700
[   12.006272]  ? __switch_to+0x47/0xf50
[   12.006297]  ? __schedule+0x10cc/0x2b60
[   12.006317]  ? __pfx_read_tsc+0x10/0x10
[   12.006340]  krealloc_less_oob+0x1c/0x30
[   12.006360]  kunit_try_run_case+0x1a5/0x480
[   12.006382]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.006403]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.006425]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.006448]  ? __kthread_parkme+0x82/0x180
[   12.006466]  ? preempt_count_sub+0x50/0x80
[   12.006487]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.006512]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.006535]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.006557]  kthread+0x337/0x6f0
[   12.006576]  ? trace_preempt_on+0x20/0xc0
[   12.006597]  ? __pfx_kthread+0x10/0x10
[   12.006616]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.006638]  ? calculate_sigpending+0x7b/0xa0
[   12.006661]  ? __pfx_kthread+0x10/0x10
[   12.006684]  ret_from_fork+0x116/0x1d0
[   12.006702]  ? __pfx_kthread+0x10/0x10
[   12.006721]  ret_from_fork_asm+0x1a/0x30
[   12.006750]  </TASK>
[   12.006759] 
[   12.015158] Allocated by task 175:
[   12.015316]  kasan_save_stack+0x45/0x70
[   12.015513]  kasan_save_track+0x18/0x40
[   12.015649]  kasan_save_alloc_info+0x3b/0x50
[   12.015798]  __kasan_krealloc+0x190/0x1f0
[   12.015961]  krealloc_noprof+0xf3/0x340
[   12.016151]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.016404]  krealloc_less_oob+0x1c/0x30
[   12.016651]  kunit_try_run_case+0x1a5/0x480
[   12.016994]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.017170]  kthread+0x337/0x6f0
[   12.017288]  ret_from_fork+0x116/0x1d0
[   12.017698]  ret_from_fork_asm+0x1a/0x30
[   12.017920] 
[   12.018014] The buggy address belongs to the object at ffff888102b91600
[   12.018014]  which belongs to the cache kmalloc-256 of size 256
[   12.018631] The buggy address is located 33 bytes to the right of
[   12.018631]  allocated 201-byte region [ffff888102b91600, ffff888102b916c9)
[   12.019226] 
[   12.019324] The buggy address belongs to the physical page:
[   12.019643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b90
[   12.019969] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.020194] flags: 0x200000000000040(head|node=0|zone=2)
[   12.020365] page_type: f5(slab)
[   12.020519] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.020963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.021296] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.021602] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.021830] head: 0200000000000001 ffffea00040ae401 00000000ffffffff 00000000ffffffff
[   12.022647] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.022986] page dumped because: kasan: bad access detected
[   12.023228] 
[   12.023319] Memory state around the buggy address:
[   12.023504]  ffff888102b91580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.023902]  ffff888102b91600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.024207] >ffff888102b91680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.024544]                                                           ^
[   12.024814]  ffff888102b91700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.025124]  ffff888102b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.025468] ==================================================================
[   12.128482] ==================================================================
[   12.129182] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.129626] Write of size 1 at addr ffff888102b760d0 by task kunit_try_catch/179
[   12.129970] 
[   12.130358] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.130503] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.130517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.130536] Call Trace:
[   12.130548]  <TASK>
[   12.130561]  dump_stack_lvl+0x73/0xb0
[   12.130591]  print_report+0xd1/0x610
[   12.130612]  ? __virt_addr_valid+0x1db/0x2d0
[   12.130641]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.130664]  ? kasan_addr_to_slab+0x11/0xa0
[   12.130683]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.130707]  kasan_report+0x141/0x180
[   12.130728]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.130755]  __asan_report_store1_noabort+0x1b/0x30
[   12.130778]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.130803]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.130825]  ? finish_task_switch.isra.0+0x153/0x700
[   12.130846]  ? __switch_to+0x47/0xf50
[   12.130870]  ? __schedule+0x10cc/0x2b60
[   12.130891]  ? __pfx_read_tsc+0x10/0x10
[   12.130923]  krealloc_large_less_oob+0x1c/0x30
[   12.130945]  kunit_try_run_case+0x1a5/0x480
[   12.130969]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.130990]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.131012]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.131034]  ? __kthread_parkme+0x82/0x180
[   12.131053]  ? preempt_count_sub+0x50/0x80
[   12.131082]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.131105]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.131126]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.131148]  kthread+0x337/0x6f0
[   12.131167]  ? trace_preempt_on+0x20/0xc0
[   12.131188]  ? __pfx_kthread+0x10/0x10
[   12.131207]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.131227]  ? calculate_sigpending+0x7b/0xa0
[   12.131250]  ? __pfx_kthread+0x10/0x10
[   12.131270]  ret_from_fork+0x116/0x1d0
[   12.131287]  ? __pfx_kthread+0x10/0x10
[   12.131307]  ret_from_fork_asm+0x1a/0x30
[   12.131337]  </TASK>
[   12.131348] 
[   12.143064] The buggy address belongs to the physical page:
[   12.143562] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b74
[   12.144173] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.145005] flags: 0x200000000000040(head|node=0|zone=2)
[   12.145305] page_type: f8(unknown)
[   12.145785] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.146438] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.146861] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.147457] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.147883] head: 0200000000000002 ffffea00040add01 00000000ffffffff 00000000ffffffff
[   12.148163] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.148517] page dumped because: kasan: bad access detected
[   12.148723] 
[   12.148820] Memory state around the buggy address:
[   12.149064]  ffff888102b75f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.149313]  ffff888102b76000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.149616] >ffff888102b76080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.150031]                                                  ^
[   12.150270]  ffff888102b76100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.150792]  ffff888102b76180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.151177] ==================================================================
[   12.101868] ==================================================================
[   12.102453] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.103502] Write of size 1 at addr ffff888102b760c9 by task kunit_try_catch/179
[   12.104523] 
[   12.104855] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.105004] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.105017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.105039] Call Trace:
[   12.105052]  <TASK>
[   12.105067]  dump_stack_lvl+0x73/0xb0
[   12.105098]  print_report+0xd1/0x610
[   12.105119]  ? __virt_addr_valid+0x1db/0x2d0
[   12.105141]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.105163]  ? kasan_addr_to_slab+0x11/0xa0
[   12.105183]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.105205]  kasan_report+0x141/0x180
[   12.105226]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.105252]  __asan_report_store1_noabort+0x1b/0x30
[   12.105275]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.105299]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.105322]  ? finish_task_switch.isra.0+0x153/0x700
[   12.105342]  ? __switch_to+0x47/0xf50
[   12.105366]  ? __schedule+0x10cc/0x2b60
[   12.105387]  ? __pfx_read_tsc+0x10/0x10
[   12.105410]  krealloc_large_less_oob+0x1c/0x30
[   12.105431]  kunit_try_run_case+0x1a5/0x480
[   12.105454]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.105475]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.105497]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.105518]  ? __kthread_parkme+0x82/0x180
[   12.105537]  ? preempt_count_sub+0x50/0x80
[   12.105559]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.105581]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.105602]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.105624]  kthread+0x337/0x6f0
[   12.105642]  ? trace_preempt_on+0x20/0xc0
[   12.105663]  ? __pfx_kthread+0x10/0x10
[   12.105684]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.105703]  ? calculate_sigpending+0x7b/0xa0
[   12.105725]  ? __pfx_kthread+0x10/0x10
[   12.105746]  ret_from_fork+0x116/0x1d0
[   12.105763]  ? __pfx_kthread+0x10/0x10
[   12.105783]  ret_from_fork_asm+0x1a/0x30
[   12.105812]  </TASK>
[   12.105822] 
[   12.117903] The buggy address belongs to the physical page:
[   12.118177] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b74
[   12.118965] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.119526] flags: 0x200000000000040(head|node=0|zone=2)
[   12.120068] page_type: f8(unknown)
[   12.120246] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.121051] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.121842] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.122180] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.122822] head: 0200000000000002 ffffea00040add01 00000000ffffffff 00000000ffffffff
[   12.123228] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.123739] page dumped because: kasan: bad access detected
[   12.123990] 
[   12.124079] Memory state around the buggy address:
[   12.124285]  ffff888102b75f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.125139]  ffff888102b76000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.125498] >ffff888102b76080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.126143]                                               ^
[   12.126665]  ffff888102b76100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.127320]  ffff888102b76180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.127959] ==================================================================
[   11.984036] ==================================================================
[   11.984335] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.984830] Write of size 1 at addr ffff888102b916da by task kunit_try_catch/175
[   11.985135] 
[   11.985226] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.985265] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.985275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.985294] Call Trace:
[   11.985307]  <TASK>
[   11.985319]  dump_stack_lvl+0x73/0xb0
[   11.985346]  print_report+0xd1/0x610
[   11.985436]  ? __virt_addr_valid+0x1db/0x2d0
[   11.985457]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.985480]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.985500]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.985523]  kasan_report+0x141/0x180
[   11.985543]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.985570]  __asan_report_store1_noabort+0x1b/0x30
[   11.985593]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.985617]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.985639]  ? finish_task_switch.isra.0+0x153/0x700
[   11.985659]  ? __switch_to+0x47/0xf50
[   11.985682]  ? __schedule+0x10cc/0x2b60
[   11.985703]  ? __pfx_read_tsc+0x10/0x10
[   11.985725]  krealloc_less_oob+0x1c/0x30
[   11.985745]  kunit_try_run_case+0x1a5/0x480
[   11.985768]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.985790]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.985812]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.985833]  ? __kthread_parkme+0x82/0x180
[   11.985852]  ? preempt_count_sub+0x50/0x80
[   11.985873]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.985896]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.985929]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.985951]  kthread+0x337/0x6f0
[   11.985970]  ? trace_preempt_on+0x20/0xc0
[   11.985991]  ? __pfx_kthread+0x10/0x10
[   11.986010]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.986030]  ? calculate_sigpending+0x7b/0xa0
[   11.986051]  ? __pfx_kthread+0x10/0x10
[   11.986072]  ret_from_fork+0x116/0x1d0
[   11.986089]  ? __pfx_kthread+0x10/0x10
[   11.986109]  ret_from_fork_asm+0x1a/0x30
[   11.986137]  </TASK>
[   11.986147] 
[   11.993826] Allocated by task 175:
[   11.993965]  kasan_save_stack+0x45/0x70
[   11.994102]  kasan_save_track+0x18/0x40
[   11.994396]  kasan_save_alloc_info+0x3b/0x50
[   11.994609]  __kasan_krealloc+0x190/0x1f0
[   11.994801]  krealloc_noprof+0xf3/0x340
[   11.995007]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.995439]  krealloc_less_oob+0x1c/0x30
[   11.995606]  kunit_try_run_case+0x1a5/0x480
[   11.995805]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.995988]  kthread+0x337/0x6f0
[   11.996104]  ret_from_fork+0x116/0x1d0
[   11.996232]  ret_from_fork_asm+0x1a/0x30
[   11.996365] 
[   11.996434] The buggy address belongs to the object at ffff888102b91600
[   11.996434]  which belongs to the cache kmalloc-256 of size 256
[   11.996798] The buggy address is located 17 bytes to the right of
[   11.996798]  allocated 201-byte region [ffff888102b91600, ffff888102b916c9)
[   11.997343] 
[   11.997434] The buggy address belongs to the physical page:
[   11.997683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b90
[   11.998275] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.998746] flags: 0x200000000000040(head|node=0|zone=2)
[   11.998935] page_type: f5(slab)
[   11.999051] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.999277] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.999611] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.000111] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.000550] head: 0200000000000001 ffffea00040ae401 00000000ffffffff 00000000ffffffff
[   12.001070] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.001705] page dumped because: kasan: bad access detected
[   12.001929] 
[   12.002021] Memory state around the buggy address:
[   12.002197]  ffff888102b91580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.002662]  ffff888102b91600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.003023] >ffff888102b91680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.003241]                                                     ^
[   12.003689]  ffff888102b91700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.004026]  ffff888102b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.004309] ==================================================================
[   12.185469] ==================================================================
[   12.185786] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.186036] Write of size 1 at addr ffff888102b760eb by task kunit_try_catch/179
[   12.186261] 
[   12.186341] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.186381] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.186391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.186410] Call Trace:
[   12.186423]  <TASK>
[   12.186436]  dump_stack_lvl+0x73/0xb0
[   12.186606]  print_report+0xd1/0x610
[   12.186627]  ? __virt_addr_valid+0x1db/0x2d0
[   12.186648]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.186672]  ? kasan_addr_to_slab+0x11/0xa0
[   12.186692]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.186733]  kasan_report+0x141/0x180
[   12.186754]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.186781]  __asan_report_store1_noabort+0x1b/0x30
[   12.186805]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.186830]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.186853]  ? finish_task_switch.isra.0+0x153/0x700
[   12.186874]  ? __switch_to+0x47/0xf50
[   12.186899]  ? __schedule+0x10cc/0x2b60
[   12.186934]  ? __pfx_read_tsc+0x10/0x10
[   12.186957]  krealloc_large_less_oob+0x1c/0x30
[   12.186979]  kunit_try_run_case+0x1a5/0x480
[   12.187002]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.187024]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.187046]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.187073]  ? __kthread_parkme+0x82/0x180
[   12.187092]  ? preempt_count_sub+0x50/0x80
[   12.187114]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.187137]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.187159]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.187181]  kthread+0x337/0x6f0
[   12.187201]  ? trace_preempt_on+0x20/0xc0
[   12.187223]  ? __pfx_kthread+0x10/0x10
[   12.187242]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.187262]  ? calculate_sigpending+0x7b/0xa0
[   12.187284]  ? __pfx_kthread+0x10/0x10
[   12.187304]  ret_from_fork+0x116/0x1d0
[   12.187320]  ? __pfx_kthread+0x10/0x10
[   12.187339]  ret_from_fork_asm+0x1a/0x30
[   12.187431]  </TASK>
[   12.187440] 
[   12.196065] The buggy address belongs to the physical page:
[   12.196295] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b74
[   12.196673] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.196939] flags: 0x200000000000040(head|node=0|zone=2)
[   12.197193] page_type: f8(unknown)
[   12.197363] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.197695] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.197936] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.198276] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.198612] head: 0200000000000002 ffffea00040add01 00000000ffffffff 00000000ffffffff
[   12.199029] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.199444] page dumped because: kasan: bad access detected
[   12.199624] 
[   12.199711] Memory state around the buggy address:
[   12.199952]  ffff888102b75f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.200239]  ffff888102b76000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.200599] >ffff888102b76080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.200896]                                                           ^
[   12.201170]  ffff888102b76100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.201471]  ffff888102b76180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.201832] ==================================================================
[   11.921224] ==================================================================
[   11.921856] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.922254] Write of size 1 at addr ffff888102b916c9 by task kunit_try_catch/175
[   11.922719] 
[   11.922941] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.922989] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.923000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.923030] Call Trace:
[   11.923042]  <TASK>
[   11.923061]  dump_stack_lvl+0x73/0xb0
[   11.923104]  print_report+0xd1/0x610
[   11.923126]  ? __virt_addr_valid+0x1db/0x2d0
[   11.923147]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.923169]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.923189]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.923212]  kasan_report+0x141/0x180
[   11.923232]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.923259]  __asan_report_store1_noabort+0x1b/0x30
[   11.923281]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.923305]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.923337]  ? finish_task_switch.isra.0+0x153/0x700
[   11.923357]  ? __switch_to+0x47/0xf50
[   11.923381]  ? __schedule+0x10cc/0x2b60
[   11.923478]  ? __pfx_read_tsc+0x10/0x10
[   11.923503]  krealloc_less_oob+0x1c/0x30
[   11.923524]  kunit_try_run_case+0x1a5/0x480
[   11.923546]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.923579]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.923601]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.923623]  ? __kthread_parkme+0x82/0x180
[   11.923653]  ? preempt_count_sub+0x50/0x80
[   11.923675]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.923707]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.923729]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.923751]  kthread+0x337/0x6f0
[   11.923769]  ? trace_preempt_on+0x20/0xc0
[   11.923790]  ? __pfx_kthread+0x10/0x10
[   11.923810]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.923829]  ? calculate_sigpending+0x7b/0xa0
[   11.923851]  ? __pfx_kthread+0x10/0x10
[   11.923871]  ret_from_fork+0x116/0x1d0
[   11.923888]  ? __pfx_kthread+0x10/0x10
[   11.923917]  ret_from_fork_asm+0x1a/0x30
[   11.923946]  </TASK>
[   11.923956] 
[   11.939591] Allocated by task 175:
[   11.940111]  kasan_save_stack+0x45/0x70
[   11.940261]  kasan_save_track+0x18/0x40
[   11.940700]  kasan_save_alloc_info+0x3b/0x50
[   11.941268]  __kasan_krealloc+0x190/0x1f0
[   11.941784]  krealloc_noprof+0xf3/0x340
[   11.942309]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.942992]  krealloc_less_oob+0x1c/0x30
[   11.943297]  kunit_try_run_case+0x1a5/0x480
[   11.943645]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.944148]  kthread+0x337/0x6f0
[   11.944278]  ret_from_fork+0x116/0x1d0
[   11.944592]  ret_from_fork_asm+0x1a/0x30
[   11.945022] 
[   11.945207] The buggy address belongs to the object at ffff888102b91600
[   11.945207]  which belongs to the cache kmalloc-256 of size 256
[   11.946258] The buggy address is located 0 bytes to the right of
[   11.946258]  allocated 201-byte region [ffff888102b91600, ffff888102b916c9)
[   11.947502] 
[   11.947783] The buggy address belongs to the physical page:
[   11.948201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b90
[   11.948733] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.949559] flags: 0x200000000000040(head|node=0|zone=2)
[   11.949776] page_type: f5(slab)
[   11.950292] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.951060] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.951301] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.951998] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.952859] head: 0200000000000001 ffffea00040ae401 00000000ffffffff 00000000ffffffff
[   11.953702] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.954146] page dumped because: kasan: bad access detected
[   11.954322] 
[   11.954393] Memory state around the buggy address:
[   11.955066]  ffff888102b91580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.955760]  ffff888102b91600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.956475] >ffff888102b91680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.957153]                                               ^
[   11.957333]  ffff888102b91700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.957549]  ffff888102b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.958080] ==================================================================
[   11.959170] ==================================================================
[   11.960282] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.961347] Write of size 1 at addr ffff888102b916d0 by task kunit_try_catch/175
[   11.961949] 
[   11.962038] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.962080] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.962091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.962110] Call Trace:
[   11.962121]  <TASK>
[   11.962135]  dump_stack_lvl+0x73/0xb0
[   11.962163]  print_report+0xd1/0x610
[   11.962183]  ? __virt_addr_valid+0x1db/0x2d0
[   11.962204]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.962226]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.962246]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.962269]  kasan_report+0x141/0x180
[   11.962289]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.962316]  __asan_report_store1_noabort+0x1b/0x30
[   11.962338]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.962517]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.962541]  ? finish_task_switch.isra.0+0x153/0x700
[   11.962562]  ? __switch_to+0x47/0xf50
[   11.962586]  ? __schedule+0x10cc/0x2b60
[   11.962607]  ? __pfx_read_tsc+0x10/0x10
[   11.962630]  krealloc_less_oob+0x1c/0x30
[   11.962650]  kunit_try_run_case+0x1a5/0x480
[   11.962672]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.962705]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.962726]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.962748]  ? __kthread_parkme+0x82/0x180
[   11.962767]  ? preempt_count_sub+0x50/0x80
[   11.962788]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.962810]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.962832]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.962853]  kthread+0x337/0x6f0
[   11.962872]  ? trace_preempt_on+0x20/0xc0
[   11.962893]  ? __pfx_kthread+0x10/0x10
[   11.962927]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.962947]  ? calculate_sigpending+0x7b/0xa0
[   11.962970]  ? __pfx_kthread+0x10/0x10
[   11.962990]  ret_from_fork+0x116/0x1d0
[   11.963007]  ? __pfx_kthread+0x10/0x10
[   11.963026]  ret_from_fork_asm+0x1a/0x30
[   11.963059]  </TASK>
[   11.963069] 
[   11.973312] Allocated by task 175:
[   11.973537]  kasan_save_stack+0x45/0x70
[   11.973697]  kasan_save_track+0x18/0x40
[   11.973889]  kasan_save_alloc_info+0x3b/0x50
[   11.974119]  __kasan_krealloc+0x190/0x1f0
[   11.974278]  krealloc_noprof+0xf3/0x340
[   11.974607]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.974937]  krealloc_less_oob+0x1c/0x30
[   11.975086]  kunit_try_run_case+0x1a5/0x480
[   11.975228]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.975398]  kthread+0x337/0x6f0
[   11.975519]  ret_from_fork+0x116/0x1d0
[   11.975689]  ret_from_fork_asm+0x1a/0x30
[   11.975878] 
[   11.976008] The buggy address belongs to the object at ffff888102b91600
[   11.976008]  which belongs to the cache kmalloc-256 of size 256
[   11.976521] The buggy address is located 7 bytes to the right of
[   11.976521]  allocated 201-byte region [ffff888102b91600, ffff888102b916c9)
[   11.976969] 
[   11.977038] The buggy address belongs to the physical page:
[   11.977334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b90
[   11.977828] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.978179] flags: 0x200000000000040(head|node=0|zone=2)
[   11.978569] page_type: f5(slab)
[   11.978758] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.979050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.979418] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   11.979761] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.980090] head: 0200000000000001 ffffea00040ae401 00000000ffffffff 00000000ffffffff
[   11.980408] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.980774] page dumped because: kasan: bad access detected
[   11.980960] 
[   11.981029] Memory state around the buggy address:
[   11.981182]  ffff888102b91580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.981424]  ffff888102b91600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.981824] >ffff888102b91680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.982193]                                                  ^
[   11.982453]  ffff888102b91700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.982923]  ffff888102b91780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.983229] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

308WsFutMAZosSMnEORCZj9vmFx

job_id

TEST:linaro@lkft#308Wxco0Z10DyzYIW4nOQQqgkwI

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/308Wxco0Z10DyzYIW4nOQQqgkwI

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/bzImage
sha256sum	aa8c3294f8e6a312d0005bf4942ab46073b3db37d1a255c29f470aad8b68ac89

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/308WuPU0WWVtcDZkj55VJ74P6Fz/modules.tar.xz
sha256sum	3f40af07dd0ca48c872811d115b0432b5fee72cae8136e55274a0e7676f09c6e

durations

tests

boot	0
kunit	198.91

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.2+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit