lkft/linux-mainline-master - v6.16-rc6-37-ge2291551827f - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 17, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64

[   15.190682] ==================================================================
[   15.190741] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.191004] Write of size 1 at addr fff00000c0919ac9 by task kunit_try_catch/159
[   15.191069] 
[   15.191215] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.191306] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.191332] Hardware name: linux,dummy-virt (DT)
[   15.191368] Call trace:
[   15.191534]  show_stack+0x20/0x38 (C)
[   15.191596]  dump_stack_lvl+0x8c/0xd0
[   15.191644]  print_report+0x118/0x5d0
[   15.191947]  kasan_report+0xdc/0x128
[   15.192086]  __asan_report_store1_noabort+0x20/0x30
[   15.192142]  krealloc_less_oob_helper+0xa48/0xc50
[   15.192218]  krealloc_less_oob+0x20/0x38
[   15.192325]  kunit_try_run_case+0x170/0x3f0
[   15.192402]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.192696]  kthread+0x328/0x630
[   15.192955]  ret_from_fork+0x10/0x20
[   15.193152] 
[   15.193233] Allocated by task 159:
[   15.193366]  kasan_save_stack+0x3c/0x68
[   15.193474]  kasan_save_track+0x20/0x40
[   15.193518]  kasan_save_alloc_info+0x40/0x58
[   15.193700]  __kasan_krealloc+0x118/0x178
[   15.193922]  krealloc_noprof+0x128/0x360
[   15.194063]  krealloc_less_oob_helper+0x168/0xc50
[   15.194178]  krealloc_less_oob+0x20/0x38
[   15.194266]  kunit_try_run_case+0x170/0x3f0
[   15.194412]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.194491]  kthread+0x328/0x630
[   15.195484]  ret_from_fork+0x10/0x20
[   15.195562] 
[   15.195581] The buggy address belongs to the object at fff00000c0919a00
[   15.195581]  which belongs to the cache kmalloc-256 of size 256
[   15.195659] The buggy address is located 0 bytes to the right of
[   15.195659]  allocated 201-byte region [fff00000c0919a00, fff00000c0919ac9)
[   15.195752] 
[   15.195801] The buggy address belongs to the physical page:
[   15.196120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100918
[   15.196675] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.197053] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.197146] page_type: f5(slab)
[   15.197239] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.197327] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.197464] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.197553] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.197609] head: 0bfffe0000000001 ffffc1ffc3024601 00000000ffffffff 00000000ffffffff
[   15.197657] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.197697] page dumped because: kasan: bad access detected
[   15.197744] 
[   15.197762] Memory state around the buggy address:
[   15.197796]  fff00000c0919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.197839]  fff00000c0919a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.197880] >fff00000c0919a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.197918]                                               ^
[   15.197964]  fff00000c0919b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.198032]  fff00000c0919b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.198070] ==================================================================
[   15.276427] ==================================================================
[   15.276472] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.276519] Write of size 1 at addr fff00000c65ca0ea by task kunit_try_catch/163
[   15.276567] 
[   15.276594] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.276680] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.276711] Hardware name: linux,dummy-virt (DT)
[   15.276749] Call trace:
[   15.276770]  show_stack+0x20/0x38 (C)
[   15.276829]  dump_stack_lvl+0x8c/0xd0
[   15.277018]  print_report+0x118/0x5d0
[   15.277304]  kasan_report+0xdc/0x128
[   15.277425]  __asan_report_store1_noabort+0x20/0x30
[   15.278030]  krealloc_less_oob_helper+0xae4/0xc50
[   15.278144]  krealloc_large_less_oob+0x20/0x38
[   15.278295]  kunit_try_run_case+0x170/0x3f0
[   15.278345]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.278688]  kthread+0x328/0x630
[   15.278769]  ret_from_fork+0x10/0x20
[   15.278817] 
[   15.278836] The buggy address belongs to the physical page:
[   15.279255] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c8
[   15.279349] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.279457] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.279996] page_type: f8(unknown)
[   15.280043] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.280165] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.280240] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.280352] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.280671] head: 0bfffe0000000002 ffffc1ffc3197201 00000000ffffffff 00000000ffffffff
[   15.280841] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.281024] page dumped because: kasan: bad access detected
[   15.281104] 
[   15.281179] Memory state around the buggy address:
[   15.281268]  fff00000c65c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.281352]  fff00000c65ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.281518] >fff00000c65ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.281560]                                                           ^
[   15.281598]  fff00000c65ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.281764]  fff00000c65ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.282009] ==================================================================
[   15.207369] ==================================================================
[   15.207429] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.207833] Write of size 1 at addr fff00000c0919ada by task kunit_try_catch/159
[   15.207975] 
[   15.208040] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.208129] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.208157] Hardware name: linux,dummy-virt (DT)
[   15.208433] Call trace:
[   15.208536]  show_stack+0x20/0x38 (C)
[   15.208591]  dump_stack_lvl+0x8c/0xd0
[   15.208685]  print_report+0x118/0x5d0
[   15.208740]  kasan_report+0xdc/0x128
[   15.208785]  __asan_report_store1_noabort+0x20/0x30
[   15.209222]  krealloc_less_oob_helper+0xa80/0xc50
[   15.209343]  krealloc_less_oob+0x20/0x38
[   15.209414]  kunit_try_run_case+0x170/0x3f0
[   15.209525]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.209581]  kthread+0x328/0x630
[   15.209622]  ret_from_fork+0x10/0x20
[   15.209785] 
[   15.210033] Allocated by task 159:
[   15.210193]  kasan_save_stack+0x3c/0x68
[   15.210272]  kasan_save_track+0x20/0x40
[   15.210378]  kasan_save_alloc_info+0x40/0x58
[   15.210439]  __kasan_krealloc+0x118/0x178
[   15.210499]  krealloc_noprof+0x128/0x360
[   15.211052]  krealloc_less_oob_helper+0x168/0xc50
[   15.211097]  krealloc_less_oob+0x20/0x38
[   15.211417]  kunit_try_run_case+0x170/0x3f0
[   15.211569]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.211677]  kthread+0x328/0x630
[   15.211821]  ret_from_fork+0x10/0x20
[   15.211860] 
[   15.211930] The buggy address belongs to the object at fff00000c0919a00
[   15.211930]  which belongs to the cache kmalloc-256 of size 256
[   15.212143] The buggy address is located 17 bytes to the right of
[   15.212143]  allocated 201-byte region [fff00000c0919a00, fff00000c0919ac9)
[   15.212233] 
[   15.212252] The buggy address belongs to the physical page:
[   15.212293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100918
[   15.212354] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.212400] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.212449] page_type: f5(slab)
[   15.212487] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.212548] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.212597] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.212654] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.212703] head: 0bfffe0000000001 ffffc1ffc3024601 00000000ffffffff 00000000ffffffff
[   15.212760] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.213017] page dumped because: kasan: bad access detected
[   15.213339] 
[   15.213396] Memory state around the buggy address:
[   15.213461]  fff00000c0919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.213545]  fff00000c0919a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.213684] >fff00000c0919a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.213804]                                                     ^
[   15.214021]  fff00000c0919b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.214068]  fff00000c0919b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.214106] ==================================================================
[   15.283078] ==================================================================
[   15.283207] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.283331] Write of size 1 at addr fff00000c65ca0eb by task kunit_try_catch/163
[   15.283382] 
[   15.283412] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.283543] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.283570] Hardware name: linux,dummy-virt (DT)
[   15.283599] Call trace:
[   15.283658]  show_stack+0x20/0x38 (C)
[   15.284001]  dump_stack_lvl+0x8c/0xd0
[   15.284071]  print_report+0x118/0x5d0
[   15.284118]  kasan_report+0xdc/0x128
[   15.284163]  __asan_report_store1_noabort+0x20/0x30
[   15.284341]  krealloc_less_oob_helper+0xa58/0xc50
[   15.284402]  krealloc_large_less_oob+0x20/0x38
[   15.284448]  kunit_try_run_case+0x170/0x3f0
[   15.284494]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.284545]  kthread+0x328/0x630
[   15.284585]  ret_from_fork+0x10/0x20
[   15.284631] 
[   15.284650] The buggy address belongs to the physical page:
[   15.284706] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c8
[   15.284769] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.284826] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.284876] page_type: f8(unknown)
[   15.284913] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.284968] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.285411] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.285674] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.285870] head: 0bfffe0000000002 ffffc1ffc3197201 00000000ffffffff 00000000ffffffff
[   15.286062] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.286162] page dumped because: kasan: bad access detected
[   15.286299] 
[   15.286380] Memory state around the buggy address:
[   15.286413]  fff00000c65c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.286472]  fff00000c65ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.286779] >fff00000c65ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.286864]                                                           ^
[   15.287021]  fff00000c65ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.287106]  fff00000c65ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.287244] ==================================================================
[   15.269723] ==================================================================
[   15.269816] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   15.269953] Write of size 1 at addr fff00000c65ca0da by task kunit_try_catch/163
[   15.270280] 
[   15.270325] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.271120] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.271376] Hardware name: linux,dummy-virt (DT)
[   15.271430] Call trace:
[   15.271461]  show_stack+0x20/0x38 (C)
[   15.271514]  dump_stack_lvl+0x8c/0xd0
[   15.271624]  print_report+0x118/0x5d0
[   15.271710]  kasan_report+0xdc/0x128
[   15.271755]  __asan_report_store1_noabort+0x20/0x30
[   15.271897]  krealloc_less_oob_helper+0xa80/0xc50
[   15.271963]  krealloc_large_less_oob+0x20/0x38
[   15.272051]  kunit_try_run_case+0x170/0x3f0
[   15.272096]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.272208]  kthread+0x328/0x630
[   15.272253]  ret_from_fork+0x10/0x20
[   15.272593] 
[   15.272646] The buggy address belongs to the physical page:
[   15.272704] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c8
[   15.272842] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.272919] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.272970] page_type: f8(unknown)
[   15.273128] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.273409] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.273549] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.273658] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.274353] head: 0bfffe0000000002 ffffc1ffc3197201 00000000ffffffff 00000000ffffffff
[   15.274481] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.274606] page dumped because: kasan: bad access detected
[   15.274637] 
[   15.274689] Memory state around the buggy address:
[   15.275100]  fff00000c65c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.275180]  fff00000c65ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.275223] >fff00000c65ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.275379]                                                     ^
[   15.275579]  fff00000c65ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.275649]  fff00000c65ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.275913] ==================================================================
[   15.215122] ==================================================================
[   15.215434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   15.215551] Write of size 1 at addr fff00000c0919aea by task kunit_try_catch/159
[   15.215648] 
[   15.215685] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.215856] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.215885] Hardware name: linux,dummy-virt (DT)
[   15.215922] Call trace:
[   15.215961]  show_stack+0x20/0x38 (C)
[   15.216148]  dump_stack_lvl+0x8c/0xd0
[   15.216523]  print_report+0x118/0x5d0
[   15.216666]  kasan_report+0xdc/0x128
[   15.216742]  __asan_report_store1_noabort+0x20/0x30
[   15.216882]  krealloc_less_oob_helper+0xae4/0xc50
[   15.216954]  krealloc_less_oob+0x20/0x38
[   15.217245]  kunit_try_run_case+0x170/0x3f0
[   15.217388]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.217577]  kthread+0x328/0x630
[   15.217655]  ret_from_fork+0x10/0x20
[   15.217787] 
[   15.217922] Allocated by task 159:
[   15.218031]  kasan_save_stack+0x3c/0x68
[   15.218100]  kasan_save_track+0x20/0x40
[   15.218137]  kasan_save_alloc_info+0x40/0x58
[   15.218544]  __kasan_krealloc+0x118/0x178
[   15.218622]  krealloc_noprof+0x128/0x360
[   15.218741]  krealloc_less_oob_helper+0x168/0xc50
[   15.218843]  krealloc_less_oob+0x20/0x38
[   15.218920]  kunit_try_run_case+0x170/0x3f0
[   15.219315]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.219437]  kthread+0x328/0x630
[   15.219480]  ret_from_fork+0x10/0x20
[   15.219515] 
[   15.219551] The buggy address belongs to the object at fff00000c0919a00
[   15.219551]  which belongs to the cache kmalloc-256 of size 256
[   15.219617] The buggy address is located 33 bytes to the right of
[   15.219617]  allocated 201-byte region [fff00000c0919a00, fff00000c0919ac9)
[   15.219728] 
[   15.219747] The buggy address belongs to the physical page:
[   15.219778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100918
[   15.219838] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.219885] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.219945] page_type: f5(slab)
[   15.219991] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.220041] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.220091] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.220149] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.220198] head: 0bfffe0000000001 ffffc1ffc3024601 00000000ffffffff 00000000ffffffff
[   15.220246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.220295] page dumped because: kasan: bad access detected
[   15.220325] 
[   15.220342] Memory state around the buggy address:
[   15.220371]  fff00000c0919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.220413]  fff00000c0919a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.220455] >fff00000c0919a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.220491]                                                           ^
[   15.220529]  fff00000c0919b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.220580]  fff00000c0919b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.220618] ==================================================================
[   15.263436] ==================================================================
[   15.263488] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.263647] Write of size 1 at addr fff00000c65ca0d0 by task kunit_try_catch/163
[   15.263766] 
[   15.263817] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.263899] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.264023] Hardware name: linux,dummy-virt (DT)
[   15.264092] Call trace:
[   15.264122]  show_stack+0x20/0x38 (C)
[   15.264336]  dump_stack_lvl+0x8c/0xd0
[   15.264391]  print_report+0x118/0x5d0
[   15.264537]  kasan_report+0xdc/0x128
[   15.264595]  __asan_report_store1_noabort+0x20/0x30
[   15.264801]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.264872]  krealloc_large_less_oob+0x20/0x38
[   15.265076]  kunit_try_run_case+0x170/0x3f0
[   15.265302]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.265408]  kthread+0x328/0x630
[   15.265494]  ret_from_fork+0x10/0x20
[   15.265675] 
[   15.265699] The buggy address belongs to the physical page:
[   15.265733] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c8
[   15.265789] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.266024] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.266091] page_type: f8(unknown)
[   15.266210] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.266261] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.266319] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.266367] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.266415] head: 0bfffe0000000002 ffffc1ffc3197201 00000000ffffffff 00000000ffffffff
[   15.266469] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.266524] page dumped because: kasan: bad access detected
[   15.266554] 
[   15.266571] Memory state around the buggy address:
[   15.266600]  fff00000c65c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.266642]  fff00000c65ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.266694] >fff00000c65ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.266731]                                                  ^
[   15.266767]  fff00000c65ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.266809]  fff00000c65ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.266845] ==================================================================
[   15.256833] ==================================================================
[   15.257178] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   15.257325] Write of size 1 at addr fff00000c65ca0c9 by task kunit_try_catch/163
[   15.257421] 
[   15.257525] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.257897] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.257954] Hardware name: linux,dummy-virt (DT)
[   15.258080] Call trace:
[   15.258140]  show_stack+0x20/0x38 (C)
[   15.258276]  dump_stack_lvl+0x8c/0xd0
[   15.258386]  print_report+0x118/0x5d0
[   15.258582]  kasan_report+0xdc/0x128
[   15.258679]  __asan_report_store1_noabort+0x20/0x30
[   15.259201]  krealloc_less_oob_helper+0xa48/0xc50
[   15.259369]  krealloc_large_less_oob+0x20/0x38
[   15.259503]  kunit_try_run_case+0x170/0x3f0
[   15.259672]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.259758]  kthread+0x328/0x630
[   15.259808]  ret_from_fork+0x10/0x20
[   15.260088] 
[   15.260225] The buggy address belongs to the physical page:
[   15.260368] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c8
[   15.260528] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.260579] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.260655] page_type: f8(unknown)
[   15.260728] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.260997] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.261256] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   15.261334] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.261470] head: 0bfffe0000000002 ffffc1ffc3197201 00000000ffffffff 00000000ffffffff
[   15.261703] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.261903] page dumped because: kasan: bad access detected
[   15.261998] 
[   15.262032] Memory state around the buggy address:
[   15.262100]  fff00000c65c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.262161]  fff00000c65ca000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.262203] >fff00000c65ca080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   15.262240]                                               ^
[   15.262283]  fff00000c65ca100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.262324]  fff00000c65ca180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   15.262377] ==================================================================
[   15.222150] ==================================================================
[   15.222203] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   15.222251] Write of size 1 at addr fff00000c0919aeb by task kunit_try_catch/159
[   15.222489] 
[   15.222610] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.222701] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.222726] Hardware name: linux,dummy-virt (DT)
[   15.222764] Call trace:
[   15.222802]  show_stack+0x20/0x38 (C)
[   15.222908]  dump_stack_lvl+0x8c/0xd0
[   15.223187]  print_report+0x118/0x5d0
[   15.223401]  kasan_report+0xdc/0x128
[   15.223495]  __asan_report_store1_noabort+0x20/0x30
[   15.223576]  krealloc_less_oob_helper+0xa58/0xc50
[   15.223667]  krealloc_less_oob+0x20/0x38
[   15.223753]  kunit_try_run_case+0x170/0x3f0
[   15.224135]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.224308]  kthread+0x328/0x630
[   15.224354]  ret_from_fork+0x10/0x20
[   15.224439] 
[   15.224506] Allocated by task 159:
[   15.224533]  kasan_save_stack+0x3c/0x68
[   15.224590]  kasan_save_track+0x20/0x40
[   15.224627]  kasan_save_alloc_info+0x40/0x58
[   15.224714]  __kasan_krealloc+0x118/0x178
[   15.224823]  krealloc_noprof+0x128/0x360
[   15.224863]  krealloc_less_oob_helper+0x168/0xc50
[   15.224925]  krealloc_less_oob+0x20/0x38
[   15.224967]  kunit_try_run_case+0x170/0x3f0
[   15.225155]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.225403]  kthread+0x328/0x630
[   15.225527]  ret_from_fork+0x10/0x20
[   15.225634] 
[   15.225755] The buggy address belongs to the object at fff00000c0919a00
[   15.225755]  which belongs to the cache kmalloc-256 of size 256
[   15.225860] The buggy address is located 34 bytes to the right of
[   15.225860]  allocated 201-byte region [fff00000c0919a00, fff00000c0919ac9)
[   15.226075] 
[   15.226291] The buggy address belongs to the physical page:
[   15.226344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100918
[   15.226478] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.226615] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.226766] page_type: f5(slab)
[   15.226816] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.227170] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.227393] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.227482] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.227628] head: 0bfffe0000000001 ffffc1ffc3024601 00000000ffffffff 00000000ffffffff
[   15.227739] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.228159] page dumped because: kasan: bad access detected
[   15.228237] 
[   15.228277] Memory state around the buggy address:
[   15.228338]  fff00000c0919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.228505]  fff00000c0919a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.228604] >fff00000c0919a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.228830]                                                           ^
[   15.229015]  fff00000c0919b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.229079]  fff00000c0919b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.229492] ==================================================================
[   15.198544] ==================================================================
[   15.198591] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   15.198640] Write of size 1 at addr fff00000c0919ad0 by task kunit_try_catch/159
[   15.198688] 
[   15.198717] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.198813] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.198840] Hardware name: linux,dummy-virt (DT)
[   15.198869] Call trace:
[   15.198890]  show_stack+0x20/0x38 (C)
[   15.198936]  dump_stack_lvl+0x8c/0xd0
[   15.199308]  print_report+0x118/0x5d0
[   15.199407]  kasan_report+0xdc/0x128
[   15.199464]  __asan_report_store1_noabort+0x20/0x30
[   15.199872]  krealloc_less_oob_helper+0xb9c/0xc50
[   15.200044]  krealloc_less_oob+0x20/0x38
[   15.200258]  kunit_try_run_case+0x170/0x3f0
[   15.200474]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.200540]  kthread+0x328/0x630
[   15.200804]  ret_from_fork+0x10/0x20
[   15.201033] 
[   15.201183] Allocated by task 159:
[   15.201215]  kasan_save_stack+0x3c/0x68
[   15.201446]  kasan_save_track+0x20/0x40
[   15.201540]  kasan_save_alloc_info+0x40/0x58
[   15.201651]  __kasan_krealloc+0x118/0x178
[   15.201717]  krealloc_noprof+0x128/0x360
[   15.201753]  krealloc_less_oob_helper+0x168/0xc50
[   15.202034]  krealloc_less_oob+0x20/0x38
[   15.202164]  kunit_try_run_case+0x170/0x3f0
[   15.202243]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.202387]  kthread+0x328/0x630
[   15.202422]  ret_from_fork+0x10/0x20
[   15.202508] 
[   15.202821] The buggy address belongs to the object at fff00000c0919a00
[   15.202821]  which belongs to the cache kmalloc-256 of size 256
[   15.202909] The buggy address is located 7 bytes to the right of
[   15.202909]  allocated 201-byte region [fff00000c0919a00, fff00000c0919ac9)
[   15.203095] 
[   15.203115] The buggy address belongs to the physical page:
[   15.203147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100918
[   15.203615] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.203712] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.203774] page_type: f5(slab)
[   15.204126] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.204258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.204355] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   15.204507] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.204714] head: 0bfffe0000000001 ffffc1ffc3024601 00000000ffffffff 00000000ffffffff
[   15.204926] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   15.205004] page dumped because: kasan: bad access detected
[   15.205036] 
[   15.205053] Memory state around the buggy address:
[   15.205199]  fff00000c0919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.205494]  fff00000c0919a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.205547] >fff00000c0919a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   15.205650]                                                  ^
[   15.205739]  fff00000c0919b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.205781]  fff00000c0919b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.205830] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

3003M942ob4BTLEn8Aseea5B8RJ

job_id

TEST:linaro@lkft#3003QRiEnhxBi5vhC0jxaNVXmcS

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3003QRiEnhxBi5vhC0jxaNVXmcS

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003NHs0B68ZGBetkLilYavuDFy/Image.gz
sha256sum	9ef31b16479117b68c0f561eaeaa8823716042fb27d398853ce96cfca127f95e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003NHs0B68ZGBetkLilYavuDFy/modules.tar.xz
sha256sum	6dda0b757b3bcf288fc6551d8e2b1e653bdd9378e1cef459bf5759205275c144

durations

tests

boot	0
kunit	172.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.748725] ==================================================================
[   12.749056] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.749431] Write of size 1 at addr ffff888100342ada by task kunit_try_catch/175
[   12.749734] 
[   12.749833] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.749874] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.749886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.749906] Call Trace:
[   12.749919]  <TASK>
[   12.749935]  dump_stack_lvl+0x73/0xb0
[   12.749963]  print_report+0xd1/0x610
[   12.749987]  ? __virt_addr_valid+0x1db/0x2d0
[   12.750009]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.750035]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.750060]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.750085]  kasan_report+0x141/0x180
[   12.750108]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.750139]  __asan_report_store1_noabort+0x1b/0x30
[   12.750165]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.750192]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.750218]  ? finish_task_switch.isra.0+0x153/0x700
[   12.750396]  ? __switch_to+0x47/0xf50
[   12.750439]  ? __schedule+0x10cc/0x2b60
[   12.750461]  ? __pfx_read_tsc+0x10/0x10
[   12.750484]  krealloc_less_oob+0x1c/0x30
[   12.750507]  kunit_try_run_case+0x1a5/0x480
[   12.750531]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.750569]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.750593]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.750616]  ? __kthread_parkme+0x82/0x180
[   12.750637]  ? preempt_count_sub+0x50/0x80
[   12.750659]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.750683]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.750707]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.750733]  kthread+0x337/0x6f0
[   12.750751]  ? trace_preempt_on+0x20/0xc0
[   12.750774]  ? __pfx_kthread+0x10/0x10
[   12.750794]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.750815]  ? calculate_sigpending+0x7b/0xa0
[   12.750839]  ? __pfx_kthread+0x10/0x10
[   12.750860]  ret_from_fork+0x116/0x1d0
[   12.750878]  ? __pfx_kthread+0x10/0x10
[   12.750898]  ret_from_fork_asm+0x1a/0x30
[   12.750928]  </TASK>
[   12.750937] 
[   12.758714] Allocated by task 175:
[   12.759180]  kasan_save_stack+0x45/0x70
[   12.759366]  kasan_save_track+0x18/0x40
[   12.759696]  kasan_save_alloc_info+0x3b/0x50
[   12.759902]  __kasan_krealloc+0x190/0x1f0
[   12.760048]  krealloc_noprof+0xf3/0x340
[   12.760183]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.760344]  krealloc_less_oob+0x1c/0x30
[   12.760595]  kunit_try_run_case+0x1a5/0x480
[   12.760802]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.761057]  kthread+0x337/0x6f0
[   12.761225]  ret_from_fork+0x116/0x1d0
[   12.761421]  ret_from_fork_asm+0x1a/0x30
[   12.761739] 
[   12.761817] The buggy address belongs to the object at ffff888100342a00
[   12.761817]  which belongs to the cache kmalloc-256 of size 256
[   12.762176] The buggy address is located 17 bytes to the right of
[   12.762176]  allocated 201-byte region [ffff888100342a00, ffff888100342ac9)
[   12.762944] 
[   12.763052] The buggy address belongs to the physical page:
[   12.763428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.763746] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.764015] flags: 0x200000000000040(head|node=0|zone=2)
[   12.764192] page_type: f5(slab)
[   12.764309] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.764599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.765045] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.765388] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.765908] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.766221] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.766660] page dumped because: kasan: bad access detected
[   12.766880] 
[   12.766978] Memory state around the buggy address:
[   12.767205]  ffff888100342980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.767737]  ffff888100342a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.768015] >ffff888100342a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.768354]                                                     ^
[   12.768604]  ffff888100342b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.768924]  ffff888100342b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.769193] ==================================================================
[   12.769691] ==================================================================
[   12.769929] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.770270] Write of size 1 at addr ffff888100342aea by task kunit_try_catch/175
[   12.770635] 
[   12.770741] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.770781] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.770792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.770810] Call Trace:
[   12.770823]  <TASK>
[   12.770838]  dump_stack_lvl+0x73/0xb0
[   12.770863]  print_report+0xd1/0x610
[   12.770884]  ? __virt_addr_valid+0x1db/0x2d0
[   12.770904]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.770927]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.770948]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.770971]  kasan_report+0x141/0x180
[   12.770991]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.771019]  __asan_report_store1_noabort+0x1b/0x30
[   12.771042]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.771067]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.771090]  ? finish_task_switch.isra.0+0x153/0x700
[   12.771111]  ? __switch_to+0x47/0xf50
[   12.771134]  ? __schedule+0x10cc/0x2b60
[   12.771154]  ? __pfx_read_tsc+0x10/0x10
[   12.771176]  krealloc_less_oob+0x1c/0x30
[   12.771365]  kunit_try_run_case+0x1a5/0x480
[   12.771396]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.771435]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.771461]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.771485]  ? __kthread_parkme+0x82/0x180
[   12.771505]  ? preempt_count_sub+0x50/0x80
[   12.771528]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.771565]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.771589]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.771615]  kthread+0x337/0x6f0
[   12.771634]  ? trace_preempt_on+0x20/0xc0
[   12.771657]  ? __pfx_kthread+0x10/0x10
[   12.771677]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.771698]  ? calculate_sigpending+0x7b/0xa0
[   12.771721]  ? __pfx_kthread+0x10/0x10
[   12.771742]  ret_from_fork+0x116/0x1d0
[   12.771761]  ? __pfx_kthread+0x10/0x10
[   12.771781]  ret_from_fork_asm+0x1a/0x30
[   12.771811]  </TASK>
[   12.771820] 
[   12.780056] Allocated by task 175:
[   12.780186]  kasan_save_stack+0x45/0x70
[   12.780609]  kasan_save_track+0x18/0x40
[   12.780812]  kasan_save_alloc_info+0x3b/0x50
[   12.781023]  __kasan_krealloc+0x190/0x1f0
[   12.781223]  krealloc_noprof+0xf3/0x340
[   12.781405]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.781668]  krealloc_less_oob+0x1c/0x30
[   12.781840]  kunit_try_run_case+0x1a5/0x480
[   12.782023]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.782239]  kthread+0x337/0x6f0
[   12.782401]  ret_from_fork+0x116/0x1d0
[   12.782590]  ret_from_fork_asm+0x1a/0x30
[   12.782737] 
[   12.782828] The buggy address belongs to the object at ffff888100342a00
[   12.782828]  which belongs to the cache kmalloc-256 of size 256
[   12.783304] The buggy address is located 33 bytes to the right of
[   12.783304]  allocated 201-byte region [ffff888100342a00, ffff888100342ac9)
[   12.783683] 
[   12.783753] The buggy address belongs to the physical page:
[   12.784002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.784460] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.784804] flags: 0x200000000000040(head|node=0|zone=2)
[   12.785042] page_type: f5(slab)
[   12.785177] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.785406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.785754] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.786096] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.786563] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.786885] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.787180] page dumped because: kasan: bad access detected
[   12.787509] 
[   12.787602] Memory state around the buggy address:
[   12.787757]  ffff888100342980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.787975]  ffff888100342a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.788365] >ffff888100342a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.788698]                                                           ^
[   12.789297]  ffff888100342b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.789603]  ffff888100342b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.789879] ==================================================================
[   12.953778] ==================================================================
[   12.954431] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.955098] Write of size 1 at addr ffff8881027d20eb by task kunit_try_catch/179
[   12.955740] 
[   12.955888] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.955933] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.955944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.955964] Call Trace:
[   12.955975]  <TASK>
[   12.955990]  dump_stack_lvl+0x73/0xb0
[   12.956019]  print_report+0xd1/0x610
[   12.956047]  ? __virt_addr_valid+0x1db/0x2d0
[   12.956069]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.956094]  ? kasan_addr_to_slab+0x11/0xa0
[   12.956114]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.956138]  kasan_report+0x141/0x180
[   12.956160]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.956188]  __asan_report_store1_noabort+0x1b/0x30
[   12.956214]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.956240]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.956264]  ? irqentry_exit+0x2a/0x60
[   12.956286]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.956315]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   12.956343]  krealloc_large_less_oob+0x1c/0x30
[   12.956367]  kunit_try_run_case+0x1a5/0x480
[   12.956392]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.956668]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.956699]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.956723]  ? __kthread_parkme+0x82/0x180
[   12.956744]  ? preempt_count_sub+0x50/0x80
[   12.956767]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.956793]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.956820]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.956845]  kthread+0x337/0x6f0
[   12.956865]  ? trace_preempt_on+0x20/0xc0
[   12.956888]  ? __pfx_kthread+0x10/0x10
[   12.956909]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.956930]  ? calculate_sigpending+0x7b/0xa0
[   12.956954]  ? __pfx_kthread+0x10/0x10
[   12.956975]  ret_from_fork+0x116/0x1d0
[   12.956994]  ? __pfx_kthread+0x10/0x10
[   12.957016]  ret_from_fork_asm+0x1a/0x30
[   12.957048]  </TASK>
[   12.957060] 
[   12.973005] The buggy address belongs to the physical page:
[   12.973609] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d0
[   12.974138] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.974574] flags: 0x200000000000040(head|node=0|zone=2)
[   12.975214] page_type: f8(unknown)
[   12.975793] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.976426] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.976821] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.977057] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.977769] head: 0200000000000002 ffffea000409f401 00000000ffffffff 00000000ffffffff
[   12.978577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.979323] page dumped because: kasan: bad access detected
[   12.980128] 
[   12.980341] Memory state around the buggy address:
[   12.980854]  ffff8881027d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.981073]  ffff8881027d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.981362] >ffff8881027d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.982246]                                                           ^
[   12.982953]  ffff8881027d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.983860]  ffff8881027d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.984509] ==================================================================
[   12.897489] ==================================================================
[   12.897834] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   12.898164] Write of size 1 at addr ffff8881027d20da by task kunit_try_catch/179
[   12.899612] 
[   12.899728] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.899771] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.899782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.899802] Call Trace:
[   12.899814]  <TASK>
[   12.899827]  dump_stack_lvl+0x73/0xb0
[   12.899856]  print_report+0xd1/0x610
[   12.899878]  ? __virt_addr_valid+0x1db/0x2d0
[   12.899901]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.899927]  ? kasan_addr_to_slab+0x11/0xa0
[   12.899948]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.899974]  kasan_report+0x141/0x180
[   12.899995]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   12.900024]  __asan_report_store1_noabort+0x1b/0x30
[   12.900057]  krealloc_less_oob_helper+0xec6/0x11d0
[   12.900083]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.900108]  ? irqentry_exit+0x2a/0x60
[   12.900128]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.900158]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   12.900185]  krealloc_large_less_oob+0x1c/0x30
[   12.900209]  kunit_try_run_case+0x1a5/0x480
[   12.900232]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.900408]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.900437]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.900476]  ? __kthread_parkme+0x82/0x180
[   12.900497]  ? preempt_count_sub+0x50/0x80
[   12.900521]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.900593]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.900620]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.900645]  kthread+0x337/0x6f0
[   12.900664]  ? trace_preempt_on+0x20/0xc0
[   12.900687]  ? __pfx_kthread+0x10/0x10
[   12.900707]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.900728]  ? calculate_sigpending+0x7b/0xa0
[   12.900752]  ? __pfx_kthread+0x10/0x10
[   12.900773]  ret_from_fork+0x116/0x1d0
[   12.900792]  ? __pfx_kthread+0x10/0x10
[   12.900813]  ret_from_fork_asm+0x1a/0x30
[   12.900843]  </TASK>
[   12.900853] 
[   12.913136] The buggy address belongs to the physical page:
[   12.913662] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d0
[   12.914187] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.914752] flags: 0x200000000000040(head|node=0|zone=2)
[   12.915102] page_type: f8(unknown)
[   12.915425] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.915734] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.916038] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.916746] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.917162] head: 0200000000000002 ffffea000409f401 00000000ffffffff 00000000ffffffff
[   12.917724] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.918314] page dumped because: kasan: bad access detected
[   12.918773] 
[   12.919000] Memory state around the buggy address:
[   12.919332]  ffff8881027d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.919871]  ffff8881027d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.920167] >ffff8881027d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.920984]                                                     ^
[   12.921430]  ffff8881027d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.921949]  ffff8881027d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.922613] ==================================================================
[   12.881147] ==================================================================
[   12.881481] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.881859] Write of size 1 at addr ffff8881027d20d0 by task kunit_try_catch/179
[   12.882142] 
[   12.882253] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.882295] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.882306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.882326] Call Trace:
[   12.882338]  <TASK>
[   12.882351]  dump_stack_lvl+0x73/0xb0
[   12.882377]  print_report+0xd1/0x610
[   12.882399]  ? __virt_addr_valid+0x1db/0x2d0
[   12.882421]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.882445]  ? kasan_addr_to_slab+0x11/0xa0
[   12.882466]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.882490]  kasan_report+0x141/0x180
[   12.882511]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.882540]  __asan_report_store1_noabort+0x1b/0x30
[   12.882763]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.882798]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.882823]  ? irqentry_exit+0x2a/0x60
[   12.882845]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.882874]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   12.882903]  krealloc_large_less_oob+0x1c/0x30
[   12.882926]  kunit_try_run_case+0x1a5/0x480
[   12.882950]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.882973]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.882997]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.883021]  ? __kthread_parkme+0x82/0x180
[   12.883042]  ? preempt_count_sub+0x50/0x80
[   12.883065]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.883089]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.883113]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.883139]  kthread+0x337/0x6f0
[   12.883158]  ? trace_preempt_on+0x20/0xc0
[   12.883181]  ? __pfx_kthread+0x10/0x10
[   12.883201]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.883223]  ? calculate_sigpending+0x7b/0xa0
[   12.883246]  ? __pfx_kthread+0x10/0x10
[   12.883267]  ret_from_fork+0x116/0x1d0
[   12.883286]  ? __pfx_kthread+0x10/0x10
[   12.883306]  ret_from_fork_asm+0x1a/0x30
[   12.883393]  </TASK>
[   12.883404] 
[   12.891182] The buggy address belongs to the physical page:
[   12.891489] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d0
[   12.891747] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.891972] flags: 0x200000000000040(head|node=0|zone=2)
[   12.892254] page_type: f8(unknown)
[   12.892421] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.892735] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.892970] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.893290] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.893743] head: 0200000000000002 ffffea000409f401 00000000ffffffff 00000000ffffffff
[   12.894088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.894632] page dumped because: kasan: bad access detected
[   12.894890] 
[   12.894980] Memory state around the buggy address:
[   12.895176]  ffff8881027d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.895391]  ffff8881027d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.895622] >ffff8881027d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.896099]                                                  ^
[   12.896369]  ffff8881027d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.896697]  ffff8881027d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.896955] ==================================================================
[   12.864339] ==================================================================
[   12.864876] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.865212] Write of size 1 at addr ffff8881027d20c9 by task kunit_try_catch/179
[   12.865828] 
[   12.865937] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.865981] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.865993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.866013] Call Trace:
[   12.866025]  <TASK>
[   12.866039]  dump_stack_lvl+0x73/0xb0
[   12.866071]  print_report+0xd1/0x610
[   12.866095]  ? __virt_addr_valid+0x1db/0x2d0
[   12.866118]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.866143]  ? kasan_addr_to_slab+0x11/0xa0
[   12.866163]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.866188]  kasan_report+0x141/0x180
[   12.866209]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.866238]  __asan_report_store1_noabort+0x1b/0x30
[   12.866264]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.866290]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.866315]  ? irqentry_exit+0x2a/0x60
[   12.866337]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.866367]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   12.866398]  krealloc_large_less_oob+0x1c/0x30
[   12.866663]  kunit_try_run_case+0x1a5/0x480
[   12.866689]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.866712]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.866750]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.866774]  ? __kthread_parkme+0x82/0x180
[   12.866795]  ? preempt_count_sub+0x50/0x80
[   12.866819]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.866851]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.866876]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.866901]  kthread+0x337/0x6f0
[   12.866920]  ? trace_preempt_on+0x20/0xc0
[   12.866943]  ? __pfx_kthread+0x10/0x10
[   12.866963]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.866985]  ? calculate_sigpending+0x7b/0xa0
[   12.867009]  ? __pfx_kthread+0x10/0x10
[   12.867030]  ret_from_fork+0x116/0x1d0
[   12.867050]  ? __pfx_kthread+0x10/0x10
[   12.867070]  ret_from_fork_asm+0x1a/0x30
[   12.867101]  </TASK>
[   12.867111] 
[   12.874647] The buggy address belongs to the physical page:
[   12.874906] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d0
[   12.875312] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.875684] flags: 0x200000000000040(head|node=0|zone=2)
[   12.875935] page_type: f8(unknown)
[   12.876098] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.876330] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.876678] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.877106] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.877615] head: 0200000000000002 ffffea000409f401 00000000ffffffff 00000000ffffffff
[   12.877875] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.878213] page dumped because: kasan: bad access detected
[   12.878609] 
[   12.878705] Memory state around the buggy address:
[   12.878897]  ffff8881027d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.879113]  ffff8881027d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.879349] >ffff8881027d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.879844]                                               ^
[   12.880110]  ffff8881027d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.880518]  ffff8881027d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.880793] ==================================================================
[   12.690748] ==================================================================
[   12.691169] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   12.691416] Write of size 1 at addr ffff888100342ac9 by task kunit_try_catch/175
[   12.692153] 
[   12.692491] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.692572] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.692584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.692606] Call Trace:
[   12.692632]  <TASK>
[   12.692649]  dump_stack_lvl+0x73/0xb0
[   12.692681]  print_report+0xd1/0x610
[   12.692703]  ? __virt_addr_valid+0x1db/0x2d0
[   12.692726]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.692750]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.692773]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.692798]  kasan_report+0x141/0x180
[   12.692819]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   12.692848]  __asan_report_store1_noabort+0x1b/0x30
[   12.692891]  krealloc_less_oob_helper+0xd70/0x11d0
[   12.692917]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.692942]  ? finish_task_switch.isra.0+0x153/0x700
[   12.692965]  ? __switch_to+0x47/0xf50
[   12.692990]  ? __schedule+0x10cc/0x2b60
[   12.693012]  ? __pfx_read_tsc+0x10/0x10
[   12.693036]  krealloc_less_oob+0x1c/0x30
[   12.693057]  kunit_try_run_case+0x1a5/0x480
[   12.693081]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.693104]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.693128]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.693152]  ? __kthread_parkme+0x82/0x180
[   12.693172]  ? preempt_count_sub+0x50/0x80
[   12.693195]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.693219]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.693313]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.693339]  kthread+0x337/0x6f0
[   12.693358]  ? trace_preempt_on+0x20/0xc0
[   12.693382]  ? __pfx_kthread+0x10/0x10
[   12.693420]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.693442]  ? calculate_sigpending+0x7b/0xa0
[   12.693466]  ? __pfx_kthread+0x10/0x10
[   12.693487]  ret_from_fork+0x116/0x1d0
[   12.693506]  ? __pfx_kthread+0x10/0x10
[   12.693526]  ret_from_fork_asm+0x1a/0x30
[   12.693564]  </TASK>
[   12.693574] 
[   12.705975] Allocated by task 175:
[   12.706618]  kasan_save_stack+0x45/0x70
[   12.706991]  kasan_save_track+0x18/0x40
[   12.707432]  kasan_save_alloc_info+0x3b/0x50
[   12.707972]  __kasan_krealloc+0x190/0x1f0
[   12.708401]  krealloc_noprof+0xf3/0x340
[   12.708844]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.709369]  krealloc_less_oob+0x1c/0x30
[   12.709786]  kunit_try_run_case+0x1a5/0x480
[   12.710167]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.710712]  kthread+0x337/0x6f0
[   12.711093]  ret_from_fork+0x116/0x1d0
[   12.711314]  ret_from_fork_asm+0x1a/0x30
[   12.711736] 
[   12.711895] The buggy address belongs to the object at ffff888100342a00
[   12.711895]  which belongs to the cache kmalloc-256 of size 256
[   12.712948] The buggy address is located 0 bytes to the right of
[   12.712948]  allocated 201-byte region [ffff888100342a00, ffff888100342ac9)
[   12.713528] 
[   12.713733] The buggy address belongs to the physical page:
[   12.714212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.715072] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.715575] flags: 0x200000000000040(head|node=0|zone=2)
[   12.715759] page_type: f5(slab)
[   12.715880] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.716116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.716650] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.717317] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.718032] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.718893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.719729] page dumped because: kasan: bad access detected
[   12.720430] 
[   12.720657] Memory state around the buggy address:
[   12.721082]  ffff888100342980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.721427]  ffff888100342a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.722056] >ffff888100342a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.722857]                                               ^
[   12.723100]  ffff888100342b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.723541]  ffff888100342b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.724166] ==================================================================
[   12.725106] ==================================================================
[   12.725757] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   12.726152] Write of size 1 at addr ffff888100342ad0 by task kunit_try_catch/175
[   12.726941] 
[   12.727131] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.727176] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.727187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.727208] Call Trace:
[   12.727222]  <TASK>
[   12.727236]  dump_stack_lvl+0x73/0xb0
[   12.727265]  print_report+0xd1/0x610
[   12.727286]  ? __virt_addr_valid+0x1db/0x2d0
[   12.727327]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.727352]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.727374]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.727399]  kasan_report+0x141/0x180
[   12.727437]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   12.727466]  __asan_report_store1_noabort+0x1b/0x30
[   12.727491]  krealloc_less_oob_helper+0xe23/0x11d0
[   12.727518]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.727543]  ? finish_task_switch.isra.0+0x153/0x700
[   12.727576]  ? __switch_to+0x47/0xf50
[   12.727600]  ? __schedule+0x10cc/0x2b60
[   12.727621]  ? __pfx_read_tsc+0x10/0x10
[   12.727646]  krealloc_less_oob+0x1c/0x30
[   12.727668]  kunit_try_run_case+0x1a5/0x480
[   12.727692]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.727714]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.727738]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.727762]  ? __kthread_parkme+0x82/0x180
[   12.727782]  ? preempt_count_sub+0x50/0x80
[   12.727804]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.727828]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.727852]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.727877]  kthread+0x337/0x6f0
[   12.727896]  ? trace_preempt_on+0x20/0xc0
[   12.727919]  ? __pfx_kthread+0x10/0x10
[   12.727939]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.727961]  ? calculate_sigpending+0x7b/0xa0
[   12.727984]  ? __pfx_kthread+0x10/0x10
[   12.728006]  ret_from_fork+0x116/0x1d0
[   12.728025]  ? __pfx_kthread+0x10/0x10
[   12.728052]  ret_from_fork_asm+0x1a/0x30
[   12.728084]  </TASK>
[   12.728093] 
[   12.737582] Allocated by task 175:
[   12.737762]  kasan_save_stack+0x45/0x70
[   12.737966]  kasan_save_track+0x18/0x40
[   12.738155]  kasan_save_alloc_info+0x3b/0x50
[   12.738625]  __kasan_krealloc+0x190/0x1f0
[   12.738814]  krealloc_noprof+0xf3/0x340
[   12.738991]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.739197]  krealloc_less_oob+0x1c/0x30
[   12.739487]  kunit_try_run_case+0x1a5/0x480
[   12.739691]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.739896]  kthread+0x337/0x6f0
[   12.740017]  ret_from_fork+0x116/0x1d0
[   12.740154]  ret_from_fork_asm+0x1a/0x30
[   12.740501] 
[   12.740620] The buggy address belongs to the object at ffff888100342a00
[   12.740620]  which belongs to the cache kmalloc-256 of size 256
[   12.741342] The buggy address is located 7 bytes to the right of
[   12.741342]  allocated 201-byte region [ffff888100342a00, ffff888100342ac9)
[   12.741857] 
[   12.741954] The buggy address belongs to the physical page:
[   12.742162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.742509] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.743023] flags: 0x200000000000040(head|node=0|zone=2)
[   12.743351] page_type: f5(slab)
[   12.743600] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.743883] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.744120] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.744413] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.744761] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.745233] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.745671] page dumped because: kasan: bad access detected
[   12.745847] 
[   12.745915] Memory state around the buggy address:
[   12.746069]  ffff888100342980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.746734]  ffff888100342a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.747066] >ffff888100342a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.747455]                                                  ^
[   12.747676]  ffff888100342b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.747893]  ffff888100342b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.748194] ==================================================================
[   12.923385] ==================================================================
[   12.924086] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   12.924540] Write of size 1 at addr ffff8881027d20ea by task kunit_try_catch/179
[   12.924858] 
[   12.924966] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.925008] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.925020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.925039] Call Trace:
[   12.925054]  <TASK>
[   12.925070]  dump_stack_lvl+0x73/0xb0
[   12.925098]  print_report+0xd1/0x610
[   12.925120]  ? __virt_addr_valid+0x1db/0x2d0
[   12.925143]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.925167]  ? kasan_addr_to_slab+0x11/0xa0
[   12.925188]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.925212]  kasan_report+0x141/0x180
[   12.925234]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   12.925568]  __asan_report_store1_noabort+0x1b/0x30
[   12.925596]  krealloc_less_oob_helper+0xe90/0x11d0
[   12.925623]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.925648]  ? irqentry_exit+0x2a/0x60
[   12.925704]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   12.925734]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   12.925762]  krealloc_large_less_oob+0x1c/0x30
[   12.925806]  kunit_try_run_case+0x1a5/0x480
[   12.925831]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.925854]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.925878]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.925902]  ? __kthread_parkme+0x82/0x180
[   12.925923]  ? preempt_count_sub+0x50/0x80
[   12.925947]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.925972]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.925996]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.926021]  kthread+0x337/0x6f0
[   12.926040]  ? trace_preempt_on+0x20/0xc0
[   12.926063]  ? __pfx_kthread+0x10/0x10
[   12.926084]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.926107]  ? calculate_sigpending+0x7b/0xa0
[   12.926131]  ? __pfx_kthread+0x10/0x10
[   12.926152]  ret_from_fork+0x116/0x1d0
[   12.926171]  ? __pfx_kthread+0x10/0x10
[   12.926191]  ret_from_fork_asm+0x1a/0x30
[   12.926222]  </TASK>
[   12.926232] 
[   12.941168] The buggy address belongs to the physical page:
[   12.941715] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d0
[   12.942480] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.943124] flags: 0x200000000000040(head|node=0|zone=2)
[   12.943681] page_type: f8(unknown)
[   12.944057] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.944628] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.944974] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.945209] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.945961] head: 0200000000000002 ffffea000409f401 00000000ffffffff 00000000ffffffff
[   12.946730] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.947580] page dumped because: kasan: bad access detected
[   12.947760] 
[   12.947828] Memory state around the buggy address:
[   12.947985]  ffff8881027d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.948208]  ffff8881027d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.948430] >ffff8881027d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   12.948935]                                                           ^
[   12.949597]  ffff8881027d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.950190]  ffff8881027d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.950867] ==================================================================
[   12.790258] ==================================================================
[   12.790592] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   12.790922] Write of size 1 at addr ffff888100342aeb by task kunit_try_catch/175
[   12.791498] 
[   12.791610] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.791650] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.791661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.791680] Call Trace:
[   12.791692]  <TASK>
[   12.791705]  dump_stack_lvl+0x73/0xb0
[   12.791732]  print_report+0xd1/0x610
[   12.791753]  ? __virt_addr_valid+0x1db/0x2d0
[   12.791774]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.791798]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.791821]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.791845]  kasan_report+0x141/0x180
[   12.791866]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   12.791895]  __asan_report_store1_noabort+0x1b/0x30
[   12.791920]  krealloc_less_oob_helper+0xd47/0x11d0
[   12.791947]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   12.791971]  ? finish_task_switch.isra.0+0x153/0x700
[   12.791993]  ? __switch_to+0x47/0xf50
[   12.792017]  ? __schedule+0x10cc/0x2b60
[   12.792038]  ? __pfx_read_tsc+0x10/0x10
[   12.792071]  krealloc_less_oob+0x1c/0x30
[   12.792093]  kunit_try_run_case+0x1a5/0x480
[   12.792116]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.792139]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.792162]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.792186]  ? __kthread_parkme+0x82/0x180
[   12.792205]  ? preempt_count_sub+0x50/0x80
[   12.792228]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.792252]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.792276]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.792301]  kthread+0x337/0x6f0
[   12.792319]  ? trace_preempt_on+0x20/0xc0
[   12.792342]  ? __pfx_kthread+0x10/0x10
[   12.792362]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.792435]  ? calculate_sigpending+0x7b/0xa0
[   12.792459]  ? __pfx_kthread+0x10/0x10
[   12.792481]  ret_from_fork+0x116/0x1d0
[   12.792500]  ? __pfx_kthread+0x10/0x10
[   12.792520]  ret_from_fork_asm+0x1a/0x30
[   12.792549]  </TASK>
[   12.792571] 
[   12.800217] Allocated by task 175:
[   12.800398]  kasan_save_stack+0x45/0x70
[   12.800773]  kasan_save_track+0x18/0x40
[   12.800965]  kasan_save_alloc_info+0x3b/0x50
[   12.801167]  __kasan_krealloc+0x190/0x1f0
[   12.801307]  krealloc_noprof+0xf3/0x340
[   12.801712]  krealloc_less_oob_helper+0x1aa/0x11d0
[   12.801964]  krealloc_less_oob+0x1c/0x30
[   12.802163]  kunit_try_run_case+0x1a5/0x480
[   12.802439]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.802681]  kthread+0x337/0x6f0
[   12.802831]  ret_from_fork+0x116/0x1d0
[   12.802963]  ret_from_fork_asm+0x1a/0x30
[   12.803104] 
[   12.803174] The buggy address belongs to the object at ffff888100342a00
[   12.803174]  which belongs to the cache kmalloc-256 of size 256
[   12.803805] The buggy address is located 34 bytes to the right of
[   12.803805]  allocated 201-byte region [ffff888100342a00, ffff888100342ac9)
[   12.804439] 
[   12.804535] The buggy address belongs to the physical page:
[   12.804727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100342
[   12.804968] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.805194] flags: 0x200000000000040(head|node=0|zone=2)
[   12.805830] page_type: f5(slab)
[   12.806010] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.806358] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.806768] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.807124] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.807439] head: 0200000000000001 ffffea000400d081 00000000ffffffff 00000000ffffffff
[   12.807709] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.808021] page dumped because: kasan: bad access detected
[   12.808278] 
[   12.808351] Memory state around the buggy address:
[   12.808663]  ffff888100342980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.808931]  ffff888100342a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.809189] >ffff888100342a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   12.809527]                                                           ^
[   12.809818]  ffff888100342b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.810059]  ffff888100342b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.810354] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

3003M942ob4BTLEn8Aseea5B8RJ

job_id

TEST:linaro@lkft#3003RZF7XnQmdPtM5cUiAwKFtCz

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/3003RZF7XnQmdPtM5cUiAwKFtCz

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003OTpuRWvyGUlL7jaPEGEgnga/bzImage
sha256sum	9e432f7c2ce284ae4c046a3c28b251bd05c2eeee0552939f78c78f7dfd4e4b62

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/3003OTpuRWvyGUlL7jaPEGEgnga/modules.tar.xz
sha256sum	0463dd5e8a00ad40cd4bcdb9cac1553cc5906788b61bb36c5984bb82fa7d83ab

durations

tests

boot	0
kunit	247.65

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit