lkft/linux-next-master - next-20250616 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 16, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   18.979617] ==================================================================
[   18.979732] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   18.979855] Write of size 1 at addr fff00000c604d2da by task kunit_try_catch/167
[   18.979974] 
[   18.980050] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   18.980249] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.980313] Hardware name: linux,dummy-virt (DT)
[   18.980384] Call trace:
[   18.980432]  show_stack+0x20/0x38 (C)
[   18.980538]  dump_stack_lvl+0x8c/0xd0
[   18.980639]  print_report+0x118/0x608
[   18.980742]  kasan_report+0xdc/0x128
[   18.981624]  __asan_report_store1_noabort+0x20/0x30
[   18.981788]  krealloc_less_oob_helper+0xa80/0xc50
[   18.981947]  krealloc_less_oob+0x20/0x38
[   18.982370]  kunit_try_run_case+0x170/0x3f0
[   18.982530]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.982718]  kthread+0x328/0x630
[   18.982873]  ret_from_fork+0x10/0x20
[   18.982991] 
[   18.983034] Allocated by task 167:
[   18.983097]  kasan_save_stack+0x3c/0x68
[   18.983184]  kasan_save_track+0x20/0x40
[   18.983267]  kasan_save_alloc_info+0x40/0x58
[   18.983352]  __kasan_krealloc+0x118/0x178
[   18.983437]  krealloc_noprof+0x128/0x360
[   18.983520]  krealloc_less_oob_helper+0x168/0xc50
[   18.983607]  krealloc_less_oob+0x20/0x38
[   18.983690]  kunit_try_run_case+0x170/0x3f0
[   18.983781]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.983892]  kthread+0x328/0x630
[   18.983971]  ret_from_fork+0x10/0x20
[   18.984049] 
[   18.984094] The buggy address belongs to the object at fff00000c604d200
[   18.984094]  which belongs to the cache kmalloc-256 of size 256
[   18.984226] The buggy address is located 17 bytes to the right of
[   18.984226]  allocated 201-byte region [fff00000c604d200, fff00000c604d2c9)
[   18.984375] 
[   18.985262] The buggy address belongs to the physical page:
[   18.985405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604c
[   18.985541] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.985638] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.985785] page_type: f5(slab)
[   18.985895] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.986003] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.986106] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.986195] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.986308] head: 0bfffe0000000001 ffffc1ffc3181301 00000000ffffffff 00000000ffffffff
[   18.986622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.986826] page dumped because: kasan: bad access detected
[   18.986989] 
[   18.987057] Memory state around the buggy address:
[   18.987134]  fff00000c604d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.987243]  fff00000c604d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.987351] >fff00000c604d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.987447]                                                     ^
[   18.987536]  fff00000c604d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.987642]  fff00000c604d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.987738] ==================================================================
[   19.070083] ==================================================================
[   19.070223] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.070361] Write of size 1 at addr fff00000c66160c9 by task kunit_try_catch/171
[   19.070479] 
[   19.070570] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.070786] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.070855] Hardware name: linux,dummy-virt (DT)
[   19.070931] Call trace:
[   19.071121]  show_stack+0x20/0x38 (C)
[   19.071417]  dump_stack_lvl+0x8c/0xd0
[   19.071522]  print_report+0x118/0x608
[   19.071626]  kasan_report+0xdc/0x128
[   19.072157]  __asan_report_store1_noabort+0x20/0x30
[   19.072282]  krealloc_less_oob_helper+0xa48/0xc50
[   19.072400]  krealloc_large_less_oob+0x20/0x38
[   19.072511]  kunit_try_run_case+0x170/0x3f0
[   19.072625]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.072744]  kthread+0x328/0x630
[   19.072854]  ret_from_fork+0x10/0x20
[   19.073159] 
[   19.073214] The buggy address belongs to the physical page:
[   19.073311] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614
[   19.073450] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.073604] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.073773] page_type: f8(unknown)
[   19.073931] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.074074] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.074220] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.074332] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.074455] head: 0bfffe0000000002 ffffc1ffc3198501 00000000ffffffff 00000000ffffffff
[   19.074593] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.074705] page dumped because: kasan: bad access detected
[   19.074775] 
[   19.074816] Memory state around the buggy address:
[   19.074902]  fff00000c6615f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.075339]  fff00000c6616000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.075488] >fff00000c6616080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.075609]                                               ^
[   19.075724]  fff00000c6616100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.075932]  fff00000c6616180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.076046] ==================================================================
[   18.954285] ==================================================================
[   18.954881] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   18.955783] Write of size 1 at addr fff00000c604d2c9 by task kunit_try_catch/167
[   18.956075] 
[   18.956256] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   18.956480] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.956860] Hardware name: linux,dummy-virt (DT)
[   18.957154] Call trace:
[   18.957246]  show_stack+0x20/0x38 (C)
[   18.957471]  dump_stack_lvl+0x8c/0xd0
[   18.957589]  print_report+0x118/0x608
[   18.958413]  kasan_report+0xdc/0x128
[   18.958546]  __asan_report_store1_noabort+0x20/0x30
[   18.958766]  krealloc_less_oob_helper+0xa48/0xc50
[   18.959119]  krealloc_less_oob+0x20/0x38
[   18.959251]  kunit_try_run_case+0x170/0x3f0
[   18.959370]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.960033]  kthread+0x328/0x630
[   18.960158]  ret_from_fork+0x10/0x20
[   18.960276] 
[   18.960492] Allocated by task 167:
[   18.960654]  kasan_save_stack+0x3c/0x68
[   18.960747]  kasan_save_track+0x20/0x40
[   18.961314]  kasan_save_alloc_info+0x40/0x58
[   18.961433]  __kasan_krealloc+0x118/0x178
[   18.961527]  krealloc_noprof+0x128/0x360
[   18.961695]  krealloc_less_oob_helper+0x168/0xc50
[   18.962092]  krealloc_less_oob+0x20/0x38
[   18.962470]  kunit_try_run_case+0x170/0x3f0
[   18.962591]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.962699]  kthread+0x328/0x630
[   18.962889]  ret_from_fork+0x10/0x20
[   18.963097] 
[   18.963179] The buggy address belongs to the object at fff00000c604d200
[   18.963179]  which belongs to the cache kmalloc-256 of size 256
[   18.963557] The buggy address is located 0 bytes to the right of
[   18.963557]  allocated 201-byte region [fff00000c604d200, fff00000c604d2c9)
[   18.963786] 
[   18.964078] The buggy address belongs to the physical page:
[   18.964444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604c
[   18.964731] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.965343] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.965499] page_type: f5(slab)
[   18.965601] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.966259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.966503] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.966852] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.967275] head: 0bfffe0000000001 ffffc1ffc3181301 00000000ffffffff 00000000ffffffff
[   18.967419] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.967526] page dumped because: kasan: bad access detected
[   18.967712] 
[   18.967768] Memory state around the buggy address:
[   18.968064]  fff00000c604d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.968186]  fff00000c604d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.968317] >fff00000c604d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.968412]                                               ^
[   18.968501]  fff00000c604d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.968607]  fff00000c604d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.968704] ==================================================================
[   19.002525] ==================================================================
[   19.002592] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.002658] Write of size 1 at addr fff00000c604d2eb by task kunit_try_catch/167
[   19.002713] 
[   19.002758] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.002882] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.002915] Hardware name: linux,dummy-virt (DT)
[   19.002951] Call trace:
[   19.002978]  show_stack+0x20/0x38 (C)
[   19.003034]  dump_stack_lvl+0x8c/0xd0
[   19.003086]  print_report+0x118/0x608
[   19.003137]  kasan_report+0xdc/0x128
[   19.003187]  __asan_report_store1_noabort+0x20/0x30
[   19.003240]  krealloc_less_oob_helper+0xa58/0xc50
[   19.003292]  krealloc_less_oob+0x20/0x38
[   19.003342]  kunit_try_run_case+0x170/0x3f0
[   19.003393]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.003449]  kthread+0x328/0x630
[   19.003495]  ret_from_fork+0x10/0x20
[   19.003548] 
[   19.003570] Allocated by task 167:
[   19.003603]  kasan_save_stack+0x3c/0x68
[   19.003650]  kasan_save_track+0x20/0x40
[   19.003692]  kasan_save_alloc_info+0x40/0x58
[   19.003731]  __kasan_krealloc+0x118/0x178
[   19.003772]  krealloc_noprof+0x128/0x360
[   19.003813]  krealloc_less_oob_helper+0x168/0xc50
[   19.003953]  krealloc_less_oob+0x20/0x38
[   19.004050]  kunit_try_run_case+0x170/0x3f0
[   19.004236]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.004403]  kthread+0x328/0x630
[   19.004535]  ret_from_fork+0x10/0x20
[   19.004623] 
[   19.004671] The buggy address belongs to the object at fff00000c604d200
[   19.004671]  which belongs to the cache kmalloc-256 of size 256
[   19.004824] The buggy address is located 34 bytes to the right of
[   19.004824]  allocated 201-byte region [fff00000c604d200, fff00000c604d2c9)
[   19.005604] 
[   19.005695] The buggy address belongs to the physical page:
[   19.006215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604c
[   19.006665] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.006874] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.007025] page_type: f5(slab)
[   19.007220] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.007347] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.007467] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.007588] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.007737] head: 0bfffe0000000001 ffffc1ffc3181301 00000000ffffffff 00000000ffffffff
[   19.007923] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.008070] page dumped because: kasan: bad access detected
[   19.008173] 
[   19.008240] Memory state around the buggy address:
[   19.008338]  fff00000c604d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.008462]  fff00000c604d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.008606] >fff00000c604d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.008734]                                                           ^
[   19.008876]  fff00000c604d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.008987]  fff00000c604d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.009074] ==================================================================
[   19.093962] ==================================================================
[   19.094403] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   19.094553] Write of size 1 at addr fff00000c66160ea by task kunit_try_catch/171
[   19.094666] 
[   19.094946] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.095241] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.095324] Hardware name: linux,dummy-virt (DT)
[   19.095472] Call trace:
[   19.095553]  show_stack+0x20/0x38 (C)
[   19.095700]  dump_stack_lvl+0x8c/0xd0
[   19.095805]  print_report+0x118/0x608
[   19.095928]  kasan_report+0xdc/0x128
[   19.096357]  __asan_report_store1_noabort+0x20/0x30
[   19.096514]  krealloc_less_oob_helper+0xae4/0xc50
[   19.096684]  krealloc_large_less_oob+0x20/0x38
[   19.096813]  kunit_try_run_case+0x170/0x3f0
[   19.096943]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.097357]  kthread+0x328/0x630
[   19.097500]  ret_from_fork+0x10/0x20
[   19.097645] 
[   19.097700] The buggy address belongs to the physical page:
[   19.097798] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614
[   19.097942] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.098219] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.098353] page_type: f8(unknown)
[   19.098723] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.098940] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.099118] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.099247] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.099414] head: 0bfffe0000000002 ffffc1ffc3198501 00000000ffffffff 00000000ffffffff
[   19.099556] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.099664] page dumped because: kasan: bad access detected
[   19.099746] 
[   19.099797] Memory state around the buggy address:
[   19.099893]  fff00000c6615f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.100128]  fff00000c6616000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.100246] >fff00000c6616080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.100346]                                                           ^
[   19.100832]  fff00000c6616100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.100994]  fff00000c6616180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.101130] ==================================================================
[   19.101721] ==================================================================
[   19.101852] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   19.102274] Write of size 1 at addr fff00000c66160eb by task kunit_try_catch/171
[   19.102448] 
[   19.102552] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.102797] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.102891] Hardware name: linux,dummy-virt (DT)
[   19.103004] Call trace:
[   19.103078]  show_stack+0x20/0x38 (C)
[   19.103239]  dump_stack_lvl+0x8c/0xd0
[   19.103395]  print_report+0x118/0x608
[   19.103531]  kasan_report+0xdc/0x128
[   19.103651]  __asan_report_store1_noabort+0x20/0x30
[   19.103775]  krealloc_less_oob_helper+0xa58/0xc50
[   19.103903]  krealloc_large_less_oob+0x20/0x38
[   19.104349]  kunit_try_run_case+0x170/0x3f0
[   19.104662]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.104871]  kthread+0x328/0x630
[   19.105245]  ret_from_fork+0x10/0x20
[   19.105416] 
[   19.105458] The buggy address belongs to the physical page:
[   19.105516] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614
[   19.105626] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.105882] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.106119] page_type: f8(unknown)
[   19.106329] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.106708] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.107112] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.107356] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.107596] head: 0bfffe0000000002 ffffc1ffc3198501 00000000ffffffff 00000000ffffffff
[   19.107896] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.108065] page dumped because: kasan: bad access detected
[   19.108149] 
[   19.108252] Memory state around the buggy address:
[   19.108441]  fff00000c6615f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.108658]  fff00000c6616000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.109021] >fff00000c6616080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.109138]                                                           ^
[   19.109270]  fff00000c6616100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.109404]  fff00000c6616180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.109505] ==================================================================
[   19.078088] ==================================================================
[   19.078206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   19.078330] Write of size 1 at addr fff00000c66160d0 by task kunit_try_catch/171
[   19.078454] 
[   19.078539] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.078752] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.078820] Hardware name: linux,dummy-virt (DT)
[   19.078916] Call trace:
[   19.078972]  show_stack+0x20/0x38 (C)
[   19.079135]  dump_stack_lvl+0x8c/0xd0
[   19.079585]  print_report+0x118/0x608
[   19.079922]  kasan_report+0xdc/0x128
[   19.080070]  __asan_report_store1_noabort+0x20/0x30
[   19.080227]  krealloc_less_oob_helper+0xb9c/0xc50
[   19.080343]  krealloc_large_less_oob+0x20/0x38
[   19.080451]  kunit_try_run_case+0x170/0x3f0
[   19.080567]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.080691]  kthread+0x328/0x630
[   19.081097]  ret_from_fork+0x10/0x20
[   19.081460] 
[   19.081507] The buggy address belongs to the physical page:
[   19.081696] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614
[   19.081844] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.081952] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.082058] page_type: f8(unknown)
[   19.082143] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.082436] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.082775] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.082955] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.083073] head: 0bfffe0000000002 ffffc1ffc3198501 00000000ffffffff 00000000ffffffff
[   19.083197] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.083306] page dumped because: kasan: bad access detected
[   19.083410] 
[   19.083468] Memory state around the buggy address:
[   19.083569]  fff00000c6615f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.083710]  fff00000c6616000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.083873] >fff00000c6616080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.083956]                                                  ^
[   19.084044]  fff00000c6616100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.084458]  fff00000c6616180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.084554] ==================================================================
[   18.990316] ==================================================================
[   18.990521] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   18.990646] Write of size 1 at addr fff00000c604d2ea by task kunit_try_catch/167
[   18.990755] 
[   18.990827] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   18.991054] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.991119] Hardware name: linux,dummy-virt (DT)
[   18.991193] Call trace:
[   18.991247]  show_stack+0x20/0x38 (C)
[   18.991362]  dump_stack_lvl+0x8c/0xd0
[   18.991472]  print_report+0x118/0x608
[   18.991579]  kasan_report+0xdc/0x128
[   18.991685]  __asan_report_store1_noabort+0x20/0x30
[   18.991796]  krealloc_less_oob_helper+0xae4/0xc50
[   18.991921]  krealloc_less_oob+0x20/0x38
[   18.992027]  kunit_try_run_case+0x170/0x3f0
[   18.992139]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.992263]  kthread+0x328/0x630
[   18.992360]  ret_from_fork+0x10/0x20
[   18.992468] 
[   18.992513] Allocated by task 167:
[   18.992578]  kasan_save_stack+0x3c/0x68
[   18.992671]  kasan_save_track+0x20/0x40
[   18.992758]  kasan_save_alloc_info+0x40/0x58
[   18.992885]  __kasan_krealloc+0x118/0x178
[   18.992969]  krealloc_noprof+0x128/0x360
[   18.993057]  krealloc_less_oob_helper+0x168/0xc50
[   18.993158]  krealloc_less_oob+0x20/0x38
[   18.993241]  kunit_try_run_case+0x170/0x3f0
[   18.993338]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.993504]  kthread+0x328/0x630
[   18.994088]  ret_from_fork+0x10/0x20
[   18.994240] 
[   18.994293] The buggy address belongs to the object at fff00000c604d200
[   18.994293]  which belongs to the cache kmalloc-256 of size 256
[   18.994494] The buggy address is located 33 bytes to the right of
[   18.994494]  allocated 201-byte region [fff00000c604d200, fff00000c604d2c9)
[   18.995124] 
[   18.995373] The buggy address belongs to the physical page:
[   18.995461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604c
[   18.996132] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.996276] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.996415] page_type: f5(slab)
[   18.996582] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.997181] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.997432] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.997634] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.997786] head: 0bfffe0000000001 ffffc1ffc3181301 00000000ffffffff 00000000ffffffff
[   18.997947] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.998517] page dumped because: kasan: bad access detected
[   18.998686] 
[   18.998739] Memory state around the buggy address:
[   18.999867]  fff00000c604d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.000063]  fff00000c604d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.000609] >fff00000c604d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   19.000813]                                                           ^
[   19.001006]  fff00000c604d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.001193]  fff00000c604d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.001393] ==================================================================
[   18.971450] ==================================================================
[   18.971558] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   18.971961] Write of size 1 at addr fff00000c604d2d0 by task kunit_try_catch/167
[   18.972119] 
[   18.972234] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   18.972443] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.972528] Hardware name: linux,dummy-virt (DT)
[   18.972627] Call trace:
[   18.972697]  show_stack+0x20/0x38 (C)
[   18.972872]  dump_stack_lvl+0x8c/0xd0
[   18.972975]  print_report+0x118/0x608
[   18.973288]  kasan_report+0xdc/0x128
[   18.973429]  __asan_report_store1_noabort+0x20/0x30
[   18.973546]  krealloc_less_oob_helper+0xb9c/0xc50
[   18.973787]  krealloc_less_oob+0x20/0x38
[   18.973918]  kunit_try_run_case+0x170/0x3f0
[   18.974033]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.974099]  kthread+0x328/0x630
[   18.974150]  ret_from_fork+0x10/0x20
[   18.974209] 
[   18.974233] Allocated by task 167:
[   18.974271]  kasan_save_stack+0x3c/0x68
[   18.974322]  kasan_save_track+0x20/0x40
[   18.974363]  kasan_save_alloc_info+0x40/0x58
[   18.974403]  __kasan_krealloc+0x118/0x178
[   18.974444]  krealloc_noprof+0x128/0x360
[   18.974486]  krealloc_less_oob_helper+0x168/0xc50
[   18.974528]  krealloc_less_oob+0x20/0x38
[   18.974567]  kunit_try_run_case+0x170/0x3f0
[   18.974607]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.974652]  kthread+0x328/0x630
[   18.974687]  ret_from_fork+0x10/0x20
[   18.974726] 
[   18.974749] The buggy address belongs to the object at fff00000c604d200
[   18.974749]  which belongs to the cache kmalloc-256 of size 256
[   18.974811] The buggy address is located 7 bytes to the right of
[   18.974811]  allocated 201-byte region [fff00000c604d200, fff00000c604d2c9)
[   18.974945] 
[   18.974992] The buggy address belongs to the physical page:
[   18.975137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604c
[   18.975333] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.975892] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   18.976086] page_type: f5(slab)
[   18.976199] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.976310] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.976475] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   18.976592] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.976710] head: 0bfffe0000000001 ffffc1ffc3181301 00000000ffffffff 00000000ffffffff
[   18.976844] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   18.976951] page dumped because: kasan: bad access detected
[   18.977026] 
[   18.977097] Memory state around the buggy address:
[   18.977160]  fff00000c604d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.977260]  fff00000c604d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.977358] >fff00000c604d280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   18.977611]                                                  ^
[   18.977802]  fff00000c604d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.977935]  fff00000c604d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.978027] ==================================================================
[   19.086695] ==================================================================
[   19.086809] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   19.086942] Write of size 1 at addr fff00000c66160da by task kunit_try_catch/171
[   19.087264] 
[   19.087383] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT 
[   19.087665] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.087763] Hardware name: linux,dummy-virt (DT)
[   19.087866] Call trace:
[   19.087939]  show_stack+0x20/0x38 (C)
[   19.088080]  dump_stack_lvl+0x8c/0xd0
[   19.088217]  print_report+0x118/0x608
[   19.088335]  kasan_report+0xdc/0x128
[   19.088435]  __asan_report_store1_noabort+0x20/0x30
[   19.088923]  krealloc_less_oob_helper+0xa80/0xc50
[   19.089063]  krealloc_large_less_oob+0x20/0x38
[   19.089220]  kunit_try_run_case+0x170/0x3f0
[   19.089425]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.089554]  kthread+0x328/0x630
[   19.089850]  ret_from_fork+0x10/0x20
[   19.090017] 
[   19.090071] The buggy address belongs to the physical page:
[   19.090152] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106614
[   19.090285] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.090401] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.090539] page_type: f8(unknown)
[   19.090671] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.090830] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.091006] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.091168] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.091310] head: 0bfffe0000000002 ffffc1ffc3198501 00000000ffffffff 00000000ffffffff
[   19.091424] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.091524] page dumped because: kasan: bad access detected
[   19.091597] 
[   19.091993] Memory state around the buggy address:
[   19.092114]  fff00000c6615f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.092264]  fff00000c6616000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.092384] >fff00000c6616080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   19.092482]                                                     ^
[   19.092576]  fff00000c6616100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.092682]  fff00000c6616180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.092780] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya0zPCLTsXcgMlhuwl4B74eGRP

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya0zPCLTsXcgMlhuwl4B74eGRP

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/Image.gz
sha256sum	a07f652b6ef2a3b23147f3c325e2115d921a305a0923eab0aef242be63afbe4f

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0vm6yYjmTuogwAyFUW0mW6fI/modules.tar.xz
sha256sum	793787324999d0aa7d217eac21d3f904d0017c4f6b9bafdc8cd21afd90a18cf2

durations

tests

boot	0
kunit	252.96

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   11.037711] ==================================================================
[   11.038279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.038646] Write of size 1 at addr ffff888100a2a0c9 by task kunit_try_catch/183
[   11.038913] 
[   11.039111] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.039159] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.039171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.039192] Call Trace:
[   11.039377]  <TASK>
[   11.039397]  dump_stack_lvl+0x73/0xb0
[   11.039427]  print_report+0xd1/0x650
[   11.039528]  ? __virt_addr_valid+0x1db/0x2d0
[   11.039551]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.039583]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.039604]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.039690]  kasan_report+0x141/0x180
[   11.039711]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.039739]  __asan_report_store1_noabort+0x1b/0x30
[   11.039762]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.039787]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.039809]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.039838]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.039864]  krealloc_less_oob+0x1c/0x30
[   11.039968]  kunit_try_run_case+0x1a5/0x480
[   11.039994]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.040015]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.040037]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.040059]  ? __kthread_parkme+0x82/0x180
[   11.040079]  ? preempt_count_sub+0x50/0x80
[   11.040102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.040124]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.040145]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.040167]  kthread+0x337/0x6f0
[   11.040186]  ? trace_preempt_on+0x20/0xc0
[   11.040210]  ? __pfx_kthread+0x10/0x10
[   11.040229]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.040249]  ? calculate_sigpending+0x7b/0xa0
[   11.040272]  ? __pfx_kthread+0x10/0x10
[   11.040293]  ret_from_fork+0x116/0x1d0
[   11.040311]  ? __pfx_kthread+0x10/0x10
[   11.040330]  ret_from_fork_asm+0x1a/0x30
[   11.040361]  </TASK>
[   11.040371] 
[   11.048593] Allocated by task 183:
[   11.048771]  kasan_save_stack+0x45/0x70
[   11.048971]  kasan_save_track+0x18/0x40
[   11.049152]  kasan_save_alloc_info+0x3b/0x50
[   11.049300]  __kasan_krealloc+0x190/0x1f0
[   11.049505]  krealloc_noprof+0xf3/0x340
[   11.049759]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.050282]  krealloc_less_oob+0x1c/0x30
[   11.050748]  kunit_try_run_case+0x1a5/0x480
[   11.051145]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.051696]  kthread+0x337/0x6f0
[   11.052018]  ret_from_fork+0x116/0x1d0
[   11.052428]  ret_from_fork_asm+0x1a/0x30
[   11.052772] 
[   11.053021] The buggy address belongs to the object at ffff888100a2a000
[   11.053021]  which belongs to the cache kmalloc-256 of size 256
[   11.054226] The buggy address is located 0 bytes to the right of
[   11.054226]  allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9)
[   11.055385] 
[   11.055476] The buggy address belongs to the physical page:
[   11.055940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   11.056268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.056814] flags: 0x200000000000040(head|node=0|zone=2)
[   11.057262] page_type: f5(slab)
[   11.057567] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.058346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.059016] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.059326] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.059896] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   11.060642] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.061101] page dumped because: kasan: bad access detected
[   11.061327] 
[   11.061837] Memory state around the buggy address:
[   11.062095]  ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.062375]  ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.063165] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.063818]                                               ^
[   11.064176]  ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.064786]  ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.065192] ==================================================================
[   11.274434] ==================================================================
[   11.274979] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.275334] Write of size 1 at addr ffff888102ad20da by task kunit_try_catch/187
[   11.275630] 
[   11.275732] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.275788] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.275799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.275818] Call Trace:
[   11.275834]  <TASK>
[   11.275850]  dump_stack_lvl+0x73/0xb0
[   11.275876]  print_report+0xd1/0x650
[   11.275897]  ? __virt_addr_valid+0x1db/0x2d0
[   11.275918]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.275949]  ? kasan_addr_to_slab+0x11/0xa0
[   11.275968]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.275990]  kasan_report+0x141/0x180
[   11.276010]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.276037]  __asan_report_store1_noabort+0x1b/0x30
[   11.276159]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.276187]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.276209]  ? finish_task_switch.isra.0+0x153/0x700
[   11.276229]  ? __switch_to+0x47/0xf50
[   11.276253]  ? __schedule+0x10cc/0x2b60
[   11.276274]  ? __pfx_read_tsc+0x10/0x10
[   11.276297]  krealloc_large_less_oob+0x1c/0x30
[   11.276318]  kunit_try_run_case+0x1a5/0x480
[   11.276341]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.276361]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.276382]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.276451]  ? __kthread_parkme+0x82/0x180
[   11.276495]  ? preempt_count_sub+0x50/0x80
[   11.276517]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.276539]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.276560]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.276582]  kthread+0x337/0x6f0
[   11.276600]  ? trace_preempt_on+0x20/0xc0
[   11.276623]  ? __pfx_kthread+0x10/0x10
[   11.276659]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.276679]  ? calculate_sigpending+0x7b/0xa0
[   11.276717]  ? __pfx_kthread+0x10/0x10
[   11.276751]  ret_from_fork+0x116/0x1d0
[   11.276769]  ? __pfx_kthread+0x10/0x10
[   11.276788]  ret_from_fork_asm+0x1a/0x30
[   11.276831]  </TASK>
[   11.276855] 
[   11.285251] The buggy address belongs to the physical page:
[   11.285480] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0
[   11.285813] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.286375] flags: 0x200000000000040(head|node=0|zone=2)
[   11.286647] page_type: f8(unknown)
[   11.286887] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.287169] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.287675] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.288003] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.288332] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff
[   11.288682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.289019] page dumped because: kasan: bad access detected
[   11.289411] 
[   11.289564] Memory state around the buggy address:
[   11.289774]  ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.290030]  ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.290321] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.290701]                                                     ^
[   11.290990]  ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.291319]  ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.291620] ==================================================================
[   11.292169] ==================================================================
[   11.292639] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.293414] Write of size 1 at addr ffff888102ad20ea by task kunit_try_catch/187
[   11.293651] 
[   11.293744] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.293786] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.293797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.293815] Call Trace:
[   11.293830]  <TASK>
[   11.293845]  dump_stack_lvl+0x73/0xb0
[   11.293872]  print_report+0xd1/0x650
[   11.293985]  ? __virt_addr_valid+0x1db/0x2d0
[   11.294013]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.294035]  ? kasan_addr_to_slab+0x11/0xa0
[   11.294055]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.294077]  kasan_report+0x141/0x180
[   11.294098]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.294124]  __asan_report_store1_noabort+0x1b/0x30
[   11.294147]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.294171]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.294194]  ? finish_task_switch.isra.0+0x153/0x700
[   11.294216]  ? __switch_to+0x47/0xf50
[   11.294241]  ? __schedule+0x10cc/0x2b60
[   11.294262]  ? __pfx_read_tsc+0x10/0x10
[   11.294286]  krealloc_large_less_oob+0x1c/0x30
[   11.294307]  kunit_try_run_case+0x1a5/0x480
[   11.294330]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.294351]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.294372]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.294393]  ? __kthread_parkme+0x82/0x180
[   11.294452]  ? preempt_count_sub+0x50/0x80
[   11.294474]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.294496]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.294517]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.294539]  kthread+0x337/0x6f0
[   11.294558]  ? trace_preempt_on+0x20/0xc0
[   11.294581]  ? __pfx_kthread+0x10/0x10
[   11.294601]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.294620]  ? calculate_sigpending+0x7b/0xa0
[   11.294643]  ? __pfx_kthread+0x10/0x10
[   11.294663]  ret_from_fork+0x116/0x1d0
[   11.294680]  ? __pfx_kthread+0x10/0x10
[   11.294700]  ret_from_fork_asm+0x1a/0x30
[   11.294730]  </TASK>
[   11.294741] 
[   11.302260] The buggy address belongs to the physical page:
[   11.302714] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0
[   11.303021] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.303312] flags: 0x200000000000040(head|node=0|zone=2)
[   11.303550] page_type: f8(unknown)
[   11.303724] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.303996] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.304285] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.304853] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.305192] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff
[   11.305605] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.305953] page dumped because: kasan: bad access detected
[   11.306176] 
[   11.306250] Memory state around the buggy address:
[   11.306440]  ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.306773]  ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.306995] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.307213]                                                           ^
[   11.307496]  ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.307808]  ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.308114] ==================================================================
[   11.149067] ==================================================================
[   11.149374] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.150166] Write of size 1 at addr ffff888100a2a0eb by task kunit_try_catch/183
[   11.150844] 
[   11.151151] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.151203] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.151214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.151234] Call Trace:
[   11.151262]  <TASK>
[   11.151281]  dump_stack_lvl+0x73/0xb0
[   11.151311]  print_report+0xd1/0x650
[   11.151333]  ? __virt_addr_valid+0x1db/0x2d0
[   11.151355]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.151377]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.151595]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.151623]  kasan_report+0x141/0x180
[   11.151645]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.151674]  __asan_report_store1_noabort+0x1b/0x30
[   11.151698]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.151731]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.151753]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.151781]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.151806]  krealloc_less_oob+0x1c/0x30
[   11.151826]  kunit_try_run_case+0x1a5/0x480
[   11.151849]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.151870]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.151891]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.151912]  ? __kthread_parkme+0x82/0x180
[   11.151944]  ? preempt_count_sub+0x50/0x80
[   11.151967]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.151990]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.152012]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.152033]  kthread+0x337/0x6f0
[   11.152051]  ? trace_preempt_on+0x20/0xc0
[   11.152074]  ? __pfx_kthread+0x10/0x10
[   11.152094]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.152113]  ? calculate_sigpending+0x7b/0xa0
[   11.152136]  ? __pfx_kthread+0x10/0x10
[   11.152156]  ret_from_fork+0x116/0x1d0
[   11.152174]  ? __pfx_kthread+0x10/0x10
[   11.152194]  ret_from_fork_asm+0x1a/0x30
[   11.152223]  </TASK>
[   11.152234] 
[   11.162102] Allocated by task 183:
[   11.162265]  kasan_save_stack+0x45/0x70
[   11.162495]  kasan_save_track+0x18/0x40
[   11.162628]  kasan_save_alloc_info+0x3b/0x50
[   11.163083]  __kasan_krealloc+0x190/0x1f0
[   11.163244]  krealloc_noprof+0xf3/0x340
[   11.163493]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.163975]  krealloc_less_oob+0x1c/0x30
[   11.164169]  kunit_try_run_case+0x1a5/0x480
[   11.164359]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.164759]  kthread+0x337/0x6f0
[   11.164892]  ret_from_fork+0x116/0x1d0
[   11.165085]  ret_from_fork_asm+0x1a/0x30
[   11.165277] 
[   11.165372] The buggy address belongs to the object at ffff888100a2a000
[   11.165372]  which belongs to the cache kmalloc-256 of size 256
[   11.166008] The buggy address is located 34 bytes to the right of
[   11.166008]  allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9)
[   11.166945] 
[   11.167038] The buggy address belongs to the physical page:
[   11.167203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   11.167794] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.168222] flags: 0x200000000000040(head|node=0|zone=2)
[   11.168794] page_type: f5(slab)
[   11.168991] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.169668] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.170011] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.170378] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.170951] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   11.171352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.171781] page dumped because: kasan: bad access detected
[   11.172048] 
[   11.172123] Memory state around the buggy address:
[   11.172325]  ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.172783]  ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.173069] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.173363]                                                           ^
[   11.173590]  ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.173832]  ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.174321] ==================================================================
[   11.231502] ==================================================================
[   11.232099] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   11.232347] Write of size 1 at addr ffff888102ad20c9 by task kunit_try_catch/187
[   11.232602] 
[   11.232687] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.233073] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.233087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.233109] Call Trace:
[   11.233122]  <TASK>
[   11.233140]  dump_stack_lvl+0x73/0xb0
[   11.233170]  print_report+0xd1/0x650
[   11.233192]  ? __virt_addr_valid+0x1db/0x2d0
[   11.233214]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.233236]  ? kasan_addr_to_slab+0x11/0xa0
[   11.233255]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.233277]  kasan_report+0x141/0x180
[   11.233298]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   11.233324]  __asan_report_store1_noabort+0x1b/0x30
[   11.233347]  krealloc_less_oob_helper+0xd70/0x11d0
[   11.233371]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.233615]  ? finish_task_switch.isra.0+0x153/0x700
[   11.233642]  ? __switch_to+0x47/0xf50
[   11.233669]  ? __schedule+0x10cc/0x2b60
[   11.233696]  ? __pfx_read_tsc+0x10/0x10
[   11.233720]  krealloc_large_less_oob+0x1c/0x30
[   11.233742]  kunit_try_run_case+0x1a5/0x480
[   11.233765]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.233786]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.233807]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.233828]  ? __kthread_parkme+0x82/0x180
[   11.233847]  ? preempt_count_sub+0x50/0x80
[   11.233868]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.233890]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.233913]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.233947]  kthread+0x337/0x6f0
[   11.233965]  ? trace_preempt_on+0x20/0xc0
[   11.233989]  ? __pfx_kthread+0x10/0x10
[   11.234008]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.234027]  ? calculate_sigpending+0x7b/0xa0
[   11.234050]  ? __pfx_kthread+0x10/0x10
[   11.234070]  ret_from_fork+0x116/0x1d0
[   11.234087]  ? __pfx_kthread+0x10/0x10
[   11.234106]  ret_from_fork_asm+0x1a/0x30
[   11.234135]  </TASK>
[   11.234147] 
[   11.247603] The buggy address belongs to the physical page:
[   11.248091] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0
[   11.248483] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.248886] flags: 0x200000000000040(head|node=0|zone=2)
[   11.249408] page_type: f8(unknown)
[   11.249768] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.250104] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.250329] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.250982] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.251748] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff
[   11.252580] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.252894] page dumped because: kasan: bad access detected
[   11.253077] 
[   11.253144] Memory state around the buggy address:
[   11.253292]  ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.253566]  ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.253997] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.254385]                                               ^
[   11.254619]  ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.254961]  ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.255264] ==================================================================
[   11.066896] ==================================================================
[   11.067229] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.067563] Write of size 1 at addr ffff888100a2a0d0 by task kunit_try_catch/183
[   11.068154] 
[   11.068257] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.068306] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.068317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.068337] Call Trace:
[   11.068349]  <TASK>
[   11.068366]  dump_stack_lvl+0x73/0xb0
[   11.068460]  print_report+0xd1/0x650
[   11.068509]  ? __virt_addr_valid+0x1db/0x2d0
[   11.068531]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.068553]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.068584]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.068607]  kasan_report+0x141/0x180
[   11.068627]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.068655]  __asan_report_store1_noabort+0x1b/0x30
[   11.068687]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.068711]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.068733]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.068771]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.068796]  krealloc_less_oob+0x1c/0x30
[   11.068816]  kunit_try_run_case+0x1a5/0x480
[   11.068839]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.068860]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.068881]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.068902]  ? __kthread_parkme+0x82/0x180
[   11.068921]  ? preempt_count_sub+0x50/0x80
[   11.068953]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.068975]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.068996]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.069017]  kthread+0x337/0x6f0
[   11.069036]  ? trace_preempt_on+0x20/0xc0
[   11.069059]  ? __pfx_kthread+0x10/0x10
[   11.069079]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.069098]  ? calculate_sigpending+0x7b/0xa0
[   11.069122]  ? __pfx_kthread+0x10/0x10
[   11.069142]  ret_from_fork+0x116/0x1d0
[   11.069160]  ? __pfx_kthread+0x10/0x10
[   11.069179]  ret_from_fork_asm+0x1a/0x30
[   11.069209]  </TASK>
[   11.069220] 
[   11.078187] Allocated by task 183:
[   11.078316]  kasan_save_stack+0x45/0x70
[   11.078454]  kasan_save_track+0x18/0x40
[   11.078583]  kasan_save_alloc_info+0x3b/0x50
[   11.078947]  __kasan_krealloc+0x190/0x1f0
[   11.079360]  krealloc_noprof+0xf3/0x340
[   11.081242]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.081421]  krealloc_less_oob+0x1c/0x30
[   11.081553]  kunit_try_run_case+0x1a5/0x480
[   11.081699]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.081866]  kthread+0x337/0x6f0
[   11.081996]  ret_from_fork+0x116/0x1d0
[   11.082199]  ret_from_fork_asm+0x1a/0x30
[   11.082428] 
[   11.082510] The buggy address belongs to the object at ffff888100a2a000
[   11.082510]  which belongs to the cache kmalloc-256 of size 256
[   11.084119] The buggy address is located 7 bytes to the right of
[   11.084119]  allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9)
[   11.084511] 
[   11.084582] The buggy address belongs to the physical page:
[   11.085040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   11.085563] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.085858] flags: 0x200000000000040(head|node=0|zone=2)
[   11.086053] page_type: f5(slab)
[   11.086170] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.086391] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.086920] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.088782] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.089048] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   11.089389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.089640] page dumped because: kasan: bad access detected
[   11.089809] 
[   11.089873] Memory state around the buggy address:
[   11.090774]  ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.091102]  ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.091399] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.091864]                                                  ^
[   11.092138]  ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.092559]  ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.092846] ==================================================================
[   11.308389] ==================================================================
[   11.308607] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.309148] Write of size 1 at addr ffff888102ad20eb by task kunit_try_catch/187
[   11.309486] 
[   11.309593] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.309639] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.309649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.309669] Call Trace:
[   11.309694]  <TASK>
[   11.309898]  dump_stack_lvl+0x73/0xb0
[   11.309949]  print_report+0xd1/0x650
[   11.309972]  ? __virt_addr_valid+0x1db/0x2d0
[   11.309994]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.310016]  ? kasan_addr_to_slab+0x11/0xa0
[   11.310035]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.310057]  kasan_report+0x141/0x180
[   11.310078]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.310104]  __asan_report_store1_noabort+0x1b/0x30
[   11.310128]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.310152]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.310174]  ? finish_task_switch.isra.0+0x153/0x700
[   11.310195]  ? __switch_to+0x47/0xf50
[   11.310219]  ? __schedule+0x10cc/0x2b60
[   11.310240]  ? __pfx_read_tsc+0x10/0x10
[   11.310263]  krealloc_large_less_oob+0x1c/0x30
[   11.310284]  kunit_try_run_case+0x1a5/0x480
[   11.310307]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.310328]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.310349]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.310370]  ? __kthread_parkme+0x82/0x180
[   11.310389]  ? preempt_count_sub+0x50/0x80
[   11.310469]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.310494]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.310516]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.310537]  kthread+0x337/0x6f0
[   11.310556]  ? trace_preempt_on+0x20/0xc0
[   11.310578]  ? __pfx_kthread+0x10/0x10
[   11.310598]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.310617]  ? calculate_sigpending+0x7b/0xa0
[   11.310640]  ? __pfx_kthread+0x10/0x10
[   11.310660]  ret_from_fork+0x116/0x1d0
[   11.310678]  ? __pfx_kthread+0x10/0x10
[   11.310698]  ret_from_fork_asm+0x1a/0x30
[   11.310728]  </TASK>
[   11.310740] 
[   11.318332] The buggy address belongs to the physical page:
[   11.318535] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0
[   11.318776] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.319295] flags: 0x200000000000040(head|node=0|zone=2)
[   11.319637] page_type: f8(unknown)
[   11.319764] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.320025] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.320353] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.320790] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.321106] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff
[   11.321369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.321952] page dumped because: kasan: bad access detected
[   11.322156] 
[   11.322246] Memory state around the buggy address:
[   11.322516]  ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.322807]  ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.323100] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.323367]                                                           ^
[   11.323665]  ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.323955]  ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.324243] ==================================================================
[   11.255744] ==================================================================
[   11.256076] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   11.256394] Write of size 1 at addr ffff888102ad20d0 by task kunit_try_catch/187
[   11.256742] 
[   11.256823] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.256865] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.256875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.256894] Call Trace:
[   11.256910]  <TASK>
[   11.256925]  dump_stack_lvl+0x73/0xb0
[   11.257104]  print_report+0xd1/0x650
[   11.257127]  ? __virt_addr_valid+0x1db/0x2d0
[   11.257167]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.257283]  ? kasan_addr_to_slab+0x11/0xa0
[   11.257303]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.257326]  kasan_report+0x141/0x180
[   11.257347]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   11.257373]  __asan_report_store1_noabort+0x1b/0x30
[   11.257408]  krealloc_less_oob_helper+0xe23/0x11d0
[   11.257433]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.257455]  ? finish_task_switch.isra.0+0x153/0x700
[   11.257476]  ? __switch_to+0x47/0xf50
[   11.257501]  ? __schedule+0x10cc/0x2b60
[   11.257522]  ? __pfx_read_tsc+0x10/0x10
[   11.257609]  krealloc_large_less_oob+0x1c/0x30
[   11.257635]  kunit_try_run_case+0x1a5/0x480
[   11.257659]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.257679]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.257706]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.257748]  ? __kthread_parkme+0x82/0x180
[   11.257768]  ? preempt_count_sub+0x50/0x80
[   11.257791]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.257828]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.257851]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.257873]  kthread+0x337/0x6f0
[   11.257891]  ? trace_preempt_on+0x20/0xc0
[   11.257914]  ? __pfx_kthread+0x10/0x10
[   11.257945]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.257964]  ? calculate_sigpending+0x7b/0xa0
[   11.257987]  ? __pfx_kthread+0x10/0x10
[   11.258008]  ret_from_fork+0x116/0x1d0
[   11.258025]  ? __pfx_kthread+0x10/0x10
[   11.258044]  ret_from_fork_asm+0x1a/0x30
[   11.258074]  </TASK>
[   11.258085] 
[   11.267881] The buggy address belongs to the physical page:
[   11.268168] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0
[   11.268539] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.268939] flags: 0x200000000000040(head|node=0|zone=2)
[   11.269177] page_type: f8(unknown)
[   11.269320] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.269767] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.270063] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.270322] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   11.270991] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff
[   11.271291] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.271648] page dumped because: kasan: bad access detected
[   11.271942] 
[   11.272032] Memory state around the buggy address:
[   11.272258]  ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.272571]  ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.272847] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.273184]                                                  ^
[   11.273526]  ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.273860]  ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.274139] ==================================================================
[   11.093454] ==================================================================
[   11.093818] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.094160] Write of size 1 at addr ffff888100a2a0da by task kunit_try_catch/183
[   11.094433] 
[   11.094512] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.094559] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.094570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.094589] Call Trace:
[   11.094607]  <TASK>
[   11.094625]  dump_stack_lvl+0x73/0xb0
[   11.094653]  print_report+0xd1/0x650
[   11.094688]  ? __virt_addr_valid+0x1db/0x2d0
[   11.094795]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.094818]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.094839]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.094861]  kasan_report+0x141/0x180
[   11.094882]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.094909]  __asan_report_store1_noabort+0x1b/0x30
[   11.094962]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.094987]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.095008]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.095037]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.095217]  krealloc_less_oob+0x1c/0x30
[   11.095253]  kunit_try_run_case+0x1a5/0x480
[   11.095277]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.095297]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.095331]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.095352]  ? __kthread_parkme+0x82/0x180
[   11.095372]  ? preempt_count_sub+0x50/0x80
[   11.095394]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.095468]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.095490]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.095512]  kthread+0x337/0x6f0
[   11.095530]  ? trace_preempt_on+0x20/0xc0
[   11.095554]  ? __pfx_kthread+0x10/0x10
[   11.095573]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.095604]  ? calculate_sigpending+0x7b/0xa0
[   11.095626]  ? __pfx_kthread+0x10/0x10
[   11.095646]  ret_from_fork+0x116/0x1d0
[   11.095677]  ? __pfx_kthread+0x10/0x10
[   11.095697]  ret_from_fork_asm+0x1a/0x30
[   11.095727]  </TASK>
[   11.095739] 
[   11.106405] Allocated by task 183:
[   11.107085]  kasan_save_stack+0x45/0x70
[   11.107295]  kasan_save_track+0x18/0x40
[   11.107652]  kasan_save_alloc_info+0x3b/0x50
[   11.107864]  __kasan_krealloc+0x190/0x1f0
[   11.108184]  krealloc_noprof+0xf3/0x340
[   11.108343]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.108965]  krealloc_less_oob+0x1c/0x30
[   11.109183]  kunit_try_run_case+0x1a5/0x480
[   11.109533]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.109768]  kthread+0x337/0x6f0
[   11.110084]  ret_from_fork+0x116/0x1d0
[   11.110274]  ret_from_fork_asm+0x1a/0x30
[   11.110602] 
[   11.110700] The buggy address belongs to the object at ffff888100a2a000
[   11.110700]  which belongs to the cache kmalloc-256 of size 256
[   11.111584] The buggy address is located 17 bytes to the right of
[   11.111584]  allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9)
[   11.112329] 
[   11.112502] The buggy address belongs to the physical page:
[   11.112875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   11.113264] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.113784] flags: 0x200000000000040(head|node=0|zone=2)
[   11.114042] page_type: f5(slab)
[   11.114193] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.114668] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.114951] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.115284] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.115643] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   11.115923] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.116247] page dumped because: kasan: bad access detected
[   11.116457] 
[   11.116543] Memory state around the buggy address:
[   11.117166]  ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.117587]  ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.117887] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.118164]                                                     ^
[   11.118398]  ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.118643]  ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.118956] ==================================================================
[   11.119470] ==================================================================
[   11.119820] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.120164] Write of size 1 at addr ffff888100a2a0ea by task kunit_try_catch/183
[   11.120430] 
[   11.120519] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) 
[   11.120566] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.120577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.120598] Call Trace:
[   11.120618]  <TASK>
[   11.120638]  dump_stack_lvl+0x73/0xb0
[   11.120667]  print_report+0xd1/0x650
[   11.120689]  ? __virt_addr_valid+0x1db/0x2d0
[   11.120711]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.120734]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.120754]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.120777]  kasan_report+0x141/0x180
[   11.120798]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.120824]  __asan_report_store1_noabort+0x1b/0x30
[   11.120847]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.120871]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.120893]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.120920]  ? __pfx_krealloc_less_oob+0x10/0x10
[   11.120957]  krealloc_less_oob+0x1c/0x30
[   11.120977]  kunit_try_run_case+0x1a5/0x480
[   11.121000]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.121021]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.121043]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.121064]  ? __kthread_parkme+0x82/0x180
[   11.121084]  ? preempt_count_sub+0x50/0x80
[   11.121106]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.121128]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.121150]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.121646]  kthread+0x337/0x6f0
[   11.121665]  ? trace_preempt_on+0x20/0xc0
[   11.121695]  ? __pfx_kthread+0x10/0x10
[   11.121714]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.121733]  ? calculate_sigpending+0x7b/0xa0
[   11.121756]  ? __pfx_kthread+0x10/0x10
[   11.121777]  ret_from_fork+0x116/0x1d0
[   11.121795]  ? __pfx_kthread+0x10/0x10
[   11.121814]  ret_from_fork_asm+0x1a/0x30
[   11.121846]  </TASK>
[   11.121858] 
[   11.133005] Allocated by task 183:
[   11.133172]  kasan_save_stack+0x45/0x70
[   11.133370]  kasan_save_track+0x18/0x40
[   11.133754]  kasan_save_alloc_info+0x3b/0x50
[   11.133964]  __kasan_krealloc+0x190/0x1f0
[   11.134141]  krealloc_noprof+0xf3/0x340
[   11.134307]  krealloc_less_oob_helper+0x1aa/0x11d0
[   11.134579]  krealloc_less_oob+0x1c/0x30
[   11.134763]  kunit_try_run_case+0x1a5/0x480
[   11.134956]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.135175]  kthread+0x337/0x6f0
[   11.135326]  ret_from_fork+0x116/0x1d0
[   11.136250]  ret_from_fork_asm+0x1a/0x30
[   11.136467] 
[   11.136541] The buggy address belongs to the object at ffff888100a2a000
[   11.136541]  which belongs to the cache kmalloc-256 of size 256
[   11.137617] The buggy address is located 33 bytes to the right of
[   11.137617]  allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9)
[   11.138178] 
[   11.138267] The buggy address belongs to the physical page:
[   11.139003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a
[   11.139691] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.140349] flags: 0x200000000000040(head|node=0|zone=2)
[   11.140603] page_type: f5(slab)
[   11.140760] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.141510] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.142002] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002
[   11.142872] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.143221] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff
[   11.143824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   11.144289] page dumped because: kasan: bad access detected
[   11.144979] 
[   11.145079] Memory state around the buggy address:
[   11.145465]  ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.145764]  ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.146060] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   11.146329]                                                           ^
[   11.147126]  ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.147479]  ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.148111] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ya0ugKRCJtb13dVOA29wtwRk9p

job_id

TEST:linaro@lkft#2ya10TrtOeZqMJoigZUQQpnbsgW

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ya10TrtOeZqMJoigZUQQpnbsgW

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/bzImage
sha256sum	4d3d55ec68ee13601f4cba6535beaaa179877198316f6d49c7d2754d39d25d99

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ya0wzCpMeD5M593pbr4axmVZmi/modules.tar.xz
sha256sum	6a0e4a1142b545d837c764528373cb157bd626a8fd062931e1825203c7bce58f

durations

tests

boot	0
kunit	134.01

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit