lkft/linux-next-master - next-20250617 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 17, 2025, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64

[   16.717542] ==================================================================
[   16.717716] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.717845] Write of size 1 at addr fff00000c176b8da by task kunit_try_catch/167
[   16.717894] 
[   16.717934] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.718180] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.718434] Hardware name: linux,dummy-virt (DT)
[   16.718517] Call trace:
[   16.718540]  show_stack+0x20/0x38 (C)
[   16.718592]  dump_stack_lvl+0x8c/0xd0
[   16.718664]  print_report+0x118/0x608
[   16.718719]  kasan_report+0xdc/0x128
[   16.718766]  __asan_report_store1_noabort+0x20/0x30
[   16.719102]  krealloc_less_oob_helper+0xa80/0xc50
[   16.719183]  krealloc_less_oob+0x20/0x38
[   16.719228]  kunit_try_run_case+0x170/0x3f0
[   16.719282]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.719522]  kthread+0x328/0x630
[   16.719823]  ret_from_fork+0x10/0x20
[   16.719884] 
[   16.719904] Allocated by task 167:
[   16.719943]  kasan_save_stack+0x3c/0x68
[   16.719985]  kasan_save_track+0x20/0x40
[   16.720022]  kasan_save_alloc_info+0x40/0x58
[   16.720098]  __kasan_krealloc+0x118/0x178
[   16.720242]  krealloc_noprof+0x128/0x360
[   16.720280]  krealloc_less_oob_helper+0x168/0xc50
[   16.720451]  krealloc_less_oob+0x20/0x38
[   16.720615]  kunit_try_run_case+0x170/0x3f0
[   16.720653]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.720696]  kthread+0x328/0x630
[   16.720728]  ret_from_fork+0x10/0x20
[   16.720762] 
[   16.720780] The buggy address belongs to the object at fff00000c176b800
[   16.720780]  which belongs to the cache kmalloc-256 of size 256
[   16.720881] The buggy address is located 17 bytes to the right of
[   16.720881]  allocated 201-byte region [fff00000c176b800, fff00000c176b8c9)
[   16.720961] 
[   16.720982] The buggy address belongs to the physical page:
[   16.721015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10176a
[   16.721069] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.721115] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.721386] page_type: f5(slab)
[   16.721655] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.721707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.721756] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.721805] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.722274] head: 0bfffe0000000001 ffffc1ffc305da81 00000000ffffffff 00000000ffffffff
[   16.722410] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.722557] page dumped because: kasan: bad access detected
[   16.722620] 
[   16.722700] Memory state around the buggy address:
[   16.722738]  fff00000c176b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.722781]  fff00000c176b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.722823] >fff00000c176b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.722862]                                                     ^
[   16.722979]  fff00000c176b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.723022]  fff00000c176b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.723060] ==================================================================
[   16.708747] ==================================================================
[   16.708959] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.709065] Write of size 1 at addr fff00000c176b8d0 by task kunit_try_catch/167
[   16.709250] 
[   16.709391] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.709601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.709722] Hardware name: linux,dummy-virt (DT)
[   16.709871] Call trace:
[   16.709893]  show_stack+0x20/0x38 (C)
[   16.710200]  dump_stack_lvl+0x8c/0xd0
[   16.710356]  print_report+0x118/0x608
[   16.710404]  kasan_report+0xdc/0x128
[   16.710725]  __asan_report_store1_noabort+0x20/0x30
[   16.711029]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.711305]  krealloc_less_oob+0x20/0x38
[   16.711356]  kunit_try_run_case+0x170/0x3f0
[   16.711405]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.711599]  kthread+0x328/0x630
[   16.711641]  ret_from_fork+0x10/0x20
[   16.711794] 
[   16.711815] Allocated by task 167:
[   16.711946]  kasan_save_stack+0x3c/0x68
[   16.711993]  kasan_save_track+0x20/0x40
[   16.712303]  kasan_save_alloc_info+0x40/0x58
[   16.712442]  __kasan_krealloc+0x118/0x178
[   16.712480]  krealloc_noprof+0x128/0x360
[   16.712557]  krealloc_less_oob_helper+0x168/0xc50
[   16.712717]  krealloc_less_oob+0x20/0x38
[   16.712754]  kunit_try_run_case+0x170/0x3f0
[   16.712832]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.713247]  kthread+0x328/0x630
[   16.713284]  ret_from_fork+0x10/0x20
[   16.713521] 
[   16.713540] The buggy address belongs to the object at fff00000c176b800
[   16.713540]  which belongs to the cache kmalloc-256 of size 256
[   16.713866] The buggy address is located 7 bytes to the right of
[   16.713866]  allocated 201-byte region [fff00000c176b800, fff00000c176b8c9)
[   16.714182] 
[   16.714204] The buggy address belongs to the physical page:
[   16.714236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10176a
[   16.714483] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.714556] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.714834] page_type: f5(slab)
[   16.714878] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.714941] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.714991] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.715039] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.715088] head: 0bfffe0000000001 ffffc1ffc305da81 00000000ffffffff 00000000ffffffff
[   16.715135] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.715174] page dumped because: kasan: bad access detected
[   16.715204] 
[   16.715223] Memory state around the buggy address:
[   16.715253]  fff00000c176b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.715294]  fff00000c176b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.715336] >fff00000c176b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.715375]                                                  ^
[   16.715422]  fff00000c176b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.715463]  fff00000c176b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.715624] ==================================================================
[   16.779744] ==================================================================
[   16.779792] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.779882] Write of size 1 at addr fff00000c50b60ea by task kunit_try_catch/171
[   16.780063] 
[   16.780257] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.780427] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.780454] Hardware name: linux,dummy-virt (DT)
[   16.780505] Call trace:
[   16.780528]  show_stack+0x20/0x38 (C)
[   16.780599]  dump_stack_lvl+0x8c/0xd0
[   16.780812]  print_report+0x118/0x608
[   16.780870]  kasan_report+0xdc/0x128
[   16.781033]  __asan_report_store1_noabort+0x20/0x30
[   16.781164]  krealloc_less_oob_helper+0xae4/0xc50
[   16.781231]  krealloc_large_less_oob+0x20/0x38
[   16.781288]  kunit_try_run_case+0x170/0x3f0
[   16.781353]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.781446]  kthread+0x328/0x630
[   16.781506]  ret_from_fork+0x10/0x20
[   16.781563] 
[   16.781604] The buggy address belongs to the physical page:
[   16.781654] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b4
[   16.781707] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.781944] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.782199] page_type: f8(unknown)
[   16.782252] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.782369] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.782652] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.782952] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.783052] head: 0bfffe0000000002 ffffc1ffc3142d01 00000000ffffffff 00000000ffffffff
[   16.783137] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.783203] page dumped because: kasan: bad access detected
[   16.783235] 
[   16.783252] Memory state around the buggy address:
[   16.783283]  fff00000c50b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.783326]  fff00000c50b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.783625] >fff00000c50b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.783667]                                                           ^
[   16.783705]  fff00000c50b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.783748]  fff00000c50b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.783785] ==================================================================
[   16.770691] ==================================================================
[   16.770870] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   16.771004] Write of size 1 at addr fff00000c50b60d0 by task kunit_try_catch/171
[   16.771055] 
[   16.771087] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.771171] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.771196] Hardware name: linux,dummy-virt (DT)
[   16.771227] Call trace:
[   16.771492]  show_stack+0x20/0x38 (C)
[   16.771565]  dump_stack_lvl+0x8c/0xd0
[   16.771631]  print_report+0x118/0x608
[   16.771678]  kasan_report+0xdc/0x128
[   16.771723]  __asan_report_store1_noabort+0x20/0x30
[   16.771798]  krealloc_less_oob_helper+0xb9c/0xc50
[   16.771881]  krealloc_large_less_oob+0x20/0x38
[   16.771957]  kunit_try_run_case+0x170/0x3f0
[   16.772012]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.772085]  kthread+0x328/0x630
[   16.772146]  ret_from_fork+0x10/0x20
[   16.772212] 
[   16.772241] The buggy address belongs to the physical page:
[   16.772289] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b4
[   16.772361] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.772419] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.772486] page_type: f8(unknown)
[   16.772526] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.772594] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.772790] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.773013] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.773075] head: 0bfffe0000000002 ffffc1ffc3142d01 00000000ffffffff 00000000ffffffff
[   16.773194] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.773253] page dumped because: kasan: bad access detected
[   16.773290] 
[   16.773308] Memory state around the buggy address:
[   16.773361]  fff00000c50b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.773469]  fff00000c50b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.773515] >fff00000c50b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.773577]                                                  ^
[   16.773616]  fff00000c50b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.773657]  fff00000c50b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.773744] ==================================================================
[   16.702024] ==================================================================
[   16.702199] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.702258] Write of size 1 at addr fff00000c176b8c9 by task kunit_try_catch/167
[   16.702418] 
[   16.702455] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.702635] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.702662] Hardware name: linux,dummy-virt (DT)
[   16.702695] Call trace:
[   16.702718]  show_stack+0x20/0x38 (C)
[   16.702768]  dump_stack_lvl+0x8c/0xd0
[   16.702817]  print_report+0x118/0x608
[   16.702864]  kasan_report+0xdc/0x128
[   16.703221]  __asan_report_store1_noabort+0x20/0x30
[   16.703398]  krealloc_less_oob_helper+0xa48/0xc50
[   16.703511]  krealloc_less_oob+0x20/0x38
[   16.703725]  kunit_try_run_case+0x170/0x3f0
[   16.703794]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.703887]  kthread+0x328/0x630
[   16.703941]  ret_from_fork+0x10/0x20
[   16.704046] 
[   16.704103] Allocated by task 167:
[   16.704132]  kasan_save_stack+0x3c/0x68
[   16.704254]  kasan_save_track+0x20/0x40
[   16.704293]  kasan_save_alloc_info+0x40/0x58
[   16.704330]  __kasan_krealloc+0x118/0x178
[   16.704369]  krealloc_noprof+0x128/0x360
[   16.704413]  krealloc_less_oob_helper+0x168/0xc50
[   16.704467]  krealloc_less_oob+0x20/0x38
[   16.704632]  kunit_try_run_case+0x170/0x3f0
[   16.704804]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.704869]  kthread+0x328/0x630
[   16.704953]  ret_from_fork+0x10/0x20
[   16.704988] 
[   16.705008] The buggy address belongs to the object at fff00000c176b800
[   16.705008]  which belongs to the cache kmalloc-256 of size 256
[   16.705065] The buggy address is located 0 bytes to the right of
[   16.705065]  allocated 201-byte region [fff00000c176b800, fff00000c176b8c9)
[   16.705128] 
[   16.705148] The buggy address belongs to the physical page:
[   16.705180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10176a
[   16.705577] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.705797] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.706189] page_type: f5(slab)
[   16.706235] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.706285] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.706334] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.706421] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.706737] head: 0bfffe0000000001 ffffc1ffc305da81 00000000ffffffff 00000000ffffffff
[   16.706981] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.707058] page dumped because: kasan: bad access detected
[   16.707089] 
[   16.707106] Memory state around the buggy address:
[   16.707138]  fff00000c176b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.707416]  fff00000c176b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.707463] >fff00000c176b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.707513]                                               ^
[   16.707575]  fff00000c176b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.707617]  fff00000c176b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.707698] ==================================================================
[   16.784032] ==================================================================
[   16.784073] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.784422] Write of size 1 at addr fff00000c50b60eb by task kunit_try_catch/171
[   16.784501] 
[   16.784540] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.784633] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.784668] Hardware name: linux,dummy-virt (DT)
[   16.784701] Call trace:
[   16.784731]  show_stack+0x20/0x38 (C)
[   16.784787]  dump_stack_lvl+0x8c/0xd0
[   16.784835]  print_report+0x118/0x608
[   16.784881]  kasan_report+0xdc/0x128
[   16.784939]  __asan_report_store1_noabort+0x20/0x30
[   16.784987]  krealloc_less_oob_helper+0xa58/0xc50
[   16.785035]  krealloc_large_less_oob+0x20/0x38
[   16.785083]  kunit_try_run_case+0x170/0x3f0
[   16.785139]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.785191]  kthread+0x328/0x630
[   16.785233]  ret_from_fork+0x10/0x20
[   16.785280] 
[   16.785300] The buggy address belongs to the physical page:
[   16.785331] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b4
[   16.785384] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.785432] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.785482] page_type: f8(unknown)
[   16.785521] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.785575] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.785623] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.785671] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.785718] head: 0bfffe0000000002 ffffc1ffc3142d01 00000000ffffffff 00000000ffffffff
[   16.785765] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.785804] page dumped because: kasan: bad access detected
[   16.785841] 
[   16.785859] Memory state around the buggy address:
[   16.785888]  fff00000c50b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.785938]  fff00000c50b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.785979] >fff00000c50b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.786015]                                                           ^
[   16.786052]  fff00000c50b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.786094]  fff00000c50b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.786130] ==================================================================
[   16.773799] ==================================================================
[   16.773833] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   16.773885] Write of size 1 at addr fff00000c50b60da by task kunit_try_catch/171
[   16.774144] 
[   16.774356] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.774521] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.774602] Hardware name: linux,dummy-virt (DT)
[   16.774678] Call trace:
[   16.774801]  show_stack+0x20/0x38 (C)
[   16.774897]  dump_stack_lvl+0x8c/0xd0
[   16.775044]  print_report+0x118/0x608
[   16.775091]  kasan_report+0xdc/0x128
[   16.775161]  __asan_report_store1_noabort+0x20/0x30
[   16.775209]  krealloc_less_oob_helper+0xa80/0xc50
[   16.775426]  krealloc_large_less_oob+0x20/0x38
[   16.775599]  kunit_try_run_case+0x170/0x3f0
[   16.775696]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.775817]  kthread+0x328/0x630
[   16.775870]  ret_from_fork+0x10/0x20
[   16.775959] 
[   16.776188] The buggy address belongs to the physical page:
[   16.776327] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b4
[   16.776439] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.776530] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.776689] page_type: f8(unknown)
[   16.776748] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.776826] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.776994] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.777087] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.777136] head: 0bfffe0000000002 ffffc1ffc3142d01 00000000ffffffff 00000000ffffffff
[   16.777358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.777496] page dumped because: kasan: bad access detected
[   16.777642] 
[   16.777734] Memory state around the buggy address:
[   16.777861]  fff00000c50b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.777962]  fff00000c50b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.778092] >fff00000c50b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.778204]                                                     ^
[   16.778290]  fff00000c50b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.778405]  fff00000c50b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.778443] ==================================================================
[   16.730876] ==================================================================
[   16.730923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   16.730988] Write of size 1 at addr fff00000c176b8eb by task kunit_try_catch/167
[   16.731066] 
[   16.731098] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.731372] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.731401] Hardware name: linux,dummy-virt (DT)
[   16.731431] Call trace:
[   16.731453]  show_stack+0x20/0x38 (C)
[   16.731687]  dump_stack_lvl+0x8c/0xd0
[   16.731859]  print_report+0x118/0x608
[   16.731970]  kasan_report+0xdc/0x128
[   16.732108]  __asan_report_store1_noabort+0x20/0x30
[   16.732157]  krealloc_less_oob_helper+0xa58/0xc50
[   16.732211]  krealloc_less_oob+0x20/0x38
[   16.732356]  kunit_try_run_case+0x170/0x3f0
[   16.732427]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.732479]  kthread+0x328/0x630
[   16.732521]  ret_from_fork+0x10/0x20
[   16.732573] 
[   16.732655] Allocated by task 167:
[   16.732705]  kasan_save_stack+0x3c/0x68
[   16.732820]  kasan_save_track+0x20/0x40
[   16.732948]  kasan_save_alloc_info+0x40/0x58
[   16.732984]  __kasan_krealloc+0x118/0x178
[   16.733021]  krealloc_noprof+0x128/0x360
[   16.733058]  krealloc_less_oob_helper+0x168/0xc50
[   16.733122]  krealloc_less_oob+0x20/0x38
[   16.733442]  kunit_try_run_case+0x170/0x3f0
[   16.733496]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.733539]  kthread+0x328/0x630
[   16.733699]  ret_from_fork+0x10/0x20
[   16.733742] 
[   16.733761] The buggy address belongs to the object at fff00000c176b800
[   16.733761]  which belongs to the cache kmalloc-256 of size 256
[   16.733818] The buggy address is located 34 bytes to the right of
[   16.733818]  allocated 201-byte region [fff00000c176b800, fff00000c176b8c9)
[   16.734095] 
[   16.734294] The buggy address belongs to the physical page:
[   16.734329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10176a
[   16.734383] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.734545] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.734596] page_type: f5(slab)
[   16.734691] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.734774] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.734847] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.734895] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.734955] head: 0bfffe0000000001 ffffc1ffc305da81 00000000ffffffff 00000000ffffffff
[   16.735026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.735065] page dumped because: kasan: bad access detected
[   16.735095] 
[   16.735115] Memory state around the buggy address:
[   16.735145]  fff00000c176b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.735186]  fff00000c176b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.735228] >fff00000c176b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.735556]                                                           ^
[   16.735601]  fff00000c176b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.735644]  fff00000c176b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.735707] ==================================================================
[   16.723770] ==================================================================
[   16.723907] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   16.724376] Write of size 1 at addr fff00000c176b8ea by task kunit_try_catch/167
[   16.724697] 
[   16.724838] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.725043] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.725076] Hardware name: linux,dummy-virt (DT)
[   16.725107] Call trace:
[   16.725129]  show_stack+0x20/0x38 (C)
[   16.725180]  dump_stack_lvl+0x8c/0xd0
[   16.725233]  print_report+0x118/0x608
[   16.725461]  kasan_report+0xdc/0x128
[   16.725619]  __asan_report_store1_noabort+0x20/0x30
[   16.725758]  krealloc_less_oob_helper+0xae4/0xc50
[   16.725852]  krealloc_less_oob+0x20/0x38
[   16.725896]  kunit_try_run_case+0x170/0x3f0
[   16.725954]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.726006]  kthread+0x328/0x630
[   16.726077]  ret_from_fork+0x10/0x20
[   16.726124] 
[   16.726334] Allocated by task 167:
[   16.726454]  kasan_save_stack+0x3c/0x68
[   16.726881]  kasan_save_track+0x20/0x40
[   16.726944]  kasan_save_alloc_info+0x40/0x58
[   16.726981]  __kasan_krealloc+0x118/0x178
[   16.727082]  krealloc_noprof+0x128/0x360
[   16.727120]  krealloc_less_oob_helper+0x168/0xc50
[   16.727172]  krealloc_less_oob+0x20/0x38
[   16.727209]  kunit_try_run_case+0x170/0x3f0
[   16.727305]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.727377]  kthread+0x328/0x630
[   16.727410]  ret_from_fork+0x10/0x20
[   16.727531] 
[   16.727551] The buggy address belongs to the object at fff00000c176b800
[   16.727551]  which belongs to the cache kmalloc-256 of size 256
[   16.727608] The buggy address is located 33 bytes to the right of
[   16.727608]  allocated 201-byte region [fff00000c176b800, fff00000c176b8c9)
[   16.727672] 
[   16.727692] The buggy address belongs to the physical page:
[   16.727724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10176a
[   16.727776] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.727824] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.727895] page_type: f5(slab)
[   16.727943] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.727993] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.728043] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   16.728144] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.728346] head: 0bfffe0000000001 ffffc1ffc305da81 00000000ffffffff 00000000ffffffff
[   16.728573] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   16.728613] page dumped because: kasan: bad access detected
[   16.728731] 
[   16.728761] Memory state around the buggy address:
[   16.728791]  fff00000c176b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.728833]  fff00000c176b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.729442] >fff00000c176b880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   16.729556]                                                           ^
[   16.729603]  fff00000c176b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.729655]  fff00000c176b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.729696] ==================================================================
[   16.765950] ==================================================================
[   16.766011] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   16.766647] Write of size 1 at addr fff00000c50b60c9 by task kunit_try_catch/171
[   16.766699] 
[   16.766898] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT 
[   16.767403] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.767772] Hardware name: linux,dummy-virt (DT)
[   16.767826] Call trace:
[   16.767849]  show_stack+0x20/0x38 (C)
[   16.768065]  dump_stack_lvl+0x8c/0xd0
[   16.768155]  print_report+0x118/0x608
[   16.768227]  kasan_report+0xdc/0x128
[   16.768298]  __asan_report_store1_noabort+0x20/0x30
[   16.768494]  krealloc_less_oob_helper+0xa48/0xc50
[   16.768548]  krealloc_large_less_oob+0x20/0x38
[   16.768603]  kunit_try_run_case+0x170/0x3f0
[   16.768653]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.768705]  kthread+0x328/0x630
[   16.768797]  ret_from_fork+0x10/0x20
[   16.768850] 
[   16.768877] The buggy address belongs to the physical page:
[   16.768912] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b4
[   16.769000] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.769049] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.769103] page_type: f8(unknown)
[   16.769144] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.769204] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.769254] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   16.769327] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   16.769376] head: 0bfffe0000000002 ffffc1ffc3142d01 00000000ffffffff 00000000ffffffff
[   16.769424] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   16.769463] page dumped because: kasan: bad access detected
[   16.769495] 
[   16.769528] Memory state around the buggy address:
[   16.769559]  fff00000c50b5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.769605]  fff00000c50b6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.769657] >fff00000c50b6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   16.769695]                                               ^
[   16.769740]  fff00000c50b6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.769783]  fff00000c50b6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   16.769835] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmGBohWgwDt0q1MSJxRxJ46Gq

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmGBohWgwDt0q1MSJxRxJ46Gq

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/Image.gz
sha256sum	0e75f247fcfca828bae2c74673e3187b2cb142639542a20241767255dd2a989b

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmC5EhW3BM1tkjhYaNQdm2b7j/modules.tar.xz
sha256sum	18ad61734b8ac92476de265f77917a21b448a5c78baec17abc62599dfb00aad0

durations

tests

boot	0
kunit	171.74

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   17.637921] ==================================================================
[   17.639135] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   17.639961] Write of size 1 at addr ffff88810395a0da by task kunit_try_catch/189
[   17.640390] 
[   17.640590] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.640711] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.640748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.640804] Call Trace:
[   17.640857]  <TASK>
[   17.640906]  dump_stack_lvl+0x73/0xb0
[   17.640987]  print_report+0xd1/0x650
[   17.641060]  ? __virt_addr_valid+0x1db/0x2d0
[   17.641135]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.641203]  ? kasan_addr_to_slab+0x11/0xa0
[   17.641276]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.641353]  kasan_report+0x141/0x180
[   17.641429]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.641594]  __asan_report_store1_noabort+0x1b/0x30
[   17.641674]  krealloc_less_oob_helper+0xec6/0x11d0
[   17.641751]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.641824]  ? finish_task_switch.isra.0+0x153/0x700
[   17.641914]  ? __switch_to+0x47/0xf50
[   17.641991]  ? __schedule+0x10cc/0x2b60
[   17.642056]  ? __pfx_read_tsc+0x10/0x10
[   17.642112]  krealloc_large_less_oob+0x1c/0x30
[   17.642147]  kunit_try_run_case+0x1a5/0x480
[   17.642181]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.642211]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.642294]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.642376]  ? __kthread_parkme+0x82/0x180
[   17.642408]  ? preempt_count_sub+0x50/0x80
[   17.642439]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.642471]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.642503]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.642535]  kthread+0x337/0x6f0
[   17.642561]  ? trace_preempt_on+0x20/0xc0
[   17.642593]  ? __pfx_kthread+0x10/0x10
[   17.642621]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.642653]  ? calculate_sigpending+0x7b/0xa0
[   17.642687]  ? __pfx_kthread+0x10/0x10
[   17.642715]  ret_from_fork+0x116/0x1d0
[   17.642741]  ? __pfx_kthread+0x10/0x10
[   17.642769]  ret_from_fork_asm+0x1a/0x30
[   17.642808]  </TASK>
[   17.642822] 
[   17.661726] The buggy address belongs to the physical page:
[   17.662274] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   17.663105] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.664541] flags: 0x200000000000040(head|node=0|zone=2)
[   17.665107] page_type: f8(unknown)
[   17.665568] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.666347] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.666974] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.667794] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.668789] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   17.669477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.670205] page dumped because: kasan: bad access detected
[   17.670787] 
[   17.670985] Memory state around the buggy address:
[   17.671578]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.672150]  ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.672880] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.673861]                                                     ^
[   17.674484]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.675040]  ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.675751] ==================================================================
[   17.677122] ==================================================================
[   17.677919] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   17.678663] Write of size 1 at addr ffff88810395a0ea by task kunit_try_catch/189
[   17.679439] 
[   17.679741] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.679878] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.679916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.679995] Call Trace:
[   17.680058]  <TASK>
[   17.680108]  dump_stack_lvl+0x73/0xb0
[   17.680192]  print_report+0xd1/0x650
[   17.680454]  ? __virt_addr_valid+0x1db/0x2d0
[   17.680529]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.680602]  ? kasan_addr_to_slab+0x11/0xa0
[   17.680690]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.680792]  kasan_report+0x141/0x180
[   17.680886]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.680971]  __asan_report_store1_noabort+0x1b/0x30
[   17.681095]  krealloc_less_oob_helper+0xe90/0x11d0
[   17.681177]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.681349]  ? finish_task_switch.isra.0+0x153/0x700
[   17.681392]  ? __switch_to+0x47/0xf50
[   17.681426]  ? __schedule+0x10cc/0x2b60
[   17.681452]  ? __pfx_read_tsc+0x10/0x10
[   17.681484]  krealloc_large_less_oob+0x1c/0x30
[   17.681517]  kunit_try_run_case+0x1a5/0x480
[   17.681550]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.681582]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.681610]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.681644]  ? __kthread_parkme+0x82/0x180
[   17.681670]  ? preempt_count_sub+0x50/0x80
[   17.681700]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.681731]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.681761]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.681792]  kthread+0x337/0x6f0
[   17.681817]  ? trace_preempt_on+0x20/0xc0
[   17.681875]  ? __pfx_kthread+0x10/0x10
[   17.681905]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.681938]  ? calculate_sigpending+0x7b/0xa0
[   17.681970]  ? __pfx_kthread+0x10/0x10
[   17.681998]  ret_from_fork+0x116/0x1d0
[   17.682022]  ? __pfx_kthread+0x10/0x10
[   17.682049]  ret_from_fork_asm+0x1a/0x30
[   17.682090]  </TASK>
[   17.682105] 
[   17.700483] The buggy address belongs to the physical page:
[   17.700982] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   17.702416] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.703037] flags: 0x200000000000040(head|node=0|zone=2)
[   17.703768] page_type: f8(unknown)
[   17.704371] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.705073] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.706000] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.707069] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.707902] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   17.708706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.709470] page dumped because: kasan: bad access detected
[   17.709967] 
[   17.710232] Memory state around the buggy address:
[   17.711177]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.712426]  ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.713261] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.714238]                                                           ^
[   17.714960]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.715661]  ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.716309] ==================================================================
[   17.407782] ==================================================================
[   17.409198] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   17.410026] Write of size 1 at addr ffff888103908aeb by task kunit_try_catch/185
[   17.410615] 
[   17.410867] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.411133] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.411173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.411314] Call Trace:
[   17.411362]  <TASK>
[   17.411403]  dump_stack_lvl+0x73/0xb0
[   17.411481]  print_report+0xd1/0x650
[   17.411558]  ? __virt_addr_valid+0x1db/0x2d0
[   17.411628]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.411699]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.411769]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.411829]  kasan_report+0x141/0x180
[   17.411886]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.411929]  __asan_report_store1_noabort+0x1b/0x30
[   17.411965]  krealloc_less_oob_helper+0xd47/0x11d0
[   17.412000]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.412033]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   17.412069]  ? __pfx_krealloc_less_oob+0x10/0x10
[   17.412104]  krealloc_less_oob+0x1c/0x30
[   17.412133]  kunit_try_run_case+0x1a5/0x480
[   17.412166]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.412197]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.412265]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.412307]  ? __kthread_parkme+0x82/0x180
[   17.412334]  ? preempt_count_sub+0x50/0x80
[   17.412366]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.412398]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.412430]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.412461]  kthread+0x337/0x6f0
[   17.412487]  ? trace_preempt_on+0x20/0xc0
[   17.412519]  ? __pfx_kthread+0x10/0x10
[   17.412546]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.412578]  ? calculate_sigpending+0x7b/0xa0
[   17.412611]  ? __pfx_kthread+0x10/0x10
[   17.412640]  ret_from_fork+0x116/0x1d0
[   17.412664]  ? __pfx_kthread+0x10/0x10
[   17.412692]  ret_from_fork_asm+0x1a/0x30
[   17.412732]  </TASK>
[   17.412745] 
[   17.426806] Allocated by task 185:
[   17.427130]  kasan_save_stack+0x45/0x70
[   17.427587]  kasan_save_track+0x18/0x40
[   17.427979]  kasan_save_alloc_info+0x3b/0x50
[   17.428460]  __kasan_krealloc+0x190/0x1f0
[   17.428920]  krealloc_noprof+0xf3/0x340
[   17.429322]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.429763]  krealloc_less_oob+0x1c/0x30
[   17.430187]  kunit_try_run_case+0x1a5/0x480
[   17.430672]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.431266]  kthread+0x337/0x6f0
[   17.431634]  ret_from_fork+0x116/0x1d0
[   17.432041]  ret_from_fork_asm+0x1a/0x30
[   17.432509] 
[   17.432710] The buggy address belongs to the object at ffff888103908a00
[   17.432710]  which belongs to the cache kmalloc-256 of size 256
[   17.433623] The buggy address is located 34 bytes to the right of
[   17.433623]  allocated 201-byte region [ffff888103908a00, ffff888103908ac9)
[   17.434664] 
[   17.434896] The buggy address belongs to the physical page:
[   17.435450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   17.436090] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.436762] flags: 0x200000000000040(head|node=0|zone=2)
[   17.437306] page_type: f5(slab)
[   17.437672] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.438347] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.438891] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.439627] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.440154] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   17.440821] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.441605] page dumped because: kasan: bad access detected
[   17.442117] 
[   17.442375] Memory state around the buggy address:
[   17.442852]  ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.443548]  ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.444052] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.444560]                                                           ^
[   17.445160]  ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.445818]  ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.446490] ==================================================================
[   17.321942] ==================================================================
[   17.322573] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   17.323590] Write of size 1 at addr ffff888103908ada by task kunit_try_catch/185
[   17.324190] 
[   17.324448] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.324569] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.324605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.324662] Call Trace:
[   17.324698]  <TASK>
[   17.324743]  dump_stack_lvl+0x73/0xb0
[   17.324818]  print_report+0xd1/0x650
[   17.324910]  ? __virt_addr_valid+0x1db/0x2d0
[   17.324981]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.325057]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.325128]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.325206]  kasan_report+0x141/0x180
[   17.325278]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   17.325399]  __asan_report_store1_noabort+0x1b/0x30
[   17.325465]  krealloc_less_oob_helper+0xec6/0x11d0
[   17.325515]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.325548]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   17.325585]  ? __pfx_krealloc_less_oob+0x10/0x10
[   17.325621]  krealloc_less_oob+0x1c/0x30
[   17.325650]  kunit_try_run_case+0x1a5/0x480
[   17.325684]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.325715]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.325743]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.325779]  ? __kthread_parkme+0x82/0x180
[   17.325806]  ? preempt_count_sub+0x50/0x80
[   17.325862]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.325898]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.325930]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.325962]  kthread+0x337/0x6f0
[   17.325989]  ? trace_preempt_on+0x20/0xc0
[   17.326022]  ? __pfx_kthread+0x10/0x10
[   17.326050]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.326083]  ? calculate_sigpending+0x7b/0xa0
[   17.326117]  ? __pfx_kthread+0x10/0x10
[   17.326146]  ret_from_fork+0x116/0x1d0
[   17.326171]  ? __pfx_kthread+0x10/0x10
[   17.326200]  ret_from_fork_asm+0x1a/0x30
[   17.326276]  </TASK>
[   17.326293] 
[   17.341733] Allocated by task 185:
[   17.342148]  kasan_save_stack+0x45/0x70
[   17.342644]  kasan_save_track+0x18/0x40
[   17.343068]  kasan_save_alloc_info+0x3b/0x50
[   17.343546]  __kasan_krealloc+0x190/0x1f0
[   17.344037]  krealloc_noprof+0xf3/0x340
[   17.344491]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.344994]  krealloc_less_oob+0x1c/0x30
[   17.345457]  kunit_try_run_case+0x1a5/0x480
[   17.345883]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.346396]  kthread+0x337/0x6f0
[   17.346760]  ret_from_fork+0x116/0x1d0
[   17.347150]  ret_from_fork_asm+0x1a/0x30
[   17.347609] 
[   17.347813] The buggy address belongs to the object at ffff888103908a00
[   17.347813]  which belongs to the cache kmalloc-256 of size 256
[   17.348823] The buggy address is located 17 bytes to the right of
[   17.348823]  allocated 201-byte region [ffff888103908a00, ffff888103908ac9)
[   17.349924] 
[   17.350136] The buggy address belongs to the physical page:
[   17.350625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   17.351448] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.352110] flags: 0x200000000000040(head|node=0|zone=2)
[   17.352655] page_type: f5(slab)
[   17.353087] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.353818] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.354493] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.355171] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.356035] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   17.356814] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.357549] page dumped because: kasan: bad access detected
[   17.358059] 
[   17.358312] Memory state around the buggy address:
[   17.358664]  ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.359171]  ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.359904] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.360644]                                                     ^
[   17.361329]  ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.361892]  ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.362573] ==================================================================
[   17.599798] ==================================================================
[   17.600514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   17.601133] Write of size 1 at addr ffff88810395a0d0 by task kunit_try_catch/189
[   17.601868] 
[   17.602117] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.602240] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.602277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.602334] Call Trace:
[   17.602369]  <TASK>
[   17.602415]  dump_stack_lvl+0x73/0xb0
[   17.602495]  print_report+0xd1/0x650
[   17.602572]  ? __virt_addr_valid+0x1db/0x2d0
[   17.602643]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.602719]  ? kasan_addr_to_slab+0x11/0xa0
[   17.602787]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.602894]  kasan_report+0x141/0x180
[   17.602976]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.603061]  __asan_report_store1_noabort+0x1b/0x30
[   17.603141]  krealloc_less_oob_helper+0xe23/0x11d0
[   17.603222]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.603302]  ? finish_task_switch.isra.0+0x153/0x700
[   17.603376]  ? __switch_to+0x47/0xf50
[   17.603451]  ? __schedule+0x10cc/0x2b60
[   17.603517]  ? __pfx_read_tsc+0x10/0x10
[   17.603604]  krealloc_large_less_oob+0x1c/0x30
[   17.603678]  kunit_try_run_case+0x1a5/0x480
[   17.603754]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.603824]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.603911]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.603991]  ? __kthread_parkme+0x82/0x180
[   17.604060]  ? preempt_count_sub+0x50/0x80
[   17.604136]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.604206]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.604281]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.604357]  kthread+0x337/0x6f0
[   17.604419]  ? trace_preempt_on+0x20/0xc0
[   17.604455]  ? __pfx_kthread+0x10/0x10
[   17.604483]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.604515]  ? calculate_sigpending+0x7b/0xa0
[   17.604548]  ? __pfx_kthread+0x10/0x10
[   17.604578]  ret_from_fork+0x116/0x1d0
[   17.604603]  ? __pfx_kthread+0x10/0x10
[   17.604630]  ret_from_fork_asm+0x1a/0x30
[   17.604672]  </TASK>
[   17.604686] 
[   17.621852] The buggy address belongs to the physical page:
[   17.622542] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   17.623147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.624006] flags: 0x200000000000040(head|node=0|zone=2)
[   17.624607] page_type: f8(unknown)
[   17.624908] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.625757] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.626809] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.627648] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.628160] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   17.629004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.629790] page dumped because: kasan: bad access detected
[   17.630250] 
[   17.630404] Memory state around the buggy address:
[   17.630827]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.632088]  ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.632800] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.633574]                                                  ^
[   17.634125]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.635487]  ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.636209] ==================================================================
[   17.558118] ==================================================================
[   17.559425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   17.560236] Write of size 1 at addr ffff88810395a0c9 by task kunit_try_catch/189
[   17.560771] 
[   17.561016] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.561140] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.561177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.561234] Call Trace:
[   17.561272]  <TASK>
[   17.561318]  dump_stack_lvl+0x73/0xb0
[   17.561405]  print_report+0xd1/0x650
[   17.561480]  ? __virt_addr_valid+0x1db/0x2d0
[   17.561550]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.561624]  ? kasan_addr_to_slab+0x11/0xa0
[   17.561692]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.561766]  kasan_report+0x141/0x180
[   17.561956]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.562051]  __asan_report_store1_noabort+0x1b/0x30
[   17.562127]  krealloc_less_oob_helper+0xd70/0x11d0
[   17.562210]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.562388]  ? finish_task_switch.isra.0+0x153/0x700
[   17.562463]  ? __switch_to+0x47/0xf50
[   17.562539]  ? __schedule+0x10cc/0x2b60
[   17.562609]  ? __pfx_read_tsc+0x10/0x10
[   17.562681]  krealloc_large_less_oob+0x1c/0x30
[   17.562731]  kunit_try_run_case+0x1a5/0x480
[   17.562769]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.562801]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.562851]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.562898]  ? __kthread_parkme+0x82/0x180
[   17.562926]  ? preempt_count_sub+0x50/0x80
[   17.562957]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.562990]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.563024]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.563055]  kthread+0x337/0x6f0
[   17.563081]  ? trace_preempt_on+0x20/0xc0
[   17.563112]  ? __pfx_kthread+0x10/0x10
[   17.563139]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.563171]  ? calculate_sigpending+0x7b/0xa0
[   17.563204]  ? __pfx_kthread+0x10/0x10
[   17.563316]  ret_from_fork+0x116/0x1d0
[   17.563379]  ? __pfx_kthread+0x10/0x10
[   17.563411]  ret_from_fork_asm+0x1a/0x30
[   17.563453]  </TASK>
[   17.563469] 
[   17.584098] The buggy address belongs to the physical page:
[   17.584559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   17.585050] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.586038] flags: 0x200000000000040(head|node=0|zone=2)
[   17.586983] page_type: f8(unknown)
[   17.587449] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.588041] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.588614] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.589735] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.590416] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   17.591212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.592023] page dumped because: kasan: bad access detected
[   17.592805] 
[   17.592956] Memory state around the buggy address:
[   17.593354]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.594230]  ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.595253] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.595707]                                               ^
[   17.596178]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.596793]  ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.597603] ==================================================================
[   17.363904] ==================================================================
[   17.364471] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   17.365507] Write of size 1 at addr ffff888103908aea by task kunit_try_catch/185
[   17.366178] 
[   17.366411] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.366526] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.366562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.366613] Call Trace:
[   17.366653]  <TASK>
[   17.366755]  dump_stack_lvl+0x73/0xb0
[   17.366851]  print_report+0xd1/0x650
[   17.366984]  ? __virt_addr_valid+0x1db/0x2d0
[   17.367059]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.367197]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.367309]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.367384]  kasan_report+0x141/0x180
[   17.367455]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   17.367548]  __asan_report_store1_noabort+0x1b/0x30
[   17.367629]  krealloc_less_oob_helper+0xe90/0x11d0
[   17.367770]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.367861]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   17.367947]  ? __pfx_krealloc_less_oob+0x10/0x10
[   17.368016]  krealloc_less_oob+0x1c/0x30
[   17.368068]  kunit_try_run_case+0x1a5/0x480
[   17.368142]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.368210]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.368387]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.368466]  ? __kthread_parkme+0x82/0x180
[   17.368529]  ? preempt_count_sub+0x50/0x80
[   17.368659]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.368742]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.368813]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.368887]  kthread+0x337/0x6f0
[   17.368917]  ? trace_preempt_on+0x20/0xc0
[   17.368951]  ? __pfx_kthread+0x10/0x10
[   17.368979]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.369012]  ? calculate_sigpending+0x7b/0xa0
[   17.369047]  ? __pfx_kthread+0x10/0x10
[   17.369075]  ret_from_fork+0x116/0x1d0
[   17.369100]  ? __pfx_kthread+0x10/0x10
[   17.369127]  ret_from_fork_asm+0x1a/0x30
[   17.369167]  </TASK>
[   17.369180] 
[   17.386248] Allocated by task 185:
[   17.386530]  kasan_save_stack+0x45/0x70
[   17.386932]  kasan_save_track+0x18/0x40
[   17.387276]  kasan_save_alloc_info+0x3b/0x50
[   17.387699]  __kasan_krealloc+0x190/0x1f0
[   17.388267]  krealloc_noprof+0xf3/0x340
[   17.388553]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.388894]  krealloc_less_oob+0x1c/0x30
[   17.389264]  kunit_try_run_case+0x1a5/0x480
[   17.389758]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.390316]  kthread+0x337/0x6f0
[   17.390661]  ret_from_fork+0x116/0x1d0
[   17.391140]  ret_from_fork_asm+0x1a/0x30
[   17.391557] 
[   17.391736] The buggy address belongs to the object at ffff888103908a00
[   17.391736]  which belongs to the cache kmalloc-256 of size 256
[   17.392915] The buggy address is located 33 bytes to the right of
[   17.392915]  allocated 201-byte region [ffff888103908a00, ffff888103908ac9)
[   17.393857] 
[   17.394016] The buggy address belongs to the physical page:
[   17.394458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   17.395204] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.396082] flags: 0x200000000000040(head|node=0|zone=2)
[   17.397200] page_type: f5(slab)
[   17.397529] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.398116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.398890] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.399518] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.400436] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   17.400888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.401542] page dumped because: kasan: bad access detected
[   17.401903] 
[   17.402101] Memory state around the buggy address:
[   17.402633]  ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.403341]  ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.403893] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.404654]                                                           ^
[   17.405298]  ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.405802]  ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.406415] ==================================================================
[   17.277545] ==================================================================
[   17.278093] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   17.278691] Write of size 1 at addr ffff888103908ad0 by task kunit_try_catch/185
[   17.279262] 
[   17.279518] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.279652] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.279688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.279747] Call Trace:
[   17.279784]  <TASK>
[   17.279829]  dump_stack_lvl+0x73/0xb0
[   17.279928]  print_report+0xd1/0x650
[   17.280003]  ? __virt_addr_valid+0x1db/0x2d0
[   17.280081]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.280155]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.280261]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.280341]  kasan_report+0x141/0x180
[   17.280416]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   17.280501]  __asan_report_store1_noabort+0x1b/0x30
[   17.280581]  krealloc_less_oob_helper+0xe23/0x11d0
[   17.280660]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.280734]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   17.280822]  ? __pfx_krealloc_less_oob+0x10/0x10
[   17.280911]  krealloc_less_oob+0x1c/0x30
[   17.280980]  kunit_try_run_case+0x1a5/0x480
[   17.281048]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.281084]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.281114]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.281152]  ? __kthread_parkme+0x82/0x180
[   17.281180]  ? preempt_count_sub+0x50/0x80
[   17.281212]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.281284]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.281321]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.281354]  kthread+0x337/0x6f0
[   17.281380]  ? trace_preempt_on+0x20/0xc0
[   17.281415]  ? __pfx_kthread+0x10/0x10
[   17.281443]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.281476]  ? calculate_sigpending+0x7b/0xa0
[   17.281510]  ? __pfx_kthread+0x10/0x10
[   17.281539]  ret_from_fork+0x116/0x1d0
[   17.281563]  ? __pfx_kthread+0x10/0x10
[   17.281591]  ret_from_fork_asm+0x1a/0x30
[   17.281633]  </TASK>
[   17.281648] 
[   17.295985] Allocated by task 185:
[   17.296429]  kasan_save_stack+0x45/0x70
[   17.296892]  kasan_save_track+0x18/0x40
[   17.297396]  kasan_save_alloc_info+0x3b/0x50
[   17.297857]  __kasan_krealloc+0x190/0x1f0
[   17.298343]  krealloc_noprof+0xf3/0x340
[   17.298913]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.299704]  krealloc_less_oob+0x1c/0x30
[   17.300265]  kunit_try_run_case+0x1a5/0x480
[   17.300714]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.301293]  kthread+0x337/0x6f0
[   17.301662]  ret_from_fork+0x116/0x1d0
[   17.302077]  ret_from_fork_asm+0x1a/0x30
[   17.302531] 
[   17.302744] The buggy address belongs to the object at ffff888103908a00
[   17.302744]  which belongs to the cache kmalloc-256 of size 256
[   17.303897] The buggy address is located 7 bytes to the right of
[   17.303897]  allocated 201-byte region [ffff888103908a00, ffff888103908ac9)
[   17.304885] 
[   17.305090] The buggy address belongs to the physical page:
[   17.305694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   17.306443] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.307063] flags: 0x200000000000040(head|node=0|zone=2)
[   17.307771] page_type: f5(slab)
[   17.308162] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.308849] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.309625] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.310373] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.311017] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   17.311696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.312470] page dumped because: kasan: bad access detected
[   17.314432] 
[   17.314785] Memory state around the buggy address:
[   17.315121]  ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.316042]  ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.316704] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.317342]                                                  ^
[   17.317714]  ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.318501]  ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.319119] ==================================================================
[   17.717727] ==================================================================
[   17.718259] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   17.719172] Write of size 1 at addr ffff88810395a0eb by task kunit_try_catch/189
[   17.719727] 
[   17.720017] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.720197] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.720262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.720355] Call Trace:
[   17.720405]  <TASK>
[   17.720512]  dump_stack_lvl+0x73/0xb0
[   17.720620]  print_report+0xd1/0x650
[   17.720694]  ? __virt_addr_valid+0x1db/0x2d0
[   17.720763]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.720850]  ? kasan_addr_to_slab+0x11/0xa0
[   17.720919]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.720992]  kasan_report+0x141/0x180
[   17.721063]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   17.721145]  __asan_report_store1_noabort+0x1b/0x30
[   17.721219]  krealloc_less_oob_helper+0xd47/0x11d0
[   17.721297]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.721369]  ? finish_task_switch.isra.0+0x153/0x700
[   17.721441]  ? __switch_to+0x47/0xf50
[   17.721541]  ? __schedule+0x10cc/0x2b60
[   17.721635]  ? __pfx_read_tsc+0x10/0x10
[   17.721747]  krealloc_large_less_oob+0x1c/0x30
[   17.721820]  kunit_try_run_case+0x1a5/0x480
[   17.721912]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.721948]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.721978]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.722014]  ? __kthread_parkme+0x82/0x180
[   17.722041]  ? preempt_count_sub+0x50/0x80
[   17.722071]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.722103]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.722134]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.722164]  kthread+0x337/0x6f0
[   17.722190]  ? trace_preempt_on+0x20/0xc0
[   17.722233]  ? __pfx_kthread+0x10/0x10
[   17.722305]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.722367]  ? calculate_sigpending+0x7b/0xa0
[   17.722404]  ? __pfx_kthread+0x10/0x10
[   17.722433]  ret_from_fork+0x116/0x1d0
[   17.722459]  ? __pfx_kthread+0x10/0x10
[   17.722487]  ret_from_fork_asm+0x1a/0x30
[   17.722528]  </TASK>
[   17.722542] 
[   17.741464] The buggy address belongs to the physical page:
[   17.741952] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958
[   17.742786] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.743816] flags: 0x200000000000040(head|node=0|zone=2)
[   17.744414] page_type: f8(unknown)
[   17.744684] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.745453] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.746145] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   17.746826] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   17.747714] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff
[   17.748585] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   17.749186] page dumped because: kasan: bad access detected
[   17.749921] 
[   17.750078] Memory state around the buggy address:
[   17.751735]  ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.753643]  ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.754352] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   17.754703]                                                           ^
[   17.755055]  ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.755394]  ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   17.755728] ==================================================================
[   17.233795] ==================================================================
[   17.234907] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   17.235446] Write of size 1 at addr ffff888103908ac9 by task kunit_try_catch/185
[   17.236024] 
[   17.236250] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) 
[   17.236376] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.236413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.236469] Call Trace:
[   17.236508]  <TASK>
[   17.236556]  dump_stack_lvl+0x73/0xb0
[   17.236635]  print_report+0xd1/0x650
[   17.236708]  ? __virt_addr_valid+0x1db/0x2d0
[   17.236777]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.236905]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.236983]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.237064]  kasan_report+0x141/0x180
[   17.237136]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   17.237261]  __asan_report_store1_noabort+0x1b/0x30
[   17.237346]  krealloc_less_oob_helper+0xd70/0x11d0
[   17.237427]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   17.237471]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   17.237512]  ? __pfx_krealloc_less_oob+0x10/0x10
[   17.237550]  krealloc_less_oob+0x1c/0x30
[   17.237582]  kunit_try_run_case+0x1a5/0x480
[   17.237618]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.237650]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   17.237679]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.237716]  ? __kthread_parkme+0x82/0x180
[   17.237743]  ? preempt_count_sub+0x50/0x80
[   17.237775]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.237808]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.237867]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.237905]  kthread+0x337/0x6f0
[   17.237932]  ? trace_preempt_on+0x20/0xc0
[   17.237965]  ? __pfx_kthread+0x10/0x10
[   17.237994]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.238030]  ? calculate_sigpending+0x7b/0xa0
[   17.238065]  ? __pfx_kthread+0x10/0x10
[   17.238095]  ret_from_fork+0x116/0x1d0
[   17.238120]  ? __pfx_kthread+0x10/0x10
[   17.238148]  ret_from_fork_asm+0x1a/0x30
[   17.238190]  </TASK>
[   17.238206] 
[   17.255136] Allocated by task 185:
[   17.255732]  kasan_save_stack+0x45/0x70
[   17.256359]  kasan_save_track+0x18/0x40
[   17.256542]  kasan_save_alloc_info+0x3b/0x50
[   17.256704]  __kasan_krealloc+0x190/0x1f0
[   17.256901]  krealloc_noprof+0xf3/0x340
[   17.257325]  krealloc_less_oob_helper+0x1aa/0x11d0
[   17.257741]  krealloc_less_oob+0x1c/0x30
[   17.258086]  kunit_try_run_case+0x1a5/0x480
[   17.258766]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.259171]  kthread+0x337/0x6f0
[   17.259564]  ret_from_fork+0x116/0x1d0
[   17.260093]  ret_from_fork_asm+0x1a/0x30
[   17.260534] 
[   17.261048] The buggy address belongs to the object at ffff888103908a00
[   17.261048]  which belongs to the cache kmalloc-256 of size 256
[   17.262178] The buggy address is located 0 bytes to the right of
[   17.262178]  allocated 201-byte region [ffff888103908a00, ffff888103908ac9)
[   17.263285] 
[   17.263640] The buggy address belongs to the physical page:
[   17.264367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908
[   17.265068] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.266118] flags: 0x200000000000040(head|node=0|zone=2)
[   17.266757] page_type: f5(slab)
[   17.267094] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.267645] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.268179] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   17.268722] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.269397] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff
[   17.269966] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   17.270568] page dumped because: kasan: bad access detected
[   17.270956] 
[   17.271164] Memory state around the buggy address:
[   17.271632]  ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.272181]  ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.272794] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   17.273362]                                               ^
[   17.273723]  ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.274345]  ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.274790] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ycmAbKpM2fPU7JFlL3VFcggZyX

job_id

TEST:linaro@lkft#2ycmHIv4OjqzuY4se718cLGQLXs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ycmHIv4OjqzuY4se718cLGQLXs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/bzImage
sha256sum	e8ff53ed1294ecb6e3942f69c9702cf67245fcd535135359b70f78a45efa657a

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ycmDNxoP9hdgB9eqatUl05sOIC/modules.tar.xz
sha256sum	4b7f7ee9385141e7d851b6b43f3ef6c0857845282181ddc6cfac1e13c3ff02a7

durations

tests

boot	0
kunit	223.55

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit