lkft/linux-next-master - next-20250618 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 18, 2025, 6:43 a.m.

Environment
qemu-arm64
qemu-x86_64

[   19.995477] ==================================================================
[   19.995613] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   19.995722] Write of size 1 at addr fff00000c59a8ec9 by task kunit_try_catch/168
[   19.995961] 
[   19.996080] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   19.996316] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.996377] Hardware name: linux,dummy-virt (DT)
[   19.996468] Call trace:
[   19.996524]  show_stack+0x20/0x38 (C)
[   19.996650]  dump_stack_lvl+0x8c/0xd0
[   19.996751]  print_report+0x118/0x608
[   19.996851]  kasan_report+0xdc/0x128
[   19.997075]  __asan_report_store1_noabort+0x20/0x30
[   19.997193]  krealloc_less_oob_helper+0xa48/0xc50
[   19.997301]  krealloc_less_oob+0x20/0x38
[   19.997394]  kunit_try_run_case+0x170/0x3f0
[   19.997496]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.997610]  kthread+0x328/0x630
[   19.997701]  ret_from_fork+0x10/0x20
[   19.997809] 
[   19.997847] Allocated by task 168:
[   19.997907]  kasan_save_stack+0x3c/0x68
[   19.998028]  kasan_save_track+0x20/0x40
[   19.998096]  kasan_save_alloc_info+0x40/0x58
[   19.998164]  __kasan_krealloc+0x118/0x178
[   19.998236]  krealloc_noprof+0x128/0x360
[   19.998330]  krealloc_less_oob_helper+0x168/0xc50
[   19.998407]  krealloc_less_oob+0x20/0x38
[   19.998482]  kunit_try_run_case+0x170/0x3f0
[   19.998653]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.998783]  kthread+0x328/0x630
[   19.998877]  ret_from_fork+0x10/0x20
[   19.998944] 
[   19.998986] The buggy address belongs to the object at fff00000c59a8e00
[   19.998986]  which belongs to the cache kmalloc-256 of size 256
[   19.999137] The buggy address is located 0 bytes to the right of
[   19.999137]  allocated 201-byte region [fff00000c59a8e00, fff00000c59a8ec9)
[   19.999303] 
[   19.999349] The buggy address belongs to the physical page:
[   19.999419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059a8
[   19.999556] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.999645] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.999764] page_type: f5(slab)
[   19.999911] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.000209] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.000301] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.000386] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.000479] head: 0bfffe0000000001 ffffc1ffc3166a01 00000000ffffffff 00000000ffffffff
[   20.000591] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.000692] page dumped because: kasan: bad access detected
[   20.000802] 
[   20.000843] Memory state around the buggy address:
[   20.000935]  fff00000c59a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.001041]  fff00000c59a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.001137] >fff00000c59a8e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.001219]                                               ^
[   20.001289]  fff00000c59a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.001381]  fff00000c59a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.001464] ==================================================================
[   20.003742] ==================================================================
[   20.003856] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   20.004478] Write of size 1 at addr fff00000c59a8ed0 by task kunit_try_catch/168
[   20.004609] 
[   20.004699] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.004892] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.004955] Hardware name: linux,dummy-virt (DT)
[   20.005030] Call trace:
[   20.005076]  show_stack+0x20/0x38 (C)
[   20.005186]  dump_stack_lvl+0x8c/0xd0
[   20.005291]  print_report+0x118/0x608
[   20.005394]  kasan_report+0xdc/0x128
[   20.005495]  __asan_report_store1_noabort+0x20/0x30
[   20.005612]  krealloc_less_oob_helper+0xb9c/0xc50
[   20.005724]  krealloc_less_oob+0x20/0x38
[   20.005829]  kunit_try_run_case+0x170/0x3f0
[   20.005936]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.006950]  kthread+0x328/0x630
[   20.007334]  ret_from_fork+0x10/0x20
[   20.008124] 
[   20.008209] Allocated by task 168:
[   20.008382]  kasan_save_stack+0x3c/0x68
[   20.008570]  kasan_save_track+0x20/0x40
[   20.008959]  kasan_save_alloc_info+0x40/0x58
[   20.009284]  __kasan_krealloc+0x118/0x178
[   20.009414]  krealloc_noprof+0x128/0x360
[   20.009506]  krealloc_less_oob_helper+0x168/0xc50
[   20.009585]  krealloc_less_oob+0x20/0x38
[   20.009656]  kunit_try_run_case+0x170/0x3f0
[   20.010417]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.010582]  kthread+0x328/0x630
[   20.010658]  ret_from_fork+0x10/0x20
[   20.010897] 
[   20.011036] The buggy address belongs to the object at fff00000c59a8e00
[   20.011036]  which belongs to the cache kmalloc-256 of size 256
[   20.011163] The buggy address is located 7 bytes to the right of
[   20.011163]  allocated 201-byte region [fff00000c59a8e00, fff00000c59a8ec9)
[   20.011295] 
[   20.011338] The buggy address belongs to the physical page:
[   20.011706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059a8
[   20.011904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.012131] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.012738] page_type: f5(slab)
[   20.012845] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.013044] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.013404] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.013566] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.014029] head: 0bfffe0000000001 ffffc1ffc3166a01 00000000ffffffff 00000000ffffffff
[   20.014152] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.014382] page dumped because: kasan: bad access detected
[   20.014669] 
[   20.014709] Memory state around the buggy address:
[   20.014782]  fff00000c59a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.014875]  fff00000c59a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.014956] >fff00000c59a8e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.015026]                                                  ^
[   20.015459]  fff00000c59a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.015787]  fff00000c59a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.016005] ==================================================================
[   20.050232] ==================================================================
[   20.050777] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   20.051205] Write of size 1 at addr fff00000c59a8eea by task kunit_try_catch/168
[   20.051325] 
[   20.051404] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.052114] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.052239] Hardware name: linux,dummy-virt (DT)
[   20.052377] Call trace:
[   20.052442]  show_stack+0x20/0x38 (C)
[   20.052636]  dump_stack_lvl+0x8c/0xd0
[   20.052754]  print_report+0x118/0x608
[   20.053177]  kasan_report+0xdc/0x128
[   20.053940]  __asan_report_store1_noabort+0x20/0x30
[   20.054346]  krealloc_less_oob_helper+0xae4/0xc50
[   20.054475]  krealloc_less_oob+0x20/0x38
[   20.054591]  kunit_try_run_case+0x170/0x3f0
[   20.054697]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.054874]  kthread+0x328/0x630
[   20.054962]  ret_from_fork+0x10/0x20
[   20.055665] 
[   20.055709] Allocated by task 168:
[   20.055782]  kasan_save_stack+0x3c/0x68
[   20.055874]  kasan_save_track+0x20/0x40
[   20.055954]  kasan_save_alloc_info+0x40/0x58
[   20.056110]  __kasan_krealloc+0x118/0x178
[   20.056211]  krealloc_noprof+0x128/0x360
[   20.056823]  krealloc_less_oob_helper+0x168/0xc50
[   20.056927]  krealloc_less_oob+0x20/0x38
[   20.057184]  kunit_try_run_case+0x170/0x3f0
[   20.057276]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.057582]  kthread+0x328/0x630
[   20.057731]  ret_from_fork+0x10/0x20
[   20.058397] 
[   20.058463] The buggy address belongs to the object at fff00000c59a8e00
[   20.058463]  which belongs to the cache kmalloc-256 of size 256
[   20.058716] The buggy address is located 33 bytes to the right of
[   20.058716]  allocated 201-byte region [fff00000c59a8e00, fff00000c59a8ec9)
[   20.058950] 
[   20.059258] The buggy address belongs to the physical page:
[   20.059352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059a8
[   20.059454] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.059555] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.059956] page_type: f5(slab)
[   20.060144] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.060389] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.060515] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.060635] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.060761] head: 0bfffe0000000001 ffffc1ffc3166a01 00000000ffffffff 00000000ffffffff
[   20.060897] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.060999] page dumped because: kasan: bad access detected
[   20.061086] 
[   20.061146] Memory state around the buggy address:
[   20.061224]  fff00000c59a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.061327]  fff00000c59a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.061429] >fff00000c59a8e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.061517]                                                           ^
[   20.061610]  fff00000c59a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.061714]  fff00000c59a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.061804] ==================================================================
[   20.186371] ==================================================================
[   20.186427] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   20.186485] Write of size 1 at addr fff00000c76d20d0 by task kunit_try_catch/172
[   20.186532] 
[   20.186567] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.186646] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.186671] Hardware name: linux,dummy-virt (DT)
[   20.186700] Call trace:
[   20.186721]  show_stack+0x20/0x38 (C)
[   20.186770]  dump_stack_lvl+0x8c/0xd0
[   20.186815]  print_report+0x118/0x608
[   20.186860]  kasan_report+0xdc/0x128
[   20.186902]  __asan_report_store1_noabort+0x20/0x30
[   20.186951]  krealloc_less_oob_helper+0xb9c/0xc50
[   20.186996]  krealloc_large_less_oob+0x20/0x38
[   20.187106]  kunit_try_run_case+0x170/0x3f0
[   20.187324]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.187520]  kthread+0x328/0x630
[   20.187678]  ret_from_fork+0x10/0x20
[   20.187874] 
[   20.187959] The buggy address belongs to the physical page:
[   20.188080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d0
[   20.188202] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.188301] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.188402] page_type: f8(unknown)
[   20.188474] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.188570] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.188677] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.188789] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.188897] head: 0bfffe0000000002 ffffc1ffc31db401 00000000ffffffff 00000000ffffffff
[   20.189005] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.189428] page dumped because: kasan: bad access detected
[   20.189535] 
[   20.189578] Memory state around the buggy address:
[   20.189691]  fff00000c76d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.189877]  fff00000c76d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.190076] >fff00000c76d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   20.190186]                                                  ^
[   20.190278]  fff00000c76d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.190363]  fff00000c76d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.190440] ==================================================================
[   20.180440] ==================================================================
[   20.180608] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   20.180807] Write of size 1 at addr fff00000c76d20c9 by task kunit_try_catch/172
[   20.180961] 
[   20.181090] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.181356] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.181409] Hardware name: linux,dummy-virt (DT)
[   20.181474] Call trace:
[   20.181544]  show_stack+0x20/0x38 (C)
[   20.181688]  dump_stack_lvl+0x8c/0xd0
[   20.181825]  print_report+0x118/0x608
[   20.181957]  kasan_report+0xdc/0x128
[   20.182132]  __asan_report_store1_noabort+0x20/0x30
[   20.182242]  krealloc_less_oob_helper+0xa48/0xc50
[   20.182617]  krealloc_large_less_oob+0x20/0x38
[   20.182979]  kunit_try_run_case+0x170/0x3f0
[   20.183119]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.183223]  kthread+0x328/0x630
[   20.183311]  ret_from_fork+0x10/0x20
[   20.183407] 
[   20.183445] The buggy address belongs to the physical page:
[   20.183535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d0
[   20.183644] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.183745] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.183852] page_type: f8(unknown)
[   20.183937] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.184072] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.184232] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.184339] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.184449] head: 0bfffe0000000002 ffffc1ffc31db401 00000000ffffffff 00000000ffffffff
[   20.184574] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.184686] page dumped because: kasan: bad access detected
[   20.184785] 
[   20.184833] Memory state around the buggy address:
[   20.184900]  fff00000c76d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.184998]  fff00000c76d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.185091] >fff00000c76d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   20.185163]                                               ^
[   20.185225]  fff00000c76d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.185307]  fff00000c76d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.185383] ==================================================================
[   20.021042] ==================================================================
[   20.021160] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   20.021696] Write of size 1 at addr fff00000c59a8eda by task kunit_try_catch/168
[   20.021830] 
[   20.022100] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.022795] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.022926] Hardware name: linux,dummy-virt (DT)
[   20.023047] Call trace:
[   20.023177]  show_stack+0x20/0x38 (C)
[   20.023379]  dump_stack_lvl+0x8c/0xd0
[   20.023492]  print_report+0x118/0x608
[   20.023660]  kasan_report+0xdc/0x128
[   20.024059]  __asan_report_store1_noabort+0x20/0x30
[   20.024510]  krealloc_less_oob_helper+0xa80/0xc50
[   20.024713]  krealloc_less_oob+0x20/0x38
[   20.025091]  kunit_try_run_case+0x170/0x3f0
[   20.025445]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.025576]  kthread+0x328/0x630
[   20.025673]  ret_from_fork+0x10/0x20
[   20.025778] 
[   20.025815] Allocated by task 168:
[   20.025874]  kasan_save_stack+0x3c/0x68
[   20.027436]  kasan_save_track+0x20/0x40
[   20.028426]  kasan_save_alloc_info+0x40/0x58
[   20.028808]  __kasan_krealloc+0x118/0x178
[   20.029546]  krealloc_noprof+0x128/0x360
[   20.030104]  krealloc_less_oob_helper+0x168/0xc50
[   20.030453]  krealloc_less_oob+0x20/0x38
[   20.030529]  kunit_try_run_case+0x170/0x3f0
[   20.031324]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.031700]  kthread+0x328/0x630
[   20.031776]  ret_from_fork+0x10/0x20
[   20.031853] 
[   20.031896] The buggy address belongs to the object at fff00000c59a8e00
[   20.031896]  which belongs to the cache kmalloc-256 of size 256
[   20.032815] The buggy address is located 17 bytes to the right of
[   20.032815]  allocated 201-byte region [fff00000c59a8e00, fff00000c59a8ec9)
[   20.033485] 
[   20.033880] The buggy address belongs to the physical page:
[   20.034206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059a8
[   20.034314] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.034809] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.034954] page_type: f5(slab)
[   20.035048] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.035166] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.036517] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.036850] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.037670] head: 0bfffe0000000001 ffffc1ffc3166a01 00000000ffffffff 00000000ffffffff
[   20.038168] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.038434] page dumped because: kasan: bad access detected
[   20.038505] 
[   20.038773] Memory state around the buggy address:
[   20.038864]  fff00000c59a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.039043]  fff00000c59a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.039188] >fff00000c59a8e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.039273]                                                     ^
[   20.039608]  fff00000c59a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.039942]  fff00000c59a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.040197] ==================================================================
[   20.199909] ==================================================================
[   20.200008] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   20.200128] Write of size 1 at addr fff00000c76d20ea by task kunit_try_catch/172
[   20.200240] 
[   20.200665] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.200930] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.201083] Hardware name: linux,dummy-virt (DT)
[   20.201195] Call trace:
[   20.201456]  show_stack+0x20/0x38 (C)
[   20.201628]  dump_stack_lvl+0x8c/0xd0
[   20.201844]  print_report+0x118/0x608
[   20.202058]  kasan_report+0xdc/0x128
[   20.202222]  __asan_report_store1_noabort+0x20/0x30
[   20.202432]  krealloc_less_oob_helper+0xae4/0xc50
[   20.202613]  krealloc_large_less_oob+0x20/0x38
[   20.202710]  kunit_try_run_case+0x170/0x3f0
[   20.202793]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.202887]  kthread+0x328/0x630
[   20.203255]  ret_from_fork+0x10/0x20
[   20.203367] 
[   20.203504] The buggy address belongs to the physical page:
[   20.203578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d0
[   20.203822] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.203997] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.204115] page_type: f8(unknown)
[   20.204198] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.204306] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.204413] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.204518] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.204649] head: 0bfffe0000000002 ffffc1ffc31db401 00000000ffffffff 00000000ffffffff
[   20.204761] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.204846] page dumped because: kasan: bad access detected
[   20.205255] 
[   20.205304] Memory state around the buggy address:
[   20.205821]  fff00000c76d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.206119]  fff00000c76d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.206216] >fff00000c76d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   20.206303]                                                           ^
[   20.206439]  fff00000c76d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.206583]  fff00000c76d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.206747] ==================================================================
[   20.207406] ==================================================================
[   20.207506] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   20.207603] Write of size 1 at addr fff00000c76d20eb by task kunit_try_catch/172
[   20.207706] 
[   20.207762] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.207935] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.207992] Hardware name: linux,dummy-virt (DT)
[   20.208067] Call trace:
[   20.208113]  show_stack+0x20/0x38 (C)
[   20.208220]  dump_stack_lvl+0x8c/0xd0
[   20.208322]  print_report+0x118/0x608
[   20.208425]  kasan_report+0xdc/0x128
[   20.208536]  __asan_report_store1_noabort+0x20/0x30
[   20.208660]  krealloc_less_oob_helper+0xa58/0xc50
[   20.208776]  krealloc_large_less_oob+0x20/0x38
[   20.208879]  kunit_try_run_case+0x170/0x3f0
[   20.208980]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.210810]  kthread+0x328/0x630
[   20.210908]  ret_from_fork+0x10/0x20
[   20.211008] 
[   20.211059] The buggy address belongs to the physical page:
[   20.211120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d0
[   20.211235] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.211334] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.211865] page_type: f8(unknown)
[   20.212087] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.212744] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.213135] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.213264] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.213445] head: 0bfffe0000000002 ffffc1ffc31db401 00000000ffffffff 00000000ffffffff
[   20.213551] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.213634] page dumped because: kasan: bad access detected
[   20.213696] 
[   20.213732] Memory state around the buggy address:
[   20.213983]  fff00000c76d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.214150]  fff00000c76d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.214264] >fff00000c76d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   20.214350]                                                           ^
[   20.214434]  fff00000c76d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.214525]  fff00000c76d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.214605] ==================================================================
[   20.064277] ==================================================================
[   20.064396] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   20.064515] Write of size 1 at addr fff00000c59a8eeb by task kunit_try_catch/168
[   20.065629] 
[   20.065817] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.066695] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.066943] Hardware name: linux,dummy-virt (DT)
[   20.067136] Call trace:
[   20.067245]  show_stack+0x20/0x38 (C)
[   20.067612]  dump_stack_lvl+0x8c/0xd0
[   20.067809]  print_report+0x118/0x608
[   20.067945]  kasan_report+0xdc/0x128
[   20.068338]  __asan_report_store1_noabort+0x20/0x30
[   20.069031]  krealloc_less_oob_helper+0xa58/0xc50
[   20.069227]  krealloc_less_oob+0x20/0x38
[   20.069445]  kunit_try_run_case+0x170/0x3f0
[   20.069566]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.069938]  kthread+0x328/0x630
[   20.070116]  ret_from_fork+0x10/0x20
[   20.070505] 
[   20.070563] Allocated by task 168:
[   20.070871]  kasan_save_stack+0x3c/0x68
[   20.070976]  kasan_save_track+0x20/0x40
[   20.071344]  kasan_save_alloc_info+0x40/0x58
[   20.071744]  __kasan_krealloc+0x118/0x178
[   20.071867]  krealloc_noprof+0x128/0x360
[   20.071961]  krealloc_less_oob_helper+0x168/0xc50
[   20.072263]  krealloc_less_oob+0x20/0x38
[   20.072368]  kunit_try_run_case+0x170/0x3f0
[   20.072580]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.073226]  kthread+0x328/0x630
[   20.073327]  ret_from_fork+0x10/0x20
[   20.073505] 
[   20.073563] The buggy address belongs to the object at fff00000c59a8e00
[   20.073563]  which belongs to the cache kmalloc-256 of size 256
[   20.073717] The buggy address is located 34 bytes to the right of
[   20.073717]  allocated 201-byte region [fff00000c59a8e00, fff00000c59a8ec9)
[   20.073866] 
[   20.073913] The buggy address belongs to the physical page:
[   20.073989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059a8
[   20.074409] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.074891] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.075411] page_type: f5(slab)
[   20.075500] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.075672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.075809] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   20.076694] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   20.077447] head: 0bfffe0000000001 ffffc1ffc3166a01 00000000ffffffff 00000000ffffffff
[   20.077578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   20.077678] page dumped because: kasan: bad access detected
[   20.077766] 
[   20.077807] Memory state around the buggy address:
[   20.077885]  fff00000c59a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.078261]  fff00000c59a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.078760] >fff00000c59a8e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   20.078864]                                                           ^
[   20.078946]  fff00000c59a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.079038]  fff00000c59a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.079109] ==================================================================
[   20.191917] ==================================================================
[   20.192056] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   20.192426] Write of size 1 at addr fff00000c76d20da by task kunit_try_catch/172
[   20.192634] 
[   20.192738] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT 
[   20.193182] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.193249] Hardware name: linux,dummy-virt (DT)
[   20.193369] Call trace:
[   20.193470]  show_stack+0x20/0x38 (C)
[   20.193772]  dump_stack_lvl+0x8c/0xd0
[   20.193914]  print_report+0x118/0x608
[   20.194141]  kasan_report+0xdc/0x128
[   20.194275]  __asan_report_store1_noabort+0x20/0x30
[   20.194454]  krealloc_less_oob_helper+0xa80/0xc50
[   20.194540]  krealloc_large_less_oob+0x20/0x38
[   20.194625]  kunit_try_run_case+0x170/0x3f0
[   20.194718]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.195055]  kthread+0x328/0x630
[   20.195258]  ret_from_fork+0x10/0x20
[   20.195483] 
[   20.195727] The buggy address belongs to the physical page:
[   20.195841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076d0
[   20.196084] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   20.196176] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   20.196360] page_type: f8(unknown)
[   20.196441] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.196880] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.197070] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   20.197260] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   20.197360] head: 0bfffe0000000002 ffffc1ffc31db401 00000000ffffffff 00000000ffffffff
[   20.197621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   20.197710] page dumped because: kasan: bad access detected
[   20.197840] 
[   20.197899] Memory state around the buggy address:
[   20.198101]  fff00000c76d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.198232]  fff00000c76d2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   20.198365] >fff00000c76d2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   20.198434]                                                     ^
[   20.198498]  fff00000c76d2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.198576]  fff00000c76d2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   20.198652] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcKukFQMOtwGu89FbiLnnYMcv

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcKukFQMOtwGu89FbiLnnYMcv

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/Image.gz
sha256sum	79b35f965911e8ff982969cf0605b0bd2094f0c42bb36563e2c84399e66104a2

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcHe4K7nlJBWYp4ZhzLcSXWjn/modules.tar.xz
sha256sum	103eda217975c92326d72877fbd7b01adb7c5cccd1ce9b6932689a978eb4696f

durations

tests

boot	0
kunit	333.34

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   10.884019] ==================================================================
[   10.884561] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   10.885112] Write of size 1 at addr ffff88810037e8ea by task kunit_try_catch/184
[   10.885436] 
[   10.885516] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.885559] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.885570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.885590] Call Trace:
[   10.885603]  <TASK>
[   10.885617]  dump_stack_lvl+0x73/0xb0
[   10.885642]  print_report+0xd1/0x650
[   10.885662]  ? __virt_addr_valid+0x1db/0x2d0
[   10.885683]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.885704]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.885728]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.885810]  kasan_report+0x141/0x180
[   10.885831]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   10.885876]  __asan_report_store1_noabort+0x1b/0x30
[   10.885899]  krealloc_less_oob_helper+0xe90/0x11d0
[   10.885933]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.885955]  ? finish_task_switch.isra.0+0x153/0x700
[   10.885976]  ? __switch_to+0x47/0xf50
[   10.886001]  ? __schedule+0x10cc/0x2b60
[   10.886021]  ? __pfx_read_tsc+0x10/0x10
[   10.886044]  krealloc_less_oob+0x1c/0x30
[   10.886064]  kunit_try_run_case+0x1a5/0x480
[   10.886086]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.886106]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.886127]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.886148]  ? __kthread_parkme+0x82/0x180
[   10.886167]  ? preempt_count_sub+0x50/0x80
[   10.886188]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.886220]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.886241]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.886263]  kthread+0x337/0x6f0
[   10.886281]  ? trace_preempt_on+0x20/0xc0
[   10.886323]  ? __pfx_kthread+0x10/0x10
[   10.886343]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.886362]  ? calculate_sigpending+0x7b/0xa0
[   10.886384]  ? __pfx_kthread+0x10/0x10
[   10.886404]  ret_from_fork+0x116/0x1d0
[   10.886421]  ? __pfx_kthread+0x10/0x10
[   10.886472]  ret_from_fork_asm+0x1a/0x30
[   10.886501]  </TASK>
[   10.886511] 
[   10.894173] Allocated by task 184:
[   10.894371]  kasan_save_stack+0x45/0x70
[   10.894537]  kasan_save_track+0x18/0x40
[   10.894912]  kasan_save_alloc_info+0x3b/0x50
[   10.895136]  __kasan_krealloc+0x190/0x1f0
[   10.895339]  krealloc_noprof+0xf3/0x340
[   10.895540]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.895843]  krealloc_less_oob+0x1c/0x30
[   10.895989]  kunit_try_run_case+0x1a5/0x480
[   10.896169]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.896460]  kthread+0x337/0x6f0
[   10.896599]  ret_from_fork+0x116/0x1d0
[   10.896731]  ret_from_fork_asm+0x1a/0x30
[   10.896863] 
[   10.896926] The buggy address belongs to the object at ffff88810037e800
[   10.896926]  which belongs to the cache kmalloc-256 of size 256
[   10.897614] The buggy address is located 33 bytes to the right of
[   10.897614]  allocated 201-byte region [ffff88810037e800, ffff88810037e8c9)
[   10.898149] 
[   10.898253] The buggy address belongs to the physical page:
[   10.898573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e
[   10.898811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.899048] flags: 0x200000000000040(head|node=0|zone=2)
[   10.899461] page_type: f5(slab)
[   10.899649] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.899998] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.900345] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.900571] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.900841] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff
[   10.901233] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.901563] page dumped because: kasan: bad access detected
[   10.901776] 
[   10.901837] Memory state around the buggy address:
[   10.901985]  ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.902507]  ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.902833] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.903150]                                                           ^
[   10.903420]  ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.903826]  ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.904110] ==================================================================
[   10.808870] ==================================================================
[   10.810012] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.810816] Write of size 1 at addr ffff88810037e8c9 by task kunit_try_catch/184
[   10.811591] 
[   10.812154] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.812222] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.812235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.812257] Call Trace:
[   10.812270]  <TASK>
[   10.812287]  dump_stack_lvl+0x73/0xb0
[   10.812318]  print_report+0xd1/0x650
[   10.812338]  ? __virt_addr_valid+0x1db/0x2d0
[   10.812361]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.812382]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.812406]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.812428]  kasan_report+0x141/0x180
[   10.812449]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.812475]  __asan_report_store1_noabort+0x1b/0x30
[   10.812497]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.812521]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.812543]  ? finish_task_switch.isra.0+0x153/0x700
[   10.812564]  ? __switch_to+0x47/0xf50
[   10.812589]  ? __schedule+0x10cc/0x2b60
[   10.812610]  ? __pfx_read_tsc+0x10/0x10
[   10.812633]  krealloc_less_oob+0x1c/0x30
[   10.812660]  kunit_try_run_case+0x1a5/0x480
[   10.812683]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.812704]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.812725]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.812746]  ? __kthread_parkme+0x82/0x180
[   10.812765]  ? preempt_count_sub+0x50/0x80
[   10.812787]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.812809]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.812830]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.812852]  kthread+0x337/0x6f0
[   10.812870]  ? trace_preempt_on+0x20/0xc0
[   10.812893]  ? __pfx_kthread+0x10/0x10
[   10.812912]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.812931]  ? calculate_sigpending+0x7b/0xa0
[   10.812954]  ? __pfx_kthread+0x10/0x10
[   10.812974]  ret_from_fork+0x116/0x1d0
[   10.812991]  ? __pfx_kthread+0x10/0x10
[   10.813010]  ret_from_fork_asm+0x1a/0x30
[   10.813039]  </TASK>
[   10.813049] 
[   10.824950] Allocated by task 184:
[   10.825085]  kasan_save_stack+0x45/0x70
[   10.825321]  kasan_save_track+0x18/0x40
[   10.825578]  kasan_save_alloc_info+0x3b/0x50
[   10.825800]  __kasan_krealloc+0x190/0x1f0
[   10.825951]  krealloc_noprof+0xf3/0x340
[   10.826111]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.826368]  krealloc_less_oob+0x1c/0x30
[   10.826614]  kunit_try_run_case+0x1a5/0x480
[   10.826793]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.827020]  kthread+0x337/0x6f0
[   10.827133]  ret_from_fork+0x116/0x1d0
[   10.827292]  ret_from_fork_asm+0x1a/0x30
[   10.827695] 
[   10.827798] The buggy address belongs to the object at ffff88810037e800
[   10.827798]  which belongs to the cache kmalloc-256 of size 256
[   10.828376] The buggy address is located 0 bytes to the right of
[   10.828376]  allocated 201-byte region [ffff88810037e800, ffff88810037e8c9)
[   10.828961] 
[   10.829043] The buggy address belongs to the physical page:
[   10.829329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e
[   10.829708] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.830015] flags: 0x200000000000040(head|node=0|zone=2)
[   10.830241] page_type: f5(slab)
[   10.830401] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.830691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.830996] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.831342] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.831636] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff
[   10.831888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.832225] page dumped because: kasan: bad access detected
[   10.832476] 
[   10.832558] Memory state around the buggy address:
[   10.832710]  ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.832924]  ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.833315] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.833808]                                               ^
[   10.834067]  ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.834408]  ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.834710] ==================================================================
[   10.904572] ==================================================================
[   10.904914] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   10.905283] Write of size 1 at addr ffff88810037e8eb by task kunit_try_catch/184
[   10.905580] 
[   10.905653] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.905695] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.905705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.905724] Call Trace:
[   10.905738]  <TASK>
[   10.905751]  dump_stack_lvl+0x73/0xb0
[   10.905775]  print_report+0xd1/0x650
[   10.905794]  ? __virt_addr_valid+0x1db/0x2d0
[   10.905816]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.905837]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.906036]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.906059]  kasan_report+0x141/0x180
[   10.906080]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   10.906106]  __asan_report_store1_noabort+0x1b/0x30
[   10.906129]  krealloc_less_oob_helper+0xd47/0x11d0
[   10.906153]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.906194]  ? finish_task_switch.isra.0+0x153/0x700
[   10.906225]  ? __switch_to+0x47/0xf50
[   10.906248]  ? __schedule+0x10cc/0x2b60
[   10.906268]  ? __pfx_read_tsc+0x10/0x10
[   10.906291]  krealloc_less_oob+0x1c/0x30
[   10.906311]  kunit_try_run_case+0x1a5/0x480
[   10.906335]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.906355]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.906376]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.906397]  ? __kthread_parkme+0x82/0x180
[   10.906415]  ? preempt_count_sub+0x50/0x80
[   10.906480]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.906505]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.906526]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.906547]  kthread+0x337/0x6f0
[   10.906566]  ? trace_preempt_on+0x20/0xc0
[   10.906589]  ? __pfx_kthread+0x10/0x10
[   10.906608]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.906627]  ? calculate_sigpending+0x7b/0xa0
[   10.906650]  ? __pfx_kthread+0x10/0x10
[   10.906669]  ret_from_fork+0x116/0x1d0
[   10.906687]  ? __pfx_kthread+0x10/0x10
[   10.906729]  ret_from_fork_asm+0x1a/0x30
[   10.906758]  </TASK>
[   10.906768] 
[   10.914921] Allocated by task 184:
[   10.915091]  kasan_save_stack+0x45/0x70
[   10.915736]  kasan_save_track+0x18/0x40
[   10.915948]  kasan_save_alloc_info+0x3b/0x50
[   10.916148]  __kasan_krealloc+0x190/0x1f0
[   10.916444]  krealloc_noprof+0xf3/0x340
[   10.917231]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.917693]  krealloc_less_oob+0x1c/0x30
[   10.917944]  kunit_try_run_case+0x1a5/0x480
[   10.918262]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.918738]  kthread+0x337/0x6f0
[   10.919034]  ret_from_fork+0x116/0x1d0
[   10.919335]  ret_from_fork_asm+0x1a/0x30
[   10.919708] 
[   10.919808] The buggy address belongs to the object at ffff88810037e800
[   10.919808]  which belongs to the cache kmalloc-256 of size 256
[   10.920517] The buggy address is located 34 bytes to the right of
[   10.920517]  allocated 201-byte region [ffff88810037e800, ffff88810037e8c9)
[   10.921346] 
[   10.921804] The buggy address belongs to the physical page:
[   10.922050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e
[   10.922589] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.923088] flags: 0x200000000000040(head|node=0|zone=2)
[   10.923523] page_type: f5(slab)
[   10.923680] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.923976] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.924587] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.925171] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.925747] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff
[   10.926177] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.926878] page dumped because: kasan: bad access detected
[   10.927120] 
[   10.927441] Memory state around the buggy address:
[   10.927774]  ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.928063]  ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.928773] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.929195]                                                           ^
[   10.929768]  ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.930151]  ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.930675] ==================================================================
[   10.973391] ==================================================================
[   10.974074] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   10.974406] Write of size 1 at addr ffff888102c460c9 by task kunit_try_catch/188
[   10.974818] 
[   10.974928] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.974974] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.974985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.975004] Call Trace:
[   10.975015]  <TASK>
[   10.975030]  dump_stack_lvl+0x73/0xb0
[   10.975056]  print_report+0xd1/0x650
[   10.975076]  ? __virt_addr_valid+0x1db/0x2d0
[   10.975098]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.975120]  ? kasan_addr_to_slab+0x11/0xa0
[   10.975139]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.975161]  kasan_report+0x141/0x180
[   10.975181]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   10.975218]  __asan_report_store1_noabort+0x1b/0x30
[   10.975241]  krealloc_less_oob_helper+0xd70/0x11d0
[   10.975264]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.975288]  ? finish_task_switch.isra.0+0x153/0x700
[   10.975309]  ? __switch_to+0x47/0xf50
[   10.975334]  ? __schedule+0x10cc/0x2b60
[   10.975355]  ? __pfx_read_tsc+0x10/0x10
[   10.975379]  krealloc_large_less_oob+0x1c/0x30
[   10.975400]  kunit_try_run_case+0x1a5/0x480
[   10.975422]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.975443]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.975464]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.975485]  ? __kthread_parkme+0x82/0x180
[   10.975505]  ? preempt_count_sub+0x50/0x80
[   10.975526]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.975547]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.975568]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.975590]  kthread+0x337/0x6f0
[   10.975608]  ? trace_preempt_on+0x20/0xc0
[   10.975630]  ? __pfx_kthread+0x10/0x10
[   10.975649]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.975668]  ? calculate_sigpending+0x7b/0xa0
[   10.975691]  ? __pfx_kthread+0x10/0x10
[   10.975711]  ret_from_fork+0x116/0x1d0
[   10.975728]  ? __pfx_kthread+0x10/0x10
[   10.975747]  ret_from_fork_asm+0x1a/0x30
[   10.975775]  </TASK>
[   10.975785] 
[   10.983130] The buggy address belongs to the physical page:
[   10.983526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44
[   10.983898] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.984180] flags: 0x200000000000040(head|node=0|zone=2)
[   10.984413] page_type: f8(unknown)
[   10.984612] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.984926] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   10.985174] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   10.985496] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   10.986019] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff
[   10.986428] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   10.986960] page dumped because: kasan: bad access detected
[   10.987239] 
[   10.987328] Memory state around the buggy address:
[   10.987610]  ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.987888]  ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.988166] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   10.988488]                                               ^
[   10.988666]  ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.988872]  ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   10.989076] ==================================================================
[   10.836614] ==================================================================
[   10.837330] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.838056] Write of size 1 at addr ffff88810037e8d0 by task kunit_try_catch/184
[   10.838529] 
[   10.838670] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.838717] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.838728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.838748] Call Trace:
[   10.838760]  <TASK>
[   10.838775]  dump_stack_lvl+0x73/0xb0
[   10.838802]  print_report+0xd1/0x650
[   10.838822]  ? __virt_addr_valid+0x1db/0x2d0
[   10.838843]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.838865]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.838889]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.838911]  kasan_report+0x141/0x180
[   10.838931]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.838958]  __asan_report_store1_noabort+0x1b/0x30
[   10.838981]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.839005]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.839027]  ? finish_task_switch.isra.0+0x153/0x700
[   10.839048]  ? __switch_to+0x47/0xf50
[   10.839071]  ? __schedule+0x10cc/0x2b60
[   10.839091]  ? __pfx_read_tsc+0x10/0x10
[   10.839114]  krealloc_less_oob+0x1c/0x30
[   10.839134]  kunit_try_run_case+0x1a5/0x480
[   10.839156]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.839177]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.839198]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.839231]  ? __kthread_parkme+0x82/0x180
[   10.839251]  ? preempt_count_sub+0x50/0x80
[   10.839272]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.839294]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.839315]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.839336]  kthread+0x337/0x6f0
[   10.839353]  ? trace_preempt_on+0x20/0xc0
[   10.839376]  ? __pfx_kthread+0x10/0x10
[   10.839395]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.839414]  ? calculate_sigpending+0x7b/0xa0
[   10.839437]  ? __pfx_kthread+0x10/0x10
[   10.839458]  ret_from_fork+0x116/0x1d0
[   10.839475]  ? __pfx_kthread+0x10/0x10
[   10.839494]  ret_from_fork_asm+0x1a/0x30
[   10.839522]  </TASK>
[   10.839532] 
[   10.848393] Allocated by task 184:
[   10.849012]  kasan_save_stack+0x45/0x70
[   10.849246]  kasan_save_track+0x18/0x40
[   10.849406]  kasan_save_alloc_info+0x3b/0x50
[   10.849685]  __kasan_krealloc+0x190/0x1f0
[   10.849944]  krealloc_noprof+0xf3/0x340
[   10.850091]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.850345]  krealloc_less_oob+0x1c/0x30
[   10.850751]  kunit_try_run_case+0x1a5/0x480
[   10.850934]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.851278]  kthread+0x337/0x6f0
[   10.851435]  ret_from_fork+0x116/0x1d0
[   10.851669]  ret_from_fork_asm+0x1a/0x30
[   10.851914] 
[   10.851987] The buggy address belongs to the object at ffff88810037e800
[   10.851987]  which belongs to the cache kmalloc-256 of size 256
[   10.852477] The buggy address is located 7 bytes to the right of
[   10.852477]  allocated 201-byte region [ffff88810037e800, ffff88810037e8c9)
[   10.852984] 
[   10.853067] The buggy address belongs to the physical page:
[   10.853691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e
[   10.853983] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.854451] flags: 0x200000000000040(head|node=0|zone=2)
[   10.854801] page_type: f5(slab)
[   10.854917] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.855334] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.855899] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.856286] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.856832] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff
[   10.857260] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.857689] page dumped because: kasan: bad access detected
[   10.857870] 
[   10.857959] Memory state around the buggy address:
[   10.858385]  ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.858722]  ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.859153] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.859632]                                                  ^
[   10.859860]  ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.860140]  ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.860644] ==================================================================
[   10.861317] ==================================================================
[   10.861633] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   10.862298] Write of size 1 at addr ffff88810037e8da by task kunit_try_catch/184
[   10.862790] 
[   10.862960] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.863008] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.863019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.863137] Call Trace:
[   10.863152]  <TASK>
[   10.863168]  dump_stack_lvl+0x73/0xb0
[   10.863196]  print_report+0xd1/0x650
[   10.863230]  ? __virt_addr_valid+0x1db/0x2d0
[   10.863251]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.863273]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.863297]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.863319]  kasan_report+0x141/0x180
[   10.863338]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   10.863364]  __asan_report_store1_noabort+0x1b/0x30
[   10.863386]  krealloc_less_oob_helper+0xec6/0x11d0
[   10.863410]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.863432]  ? finish_task_switch.isra.0+0x153/0x700
[   10.863452]  ? __switch_to+0x47/0xf50
[   10.863476]  ? __schedule+0x10cc/0x2b60
[   10.863496]  ? __pfx_read_tsc+0x10/0x10
[   10.863518]  krealloc_less_oob+0x1c/0x30
[   10.863538]  kunit_try_run_case+0x1a5/0x480
[   10.863559]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.863580]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.863600]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.863621]  ? __kthread_parkme+0x82/0x180
[   10.863640]  ? preempt_count_sub+0x50/0x80
[   10.863661]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.863682]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.863703]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.863724]  kthread+0x337/0x6f0
[   10.863742]  ? trace_preempt_on+0x20/0xc0
[   10.863765]  ? __pfx_kthread+0x10/0x10
[   10.863784]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.863803]  ? calculate_sigpending+0x7b/0xa0
[   10.863825]  ? __pfx_kthread+0x10/0x10
[   10.863844]  ret_from_fork+0x116/0x1d0
[   10.863862]  ? __pfx_kthread+0x10/0x10
[   10.863881]  ret_from_fork_asm+0x1a/0x30
[   10.863908]  </TASK>
[   10.863918] 
[   10.874301] Allocated by task 184:
[   10.874428]  kasan_save_stack+0x45/0x70
[   10.874564]  kasan_save_track+0x18/0x40
[   10.874690]  kasan_save_alloc_info+0x3b/0x50
[   10.874867]  __kasan_krealloc+0x190/0x1f0
[   10.875108]  krealloc_noprof+0xf3/0x340
[   10.875310]  krealloc_less_oob_helper+0x1aa/0x11d0
[   10.875610]  krealloc_less_oob+0x1c/0x30
[   10.875739]  kunit_try_run_case+0x1a5/0x480
[   10.875873]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.876252]  kthread+0x337/0x6f0
[   10.876419]  ret_from_fork+0x116/0x1d0
[   10.876600]  ret_from_fork_asm+0x1a/0x30
[   10.876790] 
[   10.876877] The buggy address belongs to the object at ffff88810037e800
[   10.876877]  which belongs to the cache kmalloc-256 of size 256
[   10.877441] The buggy address is located 17 bytes to the right of
[   10.877441]  allocated 201-byte region [ffff88810037e800, ffff88810037e8c9)
[   10.877941] 
[   10.878005] The buggy address belongs to the physical page:
[   10.878219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e
[   10.878550] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.878781] flags: 0x200000000000040(head|node=0|zone=2)
[   10.878947] page_type: f5(slab)
[   10.879085] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.879508] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.879826] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   10.880047] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   10.880348] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff
[   10.880686] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   10.881009] page dumped because: kasan: bad access detected
[   10.881333] 
[   10.881403] Memory state around the buggy address:
[   10.881907]  ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.882231]  ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.882462] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   10.882667]                                                     ^
[   10.882910]  ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.883228]  ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.883525] ==================================================================
[   11.020948] ==================================================================
[   11.021311] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   11.021674] Write of size 1 at addr ffff888102c460ea by task kunit_try_catch/188
[   11.021894] 
[   11.021971] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   11.022014] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.022024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.022044] Call Trace:
[   11.022058]  <TASK>
[   11.022072]  dump_stack_lvl+0x73/0xb0
[   11.022098]  print_report+0xd1/0x650
[   11.022119]  ? __virt_addr_valid+0x1db/0x2d0
[   11.022141]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.022163]  ? kasan_addr_to_slab+0x11/0xa0
[   11.022182]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.022217]  kasan_report+0x141/0x180
[   11.022237]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   11.022264]  __asan_report_store1_noabort+0x1b/0x30
[   11.022287]  krealloc_less_oob_helper+0xe90/0x11d0
[   11.022311]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.022333]  ? finish_task_switch.isra.0+0x153/0x700
[   11.022354]  ? __switch_to+0x47/0xf50
[   11.022378]  ? __schedule+0x10cc/0x2b60
[   11.022398]  ? __pfx_read_tsc+0x10/0x10
[   11.022421]  krealloc_large_less_oob+0x1c/0x30
[   11.022443]  kunit_try_run_case+0x1a5/0x480
[   11.022466]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.022487]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.022508]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.022529]  ? __kthread_parkme+0x82/0x180
[   11.022548]  ? preempt_count_sub+0x50/0x80
[   11.022569]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.022592]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.022613]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.022635]  kthread+0x337/0x6f0
[   11.022654]  ? trace_preempt_on+0x20/0xc0
[   11.022675]  ? __pfx_kthread+0x10/0x10
[   11.022695]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.022714]  ? calculate_sigpending+0x7b/0xa0
[   11.022736]  ? __pfx_kthread+0x10/0x10
[   11.022757]  ret_from_fork+0x116/0x1d0
[   11.022774]  ? __pfx_kthread+0x10/0x10
[   11.022793]  ret_from_fork_asm+0x1a/0x30
[   11.022821]  </TASK>
[   11.022831] 
[   11.030451] The buggy address belongs to the physical page:
[   11.030712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44
[   11.031055] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.031503] flags: 0x200000000000040(head|node=0|zone=2)
[   11.031714] page_type: f8(unknown)
[   11.031846] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.032105] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.032732] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.033038] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.033280] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff
[   11.033505] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.033725] page dumped because: kasan: bad access detected
[   11.033927] 
[   11.034010] Memory state around the buggy address:
[   11.034345]  ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.035010]  ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.035236] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.035444]                                                           ^
[   11.035637]  ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.035845]  ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.036353] ==================================================================
[   11.005505] ==================================================================
[   11.005801] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   11.006101] Write of size 1 at addr ffff888102c460da by task kunit_try_catch/188
[   11.006473] 
[   11.006582] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   11.006626] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.006638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.006658] Call Trace:
[   11.006672]  <TASK>
[   11.006686]  dump_stack_lvl+0x73/0xb0
[   11.006712]  print_report+0xd1/0x650
[   11.006732]  ? __virt_addr_valid+0x1db/0x2d0
[   11.006753]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.006775]  ? kasan_addr_to_slab+0x11/0xa0
[   11.006794]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.006816]  kasan_report+0x141/0x180
[   11.006836]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   11.006862]  __asan_report_store1_noabort+0x1b/0x30
[   11.006885]  krealloc_less_oob_helper+0xec6/0x11d0
[   11.006909]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.006932]  ? finish_task_switch.isra.0+0x153/0x700
[   11.006954]  ? __switch_to+0x47/0xf50
[   11.006978]  ? __schedule+0x10cc/0x2b60
[   11.006998]  ? __pfx_read_tsc+0x10/0x10
[   11.007021]  krealloc_large_less_oob+0x1c/0x30
[   11.007043]  kunit_try_run_case+0x1a5/0x480
[   11.007065]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.007086]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.007108]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.007128]  ? __kthread_parkme+0x82/0x180
[   11.007147]  ? preempt_count_sub+0x50/0x80
[   11.007192]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.007223]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.007245]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.007267]  kthread+0x337/0x6f0
[   11.007285]  ? trace_preempt_on+0x20/0xc0
[   11.007307]  ? __pfx_kthread+0x10/0x10
[   11.007326]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.007346]  ? calculate_sigpending+0x7b/0xa0
[   11.007368]  ? __pfx_kthread+0x10/0x10
[   11.007388]  ret_from_fork+0x116/0x1d0
[   11.007405]  ? __pfx_kthread+0x10/0x10
[   11.007476]  ret_from_fork_asm+0x1a/0x30
[   11.007507]  </TASK>
[   11.007518] 
[   11.014688] The buggy address belongs to the physical page:
[   11.014940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44
[   11.015313] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.015640] flags: 0x200000000000040(head|node=0|zone=2)
[   11.015881] page_type: f8(unknown)
[   11.016048] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.016346] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.016611] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.017046] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.017406] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff
[   11.017893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.018175] page dumped because: kasan: bad access detected
[   11.018419] 
[   11.018492] Memory state around the buggy address:
[   11.018820]  ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.019090]  ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.019322] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.019529]                                                     ^
[   11.019709]  ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.019916]  ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.020565] ==================================================================
[   10.989762] ==================================================================
[   10.990107] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   10.990562] Write of size 1 at addr ffff888102c460d0 by task kunit_try_catch/188
[   10.990849] 
[   10.990935] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   10.990979] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.990990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.991010] Call Trace:
[   10.991023]  <TASK>
[   10.991037]  dump_stack_lvl+0x73/0xb0
[   10.991066]  print_report+0xd1/0x650
[   10.991087]  ? __virt_addr_valid+0x1db/0x2d0
[   10.991110]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.991132]  ? kasan_addr_to_slab+0x11/0xa0
[   10.991151]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.991173]  kasan_report+0x141/0x180
[   10.991193]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   10.991232]  __asan_report_store1_noabort+0x1b/0x30
[   10.991255]  krealloc_less_oob_helper+0xe23/0x11d0
[   10.991279]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   10.991301]  ? finish_task_switch.isra.0+0x153/0x700
[   10.991323]  ? __switch_to+0x47/0xf50
[   10.991348]  ? __schedule+0x10cc/0x2b60
[   10.991368]  ? __pfx_read_tsc+0x10/0x10
[   10.991392]  krealloc_large_less_oob+0x1c/0x30
[   10.991413]  kunit_try_run_case+0x1a5/0x480
[   10.991437]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.991457]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.991479]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.991500]  ? __kthread_parkme+0x82/0x180
[   10.991520]  ? preempt_count_sub+0x50/0x80
[   10.991541]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.991563]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.991584]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.991605]  kthread+0x337/0x6f0
[   10.991624]  ? trace_preempt_on+0x20/0xc0
[   10.991646]  ? __pfx_kthread+0x10/0x10
[   10.991666]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.991685]  ? calculate_sigpending+0x7b/0xa0
[   10.991708]  ? __pfx_kthread+0x10/0x10
[   10.991728]  ret_from_fork+0x116/0x1d0
[   10.991745]  ? __pfx_kthread+0x10/0x10
[   10.991765]  ret_from_fork_asm+0x1a/0x30
[   10.991794]  </TASK>
[   10.991804] 
[   10.999329] The buggy address belongs to the physical page:
[   10.999567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44
[   10.999948] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.000229] flags: 0x200000000000040(head|node=0|zone=2)
[   11.000463] page_type: f8(unknown)
[   11.000852] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.001180] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.001557] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.001874] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.002165] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff
[   11.002457] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.002735] page dumped because: kasan: bad access detected
[   11.002926] 
[   11.003014] Memory state around the buggy address:
[   11.003283]  ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.003634]  ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.003843] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.004053]                                                  ^
[   11.004255]  ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.004556]  ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.004856] ==================================================================
[   11.037056] ==================================================================
[   11.037709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   11.038059] Write of size 1 at addr ffff888102c460eb by task kunit_try_catch/188
[   11.038602] 
[   11.038687] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) 
[   11.038732] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.038744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.038763] Call Trace:
[   11.038775]  <TASK>
[   11.038789]  dump_stack_lvl+0x73/0xb0
[   11.038815]  print_report+0xd1/0x650
[   11.038835]  ? __virt_addr_valid+0x1db/0x2d0
[   11.038856]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.038878]  ? kasan_addr_to_slab+0x11/0xa0
[   11.038897]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.038919]  kasan_report+0x141/0x180
[   11.038939]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   11.038965]  __asan_report_store1_noabort+0x1b/0x30
[   11.038988]  krealloc_less_oob_helper+0xd47/0x11d0
[   11.039012]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   11.039034]  ? finish_task_switch.isra.0+0x153/0x700
[   11.039056]  ? __switch_to+0x47/0xf50
[   11.039079]  ? __schedule+0x10cc/0x2b60
[   11.039099]  ? __pfx_read_tsc+0x10/0x10
[   11.039122]  krealloc_large_less_oob+0x1c/0x30
[   11.039143]  kunit_try_run_case+0x1a5/0x480
[   11.039166]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.039187]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.039220]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.039241]  ? __kthread_parkme+0x82/0x180
[   11.039260]  ? preempt_count_sub+0x50/0x80
[   11.039281]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.039303]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.039324]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.039346]  kthread+0x337/0x6f0
[   11.039364]  ? trace_preempt_on+0x20/0xc0
[   11.039386]  ? __pfx_kthread+0x10/0x10
[   11.039406]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.039425]  ? calculate_sigpending+0x7b/0xa0
[   11.039448]  ? __pfx_kthread+0x10/0x10
[   11.039468]  ret_from_fork+0x116/0x1d0
[   11.039486]  ? __pfx_kthread+0x10/0x10
[   11.039506]  ret_from_fork_asm+0x1a/0x30
[   11.039534]  </TASK>
[   11.039544] 
[   11.047052] The buggy address belongs to the physical page:
[   11.047394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44
[   11.047771] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.048106] flags: 0x200000000000040(head|node=0|zone=2)
[   11.048347] page_type: f8(unknown)
[   11.048469] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.048695] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.048922] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   11.049154] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   11.049689] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff
[   11.050193] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   11.050530] page dumped because: kasan: bad access detected
[   11.050733] 
[   11.050795] Memory state around the buggy address:
[   11.050941]  ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.051151]  ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.051368] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   11.051793]                                                           ^
[   11.052089]  ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.052408]  ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   11.052768] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yfcGW9dh5lrGX66CvXwpPC7okM

job_id

TEST:linaro@lkft#2yfcLjszgvK081YlwHCPjcp2e2j

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yfcLjszgvK081YlwHCPjcp2e2j

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/bzImage
sha256sum	080c75ae0012d41783d523aad25761b97c23573ef70fd83b5b4ab34093a5f110

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yfcIfEXeRPxFzewc9C5XqMP6dG/modules.tar.xz
sha256sum	7b460ce6a60b82c553c794703a10ad3e9db2ff894128eec130bd388dacdd428e

durations

tests

boot	0
kunit	123.89

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit