lkft/linux-next-master - next-20250619 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 19, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64

[   30.139094] ==================================================================
[   30.139284] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.139425] Write of size 1 at addr fff00000c46d10ea by task kunit_try_catch/169
[   30.139581] 
[   30.139717] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.139946] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.140013] Hardware name: linux,dummy-virt (DT)
[   30.140093] Call trace:
[   30.140150]  show_stack+0x20/0x38 (C)
[   30.140272]  dump_stack_lvl+0x8c/0xd0
[   30.140462]  print_report+0x118/0x608
[   30.140584]  kasan_report+0xdc/0x128
[   30.140682]  __asan_report_store1_noabort+0x20/0x30
[   30.140797]  krealloc_less_oob_helper+0xae4/0xc50
[   30.140982]  krealloc_less_oob+0x20/0x38
[   30.141102]  kunit_try_run_case+0x170/0x3f0
[   30.141230]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.141373]  kthread+0x328/0x630
[   30.141523]  ret_from_fork+0x10/0x20
[   30.141721] 
[   30.141791] Allocated by task 169:
[   30.141898]  kasan_save_stack+0x3c/0x68
[   30.142049]  kasan_save_track+0x20/0x40
[   30.142183]  kasan_save_alloc_info+0x40/0x58
[   30.142283]  __kasan_krealloc+0x118/0x178
[   30.142388]  krealloc_noprof+0x128/0x360
[   30.142541]  krealloc_less_oob_helper+0x168/0xc50
[   30.142663]  krealloc_less_oob+0x20/0x38
[   30.142789]  kunit_try_run_case+0x170/0x3f0
[   30.142935]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.143115]  kthread+0x328/0x630
[   30.143229]  ret_from_fork+0x10/0x20
[   30.143330] 
[   30.143371] The buggy address belongs to the object at fff00000c46d1000
[   30.143371]  which belongs to the cache kmalloc-256 of size 256
[   30.143507] The buggy address is located 33 bytes to the right of
[   30.143507]  allocated 201-byte region [fff00000c46d1000, fff00000c46d10c9)
[   30.143655] 
[   30.143734] The buggy address belongs to the physical page:
[   30.143824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d0
[   30.143961] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.144072] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.144194] page_type: f5(slab)
[   30.144287] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.144398] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.144495] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.144625] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.144749] head: 0bfffe0000000001 ffffc1ffc311b401 00000000ffffffff 00000000ffffffff
[   30.144870] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.145004] page dumped because: kasan: bad access detected
[   30.145121] 
[   30.145242] Memory state around the buggy address:
[   30.145351]  fff00000c46d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.145493]  fff00000c46d1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.145545] >fff00000c46d1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.145611]                                                           ^
[   30.145722]  fff00000c46d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.145916]  fff00000c46d1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.146017] ==================================================================
[   30.322969] ==================================================================
[   30.323255] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.323491] Write of size 1 at addr fff00000c77060eb by task kunit_try_catch/173
[   30.323826] 
[   30.324181] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.325167] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.325243] Hardware name: linux,dummy-virt (DT)
[   30.325328] Call trace:
[   30.325388]  show_stack+0x20/0x38 (C)
[   30.326931]  dump_stack_lvl+0x8c/0xd0
[   30.327117]  print_report+0x118/0x608
[   30.327240]  kasan_report+0xdc/0x128
[   30.327357]  __asan_report_store1_noabort+0x20/0x30
[   30.327480]  krealloc_less_oob_helper+0xa58/0xc50
[   30.327599]  krealloc_large_less_oob+0x20/0x38
[   30.327711]  kunit_try_run_case+0x170/0x3f0
[   30.327835]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.330621]  kthread+0x328/0x630
[   30.331548]  ret_from_fork+0x10/0x20
[   30.331914] 
[   30.331965] The buggy address belongs to the physical page:
[   30.332609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107704
[   30.333288] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.334043] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.334663] page_type: f8(unknown)
[   30.335009] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.335143] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.335270] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.335391] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.336644] head: 0bfffe0000000002 ffffc1ffc31dc101 00000000ffffffff 00000000ffffffff
[   30.337052] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.337157] page dumped because: kasan: bad access detected
[   30.337229] 
[   30.337274] Memory state around the buggy address:
[   30.337469]  fff00000c7705f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.337529]  fff00000c7706000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.337652] >fff00000c7706080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.337784]                                                           ^
[   30.337937]  fff00000c7706100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.338087]  fff00000c7706180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.338173] ==================================================================
[   30.241652] ==================================================================
[   30.241852] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.243057] Write of size 1 at addr fff00000c77060c9 by task kunit_try_catch/173
[   30.243285] 
[   30.243622] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.244379] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.244448] Hardware name: linux,dummy-virt (DT)
[   30.244923] Call trace:
[   30.244985]  show_stack+0x20/0x38 (C)
[   30.245850]  dump_stack_lvl+0x8c/0xd0
[   30.246166]  print_report+0x118/0x608
[   30.246722]  kasan_report+0xdc/0x128
[   30.247228]  __asan_report_store1_noabort+0x20/0x30
[   30.247494]  krealloc_less_oob_helper+0xa48/0xc50
[   30.248013]  krealloc_large_less_oob+0x20/0x38
[   30.248527]  kunit_try_run_case+0x170/0x3f0
[   30.248986]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.249228]  kthread+0x328/0x630
[   30.250164]  ret_from_fork+0x10/0x20
[   30.250326] 
[   30.250372] The buggy address belongs to the physical page:
[   30.250439] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107704
[   30.250562] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.251624] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.251847] page_type: f8(unknown)
[   30.252553] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.252769] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.254241] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.254382] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.254479] head: 0bfffe0000000002 ffffc1ffc31dc101 00000000ffffffff 00000000ffffffff
[   30.254590] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.255640] page dumped because: kasan: bad access detected
[   30.256298] 
[   30.256578] Memory state around the buggy address:
[   30.257258]  fff00000c7705f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.257992]  fff00000c7706000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.258117] >fff00000c7706080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.258353]                                               ^
[   30.259034]  fff00000c7706100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.259420]  fff00000c7706180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.259523] ==================================================================
[   30.147254] ==================================================================
[   30.147399] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   30.147519] Write of size 1 at addr fff00000c46d10eb by task kunit_try_catch/169
[   30.147669] 
[   30.147958] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.148193] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.148259] Hardware name: linux,dummy-virt (DT)
[   30.148342] Call trace:
[   30.148401]  show_stack+0x20/0x38 (C)
[   30.148669]  dump_stack_lvl+0x8c/0xd0
[   30.148810]  print_report+0x118/0x608
[   30.148945]  kasan_report+0xdc/0x128
[   30.149058]  __asan_report_store1_noabort+0x20/0x30
[   30.149185]  krealloc_less_oob_helper+0xa58/0xc50
[   30.149321]  krealloc_less_oob+0x20/0x38
[   30.149707]  kunit_try_run_case+0x170/0x3f0
[   30.150077]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.150239]  kthread+0x328/0x630
[   30.150350]  ret_from_fork+0x10/0x20
[   30.150733] 
[   30.150801] Allocated by task 169:
[   30.151012]  kasan_save_stack+0x3c/0x68
[   30.151121]  kasan_save_track+0x20/0x40
[   30.151208]  kasan_save_alloc_info+0x40/0x58
[   30.151306]  __kasan_krealloc+0x118/0x178
[   30.151398]  krealloc_noprof+0x128/0x360
[   30.151486]  krealloc_less_oob_helper+0x168/0xc50
[   30.152099]  krealloc_less_oob+0x20/0x38
[   30.152397]  kunit_try_run_case+0x170/0x3f0
[   30.152555]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.152765]  kthread+0x328/0x630
[   30.152931]  ret_from_fork+0x10/0x20
[   30.153164] 
[   30.153214] The buggy address belongs to the object at fff00000c46d1000
[   30.153214]  which belongs to the cache kmalloc-256 of size 256
[   30.153368] The buggy address is located 34 bytes to the right of
[   30.153368]  allocated 201-byte region [fff00000c46d1000, fff00000c46d10c9)
[   30.153506] 
[   30.153557] The buggy address belongs to the physical page:
[   30.154151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d0
[   30.154475] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.154595] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.154712] page_type: f5(slab)
[   30.154981] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.155450] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.155744] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.155981] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.156262] head: 0bfffe0000000001 ffffc1ffc311b401 00000000ffffffff 00000000ffffffff
[   30.156410] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.156756] page dumped because: kasan: bad access detected
[   30.156932] 
[   30.156976] Memory state around the buggy address:
[   30.157113]  fff00000c46d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.157404]  fff00000c46d1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.157622] >fff00000c46d1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.157766]                                                           ^
[   30.158137]  fff00000c46d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.158260]  fff00000c46d1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.158354] ==================================================================
[   30.264938] ==================================================================
[   30.265448] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.266007] Write of size 1 at addr fff00000c77060d0 by task kunit_try_catch/173
[   30.266645] 
[   30.266758] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.267009] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.267079] Hardware name: linux,dummy-virt (DT)
[   30.267176] Call trace:
[   30.267855]  show_stack+0x20/0x38 (C)
[   30.269041]  dump_stack_lvl+0x8c/0xd0
[   30.269224]  print_report+0x118/0x608
[   30.270080]  kasan_report+0xdc/0x128
[   30.270220]  __asan_report_store1_noabort+0x20/0x30
[   30.270331]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.270450]  krealloc_large_less_oob+0x20/0x38
[   30.270587]  kunit_try_run_case+0x170/0x3f0
[   30.270745]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.271990]  kthread+0x328/0x630
[   30.272836]  ret_from_fork+0x10/0x20
[   30.273392] 
[   30.273482] The buggy address belongs to the physical page:
[   30.273807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107704
[   30.273962] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.274567] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.274862] page_type: f8(unknown)
[   30.275118] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.275256] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.275803] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.276297] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.276630] head: 0bfffe0000000002 ffffc1ffc31dc101 00000000ffffffff 00000000ffffffff
[   30.277013] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.277123] page dumped because: kasan: bad access detected
[   30.277816] 
[   30.278028] Memory state around the buggy address:
[   30.278235]  fff00000c7705f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.278364]  fff00000c7706000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.278472] >fff00000c7706080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.278572]                                                  ^
[   30.278666]  fff00000c7706100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.278770]  fff00000c7706180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.278862] ==================================================================
[   30.285159] ==================================================================
[   30.285760] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.286462] Write of size 1 at addr fff00000c77060da by task kunit_try_catch/173
[   30.286989] 
[   30.287101] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.287901] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.288250] Hardware name: linux,dummy-virt (DT)
[   30.288456] Call trace:
[   30.288517]  show_stack+0x20/0x38 (C)
[   30.288935]  dump_stack_lvl+0x8c/0xd0
[   30.289718]  print_report+0x118/0x608
[   30.289999]  kasan_report+0xdc/0x128
[   30.290120]  __asan_report_store1_noabort+0x20/0x30
[   30.290242]  krealloc_less_oob_helper+0xa80/0xc50
[   30.290364]  krealloc_large_less_oob+0x20/0x38
[   30.290464]  kunit_try_run_case+0x170/0x3f0
[   30.292533]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.293487]  kthread+0x328/0x630
[   30.294075]  ret_from_fork+0x10/0x20
[   30.294651] 
[   30.294705] The buggy address belongs to the physical page:
[   30.294786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107704
[   30.295900] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.296824] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.296992] page_type: f8(unknown)
[   30.297451] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.297670] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.298288] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.298589] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.298847] head: 0bfffe0000000002 ffffc1ffc31dc101 00000000ffffffff 00000000ffffffff
[   30.299547] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.299924] page dumped because: kasan: bad access detected
[   30.300024] 
[   30.300071] Memory state around the buggy address:
[   30.300159]  fff00000c7705f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.300269]  fff00000c7706000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.300374] >fff00000c7706080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.300473]                                                     ^
[   30.300570]  fff00000c7706100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.300676]  fff00000c7706180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.300771] ==================================================================
[   30.307958] ==================================================================
[   30.308091] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   30.308232] Write of size 1 at addr fff00000c77060ea by task kunit_try_catch/173
[   30.308357] 
[   30.308445] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.308657] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.308722] Hardware name: linux,dummy-virt (DT)
[   30.308798] Call trace:
[   30.308855]  show_stack+0x20/0x38 (C)
[   30.308986]  dump_stack_lvl+0x8c/0xd0
[   30.309678]  print_report+0x118/0x608
[   30.309816]  kasan_report+0xdc/0x128
[   30.309955]  __asan_report_store1_noabort+0x20/0x30
[   30.310180]  krealloc_less_oob_helper+0xae4/0xc50
[   30.310365]  krealloc_large_less_oob+0x20/0x38
[   30.310529]  kunit_try_run_case+0x170/0x3f0
[   30.310688]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.310803]  kthread+0x328/0x630
[   30.311168]  ret_from_fork+0x10/0x20
[   30.311323] 
[   30.311375] The buggy address belongs to the physical page:
[   30.311728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107704
[   30.311914] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.312078] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.312215] page_type: f8(unknown)
[   30.312307] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.312585] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.312922] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   30.313098] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   30.313267] head: 0bfffe0000000002 ffffc1ffc31dc101 00000000ffffffff 00000000ffffffff
[   30.313492] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   30.313633] page dumped because: kasan: bad access detected
[   30.313713] 
[   30.313752] Memory state around the buggy address:
[   30.314095]  fff00000c7705f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.314867]  fff00000c7706000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.315351] >fff00000c7706080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   30.315732]                                                           ^
[   30.316081]  fff00000c7706100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.316311]  fff00000c7706180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   30.317088] ==================================================================
[   30.114199] ==================================================================
[   30.114313] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   30.114429] Write of size 1 at addr fff00000c46d10d0 by task kunit_try_catch/169
[   30.114535] 
[   30.114615] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.114803] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.114867] Hardware name: linux,dummy-virt (DT)
[   30.114987] Call trace:
[   30.115049]  show_stack+0x20/0x38 (C)
[   30.115175]  dump_stack_lvl+0x8c/0xd0
[   30.115297]  print_report+0x118/0x608
[   30.115428]  kasan_report+0xdc/0x128
[   30.115589]  __asan_report_store1_noabort+0x20/0x30
[   30.115756]  krealloc_less_oob_helper+0xb9c/0xc50
[   30.115888]  krealloc_less_oob+0x20/0x38
[   30.116004]  kunit_try_run_case+0x170/0x3f0
[   30.116133]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.116311]  kthread+0x328/0x630
[   30.116450]  ret_from_fork+0x10/0x20
[   30.116585] 
[   30.116630] Allocated by task 169:
[   30.116692]  kasan_save_stack+0x3c/0x68
[   30.116786]  kasan_save_track+0x20/0x40
[   30.116946]  kasan_save_alloc_info+0x40/0x58
[   30.117095]  __kasan_krealloc+0x118/0x178
[   30.117193]  krealloc_noprof+0x128/0x360
[   30.117279]  krealloc_less_oob_helper+0x168/0xc50
[   30.117383]  krealloc_less_oob+0x20/0x38
[   30.117490]  kunit_try_run_case+0x170/0x3f0
[   30.117582]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.117723]  kthread+0x328/0x630
[   30.117851]  ret_from_fork+0x10/0x20
[   30.118184] 
[   30.118232] The buggy address belongs to the object at fff00000c46d1000
[   30.118232]  which belongs to the cache kmalloc-256 of size 256
[   30.118353] The buggy address is located 7 bytes to the right of
[   30.118353]  allocated 201-byte region [fff00000c46d1000, fff00000c46d10c9)
[   30.118509] 
[   30.118561] The buggy address belongs to the physical page:
[   30.118628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d0
[   30.118730] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.118833] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.118992] page_type: f5(slab)
[   30.119094] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.119248] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.119375] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.119502] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.119631] head: 0bfffe0000000001 ffffc1ffc311b401 00000000ffffffff 00000000ffffffff
[   30.119746] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.119844] page dumped because: kasan: bad access detected
[   30.119980] 
[   30.120022] Memory state around the buggy address:
[   30.120135]  fff00000c46d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.120341]  fff00000c46d1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.120538] >fff00000c46d1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.120687]                                                  ^
[   30.120859]  fff00000c46d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.121030]  fff00000c46d1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.121277] ==================================================================
[   30.123350] ==================================================================
[   30.123473] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   30.123593] Write of size 1 at addr fff00000c46d10da by task kunit_try_catch/169
[   30.123714] 
[   30.123802] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.124003] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.124066] Hardware name: linux,dummy-virt (DT)
[   30.124143] Call trace:
[   30.124203]  show_stack+0x20/0x38 (C)
[   30.124763]  dump_stack_lvl+0x8c/0xd0
[   30.124902]  print_report+0x118/0x608
[   30.125009]  kasan_report+0xdc/0x128
[   30.125114]  __asan_report_store1_noabort+0x20/0x30
[   30.125285]  krealloc_less_oob_helper+0xa80/0xc50
[   30.125561]  krealloc_less_oob+0x20/0x38
[   30.125850]  kunit_try_run_case+0x170/0x3f0
[   30.126295]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.126453]  kthread+0x328/0x630
[   30.126552]  ret_from_fork+0x10/0x20
[   30.126660] 
[   30.126703] Allocated by task 169:
[   30.126913]  kasan_save_stack+0x3c/0x68
[   30.127024]  kasan_save_track+0x20/0x40
[   30.127116]  kasan_save_alloc_info+0x40/0x58
[   30.127208]  __kasan_krealloc+0x118/0x178
[   30.127298]  krealloc_noprof+0x128/0x360
[   30.127460]  krealloc_less_oob_helper+0x168/0xc50
[   30.127583]  krealloc_less_oob+0x20/0x38
[   30.127675]  kunit_try_run_case+0x170/0x3f0
[   30.127763]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.127880]  kthread+0x328/0x630
[   30.128393]  ret_from_fork+0x10/0x20
[   30.128467] 
[   30.128492] The buggy address belongs to the object at fff00000c46d1000
[   30.128492]  which belongs to the cache kmalloc-256 of size 256
[   30.128692] The buggy address is located 17 bytes to the right of
[   30.128692]  allocated 201-byte region [fff00000c46d1000, fff00000c46d10c9)
[   30.128863] 
[   30.128924] The buggy address belongs to the physical page:
[   30.129007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d0
[   30.129140] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.129258] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.129388] page_type: f5(slab)
[   30.129484] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.129610] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.129734] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.129853] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.131557] head: 0bfffe0000000001 ffffc1ffc311b401 00000000ffffffff 00000000ffffffff
[   30.131866] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.132426] page dumped because: kasan: bad access detected
[   30.132793] 
[   30.132863] Memory state around the buggy address:
[   30.132952]  fff00000c46d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.133714]  fff00000c46d1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.133832] >fff00000c46d1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.134488]                                                     ^
[   30.134893]  fff00000c46d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.135249]  fff00000c46d1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.135730] ==================================================================
[   30.101334] ==================================================================
[   30.101564] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   30.102111] Write of size 1 at addr fff00000c46d10c9 by task kunit_try_catch/169
[   30.102272] 
[   30.102356] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.102548] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.102897] Hardware name: linux,dummy-virt (DT)
[   30.103081] Call trace:
[   30.103186]  show_stack+0x20/0x38 (C)
[   30.103531]  dump_stack_lvl+0x8c/0xd0
[   30.103767]  print_report+0x118/0x608
[   30.104112]  kasan_report+0xdc/0x128
[   30.104237]  __asan_report_store1_noabort+0x20/0x30
[   30.104455]  krealloc_less_oob_helper+0xa48/0xc50
[   30.104728]  krealloc_less_oob+0x20/0x38
[   30.104989]  kunit_try_run_case+0x170/0x3f0
[   30.105115]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.105245]  kthread+0x328/0x630
[   30.105346]  ret_from_fork+0x10/0x20
[   30.105741] 
[   30.105790] Allocated by task 169:
[   30.106585]  kasan_save_stack+0x3c/0x68
[   30.106710]  kasan_save_track+0x20/0x40
[   30.106835]  kasan_save_alloc_info+0x40/0x58
[   30.107024]  __kasan_krealloc+0x118/0x178
[   30.107111]  krealloc_noprof+0x128/0x360
[   30.107185]  krealloc_less_oob_helper+0x168/0xc50
[   30.107521]  krealloc_less_oob+0x20/0x38
[   30.107645]  kunit_try_run_case+0x170/0x3f0
[   30.107844]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.108065]  kthread+0x328/0x630
[   30.108239]  ret_from_fork+0x10/0x20
[   30.108384] 
[   30.108457] The buggy address belongs to the object at fff00000c46d1000
[   30.108457]  which belongs to the cache kmalloc-256 of size 256
[   30.108613] The buggy address is located 0 bytes to the right of
[   30.108613]  allocated 201-byte region [fff00000c46d1000, fff00000c46d10c9)
[   30.108765] 
[   30.108818] The buggy address belongs to the physical page:
[   30.108910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d0
[   30.109064] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.109235] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.109458] page_type: f5(slab)
[   30.109556] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.109743] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.110241] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   30.110659] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.110770] head: 0bfffe0000000001 ffffc1ffc311b401 00000000ffffffff 00000000ffffffff
[   30.110934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   30.111040] page dumped because: kasan: bad access detected
[   30.111100] 
[   30.111132] Memory state around the buggy address:
[   30.111190]  fff00000c46d0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.111283]  fff00000c46d1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.111379] >fff00000c46d1080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   30.111489]                                               ^
[   30.111637]  fff00000c46d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.111782]  fff00000c46d1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.111925] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4slvCaWR7XA8VuGcBZKW5SLX

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4slvCaWR7XA8VuGcBZKW5SLX

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/Image.gz
sha256sum	cb4663d0b05232347d68f7b3df67b018135c7f12ebc05b698352eab6f347f59e

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4ouPMFp9zPo6kZOUq3fAjGiS/modules.tar.xz
sha256sum	9e286508840b9f94a2e5b2ba487385dccd8eb18c626ab265ff4eb5e7c0991772

durations

tests

boot	0
kunit	312.66

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   26.392304] ==================================================================
[   26.392681] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   26.393020] Write of size 1 at addr ffff8881003744da by task kunit_try_catch/187
[   26.394528] 
[   26.395255] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.395338] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.395352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.395379] Call Trace:
[   26.395405]  <TASK>
[   26.395430]  dump_stack_lvl+0x73/0xb0
[   26.395480]  print_report+0xd1/0x650
[   26.395506]  ? __virt_addr_valid+0x1db/0x2d0
[   26.395532]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   26.395558]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.395586]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   26.395611]  kasan_report+0x141/0x180
[   26.395635]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   26.395664]  __asan_report_store1_noabort+0x1b/0x30
[   26.395691]  krealloc_less_oob_helper+0xec6/0x11d0
[   26.395718]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.395743]  ? finish_task_switch.isra.0+0x153/0x700
[   26.395767]  ? __switch_to+0x47/0xf50
[   26.395794]  ? __schedule+0x10cc/0x2b60
[   26.395818]  ? __pfx_read_tsc+0x10/0x10
[   26.395846]  krealloc_less_oob+0x1c/0x30
[   26.395869]  kunit_try_run_case+0x1a5/0x480
[   26.395896]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.395951]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.395990]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.396027]  ? __kthread_parkme+0x82/0x180
[   26.396062]  ? preempt_count_sub+0x50/0x80
[   26.396123]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.396152]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.396178]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.396204]  kthread+0x337/0x6f0
[   26.396226]  ? trace_preempt_on+0x20/0xc0
[   26.396252]  ? __pfx_kthread+0x10/0x10
[   26.396274]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.396297]  ? calculate_sigpending+0x7b/0xa0
[   26.396324]  ? __pfx_kthread+0x10/0x10
[   26.396347]  ret_from_fork+0x116/0x1d0
[   26.396368]  ? __pfx_kthread+0x10/0x10
[   26.396391]  ret_from_fork_asm+0x1a/0x30
[   26.396426]  </TASK>
[   26.396439] 
[   26.411302] Allocated by task 187:
[   26.411686]  kasan_save_stack+0x45/0x70
[   26.412803]  kasan_save_track+0x18/0x40
[   26.413062]  kasan_save_alloc_info+0x3b/0x50
[   26.413289]  __kasan_krealloc+0x190/0x1f0
[   26.413768]  krealloc_noprof+0xf3/0x340
[   26.414228]  krealloc_less_oob_helper+0x1aa/0x11d0
[   26.414655]  krealloc_less_oob+0x1c/0x30
[   26.415282]  kunit_try_run_case+0x1a5/0x480
[   26.415564]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.415882]  kthread+0x337/0x6f0
[   26.416297]  ret_from_fork+0x116/0x1d0
[   26.416653]  ret_from_fork_asm+0x1a/0x30
[   26.416948] 
[   26.417080] The buggy address belongs to the object at ffff888100374400
[   26.417080]  which belongs to the cache kmalloc-256 of size 256
[   26.417881] The buggy address is located 17 bytes to the right of
[   26.417881]  allocated 201-byte region [ffff888100374400, ffff8881003744c9)
[   26.419700] 
[   26.419938] The buggy address belongs to the physical page:
[   26.420518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374
[   26.421284] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.421674] flags: 0x200000000000040(head|node=0|zone=2)
[   26.422230] page_type: f5(slab)
[   26.423164] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.423529] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.424249] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.424694] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.425168] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff
[   26.425865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.426470] page dumped because: kasan: bad access detected
[   26.426687] 
[   26.426845] Memory state around the buggy address:
[   26.427260]  ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.427825]  ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.428381] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.428667]                                                     ^
[   26.429372]  ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.430456]  ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.431275] ==================================================================
[   26.675494] ==================================================================
[   26.675848] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   26.677511] Write of size 1 at addr ffff8881029fe0ea by task kunit_try_catch/191
[   26.677879] 
[   26.678079] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.678503] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.678523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.678564] Call Trace:
[   26.678597]  <TASK>
[   26.678623]  dump_stack_lvl+0x73/0xb0
[   26.678676]  print_report+0xd1/0x650
[   26.678704]  ? __virt_addr_valid+0x1db/0x2d0
[   26.678730]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   26.678756]  ? kasan_addr_to_slab+0x11/0xa0
[   26.678778]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   26.678804]  kasan_report+0x141/0x180
[   26.678827]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   26.678857]  __asan_report_store1_noabort+0x1b/0x30
[   26.678884]  krealloc_less_oob_helper+0xe90/0x11d0
[   26.678917]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.679182]  ? finish_task_switch.isra.0+0x153/0x700
[   26.679211]  ? __switch_to+0x47/0xf50
[   26.679241]  ? __schedule+0x10cc/0x2b60
[   26.679266]  ? __pfx_read_tsc+0x10/0x10
[   26.679293]  krealloc_large_less_oob+0x1c/0x30
[   26.679319]  kunit_try_run_case+0x1a5/0x480
[   26.679347]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.679371]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.679396]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.679420]  ? __kthread_parkme+0x82/0x180
[   26.679443]  ? preempt_count_sub+0x50/0x80
[   26.679467]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.679492]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.679517]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.679541]  kthread+0x337/0x6f0
[   26.679562]  ? trace_preempt_on+0x20/0xc0
[   26.679588]  ? __pfx_kthread+0x10/0x10
[   26.679610]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.679633]  ? calculate_sigpending+0x7b/0xa0
[   26.679659]  ? __pfx_kthread+0x10/0x10
[   26.679682]  ret_from_fork+0x116/0x1d0
[   26.679703]  ? __pfx_kthread+0x10/0x10
[   26.679725]  ret_from_fork_asm+0x1a/0x30
[   26.679758]  </TASK>
[   26.679771] 
[   26.693079] The buggy address belongs to the physical page:
[   26.693605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc
[   26.694333] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.694861] flags: 0x200000000000040(head|node=0|zone=2)
[   26.695326] page_type: f8(unknown)
[   26.695711] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.696441] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.696953] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.697764] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.698092] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff
[   26.698783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.699206] page dumped because: kasan: bad access detected
[   26.699629] 
[   26.699785] Memory state around the buggy address:
[   26.700281]  ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.700850]  ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.701370] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.702078]                                                           ^
[   26.702880]  ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.704000]  ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.704462] ==================================================================
[   26.705085] ==================================================================
[   26.705389] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   26.705765] Write of size 1 at addr ffff8881029fe0eb by task kunit_try_catch/191
[   26.707209] 
[   26.707390] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.707484] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.707504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.707542] Call Trace:
[   26.707582]  <TASK>
[   26.707618]  dump_stack_lvl+0x73/0xb0
[   26.707670]  print_report+0xd1/0x650
[   26.707698]  ? __virt_addr_valid+0x1db/0x2d0
[   26.707725]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   26.707751]  ? kasan_addr_to_slab+0x11/0xa0
[   26.707773]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   26.707798]  kasan_report+0x141/0x180
[   26.707822]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   26.707852]  __asan_report_store1_noabort+0x1b/0x30
[   26.707879]  krealloc_less_oob_helper+0xd47/0x11d0
[   26.707912]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.708613]  ? finish_task_switch.isra.0+0x153/0x700
[   26.708683]  ? __switch_to+0x47/0xf50
[   26.708717]  ? __schedule+0x10cc/0x2b60
[   26.708742]  ? __pfx_read_tsc+0x10/0x10
[   26.708770]  krealloc_large_less_oob+0x1c/0x30
[   26.708801]  kunit_try_run_case+0x1a5/0x480
[   26.708829]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.708853]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.708878]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.708906]  ? __kthread_parkme+0x82/0x180
[   26.708950]  ? preempt_count_sub+0x50/0x80
[   26.708982]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.709028]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.709065]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.709114]  kthread+0x337/0x6f0
[   26.709149]  ? trace_preempt_on+0x20/0xc0
[   26.709177]  ? __pfx_kthread+0x10/0x10
[   26.709200]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.709224]  ? calculate_sigpending+0x7b/0xa0
[   26.709251]  ? __pfx_kthread+0x10/0x10
[   26.709275]  ret_from_fork+0x116/0x1d0
[   26.709297]  ? __pfx_kthread+0x10/0x10
[   26.709320]  ret_from_fork_asm+0x1a/0x30
[   26.709354]  </TASK>
[   26.709368] 
[   26.723284] The buggy address belongs to the physical page:
[   26.724865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc
[   26.725743] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.727028] flags: 0x200000000000040(head|node=0|zone=2)
[   26.727297] page_type: f8(unknown)
[   26.727820] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.728720] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.729007] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.729783] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.730868] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff
[   26.731348] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.731798] page dumped because: kasan: bad access detected
[   26.732837] 
[   26.732989] Memory state around the buggy address:
[   26.733208]  ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.734168]  ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.734331] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.734462]                                                           ^
[   26.734585]  ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.734714]  ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.734840] ==================================================================
[   26.613808] ==================================================================
[   26.614722] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   26.615398] Write of size 1 at addr ffff8881029fe0d0 by task kunit_try_catch/191
[   26.616812] 
[   26.617209] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.617303] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.617327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.617364] Call Trace:
[   26.617393]  <TASK>
[   26.617418]  dump_stack_lvl+0x73/0xb0
[   26.617470]  print_report+0xd1/0x650
[   26.617497]  ? __virt_addr_valid+0x1db/0x2d0
[   26.617523]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   26.617549]  ? kasan_addr_to_slab+0x11/0xa0
[   26.617571]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   26.617597]  kasan_report+0x141/0x180
[   26.617621]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   26.617651]  __asan_report_store1_noabort+0x1b/0x30
[   26.617678]  krealloc_less_oob_helper+0xe23/0x11d0
[   26.617706]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.617731]  ? finish_task_switch.isra.0+0x153/0x700
[   26.617755]  ? __switch_to+0x47/0xf50
[   26.617783]  ? __schedule+0x10cc/0x2b60
[   26.617807]  ? __pfx_read_tsc+0x10/0x10
[   26.617834]  krealloc_large_less_oob+0x1c/0x30
[   26.617859]  kunit_try_run_case+0x1a5/0x480
[   26.617886]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.617916]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.618188]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.618234]  ? __kthread_parkme+0x82/0x180
[   26.618271]  ? preempt_count_sub+0x50/0x80
[   26.618312]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.618350]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.618388]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.618428]  kthread+0x337/0x6f0
[   26.618464]  ? trace_preempt_on+0x20/0xc0
[   26.618491]  ? __pfx_kthread+0x10/0x10
[   26.618514]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.618538]  ? calculate_sigpending+0x7b/0xa0
[   26.618565]  ? __pfx_kthread+0x10/0x10
[   26.618588]  ret_from_fork+0x116/0x1d0
[   26.618610]  ? __pfx_kthread+0x10/0x10
[   26.618632]  ret_from_fork_asm+0x1a/0x30
[   26.618666]  </TASK>
[   26.618680] 
[   26.629261] The buggy address belongs to the physical page:
[   26.629642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc
[   26.630368] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.631057] flags: 0x200000000000040(head|node=0|zone=2)
[   26.631400] page_type: f8(unknown)
[   26.631808] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.632451] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.633092] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.633603] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.634324] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff
[   26.634636] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.634942] page dumped because: kasan: bad access detected
[   26.635294] 
[   26.635457] Memory state around the buggy address:
[   26.635896]  ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.636577]  ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.637313] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.637820]                                                  ^
[   26.638060]  ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.638508]  ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.639232] ==================================================================
[   26.351720] ==================================================================
[   26.351923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   26.352126] Write of size 1 at addr ffff8881003744d0 by task kunit_try_catch/187
[   26.352273] 
[   26.352374] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.352465] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.352489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.352532] Call Trace:
[   26.352559]  <TASK>
[   26.352628]  dump_stack_lvl+0x73/0xb0
[   26.352690]  print_report+0xd1/0x650
[   26.352730]  ? __virt_addr_valid+0x1db/0x2d0
[   26.352768]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   26.352807]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.352854]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   26.352900]  kasan_report+0x141/0x180
[   26.353154]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   26.353228]  __asan_report_store1_noabort+0x1b/0x30
[   26.353538]  krealloc_less_oob_helper+0xe23/0x11d0
[   26.353589]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.353633]  ? finish_task_switch.isra.0+0x153/0x700
[   26.353677]  ? __switch_to+0x47/0xf50
[   26.353721]  ? __schedule+0x10cc/0x2b60
[   26.353761]  ? __pfx_read_tsc+0x10/0x10
[   26.353811]  krealloc_less_oob+0x1c/0x30
[   26.353853]  kunit_try_run_case+0x1a5/0x480
[   26.353905]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.354501]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.354560]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.354610]  ? __kthread_parkme+0x82/0x180
[   26.354656]  ? preempt_count_sub+0x50/0x80
[   26.354707]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.354752]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.355194]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.355230]  kthread+0x337/0x6f0
[   26.355257]  ? trace_preempt_on+0x20/0xc0
[   26.355282]  ? __pfx_kthread+0x10/0x10
[   26.355305]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.355329]  ? calculate_sigpending+0x7b/0xa0
[   26.355355]  ? __pfx_kthread+0x10/0x10
[   26.355378]  ret_from_fork+0x116/0x1d0
[   26.355399]  ? __pfx_kthread+0x10/0x10
[   26.355421]  ret_from_fork_asm+0x1a/0x30
[   26.355454]  </TASK>
[   26.355467] 
[   26.369838] Allocated by task 187:
[   26.370287]  kasan_save_stack+0x45/0x70
[   26.370692]  kasan_save_track+0x18/0x40
[   26.371891]  kasan_save_alloc_info+0x3b/0x50
[   26.372167]  __kasan_krealloc+0x190/0x1f0
[   26.372532]  krealloc_noprof+0xf3/0x340
[   26.373306]  krealloc_less_oob_helper+0x1aa/0x11d0
[   26.373626]  krealloc_less_oob+0x1c/0x30
[   26.374051]  kunit_try_run_case+0x1a5/0x480
[   26.374335]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.374679]  kthread+0x337/0x6f0
[   26.375590]  ret_from_fork+0x116/0x1d0
[   26.375828]  ret_from_fork_asm+0x1a/0x30
[   26.375978] 
[   26.376075] The buggy address belongs to the object at ffff888100374400
[   26.376075]  which belongs to the cache kmalloc-256 of size 256
[   26.377341] The buggy address is located 7 bytes to the right of
[   26.377341]  allocated 201-byte region [ffff888100374400, ffff8881003744c9)
[   26.377697] 
[   26.377790] The buggy address belongs to the physical page:
[   26.378002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374
[   26.378593] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.379654] flags: 0x200000000000040(head|node=0|zone=2)
[   26.380485] page_type: f5(slab)
[   26.380689] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.382342] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.383163] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.384262] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.384696] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff
[   26.385191] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.385408] page dumped because: kasan: bad access detected
[   26.385761] 
[   26.386668] Memory state around the buggy address:
[   26.387202]  ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.387581]  ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.388487] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.388768]                                                  ^
[   26.389571]  ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.390372]  ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.390793] ==================================================================
[   26.433532] ==================================================================
[   26.434419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   26.435142] Write of size 1 at addr ffff8881003744ea by task kunit_try_catch/187
[   26.436267] 
[   26.436532] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.436630] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.436653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.436679] Call Trace:
[   26.436705]  <TASK>
[   26.436730]  dump_stack_lvl+0x73/0xb0
[   26.436780]  print_report+0xd1/0x650
[   26.436807]  ? __virt_addr_valid+0x1db/0x2d0
[   26.436833]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   26.436859]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.436888]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   26.436922]  kasan_report+0x141/0x180
[   26.437442]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   26.437522]  __asan_report_store1_noabort+0x1b/0x30
[   26.437576]  krealloc_less_oob_helper+0xe90/0x11d0
[   26.437634]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.437685]  ? finish_task_switch.isra.0+0x153/0x700
[   26.437735]  ? __switch_to+0x47/0xf50
[   26.437772]  ? __schedule+0x10cc/0x2b60
[   26.437798]  ? __pfx_read_tsc+0x10/0x10
[   26.437825]  krealloc_less_oob+0x1c/0x30
[   26.437849]  kunit_try_run_case+0x1a5/0x480
[   26.437877]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.437903]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.438017]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.438056]  ? __kthread_parkme+0x82/0x180
[   26.438090]  ? preempt_count_sub+0x50/0x80
[   26.438141]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.438178]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.438212]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.438245]  kthread+0x337/0x6f0
[   26.438275]  ? trace_preempt_on+0x20/0xc0
[   26.438311]  ? __pfx_kthread+0x10/0x10
[   26.438341]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.438374]  ? calculate_sigpending+0x7b/0xa0
[   26.438409]  ? __pfx_kthread+0x10/0x10
[   26.438443]  ret_from_fork+0x116/0x1d0
[   26.438473]  ? __pfx_kthread+0x10/0x10
[   26.438506]  ret_from_fork_asm+0x1a/0x30
[   26.438554]  </TASK>
[   26.438574] 
[   26.451759] Allocated by task 187:
[   26.452295]  kasan_save_stack+0x45/0x70
[   26.452773]  kasan_save_track+0x18/0x40
[   26.453175]  kasan_save_alloc_info+0x3b/0x50
[   26.453486]  __kasan_krealloc+0x190/0x1f0
[   26.453916]  krealloc_noprof+0xf3/0x340
[   26.454171]  krealloc_less_oob_helper+0x1aa/0x11d0
[   26.454396]  krealloc_less_oob+0x1c/0x30
[   26.454635]  kunit_try_run_case+0x1a5/0x480
[   26.455547]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.456085]  kthread+0x337/0x6f0
[   26.456418]  ret_from_fork+0x116/0x1d0
[   26.456760]  ret_from_fork_asm+0x1a/0x30
[   26.457838] 
[   26.457999] The buggy address belongs to the object at ffff888100374400
[   26.457999]  which belongs to the cache kmalloc-256 of size 256
[   26.459069] The buggy address is located 33 bytes to the right of
[   26.459069]  allocated 201-byte region [ffff888100374400, ffff8881003744c9)
[   26.460282] 
[   26.460535] The buggy address belongs to the physical page:
[   26.460922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374
[   26.461588] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.462492] flags: 0x200000000000040(head|node=0|zone=2)
[   26.463622] page_type: f5(slab)
[   26.463853] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.464152] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.464788] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.465277] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.465715] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff
[   26.466381] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.467210] page dumped because: kasan: bad access detected
[   26.467597] 
[   26.467715] Memory state around the buggy address:
[   26.468290]  ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.468860]  ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.469810] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.470282]                                                           ^
[   26.470811]  ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.471568]  ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.471925] ==================================================================
[   26.474734] ==================================================================
[   26.475329] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   26.475884] Write of size 1 at addr ffff8881003744eb by task kunit_try_catch/187
[   26.476386] 
[   26.476555] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.476660] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.476730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.476777] Call Trace:
[   26.476806]  <TASK>
[   26.476845]  dump_stack_lvl+0x73/0xb0
[   26.476935]  print_report+0xd1/0x650
[   26.476986]  ? __virt_addr_valid+0x1db/0x2d0
[   26.477035]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   26.477086]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.477161]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   26.477214]  kasan_report+0x141/0x180
[   26.477375]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   26.477465]  __asan_report_store1_noabort+0x1b/0x30
[   26.477515]  krealloc_less_oob_helper+0xd47/0x11d0
[   26.477568]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.477616]  ? finish_task_switch.isra.0+0x153/0x700
[   26.477659]  ? __switch_to+0x47/0xf50
[   26.477695]  ? __schedule+0x10cc/0x2b60
[   26.477720]  ? __pfx_read_tsc+0x10/0x10
[   26.477747]  krealloc_less_oob+0x1c/0x30
[   26.477771]  kunit_try_run_case+0x1a5/0x480
[   26.477800]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.477824]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.477848]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.477873]  ? __kthread_parkme+0x82/0x180
[   26.477897]  ? preempt_count_sub+0x50/0x80
[   26.477932]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.477969]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.478091]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.478141]  kthread+0x337/0x6f0
[   26.478164]  ? trace_preempt_on+0x20/0xc0
[   26.478190]  ? __pfx_kthread+0x10/0x10
[   26.478213]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.478236]  ? calculate_sigpending+0x7b/0xa0
[   26.478263]  ? __pfx_kthread+0x10/0x10
[   26.478286]  ret_from_fork+0x116/0x1d0
[   26.478307]  ? __pfx_kthread+0x10/0x10
[   26.478329]  ret_from_fork_asm+0x1a/0x30
[   26.478363]  </TASK>
[   26.478377] 
[   26.495599] Allocated by task 187:
[   26.495911]  kasan_save_stack+0x45/0x70
[   26.496332]  kasan_save_track+0x18/0x40
[   26.496632]  kasan_save_alloc_info+0x3b/0x50
[   26.498151]  __kasan_krealloc+0x190/0x1f0
[   26.498523]  krealloc_noprof+0xf3/0x340
[   26.498766]  krealloc_less_oob_helper+0x1aa/0x11d0
[   26.499157]  krealloc_less_oob+0x1c/0x30
[   26.499423]  kunit_try_run_case+0x1a5/0x480
[   26.499694]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.500016]  kthread+0x337/0x6f0
[   26.500355]  ret_from_fork+0x116/0x1d0
[   26.500659]  ret_from_fork_asm+0x1a/0x30
[   26.500854] 
[   26.501025] The buggy address belongs to the object at ffff888100374400
[   26.501025]  which belongs to the cache kmalloc-256 of size 256
[   26.502123] The buggy address is located 34 bytes to the right of
[   26.502123]  allocated 201-byte region [ffff888100374400, ffff8881003744c9)
[   26.502729] 
[   26.502824] The buggy address belongs to the physical page:
[   26.503195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374
[   26.503875] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.504546] flags: 0x200000000000040(head|node=0|zone=2)
[   26.504833] page_type: f5(slab)
[   26.505310] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.505733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.506490] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.506996] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.507685] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff
[   26.508141] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.508377] page dumped because: kasan: bad access detected
[   26.508553] 
[   26.508721] Memory state around the buggy address:
[   26.509239]  ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.509924]  ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.510528] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.510969]                                                           ^
[   26.511245]  ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.511514]  ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.512279] ==================================================================
[   26.314075] ==================================================================
[   26.315196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   26.316466] Write of size 1 at addr ffff8881003744c9 by task kunit_try_catch/187
[   26.317721] 
[   26.317886] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.317991] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.318231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.318283] Call Trace:
[   26.318313]  <TASK>
[   26.318354]  dump_stack_lvl+0x73/0xb0
[   26.318427]  print_report+0xd1/0x650
[   26.318466]  ? __virt_addr_valid+0x1db/0x2d0
[   26.318510]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   26.318550]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.318590]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   26.318628]  kasan_report+0x141/0x180
[   26.318666]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   26.318719]  __asan_report_store1_noabort+0x1b/0x30
[   26.318765]  krealloc_less_oob_helper+0xd70/0x11d0
[   26.318987]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.319043]  ? finish_task_switch.isra.0+0x153/0x700
[   26.319085]  ? __switch_to+0x47/0xf50
[   26.319145]  ? __schedule+0x10cc/0x2b60
[   26.319179]  ? __pfx_read_tsc+0x10/0x10
[   26.319207]  krealloc_less_oob+0x1c/0x30
[   26.319232]  kunit_try_run_case+0x1a5/0x480
[   26.319261]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.319285]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.319311]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.319339]  ? __kthread_parkme+0x82/0x180
[   26.319363]  ? preempt_count_sub+0x50/0x80
[   26.319387]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.319413]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.319437]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.319462]  kthread+0x337/0x6f0
[   26.319484]  ? trace_preempt_on+0x20/0xc0
[   26.319511]  ? __pfx_kthread+0x10/0x10
[   26.319534]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.319557]  ? calculate_sigpending+0x7b/0xa0
[   26.319584]  ? __pfx_kthread+0x10/0x10
[   26.319608]  ret_from_fork+0x116/0x1d0
[   26.319629]  ? __pfx_kthread+0x10/0x10
[   26.319651]  ret_from_fork_asm+0x1a/0x30
[   26.319685]  </TASK>
[   26.319698] 
[   26.333530] Allocated by task 187:
[   26.333842]  kasan_save_stack+0x45/0x70
[   26.334344]  kasan_save_track+0x18/0x40
[   26.334524]  kasan_save_alloc_info+0x3b/0x50
[   26.335069]  __kasan_krealloc+0x190/0x1f0
[   26.335646]  krealloc_noprof+0xf3/0x340
[   26.336594]  krealloc_less_oob_helper+0x1aa/0x11d0
[   26.336842]  krealloc_less_oob+0x1c/0x30
[   26.337362]  kunit_try_run_case+0x1a5/0x480
[   26.337592]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.337848]  kthread+0x337/0x6f0
[   26.338910]  ret_from_fork+0x116/0x1d0
[   26.339147]  ret_from_fork_asm+0x1a/0x30
[   26.339259] 
[   26.339337] The buggy address belongs to the object at ffff888100374400
[   26.339337]  which belongs to the cache kmalloc-256 of size 256
[   26.339570] The buggy address is located 0 bytes to the right of
[   26.339570]  allocated 201-byte region [ffff888100374400, ffff8881003744c9)
[   26.339788] 
[   26.339839] The buggy address belongs to the physical page:
[   26.340009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100374
[   26.340648] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.342090] flags: 0x200000000000040(head|node=0|zone=2)
[   26.342342] page_type: f5(slab)
[   26.342490] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.342839] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.344175] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   26.344866] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.345410] head: 0200000000000001 ffffea000400dd01 00000000ffffffff 00000000ffffffff
[   26.345622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.345763] page dumped because: kasan: bad access detected
[   26.345871] 
[   26.346311] Memory state around the buggy address:
[   26.346603]  ffff888100374380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.347439]  ffff888100374400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.348433] >ffff888100374480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.348857]                                               ^
[   26.349449]  ffff888100374500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.349954]  ffff888100374580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.350642] ==================================================================
[   26.640602] ==================================================================
[   26.641218] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   26.641656] Write of size 1 at addr ffff8881029fe0da by task kunit_try_catch/191
[   26.641977] 
[   26.642136] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.642265] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.642304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.642340] Call Trace:
[   26.642369]  <TASK>
[   26.642403]  dump_stack_lvl+0x73/0xb0
[   26.642463]  print_report+0xd1/0x650
[   26.642503]  ? __virt_addr_valid+0x1db/0x2d0
[   26.642541]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   26.642579]  ? kasan_addr_to_slab+0x11/0xa0
[   26.642612]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   26.642650]  kasan_report+0x141/0x180
[   26.642684]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   26.642728]  __asan_report_store1_noabort+0x1b/0x30
[   26.642768]  krealloc_less_oob_helper+0xec6/0x11d0
[   26.642810]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.642857]  ? finish_task_switch.isra.0+0x153/0x700
[   26.642982]  ? __switch_to+0x47/0xf50
[   26.643053]  ? __schedule+0x10cc/0x2b60
[   26.643113]  ? __pfx_read_tsc+0x10/0x10
[   26.643169]  krealloc_large_less_oob+0x1c/0x30
[   26.643222]  kunit_try_run_case+0x1a5/0x480
[   26.643277]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.643323]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.643370]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.643421]  ? __kthread_parkme+0x82/0x180
[   26.643468]  ? preempt_count_sub+0x50/0x80
[   26.643520]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.643573]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.643625]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.643676]  kthread+0x337/0x6f0
[   26.643722]  ? trace_preempt_on+0x20/0xc0
[   26.643774]  ? __pfx_kthread+0x10/0x10
[   26.643821]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.643862]  ? calculate_sigpending+0x7b/0xa0
[   26.643936]  ? __pfx_kthread+0x10/0x10
[   26.643989]  ret_from_fork+0x116/0x1d0
[   26.644034]  ? __pfx_kthread+0x10/0x10
[   26.644081]  ret_from_fork_asm+0x1a/0x30
[   26.644172]  </TASK>
[   26.644200] 
[   26.661036] The buggy address belongs to the physical page:
[   26.661874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc
[   26.662227] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.663145] flags: 0x200000000000040(head|node=0|zone=2)
[   26.663383] page_type: f8(unknown)
[   26.663534] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.663906] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.665239] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.665626] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.666811] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff
[   26.667639] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.667998] page dumped because: kasan: bad access detected
[   26.668360] 
[   26.668521] Memory state around the buggy address:
[   26.668832]  ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.669896]  ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.670630] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.671666]                                                     ^
[   26.671940]  ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.672617]  ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.673572] ==================================================================
[   26.582399] ==================================================================
[   26.582950] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   26.583435] Write of size 1 at addr ffff8881029fe0c9 by task kunit_try_catch/191
[   26.583730] 
[   26.583936] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.584040] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.584064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.584168] Call Trace:
[   26.584204]  <TASK>
[   26.584246]  dump_stack_lvl+0x73/0xb0
[   26.584315]  print_report+0xd1/0x650
[   26.584354]  ? __virt_addr_valid+0x1db/0x2d0
[   26.584395]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   26.584435]  ? kasan_addr_to_slab+0x11/0xa0
[   26.584467]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   26.584508]  kasan_report+0x141/0x180
[   26.584547]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   26.584606]  __asan_report_store1_noabort+0x1b/0x30
[   26.584658]  krealloc_less_oob_helper+0xd70/0x11d0
[   26.584700]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   26.584745]  ? finish_task_switch.isra.0+0x153/0x700
[   26.584787]  ? __switch_to+0x47/0xf50
[   26.584846]  ? __schedule+0x10cc/0x2b60
[   26.584886]  ? __pfx_read_tsc+0x10/0x10
[   26.584988]  krealloc_large_less_oob+0x1c/0x30
[   26.585034]  kunit_try_run_case+0x1a5/0x480
[   26.585084]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.585142]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.585193]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.585239]  ? __kthread_parkme+0x82/0x180
[   26.585287]  ? preempt_count_sub+0x50/0x80
[   26.585330]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.585371]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.585410]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.585448]  kthread+0x337/0x6f0
[   26.585483]  ? trace_preempt_on+0x20/0xc0
[   26.585527]  ? __pfx_kthread+0x10/0x10
[   26.585561]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.585599]  ? calculate_sigpending+0x7b/0xa0
[   26.585649]  ? __pfx_kthread+0x10/0x10
[   26.585691]  ret_from_fork+0x116/0x1d0
[   26.585735]  ? __pfx_kthread+0x10/0x10
[   26.585777]  ret_from_fork_asm+0x1a/0x30
[   26.585838]  </TASK>
[   26.585860] 
[   26.599369] The buggy address belongs to the physical page:
[   26.599722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc
[   26.601173] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.602175] flags: 0x200000000000040(head|node=0|zone=2)
[   26.602716] page_type: f8(unknown)
[   26.603297] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.603595] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.604412] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   26.604905] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.605648] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff
[   26.606539] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.606927] page dumped because: kasan: bad access detected
[   26.607344] 
[   26.607612] Memory state around the buggy address:
[   26.607799]  ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.608477]  ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.609669] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.610024]                                               ^
[   26.610737]  ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.611355]  ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.612242] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yj4nY58POjZ3Qe3lhkweMlaau9

job_id

TEST:linaro@lkft#2yj4tpeX02P5Qv7yMYQfk5TPyOp

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yj4tpeX02P5Qv7yMYQfk5TPyOp

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/bzImage
sha256sum	4e5e94ad4354f161d77bcbc08c44e2168e9a60b8ed77b02dccbd1516012d08e7

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yj4qHtiUscnNtNedoCoDzP4FjU/modules.tar.xz
sha256sum	df747848e67907f2c678e62de10d5f90ecb5dd3d11ceec5de3846ce6e4a57e52

durations

tests

boot	0
kunit	248.29

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit