lkft/linux-next-master - next-20250620 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 20, 2025, 12:38 p.m.

Environment
qemu-arm64
qemu-x86_64

[   31.590453] ==================================================================
[   31.590583] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   31.590727] Write of size 1 at addr fff00000c44972eb by task kunit_try_catch/169
[   31.590855] 
[   31.590939] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.591152] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.591217] Hardware name: linux,dummy-virt (DT)
[   31.591296] Call trace:
[   31.591355]  show_stack+0x20/0x38 (C)
[   31.591489]  dump_stack_lvl+0x8c/0xd0
[   31.591603]  print_report+0x118/0x608
[   31.592793]  kasan_report+0xdc/0x128
[   31.592925]  __asan_report_store1_noabort+0x20/0x30
[   31.593048]  krealloc_less_oob_helper+0xa58/0xc50
[   31.593242]  krealloc_less_oob+0x20/0x38
[   31.593528]  kunit_try_run_case+0x170/0x3f0
[   31.593824]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.594078]  kthread+0x328/0x630
[   31.594574]  ret_from_fork+0x10/0x20
[   31.594699] 
[   31.594790] Allocated by task 169:
[   31.594878]  kasan_save_stack+0x3c/0x68
[   31.595146]  kasan_save_track+0x20/0x40
[   31.595376]  kasan_save_alloc_info+0x40/0x58
[   31.595626]  __kasan_krealloc+0x118/0x178
[   31.596033]  krealloc_noprof+0x128/0x360
[   31.596295]  krealloc_less_oob_helper+0x168/0xc50
[   31.596806]  krealloc_less_oob+0x20/0x38
[   31.596885]  kunit_try_run_case+0x170/0x3f0
[   31.596955]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.597084]  kthread+0x328/0x630
[   31.597159]  ret_from_fork+0x10/0x20
[   31.597297] 
[   31.597467] The buggy address belongs to the object at fff00000c4497200
[   31.597467]  which belongs to the cache kmalloc-256 of size 256
[   31.597835] The buggy address is located 34 bytes to the right of
[   31.597835]  allocated 201-byte region [fff00000c4497200, fff00000c44972c9)
[   31.598097] 
[   31.598148] The buggy address belongs to the physical page:
[   31.598228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104496
[   31.598838] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.599127] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.599468] page_type: f5(slab)
[   31.599574] raw: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.599713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.599844] head: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.599970] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.600094] head: 0bfffe0000000001 ffffc1ffc3112581 00000000ffffffff 00000000ffffffff
[   31.600216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.600750] page dumped because: kasan: bad access detected
[   31.600957] 
[   31.601026] Memory state around the buggy address:
[   31.601108]  fff00000c4497180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.601272]  fff00000c4497200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.601563] >fff00000c4497280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.602494]                                                           ^
[   31.602752]  fff00000c4497300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.603018]  fff00000c4497380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.603354] ==================================================================
[   31.541560] ==================================================================
[   31.542320] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   31.542499] Write of size 1 at addr fff00000c44972d0 by task kunit_try_catch/169
[   31.542642] 
[   31.542733] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.542949] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.543014] Hardware name: linux,dummy-virt (DT)
[   31.543093] Call trace:
[   31.543904]  show_stack+0x20/0x38 (C)
[   31.544229]  dump_stack_lvl+0x8c/0xd0
[   31.544604]  print_report+0x118/0x608
[   31.544949]  kasan_report+0xdc/0x128
[   31.545069]  __asan_report_store1_noabort+0x20/0x30
[   31.545284]  krealloc_less_oob_helper+0xb9c/0xc50
[   31.545553]  krealloc_less_oob+0x20/0x38
[   31.545691]  kunit_try_run_case+0x170/0x3f0
[   31.545818]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.546217]  kthread+0x328/0x630
[   31.546479]  ret_from_fork+0x10/0x20
[   31.546833] 
[   31.546884] Allocated by task 169:
[   31.547082]  kasan_save_stack+0x3c/0x68
[   31.547181]  kasan_save_track+0x20/0x40
[   31.547619]  kasan_save_alloc_info+0x40/0x58
[   31.547834]  __kasan_krealloc+0x118/0x178
[   31.548029]  krealloc_noprof+0x128/0x360
[   31.548272]  krealloc_less_oob_helper+0x168/0xc50
[   31.548413]  krealloc_less_oob+0x20/0x38
[   31.548774]  kunit_try_run_case+0x170/0x3f0
[   31.548909]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.549008]  kthread+0x328/0x630
[   31.549219]  ret_from_fork+0x10/0x20
[   31.549441] 
[   31.549515] The buggy address belongs to the object at fff00000c4497200
[   31.549515]  which belongs to the cache kmalloc-256 of size 256
[   31.549833] The buggy address is located 7 bytes to the right of
[   31.549833]  allocated 201-byte region [fff00000c4497200, fff00000c44972c9)
[   31.550461] 
[   31.550538] The buggy address belongs to the physical page:
[   31.550781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104496
[   31.550939] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.551062] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.551752] page_type: f5(slab)
[   31.552073] raw: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.552238] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.552708] head: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.553083] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.553353] head: 0bfffe0000000001 ffffc1ffc3112581 00000000ffffffff 00000000ffffffff
[   31.553502] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.553593] page dumped because: kasan: bad access detected
[   31.553663] 
[   31.553697] Memory state around the buggy address:
[   31.553757]  fff00000c4497180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.554361]  fff00000c4497200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.554756] >fff00000c4497280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.555248]                                                  ^
[   31.555400]  fff00000c4497300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.555542]  fff00000c4497380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.555692] ==================================================================
[   31.558922] ==================================================================
[   31.559060] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   31.559197] Write of size 1 at addr fff00000c44972da by task kunit_try_catch/169
[   31.559316] 
[   31.559403] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.560124] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.560340] Hardware name: linux,dummy-virt (DT)
[   31.560581] Call trace:
[   31.560720]  show_stack+0x20/0x38 (C)
[   31.561030]  dump_stack_lvl+0x8c/0xd0
[   31.561221]  print_report+0x118/0x608
[   31.561348]  kasan_report+0xdc/0x128
[   31.561465]  __asan_report_store1_noabort+0x20/0x30
[   31.561606]  krealloc_less_oob_helper+0xa80/0xc50
[   31.561729]  krealloc_less_oob+0x20/0x38
[   31.561923]  kunit_try_run_case+0x170/0x3f0
[   31.562412]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.562683]  kthread+0x328/0x630
[   31.562866]  ret_from_fork+0x10/0x20
[   31.563331] 
[   31.563391] Allocated by task 169:
[   31.564018]  kasan_save_stack+0x3c/0x68
[   31.564285]  kasan_save_track+0x20/0x40
[   31.564723]  kasan_save_alloc_info+0x40/0x58
[   31.564819]  __kasan_krealloc+0x118/0x178
[   31.564919]  krealloc_noprof+0x128/0x360
[   31.564998]  krealloc_less_oob_helper+0x168/0xc50
[   31.565174]  krealloc_less_oob+0x20/0x38
[   31.565281]  kunit_try_run_case+0x170/0x3f0
[   31.565394]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.565500]  kthread+0x328/0x630
[   31.565579]  ret_from_fork+0x10/0x20
[   31.565708] 
[   31.565794] The buggy address belongs to the object at fff00000c4497200
[   31.565794]  which belongs to the cache kmalloc-256 of size 256
[   31.566350] The buggy address is located 17 bytes to the right of
[   31.566350]  allocated 201-byte region [fff00000c4497200, fff00000c44972c9)
[   31.566820] 
[   31.566879] The buggy address belongs to the physical page:
[   31.566970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104496
[   31.567217] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.567455] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.567748] page_type: f5(slab)
[   31.567848] raw: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.568289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.568573] head: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.568696] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.568788] head: 0bfffe0000000001 ffffc1ffc3112581 00000000ffffffff 00000000ffffffff
[   31.569352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.569494] page dumped because: kasan: bad access detected
[   31.569576] 
[   31.569633] Memory state around the buggy address:
[   31.569817]  fff00000c4497180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.570219]  fff00000c4497200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.570487] >fff00000c4497280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.570640]                                                     ^
[   31.570730]  fff00000c4497300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.571045]  fff00000c4497380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.571256] ==================================================================
[   31.527938] ==================================================================
[   31.528371] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   31.528563] Write of size 1 at addr fff00000c44972c9 by task kunit_try_catch/169
[   31.528769] 
[   31.528869] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.529278] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.529539] Hardware name: linux,dummy-virt (DT)
[   31.529628] Call trace:
[   31.529691]  show_stack+0x20/0x38 (C)
[   31.529882]  dump_stack_lvl+0x8c/0xd0
[   31.530042]  print_report+0x118/0x608
[   31.530180]  kasan_report+0xdc/0x128
[   31.530299]  __asan_report_store1_noabort+0x20/0x30
[   31.530419]  krealloc_less_oob_helper+0xa48/0xc50
[   31.530541]  krealloc_less_oob+0x20/0x38
[   31.530661]  kunit_try_run_case+0x170/0x3f0
[   31.530784]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.530917]  kthread+0x328/0x630
[   31.531022]  ret_from_fork+0x10/0x20
[   31.531141] 
[   31.531189] Allocated by task 169:
[   31.531260]  kasan_save_stack+0x3c/0x68
[   31.531361]  kasan_save_track+0x20/0x40
[   31.531461]  kasan_save_alloc_info+0x40/0x58
[   31.531560]  __kasan_krealloc+0x118/0x178
[   31.532664]  krealloc_noprof+0x128/0x360
[   31.533089]  krealloc_less_oob_helper+0x168/0xc50
[   31.533187]  krealloc_less_oob+0x20/0x38
[   31.533378]  kunit_try_run_case+0x170/0x3f0
[   31.533594]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.533945]  kthread+0x328/0x630
[   31.534084]  ret_from_fork+0x10/0x20
[   31.534162] 
[   31.534207] The buggy address belongs to the object at fff00000c4497200
[   31.534207]  which belongs to the cache kmalloc-256 of size 256
[   31.534436] The buggy address is located 0 bytes to the right of
[   31.534436]  allocated 201-byte region [fff00000c4497200, fff00000c44972c9)
[   31.534863] 
[   31.534923] The buggy address belongs to the physical page:
[   31.535118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104496
[   31.535679] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.535797] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.535948] page_type: f5(slab)
[   31.536144] raw: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.536542] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.536994] head: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.537122] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.537320] head: 0bfffe0000000001 ffffc1ffc3112581 00000000ffffffff 00000000ffffffff
[   31.537507] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.537636] page dumped because: kasan: bad access detected
[   31.537718] 
[   31.537763] Memory state around the buggy address:
[   31.537848]  fff00000c4497180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.538056]  fff00000c4497200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.538299] >fff00000c4497280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.538715]                                               ^
[   31.538888]  fff00000c4497300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.539055]  fff00000c4497380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.539157] ==================================================================
[   31.729993] ==================================================================
[   31.730181] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   31.730342] Write of size 1 at addr fff00000c59ba0c9 by task kunit_try_catch/173
[   31.730475] 
[   31.730561] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.733576] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.733741] Hardware name: linux,dummy-virt (DT)
[   31.734207] Call trace:
[   31.734286]  show_stack+0x20/0x38 (C)
[   31.734503]  dump_stack_lvl+0x8c/0xd0
[   31.734790]  print_report+0x118/0x608
[   31.735020]  kasan_report+0xdc/0x128
[   31.735281]  __asan_report_store1_noabort+0x20/0x30
[   31.735463]  krealloc_less_oob_helper+0xa48/0xc50
[   31.736116]  krealloc_large_less_oob+0x20/0x38
[   31.736278]  kunit_try_run_case+0x170/0x3f0
[   31.736490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.737114]  kthread+0x328/0x630
[   31.737272]  ret_from_fork+0x10/0x20
[   31.737514] 
[   31.737572] The buggy address belongs to the physical page:
[   31.737651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b8
[   31.738306] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.738491] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.738788] page_type: f8(unknown)
[   31.739046] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.739223] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.739357] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.739900] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.740347] head: 0bfffe0000000002 ffffc1ffc3166e01 00000000ffffffff 00000000ffffffff
[   31.740447] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.740737] page dumped because: kasan: bad access detected
[   31.741118] 
[   31.741388] Memory state around the buggy address:
[   31.741542]  fff00000c59b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.741679]  fff00000c59ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.741786] >fff00000c59ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.741877]                                               ^
[   31.741973]  fff00000c59ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.742735]  fff00000c59ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.743235] ==================================================================
[   31.785656] ==================================================================
[   31.785785] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   31.785923] Write of size 1 at addr fff00000c59ba0eb by task kunit_try_catch/173
[   31.786054] 
[   31.786140] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.786359] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.786430] Hardware name: linux,dummy-virt (DT)
[   31.786512] Call trace:
[   31.786569]  show_stack+0x20/0x38 (C)
[   31.786825]  dump_stack_lvl+0x8c/0xd0
[   31.786937]  print_report+0x118/0x608
[   31.787046]  kasan_report+0xdc/0x128
[   31.787100]  __asan_report_store1_noabort+0x20/0x30
[   31.787153]  krealloc_less_oob_helper+0xa58/0xc50
[   31.787207]  krealloc_large_less_oob+0x20/0x38
[   31.787259]  kunit_try_run_case+0x170/0x3f0
[   31.787312]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.787369]  kthread+0x328/0x630
[   31.787424]  ret_from_fork+0x10/0x20
[   31.787504] 
[   31.787531] The buggy address belongs to the physical page:
[   31.787570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b8
[   31.787923] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.788054] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.788254] page_type: f8(unknown)
[   31.788753] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.789017] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.789178] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.789336] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.789448] head: 0bfffe0000000002 ffffc1ffc3166e01 00000000ffffffff 00000000ffffffff
[   31.789562] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.789663] page dumped because: kasan: bad access detected
[   31.789723] 
[   31.789760] Memory state around the buggy address:
[   31.789832]  fff00000c59b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.790286]  fff00000c59ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.790450] >fff00000c59ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.790587]                                                           ^
[   31.790696]  fff00000c59ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.790806]  fff00000c59ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.790916] ==================================================================
[   31.773990] ==================================================================
[   31.774396] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   31.774693] Write of size 1 at addr fff00000c59ba0ea by task kunit_try_catch/173
[   31.774882] 
[   31.774978] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.775483] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.775567] Hardware name: linux,dummy-virt (DT)
[   31.775706] Call trace:
[   31.775770]  show_stack+0x20/0x38 (C)
[   31.775966]  dump_stack_lvl+0x8c/0xd0
[   31.776135]  print_report+0x118/0x608
[   31.776262]  kasan_report+0xdc/0x128
[   31.776857]  __asan_report_store1_noabort+0x20/0x30
[   31.777171]  krealloc_less_oob_helper+0xae4/0xc50
[   31.777309]  krealloc_large_less_oob+0x20/0x38
[   31.777421]  kunit_try_run_case+0x170/0x3f0
[   31.777638]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.777858]  kthread+0x328/0x630
[   31.778073]  ret_from_fork+0x10/0x20
[   31.778462] 
[   31.778535] The buggy address belongs to the physical page:
[   31.778648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b8
[   31.779209] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.779408] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.779768] page_type: f8(unknown)
[   31.779877] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.780092] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.780292] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.780643] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.780858] head: 0bfffe0000000002 ffffc1ffc3166e01 00000000ffffffff 00000000ffffffff
[   31.781072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.781309] page dumped because: kasan: bad access detected
[   31.781439] 
[   31.781703] Memory state around the buggy address:
[   31.781828]  fff00000c59b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.781946]  fff00000c59ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.782057] >fff00000c59ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.782157]                                                           ^
[   31.782513]  fff00000c59ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.782982]  fff00000c59ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.783328] ==================================================================
[   31.575414] ==================================================================
[   31.575567] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   31.575717] Write of size 1 at addr fff00000c44972ea by task kunit_try_catch/169
[   31.576456] 
[   31.576683] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.577252] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.577323] Hardware name: linux,dummy-virt (DT)
[   31.577434] Call trace:
[   31.577546]  show_stack+0x20/0x38 (C)
[   31.577847]  dump_stack_lvl+0x8c/0xd0
[   31.578103]  print_report+0x118/0x608
[   31.578245]  kasan_report+0xdc/0x128
[   31.578362]  __asan_report_store1_noabort+0x20/0x30
[   31.578476]  krealloc_less_oob_helper+0xae4/0xc50
[   31.578598]  krealloc_less_oob+0x20/0x38
[   31.579076]  kunit_try_run_case+0x170/0x3f0
[   31.579356]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.580125]  kthread+0x328/0x630
[   31.580332]  ret_from_fork+0x10/0x20
[   31.580760] 
[   31.580811] Allocated by task 169:
[   31.580894]  kasan_save_stack+0x3c/0x68
[   31.581093]  kasan_save_track+0x20/0x40
[   31.581234]  kasan_save_alloc_info+0x40/0x58
[   31.581472]  __kasan_krealloc+0x118/0x178
[   31.581591]  krealloc_noprof+0x128/0x360
[   31.581698]  krealloc_less_oob_helper+0x168/0xc50
[   31.581795]  krealloc_less_oob+0x20/0x38
[   31.581884]  kunit_try_run_case+0x170/0x3f0
[   31.582078]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.582180]  kthread+0x328/0x630
[   31.582585]  ret_from_fork+0x10/0x20
[   31.582818] 
[   31.582981] The buggy address belongs to the object at fff00000c4497200
[   31.582981]  which belongs to the cache kmalloc-256 of size 256
[   31.583286] The buggy address is located 33 bytes to the right of
[   31.583286]  allocated 201-byte region [fff00000c4497200, fff00000c44972c9)
[   31.583842] 
[   31.583897] The buggy address belongs to the physical page:
[   31.583991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104496
[   31.584225] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.584510] anon flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.584837] page_type: f5(slab)
[   31.585096] raw: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.585232] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.585326] head: 0bfffe0000000040 fff00000c0001b40 0000000000000000 dead000000000001
[   31.585886] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.586239] head: 0bfffe0000000001 ffffc1ffc3112581 00000000ffffffff 00000000ffffffff
[   31.586500] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   31.586644] page dumped because: kasan: bad access detected
[   31.586725] 
[   31.586770] Memory state around the buggy address:
[   31.587289]  fff00000c4497180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.587538]  fff00000c4497200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.587911] >fff00000c4497280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   31.588105]                                                           ^
[   31.588366]  fff00000c4497300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.588449]  fff00000c4497380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.588522] ==================================================================
[   31.762163] ==================================================================
[   31.762238] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   31.762320] Write of size 1 at addr fff00000c59ba0da by task kunit_try_catch/173
[   31.762379] 
[   31.762423] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.762520] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.762549] Hardware name: linux,dummy-virt (DT)
[   31.762587] Call trace:
[   31.762639]  show_stack+0x20/0x38 (C)
[   31.762732]  dump_stack_lvl+0x8c/0xd0
[   31.762833]  print_report+0x118/0x608
[   31.762942]  kasan_report+0xdc/0x128
[   31.763055]  __asan_report_store1_noabort+0x20/0x30
[   31.763179]  krealloc_less_oob_helper+0xa80/0xc50
[   31.763305]  krealloc_large_less_oob+0x20/0x38
[   31.763431]  kunit_try_run_case+0x170/0x3f0
[   31.763557]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.763705]  kthread+0x328/0x630
[   31.763812]  ret_from_fork+0x10/0x20
[   31.763931] 
[   31.763983] The buggy address belongs to the physical page:
[   31.764064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b8
[   31.764205] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.764324] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.764676] page_type: f8(unknown)
[   31.765307] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.765494] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.765718] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.766017] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.766138] head: 0bfffe0000000002 ffffc1ffc3166e01 00000000ffffffff 00000000ffffffff
[   31.766250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.766456] page dumped because: kasan: bad access detected
[   31.766590] 
[   31.766663] Memory state around the buggy address:
[   31.766802]  fff00000c59b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.766982]  fff00000c59ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.767147] >fff00000c59ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.767246]                                                     ^
[   31.767356]  fff00000c59ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.767484]  fff00000c59ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.768149] ==================================================================
[   31.748391] ==================================================================
[   31.748978] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   31.749657] Write of size 1 at addr fff00000c59ba0d0 by task kunit_try_catch/173
[   31.749775] 
[   31.749923] CPU: 1 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   31.750439] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.750580] Hardware name: linux,dummy-virt (DT)
[   31.750819] Call trace:
[   31.750910]  show_stack+0x20/0x38 (C)
[   31.751050]  dump_stack_lvl+0x8c/0xd0
[   31.751667]  print_report+0x118/0x608
[   31.752065]  kasan_report+0xdc/0x128
[   31.752275]  __asan_report_store1_noabort+0x20/0x30
[   31.752846]  krealloc_less_oob_helper+0xb9c/0xc50
[   31.753090]  krealloc_large_less_oob+0x20/0x38
[   31.753212]  kunit_try_run_case+0x170/0x3f0
[   31.753330]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.753431]  kthread+0x328/0x630
[   31.753507]  ret_from_fork+0x10/0x20
[   31.753605] 
[   31.753667] The buggy address belongs to the physical page:
[   31.753746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b8
[   31.753887] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.754007] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.754145] page_type: f8(unknown)
[   31.754247] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.754375] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.754498] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   31.757735] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   31.758395] head: 0bfffe0000000002 ffffc1ffc3166e01 00000000ffffffff 00000000ffffffff
[   31.758671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   31.758784] page dumped because: kasan: bad access detected
[   31.758914] 
[   31.758985] Memory state around the buggy address:
[   31.759107]  fff00000c59b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.759218]  fff00000c59ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.759324] >fff00000c59ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   31.760360]                                                  ^
[   31.760484]  fff00000c59ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.760607]  fff00000c59ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   31.760720] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ylxeu6IO0JXwDBBfpeBJndyVOz

job_id

TEST:linaro@lkft#2ylxknDmzqBc7l7AJ73lkzQwChd

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ylxknDmzqBc7l7AJ73lkzQwChd

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxgYId6JcqlbNdF5Ou1na1u7V/Image.gz
sha256sum	16e81c2ed2a17916f19db760d3a7c856b75ce2c5efeb6f59660648808e3ea09c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxgYId6JcqlbNdF5Ou1na1u7V/modules.tar.xz
sha256sum	cec40e0efa28ebd64355a818786c4419f9e1a0e9c486afe0449163fd13fe0a7d

durations

tests

boot	0
kunit	348.02

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   25.372347] ==================================================================
[   25.372836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   25.373210] Write of size 1 at addr ffff8881038e60da by task kunit_try_catch/191
[   25.374348] 
[   25.374907] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.375031] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.375060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.375101] Call Trace:
[   25.375236]  <TASK>
[   25.375283]  dump_stack_lvl+0x73/0xb0
[   25.375359]  print_report+0xd1/0x650
[   25.375399]  ? __virt_addr_valid+0x1db/0x2d0
[   25.375436]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.375488]  ? kasan_addr_to_slab+0x11/0xa0
[   25.375518]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.375815]  kasan_report+0x141/0x180
[   25.375870]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.375918]  __asan_report_store1_noabort+0x1b/0x30
[   25.375954]  krealloc_less_oob_helper+0xec6/0x11d0
[   25.375980]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.376004]  ? finish_task_switch.isra.0+0x153/0x700
[   25.376029]  ? __switch_to+0x47/0xf50
[   25.376057]  ? __schedule+0x10cc/0x2b60
[   25.376081]  ? __pfx_read_tsc+0x10/0x10
[   25.376107]  krealloc_large_less_oob+0x1c/0x30
[   25.376130]  kunit_try_run_case+0x1a5/0x480
[   25.376180]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.376213]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.376237]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.376261]  ? __kthread_parkme+0x82/0x180
[   25.376283]  ? preempt_count_sub+0x50/0x80
[   25.376306]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.376330]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.376354]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.376377]  kthread+0x337/0x6f0
[   25.376398]  ? trace_preempt_on+0x20/0xc0
[   25.376422]  ? __pfx_kthread+0x10/0x10
[   25.376460]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.376485]  ? calculate_sigpending+0x7b/0xa0
[   25.376510]  ? __pfx_kthread+0x10/0x10
[   25.376532]  ret_from_fork+0x116/0x1d0
[   25.376551]  ? __pfx_kthread+0x10/0x10
[   25.376572]  ret_from_fork_asm+0x1a/0x30
[   25.376603]  </TASK>
[   25.376617] 
[   25.389275] The buggy address belongs to the physical page:
[   25.390188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4
[   25.391292] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.391572] flags: 0x200000000000040(head|node=0|zone=2)
[   25.392099] page_type: f8(unknown)
[   25.392308] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.392641] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.393174] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.393680] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.394147] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff
[   25.394489] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.394768] page dumped because: kasan: bad access detected
[   25.394960] 
[   25.395117] Memory state around the buggy address:
[   25.395504]  ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.396073]  ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.396569] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.396999]                                                     ^
[   25.397517]  ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.397893]  ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.398159] ==================================================================
[   25.133078] ==================================================================
[   25.134328] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   25.134812] Write of size 1 at addr ffff8881003956da by task kunit_try_catch/187
[   25.135270] 
[   25.135494] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.135602] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.135629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.135676] Call Trace:
[   25.135719]  <TASK>
[   25.135761]  dump_stack_lvl+0x73/0xb0
[   25.135824]  print_report+0xd1/0x650
[   25.135872]  ? __virt_addr_valid+0x1db/0x2d0
[   25.135922]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.135975]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.136024]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.136076]  kasan_report+0x141/0x180
[   25.136124]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   25.136176]  __asan_report_store1_noabort+0x1b/0x30
[   25.136222]  krealloc_less_oob_helper+0xec6/0x11d0
[   25.136274]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.136322]  ? finish_task_switch.isra.0+0x153/0x700
[   25.136370]  ? __switch_to+0x47/0xf50
[   25.136419]  ? irqentry_exit+0x2a/0x60
[   25.136485]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   25.136783]  ? trace_hardirqs_on+0x37/0xe0
[   25.136850]  ? __pfx_read_tsc+0x10/0x10
[   25.136893]  krealloc_less_oob+0x1c/0x30
[   25.136932]  kunit_try_run_case+0x1a5/0x480
[   25.136971]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.137005]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.137042]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.137079]  ? __kthread_parkme+0x82/0x180
[   25.137112]  ? preempt_count_sub+0x50/0x80
[   25.137162]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.137203]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.137230]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.137254]  kthread+0x337/0x6f0
[   25.137275]  ? trace_preempt_on+0x20/0xc0
[   25.137299]  ? __pfx_kthread+0x10/0x10
[   25.137321]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.137343]  ? calculate_sigpending+0x7b/0xa0
[   25.137369]  ? __pfx_kthread+0x10/0x10
[   25.137391]  ret_from_fork+0x116/0x1d0
[   25.137412]  ? __pfx_kthread+0x10/0x10
[   25.137434]  ret_from_fork_asm+0x1a/0x30
[   25.137490]  </TASK>
[   25.137504] 
[   25.153852] Allocated by task 187:
[   25.154133]  kasan_save_stack+0x45/0x70
[   25.154341]  kasan_save_track+0x18/0x40
[   25.154489]  kasan_save_alloc_info+0x3b/0x50
[   25.155346]  __kasan_krealloc+0x190/0x1f0
[   25.155859]  krealloc_noprof+0xf3/0x340
[   25.156043]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.156330]  krealloc_less_oob+0x1c/0x30
[   25.156677]  kunit_try_run_case+0x1a5/0x480
[   25.157027]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.157672]  kthread+0x337/0x6f0
[   25.158297]  ret_from_fork+0x116/0x1d0
[   25.158527]  ret_from_fork_asm+0x1a/0x30
[   25.159083] 
[   25.159332] The buggy address belongs to the object at ffff888100395600
[   25.159332]  which belongs to the cache kmalloc-256 of size 256
[   25.159989] The buggy address is located 17 bytes to the right of
[   25.159989]  allocated 201-byte region [ffff888100395600, ffff8881003956c9)
[   25.161320] 
[   25.161598] The buggy address belongs to the physical page:
[   25.162361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   25.163090] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.163876] flags: 0x200000000000040(head|node=0|zone=2)
[   25.164220] page_type: f5(slab)
[   25.164515] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.164994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.165772] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.166931] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.167325] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff
[   25.167799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.168326] page dumped because: kasan: bad access detected
[   25.168546] 
[   25.168749] Memory state around the buggy address:
[   25.169144]  ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.169524]  ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.169799] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.170344]                                                     ^
[   25.170639]  ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.171026]  ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.171367] ==================================================================
[   25.093356] ==================================================================
[   25.094593] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   25.095279] Write of size 1 at addr ffff8881003956d0 by task kunit_try_catch/187
[   25.095830] 
[   25.096141] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.096269] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.096297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.096338] Call Trace:
[   25.096378]  <TASK>
[   25.096416]  dump_stack_lvl+0x73/0xb0
[   25.096502]  print_report+0xd1/0x650
[   25.096550]  ? __virt_addr_valid+0x1db/0x2d0
[   25.096600]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.096645]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.096697]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.096748]  kasan_report+0x141/0x180
[   25.096789]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.096835]  __asan_report_store1_noabort+0x1b/0x30
[   25.096875]  krealloc_less_oob_helper+0xe23/0x11d0
[   25.096915]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.096949]  ? finish_task_switch.isra.0+0x153/0x700
[   25.096982]  ? __switch_to+0x47/0xf50
[   25.097020]  ? irqentry_exit+0x2a/0x60
[   25.097053]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   25.097089]  ? trace_hardirqs_on+0x37/0xe0
[   25.097122]  ? __pfx_read_tsc+0x10/0x10
[   25.097161]  krealloc_less_oob+0x1c/0x30
[   25.097193]  kunit_try_run_case+0x1a5/0x480
[   25.097228]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.097259]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.097294]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.097327]  ? __kthread_parkme+0x82/0x180
[   25.097357]  ? preempt_count_sub+0x50/0x80
[   25.097391]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.097426]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.097479]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.097517]  kthread+0x337/0x6f0
[   25.097554]  ? trace_preempt_on+0x20/0xc0
[   25.097608]  ? __pfx_kthread+0x10/0x10
[   25.097655]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.097698]  ? calculate_sigpending+0x7b/0xa0
[   25.097745]  ? __pfx_kthread+0x10/0x10
[   25.097792]  ret_from_fork+0x116/0x1d0
[   25.097840]  ? __pfx_kthread+0x10/0x10
[   25.097887]  ret_from_fork_asm+0x1a/0x30
[   25.097956]  </TASK>
[   25.097985] 
[   25.112285] Allocated by task 187:
[   25.112860]  kasan_save_stack+0x45/0x70
[   25.113121]  kasan_save_track+0x18/0x40
[   25.113435]  kasan_save_alloc_info+0x3b/0x50
[   25.113983]  __kasan_krealloc+0x190/0x1f0
[   25.114433]  krealloc_noprof+0xf3/0x340
[   25.114699]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.114913]  krealloc_less_oob+0x1c/0x30
[   25.115095]  kunit_try_run_case+0x1a5/0x480
[   25.115436]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.115993]  kthread+0x337/0x6f0
[   25.116466]  ret_from_fork+0x116/0x1d0
[   25.116894]  ret_from_fork_asm+0x1a/0x30
[   25.117897] 
[   25.118390] The buggy address belongs to the object at ffff888100395600
[   25.118390]  which belongs to the cache kmalloc-256 of size 256
[   25.119355] The buggy address is located 7 bytes to the right of
[   25.119355]  allocated 201-byte region [ffff888100395600, ffff8881003956c9)
[   25.119955] 
[   25.120077] The buggy address belongs to the physical page:
[   25.120277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   25.120742] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.121548] flags: 0x200000000000040(head|node=0|zone=2)
[   25.121975] page_type: f5(slab)
[   25.123257] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.123520] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.124080] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.124525] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.124864] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff
[   25.125399] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.126500] page dumped because: kasan: bad access detected
[   25.127032] 
[   25.127494] Memory state around the buggy address:
[   25.128090]  ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.128531]  ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.129074] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.130180]                                                  ^
[   25.130712]  ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.130963]  ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.131944] ==================================================================
[   25.212938] ==================================================================
[   25.213263] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   25.214691] Write of size 1 at addr ffff8881003956eb by task kunit_try_catch/187
[   25.215048] 
[   25.215195] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.215299] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.215321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.215360] Call Trace:
[   25.215382]  <TASK>
[   25.215417]  dump_stack_lvl+0x73/0xb0
[   25.215501]  print_report+0xd1/0x650
[   25.215546]  ? __virt_addr_valid+0x1db/0x2d0
[   25.215596]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.215645]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.215693]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.215743]  kasan_report+0x141/0x180
[   25.215789]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.215850]  __asan_report_store1_noabort+0x1b/0x30
[   25.215893]  krealloc_less_oob_helper+0xd47/0x11d0
[   25.215934]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.215972]  ? finish_task_switch.isra.0+0x153/0x700
[   25.216009]  ? __switch_to+0x47/0xf50
[   25.216049]  ? irqentry_exit+0x2a/0x60
[   25.216086]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   25.216127]  ? trace_hardirqs_on+0x37/0xe0
[   25.216166]  ? __pfx_read_tsc+0x10/0x10
[   25.216258]  krealloc_less_oob+0x1c/0x30
[   25.216322]  kunit_try_run_case+0x1a5/0x480
[   25.216378]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.216426]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.216490]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.216540]  ? __kthread_parkme+0x82/0x180
[   25.216599]  ? preempt_count_sub+0x50/0x80
[   25.216647]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.216697]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.216732]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.216757]  kthread+0x337/0x6f0
[   25.216778]  ? trace_preempt_on+0x20/0xc0
[   25.216802]  ? __pfx_kthread+0x10/0x10
[   25.216824]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.216846]  ? calculate_sigpending+0x7b/0xa0
[   25.216873]  ? __pfx_kthread+0x10/0x10
[   25.216895]  ret_from_fork+0x116/0x1d0
[   25.216916]  ? __pfx_kthread+0x10/0x10
[   25.216937]  ret_from_fork_asm+0x1a/0x30
[   25.216970]  </TASK>
[   25.216985] 
[   25.230831] Allocated by task 187:
[   25.231259]  kasan_save_stack+0x45/0x70
[   25.231543]  kasan_save_track+0x18/0x40
[   25.231874]  kasan_save_alloc_info+0x3b/0x50
[   25.232066]  __kasan_krealloc+0x190/0x1f0
[   25.232248]  krealloc_noprof+0xf3/0x340
[   25.232424]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.232681]  krealloc_less_oob+0x1c/0x30
[   25.233646]  kunit_try_run_case+0x1a5/0x480
[   25.234059]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.234845]  kthread+0x337/0x6f0
[   25.235202]  ret_from_fork+0x116/0x1d0
[   25.235544]  ret_from_fork_asm+0x1a/0x30
[   25.236559] 
[   25.237250] The buggy address belongs to the object at ffff888100395600
[   25.237250]  which belongs to the cache kmalloc-256 of size 256
[   25.237772] The buggy address is located 34 bytes to the right of
[   25.237772]  allocated 201-byte region [ffff888100395600, ffff8881003956c9)
[   25.238952] 
[   25.239153] The buggy address belongs to the physical page:
[   25.239593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   25.240013] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.240618] flags: 0x200000000000040(head|node=0|zone=2)
[   25.240876] page_type: f5(slab)
[   25.241038] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.242536] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.243337] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.243982] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.244396] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff
[   25.244795] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.245957] page dumped because: kasan: bad access detected
[   25.246394] 
[   25.246528] Memory state around the buggy address:
[   25.247067]  ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.247746]  ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.248341] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.248743]                                                           ^
[   25.249330]  ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.249759]  ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.250728] ==================================================================
[   25.400149] ==================================================================
[   25.400810] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   25.401310] Write of size 1 at addr ffff8881038e60ea by task kunit_try_catch/191
[   25.401602] 
[   25.401752] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.401859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.401888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.401932] Call Trace:
[   25.401993]  <TASK>
[   25.402042]  dump_stack_lvl+0x73/0xb0
[   25.402124]  print_report+0xd1/0x650
[   25.402172]  ? __virt_addr_valid+0x1db/0x2d0
[   25.402226]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.402279]  ? kasan_addr_to_slab+0x11/0xa0
[   25.402323]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.402375]  kasan_report+0x141/0x180
[   25.402424]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.402498]  __asan_report_store1_noabort+0x1b/0x30
[   25.402550]  krealloc_less_oob_helper+0xe90/0x11d0
[   25.402595]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.402636]  ? finish_task_switch.isra.0+0x153/0x700
[   25.402667]  ? __switch_to+0x47/0xf50
[   25.402695]  ? __schedule+0x10cc/0x2b60
[   25.402719]  ? __pfx_read_tsc+0x10/0x10
[   25.402745]  krealloc_large_less_oob+0x1c/0x30
[   25.402769]  kunit_try_run_case+0x1a5/0x480
[   25.402795]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.402818]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.402841]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.402865]  ? __kthread_parkme+0x82/0x180
[   25.402886]  ? preempt_count_sub+0x50/0x80
[   25.402910]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.402934]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.402957]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.402981]  kthread+0x337/0x6f0
[   25.403002]  ? trace_preempt_on+0x20/0xc0
[   25.403027]  ? __pfx_kthread+0x10/0x10
[   25.403048]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.403070]  ? calculate_sigpending+0x7b/0xa0
[   25.403094]  ? __pfx_kthread+0x10/0x10
[   25.403116]  ret_from_fork+0x116/0x1d0
[   25.403136]  ? __pfx_kthread+0x10/0x10
[   25.403171]  ret_from_fork_asm+0x1a/0x30
[   25.403209]  </TASK>
[   25.403222] 
[   25.414850] The buggy address belongs to the physical page:
[   25.415346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4
[   25.415688] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.416424] flags: 0x200000000000040(head|node=0|zone=2)
[   25.416829] page_type: f8(unknown)
[   25.417085] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.417468] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.417957] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.418450] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.418932] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff
[   25.419438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.419973] page dumped because: kasan: bad access detected
[   25.420302] 
[   25.420493] Memory state around the buggy address:
[   25.420790]  ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.421423]  ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.421745] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.422340]                                                           ^
[   25.422672]  ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.423130]  ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.423562] ==================================================================
[   25.425103] ==================================================================
[   25.425894] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   25.426617] Write of size 1 at addr ffff8881038e60eb by task kunit_try_catch/191
[   25.427559] 
[   25.427799] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.427915] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.427960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.428003] Call Trace:
[   25.428047]  <TASK>
[   25.428090]  dump_stack_lvl+0x73/0xb0
[   25.428160]  print_report+0xd1/0x650
[   25.428201]  ? __virt_addr_valid+0x1db/0x2d0
[   25.428236]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.428262]  ? kasan_addr_to_slab+0x11/0xa0
[   25.428283]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.428310]  kasan_report+0x141/0x180
[   25.428332]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   25.428360]  __asan_report_store1_noabort+0x1b/0x30
[   25.428385]  krealloc_less_oob_helper+0xd47/0x11d0
[   25.428411]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.428435]  ? finish_task_switch.isra.0+0x153/0x700
[   25.428488]  ? __switch_to+0x47/0xf50
[   25.428518]  ? __schedule+0x10cc/0x2b60
[   25.428542]  ? __pfx_read_tsc+0x10/0x10
[   25.428568]  krealloc_large_less_oob+0x1c/0x30
[   25.428591]  kunit_try_run_case+0x1a5/0x480
[   25.428618]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.428641]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.428665]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.428688]  ? __kthread_parkme+0x82/0x180
[   25.428710]  ? preempt_count_sub+0x50/0x80
[   25.428734]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.428758]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.428782]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.428805]  kthread+0x337/0x6f0
[   25.428825]  ? trace_preempt_on+0x20/0xc0
[   25.428849]  ? __pfx_kthread+0x10/0x10
[   25.428870]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.428891]  ? calculate_sigpending+0x7b/0xa0
[   25.428916]  ? __pfx_kthread+0x10/0x10
[   25.428938]  ret_from_fork+0x116/0x1d0
[   25.428957]  ? __pfx_kthread+0x10/0x10
[   25.428978]  ret_from_fork_asm+0x1a/0x30
[   25.429009]  </TASK>
[   25.429022] 
[   25.438552] The buggy address belongs to the physical page:
[   25.438987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4
[   25.439571] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.440003] flags: 0x200000000000040(head|node=0|zone=2)
[   25.440515] page_type: f8(unknown)
[   25.440721] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.441199] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.441594] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.442007] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.442530] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff
[   25.442936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.443581] page dumped because: kasan: bad access detected
[   25.443895] 
[   25.444055] Memory state around the buggy address:
[   25.444326]  ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.444716]  ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.444953] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.445204]                                                           ^
[   25.445459]  ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.445716]  ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.445967] ==================================================================
[   25.053111] ==================================================================
[   25.053634] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   25.054252] Write of size 1 at addr ffff8881003956c9 by task kunit_try_catch/187
[   25.055610] 
[   25.055799] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.055905] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.055931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.055969] Call Trace:
[   25.055997]  <TASK>
[   25.056031]  dump_stack_lvl+0x73/0xb0
[   25.056108]  print_report+0xd1/0x650
[   25.056157]  ? __virt_addr_valid+0x1db/0x2d0
[   25.056209]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.056261]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.056309]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.056349]  kasan_report+0x141/0x180
[   25.056389]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.056437]  __asan_report_store1_noabort+0x1b/0x30
[   25.056502]  krealloc_less_oob_helper+0xd70/0x11d0
[   25.056546]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.056589]  ? finish_task_switch.isra.0+0x153/0x700
[   25.056630]  ? __switch_to+0x47/0xf50
[   25.056671]  ? irqentry_exit+0x2a/0x60
[   25.056710]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   25.056751]  ? trace_hardirqs_on+0x37/0xe0
[   25.056792]  ? __pfx_read_tsc+0x10/0x10
[   25.056842]  krealloc_less_oob+0x1c/0x30
[   25.056885]  kunit_try_run_case+0x1a5/0x480
[   25.056932]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.056979]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.057020]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.057046]  ? __kthread_parkme+0x82/0x180
[   25.057069]  ? preempt_count_sub+0x50/0x80
[   25.057094]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.057119]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.057148]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.057188]  kthread+0x337/0x6f0
[   25.057223]  ? trace_preempt_on+0x20/0xc0
[   25.057302]  ? __pfx_kthread+0x10/0x10
[   25.057338]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.057379]  ? calculate_sigpending+0x7b/0xa0
[   25.057426]  ? __pfx_kthread+0x10/0x10
[   25.057486]  ret_from_fork+0x116/0x1d0
[   25.057531]  ? __pfx_kthread+0x10/0x10
[   25.057569]  ret_from_fork_asm+0x1a/0x30
[   25.057629]  </TASK>
[   25.057656] 
[   25.071150] Allocated by task 187:
[   25.071796]  kasan_save_stack+0x45/0x70
[   25.072081]  kasan_save_track+0x18/0x40
[   25.072679]  kasan_save_alloc_info+0x3b/0x50
[   25.073079]  __kasan_krealloc+0x190/0x1f0
[   25.073458]  krealloc_noprof+0xf3/0x340
[   25.074202]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.074576]  krealloc_less_oob+0x1c/0x30
[   25.074972]  kunit_try_run_case+0x1a5/0x480
[   25.075165]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.075659]  kthread+0x337/0x6f0
[   25.076270]  ret_from_fork+0x116/0x1d0
[   25.076489]  ret_from_fork_asm+0x1a/0x30
[   25.076678] 
[   25.076778] The buggy address belongs to the object at ffff888100395600
[   25.076778]  which belongs to the cache kmalloc-256 of size 256
[   25.078315] The buggy address is located 0 bytes to the right of
[   25.078315]  allocated 201-byte region [ffff888100395600, ffff8881003956c9)
[   25.080388] 
[   25.080817] The buggy address belongs to the physical page:
[   25.081268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   25.081811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.082332] flags: 0x200000000000040(head|node=0|zone=2)
[   25.083167] page_type: f5(slab)
[   25.083413] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.083695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.084913] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.085831] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.086337] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff
[   25.086626] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.087206] page dumped because: kasan: bad access detected
[   25.087571] 
[   25.087675] Memory state around the buggy address:
[   25.088009]  ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.088316]  ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.089556] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.089990]                                               ^
[   25.090673]  ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.091718]  ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.091956] ==================================================================
[   25.316322] ==================================================================
[   25.317421] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   25.318078] Write of size 1 at addr ffff8881038e60c9 by task kunit_try_catch/191
[   25.318421] 
[   25.318878] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.319005] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.319035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.319100] Call Trace:
[   25.319141]  <TASK>
[   25.319181]  dump_stack_lvl+0x73/0xb0
[   25.319271]  print_report+0xd1/0x650
[   25.319318]  ? __virt_addr_valid+0x1db/0x2d0
[   25.319376]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.319428]  ? kasan_addr_to_slab+0x11/0xa0
[   25.319479]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.319523]  kasan_report+0x141/0x180
[   25.319700]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   25.319795]  __asan_report_store1_noabort+0x1b/0x30
[   25.319842]  krealloc_less_oob_helper+0xd70/0x11d0
[   25.319893]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.319940]  ? finish_task_switch.isra.0+0x153/0x700
[   25.320001]  ? __switch_to+0x47/0xf50
[   25.320078]  ? __schedule+0x10cc/0x2b60
[   25.320126]  ? __pfx_read_tsc+0x10/0x10
[   25.320171]  krealloc_large_less_oob+0x1c/0x30
[   25.320209]  kunit_try_run_case+0x1a5/0x480
[   25.320241]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.320263]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.320288]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.320311]  ? __kthread_parkme+0x82/0x180
[   25.320333]  ? preempt_count_sub+0x50/0x80
[   25.320357]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.320380]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.320404]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.320427]  kthread+0x337/0x6f0
[   25.320472]  ? trace_preempt_on+0x20/0xc0
[   25.320500]  ? __pfx_kthread+0x10/0x10
[   25.320521]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.320543]  ? calculate_sigpending+0x7b/0xa0
[   25.320586]  ? __pfx_kthread+0x10/0x10
[   25.320620]  ret_from_fork+0x116/0x1d0
[   25.320650]  ? __pfx_kthread+0x10/0x10
[   25.320681]  ret_from_fork_asm+0x1a/0x30
[   25.320731]  </TASK>
[   25.320752] 
[   25.335347] The buggy address belongs to the physical page:
[   25.335622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4
[   25.336249] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.336919] flags: 0x200000000000040(head|node=0|zone=2)
[   25.337483] page_type: f8(unknown)
[   25.338077] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.338952] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.339579] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.339874] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.340640] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff
[   25.340936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.341268] page dumped because: kasan: bad access detected
[   25.341715] 
[   25.341896] Memory state around the buggy address:
[   25.342257]  ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.342782]  ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.343423] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.343710]                                               ^
[   25.344053]  ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.344730]  ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.345503] ==================================================================
[   25.172406] ==================================================================
[   25.173174] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   25.174079] Write of size 1 at addr ffff8881003956ea by task kunit_try_catch/187
[   25.174522] 
[   25.174676] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.174784] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.174812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.174848] Call Trace:
[   25.174886]  <TASK>
[   25.174920]  dump_stack_lvl+0x73/0xb0
[   25.174976]  print_report+0xd1/0x650
[   25.175009]  ? __virt_addr_valid+0x1db/0x2d0
[   25.175042]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.175075]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.175113]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.175150]  kasan_report+0x141/0x180
[   25.175183]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   25.175223]  __asan_report_store1_noabort+0x1b/0x30
[   25.175258]  krealloc_less_oob_helper+0xe90/0x11d0
[   25.175294]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.175332]  ? finish_task_switch.isra.0+0x153/0x700
[   25.175370]  ? __switch_to+0x47/0xf50
[   25.175410]  ? irqentry_exit+0x2a/0x60
[   25.175534]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   25.175737]  ? trace_hardirqs_on+0x37/0xe0
[   25.175804]  ? __pfx_read_tsc+0x10/0x10
[   25.175862]  krealloc_less_oob+0x1c/0x30
[   25.175906]  kunit_try_run_case+0x1a5/0x480
[   25.175952]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.175995]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.176038]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.176086]  ? __kthread_parkme+0x82/0x180
[   25.176128]  ? preempt_count_sub+0x50/0x80
[   25.176231]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.176276]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.176327]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.176378]  kthread+0x337/0x6f0
[   25.176422]  ? trace_preempt_on+0x20/0xc0
[   25.176476]  ? __pfx_kthread+0x10/0x10
[   25.176514]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.176735]  ? calculate_sigpending+0x7b/0xa0
[   25.176798]  ? __pfx_kthread+0x10/0x10
[   25.176838]  ret_from_fork+0x116/0x1d0
[   25.176876]  ? __pfx_kthread+0x10/0x10
[   25.176920]  ret_from_fork_asm+0x1a/0x30
[   25.177002]  </TASK>
[   25.177034] 
[   25.192001] Allocated by task 187:
[   25.192937]  kasan_save_stack+0x45/0x70
[   25.193239]  kasan_save_track+0x18/0x40
[   25.193663]  kasan_save_alloc_info+0x3b/0x50
[   25.193942]  __kasan_krealloc+0x190/0x1f0
[   25.194380]  krealloc_noprof+0xf3/0x340
[   25.194976]  krealloc_less_oob_helper+0x1aa/0x11d0
[   25.195420]  krealloc_less_oob+0x1c/0x30
[   25.195764]  kunit_try_run_case+0x1a5/0x480
[   25.195965]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.196351]  kthread+0x337/0x6f0
[   25.197263]  ret_from_fork+0x116/0x1d0
[   25.197572]  ret_from_fork_asm+0x1a/0x30
[   25.198114] 
[   25.198361] The buggy address belongs to the object at ffff888100395600
[   25.198361]  which belongs to the cache kmalloc-256 of size 256
[   25.198859] The buggy address is located 33 bytes to the right of
[   25.198859]  allocated 201-byte region [ffff888100395600, ffff8881003956c9)
[   25.199659] 
[   25.200151] The buggy address belongs to the physical page:
[   25.200636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394
[   25.201010] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.202120] flags: 0x200000000000040(head|node=0|zone=2)
[   25.202719] page_type: f5(slab)
[   25.203099] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.203966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.204237] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   25.204923] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.205731] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff
[   25.206504] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   25.206977] page dumped because: kasan: bad access detected
[   25.207459] 
[   25.207645] Memory state around the buggy address:
[   25.208101]  ffff888100395580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.208910]  ffff888100395600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.209162] >ffff888100395680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   25.210012]                                                           ^
[   25.210892]  ffff888100395700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.211139]  ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.211386] ==================================================================
[   25.347871] ==================================================================
[   25.348412] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   25.348719] Write of size 1 at addr ffff8881038e60d0 by task kunit_try_catch/191
[   25.349688] 
[   25.349907] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.350015] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.350050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.350089] Call Trace:
[   25.350115]  <TASK>
[   25.350150]  dump_stack_lvl+0x73/0xb0
[   25.350212]  print_report+0xd1/0x650
[   25.350256]  ? __virt_addr_valid+0x1db/0x2d0
[   25.350300]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.350349]  ? kasan_addr_to_slab+0x11/0xa0
[   25.350394]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.350456]  kasan_report+0x141/0x180
[   25.350508]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   25.350571]  __asan_report_store1_noabort+0x1b/0x30
[   25.350625]  krealloc_less_oob_helper+0xe23/0x11d0
[   25.350682]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   25.350733]  ? finish_task_switch.isra.0+0x153/0x700
[   25.350767]  ? __switch_to+0x47/0xf50
[   25.350796]  ? __schedule+0x10cc/0x2b60
[   25.350820]  ? __pfx_read_tsc+0x10/0x10
[   25.350846]  krealloc_large_less_oob+0x1c/0x30
[   25.350869]  kunit_try_run_case+0x1a5/0x480
[   25.350895]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.350918]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.350942]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.350965]  ? __kthread_parkme+0x82/0x180
[   25.350987]  ? preempt_count_sub+0x50/0x80
[   25.351010]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.351034]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.351058]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.351081]  kthread+0x337/0x6f0
[   25.351101]  ? trace_preempt_on+0x20/0xc0
[   25.351126]  ? __pfx_kthread+0x10/0x10
[   25.351152]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.351189]  ? calculate_sigpending+0x7b/0xa0
[   25.351216]  ? __pfx_kthread+0x10/0x10
[   25.351237]  ret_from_fork+0x116/0x1d0
[   25.351257]  ? __pfx_kthread+0x10/0x10
[   25.351278]  ret_from_fork_asm+0x1a/0x30
[   25.351309]  </TASK>
[   25.351321] 
[   25.361137] The buggy address belongs to the physical page:
[   25.361465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e4
[   25.361880] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.362392] flags: 0x200000000000040(head|node=0|zone=2)
[   25.362731] page_type: f8(unknown)
[   25.362991] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.363269] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.363550] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   25.364006] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   25.364799] head: 0200000000000002 ffffea00040e3901 00000000ffffffff 00000000ffffffff
[   25.365748] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.366799] page dumped because: kasan: bad access detected
[   25.367713] 
[   25.367890] Memory state around the buggy address:
[   25.368377]  ffff8881038e5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.368980]  ffff8881038e6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.369448] >ffff8881038e6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   25.369809]                                                  ^
[   25.370207]  ffff8881038e6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.370751]  ffff8881038e6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   25.371301] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ylxeu6IO0JXwDBBfpeBJndyVOz

job_id

TEST:linaro@lkft#2ylxlwz5RxcyLOfJc85DXMJ1ZHa

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ylxlwz5RxcyLOfJc85DXMJ1ZHa

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxi8VBQbEeX7ahh6RQozQ3qEa/bzImage
sha256sum	45bde6c06931535c0358c3b45a949b96cf4ed89bcf19cfa2091d7ba61a28678f

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ylxi8VBQbEeX7ahh6RQozQ3qEa/modules.tar.xz
sha256sum	78c646c5a5ca97c0ac59bb4022d308a7d957fff2cd7cba95f35c1aa1de7ed757

durations

tests

boot	0
kunit	261.41

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit