lkft/linux-next-master - next-20250623 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 23, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   32.537006] ==================================================================
[   32.537327] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   32.537459] Write of size 1 at addr fff00000c45112c9 by task kunit_try_catch/170
[   32.537580] 
[   32.537781] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.538138] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.538203] Hardware name: linux,dummy-virt (DT)
[   32.538275] Call trace:
[   32.538326]  show_stack+0x20/0x38 (C)
[   32.538449]  dump_stack_lvl+0x8c/0xd0
[   32.538671]  print_report+0x118/0x608
[   32.538822]  kasan_report+0xdc/0x128
[   32.539022]  __asan_report_store1_noabort+0x20/0x30
[   32.539435]  krealloc_less_oob_helper+0xa48/0xc50
[   32.539746]  krealloc_less_oob+0x20/0x38
[   32.539932]  kunit_try_run_case+0x170/0x3f0
[   32.540091]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.540348]  kthread+0x328/0x630
[   32.540475]  ret_from_fork+0x10/0x20
[   32.540739] 
[   32.541209] Allocated by task 170:
[   32.541328]  kasan_save_stack+0x3c/0x68
[   32.542089]  kasan_save_track+0x20/0x40
[   32.542197]  kasan_save_alloc_info+0x40/0x58
[   32.542375]  __kasan_krealloc+0x118/0x178
[   32.542862]  krealloc_noprof+0x128/0x360
[   32.542986]  krealloc_less_oob_helper+0x168/0xc50
[   32.543102]  krealloc_less_oob+0x20/0x38
[   32.543221]  kunit_try_run_case+0x170/0x3f0
[   32.543442]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.543560]  kthread+0x328/0x630
[   32.543746]  ret_from_fork+0x10/0x20
[   32.543842] 
[   32.543922] The buggy address belongs to the object at fff00000c4511200
[   32.543922]  which belongs to the cache kmalloc-256 of size 256
[   32.546071] The buggy address is located 0 bytes to the right of
[   32.546071]  allocated 201-byte region [fff00000c4511200, fff00000c45112c9)
[   32.546162] 
[   32.546191] The buggy address belongs to the physical page:
[   32.546240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104510
[   32.546904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.547039] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.547349] page_type: f5(slab)
[   32.547523] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.547638] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.547806] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.547995] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.548130] head: 0bfffe0000000001 ffffc1ffc3114401 00000000ffffffff 00000000ffffffff
[   32.548242] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.548331] page dumped because: kasan: bad access detected
[   32.548399] 
[   32.548442] Memory state around the buggy address:
[   32.548517]  fff00000c4511180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.548705]  fff00000c4511200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.548807] >fff00000c4511280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.548950]                                               ^
[   32.549167]  fff00000c4511300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.549346]  fff00000c4511380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.549823] ==================================================================
[   32.694732] ==================================================================
[   32.694919] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   32.695097] Write of size 1 at addr fff00000c577e0c9 by task kunit_try_catch/174
[   32.695226] 
[   32.695304] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.695605] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.695691] Hardware name: linux,dummy-virt (DT)
[   32.695848] Call trace:
[   32.695908]  show_stack+0x20/0x38 (C)
[   32.696088]  dump_stack_lvl+0x8c/0xd0
[   32.696217]  print_report+0x118/0x608
[   32.696352]  kasan_report+0xdc/0x128
[   32.696490]  __asan_report_store1_noabort+0x20/0x30
[   32.696778]  krealloc_less_oob_helper+0xa48/0xc50
[   32.697154]  krealloc_large_less_oob+0x20/0x38
[   32.697494]  kunit_try_run_case+0x170/0x3f0
[   32.697842]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.697976]  kthread+0x328/0x630
[   32.698120]  ret_from_fork+0x10/0x20
[   32.698351] 
[   32.698412] The buggy address belongs to the physical page:
[   32.698492] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10577c
[   32.699333] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.700022] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.700229] page_type: f8(unknown)
[   32.700325] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.700442] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.700559] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.702184] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.702360] head: 0bfffe0000000002 ffffc1ffc315df01 00000000ffffffff 00000000ffffffff
[   32.702576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.703118] page dumped because: kasan: bad access detected
[   32.703215] 
[   32.703261] Memory state around the buggy address:
[   32.703679]  fff00000c577df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.704405]  fff00000c577e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.704511] >fff00000c577e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.705257]                                               ^
[   32.705830]  fff00000c577e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.706371]  fff00000c577e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.706493] ==================================================================
[   32.738096] ==================================================================
[   32.738303] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   32.738425] Write of size 1 at addr fff00000c577e0eb by task kunit_try_catch/174
[   32.738650] 
[   32.738720] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.738958] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.739058] Hardware name: linux,dummy-virt (DT)
[   32.739260] Call trace:
[   32.739315]  show_stack+0x20/0x38 (C)
[   32.739445]  dump_stack_lvl+0x8c/0xd0
[   32.739754]  print_report+0x118/0x608
[   32.740048]  kasan_report+0xdc/0x128
[   32.740231]  __asan_report_store1_noabort+0x20/0x30
[   32.740354]  krealloc_less_oob_helper+0xa58/0xc50
[   32.740483]  krealloc_large_less_oob+0x20/0x38
[   32.740598]  kunit_try_run_case+0x170/0x3f0
[   32.740709]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.740834]  kthread+0x328/0x630
[   32.740963]  ret_from_fork+0x10/0x20
[   32.741469] 
[   32.741520] The buggy address belongs to the physical page:
[   32.741721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10577c
[   32.742172] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.742284] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.742396] page_type: f8(unknown)
[   32.742483] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.742615] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.743832] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.743952] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.744463] head: 0bfffe0000000002 ffffc1ffc315df01 00000000ffffffff 00000000ffffffff
[   32.744645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.744743] page dumped because: kasan: bad access detected
[   32.744815] 
[   32.744858] Memory state around the buggy address:
[   32.744937]  fff00000c577df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.745195]  fff00000c577e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.745298] >fff00000c577e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.745414]                                                           ^
[   32.745703]  fff00000c577e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.745806]  fff00000c577e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.745893] ==================================================================
[   32.709290] ==================================================================
[   32.709344] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   32.709478] Write of size 1 at addr fff00000c577e0d0 by task kunit_try_catch/174
[   32.709602] 
[   32.709727] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.709917] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.709980] Hardware name: linux,dummy-virt (DT)
[   32.710069] Call trace:
[   32.710121]  show_stack+0x20/0x38 (C)
[   32.710235]  dump_stack_lvl+0x8c/0xd0
[   32.710344]  print_report+0x118/0x608
[   32.710456]  kasan_report+0xdc/0x128
[   32.710580]  __asan_report_store1_noabort+0x20/0x30
[   32.710935]  krealloc_less_oob_helper+0xb9c/0xc50
[   32.711606]  krealloc_large_less_oob+0x20/0x38
[   32.711844]  kunit_try_run_case+0x170/0x3f0
[   32.712196]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.712620]  kthread+0x328/0x630
[   32.713439]  ret_from_fork+0x10/0x20
[   32.713565] 
[   32.713612] The buggy address belongs to the physical page:
[   32.714365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10577c
[   32.714498] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.714607] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.714724] page_type: f8(unknown)
[   32.714830] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.714950] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.716384] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.716636] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.717303] head: 0bfffe0000000002 ffffc1ffc315df01 00000000ffffffff 00000000ffffffff
[   32.717419] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.717511] page dumped because: kasan: bad access detected
[   32.718497] 
[   32.718592] Memory state around the buggy address:
[   32.718869]  fff00000c577df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.718971]  fff00000c577e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.719709] >fff00000c577e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.719956]                                                  ^
[   32.720175]  fff00000c577e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.720364]  fff00000c577e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.720510] ==================================================================
[   32.731101] ==================================================================
[   32.731196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   32.731310] Write of size 1 at addr fff00000c577e0ea by task kunit_try_catch/174
[   32.731435] 
[   32.731556] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.731780] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.731858] Hardware name: linux,dummy-virt (DT)
[   32.731990] Call trace:
[   32.732199]  show_stack+0x20/0x38 (C)
[   32.732381]  dump_stack_lvl+0x8c/0xd0
[   32.732514]  print_report+0x118/0x608
[   32.732761]  kasan_report+0xdc/0x128
[   32.732928]  __asan_report_store1_noabort+0x20/0x30
[   32.733007]  krealloc_less_oob_helper+0xae4/0xc50
[   32.733131]  krealloc_large_less_oob+0x20/0x38
[   32.733249]  kunit_try_run_case+0x170/0x3f0
[   32.733447]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.733606]  kthread+0x328/0x630
[   32.733815]  ret_from_fork+0x10/0x20
[   32.734040] 
[   32.734106] The buggy address belongs to the physical page:
[   32.734255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10577c
[   32.734467] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.734731] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.734940] page_type: f8(unknown)
[   32.735108] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.735229] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.735349] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.735505] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.735842] head: 0bfffe0000000002 ffffc1ffc315df01 00000000ffffffff 00000000ffffffff
[   32.735976] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.736246] page dumped because: kasan: bad access detected
[   32.736450] 
[   32.736605] Memory state around the buggy address:
[   32.736679]  fff00000c577df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.736779]  fff00000c577e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.736879] >fff00000c577e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.736973]                                                           ^
[   32.737119]  fff00000c577e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.737352]  fff00000c577e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.737592] ==================================================================
[   32.721733] ==================================================================
[   32.721964] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   32.722173] Write of size 1 at addr fff00000c577e0da by task kunit_try_catch/174
[   32.722405] 
[   32.722483] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.722712] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.722783] Hardware name: linux,dummy-virt (DT)
[   32.722846] Call trace:
[   32.722875]  show_stack+0x20/0x38 (C)
[   32.722938]  dump_stack_lvl+0x8c/0xd0
[   32.723046]  print_report+0x118/0x608
[   32.723212]  kasan_report+0xdc/0x128
[   32.723340]  __asan_report_store1_noabort+0x20/0x30
[   32.723682]  krealloc_less_oob_helper+0xa80/0xc50
[   32.724095]  krealloc_large_less_oob+0x20/0x38
[   32.724224]  kunit_try_run_case+0x170/0x3f0
[   32.724340]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.724469]  kthread+0x328/0x630
[   32.724655]  ret_from_fork+0x10/0x20
[   32.725172] 
[   32.725267] The buggy address belongs to the physical page:
[   32.725337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10577c
[   32.725451] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.726181] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.727160] page_type: f8(unknown)
[   32.727292] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.727642] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.727768] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.727883] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.728085] head: 0bfffe0000000002 ffffc1ffc315df01 00000000ffffffff 00000000ffffffff
[   32.728361] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.728456] page dumped because: kasan: bad access detected
[   32.728565] 
[   32.728633] Memory state around the buggy address:
[   32.728752]  fff00000c577df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.728946]  fff00000c577e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.729061] >fff00000c577e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.729180]                                                     ^
[   32.729426]  fff00000c577e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.729526]  fff00000c577e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.729610] ==================================================================
[   32.564958] ==================================================================
[   32.565139] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   32.565408] Write of size 1 at addr fff00000c45112da by task kunit_try_catch/170
[   32.565997] 
[   32.566155] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.566357] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.566418] Hardware name: linux,dummy-virt (DT)
[   32.566492] Call trace:
[   32.566814]  show_stack+0x20/0x38 (C)
[   32.567391]  dump_stack_lvl+0x8c/0xd0
[   32.567629]  print_report+0x118/0x608
[   32.567906]  kasan_report+0xdc/0x128
[   32.568142]  __asan_report_store1_noabort+0x20/0x30
[   32.568337]  krealloc_less_oob_helper+0xa80/0xc50
[   32.568550]  krealloc_less_oob+0x20/0x38
[   32.569022]  kunit_try_run_case+0x170/0x3f0
[   32.569234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.569429]  kthread+0x328/0x630
[   32.569547]  ret_from_fork+0x10/0x20
[   32.570113] 
[   32.570222] Allocated by task 170:
[   32.570314]  kasan_save_stack+0x3c/0x68
[   32.570489]  kasan_save_track+0x20/0x40
[   32.570592]  kasan_save_alloc_info+0x40/0x58
[   32.571094]  __kasan_krealloc+0x118/0x178
[   32.571331]  krealloc_noprof+0x128/0x360
[   32.571694]  krealloc_less_oob_helper+0x168/0xc50
[   32.572006]  krealloc_less_oob+0x20/0x38
[   32.572123]  kunit_try_run_case+0x170/0x3f0
[   32.572213]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.572311]  kthread+0x328/0x630
[   32.572389]  ret_from_fork+0x10/0x20
[   32.572519] 
[   32.572567] The buggy address belongs to the object at fff00000c4511200
[   32.572567]  which belongs to the cache kmalloc-256 of size 256
[   32.572694] The buggy address is located 17 bytes to the right of
[   32.572694]  allocated 201-byte region [fff00000c4511200, fff00000c45112c9)
[   32.572869] 
[   32.572936] The buggy address belongs to the physical page:
[   32.573007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104510
[   32.574024] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.574180] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.574435] page_type: f5(slab)
[   32.574633] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.574965] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.575113] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.575239] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.575588] head: 0bfffe0000000001 ffffc1ffc3114401 00000000ffffffff 00000000ffffffff
[   32.575940] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.576268] page dumped because: kasan: bad access detected
[   32.576617] 
[   32.576969] Memory state around the buggy address:
[   32.577102]  fff00000c4511180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.577488]  fff00000c4511200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.577592] >fff00000c4511280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.577643]                                                     ^
[   32.577689]  fff00000c4511300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.577738]  fff00000c4511380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.577780] ==================================================================
[   32.602636] ==================================================================
[   32.602742] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   32.603170] Write of size 1 at addr fff00000c45112eb by task kunit_try_catch/170
[   32.603330] 
[   32.603407] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.603605] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.603676] Hardware name: linux,dummy-virt (DT)
[   32.603818] Call trace:
[   32.604014]  show_stack+0x20/0x38 (C)
[   32.604560]  dump_stack_lvl+0x8c/0xd0
[   32.604790]  print_report+0x118/0x608
[   32.605043]  kasan_report+0xdc/0x128
[   32.605284]  __asan_report_store1_noabort+0x20/0x30
[   32.605451]  krealloc_less_oob_helper+0xa58/0xc50
[   32.605743]  krealloc_less_oob+0x20/0x38
[   32.605954]  kunit_try_run_case+0x170/0x3f0
[   32.606092]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.607161]  kthread+0x328/0x630
[   32.607926]  ret_from_fork+0x10/0x20
[   32.608632] 
[   32.609303] Allocated by task 170:
[   32.609473]  kasan_save_stack+0x3c/0x68
[   32.610433]  kasan_save_track+0x20/0x40
[   32.611064]  kasan_save_alloc_info+0x40/0x58
[   32.611169]  __kasan_krealloc+0x118/0x178
[   32.611271]  krealloc_noprof+0x128/0x360
[   32.612292]  krealloc_less_oob_helper+0x168/0xc50
[   32.613136]  krealloc_less_oob+0x20/0x38
[   32.613757]  kunit_try_run_case+0x170/0x3f0
[   32.613859]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.614516]  kthread+0x328/0x630
[   32.614645]  ret_from_fork+0x10/0x20
[   32.614799] 
[   32.614902] The buggy address belongs to the object at fff00000c4511200
[   32.614902]  which belongs to the cache kmalloc-256 of size 256
[   32.615043] The buggy address is located 34 bytes to the right of
[   32.615043]  allocated 201-byte region [fff00000c4511200, fff00000c45112c9)
[   32.615189] 
[   32.615245] The buggy address belongs to the physical page:
[   32.615476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104510
[   32.615598] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.615768] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.615920] page_type: f5(slab)
[   32.616013] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.616148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.616261] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.616371] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.616481] head: 0bfffe0000000001 ffffc1ffc3114401 00000000ffffffff 00000000ffffffff
[   32.616668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.616869] page dumped because: kasan: bad access detected
[   32.616941] 
[   32.617483] Memory state around the buggy address:
[   32.618047]  fff00000c4511180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.618610]  fff00000c4511200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.619239] >fff00000c4511280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.620211]                                                           ^
[   32.620524]  fff00000c4511300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.620626]  fff00000c4511380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.620716] ==================================================================
[   32.551790] ==================================================================
[   32.551879] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   32.551985] Write of size 1 at addr fff00000c45112d0 by task kunit_try_catch/170
[   32.552201] 
[   32.552306] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.552694] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.552761] Hardware name: linux,dummy-virt (DT)
[   32.552898] Call trace:
[   32.552981]  show_stack+0x20/0x38 (C)
[   32.553422]  dump_stack_lvl+0x8c/0xd0
[   32.553729]  print_report+0x118/0x608
[   32.553877]  kasan_report+0xdc/0x128
[   32.553995]  __asan_report_store1_noabort+0x20/0x30
[   32.554882]  krealloc_less_oob_helper+0xb9c/0xc50
[   32.555517]  krealloc_less_oob+0x20/0x38
[   32.555654]  kunit_try_run_case+0x170/0x3f0
[   32.555767]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.555901]  kthread+0x328/0x630
[   32.556362]  ret_from_fork+0x10/0x20
[   32.556737] 
[   32.556842] Allocated by task 170:
[   32.556914]  kasan_save_stack+0x3c/0x68
[   32.557074]  kasan_save_track+0x20/0x40
[   32.557204]  kasan_save_alloc_info+0x40/0x58
[   32.557447]  __kasan_krealloc+0x118/0x178
[   32.557592]  krealloc_noprof+0x128/0x360
[   32.557758]  krealloc_less_oob_helper+0x168/0xc50
[   32.558050]  krealloc_less_oob+0x20/0x38
[   32.558166]  kunit_try_run_case+0x170/0x3f0
[   32.558288]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.558616]  kthread+0x328/0x630
[   32.558717]  ret_from_fork+0x10/0x20
[   32.558837] 
[   32.558891] The buggy address belongs to the object at fff00000c4511200
[   32.558891]  which belongs to the cache kmalloc-256 of size 256
[   32.559081] The buggy address is located 7 bytes to the right of
[   32.559081]  allocated 201-byte region [fff00000c4511200, fff00000c45112c9)
[   32.559240] 
[   32.559294] The buggy address belongs to the physical page:
[   32.559367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104510
[   32.559534] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.559658] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.559791] page_type: f5(slab)
[   32.559889] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.560013] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.560162] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.560316] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.560473] head: 0bfffe0000000001 ffffc1ffc3114401 00000000ffffffff 00000000ffffffff
[   32.560597] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.560710] page dumped because: kasan: bad access detected
[   32.560813] 
[   32.560868] Memory state around the buggy address:
[   32.560988]  fff00000c4511180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.561117]  fff00000c4511200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.561269] >fff00000c4511280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.561409]                                                  ^
[   32.561514]  fff00000c4511300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.561630]  fff00000c4511380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.561742] ==================================================================
[   32.583425] ==================================================================
[   32.583527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   32.583846] Write of size 1 at addr fff00000c45112ea by task kunit_try_catch/170
[   32.584576] 
[   32.584646] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.584941] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.585718] Hardware name: linux,dummy-virt (DT)
[   32.585853] Call trace:
[   32.586185]  show_stack+0x20/0x38 (C)
[   32.586502]  dump_stack_lvl+0x8c/0xd0
[   32.586691]  print_report+0x118/0x608
[   32.587339]  kasan_report+0xdc/0x128
[   32.587470]  __asan_report_store1_noabort+0x20/0x30
[   32.587847]  krealloc_less_oob_helper+0xae4/0xc50
[   32.588766]  krealloc_less_oob+0x20/0x38
[   32.588944]  kunit_try_run_case+0x170/0x3f0
[   32.589450]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.589969]  kthread+0x328/0x630
[   32.590528]  ret_from_fork+0x10/0x20
[   32.590670] 
[   32.590722] Allocated by task 170:
[   32.590813]  kasan_save_stack+0x3c/0x68
[   32.590927]  kasan_save_track+0x20/0x40
[   32.591024]  kasan_save_alloc_info+0x40/0x58
[   32.591342]  __kasan_krealloc+0x118/0x178
[   32.591527]  krealloc_noprof+0x128/0x360
[   32.592272]  krealloc_less_oob_helper+0x168/0xc50
[   32.592783]  krealloc_less_oob+0x20/0x38
[   32.593472]  kunit_try_run_case+0x170/0x3f0
[   32.593735]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.593842]  kthread+0x328/0x630
[   32.594365]  ret_from_fork+0x10/0x20
[   32.594548] 
[   32.594735] The buggy address belongs to the object at fff00000c4511200
[   32.594735]  which belongs to the cache kmalloc-256 of size 256
[   32.594882] The buggy address is located 33 bytes to the right of
[   32.594882]  allocated 201-byte region [fff00000c4511200, fff00000c45112c9)
[   32.595023] 
[   32.596041] The buggy address belongs to the physical page:
[   32.596117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104510
[   32.596467] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.596626] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.596751] page_type: f5(slab)
[   32.597338] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.597537] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.597810] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   32.598208] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.598417] head: 0bfffe0000000001 ffffc1ffc3114401 00000000ffffffff 00000000ffffffff
[   32.598536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.598630] page dumped because: kasan: bad access detected
[   32.599086] 
[   32.599144] Memory state around the buggy address:
[   32.599408]  fff00000c4511180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.599874]  fff00000c4511200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.599979] >fff00000c4511280: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.600334]                                                           ^
[   32.600926]  fff00000c4511300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.601394]  fff00000c4511380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.601523] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmtaMTLcPEn4w4FcozR6WSC8v

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmtaMTLcPEn4w4FcozR6WSC8v

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/Image.gz
sha256sum	8babb9b25d008158739b204767b25f2683bd6714a94fb69277dbb95712e03026

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmq2ZJyYwoO1zRFnnOdOncGpy/modules.tar.xz
sha256sum	6a716a814d9729621b3aef13f694d9d6b53e23d3c12c6a026a54d81f80d3f12c

durations

tests

boot	0
kunit	290.50

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   21.439034] ==================================================================
[   21.439410] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   21.439969] Write of size 1 at addr ffff888100ab4eea by task kunit_try_catch/187
[   21.440356] 
[   21.440522] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.440804] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.440821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.440857] Call Trace:
[   21.440871]  <TASK>
[   21.440886]  dump_stack_lvl+0x73/0xb0
[   21.440925]  print_report+0xd1/0x650
[   21.440951]  ? __virt_addr_valid+0x1db/0x2d0
[   21.440971]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.440990]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.441010]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.441029]  kasan_report+0x141/0x180
[   21.441047]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.441070]  __asan_report_store1_noabort+0x1b/0x30
[   21.441089]  krealloc_less_oob_helper+0xe90/0x11d0
[   21.441110]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.441129]  ? finish_task_switch.isra.0+0x153/0x700
[   21.441146]  ? __switch_to+0x47/0xf50
[   21.441167]  ? __schedule+0x10cc/0x2b60
[   21.441184]  ? __pfx_read_tsc+0x10/0x10
[   21.441205]  krealloc_less_oob+0x1c/0x30
[   21.441222]  kunit_try_run_case+0x1a5/0x480
[   21.441241]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.441259]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.441277]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.441295]  ? __kthread_parkme+0x82/0x180
[   21.441311]  ? preempt_count_sub+0x50/0x80
[   21.441330]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.441349]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.441367]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.441421]  kthread+0x337/0x6f0
[   21.441460]  ? trace_preempt_on+0x20/0xc0
[   21.441498]  ? __pfx_kthread+0x10/0x10
[   21.441535]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.441571]  ? calculate_sigpending+0x7b/0xa0
[   21.441604]  ? __pfx_kthread+0x10/0x10
[   21.441623]  ret_from_fork+0x116/0x1d0
[   21.441639]  ? __pfx_kthread+0x10/0x10
[   21.441655]  ret_from_fork_asm+0x1a/0x30
[   21.441682]  </TASK>
[   21.441692] 
[   21.450110] Allocated by task 187:
[   21.450392]  kasan_save_stack+0x45/0x70
[   21.450609]  kasan_save_track+0x18/0x40
[   21.450767]  kasan_save_alloc_info+0x3b/0x50
[   21.450967]  __kasan_krealloc+0x190/0x1f0
[   21.451116]  krealloc_noprof+0xf3/0x340
[   21.451265]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.451593]  krealloc_less_oob+0x1c/0x30
[   21.451909]  kunit_try_run_case+0x1a5/0x480
[   21.452201]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.452558]  kthread+0x337/0x6f0
[   21.452736]  ret_from_fork+0x116/0x1d0
[   21.452900]  ret_from_fork_asm+0x1a/0x30
[   21.453052] 
[   21.453138] The buggy address belongs to the object at ffff888100ab4e00
[   21.453138]  which belongs to the cache kmalloc-256 of size 256
[   21.453768] The buggy address is located 33 bytes to the right of
[   21.453768]  allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9)
[   21.454609] 
[   21.454759] The buggy address belongs to the physical page:
[   21.455151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4
[   21.455535] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.455908] flags: 0x200000000000040(head|node=0|zone=2)
[   21.456217] page_type: f5(slab)
[   21.456447] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.456740] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.457111] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.457434] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.457774] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff
[   21.458039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.458273] page dumped because: kasan: bad access detected
[   21.458626] 
[   21.458768] Memory state around the buggy address:
[   21.459124]  ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.459575]  ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.460029] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.460328]                                                           ^
[   21.460537]  ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.460916]  ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.461349] ==================================================================
[   21.642277] ==================================================================
[   21.642768] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   21.643375] Write of size 1 at addr ffff8881028320eb by task kunit_try_catch/191
[   21.644321] 
[   21.644491] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.644567] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.644590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.644623] Call Trace:
[   21.644648]  <TASK>
[   21.644674]  dump_stack_lvl+0x73/0xb0
[   21.644712]  print_report+0xd1/0x650
[   21.644732]  ? __virt_addr_valid+0x1db/0x2d0
[   21.644751]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.644771]  ? kasan_addr_to_slab+0x11/0xa0
[   21.644788]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.644808]  kasan_report+0x141/0x180
[   21.644827]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.644866]  __asan_report_store1_noabort+0x1b/0x30
[   21.644900]  krealloc_less_oob_helper+0xd47/0x11d0
[   21.644942]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.644980]  ? irqentry_exit+0x2a/0x60
[   21.645016]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.645063]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   21.645098]  krealloc_large_less_oob+0x1c/0x30
[   21.645126]  kunit_try_run_case+0x1a5/0x480
[   21.645157]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.645185]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.645213]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.645240]  ? __kthread_parkme+0x82/0x180
[   21.645265]  ? preempt_count_sub+0x50/0x80
[   21.645292]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.645322]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.645351]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.645398]  kthread+0x337/0x6f0
[   21.645424]  ? trace_preempt_on+0x20/0xc0
[   21.645452]  ? __pfx_kthread+0x10/0x10
[   21.645476]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.645505]  ? calculate_sigpending+0x7b/0xa0
[   21.645536]  ? __pfx_kthread+0x10/0x10
[   21.645564]  ret_from_fork+0x116/0x1d0
[   21.645588]  ? __pfx_kthread+0x10/0x10
[   21.645615]  ret_from_fork_asm+0x1a/0x30
[   21.645659]  </TASK>
[   21.645690] 
[   21.655818] The buggy address belongs to the physical page:
[   21.656042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830
[   21.656680] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.657552] flags: 0x200000000000040(head|node=0|zone=2)
[   21.657952] page_type: f8(unknown)
[   21.658336] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.659499] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.660085] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.660825] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.661457] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff
[   21.662205] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.663005] page dumped because: kasan: bad access detected
[   21.663372] 
[   21.663473] Memory state around the buggy address:
[   21.663719]  ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.664028]  ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.664990] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.665558]                                                           ^
[   21.665769]  ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.666286]  ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.666702] ==================================================================
[   21.405745] ==================================================================
[   21.406929] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   21.407851] Write of size 1 at addr ffff888100ab4eda by task kunit_try_catch/187
[   21.408329] 
[   21.408469] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.408769] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.408790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.408813] Call Trace:
[   21.408829]  <TASK>
[   21.408849]  dump_stack_lvl+0x73/0xb0
[   21.408881]  print_report+0xd1/0x650
[   21.408911]  ? __virt_addr_valid+0x1db/0x2d0
[   21.408934]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.408953]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.408974]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.408993]  kasan_report+0x141/0x180
[   21.409010]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.409033]  __asan_report_store1_noabort+0x1b/0x30
[   21.409052]  krealloc_less_oob_helper+0xec6/0x11d0
[   21.409072]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.409091]  ? finish_task_switch.isra.0+0x153/0x700
[   21.409108]  ? __switch_to+0x47/0xf50
[   21.409129]  ? __schedule+0x10cc/0x2b60
[   21.409147]  ? __pfx_read_tsc+0x10/0x10
[   21.409167]  krealloc_less_oob+0x1c/0x30
[   21.409184]  kunit_try_run_case+0x1a5/0x480
[   21.409203]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.409221]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.409239]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.409257]  ? __kthread_parkme+0x82/0x180
[   21.409273]  ? preempt_count_sub+0x50/0x80
[   21.409292]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.409311]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.409329]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.409348]  kthread+0x337/0x6f0
[   21.409363]  ? trace_preempt_on+0x20/0xc0
[   21.409405]  ? __pfx_kthread+0x10/0x10
[   21.409437]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.409472]  ? calculate_sigpending+0x7b/0xa0
[   21.409509]  ? __pfx_kthread+0x10/0x10
[   21.409547]  ret_from_fork+0x116/0x1d0
[   21.409581]  ? __pfx_kthread+0x10/0x10
[   21.409618]  ret_from_fork_asm+0x1a/0x30
[   21.409651]  </TASK>
[   21.409662] 
[   21.421259] Allocated by task 187:
[   21.421502]  kasan_save_stack+0x45/0x70
[   21.421987]  kasan_save_track+0x18/0x40
[   21.422200]  kasan_save_alloc_info+0x3b/0x50
[   21.422630]  __kasan_krealloc+0x190/0x1f0
[   21.423088]  krealloc_noprof+0xf3/0x340
[   21.423234]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.423651]  krealloc_less_oob+0x1c/0x30
[   21.424065]  kunit_try_run_case+0x1a5/0x480
[   21.424296]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.424653]  kthread+0x337/0x6f0
[   21.424809]  ret_from_fork+0x116/0x1d0
[   21.425162]  ret_from_fork_asm+0x1a/0x30
[   21.425494] 
[   21.425818] The buggy address belongs to the object at ffff888100ab4e00
[   21.425818]  which belongs to the cache kmalloc-256 of size 256
[   21.426471] The buggy address is located 17 bytes to the right of
[   21.426471]  allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9)
[   21.427373] 
[   21.427547] The buggy address belongs to the physical page:
[   21.427982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4
[   21.428339] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.428950] flags: 0x200000000000040(head|node=0|zone=2)
[   21.429286] page_type: f5(slab)
[   21.429649] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.430100] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.430636] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.431203] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.431645] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff
[   21.432069] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.432614] page dumped because: kasan: bad access detected
[   21.433139] 
[   21.433232] Memory state around the buggy address:
[   21.433502]  ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.433869]  ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.434226] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.434589]                                                     ^
[   21.434884]  ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.435815]  ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.436224] ==================================================================
[   21.616646] ==================================================================
[   21.616984] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   21.617801] Write of size 1 at addr ffff8881028320ea by task kunit_try_catch/191
[   21.618066] 
[   21.618250] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.618335] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.618360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.618410] Call Trace:
[   21.618439]  <TASK>
[   21.618467]  dump_stack_lvl+0x73/0xb0
[   21.618522]  print_report+0xd1/0x650
[   21.618559]  ? __virt_addr_valid+0x1db/0x2d0
[   21.618592]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.618625]  ? kasan_addr_to_slab+0x11/0xa0
[   21.618656]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.618695]  kasan_report+0x141/0x180
[   21.618729]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.619292]  __asan_report_store1_noabort+0x1b/0x30
[   21.619349]  krealloc_less_oob_helper+0xe90/0x11d0
[   21.619408]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.619445]  ? irqentry_exit+0x2a/0x60
[   21.619486]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.619531]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   21.619590]  krealloc_large_less_oob+0x1c/0x30
[   21.619628]  kunit_try_run_case+0x1a5/0x480
[   21.619673]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.619708]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.619747]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.619786]  ? __kthread_parkme+0x82/0x180
[   21.619822]  ? preempt_count_sub+0x50/0x80
[   21.619858]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.619890]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.619928]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.619967]  kthread+0x337/0x6f0
[   21.620006]  ? trace_preempt_on+0x20/0xc0
[   21.620091]  ? __pfx_kthread+0x10/0x10
[   21.620131]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.620168]  ? calculate_sigpending+0x7b/0xa0
[   21.620209]  ? __pfx_kthread+0x10/0x10
[   21.620249]  ret_from_fork+0x116/0x1d0
[   21.620284]  ? __pfx_kthread+0x10/0x10
[   21.620319]  ret_from_fork_asm+0x1a/0x30
[   21.620392]  </TASK>
[   21.620408] 
[   21.630750] The buggy address belongs to the physical page:
[   21.631641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830
[   21.632477] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.633147] flags: 0x200000000000040(head|node=0|zone=2)
[   21.633556] page_type: f8(unknown)
[   21.633988] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.634619] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.634873] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.635104] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.635458] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff
[   21.636083] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.636653] page dumped because: kasan: bad access detected
[   21.637389] 
[   21.637563] Memory state around the buggy address:
[   21.637877]  ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.638370]  ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.639208] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.639835]                                                           ^
[   21.640473]  ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.641023]  ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.641593] ==================================================================
[   21.541414] ==================================================================
[   21.542225] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   21.542888] Write of size 1 at addr ffff8881028320c9 by task kunit_try_catch/191
[   21.543600] 
[   21.543765] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.543969] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.543997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.544219] Call Trace:
[   21.544263]  <TASK>
[   21.544296]  dump_stack_lvl+0x73/0xb0
[   21.544688]  print_report+0xd1/0x650
[   21.544715]  ? __virt_addr_valid+0x1db/0x2d0
[   21.544751]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.544772]  ? kasan_addr_to_slab+0x11/0xa0
[   21.544789]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.544809]  kasan_report+0x141/0x180
[   21.544829]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.544862]  __asan_report_store1_noabort+0x1b/0x30
[   21.544883]  krealloc_less_oob_helper+0xd70/0x11d0
[   21.544905]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.544924]  ? irqentry_exit+0x2a/0x60
[   21.544943]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.544967]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   21.544990]  krealloc_large_less_oob+0x1c/0x30
[   21.545009]  kunit_try_run_case+0x1a5/0x480
[   21.545031]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.545050]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.545070]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.545109]  ? __kthread_parkme+0x82/0x180
[   21.545136]  ? preempt_count_sub+0x50/0x80
[   21.545165]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.545196]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.545225]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.545255]  kthread+0x337/0x6f0
[   21.545281]  ? trace_preempt_on+0x20/0xc0
[   21.545311]  ? __pfx_kthread+0x10/0x10
[   21.545339]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.545368]  ? calculate_sigpending+0x7b/0xa0
[   21.545417]  ? __pfx_kthread+0x10/0x10
[   21.545438]  ret_from_fork+0x116/0x1d0
[   21.545456]  ? __pfx_kthread+0x10/0x10
[   21.545473]  ret_from_fork_asm+0x1a/0x30
[   21.545500]  </TASK>
[   21.545512] 
[   21.557747] The buggy address belongs to the physical page:
[   21.557960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830
[   21.558820] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.559361] flags: 0x200000000000040(head|node=0|zone=2)
[   21.559583] page_type: f8(unknown)
[   21.560008] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.560875] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.561417] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.561737] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.562601] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff
[   21.563309] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.563520] page dumped because: kasan: bad access detected
[   21.564007] 
[   21.564287] Memory state around the buggy address:
[   21.564563]  ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.565038]  ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.565530] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.565820]                                               ^
[   21.566683]  ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.567101]  ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.567572] ==================================================================
[   21.568438] ==================================================================
[   21.569022] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   21.569907] Write of size 1 at addr ffff8881028320d0 by task kunit_try_catch/191
[   21.570266] 
[   21.570402] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.570748] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.570800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.570890] Call Trace:
[   21.570920]  <TASK>
[   21.570946]  dump_stack_lvl+0x73/0xb0
[   21.571001]  print_report+0xd1/0x650
[   21.571040]  ? __virt_addr_valid+0x1db/0x2d0
[   21.571081]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.571122]  ? kasan_addr_to_slab+0x11/0xa0
[   21.571159]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.571201]  kasan_report+0x141/0x180
[   21.571239]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.571394]  __asan_report_store1_noabort+0x1b/0x30
[   21.571422]  krealloc_less_oob_helper+0xe23/0x11d0
[   21.571445]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.571465]  ? irqentry_exit+0x2a/0x60
[   21.571483]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.571507]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   21.571529]  krealloc_large_less_oob+0x1c/0x30
[   21.571548]  kunit_try_run_case+0x1a5/0x480
[   21.571568]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.571587]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.571606]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.571625]  ? __kthread_parkme+0x82/0x180
[   21.571641]  ? preempt_count_sub+0x50/0x80
[   21.571661]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.571681]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.571700]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.571720]  kthread+0x337/0x6f0
[   21.571736]  ? trace_preempt_on+0x20/0xc0
[   21.571754]  ? __pfx_kthread+0x10/0x10
[   21.571772]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.571789]  ? calculate_sigpending+0x7b/0xa0
[   21.571809]  ? __pfx_kthread+0x10/0x10
[   21.571827]  ret_from_fork+0x116/0x1d0
[   21.571852]  ? __pfx_kthread+0x10/0x10
[   21.571871]  ret_from_fork_asm+0x1a/0x30
[   21.571898]  </TASK>
[   21.571909] 
[   21.582195] The buggy address belongs to the physical page:
[   21.582334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830
[   21.582807] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.583278] flags: 0x200000000000040(head|node=0|zone=2)
[   21.584554] page_type: f8(unknown)
[   21.584726] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.585170] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.585855] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.586570] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.587129] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff
[   21.587580] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.588415] page dumped because: kasan: bad access detected
[   21.588696] 
[   21.588792] Memory state around the buggy address:
[   21.589178]  ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.589995]  ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.590882] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.591324]                                                  ^
[   21.591819]  ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.592293]  ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.592731] ==================================================================
[   21.348830] ==================================================================
[   21.349243] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   21.349848] Write of size 1 at addr ffff888100ab4ec9 by task kunit_try_catch/187
[   21.350820] 
[   21.350952] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.351070] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.351094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.351142] Call Trace:
[   21.351166]  <TASK>
[   21.351191]  dump_stack_lvl+0x73/0xb0
[   21.351241]  print_report+0xd1/0x650
[   21.351274]  ? __virt_addr_valid+0x1db/0x2d0
[   21.351312]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.351352]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.351409]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.351444]  kasan_report+0x141/0x180
[   21.351464]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.351487]  __asan_report_store1_noabort+0x1b/0x30
[   21.351506]  krealloc_less_oob_helper+0xd70/0x11d0
[   21.351527]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.351546]  ? finish_task_switch.isra.0+0x153/0x700
[   21.351564]  ? __switch_to+0x47/0xf50
[   21.351585]  ? __schedule+0x10cc/0x2b60
[   21.351603]  ? __pfx_read_tsc+0x10/0x10
[   21.351623]  krealloc_less_oob+0x1c/0x30
[   21.351640]  kunit_try_run_case+0x1a5/0x480
[   21.351660]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.351678]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.351696]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.351715]  ? __kthread_parkme+0x82/0x180
[   21.351732]  ? preempt_count_sub+0x50/0x80
[   21.351750]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.351769]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.351787]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.351806]  kthread+0x337/0x6f0
[   21.351822]  ? trace_preempt_on+0x20/0xc0
[   21.351860]  ? __pfx_kthread+0x10/0x10
[   21.351877]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.351894]  ? calculate_sigpending+0x7b/0xa0
[   21.351913]  ? __pfx_kthread+0x10/0x10
[   21.351931]  ret_from_fork+0x116/0x1d0
[   21.351946]  ? __pfx_kthread+0x10/0x10
[   21.351962]  ret_from_fork_asm+0x1a/0x30
[   21.351989]  </TASK>
[   21.352000] 
[   21.361724] Allocated by task 187:
[   21.362557]  kasan_save_stack+0x45/0x70
[   21.362762]  kasan_save_track+0x18/0x40
[   21.363035]  kasan_save_alloc_info+0x3b/0x50
[   21.363254]  __kasan_krealloc+0x190/0x1f0
[   21.363508]  krealloc_noprof+0xf3/0x340
[   21.363715]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.364624]  krealloc_less_oob+0x1c/0x30
[   21.364788]  kunit_try_run_case+0x1a5/0x480
[   21.365202]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.365466]  kthread+0x337/0x6f0
[   21.365619]  ret_from_fork+0x116/0x1d0
[   21.365785]  ret_from_fork_asm+0x1a/0x30
[   21.366785] 
[   21.366942] The buggy address belongs to the object at ffff888100ab4e00
[   21.366942]  which belongs to the cache kmalloc-256 of size 256
[   21.367409] The buggy address is located 0 bytes to the right of
[   21.367409]  allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9)
[   21.368150] 
[   21.368287] The buggy address belongs to the physical page:
[   21.368648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4
[   21.369082] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.369506] flags: 0x200000000000040(head|node=0|zone=2)
[   21.369820] page_type: f5(slab)
[   21.369959] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.370448] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.370762] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.371165] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.371723] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff
[   21.372249] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.372720] page dumped because: kasan: bad access detected
[   21.373093] 
[   21.373253] Memory state around the buggy address:
[   21.373642]  ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.374172]  ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.374580] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.375251]                                               ^
[   21.375552]  ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.375816]  ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.376339] ==================================================================
[   21.462646] ==================================================================
[   21.463489] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   21.463995] Write of size 1 at addr ffff888100ab4eeb by task kunit_try_catch/187
[   21.464460] 
[   21.464640] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.464715] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.464735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.464768] Call Trace:
[   21.464792]  <TASK>
[   21.464818]  dump_stack_lvl+0x73/0xb0
[   21.464901]  print_report+0xd1/0x650
[   21.464942]  ? __virt_addr_valid+0x1db/0x2d0
[   21.464981]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.465021]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.465065]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.465106]  kasan_report+0x141/0x180
[   21.465144]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.465194]  __asan_report_store1_noabort+0x1b/0x30
[   21.465230]  krealloc_less_oob_helper+0xd47/0x11d0
[   21.465267]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.465690]  ? finish_task_switch.isra.0+0x153/0x700
[   21.465759]  ? __switch_to+0x47/0xf50
[   21.465793]  ? __schedule+0x10cc/0x2b60
[   21.465828]  ? __pfx_read_tsc+0x10/0x10
[   21.465892]  krealloc_less_oob+0x1c/0x30
[   21.465927]  kunit_try_run_case+0x1a5/0x480
[   21.465965]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.466003]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.466050]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.466091]  ? __kthread_parkme+0x82/0x180
[   21.466130]  ? preempt_count_sub+0x50/0x80
[   21.466173]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.466216]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.466257]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.466299]  kthread+0x337/0x6f0
[   21.466335]  ? trace_preempt_on+0x20/0xc0
[   21.466391]  ? __pfx_kthread+0x10/0x10
[   21.466433]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.466473]  ? calculate_sigpending+0x7b/0xa0
[   21.466513]  ? __pfx_kthread+0x10/0x10
[   21.466569]  ret_from_fork+0x116/0x1d0
[   21.466604]  ? __pfx_kthread+0x10/0x10
[   21.466639]  ret_from_fork_asm+0x1a/0x30
[   21.466697]  </TASK>
[   21.466719] 
[   21.476538] Allocated by task 187:
[   21.476735]  kasan_save_stack+0x45/0x70
[   21.477003]  kasan_save_track+0x18/0x40
[   21.477217]  kasan_save_alloc_info+0x3b/0x50
[   21.477522]  __kasan_krealloc+0x190/0x1f0
[   21.477692]  krealloc_noprof+0xf3/0x340
[   21.477967]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.478221]  krealloc_less_oob+0x1c/0x30
[   21.478536]  kunit_try_run_case+0x1a5/0x480
[   21.478751]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.479115]  kthread+0x337/0x6f0
[   21.479356]  ret_from_fork+0x116/0x1d0
[   21.479593]  ret_from_fork_asm+0x1a/0x30
[   21.479805] 
[   21.479976] The buggy address belongs to the object at ffff888100ab4e00
[   21.479976]  which belongs to the cache kmalloc-256 of size 256
[   21.480550] The buggy address is located 34 bytes to the right of
[   21.480550]  allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9)
[   21.481216] 
[   21.481356] The buggy address belongs to the physical page:
[   21.481589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4
[   21.481904] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.482425] flags: 0x200000000000040(head|node=0|zone=2)
[   21.482856] page_type: f5(slab)
[   21.483105] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.483372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.483649] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.484151] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.484565] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff
[   21.484858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.485083] page dumped because: kasan: bad access detected
[   21.485253] 
[   21.485334] Memory state around the buggy address:
[   21.485503]  ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.485956]  ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.486437] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.486890]                                                           ^
[   21.487282]  ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.487667]  ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.487954] ==================================================================
[   21.593428] ==================================================================
[   21.593731] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   21.594412] Write of size 1 at addr ffff8881028320da by task kunit_try_catch/191
[   21.594673] 
[   21.594787] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.594904] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.594943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.594979] Call Trace:
[   21.595005]  <TASK>
[   21.595028]  dump_stack_lvl+0x73/0xb0
[   21.595085]  print_report+0xd1/0x650
[   21.595122]  ? __virt_addr_valid+0x1db/0x2d0
[   21.595159]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.595196]  ? kasan_addr_to_slab+0x11/0xa0
[   21.595232]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.595273]  kasan_report+0x141/0x180
[   21.595312]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.595364]  __asan_report_store1_noabort+0x1b/0x30
[   21.595420]  krealloc_less_oob_helper+0xec6/0x11d0
[   21.595465]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.595504]  ? irqentry_exit+0x2a/0x60
[   21.595542]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.595591]  ? __pfx_krealloc_large_less_oob+0x10/0x10
[   21.595628]  krealloc_large_less_oob+0x1c/0x30
[   21.595659]  kunit_try_run_case+0x1a5/0x480
[   21.595696]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.595730]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.595764]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.595802]  ? __kthread_parkme+0x82/0x180
[   21.595836]  ? preempt_count_sub+0x50/0x80
[   21.595872]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.595905]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.595941]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.595976]  kthread+0x337/0x6f0
[   21.596007]  ? trace_preempt_on+0x20/0xc0
[   21.596045]  ? __pfx_kthread+0x10/0x10
[   21.596082]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.596120]  ? calculate_sigpending+0x7b/0xa0
[   21.596161]  ? __pfx_kthread+0x10/0x10
[   21.596200]  ret_from_fork+0x116/0x1d0
[   21.596235]  ? __pfx_kthread+0x10/0x10
[   21.596288]  ret_from_fork_asm+0x1a/0x30
[   21.596357]  </TASK>
[   21.596375] 
[   21.607487] The buggy address belongs to the physical page:
[   21.607909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102830
[   21.608214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.608453] flags: 0x200000000000040(head|node=0|zone=2)
[   21.608643] page_type: f8(unknown)
[   21.608830] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.609399] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.609860] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.610781] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.611588] head: 0200000000000002 ffffea00040a0c01 00000000ffffffff 00000000ffffffff
[   21.611859] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.612520] page dumped because: kasan: bad access detected
[   21.612794] 
[   21.612962] Memory state around the buggy address:
[   21.613337]  ffff888102831f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.613655]  ffff888102832000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.614542] >ffff888102832080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.614845]                                                     ^
[   21.615052]  ffff888102832100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.615264]  ffff888102832180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.615726] ==================================================================
[   21.377956] ==================================================================
[   21.378751] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   21.379148] Write of size 1 at addr ffff888100ab4ed0 by task kunit_try_catch/187
[   21.379360] 
[   21.379485] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.379564] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.379583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.379644] Call Trace:
[   21.379670]  <TASK>
[   21.379694]  dump_stack_lvl+0x73/0xb0
[   21.379745]  print_report+0xd1/0x650
[   21.379789]  ? __virt_addr_valid+0x1db/0x2d0
[   21.379822]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.379853]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.379891]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.379927]  kasan_report+0x141/0x180
[   21.379964]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.380013]  __asan_report_store1_noabort+0x1b/0x30
[   21.380047]  krealloc_less_oob_helper+0xe23/0x11d0
[   21.380091]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.380131]  ? finish_task_switch.isra.0+0x153/0x700
[   21.380169]  ? __switch_to+0x47/0xf50
[   21.380214]  ? __schedule+0x10cc/0x2b60
[   21.380254]  ? __pfx_read_tsc+0x10/0x10
[   21.380298]  krealloc_less_oob+0x1c/0x30
[   21.380331]  kunit_try_run_case+0x1a5/0x480
[   21.380363]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.380400]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.380421]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.380440]  ? __kthread_parkme+0x82/0x180
[   21.380457]  ? preempt_count_sub+0x50/0x80
[   21.380475]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.380494]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.380513]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.380534]  kthread+0x337/0x6f0
[   21.380550]  ? trace_preempt_on+0x20/0xc0
[   21.380569]  ? __pfx_kthread+0x10/0x10
[   21.380585]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.380602]  ? calculate_sigpending+0x7b/0xa0
[   21.380622]  ? __pfx_kthread+0x10/0x10
[   21.380640]  ret_from_fork+0x116/0x1d0
[   21.380655]  ? __pfx_kthread+0x10/0x10
[   21.380671]  ret_from_fork_asm+0x1a/0x30
[   21.380697]  </TASK>
[   21.380707] 
[   21.390103] Allocated by task 187:
[   21.390412]  kasan_save_stack+0x45/0x70
[   21.390612]  kasan_save_track+0x18/0x40
[   21.390806]  kasan_save_alloc_info+0x3b/0x50
[   21.391398]  __kasan_krealloc+0x190/0x1f0
[   21.391573]  krealloc_noprof+0xf3/0x340
[   21.391719]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.392297]  krealloc_less_oob+0x1c/0x30
[   21.392514]  kunit_try_run_case+0x1a5/0x480
[   21.392720]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.393261]  kthread+0x337/0x6f0
[   21.393436]  ret_from_fork+0x116/0x1d0
[   21.393607]  ret_from_fork_asm+0x1a/0x30
[   21.393785] 
[   21.394300] The buggy address belongs to the object at ffff888100ab4e00
[   21.394300]  which belongs to the cache kmalloc-256 of size 256
[   21.395192] The buggy address is located 7 bytes to the right of
[   21.395192]  allocated 201-byte region [ffff888100ab4e00, ffff888100ab4ec9)
[   21.395788] 
[   21.395961] The buggy address belongs to the physical page:
[   21.396310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4
[   21.396598] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.397041] flags: 0x200000000000040(head|node=0|zone=2)
[   21.397287] page_type: f5(slab)
[   21.398096] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.398475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.398797] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004
[   21.399559] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.400397] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff
[   21.400731] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.401302] page dumped because: kasan: bad access detected
[   21.401524] 
[   21.401818] Memory state around the buggy address:
[   21.402285]  ffff888100ab4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.402603]  ffff888100ab4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.403216] >ffff888100ab4e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.403586]                                                  ^
[   21.403772]  ffff888100ab4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.404170]  ffff888100ab4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.404501] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2ytmowJu277AggRMV0akIntCcBb

job_id

TEST:linaro@lkft#2ytmubRIV1JPUllhZ47JmxJvXDc

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2ytmubRIV1JPUllhZ47JmxJvXDc

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/bzImage
sha256sum	b03452fcb75b3b14cf8383cc19f407b3f7a1f0ee70432185dec0e489b10cb3a4

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2ytmr5So17mjebl2Ct1tTXuuGxA/modules.tar.xz
sha256sum	e4532e2fb00e2e4b26601276ccbbe81c48edd0570f10fd066f50509a42a73673

durations

tests

boot	0
kunit	172.25

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit