lkft/linux-next-master - next-20250624 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 24, 2025, 11:37 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64

[   34.891734] ==================================================================
[   34.899052] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   34.906727] Write of size 1 at addr ffff0000864220da by task kunit_try_catch/260
[   34.914222] 
[   34.915759] CPU: 4 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   34.915788] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.915796] Hardware name: Thundercomm Dragonboard 845c (DT)
[   34.915808] Call trace:
[   34.915813]  show_stack+0x20/0x38 (C)
[   34.915831]  dump_stack_lvl+0x8c/0xd0
[   34.915850]  print_report+0x118/0x608
[   34.915869]  kasan_report+0xdc/0x128
[   34.915887]  __asan_report_store1_noabort+0x20/0x30
[   34.915904]  krealloc_less_oob_helper+0xa80/0xc50
[   34.915922]  krealloc_large_less_oob+0x20/0x38
[   34.915939]  kunit_try_run_case+0x170/0x3f0
[   34.915956]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.915975]  kthread+0x328/0x630
[   34.915989]  ret_from_fork+0x10/0x20
[   34.916005] 
[   34.986751] The buggy address belongs to the physical page:
[   34.992391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106420
[   35.000492] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.008244] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.015291] page_type: f8(unknown)
[   35.018751] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.026591] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.034431] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.042358] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.050282] head: 0bfffe0000000002 fffffdffc2190801 00000000ffffffff 00000000ffffffff
[   35.058207] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.066127] page dumped because: kasan: bad access detected
[   35.071766] 
[   35.073289] Memory state around the buggy address:
[   35.078140]  ffff000086421f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.085454]  ffff000086422000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.092759] >ffff000086422080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   35.100072]                                                     ^
[   35.106239]  ffff000086422100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.113553]  ffff000086422180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.120865] ==================================================================
[   33.614804] ==================================================================
[   33.622122] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   33.629787] Write of size 1 at addr ffff000086408aeb by task kunit_try_catch/256
[   33.637280] 
[   33.638805] CPU: 5 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   33.638832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.638839] Hardware name: Thundercomm Dragonboard 845c (DT)
[   33.638848] Call trace:
[   33.638853]  show_stack+0x20/0x38 (C)
[   33.638869]  dump_stack_lvl+0x8c/0xd0
[   33.638886]  print_report+0x118/0x608
[   33.638904]  kasan_report+0xdc/0x128
[   33.638921]  __asan_report_store1_noabort+0x20/0x30
[   33.638936]  krealloc_less_oob_helper+0xa58/0xc50
[   33.638953]  krealloc_less_oob+0x20/0x38
[   33.638968]  kunit_try_run_case+0x170/0x3f0
[   33.638985]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.639004]  kthread+0x328/0x630
[   33.639017]  ret_from_fork+0x10/0x20
[   33.639033] 
[   33.709274] Allocated by task 256:
[   33.712726]  kasan_save_stack+0x3c/0x68
[   33.716630]  kasan_save_track+0x20/0x40
[   33.720535]  kasan_save_alloc_info+0x40/0x58
[   33.724867]  __kasan_krealloc+0x118/0x178
[   33.728944]  krealloc_noprof+0x128/0x360
[   33.732931]  krealloc_less_oob_helper+0x168/0xc50
[   33.737702]  krealloc_less_oob+0x20/0x38
[   33.741691]  kunit_try_run_case+0x170/0x3f0
[   33.745940]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.751500]  kthread+0x328/0x630
[   33.754786]  ret_from_fork+0x10/0x20
[   33.758425] 
[   33.759954] The buggy address belongs to the object at ffff000086408a00
[   33.759954]  which belongs to the cache kmalloc-256 of size 256
[   33.772605] The buggy address is located 34 bytes to the right of
[   33.772605]  allocated 201-byte region [ffff000086408a00, ffff000086408ac9)
[   33.785781] 
[   33.787310] The buggy address belongs to the physical page:
[   33.792951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106408
[   33.801050] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.808799] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.815844] page_type: f5(slab)
[   33.819041] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.826880] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.834719] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.842641] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.850565] head: 0bfffe0000000002 fffffdffc2190201 00000000ffffffff 00000000ffffffff
[   33.858490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.866409] page dumped because: kasan: bad access detected
[   33.872047] 
[   33.873569] Memory state around the buggy address:
[   33.878420]  ffff000086408980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.885734]  ffff000086408a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.893048] >ffff000086408a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.900359]                                                           ^
[   33.907052]  ffff000086408b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.914357]  ffff000086408b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.921669] ==================================================================
[   32.986878] ==================================================================
[   32.994196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   33.001870] Write of size 1 at addr ffff000086408ada by task kunit_try_catch/256
[   33.009362] 
[   33.010891] CPU: 5 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   33.010921] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.010928] Hardware name: Thundercomm Dragonboard 845c (DT)
[   33.010939] Call trace:
[   33.010944]  show_stack+0x20/0x38 (C)
[   33.010962]  dump_stack_lvl+0x8c/0xd0
[   33.010979]  print_report+0x118/0x608
[   33.010998]  kasan_report+0xdc/0x128
[   33.011015]  __asan_report_store1_noabort+0x20/0x30
[   33.011031]  krealloc_less_oob_helper+0xa80/0xc50
[   33.011049]  krealloc_less_oob+0x20/0x38
[   33.011065]  kunit_try_run_case+0x170/0x3f0
[   33.011082]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.011101]  kthread+0x328/0x630
[   33.011114]  ret_from_fork+0x10/0x20
[   33.011130] 
[   33.081345] Allocated by task 256:
[   33.084798]  kasan_save_stack+0x3c/0x68
[   33.088696]  kasan_save_track+0x20/0x40
[   33.092600]  kasan_save_alloc_info+0x40/0x58
[   33.096935]  __kasan_krealloc+0x118/0x178
[   33.101013]  krealloc_noprof+0x128/0x360
[   33.105004]  krealloc_less_oob_helper+0x168/0xc50
[   33.109775]  krealloc_less_oob+0x20/0x38
[   33.113765]  kunit_try_run_case+0x170/0x3f0
[   33.118015]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.123578]  kthread+0x328/0x630
[   33.126863]  ret_from_fork+0x10/0x20
[   33.130495] 
[   33.132025] The buggy address belongs to the object at ffff000086408a00
[   33.132025]  which belongs to the cache kmalloc-256 of size 256
[   33.144674] The buggy address is located 17 bytes to the right of
[   33.144674]  allocated 201-byte region [ffff000086408a00, ffff000086408ac9)
[   33.157851] 
[   33.159382] The buggy address belongs to the physical page:
[   33.165025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106408
[   33.173126] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.180878] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.187925] page_type: f5(slab)
[   33.191124] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.198966] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.206807] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.214731] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.222657] head: 0bfffe0000000002 fffffdffc2190201 00000000ffffffff 00000000ffffffff
[   33.230582] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.238504] page dumped because: kasan: bad access detected
[   33.244143] 
[   33.245664] Memory state around the buggy address:
[   33.250516]  ffff000086408980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.257822]  ffff000086408a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.265127] >ffff000086408a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.272430]                                                     ^
[   33.278598]  ffff000086408b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.285903]  ffff000086408b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.293205] ==================================================================
[   32.672387] ==================================================================
[   32.679705] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   32.687382] Write of size 1 at addr ffff000086408ad0 by task kunit_try_catch/256
[   32.694873] 
[   32.696412] CPU: 3 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.696441] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.696452] Hardware name: Thundercomm Dragonboard 845c (DT)
[   32.696463] Call trace:
[   32.696469]  show_stack+0x20/0x38 (C)
[   32.696487]  dump_stack_lvl+0x8c/0xd0
[   32.696505]  print_report+0x118/0x608
[   32.696524]  kasan_report+0xdc/0x128
[   32.696542]  __asan_report_store1_noabort+0x20/0x30
[   32.696559]  krealloc_less_oob_helper+0xb9c/0xc50
[   32.696579]  krealloc_less_oob+0x20/0x38
[   32.696597]  kunit_try_run_case+0x170/0x3f0
[   32.696615]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.696638]  kthread+0x328/0x630
[   32.696653]  ret_from_fork+0x10/0x20
[   32.696671] 
[   32.766953] Allocated by task 256:
[   32.770412]  kasan_save_stack+0x3c/0x68
[   32.774325]  kasan_save_track+0x20/0x40
[   32.778235]  kasan_save_alloc_info+0x40/0x58
[   32.782575]  __kasan_krealloc+0x118/0x178
[   32.786657]  krealloc_noprof+0x128/0x360
[   32.790656]  krealloc_less_oob_helper+0x168/0xc50
[   32.795438]  krealloc_less_oob+0x20/0x38
[   32.799434]  kunit_try_run_case+0x170/0x3f0
[   32.803688]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.809261]  kthread+0x328/0x630
[   32.812554]  ret_from_fork+0x10/0x20
[   32.816192] 
[   32.817722] The buggy address belongs to the object at ffff000086408a00
[   32.817722]  which belongs to the cache kmalloc-256 of size 256
[   32.830377] The buggy address is located 7 bytes to the right of
[   32.830377]  allocated 201-byte region [ffff000086408a00, ffff000086408ac9)
[   32.843476] 
[   32.845002] The buggy address belongs to the physical page:
[   32.850651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106408
[   32.858757] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.866514] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.873572] page_type: f5(slab)
[   32.876776] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   32.884622] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   32.892468] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   32.900400] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   32.908334] head: 0bfffe0000000002 fffffdffc2190201 00000000ffffffff 00000000ffffffff
[   32.916268] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.924196] page dumped because: kasan: bad access detected
[   32.929846] 
[   32.931374] Memory state around the buggy address:
[   32.936233]  ffff000086408980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.943551]  ffff000086408a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.950868] >ffff000086408a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.958179]                                                  ^
[   32.964098]  ffff000086408b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.971416]  ffff000086408b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.978730] ==================================================================
[   32.355014] ==================================================================
[   32.366226] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   32.373905] Write of size 1 at addr ffff000086408ac9 by task kunit_try_catch/256
[   32.381405] 
[   32.382939] CPU: 3 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.382967] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.382976] Hardware name: Thundercomm Dragonboard 845c (DT)
[   32.382988] Call trace:
[   32.382994]  show_stack+0x20/0x38 (C)
[   32.383013]  dump_stack_lvl+0x8c/0xd0
[   32.383032]  print_report+0x118/0x608
[   32.383050]  kasan_report+0xdc/0x128
[   32.383069]  __asan_report_store1_noabort+0x20/0x30
[   32.383086]  krealloc_less_oob_helper+0xa48/0xc50
[   32.383105]  krealloc_less_oob+0x20/0x38
[   32.383125]  kunit_try_run_case+0x170/0x3f0
[   32.383144]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.383166]  kthread+0x328/0x630
[   32.383181]  ret_from_fork+0x10/0x20
[   32.383198] 
[   32.453466] Allocated by task 256:
[   32.456927]  kasan_save_stack+0x3c/0x68
[   32.460840]  kasan_save_track+0x20/0x40
[   32.464753]  kasan_save_alloc_info+0x40/0x58
[   32.469093]  __kasan_krealloc+0x118/0x178
[   32.473177]  krealloc_noprof+0x128/0x360
[   32.477175]  krealloc_less_oob_helper+0x168/0xc50
[   32.481960]  krealloc_less_oob+0x20/0x38
[   32.485956]  kunit_try_run_case+0x170/0x3f0
[   32.490211]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.495781]  kthread+0x328/0x630
[   32.499075]  ret_from_fork+0x10/0x20
[   32.502715] 
[   32.504252] The buggy address belongs to the object at ffff000086408a00
[   32.504252]  which belongs to the cache kmalloc-256 of size 256
[   32.516907] The buggy address is located 0 bytes to the right of
[   32.516907]  allocated 201-byte region [ffff000086408a00, ffff000086408ac9)
[   32.530008] 
[   32.531537] The buggy address belongs to the physical page:
[   32.537187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106408
[   32.545292] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.553052] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.560108] page_type: f5(slab)
[   32.563315] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   32.571163] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   32.579010] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   32.586943] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   32.594876] head: 0bfffe0000000002 fffffdffc2190201 00000000ffffffff 00000000ffffffff
[   32.602807] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.610737] page dumped because: kasan: bad access detected
[   32.616383] 
[   32.617914] Memory state around the buggy address:
[   32.622778]  ffff000086408980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.630094]  ffff000086408a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.637409] >ffff000086408a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.644721]                                               ^
[   32.650374]  ffff000086408b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.657691]  ffff000086408b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.665004] ==================================================================
[   35.128228] ==================================================================
[   35.135545] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   35.143216] Write of size 1 at addr ffff0000864220ea by task kunit_try_catch/260
[   35.150701] 
[   35.152234] CPU: 4 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   35.152260] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.152267] Hardware name: Thundercomm Dragonboard 845c (DT)
[   35.152276] Call trace:
[   35.152282]  show_stack+0x20/0x38 (C)
[   35.152299]  dump_stack_lvl+0x8c/0xd0
[   35.152315]  print_report+0x118/0x608
[   35.152334]  kasan_report+0xdc/0x128
[   35.152351]  __asan_report_store1_noabort+0x20/0x30
[   35.152368]  krealloc_less_oob_helper+0xae4/0xc50
[   35.152385]  krealloc_large_less_oob+0x20/0x38
[   35.152402]  kunit_try_run_case+0x170/0x3f0
[   35.152418]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.152437]  kthread+0x328/0x630
[   35.152450]  ret_from_fork+0x10/0x20
[   35.152466] 
[   35.223229] The buggy address belongs to the physical page:
[   35.228870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106420
[   35.236968] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.244718] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.251763] page_type: f8(unknown)
[   35.255220] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.263060] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.270899] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.278824] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.286749] head: 0bfffe0000000002 fffffdffc2190801 00000000ffffffff 00000000ffffffff
[   35.294672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.302593] page dumped because: kasan: bad access detected
[   35.308231] 
[   35.309753] Memory state around the buggy address:
[   35.314604]  ffff000086421f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.321920]  ffff000086422000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.329224] >ffff000086422080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   35.336536]                                                           ^
[   35.343231]  ffff000086422100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.350536]  ffff000086422180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.357838] ==================================================================
[   33.300563] ==================================================================
[   33.307880] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   33.315550] Write of size 1 at addr ffff000086408aea by task kunit_try_catch/256
[   33.323034] 
[   33.324569] CPU: 5 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   33.324596] Tainted: [B]=BAD_PAGE, [N]=TEST
[   33.324603] Hardware name: Thundercomm Dragonboard 845c (DT)
[   33.324612] Call trace:
[   33.324618]  show_stack+0x20/0x38 (C)
[   33.324635]  dump_stack_lvl+0x8c/0xd0
[   33.324651]  print_report+0x118/0x608
[   33.324669]  kasan_report+0xdc/0x128
[   33.324689]  __asan_report_store1_noabort+0x20/0x30
[   33.324705]  krealloc_less_oob_helper+0xae4/0xc50
[   33.324723]  krealloc_less_oob+0x20/0x38
[   33.324739]  kunit_try_run_case+0x170/0x3f0
[   33.324756]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.324776]  kthread+0x328/0x630
[   33.324790]  ret_from_fork+0x10/0x20
[   33.324807] 
[   33.395032] Allocated by task 256:
[   33.398485]  kasan_save_stack+0x3c/0x68
[   33.402389]  kasan_save_track+0x20/0x40
[   33.406293]  kasan_save_alloc_info+0x40/0x58
[   33.410627]  __kasan_krealloc+0x118/0x178
[   33.414706]  krealloc_noprof+0x128/0x360
[   33.418697]  krealloc_less_oob_helper+0x168/0xc50
[   33.423473]  krealloc_less_oob+0x20/0x38
[   33.427463]  kunit_try_run_case+0x170/0x3f0
[   33.431713]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   33.437278]  kthread+0x328/0x630
[   33.440561]  ret_from_fork+0x10/0x20
[   33.444191] 
[   33.445714] The buggy address belongs to the object at ffff000086408a00
[   33.445714]  which belongs to the cache kmalloc-256 of size 256
[   33.458368] The buggy address is located 33 bytes to the right of
[   33.458368]  allocated 201-byte region [ffff000086408a00, ffff000086408ac9)
[   33.471542] 
[   33.473066] The buggy address belongs to the physical page:
[   33.478709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106408
[   33.486809] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.494561] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   33.501609] page_type: f5(slab)
[   33.504804] raw: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.512645] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.520485] head: 0bfffe0000000040 ffff000080002b40 dead000000000122 0000000000000000
[   33.528412] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   33.536338] head: 0bfffe0000000002 fffffdffc2190201 00000000ffffffff 00000000ffffffff
[   33.544264] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   33.552186] page dumped because: kasan: bad access detected
[   33.557828] 
[   33.559357] Memory state around the buggy address:
[   33.564209]  ffff000086408980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.571514]  ffff000086408a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.578823] >ffff000086408a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   33.586135]                                                           ^
[   33.592830]  ffff000086408b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.600146]  ffff000086408b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.607450] ==================================================================
[   34.655132] ==================================================================
[   34.662446] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   34.670116] Write of size 1 at addr ffff0000864220d0 by task kunit_try_catch/260
[   34.677612] 
[   34.679145] CPU: 3 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   34.679174] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.679183] Hardware name: Thundercomm Dragonboard 845c (DT)
[   34.679194] Call trace:
[   34.679200]  show_stack+0x20/0x38 (C)
[   34.679218]  dump_stack_lvl+0x8c/0xd0
[   34.679236]  print_report+0x118/0x608
[   34.679255]  kasan_report+0xdc/0x128
[   34.679273]  __asan_report_store1_noabort+0x20/0x30
[   34.679292]  krealloc_less_oob_helper+0xb9c/0xc50
[   34.679311]  krealloc_large_less_oob+0x20/0x38
[   34.679331]  kunit_try_run_case+0x170/0x3f0
[   34.679349]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.679371]  kthread+0x328/0x630
[   34.679387]  ret_from_fork+0x10/0x20
[   34.679405] 
[   34.750213] The buggy address belongs to the physical page:
[   34.755867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106420
[   34.763978] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   34.771732] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   34.778789] page_type: f8(unknown)
[   34.782253] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   34.790095] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   34.797938] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   34.805866] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   34.813797] head: 0bfffe0000000002 fffffdffc2190801 00000000ffffffff 00000000ffffffff
[   34.821726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   34.829650] page dumped because: kasan: bad access detected
[   34.835296] 
[   34.836831] Memory state around the buggy address:
[   34.841692]  ffff000086421f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.849014]  ffff000086422000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.856337] >ffff000086422080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   34.863649]                                                  ^
[   34.869557]  ffff000086422100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.876878]  ffff000086422180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.884197] ==================================================================
[   35.365188] ==================================================================
[   35.372503] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   35.380171] Write of size 1 at addr ffff0000864220eb by task kunit_try_catch/260
[   35.387664] 
[   35.389189] CPU: 4 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   35.389215] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.389222] Hardware name: Thundercomm Dragonboard 845c (DT)
[   35.389232] Call trace:
[   35.389237]  show_stack+0x20/0x38 (C)
[   35.389253]  dump_stack_lvl+0x8c/0xd0
[   35.389270]  print_report+0x118/0x608
[   35.389287]  kasan_report+0xdc/0x128
[   35.389305]  __asan_report_store1_noabort+0x20/0x30
[   35.389320]  krealloc_less_oob_helper+0xa58/0xc50
[   35.389337]  krealloc_large_less_oob+0x20/0x38
[   35.389354]  kunit_try_run_case+0x170/0x3f0
[   35.389370]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.389390]  kthread+0x328/0x630
[   35.389403]  ret_from_fork+0x10/0x20
[   35.389419] 
[   35.460172] The buggy address belongs to the physical page:
[   35.465816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106420
[   35.473917] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   35.481671] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   35.488720] page_type: f8(unknown)
[   35.492176] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.500016] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.507857] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   35.515785] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   35.523713] head: 0bfffe0000000002 fffffdffc2190801 00000000ffffffff 00000000ffffffff
[   35.531641] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   35.539564] page dumped because: kasan: bad access detected
[   35.545206] 
[   35.546728] Memory state around the buggy address:
[   35.551578]  ffff000086421f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.558887]  ffff000086422000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.566195] >ffff000086422080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   35.573501]                                                           ^
[   35.580198]  ffff000086422100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.587505]  ffff000086422180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   35.594813] ==================================================================
[   34.414507] ==================================================================
[   34.426252] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   34.433926] Write of size 1 at addr ffff0000864220c9 by task kunit_try_catch/260
[   34.441424] 
[   34.442959] CPU: 3 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   34.442988] Tainted: [B]=BAD_PAGE, [N]=TEST
[   34.442996] Hardware name: Thundercomm Dragonboard 845c (DT)
[   34.443006] Call trace:
[   34.443013]  show_stack+0x20/0x38 (C)
[   34.443031]  dump_stack_lvl+0x8c/0xd0
[   34.443050]  print_report+0x118/0x608
[   34.443069]  kasan_report+0xdc/0x128
[   34.443087]  __asan_report_store1_noabort+0x20/0x30
[   34.443106]  krealloc_less_oob_helper+0xa48/0xc50
[   34.443126]  krealloc_large_less_oob+0x20/0x38
[   34.443145]  kunit_try_run_case+0x170/0x3f0
[   34.443164]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   34.443185]  kthread+0x328/0x630
[   34.443201]  ret_from_fork+0x10/0x20
[   34.443219] 
[   34.514036] The buggy address belongs to the physical page:
[   34.519680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106420
[   34.527790] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   34.535546] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   34.542602] page_type: f8(unknown)
[   34.546065] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   34.553907] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   34.561751] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   34.569689] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   34.577618] head: 0bfffe0000000002 fffffdffc2190801 00000000ffffffff 00000000ffffffff
[   34.585548] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   34.593475] page dumped because: kasan: bad access detected
[   34.599123] 
[   34.600657] Memory state around the buggy address:
[   34.605519]  ffff000086421f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.612839]  ffff000086422000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.620161] >ffff000086422080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   34.627475]                                               ^
[   34.633120]  ffff000086422100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.640443]  ffff000086422180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   34.647754] ==================================================================

Metadata Full log Test run details

[   32.819229] ==================================================================
[   32.819320] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   32.819994] Write of size 1 at addr fff00000c775e0ea by task kunit_try_catch/173
[   32.820343] 
[   32.820493] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.820772] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.821072] Hardware name: linux,dummy-virt (DT)
[   32.821177] Call trace:
[   32.821287]  show_stack+0x20/0x38 (C)
[   32.821402]  dump_stack_lvl+0x8c/0xd0
[   32.821512]  print_report+0x118/0x608
[   32.821626]  kasan_report+0xdc/0x128
[   32.821791]  __asan_report_store1_noabort+0x20/0x30
[   32.822139]  krealloc_less_oob_helper+0xae4/0xc50
[   32.822300]  krealloc_large_less_oob+0x20/0x38
[   32.822615]  kunit_try_run_case+0x170/0x3f0
[   32.822795]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.822961]  kthread+0x328/0x630
[   32.823087]  ret_from_fork+0x10/0x20
[   32.823267] 
[   32.823565] The buggy address belongs to the physical page:
[   32.823793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c
[   32.823932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.824040] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.824152] page_type: f8(unknown)
[   32.824237] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.824360] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.824481] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.824597] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.824710] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff
[   32.825617] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.825739] page dumped because: kasan: bad access detected
[   32.825817] 
[   32.825908] Memory state around the buggy address:
[   32.826117]  fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.826321]  fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.826457] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.826614]                                                           ^
[   32.826757]  fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.827313]  fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.827565] ==================================================================
[   32.680307] ==================================================================
[   32.680413] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   32.680525] Write of size 1 at addr fff00000c46338d0 by task kunit_try_catch/169
[   32.680637] 
[   32.680724] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.681166] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.681230] Hardware name: linux,dummy-virt (DT)
[   32.681438] Call trace:
[   32.681590]  show_stack+0x20/0x38 (C)
[   32.681856]  dump_stack_lvl+0x8c/0xd0
[   32.682007]  print_report+0x118/0x608
[   32.682210]  kasan_report+0xdc/0x128
[   32.682389]  __asan_report_store1_noabort+0x20/0x30
[   32.682527]  krealloc_less_oob_helper+0xb9c/0xc50
[   32.682663]  krealloc_less_oob+0x20/0x38
[   32.682791]  kunit_try_run_case+0x170/0x3f0
[   32.683012]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.683256]  kthread+0x328/0x630
[   32.683370]  ret_from_fork+0x10/0x20
[   32.683434] 
[   32.683457] Allocated by task 169:
[   32.683505]  kasan_save_stack+0x3c/0x68
[   32.683586]  kasan_save_track+0x20/0x40
[   32.683634]  kasan_save_alloc_info+0x40/0x58
[   32.683677]  __kasan_krealloc+0x118/0x178
[   32.683721]  krealloc_noprof+0x128/0x360
[   32.683766]  krealloc_less_oob_helper+0x168/0xc50
[   32.683812]  krealloc_less_oob+0x20/0x38
[   32.683854]  kunit_try_run_case+0x170/0x3f0
[   32.683989]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.684116]  kthread+0x328/0x630
[   32.684291]  ret_from_fork+0x10/0x20
[   32.684480] 
[   32.684604] The buggy address belongs to the object at fff00000c4633800
[   32.684604]  which belongs to the cache kmalloc-256 of size 256
[   32.684740] The buggy address is located 7 bytes to the right of
[   32.684740]  allocated 201-byte region [fff00000c4633800, fff00000c46338c9)
[   32.684908] 
[   32.684959] The buggy address belongs to the physical page:
[   32.685075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632
[   32.685268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.685397] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.685535] page_type: f5(slab)
[   32.685787] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.686046] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.686371] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.686546] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.686801] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff
[   32.687160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.687271] page dumped because: kasan: bad access detected
[   32.687391] 
[   32.687443] Memory state around the buggy address:
[   32.687524]  fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.687680]  fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.688016] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.688365]                                                  ^
[   32.688637]  fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.688757]  fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.689300] ==================================================================
[   32.692935] ==================================================================
[   32.693036] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   32.693137] Write of size 1 at addr fff00000c46338da by task kunit_try_catch/169
[   32.693249] 
[   32.693316] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.693501] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.693561] Hardware name: linux,dummy-virt (DT)
[   32.693629] Call trace:
[   32.693677]  show_stack+0x20/0x38 (C)
[   32.693791]  dump_stack_lvl+0x8c/0xd0
[   32.693921]  print_report+0x118/0x608
[   32.694058]  kasan_report+0xdc/0x128
[   32.694193]  __asan_report_store1_noabort+0x20/0x30
[   32.694332]  krealloc_less_oob_helper+0xa80/0xc50
[   32.694491]  krealloc_less_oob+0x20/0x38
[   32.694629]  kunit_try_run_case+0x170/0x3f0
[   32.694765]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.694926]  kthread+0x328/0x630
[   32.695054]  ret_from_fork+0x10/0x20
[   32.695279] 
[   32.695464] Allocated by task 169:
[   32.695596]  kasan_save_stack+0x3c/0x68
[   32.695707]  kasan_save_track+0x20/0x40
[   32.695815]  kasan_save_alloc_info+0x40/0x58
[   32.695939]  __kasan_krealloc+0x118/0x178
[   32.696045]  krealloc_noprof+0x128/0x360
[   32.696174]  krealloc_less_oob_helper+0x168/0xc50
[   32.696284]  krealloc_less_oob+0x20/0x38
[   32.696377]  kunit_try_run_case+0x170/0x3f0
[   32.696460]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.696559]  kthread+0x328/0x630
[   32.696668]  ret_from_fork+0x10/0x20
[   32.696763] 
[   32.696808] The buggy address belongs to the object at fff00000c4633800
[   32.696808]  which belongs to the cache kmalloc-256 of size 256
[   32.696972] The buggy address is located 17 bytes to the right of
[   32.696972]  allocated 201-byte region [fff00000c4633800, fff00000c46338c9)
[   32.697234] 
[   32.697294] The buggy address belongs to the physical page:
[   32.697451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632
[   32.697620] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.697852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.698154] page_type: f5(slab)
[   32.698253] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.698475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.698656] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.699441] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.699680] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff
[   32.699800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.699909] page dumped because: kasan: bad access detected
[   32.699989] 
[   32.700039] Memory state around the buggy address:
[   32.700110]  fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.700202]  fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.700298] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.700385]                                                     ^
[   32.700479]  fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.700578]  fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.700663] ==================================================================
[   32.788658] ==================================================================
[   32.789140] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   32.790384] Write of size 1 at addr fff00000c775e0c9 by task kunit_try_catch/173
[   32.790692] 
[   32.790947] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.791217] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.791293] Hardware name: linux,dummy-virt (DT)
[   32.791549] Call trace:
[   32.791942]  show_stack+0x20/0x38 (C)
[   32.792103]  dump_stack_lvl+0x8c/0xd0
[   32.792233]  print_report+0x118/0x608
[   32.792972]  kasan_report+0xdc/0x128
[   32.793593]  __asan_report_store1_noabort+0x20/0x30
[   32.793754]  krealloc_less_oob_helper+0xa48/0xc50
[   32.794045]  krealloc_large_less_oob+0x20/0x38
[   32.794169]  kunit_try_run_case+0x170/0x3f0
[   32.794283]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.794421]  kthread+0x328/0x630
[   32.794969]  ret_from_fork+0x10/0x20
[   32.795211] 
[   32.795398] The buggy address belongs to the physical page:
[   32.795709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c
[   32.796333] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.796450] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.796581] page_type: f8(unknown)
[   32.796674] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.797966] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.798134] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.798790] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.798927] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff
[   32.799043] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.799178] page dumped because: kasan: bad access detected
[   32.799640] 
[   32.799722] Memory state around the buggy address:
[   32.799940]  fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.800207]  fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.800328] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.800417]                                               ^
[   32.801307]  fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.801457]  fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.801909] ==================================================================
[   32.702102] ==================================================================
[   32.702249] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   32.702370] Write of size 1 at addr fff00000c46338ea by task kunit_try_catch/169
[   32.702490] 
[   32.702560] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.702751] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.702817] Hardware name: linux,dummy-virt (DT)
[   32.702956] Call trace:
[   32.703052]  show_stack+0x20/0x38 (C)
[   32.703234]  dump_stack_lvl+0x8c/0xd0
[   32.703439]  print_report+0x118/0x608
[   32.703569]  kasan_report+0xdc/0x128
[   32.703733]  __asan_report_store1_noabort+0x20/0x30
[   32.703866]  krealloc_less_oob_helper+0xae4/0xc50
[   32.704043]  krealloc_less_oob+0x20/0x38
[   32.704179]  kunit_try_run_case+0x170/0x3f0
[   32.704403]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.704536]  kthread+0x328/0x630
[   32.704650]  ret_from_fork+0x10/0x20
[   32.704856] 
[   32.704944] Allocated by task 169:
[   32.705019]  kasan_save_stack+0x3c/0x68
[   32.705124]  kasan_save_track+0x20/0x40
[   32.705290]  kasan_save_alloc_info+0x40/0x58
[   32.705387]  __kasan_krealloc+0x118/0x178
[   32.705487]  krealloc_noprof+0x128/0x360
[   32.705580]  krealloc_less_oob_helper+0x168/0xc50
[   32.705693]  krealloc_less_oob+0x20/0x38
[   32.705805]  kunit_try_run_case+0x170/0x3f0
[   32.705998]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.706200]  kthread+0x328/0x630
[   32.706429]  ret_from_fork+0x10/0x20
[   32.706521] 
[   32.706566] The buggy address belongs to the object at fff00000c4633800
[   32.706566]  which belongs to the cache kmalloc-256 of size 256
[   32.706693] The buggy address is located 33 bytes to the right of
[   32.706693]  allocated 201-byte region [fff00000c4633800, fff00000c46338c9)
[   32.706850] 
[   32.707310] The buggy address belongs to the physical page:
[   32.707387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632
[   32.707690] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.709994] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.710126] page_type: f5(slab)
[   32.710228] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.710369] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.710506] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.710600] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.710682] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff
[   32.710743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.710790] page dumped because: kasan: bad access detected
[   32.710827] 
[   32.710847] Memory state around the buggy address:
[   32.710915]  fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.710976]  fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.711029] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.711072]                                                           ^
[   32.711153]  fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.711208]  fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.711253] ==================================================================
[   32.714143] ==================================================================
[   32.714242] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   32.714342] Write of size 1 at addr fff00000c46338eb by task kunit_try_catch/169
[   32.714464] 
[   32.714531] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.714717] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.714779] Hardware name: linux,dummy-virt (DT)
[   32.714847] Call trace:
[   32.714912]  show_stack+0x20/0x38 (C)
[   32.715042]  dump_stack_lvl+0x8c/0xd0
[   32.715161]  print_report+0x118/0x608
[   32.715275]  kasan_report+0xdc/0x128
[   32.715385]  __asan_report_store1_noabort+0x20/0x30
[   32.715497]  krealloc_less_oob_helper+0xa58/0xc50
[   32.715610]  krealloc_less_oob+0x20/0x38
[   32.715717]  kunit_try_run_case+0x170/0x3f0
[   32.715837]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.716021]  kthread+0x328/0x630
[   32.716149]  ret_from_fork+0x10/0x20
[   32.716285] 
[   32.716362] Allocated by task 169:
[   32.716442]  kasan_save_stack+0x3c/0x68
[   32.716545]  kasan_save_track+0x20/0x40
[   32.716651]  kasan_save_alloc_info+0x40/0x58
[   32.716754]  __kasan_krealloc+0x118/0x178
[   32.716877]  krealloc_noprof+0x128/0x360
[   32.717088]  krealloc_less_oob_helper+0x168/0xc50
[   32.717259]  krealloc_less_oob+0x20/0x38
[   32.717392]  kunit_try_run_case+0x170/0x3f0
[   32.717490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.717703]  kthread+0x328/0x630
[   32.717872]  ret_from_fork+0x10/0x20
[   32.718461] 
[   32.718577] The buggy address belongs to the object at fff00000c4633800
[   32.718577]  which belongs to the cache kmalloc-256 of size 256
[   32.718754] The buggy address is located 34 bytes to the right of
[   32.718754]  allocated 201-byte region [fff00000c4633800, fff00000c46338c9)
[   32.718918] 
[   32.718965] The buggy address belongs to the physical page:
[   32.719032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632
[   32.719512] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.719727] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.719854] page_type: f5(slab)
[   32.719964] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.720292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.720478] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.720732] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.722974] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff
[   32.723095] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.723995] page dumped because: kasan: bad access detected
[   32.724061] 
[   32.724090] Memory state around the buggy address:
[   32.724129]  fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.724183]  fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.724234] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.724282]                                                           ^
[   32.724334]  fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.724385]  fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.724429] ==================================================================
[   32.810736] ==================================================================
[   32.810825] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   32.810947] Write of size 1 at addr fff00000c775e0da by task kunit_try_catch/173
[   32.811076] 
[   32.811170] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.811517] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.811594] Hardware name: linux,dummy-virt (DT)
[   32.811800] Call trace:
[   32.812096]  show_stack+0x20/0x38 (C)
[   32.812217]  dump_stack_lvl+0x8c/0xd0
[   32.812742]  print_report+0x118/0x608
[   32.813032]  kasan_report+0xdc/0x128
[   32.813157]  __asan_report_store1_noabort+0x20/0x30
[   32.813339]  krealloc_less_oob_helper+0xa80/0xc50
[   32.813514]  krealloc_large_less_oob+0x20/0x38
[   32.814172]  kunit_try_run_case+0x170/0x3f0
[   32.814550]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.814700]  kthread+0x328/0x630
[   32.815157]  ret_from_fork+0x10/0x20
[   32.815272] 
[   32.815326] The buggy address belongs to the physical page:
[   32.815384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c
[   32.815448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.815512] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.815603] page_type: f8(unknown)
[   32.815651] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.815710] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.815767] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.815822] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.815878] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff
[   32.816240] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.816729] page dumped because: kasan: bad access detected
[   32.816824] 
[   32.817249] Memory state around the buggy address:
[   32.817381]  fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.817533]  fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.817663] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.817836]                                                     ^
[   32.818000]  fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.818100]  fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.818246] ==================================================================
[   32.659156] ==================================================================
[   32.659429] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   32.659560] Write of size 1 at addr fff00000c46338c9 by task kunit_try_catch/169
[   32.659691] 
[   32.659771] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.660328] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.660901] Hardware name: linux,dummy-virt (DT)
[   32.660990] Call trace:
[   32.661223]  show_stack+0x20/0x38 (C)
[   32.661426]  dump_stack_lvl+0x8c/0xd0
[   32.661569]  print_report+0x118/0x608
[   32.661873]  kasan_report+0xdc/0x128
[   32.662230]  __asan_report_store1_noabort+0x20/0x30
[   32.662379]  krealloc_less_oob_helper+0xa48/0xc50
[   32.662500]  krealloc_less_oob+0x20/0x38
[   32.662614]  kunit_try_run_case+0x170/0x3f0
[   32.662728]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.663577]  kthread+0x328/0x630
[   32.663736]  ret_from_fork+0x10/0x20
[   32.664133] 
[   32.664351] Allocated by task 169:
[   32.664840]  kasan_save_stack+0x3c/0x68
[   32.664974]  kasan_save_track+0x20/0x40
[   32.665486]  kasan_save_alloc_info+0x40/0x58
[   32.665602]  __kasan_krealloc+0x118/0x178
[   32.666320]  krealloc_noprof+0x128/0x360
[   32.666719]  krealloc_less_oob_helper+0x168/0xc50
[   32.666959]  krealloc_less_oob+0x20/0x38
[   32.667053]  kunit_try_run_case+0x170/0x3f0
[   32.667517]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.668003]  kthread+0x328/0x630
[   32.668375]  ret_from_fork+0x10/0x20
[   32.668749] 
[   32.668958] The buggy address belongs to the object at fff00000c4633800
[   32.668958]  which belongs to the cache kmalloc-256 of size 256
[   32.669557] The buggy address is located 0 bytes to the right of
[   32.669557]  allocated 201-byte region [fff00000c4633800, fff00000c46338c9)
[   32.669709] 
[   32.669759] The buggy address belongs to the physical page:
[   32.670133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104632
[   32.670569] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.671279] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.671426] page_type: f5(slab)
[   32.671947] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.672294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.672435] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   32.672570] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.672694] head: 0bfffe0000000001 ffffc1ffc3118c81 00000000ffffffff 00000000ffffffff
[   32.672823] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   32.672937] page dumped because: kasan: bad access detected
[   32.674342] 
[   32.674412] Memory state around the buggy address:
[   32.674858]  fff00000c4633780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.674981]  fff00000c4633800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.675484] >fff00000c4633880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   32.675587]                                               ^
[   32.676278]  fff00000c4633900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.676397]  fff00000c4633980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.676489] ==================================================================
[   32.803718] ==================================================================
[   32.803824] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   32.803961] Write of size 1 at addr fff00000c775e0d0 by task kunit_try_catch/173
[   32.804085] 
[   32.804182] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.804420] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.804492] Hardware name: linux,dummy-virt (DT)
[   32.804573] Call trace:
[   32.804663]  show_stack+0x20/0x38 (C)
[   32.804985]  dump_stack_lvl+0x8c/0xd0
[   32.805208]  print_report+0x118/0x608
[   32.805474]  kasan_report+0xdc/0x128
[   32.805660]  __asan_report_store1_noabort+0x20/0x30
[   32.805779]  krealloc_less_oob_helper+0xb9c/0xc50
[   32.805919]  krealloc_large_less_oob+0x20/0x38
[   32.806087]  kunit_try_run_case+0x170/0x3f0
[   32.806330]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.806579]  kthread+0x328/0x630
[   32.806800]  ret_from_fork+0x10/0x20
[   32.807083] 
[   32.807159] The buggy address belongs to the physical page:
[   32.807327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c
[   32.807540] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.807753] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.807906] page_type: f8(unknown)
[   32.808013] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.808139] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.808260] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.808368] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.808482] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff
[   32.808675] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.808807] page dumped because: kasan: bad access detected
[   32.808981] 
[   32.809090] Memory state around the buggy address:
[   32.809170]  fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.809279]  fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.809378] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.809485]                                                  ^
[   32.810008]  fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.810126]  fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.810318] ==================================================================
[   32.830675] ==================================================================
[   32.830771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   32.830914] Write of size 1 at addr fff00000c775e0eb by task kunit_try_catch/173
[   32.831049] 
[   32.831357] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT 
[   32.831502] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.831558] Hardware name: linux,dummy-virt (DT)
[   32.831597] Call trace:
[   32.831623]  show_stack+0x20/0x38 (C)
[   32.831685]  dump_stack_lvl+0x8c/0xd0
[   32.831742]  print_report+0x118/0x608
[   32.831798]  kasan_report+0xdc/0x128
[   32.831852]  __asan_report_store1_noabort+0x20/0x30
[   32.831974]  krealloc_less_oob_helper+0xa58/0xc50
[   32.832097]  krealloc_large_less_oob+0x20/0x38
[   32.832440]  kunit_try_run_case+0x170/0x3f0
[   32.832609]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.832704]  kthread+0x328/0x630
[   32.832757]  ret_from_fork+0x10/0x20
[   32.832814] 
[   32.832838] The buggy address belongs to the physical page:
[   32.832873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10775c
[   32.832961] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.833017] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.833075] page_type: f8(unknown)
[   32.833119] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.833179] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.833238] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   32.833293] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   32.833348] head: 0bfffe0000000002 ffffc1ffc31dd701 00000000ffffffff 00000000ffffffff
[   32.833404] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   32.833449] page dumped because: kasan: bad access detected
[   32.833485] 
[   32.833505] Memory state around the buggy address:
[   32.833541]  fff00000c775df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.833594]  fff00000c775e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.833645] >fff00000c775e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   32.833688]                                                           ^
[   32.833737]  fff00000c775e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.833786]  fff00000c775e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   32.833830] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yx8iABZYbkBMHz2UfLhbVQFSBc

job_id

TEST:linaro@lkft#2yx8mnha0Lu62FmuY96Pi2IVCX2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yx8mnha0Lu62FmuY96Pi2IVCX2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8jAY6Eu0Ej50xmM9Wq9W9Kum/Image.gz
sha256sum	08cb64e0f154758cad9002b9f9875074fc1caa5b64a173779c23ca529581230a

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8jAY6Eu0Ej50xmM9Wq9W9Kum/modules.tar.xz
sha256sum	1b970a753f25d59f813741ee64d0dae566db66f1284845658803118558976a2f

durations

tests

boot	0
kunit	293.47

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   28.718513] ==================================================================
[   28.719090] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   28.719516] Write of size 1 at addr ffff888102d660da by task kunit_try_catch/192
[   28.720994] 
[   28.721805] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.721878] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.721904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.721953] Call Trace:
[   28.721992]  <TASK>
[   28.722030]  dump_stack_lvl+0x73/0xb0
[   28.722139]  print_report+0xd1/0x650
[   28.722198]  ? __virt_addr_valid+0x1db/0x2d0
[   28.722251]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   28.722311]  ? kasan_addr_to_slab+0x11/0xa0
[   28.722359]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   28.722412]  kasan_report+0x141/0x180
[   28.722463]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   28.722504]  __asan_report_store1_noabort+0x1b/0x30
[   28.722538]  krealloc_less_oob_helper+0xec6/0x11d0
[   28.722594]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.722625]  ? finish_task_switch.isra.0+0x153/0x700
[   28.722670]  ? __switch_to+0x47/0xf50
[   28.722705]  ? __schedule+0x10cc/0x2b60
[   28.722739]  ? __pfx_read_tsc+0x10/0x10
[   28.722771]  krealloc_large_less_oob+0x1c/0x30
[   28.722801]  kunit_try_run_case+0x1a5/0x480
[   28.722833]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.722862]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.722892]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.722923]  ? __kthread_parkme+0x82/0x180
[   28.722949]  ? preempt_count_sub+0x50/0x80
[   28.722978]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.723008]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.723038]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.723087]  kthread+0x337/0x6f0
[   28.723132]  ? trace_preempt_on+0x20/0xc0
[   28.723174]  ? __pfx_kthread+0x10/0x10
[   28.723201]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.723232]  ? calculate_sigpending+0x7b/0xa0
[   28.723263]  ? __pfx_kthread+0x10/0x10
[   28.723290]  ret_from_fork+0x116/0x1d0
[   28.723316]  ? __pfx_kthread+0x10/0x10
[   28.723343]  ret_from_fork_asm+0x1a/0x30
[   28.723383]  </TASK>
[   28.723397] 
[   28.740847] The buggy address belongs to the physical page:
[   28.741688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64
[   28.742687] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.743214] flags: 0x200000000000040(head|node=0|zone=2)
[   28.743639] page_type: f8(unknown)
[   28.744268] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.744804] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.745934] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.746613] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.747371] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff
[   28.747893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.748812] page dumped because: kasan: bad access detected
[   28.749524] 
[   28.749696] Memory state around the buggy address:
[   28.750281]  ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.750854]  ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.751574] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   28.752271]                                                     ^
[   28.752726]  ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.753869]  ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.754437] ==================================================================
[   28.485969] ==================================================================
[   28.487170] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   28.487732] Write of size 1 at addr ffff888100385eea by task kunit_try_catch/188
[   28.488262] 
[   28.488603] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.488748] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.488806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.488865] Call Trace:
[   28.488926]  <TASK>
[   28.488982]  dump_stack_lvl+0x73/0xb0
[   28.489075]  print_report+0xd1/0x650
[   28.489171]  ? __virt_addr_valid+0x1db/0x2d0
[   28.489258]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   28.489336]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.489403]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   28.489519]  kasan_report+0x141/0x180
[   28.489599]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   28.489686]  __asan_report_store1_noabort+0x1b/0x30
[   28.489723]  krealloc_less_oob_helper+0xe90/0x11d0
[   28.489757]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.489788]  ? finish_task_switch.isra.0+0x153/0x700
[   28.489816]  ? __switch_to+0x47/0xf50
[   28.489849]  ? __schedule+0x10cc/0x2b60
[   28.489881]  ? __pfx_read_tsc+0x10/0x10
[   28.489913]  krealloc_less_oob+0x1c/0x30
[   28.489941]  kunit_try_run_case+0x1a5/0x480
[   28.489973]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.490002]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.490033]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.490063]  ? __kthread_parkme+0x82/0x180
[   28.490090]  ? preempt_count_sub+0x50/0x80
[   28.490119]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.490150]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.490180]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.490210]  kthread+0x337/0x6f0
[   28.490235]  ? trace_preempt_on+0x20/0xc0
[   28.490265]  ? __pfx_kthread+0x10/0x10
[   28.490291]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.490320]  ? calculate_sigpending+0x7b/0xa0
[   28.490351]  ? __pfx_kthread+0x10/0x10
[   28.490378]  ret_from_fork+0x116/0x1d0
[   28.490402]  ? __pfx_kthread+0x10/0x10
[   28.490429]  ret_from_fork_asm+0x1a/0x30
[   28.490467]  </TASK>
[   28.490482] 
[   28.505522] Allocated by task 188:
[   28.506083]  kasan_save_stack+0x45/0x70
[   28.506535]  kasan_save_track+0x18/0x40
[   28.507067]  kasan_save_alloc_info+0x3b/0x50
[   28.507578]  __kasan_krealloc+0x190/0x1f0
[   28.508105]  krealloc_noprof+0xf3/0x340
[   28.508570]  krealloc_less_oob_helper+0x1aa/0x11d0
[   28.509060]  krealloc_less_oob+0x1c/0x30
[   28.509315]  kunit_try_run_case+0x1a5/0x480
[   28.509710]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.510329]  kthread+0x337/0x6f0
[   28.510779]  ret_from_fork+0x116/0x1d0
[   28.511238]  ret_from_fork_asm+0x1a/0x30
[   28.511770] 
[   28.512033] The buggy address belongs to the object at ffff888100385e00
[   28.512033]  which belongs to the cache kmalloc-256 of size 256
[   28.512803] The buggy address is located 33 bytes to the right of
[   28.512803]  allocated 201-byte region [ffff888100385e00, ffff888100385ec9)
[   28.514035] 
[   28.514222] The buggy address belongs to the physical page:
[   28.514602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384
[   28.515376] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.516098] flags: 0x200000000000040(head|node=0|zone=2)
[   28.516718] page_type: f5(slab)
[   28.517043] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.517698] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.518396] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.518965] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.519778] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff
[   28.520390] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   28.520991] page dumped because: kasan: bad access detected
[   28.521451] 
[   28.521746] Memory state around the buggy address:
[   28.522166]  ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.522728]  ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.523394] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   28.524027]                                                           ^
[   28.524483]  ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.525137]  ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.525701] ==================================================================
[   28.647794] ==================================================================
[   28.649292] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   28.649921] Write of size 1 at addr ffff888102d660c9 by task kunit_try_catch/192
[   28.650995] 
[   28.651317] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.651441] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.651472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.651845] Call Trace:
[   28.651873]  <TASK>
[   28.651896]  dump_stack_lvl+0x73/0xb0
[   28.651944]  print_report+0xd1/0x650
[   28.651977]  ? __virt_addr_valid+0x1db/0x2d0
[   28.652011]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   28.652042]  ? kasan_addr_to_slab+0x11/0xa0
[   28.652110]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   28.652163]  kasan_report+0x141/0x180
[   28.652213]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   28.652251]  __asan_report_store1_noabort+0x1b/0x30
[   28.652285]  krealloc_less_oob_helper+0xd70/0x11d0
[   28.652318]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.652349]  ? finish_task_switch.isra.0+0x153/0x700
[   28.652379]  ? __switch_to+0x47/0xf50
[   28.652414]  ? __schedule+0x10cc/0x2b60
[   28.652447]  ? __pfx_read_tsc+0x10/0x10
[   28.652479]  krealloc_large_less_oob+0x1c/0x30
[   28.652508]  kunit_try_run_case+0x1a5/0x480
[   28.652564]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.652596]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.652630]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.652674]  ? __kthread_parkme+0x82/0x180
[   28.652702]  ? preempt_count_sub+0x50/0x80
[   28.652732]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.652763]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.652793]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.652823]  kthread+0x337/0x6f0
[   28.652849]  ? trace_preempt_on+0x20/0xc0
[   28.652880]  ? __pfx_kthread+0x10/0x10
[   28.652907]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.652936]  ? calculate_sigpending+0x7b/0xa0
[   28.652967]  ? __pfx_kthread+0x10/0x10
[   28.652994]  ret_from_fork+0x116/0x1d0
[   28.653019]  ? __pfx_kthread+0x10/0x10
[   28.653045]  ret_from_fork_asm+0x1a/0x30
[   28.653113]  </TASK>
[   28.653138] 
[   28.669530] The buggy address belongs to the physical page:
[   28.670050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64
[   28.670627] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.671263] flags: 0x200000000000040(head|node=0|zone=2)
[   28.671606] page_type: f8(unknown)
[   28.672304] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.673371] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.674015] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.674229] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.674417] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff
[   28.674792] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.675539] page dumped because: kasan: bad access detected
[   28.676354] 
[   28.676491] Memory state around the buggy address:
[   28.676800]  ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.677647]  ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.678348] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   28.679084]                                               ^
[   28.679564]  ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.680207]  ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.680689] ==================================================================
[   28.793703] ==================================================================
[   28.794235] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   28.794969] Write of size 1 at addr ffff888102d660eb by task kunit_try_catch/192
[   28.795568] 
[   28.795803] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.795926] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.795955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.796537] Call Trace:
[   28.796618]  <TASK>
[   28.796672]  dump_stack_lvl+0x73/0xb0
[   28.796728]  print_report+0xd1/0x650
[   28.796760]  ? __virt_addr_valid+0x1db/0x2d0
[   28.796792]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   28.796821]  ? kasan_addr_to_slab+0x11/0xa0
[   28.796848]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   28.796878]  kasan_report+0x141/0x180
[   28.796906]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   28.796941]  __asan_report_store1_noabort+0x1b/0x30
[   28.796973]  krealloc_less_oob_helper+0xd47/0x11d0
[   28.797005]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.797035]  ? finish_task_switch.isra.0+0x153/0x700
[   28.797079]  ? __switch_to+0x47/0xf50
[   28.797135]  ? __schedule+0x10cc/0x2b60
[   28.797179]  ? __pfx_read_tsc+0x10/0x10
[   28.797213]  krealloc_large_less_oob+0x1c/0x30
[   28.797243]  kunit_try_run_case+0x1a5/0x480
[   28.797276]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.797305]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.797337]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.797368]  ? __kthread_parkme+0x82/0x180
[   28.797394]  ? preempt_count_sub+0x50/0x80
[   28.797423]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.797453]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.797483]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.797513]  kthread+0x337/0x6f0
[   28.797555]  ? trace_preempt_on+0x20/0xc0
[   28.797590]  ? __pfx_kthread+0x10/0x10
[   28.797617]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.797661]  ? calculate_sigpending+0x7b/0xa0
[   28.797693]  ? __pfx_kthread+0x10/0x10
[   28.797721]  ret_from_fork+0x116/0x1d0
[   28.797746]  ? __pfx_kthread+0x10/0x10
[   28.797773]  ret_from_fork_asm+0x1a/0x30
[   28.797811]  </TASK>
[   28.797825] 
[   28.813694] The buggy address belongs to the physical page:
[   28.814463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64
[   28.815250] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.815899] flags: 0x200000000000040(head|node=0|zone=2)
[   28.816500] page_type: f8(unknown)
[   28.817082] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.817923] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.818483] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.819267] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.820261] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff
[   28.820769] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.821442] page dumped because: kasan: bad access detected
[   28.821956] 
[   28.822565] Memory state around the buggy address:
[   28.822820]  ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.823302]  ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.823784] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   28.824656]                                                           ^
[   28.825056]  ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.825523]  ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.826118] ==================================================================
[   28.446946] ==================================================================
[   28.447975] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   28.448609] Write of size 1 at addr ffff888100385eda by task kunit_try_catch/188
[   28.449210] 
[   28.449514] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.449689] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.449724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.449773] Call Trace:
[   28.449806]  <TASK>
[   28.449846]  dump_stack_lvl+0x73/0xb0
[   28.449915]  print_report+0xd1/0x650
[   28.449969]  ? __virt_addr_valid+0x1db/0x2d0
[   28.450027]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   28.450150]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.450252]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   28.450336]  kasan_report+0x141/0x180
[   28.450398]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   28.450469]  __asan_report_store1_noabort+0x1b/0x30
[   28.450524]  krealloc_less_oob_helper+0xec6/0x11d0
[   28.450581]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.450614]  ? finish_task_switch.isra.0+0x153/0x700
[   28.450657]  ? __switch_to+0x47/0xf50
[   28.450694]  ? __schedule+0x10cc/0x2b60
[   28.450729]  ? __pfx_read_tsc+0x10/0x10
[   28.450761]  krealloc_less_oob+0x1c/0x30
[   28.450789]  kunit_try_run_case+0x1a5/0x480
[   28.450820]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.450850]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.450881]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.450912]  ? __kthread_parkme+0x82/0x180
[   28.450938]  ? preempt_count_sub+0x50/0x80
[   28.450966]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.450997]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.451026]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.451057]  kthread+0x337/0x6f0
[   28.451082]  ? trace_preempt_on+0x20/0xc0
[   28.451112]  ? __pfx_kthread+0x10/0x10
[   28.451138]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.451167]  ? calculate_sigpending+0x7b/0xa0
[   28.451196]  ? __pfx_kthread+0x10/0x10
[   28.451223]  ret_from_fork+0x116/0x1d0
[   28.451248]  ? __pfx_kthread+0x10/0x10
[   28.451273]  ret_from_fork_asm+0x1a/0x30
[   28.451312]  </TASK>
[   28.451325] 
[   28.464664] Allocated by task 188:
[   28.465078]  kasan_save_stack+0x45/0x70
[   28.465417]  kasan_save_track+0x18/0x40
[   28.465682]  kasan_save_alloc_info+0x3b/0x50
[   28.466118]  __kasan_krealloc+0x190/0x1f0
[   28.466710]  krealloc_noprof+0xf3/0x340
[   28.467174]  krealloc_less_oob_helper+0x1aa/0x11d0
[   28.467744]  krealloc_less_oob+0x1c/0x30
[   28.468169]  kunit_try_run_case+0x1a5/0x480
[   28.468585]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.469018]  kthread+0x337/0x6f0
[   28.469247]  ret_from_fork+0x116/0x1d0
[   28.469475]  ret_from_fork_asm+0x1a/0x30
[   28.469928] 
[   28.470123] The buggy address belongs to the object at ffff888100385e00
[   28.470123]  which belongs to the cache kmalloc-256 of size 256
[   28.471284] The buggy address is located 17 bytes to the right of
[   28.471284]  allocated 201-byte region [ffff888100385e00, ffff888100385ec9)
[   28.472148] 
[   28.472295] The buggy address belongs to the physical page:
[   28.472586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384
[   28.473458] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.474226] flags: 0x200000000000040(head|node=0|zone=2)
[   28.474741] page_type: f5(slab)
[   28.475023] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.475490] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.476447] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.477405] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.478241] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff
[   28.479049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   28.479412] page dumped because: kasan: bad access detected
[   28.479772] 
[   28.479971] Memory state around the buggy address:
[   28.480631]  ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.481314]  ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.481968] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   28.482661]                                                     ^
[   28.483014]  ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.483359]  ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.483926] ==================================================================
[   28.400021] ==================================================================
[   28.401074] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   28.401814] Write of size 1 at addr ffff888100385ed0 by task kunit_try_catch/188
[   28.402662] 
[   28.403311] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.403461] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.403512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.403577] Call Trace:
[   28.403611]  <TASK>
[   28.403672]  dump_stack_lvl+0x73/0xb0
[   28.403723]  print_report+0xd1/0x650
[   28.403753]  ? __virt_addr_valid+0x1db/0x2d0
[   28.403785]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   28.403815]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.403860]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   28.403890]  kasan_report+0x141/0x180
[   28.403919]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   28.403954]  __asan_report_store1_noabort+0x1b/0x30
[   28.403985]  krealloc_less_oob_helper+0xe23/0x11d0
[   28.404018]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.404048]  ? finish_task_switch.isra.0+0x153/0x700
[   28.404089]  ? __switch_to+0x47/0xf50
[   28.404144]  ? __schedule+0x10cc/0x2b60
[   28.404197]  ? __pfx_read_tsc+0x10/0x10
[   28.404250]  krealloc_less_oob+0x1c/0x30
[   28.404300]  kunit_try_run_case+0x1a5/0x480
[   28.404354]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.404405]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.404460]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.404498]  ? __kthread_parkme+0x82/0x180
[   28.404527]  ? preempt_count_sub+0x50/0x80
[   28.404581]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.404614]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.404660]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.404693]  kthread+0x337/0x6f0
[   28.404720]  ? trace_preempt_on+0x20/0xc0
[   28.404751]  ? __pfx_kthread+0x10/0x10
[   28.404778]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.404808]  ? calculate_sigpending+0x7b/0xa0
[   28.404839]  ? __pfx_kthread+0x10/0x10
[   28.404866]  ret_from_fork+0x116/0x1d0
[   28.404891]  ? __pfx_kthread+0x10/0x10
[   28.404919]  ret_from_fork_asm+0x1a/0x30
[   28.404957]  </TASK>
[   28.404971] 
[   28.421814] Allocated by task 188:
[   28.422136]  kasan_save_stack+0x45/0x70
[   28.422457]  kasan_save_track+0x18/0x40
[   28.423208]  kasan_save_alloc_info+0x3b/0x50
[   28.423696]  __kasan_krealloc+0x190/0x1f0
[   28.424564]  krealloc_noprof+0xf3/0x340
[   28.425042]  krealloc_less_oob_helper+0x1aa/0x11d0
[   28.425527]  krealloc_less_oob+0x1c/0x30
[   28.426018]  kunit_try_run_case+0x1a5/0x480
[   28.426367]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.426694]  kthread+0x337/0x6f0
[   28.427249]  ret_from_fork+0x116/0x1d0
[   28.427862]  ret_from_fork_asm+0x1a/0x30
[   28.428512] 
[   28.428966] The buggy address belongs to the object at ffff888100385e00
[   28.428966]  which belongs to the cache kmalloc-256 of size 256
[   28.430113] The buggy address is located 7 bytes to the right of
[   28.430113]  allocated 201-byte region [ffff888100385e00, ffff888100385ec9)
[   28.431054] 
[   28.431436] The buggy address belongs to the physical page:
[   28.432023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384
[   28.433177] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.433783] flags: 0x200000000000040(head|node=0|zone=2)
[   28.434469] page_type: f5(slab)
[   28.434842] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.435564] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.436211] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.437279] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.437920] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff
[   28.438621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   28.439189] page dumped because: kasan: bad access detected
[   28.439856] 
[   28.440155] Memory state around the buggy address:
[   28.441004]  ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.441600]  ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.442225] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   28.442870]                                                  ^
[   28.443476]  ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.444208]  ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.445011] ==================================================================
[   28.682047] ==================================================================
[   28.683026] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   28.683925] Write of size 1 at addr ffff888102d660d0 by task kunit_try_catch/192
[   28.685429] 
[   28.685765] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.685901] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.685928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.685954] Call Trace:
[   28.685972]  <TASK>
[   28.685994]  dump_stack_lvl+0x73/0xb0
[   28.686038]  print_report+0xd1/0x650
[   28.686219]  ? __virt_addr_valid+0x1db/0x2d0
[   28.686319]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   28.686452]  ? kasan_addr_to_slab+0x11/0xa0
[   28.686485]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   28.686516]  kasan_report+0x141/0x180
[   28.686566]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   28.686604]  __asan_report_store1_noabort+0x1b/0x30
[   28.686643]  krealloc_less_oob_helper+0xe23/0x11d0
[   28.686697]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.686731]  ? finish_task_switch.isra.0+0x153/0x700
[   28.686760]  ? __switch_to+0x47/0xf50
[   28.686793]  ? __schedule+0x10cc/0x2b60
[   28.686826]  ? __pfx_read_tsc+0x10/0x10
[   28.686859]  krealloc_large_less_oob+0x1c/0x30
[   28.686888]  kunit_try_run_case+0x1a5/0x480
[   28.686920]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.686949]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.686979]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.687009]  ? __kthread_parkme+0x82/0x180
[   28.687035]  ? preempt_count_sub+0x50/0x80
[   28.687075]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.687128]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.687179]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.687212]  kthread+0x337/0x6f0
[   28.687239]  ? trace_preempt_on+0x20/0xc0
[   28.687271]  ? __pfx_kthread+0x10/0x10
[   28.687298]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.687327]  ? calculate_sigpending+0x7b/0xa0
[   28.687358]  ? __pfx_kthread+0x10/0x10
[   28.687385]  ret_from_fork+0x116/0x1d0
[   28.687410]  ? __pfx_kthread+0x10/0x10
[   28.687437]  ret_from_fork_asm+0x1a/0x30
[   28.687475]  </TASK>
[   28.687489] 
[   28.703680] The buggy address belongs to the physical page:
[   28.704438] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64
[   28.705664] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.706211] flags: 0x200000000000040(head|node=0|zone=2)
[   28.706827] page_type: f8(unknown)
[   28.707215] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.707836] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.708670] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.709745] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.710467] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff
[   28.711037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.711777] page dumped because: kasan: bad access detected
[   28.712319] 
[   28.712527] Memory state around the buggy address:
[   28.712955]  ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.714065]  ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.714777] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   28.715467]                                                  ^
[   28.715970]  ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.716665]  ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.717570] ==================================================================
[   28.353711] ==================================================================
[   28.354254] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   28.355578] Write of size 1 at addr ffff888100385ec9 by task kunit_try_catch/188
[   28.356599] 
[   28.356785] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.356894] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.356920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.356946] Call Trace:
[   28.356963]  <TASK>
[   28.356985]  dump_stack_lvl+0x73/0xb0
[   28.357030]  print_report+0xd1/0x650
[   28.357173]  ? __virt_addr_valid+0x1db/0x2d0
[   28.357281]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   28.357351]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.357430]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   28.357510]  kasan_report+0x141/0x180
[   28.357587]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   28.357674]  __asan_report_store1_noabort+0x1b/0x30
[   28.357740]  krealloc_less_oob_helper+0xd70/0x11d0
[   28.357797]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.357845]  ? finish_task_switch.isra.0+0x153/0x700
[   28.357898]  ? __switch_to+0x47/0xf50
[   28.357954]  ? __schedule+0x10cc/0x2b60
[   28.358015]  ? __pfx_read_tsc+0x10/0x10
[   28.358076]  krealloc_less_oob+0x1c/0x30
[   28.358125]  kunit_try_run_case+0x1a5/0x480
[   28.358181]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.358234]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.358286]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.358340]  ? __kthread_parkme+0x82/0x180
[   28.358388]  ? preempt_count_sub+0x50/0x80
[   28.358443]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.358506]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.358581]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.358642]  kthread+0x337/0x6f0
[   28.358688]  ? trace_preempt_on+0x20/0xc0
[   28.358737]  ? __pfx_kthread+0x10/0x10
[   28.358781]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.358833]  ? calculate_sigpending+0x7b/0xa0
[   28.358889]  ? __pfx_kthread+0x10/0x10
[   28.358940]  ret_from_fork+0x116/0x1d0
[   28.358987]  ? __pfx_kthread+0x10/0x10
[   28.359033]  ret_from_fork_asm+0x1a/0x30
[   28.359102]  </TASK>
[   28.359128] 
[   28.376593] Allocated by task 188:
[   28.376998]  kasan_save_stack+0x45/0x70
[   28.377431]  kasan_save_track+0x18/0x40
[   28.377970]  kasan_save_alloc_info+0x3b/0x50
[   28.378249]  __kasan_krealloc+0x190/0x1f0
[   28.378644]  krealloc_noprof+0xf3/0x340
[   28.379061]  krealloc_less_oob_helper+0x1aa/0x11d0
[   28.379727]  krealloc_less_oob+0x1c/0x30
[   28.380623]  kunit_try_run_case+0x1a5/0x480
[   28.381229]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.381619]  kthread+0x337/0x6f0
[   28.382070]  ret_from_fork+0x116/0x1d0
[   28.382356]  ret_from_fork_asm+0x1a/0x30
[   28.382976] 
[   28.383188] The buggy address belongs to the object at ffff888100385e00
[   28.383188]  which belongs to the cache kmalloc-256 of size 256
[   28.384159] The buggy address is located 0 bytes to the right of
[   28.384159]  allocated 201-byte region [ffff888100385e00, ffff888100385ec9)
[   28.385368] 
[   28.385602] The buggy address belongs to the physical page:
[   28.386355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384
[   28.386935] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.387313] flags: 0x200000000000040(head|node=0|zone=2)
[   28.387868] page_type: f5(slab)
[   28.388180] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.388738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.389190] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.389883] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.390771] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff
[   28.391339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   28.392538] page dumped because: kasan: bad access detected
[   28.392853] 
[   28.393050] Memory state around the buggy address:
[   28.393431]  ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.394053]  ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.394438] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   28.395105]                                               ^
[   28.396581]  ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.397156]  ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.397941] ==================================================================
[   28.527876] ==================================================================
[   28.528236] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   28.528718] Write of size 1 at addr ffff888100385eeb by task kunit_try_catch/188
[   28.529329] 
[   28.529684] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.529832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.529884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.529950] Call Trace:
[   28.529991]  <TASK>
[   28.530045]  dump_stack_lvl+0x73/0xb0
[   28.530123]  print_report+0xd1/0x650
[   28.530181]  ? __virt_addr_valid+0x1db/0x2d0
[   28.530255]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   28.530335]  ? kasan_complete_mode_report_info+0x2a/0x200
[   28.530406]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   28.530467]  kasan_report+0x141/0x180
[   28.530515]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   28.530574]  __asan_report_store1_noabort+0x1b/0x30
[   28.530609]  krealloc_less_oob_helper+0xd47/0x11d0
[   28.530666]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.530699]  ? finish_task_switch.isra.0+0x153/0x700
[   28.530729]  ? __switch_to+0x47/0xf50
[   28.530763]  ? __schedule+0x10cc/0x2b60
[   28.530796]  ? __pfx_read_tsc+0x10/0x10
[   28.530828]  krealloc_less_oob+0x1c/0x30
[   28.530856]  kunit_try_run_case+0x1a5/0x480
[   28.530889]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.530919]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.530950]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.530981]  ? __kthread_parkme+0x82/0x180
[   28.531007]  ? preempt_count_sub+0x50/0x80
[   28.531036]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.531067]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.531097]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.531127]  kthread+0x337/0x6f0
[   28.531153]  ? trace_preempt_on+0x20/0xc0
[   28.531183]  ? __pfx_kthread+0x10/0x10
[   28.531209]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.531238]  ? calculate_sigpending+0x7b/0xa0
[   28.531270]  ? __pfx_kthread+0x10/0x10
[   28.531297]  ret_from_fork+0x116/0x1d0
[   28.531322]  ? __pfx_kthread+0x10/0x10
[   28.531349]  ret_from_fork_asm+0x1a/0x30
[   28.531388]  </TASK>
[   28.531401] 
[   28.544061] Allocated by task 188:
[   28.544458]  kasan_save_stack+0x45/0x70
[   28.544947]  kasan_save_track+0x18/0x40
[   28.545355]  kasan_save_alloc_info+0x3b/0x50
[   28.545835]  __kasan_krealloc+0x190/0x1f0
[   28.546237]  krealloc_noprof+0xf3/0x340
[   28.546531]  krealloc_less_oob_helper+0x1aa/0x11d0
[   28.546993]  krealloc_less_oob+0x1c/0x30
[   28.547244]  kunit_try_run_case+0x1a5/0x480
[   28.547499]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.548066]  kthread+0x337/0x6f0
[   28.548517]  ret_from_fork+0x116/0x1d0
[   28.549128]  ret_from_fork_asm+0x1a/0x30
[   28.549582] 
[   28.549811] The buggy address belongs to the object at ffff888100385e00
[   28.549811]  which belongs to the cache kmalloc-256 of size 256
[   28.550656] The buggy address is located 34 bytes to the right of
[   28.550656]  allocated 201-byte region [ffff888100385e00, ffff888100385ec9)
[   28.551583] 
[   28.551853] The buggy address belongs to the physical page:
[   28.552353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100384
[   28.552938] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.553562] flags: 0x200000000000040(head|node=0|zone=2)
[   28.553965] page_type: f5(slab)
[   28.554248] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.554631] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.554993] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   28.555355] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   28.556041] head: 0200000000000001 ffffea000400e101 00000000ffffffff 00000000ffffffff
[   28.556778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   28.557856] page dumped because: kasan: bad access detected
[   28.558351] 
[   28.558560] Memory state around the buggy address:
[   28.559018]  ffff888100385d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.559603]  ffff888100385e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.560063] >ffff888100385e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   28.560406]                                                           ^
[   28.560909]  ffff888100385f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.561601]  ffff888100385f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.562258] ==================================================================
[   28.755391] ==================================================================
[   28.755924] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   28.756841] Write of size 1 at addr ffff888102d660ea by task kunit_try_catch/192
[   28.757982] 
[   28.758353] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) 
[   28.758474] Tainted: [B]=BAD_PAGE, [N]=TEST
[   28.758502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   28.758560] Call Trace:
[   28.758600]  <TASK>
[   28.758690]  dump_stack_lvl+0x73/0xb0
[   28.758775]  print_report+0xd1/0x650
[   28.758832]  ? __virt_addr_valid+0x1db/0x2d0
[   28.758894]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   28.758983]  ? kasan_addr_to_slab+0x11/0xa0
[   28.759178]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   28.759270]  kasan_report+0x141/0x180
[   28.759329]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   28.759402]  __asan_report_store1_noabort+0x1b/0x30
[   28.759470]  krealloc_less_oob_helper+0xe90/0x11d0
[   28.759556]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   28.759606]  ? finish_task_switch.isra.0+0x153/0x700
[   28.759657]  ? __switch_to+0x47/0xf50
[   28.759696]  ? __schedule+0x10cc/0x2b60
[   28.759731]  ? __pfx_read_tsc+0x10/0x10
[   28.759765]  krealloc_large_less_oob+0x1c/0x30
[   28.759795]  kunit_try_run_case+0x1a5/0x480
[   28.759839]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.759869]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   28.759903]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   28.759934]  ? __kthread_parkme+0x82/0x180
[   28.759961]  ? preempt_count_sub+0x50/0x80
[   28.759990]  ? __pfx_kunit_try_run_case+0x10/0x10
[   28.760020]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   28.760053]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   28.760108]  kthread+0x337/0x6f0
[   28.760152]  ? trace_preempt_on+0x20/0xc0
[   28.760193]  ? __pfx_kthread+0x10/0x10
[   28.760221]  ? _raw_spin_unlock_irq+0x47/0x80
[   28.760251]  ? calculate_sigpending+0x7b/0xa0
[   28.760282]  ? __pfx_kthread+0x10/0x10
[   28.760309]  ret_from_fork+0x116/0x1d0
[   28.760335]  ? __pfx_kthread+0x10/0x10
[   28.760361]  ret_from_fork_asm+0x1a/0x30
[   28.760401]  </TASK>
[   28.760414] 
[   28.777608] The buggy address belongs to the physical page:
[   28.778090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d64
[   28.778852] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.780003] flags: 0x200000000000040(head|node=0|zone=2)
[   28.780729] page_type: f8(unknown)
[   28.781247] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.781898] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.782622] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   28.783612] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   28.784413] head: 0200000000000002 ffffea00040b5901 00000000ffffffff 00000000ffffffff
[   28.785401] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   28.786214] page dumped because: kasan: bad access detected
[   28.786641] 
[   28.786789] Memory state around the buggy address:
[   28.787597]  ffff888102d65f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.788453]  ffff888102d66000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.789092] >ffff888102d66080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   28.789682]                                                           ^
[   28.790798]  ffff888102d66100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.791447]  ffff888102d66180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   28.792463] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yx8iABZYbkBMHz2UfLhbVQFSBc

job_id

TEST:linaro@lkft#2yx8nqbxHyU9q5QFLSgoSfpxg7c

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yx8nqbxHyU9q5QFLSgoSfpxg7c

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8kMWyAcZURSq8fq3I4LTYNnI/bzImage
sha256sum	e4af8fb0c4f818dc00f998896a3bb1036c581a265d8c629b665739ffdae0ee02

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yx8kMWyAcZURSq8fq3I4LTYNnI/modules.tar.xz
sha256sum	aa90f144ec87f2f93e8f81cdc22f5e1ccf9be8dc2fab92a71c87abdd535262e3

durations

tests

boot	0
kunit	232.61

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - dragonboard-845c - gcc-13-lkftconfig-kunit

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit